Hacking Federal Agencies Now a Childs Play
October 12, 2016
A potentially dangerous malware called GovRat that is effective in cyber-espionage is available on Dark Web for as low as $1,000.
IBTimes recently published an article Malware used to target US Government and military being sold on Dark Web in which the author states –
The evolved version of GovRat, which builds on a piece of malware first exposed in November last year, can be used by hackers to infiltrate a victim’s computer, remotely steal files, upload malware or compromised usernames and passwords.
The second version of this malware has already caused significant damage. Along with it, the seller is also willing to give away credentials to access US government servers and military groups.
Though the exact identity of the creator of GovRat 2.0 is unknown, the article states:
Several of these individuals are known as professional hackers for hire,” Komarovexplained. He cited one name as ROR [RG] – a notorious hacker who previously targeted Ashley Madison, AdultFriendFinder and the Turkish General Directorate of Security (EGM).
Data of large numbers of federal employees are already compromised and details like email, home address, login IDs and hashed passwords are available for anyone who can pay the price.
InfoArmor a cybersecurity and identity protection firm while scanning the Dark Web forums unearthed this information and has already passed on the details to relevant affected parties. The extent of the damage is unknown, the stolen information can be used to cause further damage.
Vishal Ingole, October 12, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
New EU Legislation on Terrorist Content
October 12, 2016
Balancing counterterrorism with digital rights continues to be a point of discussion. An article, EU parliament pushes ahead with plans to block, remove terrorist content online from Ars Technica reiterates the . Now, national authorities are required to ensure action are taken to remove illegal content hosted from within their territory that “constitutes public incitement to commit a terrorist offence”. If this is not feasible, they may take the necessary measures to block access to such content. Parliament’s chief negotiator, German MEP Monika Hohlmeier’s perspective is shared,
Hohlmeier said that the proposal strikes the right balance between security on the one hand and data protection and freedom of expression on the other. “It’s not so much a question of whether terrorists are using particular ways to hide on the Internet, or encryption, but they very often have perfect propaganda machinery. Our approach is to try to close websites, and if this is not possible to block these Internet websites,” she said. She added that enhanced cooperation was needed between police and justice authorities as well as private actors.
European digital rights organisation EDRi asserts that speed of action is taking undue priority over “legislation fit for the purpose.” Perhaps there is an opportunity for cyber security technology developed by justice authorities and the private sector to hit the mark on balancing the fine line between censorship and counterterrorism.
Megan Feil, October 12, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Funnelback: October Advertising
October 11, 2016
Interesting note. Funnelback, owned by Squiz, is displaying in line, personalized advertising. Today is October 10, 2016. Funnelback’s ad is:
Timely. I think about Valentine’s Day in October. Money well spent?
Stephen E Arnold, October 11, 2016
Dark Web for Sci-Tech Content without the Big Fees
October 11, 2016
Publishers are not happy. Sci-Hub, a Dark Web portal provides free access to 58 million academic papers and articles that usually are sold through costly subscriptions and pay walls in the real world.
In an article that appeared on ExpressVPN titled 9 Must-See .onion Sites from the Depths of the Dark Web, the author says that –
This (Sci-Hub) gives underfunded scientific institutions, as well as individuals, unprecedented access to the world’s collective knowledge, something certain to boost humankind’s search for an end to diseases, droughts, and hunger.
Sci-Hub is brainchild of Alexandra Elbakyan a Kazak girl who wanted free access to academic literature without having to worry about money.
According to Science Magazine, everybody from students, scholars, researchers to underfunded universities are accessing the pirated academic literature.
How will publishers respond? We assume there will be meetings, legal actions, more meetings, hand waving, and attempts to convince Ms. Elbakyan to do her online system the old fashioned way: Charge universities as much as humanly possible. If these procedures fail, Ms. Elbakyan may want to be accompanied by former Kazak Olympic wrestlers and at least one legal eagle as she wends her way through life.
Vishal Ingole, October 11, 2016
IBM Watson Is Just More of Everything Except Revenue
October 11, 2016
I read “IBM Watson’s CMO Predicts the Future of Data and AI.” I thought that the article would report what IBM Watson had to say about this question: “What is the future of data and AI, Watson?” Wrong. The article presents IBM’s current thinking about what its humanoids desperately want IBM Watson to become.
There was one startling omission in the article, but I will save that until the final paragraph of this mini report.
I noted several points of interest to me in the write up which is essentially an IBM wizard answering some slightly worn questions about the sprawling brand known as Watson. (Keep in mind that I know Watson as Lucene, home brew code, and acquired technologies.)
Point One: Watson understands human language. So Watson is like the film “2001” and HAL? No, here’s what the write up says Watson is:
It’s not speech recognition like Siri, not speech synthesis like Alexa, but actually understanding human languages…
Point Two: Why use IBM Watson and not some other smart system? Answer:
We’ve invested $6 billion in our idea, a third of that is dedicated to cognitive.
Point Three: IBM made a big deal about Twitter in 2014. IBM’s position:
Twitter specifically, is interesting.
You get the idea. Superficial generalizations about how capable IBM Watson is.
What’s the big omission? Revenue. Not a peep about how IBM Watson is going to generate sustainable revenue this quarter. What’s frightening to me is that the humanoid answers about Watson are sketchy. Since Watson did not answer the questions or address the topics in the title of the source article, I conclude that IBM Watson’s answers are even more sketchy.
I love that multi billion investment, however. Now about the financial payoff. Watson, any answers?
Stephen E Arnold, October 11, 2016
Need a Low Cost College Degree? Dark Web U Is for You
October 11, 2016
The lawless domain just got murkier. Apart from illegal firearms, passports, drugs and hitmen, you now can procure a verifiable college degree or diploma on Dark Web.
The Next Web in an article Dark Web crooks are selling fake degrees and certifications for the price of a smartphone REPORTS:
Cyber criminals have created a digital marketplace where unscrupulous students can
purchase or gain information necessary to provide them with unfair and illegal
academic credentials and advantages.
The certificates for these academic credentials are near perfect. But what makes this cybercrime more dangerous is the fact that hackers also manipulate the institution records to make the fake credential genuine.
The article ADDS:
A flourishing market for hackers who would target universities in order to change
grades and remove academic admonishments
This means that under and completely non-performing students undertaking an educational course need not worry about low grades or absenteeism. Just pay the hackers and you have a perfectly legal degree that you can show the world. And the cost of all these? Just $500-$1000.
What makes this particular aspect of Dark Web horrifying interesting is the fact that anyone who procures such illegitimate degree can enter mainstream job market with perfect ease and no student debt.
Vishal Ingole, October 11, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
New Terrorism and Technology Reports Released
October 11, 2016
Attempting to understand the level of threat a terrorist organization poses continues to be difficult. DefenseSystems.com published Report: Electronic jihad grows in sophistication, which shares the cyber-jihad survey from the Institute for Critical Infrastructure Technology. The authors of this survey present social media and other cyberspace tools to be “the great equalizer” in warfare. In addition to social media, there are a few hacker groups which have launched attacks on western websites and Arab media: the Cyber Caliphate, the dedicated hacker division of the Islamic State, and the Terrorist Team for Electronic Jihad. The write-up explains,
The cyber jihad survey notes that ISIS has mostly dedicated its expanding offensive cyber capabilities to specific social media accounts, including the Twitter and YouTube accounts of U.S. Central Command. Offensive capabilities are thought to include the use of malware, insider threats and “preconfigured tools.” Malware efforts have included spear-phishing emails containing malware designed to sweep up the IP addresses and geolocation data about anti-ISIS groups in the ISIS stronghold of Raqqa, Syria. As ISIS and other cyber-jihadists become more sophisticated and aggressive, experts worry that they will eventually attempt more audacious attacks.
However, a report from the federal government suggests ISIS’ Twitter traffic dropped 45 percent in the past two years. While terrorist group’s technology may be expanding in the arena of offensive strikes, officials believe the decline in Twitter popularity suggests recruitment may be slowing. We think there needs to more analysis of recruitment via Dark Web.
Megan Feil, October 11, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
HonkinNews for October 11, 2016 Now Available
October 10, 2016
The most recent HonkinNews video is now available at this link. Stories include Yahoo’s most recent adventure: A purple light Y-Mart discount of $1 billion dollars on the Verizon purchase offer. Learn how Google Translate handles a Chinese poem about ospreys, not government administration. Included in the seven minute program is information about IBM Watson in the third grade and Bing’s secret to revenue success. These stories and more like the diffusion of the idea of “good enough” search. Direct from Harrod’s Creek in rural Kentucky… HonkinNews for the week ending October 11, 2016.
Stephen E Arnold, October 10, 2016
Creativity: Implications for Search
October 10, 2016
“Computer Scientists Discover 14 key Components of Creativity” tries to reveal what differentiates the creative person from the average individual. Let’s look at the attributes of creativity:
- Active involvement and persistence. Yes, this is two attributes packaged as one
- Dealing with uncertainty
- Domain competence
- General intellectual ability
- Generation of results
- Independence and freedom. Another two’fer.
- Intention and emotional involvement. The bundling approach seems semi-creative. Maybe a cop out?
- Originality
- Progression and development. Again!
- Social interaction and communication. Obviously a pattern of creating one “new” idea by sticking two things together.
- Spontaneity/subconscious processing. Again two to make one.
- Thinking and evaluation. Isn’t evaluating a component of thinking?
- Value.
- Variety, Divergence as well as Experimentation. Now three attributes combine to produce one attribute. Does this overlap with other components.
Reflecting on this list, my hunch is that a bit more creativity in making the attributes clear might be needed. The list is interesting, but it lack—how shall I phrase it—creativity.
How does this apply to search?
For old school Boolean systems like ip.com, one has to know what one is looking for before the search system is of much help. Thus, the system can only respond to inputs from a human. The more creative the human, the less likely the cut and paste snippets function will be. Other systems with this less than creative approach include other Boolean systems and Lucene.
For modern predictive systems, the creativity shifts from the human to the software. The idea is that the software will look at the user’s history, similar users’ behaviors, GPS coordinates, and other observable information and produce outputs like Alexa or Google mobile search. The human does not have to think. The creativity seems somewhat limited because when one is looking for pizza via a mobile phone, some of the attributes seem less than creative.
Search systems which try to respond to the thoughts and notions of the human user and software delivering results based on rules are elusive.
Creativity may be difficult to generate and deal with. Perhaps that is why the list of 14 attributes includes multiple word descriptions which try to get at a single notion.
Cleverness is not on the list. Why not? I find clever approaches to search more interesting than creative searches. Clever?
Stephen E Arnold, October 10, 2016
More about Good Enough Search
October 10, 2016
I have concluded that finding information is entering a mini Dark Ages. The evidence I have gathered suggests that young folks will speak to their mobile devices to get pizza and information for their PhD research projects. I have a folder of examples of applications of smart software which produces remarkable marketing assertions and black box outputs.
I have added to my collection the write up “Postgress Full Text Search Is Good Enough.” I learned that “good enough” search has these features:
- Stemming
- Ranking / Boost Support
- Multiple languages
- Fuzzy search for misspelling
- Accent support
I assume, which is risky, that keywords are part of the basic feature set. But in a world of “good enough”, who knows?
The write up provides code snippets for and details regarding the implementation of Postgress’ search function. The explanation of Postgress’ internal methods may require that you keep some Postgress manuals handy and have a browser pointed at Bing or Google to chase down some of the jargon; for instance:
A
tsvectorvalue is a sorted list of distinct lexemes which are words that have been normalized to make different variants of the same word look alike. For example, normalization almost always includes folding upper-case letters to lower-case and often involves removal of suffixes (such as ‘s’, ‘es’ or ‘ing’ in English). This allows searches to find variant forms of the same word without tediously entering all the possible variants.
The section on optimization and indexation provides some useful guidelines. Trouble may result from mismatching one’s data with the types of indices Postgress offers.
If you are using Postgress and interested in “good enough” search, you will find the write up helpful. If you are an entrepreneur and want to tap into an underserved market for a graphical administrative interface for Postgress “good enough” search, you will find that the write provides a checklist for you to follow.
For me in rural Kentucky, I marvel at the happy acceptance of “good enough” search. Once “good enough” takes hold, where does one find the impetus to deliver outstanding search? Do I look to dtSearch? IBM OmniFind (aka, Watson). A whizzy cloud service like Amazon’s?
I suppose I can ask Siri or Cortana. Good enough search and good enough answers. Except when the answers are off point or just incorrect. A “C” is good enough for today’s business and technical approaches.
Stephen E Arnold, October 10, 2016
-
- Subscribe to Beyond Search
Feature archive
News archive
-
