Increasingly Sophisticated Cybercrime

December 8, 2016

What a deal! Pymnts.com tells us that “Hacked Servers Sell for $6 On The Dark Web.” Citing recent research from Kapersky Lab, the write-up explains:

Kaspersky Lab researchers exposed a massive global underground market selling more than 70,000 hacked servers from government entities, corporations and universities for as little as $6 each.

The cybersecurity firm said the newly discovered xDedic marketplace currently has a listing of 70,624 hacked Remote Desktop Protocol (RDP) servers for sale. It’s reported that many of the servers either host or provide access to consumer sites and services, while some have software installed for direct mail, financial accounting and POS processing, Kaspersky Lab confirmed.

Kapersky’s Costin Raiu notes the study is evidence that “cybercrime-as-a-service” is growing, and has been developing its own, well-organized infrastructure. He also observes that the victims of these criminals are not only the targets of attack, but the unwitting server-owners. xDedic, he says, represents a new type of cybercriminal marketplace.

Kapersky Lab recommends organizations take these precautions:

*Implement multi-layered approach to IT infrastructure security that includes a robust security solution

*Use of strong passwords in server authentication processes

*Establish an ongoing patch management process

*Perform regular security audits of IT infrastructures

*Invest in threat intelligence services”

Stay safe, dear readers.

Cynthia Murrell, December 8, 2016

Bug-Free, Efficient Tor Network Inching Towards Completion

November 30, 2016

The development team behind the Tor Project recently announced the release of Tor 0.2.9.5 that is almost bug-free, stable and secure.

Softpedia in a release titled New Tor “The Onion Router” Anonymity Network Stable Branch Getting Closer says:

Tor 0.2.9.5 Alpha comes three weeks after the release of the 0.2.9.4 Alpha build to add a large number of improvements and bug fixes that have been reported by users since then or discovered by the Tor Project’s hard working development team. Also, this release gets us closer to the new major update of The Onion Router anonymity network.

Numerous bugs and loopholes were being reported in Tor Network that facilitated backdoor entry to snooping parties on Tor users. With this release, it seems those security loopholes have been plugged.

The development team is also encouraging users to test the network further to make it completely bug-free:

If you want to help the Tor Project devs polish the final release of the Tor 0.2.9 series, you can download Tor 0.2.9.5 Alpha right now from our website and install it on your GNU/Linux distribution, or just fetch it from the repositories of the respective OS. Please try to keep in mind, though, that this is a pre-release version, not to be used in production environments.

Though it will always be a cat and mouse game between privacy advocates and those who want to know what goes on behind the veiled network, it would be interesting to see who will stay ahead of the race.

Vishal Ingole, November 30, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Examples of Visualizations

November 20, 2016

If you want a quick look at what visualizations to use for use cases, you may find “An Overview of Text Mining Visualizations Possibilities with R on the CETA Trade Agreement.” The article focuses on trade agreement data, but  the graphics provide a darned good refresher about visualization options. One caveat: Some of the links in the write up do not work. Nevertheless, we found the illustrations and commentary helpful.

Stephen E Arnold, November 20, 2016

Palantir Technologies: Less War with Gotham?

November 9, 2016

I read “Peter Thiel Explains Why His Company’s Defense Contracts Could Lead to Less War.” I noted that the write up appeared in the Washington Post, a favorite of Jeff Bezos I believe. The write up referenced a refrain which I have heard before:

Washington “insiders” currently leading the government have “squandered” money, time and human lives on international conflicts.

What I highlighted as an interesting passage was this one:

a spokesman for Thiel explained that the technology allows the military to have a more targeted response to threats, which could render unnecessary the wide-scale conflicts that Thiel sharply criticized.

I also put a star by this statement from the write up:

“If we can pinpoint real security threats, we can defend ourselves without resorting to the crude tactic of invading other countries,” Thiel said in a statement sent to The Post.

The write up pointed out that Palantir booked about $350 million in business between 2007 and 2016 and added:

The total value of the contracts awarded to Palantir is actually higher. Many contracts are paid in a series of installments as work is completed or funds are allocated, meaning the total value of the contract may be reflected over several years. In May, for example, Palantir was awarded a contract worth $222.1 million from the Defense Department to provide software and technical support to the U.S. Special Operations Command. The initial amount paid was $5 million with the remainder to come in installments over four years.

I was surprised at the Washington Post’s write up. No ads for Alexa and no Beltway snarkiness. That too was interesting to me. And I don’t have a dog in the fight. For those with dogs in the fight, there may be some billability worries ahead. I wonder if the traffic jam at 355 and Quince Orchard will now abate when IBM folks do their daily commute.

Stephen E Arnold, November 9, 2016

Blue Chipper and Marketing Analytics

November 9, 2016

I think this write up “Reporter’s Notebook: McKinsey’s Heller Talks Analytics” is a summary plus odds and ends based on a McKinsey blue chip consultant’s lecture. McKinsey prides itself on hiring smart people, and it does some crafty buzzwording when it makes the obvious so darned obvious.

I noted this passage:

CMOS are asking: Do we have enough data scientists? Are we accelerating customer acquisition? Are we increasing customer value? What they care about is taking the intense amount of data that happens every day from call centers, Web sites and stores, then stitching it together and identifying new customer segmentation and new opportunities to create growth. The CMO is thinking about data science — how it can drive growth about the organization.

The idea is that federating disparate information is important from McKinsey’s point of view.

How does a marketer deal with data in a way that makes revenue? I highlighted this MBA formula: Get organized, plan, and hire McKinsey to help. The 4Ds will help too:

  • “Data. Aggregate as much information as possible and everything you do downstream creates more value.
  • Decisioning. Run advanced models — propensity models, churn models — against that data. You don’t become a data scientist overnight. The organization needs to do customer scoring and advanced analytics. Identify where the data fiefdoms are in your organization (people holding on to their data to protect their jobs) and get the right people together.
  • Design. Managing the content, offers and experience the customer receives and being curious and experimenting. Testing. A/B testing. Once you have the models, what are the experiences these customers want to see?
  • Distribution. Push both the decision data and test design into marketing. Close the loop and measure everything. If I’m in a room of marketers and I ask them what their roles are, they’re distributing marketing communications, just not in a truly data-driven way.”

But the marketing officer must embrace the five core beliefs behind “mobilization.” I bet you are eager to learn these five insights. Here you go:

  1. “Mobilize cross-functional leaders around the opportunity. The CMO needs CIO, store operations, different people to help break down the silos.
  2. Get creative about navigating the legacy … be relentless about solutions.
  3. Walk before you run. Identify a roadmap, pick some high priority areas and execute.
  4. Prioritize “lighthouse” projects to kick-start execution.
  5. Let data activation drive your new marketing operations model.”

What’s the payoff? Well, for McKinsey it is billable hours. For the client:

We see real aggressive growth with clients doing nothing wrong in the range of a 6X revenue capture. If I can increase the speed by which you test, you’re increasing revenue . Typically conversion rate increases from the low end of the 20s to high end of 150 percent plus  range … on the digital sales side yield exponential gains of 2, 3, 5X. Just 1 percent, 2 percent or 3 percent of enterprise value creation for a multi-billion company — driven by digital — is huge.

Huge? That seems to be a trendy word. Where have I heard it before? Hmmm. Will McKinsey guarantee the measurable benefit of its consultants’ work? My hunch is that McKinsey sends invoices; it does not write checks when its work wanders a bit from the data in a presentation.

Stephen E Arnold, November 9, 2016

Demand for Palantir Shares Has Allegedly Gone Poof

November 7, 2016

I read “Ex-Palantir Employees Are Struggling To Sell Their Shares.” Let’s assume that the information in the write up is spot on. The main idea is that one of the most visible of Silicon Valley’s secretive companies has created a problem for some of its former employees. I learned:

Demand has evaporated” for the shares that make up the bulk of Palantir’s pay packages, and the company’s CEO seems aware of financial angst among his staff.

The softening of the market for stock options suggests that the company’s hassles with investors and the legal dust up with the US government are having an effect. Couple the buzz with the prices in Silicon Valley, and it is easy to understand why some people want to covert options for cash money. I highlighted this passage:

Some said they needed the cash to buy a house or pay down debt, while another said they took out a loan to fund the process of turning the options into shares. One said it was “infuriating” trying to sell their shares in a “crap” market.

I found this statement from a broker, who was not named, suggestive:

This person then quoted an unidentified broker as saying, “There is absolutely nothing moving in Palantir. People who have bought through us are trying to sell now. I don’t see it changing without the company changing their tone on an IPO.”

With the apparent decision relating to the US Army and it procurement position with regards to Palantir going the way of the Hobbits, perhaps the negativism will go away.

One thought: Buzzfeed continues to peck away at Palantir Technologies. Palantir Technologies has a relationship with Peter Thiel. The intersection of online publications and Peter Thiel has been interesting. Worth watching.

Stephen E Arnold, November 7, 2016

DataSift and Its Getting the Most from Facebook Series

November 6, 2016

There’s been some chatter about Facebook’s approach to news. For some researchers, Facebook is a high value source of information and intelligence. If you want to get a sense of what one can do with Facebook, you may find the DataSift series “Getting the Most from Facebook” helpful.

At this time there are six blog posts on this topic, you can locate the articles via the links below. Each write up contains a DataSift commercial:

  1. Types of social networks
  2. What data analytics can be used on Facebook data
  3. Facebook topic data
  4. Topic data use cases and drawbacks
  5. Why use filters
  6. Pylon specific tips but these apply to other analytics systems as well.

The write ups illustrate why law enforcement and intelligence professionals find some Facebook information helpful. Markets are probably aware of the utility of Facebook information, but to get optimum results, discipline must be applied to the content Facebookers generate at a remarkable rate.

Stephen E Arnold, November 6, 2016

Model Based Search: Latent Dirichlet Allocation

November 5, 2016

I worked through a presentation by Thomas Levi, a wizard at Unbounce, a landing page company. . You can download the presentation at this link but you will need to log in in order to access the information. There’s also a video and an MP3 available. The idea is that concepts plus tailored procedures in models provides high value outputs. I noted this passage:

utilizing concepts in topic modeling can be used to build a highly effective model to categorize and find similar pages.

I noted the acronym LDA or Latent Dirichlet Allocation because that struck me as the core of the method. For those familiar with the original Autonomy Digital Reasoning Engine, there will be some similar chords. Unbounce’s approach provides another example of the influence and value of the methods pioneered by Autonomy in the mid 1990s.

Stephen E Arnold, November 5. 2016

Self Service Business Intelligence: Some Downers

November 2, 2016

Perhaps I am looking at a skewed sample of write ups. I noted another downer about easy to use, do it yourself business intelligence systems. These systems allow anyone to derive high value insights from data with the click of a mouse.

That’s been a dream of some for many years. I recall that one of my colleagues at Halliburton NUS repeating to anyone who would listen to a civil engineer with a focus on wastewater say, “I want to walk into my office and have the computer tell me what I need to know today.”

Yep, how’s that coming along?

The write up “9 Ways Self Service BI Solutions Fall Short” suggests that that the comment made by the sewage expert in 1972 is not yet a reality. The write up identifies nine “reasons,” but I circled three as of particular interest to me and my research goslings. You will need to read the original “Fall Short” article for the full complement of downers or “challenges” in today’s parlance.

  1. Hidden complexity. Yep, folks who don’t know what they don’t know but just want a good enough answer struggle with the realities of data integrity, mathematics, and assumptions. A pretty chart may be eye catching and “simple”. But is it on point? Well, that’s part of the complexity which the pretty chart is doing its best to keep hidden. Out of sight, out of mind, right?
  2. Customization. Yep, the chart is pretty but it does not answer the question of a particular user. Now the plumbing must be disassembled in order to get what the self service BI user wants. Okay, but what if that self service user who is in a hurry cannot put the plumbing together again. Messy, right?
  3. Cost and scalability. The problem with self service is that low cost comes from standardization. You can have any color so long as it is black. The notion of mass customization persists even through every Apple iPhone is the same. The user has to figure out how to set up the phone to do what the user wants. The result is that most of the iPhone users make minimal changes to the software on the phone. Default settings are the setting for the vast majority of a system’s users. When a change has to be made, that change comes at a cost and neither users nor the accountants are too keen on the unique snowflake approach to hardware or software. The outputs from a BI system, therefore, get used with zero or minimal modifications.

What are the risks of self service business intelligence? These range from governmental flops like 18F to Google’s failure with its fiber play. Think of the inefficiency resulting from the use of business intelligence systems marketed as the answer to the employee’s need for on  point information.

When I walk into my office, no system tells me what I need to know. Nice idea, though.

Stephen E Arnold, November 2, 2016

The CIA Claims They Are Psychic

November 2, 2016

Today’s headline sounds like something one would read printed on a grocery store tabloid or a conspiracy Web site.  Before I start making claims about the Illuminati, this is not a claim about magical powers, but rather big data and hard science…I think.  Defense One shares that, “The CIA Says It Can Predict Social Unrest As Early As 3 To 5 Days Out.”  While deep learning and other big data technology is used to drive commerce, science, healthcare, and other industries, law enforcement officials and organizations are using it to predict and prevent crime.

The CIA users big data to analyze data sets, discover trends, and predict events that might have national security ramifications.  CIA Director John Brennan hired Andrew Hallman to be the Deputy Director for Digital Innovations within the agency.  Under Hallman’s guidance, the CIA’s “anticipatory intelligence” has improved.  The CIA is not only using their private data sets, but also augment them with open data sets to help predict social unrest.

The big data science allows the CIA to make more confident decisions and provide their agents with better information to assess a situation.

Hallman said analysts are “becoming more proficient in articulating” observations to policymakers derived in these new ways. What it adds up to, Hallman said, is a clearer picture of events unfolding—or about to unfold—in an increasingly unclear world.

What I wonder is how many civil unrest events have been prevented?  For security reasons, some of them remain classified.  While the news is mongering fear, would it not be helpful if the CIA shared some of its success stats with the news and had them make it a priority to broadcast it?

Whitney Grace, November 2, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

« Previous PageNext Page »