CyberOSINT banner

Not Hacking, but Trickery, Lost Bitpay Almost $2 Million

September 30, 2015

The article titled How a Clever Hacker Tricked a Major Bitcoin Company Out of $1.8 Million on Motherboard shines a light on the manipulation of BitPay,a Bitcoin payment service, by a clever hacker. Apparently the attacker sent an email from BTC Media CEO David Bailey’s computer to a BitPay CFO requesting his corporate email information, which he readily supplied because the two companies were already in talks about a potential partnership. The article clarifies,

“The insurance claim on the lost funds was denied because BitPay’s computers were never hacked—instead, they just gave away their email passwords in what appears to be a classic phishing scam. Phishing is when an attacker send a scammy email in the hopes that the victim is not savvy enough to trash it immediately. …Several months after the hack, BitPay was reportedly processing more than $1 million in payments every day.”

The hacker continued using Bitpay’s executive accounts to request funds, all of which were apparently granted until an employee of the transaction software company, SecondMarket, was notified. The article and court case emphasize that this was not a hacking scenario, just a $1.8 Million phishing scam that people using Craigslist for job searches avoid every day.
Chelsea Kerwin, September 30, 2015

Sponsored by, publisher of the CyberOSINT monograph


Business Intelligence: A Magical Insight Machine?

September 28, 2015

I found “Thinking Outside the Big Data Black Box: Why BI Isn’t a Magical Insight Machine” interesting. The main point of the write up is that vendors well analytics platforms. The licensees learn that set up, tuning, expertise are required to make these often expensive systems deliver useful outputs.

The write up states:

Big data, or indeed any data, may indeed hold huge value, but it’s often looked at in the wrong way. When we are looking at data – collected from different sources, to address different motivations, with an ever-changing context – we can’t fast track every correlation into an actionable insight. We have to understand where the data comes from, the factors limiting its reliability, its consistency when applied across different sub-groups, and where biases may be lurking. We need to carefully interrogate any correlation, before we can understand whether it represents a truth in the real world.

Bummer. Smart software, flashy Powerpoints, and examples of Hollywood style graphics make data work fun, interesting, game like, right?

Not without effort.

The write up points out:

A straightforward analysis of historical data will spot factors that consistently cause cost overruns. But more sophisticated techniques and a bit of intuition can go much further – for example you may find short planning time is not generally correlated with cost overruns, but it is more strongly correlated with overruns in projects over a certain size. Most importantly, you need to understand why these relationships exist. If one factor consistently reduces costs, can you be confident it will continue to do so in a new market where conditions are different? If you don’t understand your data you can’t make such predictions.

After reading the article, I was shocked. I thought that today’s nifty systems eliminated the requirement to understand data, understand the mathematical option, and provide ready to use outputs.

Disappointed. I thought the quip about business intelligence as an oxymoron was a cheap shot.

Stephen E Arnold, September 28, 2015

A New Wave of Old School BI Outfits Are Agile, Maybe Juicy

September 27, 2015

The mid tier outfit Forrester has released another report about enterprise business intelligence platforms” for the third quarter of 2015. These reports cost about $2,500, so you know the information is red hot, spot in, and objective. Always objective. in the write up “The Forrester Wave: Agile Business Intelligence Platforms 2015”, the report is described as “juicy.” Imagine. Juicy applied to IBM, Microsoft, and Oracle. Let me refresh your memory of juicy’s official definition:

1:  having much juice : succulent

2:  rewarding or profitable especially financially : fat <juicy contract> <a juicy dramatic role>

3a :  rich in interest : colorful <juicy details>

b : sensational, racy <a juicy scandal>

c :  full of vitality : lusty

I am not sure mid tier consulting firms’ reports are “rewarding or profitable especially financially” for the reader. At a couple of thousand per authorized copy of the report, the mid tier firms are likely to be drenched in juiciness. Will this report be lusty, sensational, colorful, and succulent? Nah. This is marketing pulp, gentle reader.

Which are the companies which make the cut? According to this write up, there are a baker’s dozen of agile, BI vendors:

  • Birst
  • GoodData
  • IBM
  • Information Builders
  • Microsoft
  • MicroStrategy
  • Oracle
  • Panorama Software
  • Qlik
  • SAP
  • SAS
  • Tableau Software
  • TIBCO Software.

Scanning this list, I wonder how “agile” IBM, Microsoft, Oracle, SAP, and SAS really are. I know that TIBCO acquired some nifty technology for its analytics functions, and that the founders of Spotfire have moved on to even more interesting analytics at their new company, funded in part by Google and In-Q-Tel. The other firms are ones which have run around the BI bases for years and may have a touch of arthritis; for instance, Information Builders which kicked off its career 1975. Qlik was founded in 1993. MicroStrategy flipped on its lights in 1989 and spawned at least one outfit (Clarabridge) which strikes me as slightly more agile than the mother ship. Tableau, now a publicly traded outfit, hung out its shingle in 2003.

GoodData may be the most spry among this group, not because it was founded in 2007, but because the firm landed another $25 million in funding in 2014.

According to the blurb about the report, each of these companies are agile because of several special features each of these vendors offer their customers. These characteristics are:

First, these 13 vendors’  products allow their business users to be self sufficient. I am not sure I agree, that SAS stuff requires a person to be SAS-sy, which means able to navigate the companies’ programming methods with some skill. IBM, Microsoft, and Oracle provide many different ways to skin the business intelligence cat. In my opinion, these companies’ business intelligence technology require that the business user have the equivalent of a fighter jet maintenance crew to assist them on the flights into analysis and visualization.

Second, each company generates knock out visualizations. My thought is that for zippy visualizations, more specialized tools are required. The companies highlighted in this report can deliver slides and graphs which are niftier than those in Excel, but far short of the Hollywood style outputs which come from Palantir and Recorded Future, among other firms not included in the agile list.

Third, each of the 13 companies offers its licensees and customers options and additional features. This is definitely a must have function. Most of the firms in the list of agile BI companies sells services. Some have partners, lots of partners. The business model may be less to be agile and more to sell billable work, but that’s okay. I am not sure inking a six figure services contract delivers agility.

I assume the complete $2,500 report will become available from the companies listed in the report. For now, think agility. Think IBM, Microsoft, and Oracle, along with the 10 other companies.

Remember, these are 13 juicy and agile outfits. Remarkable. Juicy.

Stephen E Arnold, September 27, 2015

Watch Anti-Money Laundering Compliances Sink

September 25, 2015

With a title like “AML-A Challenge Of Titanic Proportions” posted on Attivio metaphoric comparisons between the “ship of dreams” and icebergs is inevitable.  Anti-money laundering compliances have seen an unprecedented growth between 2011-2014 of 53%, says KPMG’s Global Anti-Money Laundering (AML) Survey.  The costs are predicted to increase by more than 25% in the next three years.  The biggest areas that are requiring more money, include transaction monitoring systems, Know Your Customer systems, and recruitment/retention systems for AML staff.

The Titanic metaphor plays in as the White Star Line director Bruce Ismay, builder Thomas Andrew, and nearly all of the 3327 passengers believed the ship was unsinkable and the pinnacle of modern technology.  The belief that humanity’s efforts would conquer Mother Nature was its downfall.  The White Star Line did not prepare the Titanic for disaster, but AML companies are trying to prevent their ships are sinking.  Except they cannot account for all the ways thieves can work around their system, just as the Titanic could not avoid the iceberg.

“Systems need to be smarter – even capable of learning patterns of transaction and ownership.  Staff needs more productive ways of investigating and positively concluding their caseload.  Alerting methods need to generate fewer ‘false positives’ – reducing the need for costly human investigation. New sources of information that can provide evidence need to come online faster and quickly correlate with existing data sources.”

The Titanic crew accidentally left the binoculars for the crow’s nest in England, which did not help the lookouts.  The current AML solutions are like the forgotten binoculars and pervasive action needs to be taken to avoid the AML iceberg.

Whitney Grace, September 25, 2015

Sponsored by, publisher of the CyberOSINT monograph


Rundown on Legal Knowledge Management

September 24, 2015

One of the new legal buzzwords is knowledge management and not just old-fashioned knowledge management, but rather quick, efficient, and effective.  Time is an expensive commodity for legal professionals, especially with the amount of data they have to sift through for cases.  Mondaq explains the importance of knowledge management for law professionals in the article, “United States: A Brief Overview Of Legal Knowledge Management.”

Knowledge management first started in creating an effective process for managing, locating, and searching relevant files, but it quickly evolved into implementing a document managements system.  While knowledge management companies offered law practices decent document management software to tackle the data hill, an even bigger problem arose. The law practices needed a dedicated person to be software experts:

“Consequently, KM emphasis had to shift from finding documents to finding experts. The expert could both identify useful documents and explain their context and use. Early expertise location efforts relied primarily on self-rating. These attempts almost always failed because lawyers would not participate and, if they did, they typically under- or over-rated themselves.”

The biggest problem law professional face is that they might invest a small fortune in a document management license, but they do not know how to use the software or do not have the time to learn.  It is a reminder that someone might have all the knowledge and best tools at their fingertips, but unless people have the knowledge on how to use and access it, the knowledge is useless.

Whitney Grace, September 24, 2015
Sponsored by, publisher of the CyberOSINT monograph

Baffled When Choosing Business Intelligence Analytics Tools?

September 23, 2015

Most of the professionals whom I know use one software package for most of their business intelligence needs. What do you use? SAS, SPSS, raw algorithms from Mertler’s and Vannatta’s Advanced and Multivariate Statistical Methods, Diffeo, Mathematica, or some other tool?

The answer, gentle reader, is Excel. Yep, the son of 1-2-3 by way of ruled ledger paper.

I read “Which BI Analytics Tool Does My Company Need?” and figured out the angle of attack after a couple of paragraphs. Here’s the tip off:

BI analytics tools. No one-size-fits-all.

Excel, however, comes pretty close to the horseshoe stake. The reasons include:

  • It is not particularly intimidating. Anyone can plug in numbers, select a numerical recipe, and get an output
  • Excel is available widely
  • Students get some exposure in school, usually before high school, even in rural Kentucky.

The write up does not identify specific vendors or products. The article is a useful collection of jargon:

  • Visual oriented analytics. Translation: graphs
  • Packaged applications. Translation: Excel
  • Limited exploration. Translation: Canned reports set up for the user by the developer
  • Operational snapshots: Translation: More canned reports.

My thought: Isn’t analytics based business intelligence easy? I have observed Excel users’ selecting numerical recipes from the “formulas” provided with Excel and seeing what happens when applied to a collection of data. How does that work out in your experience?

Business intelligence may be considered an oxymoron by some.

Stephen E Arnold, September 23, 2015

Exalead Gets a New Application

September 22, 2015

Exalead is Dassault Systems’s big data software targeted specifically at businesses.  Exalead offers innovative data discovery and analytics solutions to manage information in real time across various servers and generate insightful reports to make better, faster decisions.  It is the big data solution of choice for many businesses across various industries.  The Exalead blog shares that “PricewaterhouseCoopers Is Launching Its Information Management Application, Based on Exalead CloudView.”

PricewaterhouseCoopers (PwC) analyzed the amount of time users spent trying to locate, organize, and disseminated information.  When users spend the time on information management, they lose two valuable resources: time and money.  PwC designed Pulse, a search and information tool as a solution to the problem.

“The EXALEAD CloudView software solution from Dassault Systèmes facilitates the rapid search and use of sources of structured and unstructured information. In existence since 2007, this enterprise information management concept was integrated initially in other software applications. Since it was reworked as EXALEAD CloudView, the configuration of the queries has become easier and they are processed much faster. Furthermore, the results of the searches are more precise, significantly reducing the number of duplicates and the time wasted managing them. PwC has deliberately decided to roll out Pulse on an international scale gradually, in order to generate plenty of enthusiasm amongst users. A business case is prepared for each country on the basis of its needs, the benefits and the potential savings. PwC also intends to make the content in Pulse accessible by other internal systems (e.g., the project workspaces), to integrate the sources, and to make the search function even smarter.”

Pulse is supposed to cut costs and reinvest the resources into more fruitful venues.  One interesting aspect to note is that PwC did not build the Pulse upgrade, Exalead provided the plumbing.

Whitney Grace, September 22, 2015
Sponsored by, publisher of the CyberOSINT monograph


Recommind Hits $70 Million

September 16, 2015

A video from the Big Data Landscape, part of their Big Data TV series, brings us an interview with Recommind’s CEO, Bob Tennant. The 11-and-a-half minute video and its transcript appear under the headline, “How Recommind Grew to $70M in Big Data Revenue.”

The interview by Dave Feinleib explores Recommind’s right-moves-at-the-right-time origin story, what its intelligence and eDiscovery software does, and why Tennant is confident the company will continue to thrive. This successful CEO also offers advice for aspiring entrepreneurs in any field, so check out the video or transcript for those words of wisdom.

Interestingly, the technology Tennant describes reminds us of early Autonomy methods [pdf]. He discusses working with unstructured data:

“So what you have to do is try to understand at a deeper level what’s happening semantically. What Recommind does is marry up a very highly scalable system for dealing with unstructured information– and the kind of database you need for doing that is different than what you would utilize for online transaction processing. But it also marries that up with a very deep knowledge of machine learning, which is the root of the company and where our post-docs were doing their research, to help understand what the key pieces of information in the sea of textual stuff are. And once you understand the key pieces, then you can put that into applications for further use or you can provide it to business intelligence applications to make sense of, or you can feed it elsewhere. But that’s very different from dealing with very structured data that most people are familiar with.”

Launched in 2000 and headquartered in San Francisco, Recommind provides search-powered analysis and governance solutions to customers around the world. The company’s Malolo technology stack is built upon their CORE information management platform.

Cynthia Murrell, September 16, 2015

Sponsored by, publisher of the CyberOSINT monograph

SEC Cracks Down on News Release Interceptors

September 15, 2015

What’s better than a flash trade? I would suggest perusing news releases before the news releases are released. “SEC Takes $30m Pound of Flesh in Newswire-Hacking Scandal” reveals that the US Securities and Exchange Commission frowns on “trading on info swiped from press releases before they were made public.”

The write up reveals:

According to the SEC, two Ukrainian hackers compromised the wire services and then fed the stolen information to dozens of investors who made illegal (and highly lucrative) trades. The defendants are accused of violating the US Securities Act and the US Exchange Act.

Interesting. Will the SEC expand its crusade to ensure that news releases remain off limits to those who would exploit the financial system?

My hunch is that Martha Stewart type investigations and prosecutions are more appealing to some enforcement outfits. I have heard that there is a revolving door between certain financial outfits and US government positions. Chasing Ukrainians does not modify standard operating procedures. Do I have a pending folder named “hold ‘er”? I will check.

Stephen E Arnold, September 15, 2015

The Cricket Cognitive Analysis

September 4, 2015

While Americans scratch their heads at the sport cricket, it has a huge fanbase and not only that, there are mounds of data that can now be fully analyzed says First Post in the article, “The Intersection Of Analytics, Social Media, And Cricket In The Cognitive Era Of Computing.”

According to the article, cricket fans absorb every little bit of information about their favorite players and teams.  Technology advances have allowed the cricket players to improve their game with better equipment and ways to analyze their playing, in turn the fans have a deeper personal connection with the game as this information is released.  For the upcoming Cricket World Cup, Wisden India will provide all the data points for the game and feed them into IBM’s Analytics Engine to improve the game for spectators and the players.

Social media is a huge part of the cricket experience and the article details examples about how it platforms like Twitter are processed through sentimental analysis and IBM Text Analytics.

“What is most interesting to businesses however is that observing these campaigns help in understanding the consumer sentiment to drive sales initiatives. With right business insights in the nick of time, in line with social trends, several brands have come up with lucrative offers one can’t refuse. In earlier days, this kind of marketing required pumping in of a lot of money and waiting for several weeks before one could analyze and approve the commercial success of a business idea. With tools like IBM Analytics at hand, one can not only grab the data needed, assess it so it makes a business sense, but also anticipate the market response.”

While Cricket might be what the article concentrates on, imagine how data analytics are being applied to other popular sports such as American football, soccer, baseball, golf, and the variety of racing popular around the world.

Whitney Grace, September 4, 2015
Sponsored by, publisher of the CyberOSINT monograph

Next Page »