Duck Duck Go as a Privacy Conscious Google Alternative
April 26, 2016
Those frustrated with Google may have an alternative. Going over to the duck side: A week with Duck Duck Go from Search Engine Watch shares a thorough first-hand account of using Duck Duck Go for a week. User privacy protection seems to be the hallmark of the search service and there is even an option to enable Tor in its mobile app. Features are comparable, such as one designed to compete with Google’s Knowledge Graph called Instant Answers. As an open source product, Instant Answers is built up by community contributions. As far as seamless, intuitive search, the post concludes,
“The question is, am I indignant enough about Google’s knowledge of my browsing habits (and everyone else’s that feed its all-knowing algorithms) to trade the convenience of instantly finding what I’m after for that extra measure of privacy online? My assessment of DuckDuckGo after spending a week in the pond is that it’s a search engine for the long term. To get the most out of using it, you have to make a conscious change in your online habits, rather than just expecting to switch one search engine for another and get the same results.”
Will a majority of users replace “Googling” with “Ducking” anytime soon? Time will tell, and it will be an interesting saga to see unfold. I suppose we could track the evolution on Knowledge Graph and Instant Answers to see the competing narratives unfold.
Megan Feil, April 26, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Research MapsThreat Actors of the Dark Web
April 25, 2016
Known as the Dark Web, a vast amount of sites exist requiring specialized software, Tor is most commonly used, to access them. Now, the first map of the Dark Web has launched, according to Peeling Back the Onion Part 1: Mapping the #DarkWeb from Zero Day Lab. A partner of Zero Day Lab, Intelliagg is a threat intelligence service, which launched this map. While analyzing over 30,000 top-level sites, their research found English as the most common language and file sharing and leaked data were the most common hidden marketplaces, followed by financial fraud. Hacking comprised only three percent of sites studied. The write-up describes the importance of this map,
“Until recently it had been difficult to understand the relationships between hidden services and more importantly the classification of these sites. As a security researcher, understanding hidden services such as private chat forums and closed sites, and how these are used to plan and discuss potential campaigns such as DDoS, ransom attacks, kidnapping, hacking, and trading of vulnerabilities and leaked data; is key to protecting our clients through proactive threat intelligence. Mapping these sites back to Threat Actors (groups), is even more crucial as this helps us build a database on the Capability, Infrastructure, and Motivations of the adversary.”
Quite an interesting study, both in topic and methods which consisted of a combination of human and machine learning information gathering. Additionally, this research produced an interactive map. Next, how about a map that shows the threat actors and their sites?
Megan Feil, April 25, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Lessons to Learn from Instagram Translation Systems
April 20, 2016
Social media services attempt to eliminate the publishing of pornographic content on their sites through a combination of user reporting and algorithms. However, Daily Star reports Shock as one million explicit porn films found on Instagram. This content existed on Instagram despite their non-nudity policy. However, according to the article, much of the pornographic videos and photos were removed after news broke. Summarizing how the content was initially published, the article states,
“The videos were unearthed by tech blogger Jed Ismael, who says he’s discovered over one million porn films on the site. Speaking on his blog, Ismael said: “Instagram has banned certain English explicit hashtags from being showed in search. “Yet users seem to find a way around the policy, by using non English terms or hashtags. “I came across this discovery by searching for the hashtag “?????” which means movies in Arabic.” Daily Star Online has performed our own search and easily found hardcore footage without the need for age verification checks.”
While Tor has typically been seen as the home for such services, it appears some users have found a workaround. Who needs the Dark Web? As for those online translation systems, perhaps some services should consider their utility.
Megan Feil, April 20, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
First Surface Web Map of the Dark Web
April 15, 2016
Interested in a glimpse of the Dark Web without downloading Tor and navigating it yourself? E-Forensics Magazine published Peeling back the onion part 1: Mapping the Dark Web by Stuart Peck, which shares an overview of services and content in this anonymity-oriented internet. A new map covering the contents of the Dark Web, the first one to do so, was launched recently by a ZeroDayLab key partner, and threat intelligence service Intelliagg. The write-up explains,
“But this brings me to my previous point why is this map so important? Until recently, it had been difficult to understand the relationships between hidden services, and more importantly the classification of these sites. As a security researcher, understanding hidden services, such as private chat forums and closed sites, and how these are used to plan and discuss potential campaigns, such as DDoS, Ransom Attacks, Kidnapping, Hacking, and Trading of Vulnerabilities and leaked data, is key to protecting our clients through proactive threat intelligence.”
Understanding the layout of an online ecosystem is an important first step for researchers or related business ventures. But what about a visualization showing these web services are connected to functions, such as financial and other services, with brick-and-mortar establishments? It is also important to that while this may be the first Surface Web map of the Dark Web, many navigational “maps” on .onion sites that have existed as long as users began browsing on Tor.
Megan Feil, April 15, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The Force of the Dark Web May Not Need Sides
April 14, 2016
The name “Dark Web” has sensational language written all over it. Such a label calls for myth-busting articles to be published, such as the recent one from Infosecurity Magazine, The Dark Web — Is It All Bad?. This piece highlights the opinions of James Chappell, CTO and Co-founder of Digital Shadows, who argues the way the Dark Web is portrayed in the media pigeonholes sites accessible by Tor as for criminal purposes. Chappell is quoted,
“Looking at some of the press coverage you could be forgiven for thinking that the Dark Web is solely about criminality,” he told Infosecurity. “In reality, this is not the case and there are many legitimate uses alongside the criminal content that can be found on these services. Significantly – criminality is an internet-wide problem, rather than exclusively a problem limited to just the technologies that are labelled with the Dark Web.”
The author’s allusion to Star Wars’ divided force, between supposed “good” and “bad” seems an appropriate analogy to the two sides of the internet. However, with a slightly more nuanced perspective, could it not be argued that Jedi practices, like those of the Sith, are also questionable? Binaries may be our preferred cultural tropes, as well as the building blocks of computer software programming, but let’s not forget the elements of variability: humans and time.
Megan Feil, April 14, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Potential Corporate Monitoring Concerns Tor Users
April 7, 2016
The Dark Web has been seen as a haven by anyone interested in untraceable internet activity. However, a recent article from Beta News, Tor Project says Google, CloudFlare and others are involved in dark web surveillance and disruption, brings to light the potential issue of Tor traffic being monitored. A CDN and DDoS protection service called CloudFlare has introduced CAPTCHAs and cookies to Tor for monitoring purpose and accusations about Google and Yahoo have also been made. The author writes,
“There are no denials that the Tor network — thanks largely to the anonymity it offers — is used as a platform for launching attacks, hence the need for tools such as CloudFlare. As well as the privacy concerns associated with CloudFlare’s traffic interception, Tor fans and administrators are also disappointed that this fact is being used as a reason for introducing measures that affect all users. Ideas are currently being bounced around about how best to deal with what is happening, and one of the simpler suggestions that has been put forward is adding a warning that reads “Warning this site is under surveillance by CloudFlare” to sites that could compromise privacy.”
Will a simple communications solution appease Tor users? Likely not, as such a move would essentially market Tor as providing the opposite service of what users expect. This will be a fascinating story to see unfold as it could be the beginning of the end of the Dark Web as it is known, or perhaps the concerns over loss of anonymity will fuel further innovation.
Megan Feil, April 7, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Venture Dollars Point to Growing Demand for Cyber Security
April 4, 2016
A UK cyber security startup has caught our attention — along with that of venture capitalists. The article Digital Shadows Gets $14M To Keep Growing Its Digital Risk Scanning Service from Tech Crunch reports Digital Shadows received $14 million in Series B funding. This Software as a service (SaaS) is geared toward enterprises with more than 1,000 employees with a concern for monitoring risk and vulnerabilities by monitoring online activity related to the enterprise. The article describes Digital Shadows’ SearchLight which was initially launched in May 2014,
“Digital Shadows’ flagship product, SearchLight, is a continuous real-time scan of more than 100 million data sources online and on the deep and dark web — cross-referencing customer specific data with the monitored sources to flag up instances where data might have inadvertently been posted online, for instance, or where a data breach or other unwanted disclosure might be occurring. The service also monitors any threat-related chatter about the company, such as potential hackers discussing specific attack vectors. It calls the service it offers “cyber situational awareness”.”
Think oversight in regards to employees breaching sensitive data on the Dark Web, for example, a bank employee selling client data through Tor. How will this startup fare? Time will tell, but we will be watching them, along with other vendors offering similar services.
Megan Feil, April 4, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Secure Email on the Dark Web
April 1, 2016
Venturing safely onto the Dark Web can require some planning. To that end, FreedomHacker shares a “List of Secure Dark Web Email Providers in 2016.” The danger with Tor-accessible email providers, explains reporter Brandon Stosh, lies in shady third parties. He writes:
“It’s not that finding secure communications on Tor is a struggle, but it’s hard to find private lines not run by a rogue entity. Below we have organized a list of secure dark web email providers. Please remember that no email provider should ever be deemed secure, meaning always use encryption and keep your opsec to its highest level….
“Below we have listed emails that are not only secure but utilize no type of third-party services, including any type of hidden Google scripts, fonts or trackers. In the list below we have gone ahead and pasted the full .onion domain for verification and added a link to any services who also offer a clearweb portal. However, all communications sent through clearweb domains should be presumed insecure unless properly encrypted, then still it’s questionable.”
The list of providers includes 10 entries, and Stosh supplies a description of each of the top five: Sigaint, Rugged Inbox, Torbox, Bitmessage, and Mail2Tor; see the article for these details, and to view the other five contenders. Stosh wraps up by emphasizing how important email security is, considering all the sensitive stuff most of us have in our inboxes. Good point.
Cynthia Murrell, April 1, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Predictive Analytics on a Budget
March 30, 2016
Here is a helpful list from Street Fight that could help small and mid-sized businesses find a data analysis platform that is right for them—“5 Self-Service Predictive Analytics Platforms.” Writer Stephanie Miles notes that, with nearly a quarter of small and mid-sized organizations reporting plans to adopt predictive analytics, vendors are rolling out platforms for companies with smaller pockets than those of multinational corporations. She writes:
“A 2015 survey by Dresner Advisory Services found that predictive analytics is still in the early stages of deployment, with just 27% of organizations currently using these techniques. In a separate survey by IDG Enterprise, 24% of small and mid-size organizations said they planned to invest in predictive analytics to gain more value from their data in the next 12 months. In an effort to encourage this growth and expand their base of users, vendors with business intelligence software are introducing more self-service platforms. Many of these platforms include predictive analytics capabilities that business owners can utilize to make smarter marketing and operations decisions. Here are five of the options available right now.”
Here are the five platforms listed in the write-up: Versium’s Datafinder; IBM’s Watson Analytics; Predixion, which can run within Excel; Canopy Labs; and Spotfire from TIBCO. See the article for Miles’ description of each of these options.
Cynthia Murrell, March 30, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Surfing Safely on the Dark Web
March 29, 2016
The folks at Alphr want us to be safe if we venture onto the Dark Web, so they offer guidance in their article, “Is the Dark Web Safe?” The short answer, of course, is “parts of it.” Writer Thomas McMullan notes that, while the very act of accessing hidden sites through Tor is completely legal, it is easy to wander into illegal territory. He writes:
“‘Safe’ is a bit of a vague term. There is much of worth to be found on the dark web, but by its nature it is not as safe as the surface-level internet. You can only access pages by having a direct link (normally with a .onion suffix) and while that makes it harder to accidentally stumble across illegal content, you’re only a click away from some pretty horrible stuff. What’s more, the government is cracking down on illegal material on the dark web. In November 2015, it was announced that GCHQ and the National Crime Agency (NCA) would be joining forces to tackle serious crimes and child pornography on the dark web. Director of GCHQ Robert Hannigan said that the new Joint Operations Cell (JOC) will be ‘committed to ensuring no part of the internet, including the dark web, can be used with impunity by criminals to conduct their illegal acts’.”
The article goes on to note that plugins which can present a false IP address, like Ghostery, exist. However, McMullan advises that it is best to stay away from anything that seems questionable. You have been warned.
Cynthia Murrell, March 29, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
