Law Enforcement Utilizes New and Traditional Methods for Dark Web Matters
September 15, 2016
While the Dark Web may be thought of as a home to drug dealers, several individuals have been apprehended by law enforcement. Edinburgh News published a report: FBI Helps Catch Edinburgh Man Selling Drugs on ‘Dark Web’. David Trail was convicted for creating a similar website to eBay, but on the Dark Web, called Topix2. Stolen credit card information from his former employer, Scotweb were found in the search of his home. The article states,
Detective Inspector Brian Stuart, of the Cybercrime Unit, said: ‘Following information from colleagues in FBI, Germany’s West Hessen Police and the UK’s National Crime Agency, Police Scotland identified David Trail and his operation and ownership of a hidden website designed to enable its users to buy and sell illegal drugs anonymously and beyond the reach of law enforcement. His targeting of a previous employer, overcoming their security, almost had a devastating effect on the company’s ability to remain in business.
As this piece notes, law enforcement used a combination of new and traditional policing techniques to apprehend Trail. Another common practice we have been seeing is the cooperation of intelligence authorities across borders — and across levels of law enforcement. In the Internet age this is a necessity, and even more so when the nature of the Dark Web is taken into account.
Megan Feil, September 15, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/
Mobile Data May Help Fight Disease
September 14, 2016
Data from smartphones and other mobile devices may give us a new tool in the fight against communicable diseases. Pen State News reports, “Walking and Talking Behaviors May Help Predict Epidemics and Trends.” A recent study, completed by an impressive roster of academics at several institutions, reveals a strong connection between our movements and our communications. So strong, in fact, that a dataset on one can pretty accurately predict the other. The article cites one participant, researcher Dashun Wang of Penn State:
[Wang] added that because movement and communication are connected, researchers may only need one type of data to make predictions about the other phenomenon. For instance, communication data could reveal information about how people move. …
The equation could better forecast, among other things, how a virus might spread, according to the researchers, who report their findings today (June 6) in the Proceedings of the National Academy of Sciences. In the study, they tested the equation on a simulated epidemic and found that either location or communication datasets could be used to reliably predict the movement of the disease.
Perhaps not as dramatic but still useful, the same process could be used to predict the spread of trends and ideas. The research was performed on three databases full of messages from users in Portugal and another (mysteriously unidentified) country and on four years of Rwandan mobile-phone data. These data sets document who contacted whom, when, and where.
Containing epidemics is a vital cause, and the potential to boost its success is worth celebrating. However, let us take note of who is funding this study: The U.S. Army Research Laboratory, the Office of Naval Research, the Defense Threat Reduction Agency and the James S. McDonnell Foundation’s program, Studying Complex Systems. Note the first three organizations in the list; it will be interesting to learn what other capabilities derive from this research (once they are unclassified, of course).
Cynthia Murrell, September 14, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/
Toshiba Amps up Vector Indexing and Overall Data Matching Technology
September 13, 2016
The article on MyNewsDesk titled Toshiba’s Ultra-Fast Data Matching Technology is 50 Times Faster than its Predecessors relates the bold claims swirling around Toshiba and their Vector Indexing Technology. By skipping the step involving computation of the distance between vectors, Toshiba has slashed the time it takes to identify vectors (they claim). The article states,
Toshiba initially intends to apply the technology in three areas: pattern mining, media recognition and big data analysis. For example, pattern mining would allow a particular person to be identified almost instantly among a large set of images taken by surveillance cameras, while media recognition could be used to protect soft targets, such as airports and railway stations*4by automatically identifying persons wanted by the authorities.
In sum, Toshiba technology is able to quickly and accurately recognize faces in the crowd. But the specifics are much more interesting. Current technology takes around 20 seconds to identify an individual out of 10 million, and Toshiba can do it in under a second. The precision rates that Toshiba reports are also outstanding at 98%. The world of Minority Report, where ads recognize and direct themselves to random individuals seems to be increasingly within reach. Perhaps more importantly, this technology should be of dire importance to the criminal and perceived criminal populations of the world
Chelsea Kerwin, September 13, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monographThere is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/
How Collaboration and Experimentation Are Key to Advancing Machine Learning Technology
September 12, 2016
The article on CIO titled Machine Learning “Still a Cottage Industry” conveys the sentiments of a man at the heart of the industry in Australia, Professor Bob Williamson. Williamson is the Commonwealth Scientific and Industrial Research Organisation’s (CSIRO’s) Data 61 group chief scientist. His work in machine learning and data analytics led him to the conclusion that for machine learning to truly move forward, scientists must find a way to collaborate. He is quoted in the article,
There’s these walled gardens: ‘I’ve gone and coded my models in a particular way, you’ve got your models coded in a different way, we can’t share’. This is a real challenge for the community. No one’s cracked this yet.” A number of start-ups have entered the “machine-learning-as-a-service” market, such as BigML, Wise.io and Precog, and the big names including IBM, Microsoft and Amazon haven’t been far behind. Though these MLaaSs herald some impressive results, Williamson warned businesses to be cautious.
Williamson speaks to the possibility of stagnation in machine learning due to the emphasis on data mining as opposed to experimenting. He hopes businesses will do more with their data than simply look for patterns. It is a refreshing take on the industry from an outsider/insider, a scientist more interested in the science of it all than the massive stacks of cash at stake.
Chelsea Kerwin, September 12, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/
Salesforce Blackout
July 27, 2016
Salesforce.com is a cloud computing company with the majority of its profits coming from customer relationship management and acquiring commercial social networking apps. According to PC World, Salesforce recently had a blackout and the details were told in: “Salesforce Outage Continues In Some Parts Of The US.” In early May, Salesforce was down for over twelve hours due to a file integrity issue in the NA14 database.
The outage occurred in the morning with limited services restored later in the evening. Salesforce divides its customers into instances. The NA14 instance is located in North America as many of the customers who complained via Twitter are located in the US.
The exact details were:
“The database failure happened after “a successful site switch” of the NA14 instance “to resolve a service disruption that occurred between 00:47 to 02:39 UTC on May 10, 2016 due to a failure in the power distribution in the primary data center,” the company said. Later on Tuesday, Salesforce continued to report that users were still unable to access the service. It said it did not believe “at this point” that it would be able to repair the file integrity issue. Instead, it had shifted its focus to recovering from a prior backup, which had not been affected by the file integrity issues.”
It is to be expected that power outages like this would happen and they will reoccur in the future. Technology is only as reliable as the best circuit breaker and electricity flows. This is why it is recommended to back up your files in more than one place.
Whitney Grace, July 27, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Interview with an Ethical Hacker
July 20, 2016
We’ve checked out a write-up on one of the white-hats working for IBM at Business Insider— “Here’s What It’s Really Like to Be a Hacker at One of the World’s Biggest Tech Companies.” We wonder, does this wizard use Watson? The article profiles Charles Henderson. After summarizing the “ethical hacker’s” background, the article describes some of his process:
“The first thing I do every morning is catch up on what happened when I was sleeping. The cool thing is, since I run a global team, when I’m sleeping there are teams conducting research and working engagements with customers. So in the morning I start by asking, ‘Did we find any critical flaws?’ ‘Do I need to tell a client we found a vulnerability and begin working to fix it?’ From there, I am working with my team to plan penetration tests and make sure we have the resources we need to address the issues we have found. There isn’t an hour that goes by that I don’t find a cool, new way of doing something, which means my days are both unpredictable and exciting.
“I also do a lot of research myself. I like to look at consumer electronic devices, anything from planes to trains to automobiles to mobile devices. I try to find ways to break into or break apart these devices, to find new flaws and vulnerabilities.”
Henderson also mentions meeting with clients around the world to consult on security issues, and lists some projects his team has tackled. For example, a “physical penetration test” which involved stealing a corporate vehicle, and sending “tiger teams” to burgle client buildings. His favorite moments, though, are those when he is able to fix a vulnerability before it is exploited. Henderson closes with this bit of advice for aspiring hackers: “Always be curious. Never take anything at face value.”
Cynthia Murrell, July 20, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark
Web meet up on July 26, 2016.
Information is at this link: http://bit.ly/29tVKpx.
Technology Does Not Level the Playing Field
July 12, 2016
Among the many articles about how too much automation of the labor force will devastate humanity, I found another piece that describes how technology as tools are a false equalizer. The Atlantic published the piece titled: “Technology, The Faux Equalizer.” What we tend to forget is that technology consists of tools made by humans. These tools have consistently become more complicated as society has advanced. The article acknowledges this by having us remember one hundred years ago, when electricity was a luxurious novelty. Only the wealthy and those with grid access used electricity, but now it is as common as daylight.
This example points to how brand new technology is only available to a limited percentage of people. Technological process and social progress are not mutually inclusive. Another example provided, notes that Gutenberg’s printing press did not revolutionize printing for society, but rather the discovery of cheaper materials to make books. Until technology is available for everyone it is not beneficial:
“Just compare the steady flow of venture capital into Silicon Valley with the dearth of funding for other technological projects, like critical infrastructure improvements to water safety, public transit, disintegrating bridges, and so on. ‘With this dynamic in mind, I would suggest that there is greater truth to the opposite of Pichai’s statement,’ said Andrew Russell, a professor at Stevens Institute of Technology. ‘Every jump in technology draws attention and capital away from existing technologies used by the 99 percent, which therefore undermines equality, and reduces the ability for people to get onto the ‘playing field’ in the first place.’”
In science-fiction films depicting the future, we imagine that technology lessens the gap between everyone around the world, but we need to be reminded that the future is now. Only a few people have access to the future, compare the average lifestyle of Europeans and Americans versus many African and Middle East nations. History tells us that this is the trend we will always follow.
Oh, oh. We thought technology would fix any problem. Perhaps technology exacerbates old sores and creates new wounds? Just an idle question.
Whitney Grace, July 12, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Rare Sighting in Silicon Valley: A Unicorn
July 8, 2016
Unicorns are mythical creatures with a whole slew of folklore surrounding them, but in modern language the horned beast has been used as a metaphor for a rare occurrence. North Korea once said that Kim Jong Un spotted a unicorn from their despotic controlled media service, but Fortune tells us that a unicorn was spotted in California’s Silicon Valley: “The SEC Wants Unicorns To Stop Bragging About Their Valuations”.
Unicorns in the tech world are Silicon Valley companies valued at more than one billion. In some folklore, unicorns are vain creatures and love to be admired, the same can be said about Silicon Valley companies and startups as they brag about their honesty with their investors. Mary Jo White of the SEC said she wanted them to stop blowing the hot air.
“ ‘The concern is whether the prestige associated with reaching a sky-high valuation fast drives companies to try to appear more valuable than they actually are,’ she said.”
Unlike publicly traded companies, the SEC cannot regulate private unicorns, but they still value protecting investors and facilitating capital formation. Silicon Valley unicorns have secondary markets forming around their pre-IPO status. The status they retain before they are traded on the public market. The secondary market uses derivative contracts, which can contribute to misconceptions about their value. White wants the unicorns to realize they need to protect their investors once they go public with better structures and controls for their daily operations.
Another fact from unicorn folklore is that unicorns are recognized as symbols of truth. So while the braggart metaphor is accurate, the truthful aspect is not.
Whitney Grace, July 8 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Publicly Available Information Is Considered Leaked When on Dark Web
July 7, 2016
What happens when publicly available informed is leaked to the Dark Web? This happened recently with staff contact information from the University of Liverpool according to an article, Five secrets about the Dark Web you didn’t know from CloudPro. This piece speaks to perception that the Dark Web is a risky place for even already publicly available information. The author reports on how the information was compromised,
“A spokeswoman said: “We detected an automated cyber-attack on one of our departmental online booking systems, which resulted in publically available data – surname, email, and business telephone numbers – being released on the internet. We take the security of all university-related data very seriously and routinely test our systems to ensure that all data is protected effectively. We supported the Regional Organised Crime Unit (TITAN) in their investigations into this issue and reported the case to the Information Commissioner’s Office.”
Data security only continues to grow in importance and as a concern for large enterprises and organizations. This incident is an interesting case to be reported, and it was the only story we had not seen published again and again, as it illustrates the public perception of the Dark Web being a playing ground for illicit activity. It brings up the question about what online landscapes are considered public versus private.
Megan Feil, July 7, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
More Variables Than Technology for Enterprise Security to Consider
June 29, 2016
For all the effort enterprises go to in securing data through technological solutions, there are also other variables to consider: employees. Business Insider released an article, 1 in 5 employees are willing to hand over their work passwords for money, that shares survey research from SailPoint. 20 percent of 1,000 respondents, from organizations with over 1,000 employees, would be willing to sell their work passwords. US employees win the “most likely” award with 27 percent followed by Netherlands with 20 percent, and then UK and France at 16 percent. The article tells us,
“Some employees were willing to sell their passwords for as little as $55 (£38) but most people wanted considerably more, with $82,000 (£56,000) being the global average amount required,according to figures cited by Quartz that weren’t in the report. Unauthorised access to a company’s internal systems could provide a treasure trove of valuable data for criminals. They may be targeting individual user accounts, or they could be after intellectual property, or corporate strategy data.”
Undoubtedly, search and/or cybertheft is easier with a password. While the survey reports findings that may be alarming to organizations, we are left with the question, ‘why’. It may be easy to say morality is the dividing line, but I think this article wrestling with the morality question is on the right track pointing to considering sociological implications, for example, employee engagement and satisfaction cannot be discounted as factors in a decision to sell a password.
Megan Feil, June 29, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
