TikTok: A Murky, Poorly Lit Space
April 15, 2022
TikTok, according to its champions, is in the words of Ernie (Endurance) Hemingway:
You do not understand. This is a clean and pleasant café. It is well lighted. (Quote from “A Clean, Well-Lighted Place”)
No, I understand. If the information in “TikTok under US Government Investigation on Child Sexual Abuse Material” is on the money, the Department of Justice and the US Department of Homeland Security, TikTok may not be a “clean and pleasant café.”
The paywalled story says that TikTok is a digital watering hole for bad actors who have an unusually keen interest in young people. The write up points out that TikTok is sort of trying to deal with its content stream. However, there is the matter of a connection with China and that country’s interest in metadata. Then there is the money which just keeps flowing and growing. (Facebook and Google are now breathing TikTok’s diesel exhaust. Those sleek EV-loving companies are forced to stop and recharge as the TikTok tractor trailer barrels down the information highway.
For those Sillycon Valley types who see TikTok as benign, check out some of TikTok’s offers to young people. Give wlw a whirl. Oh, and the three letters work like a champ on YouTube. Alternatively ask some young people. Yeah, that’s a super idea, isn’t it. Now about unclean, poorly illuminated digital spaces.
Stephen E Arnold, April 15, 2022
Google Hits Microsoft in the Nose: Alleges Security Issues
April 15, 2022
The Google wants to be the new Microsoft. Google wanted to be the big dog in social media. How did that turn out? Google wanted to diversify its revenue streams so that online advertising was not the main money gusher. How did that work out? Now there is a new dust up, and it will be more fun than watching the antics of coaches of Final Four teams. Go, Coach K!
The real news outfit NBC published “Attacking Rival, Google Says Microsoft’s Hold on Government Security Is a Problem.” The article presents as actual factual information:
Jeanette Manfra, director of risk and compliance for Google’s cloud services and a former top U.S. cybersecurity official, said Thursday that the government’s reliance on Microsoft — one of Google’s top business rivals — is an ongoing security threat. Manfra also said in a blog post published Thursday that a survey commissioned by Google found that a majority of federal employees believe that the government’s reliance on Microsoft products is a cybersecurity vulnerability.
There you go. A monoculture is vulnerable to parasites and other predations. So what’s the fix? Replace the existing monoculture with another one.
That’s a Googley point of view from Google’s cloud services unit.
And there are data to back up this assertion, at least data that NBC finds actual factual; for instance:
Last year, researchers discovered 21 “zero-days” — an industry term for a critical vulnerability that a company doesn’t have a ready solution for — actively in use against Microsoft products, compared to 16 against Google and 12 against Apple.
I don’t want to be a person who dismisses the value of my Google mouse pad, but I would offer:
- How are the anti ad fraud mechanisms working?
- What’s the issue with YouTube creators’ allegations of algorithmic oddity?
- What’s the issue with malware in approved Google Play apps?
- Are the incidents reported by Firewall Times resolved?
Microsoft has been reasonably successful in selling to the US government. How would the US military operate without PowerPoint slide decks?
From my point of view, Google’s aggressive security questions could be directed at itself? Does Google do the know thyself thing? Not when it comes to money is my answer. My view is that none of the Big Tech outfits are significantly different from one another.
Stephen E Arnold, April 15, 2022
Amazon: Is the Company Losing Control of Essentials?
April 11, 2022
Here’s a test question? Which is the computer product in the image below?
|
[a] |
[b] |
 |
 |
If you picked [a], you qualify for work at TopCharm, an Amazon service located in lovely Brooklyn at 3912 New Utrecht Avenue, zip 11219. Item [b] is the Ryzen cpu I ordered, paid for, and expected to arrive. TopCharm delivered: Panties, not the CPU. Is it easy to confuse a Ryzen 5900X with these really big, lacy, red “unmentionables”? One of my team asked me, “Do you want me to connect the red lace cpu to the ASUS motherboard?”
Ho ho ho.
What does Clustrmaps.com say about this location””?
This address has been used for business registration by Express Repair & Towing Inc. The property belongs to Lelah Inc. [Maybe these are Lelah’s underwear? And Express Repair & Towing? Yep, that sounds like a vendor of digital panties, red and see-through at that.]
One of my team suggested I wear the garment for my lecture in April 2021 at the National Cyber Crime Conference? My wife wanted to know if Don (one of my technical team) likes red panties? A neighbor’s college-attending son asked, “Who is the babe who wears that? Can I have her contact info?”
My sense of humor about this matter is officially exhausted.
Several observations about this Amazon transaction:
- Does the phrase “too big to manage” apply in this situation to Amazon’s ecommerce business?
- What type of stocking clerk confuses a high end CPU with cheap red underwear?
- What quality assurance methods are in place to protect a consumer from cheap jokes and embarrassment when this type of misstep occurs?
Has Amazon lost control of the basics of online commerce? If one confuses CPUs with panties, how is Amazon going to ensure that its Government Cloud services for the public sector stay online? Quite a misstep in my opinion. Is this cyber fraud, an example of management lapses, a screwed up inventory system, or a perverse sense of humor?
Stephen E Arnold, April 11, 2022
The Lapsus$ Gang: Teens or a Cyber Army?
March 28, 2022
I read “Who is LAPSUS$, the Big, Bad Cybercrime Gang Hacking Tech’s Biggest Companies?https://gizmodo.com/who-is-lapsus-the-gang-hacking-microsoft-samsung-an-1848686059” The write up answers the question this way:
British authorities announced the arrest of seven people said to be connected to the gang. Authorities revealed that the unidentified suspects ranged in age from 16 to 21. The ringleader of the gang is reputed to be a 16-year-old British kid from Oxford.
True? The wheels of justice in the UK must turn.
I have another angle. I processed this news story and thought about the assorted explanations offered from some high profile bad actor behaviors; for example, SolarWinds, Microsoft Exchange, Colonial Pipeline, et al.
Here with is my imaginary recreation of the Lapsus$ actions, just explained by luminaries from companies I enjoy following:
A Microsoft-type outfit opined, “Lapsus$ is a gang of more than 1,000 programmers who have labored intensively to compromise our highly secure ecosystem. This is the work of a nation state.
A US government cyber official affiliated with the White House said, “The predatory and dangerous behavior of an unprincipled gang under the direct orders of what might be called the Axis of Evil is undermining the national security of the United States. A failure to follow the 15,000 page checklist for cyber protections will be mandated by a new Executive Order called The Definitive Checklist for Commercial, Governmental, Not-for-Profit, and Any Other Entity Including under Age Operated Fiscal Processes Such As Girl Scout Cookie Sales.”
A founder of a smart cyber security firm said, “These recent breaches would have been prevented had each of the compromised firms licensed our Bayesian anchored cyber security platform. Our smart cyber platform proactively blocks the breach mechanisms developed by world class actors regardless of their geographical location.”
So what’s the present and somewhat amusing reality: Maybe no nation state? Maybe no Axis of Evil? Maybe no massive, organized gang of disaffected technical wizards? Maybe no compromised insiders?
What have we got. A teen whose father appears to be unaware of his progeny’s extracurricular activities?
Content creators: Is it time for a podcast, a Netflix documentary, a 60 minutes segment?
Stephen E Arnold, March 28, 2022
The Promise of Curated Apps
March 17, 2022
It is much easier to describe something than it is to produce a thing that matches the slide deck. I am not sure if the information in “Vicious SharkBot Banking Trojan Discovered in Play Store Antivirus App” is spot on. The tip off for me is the description of malware as “vicious.” The metaphors of sharks, apps, and vicious don’t work, but I get the idea.
The main point of the write up strikes me as:
British IT security researchers discovered, an updated SharkBot is hiding inside an innocent-looking antivirus app which is still available on the Google Play Store as of Saturday.
The interesting function is that the malware includes a function which performs automatic transfers. The money is in an account until it is not.
How does one obtain the app? The write up alleges that one might visit the Google Play Store and download something called Antivirus Super Cleaner.”
If the story is accurate, one has to consider this question, “Who is the minder of the Google Play Store?” An intern, a snorkeling bit of smart software, a contractor obtained via Upwork, a full time employee looking for a lateral arabesque to a hot new project, no one, or some other mechanism?
Imagine. No one minding the store. A new approach to curation perhaps?
Stephen E Arnold, March 17, 2022
Gannett: Allegedly Manipulating Online Advertising for Gain
March 16, 2022
What? Online advertising subject to manipulation? I thought this was impossible. The players have the highest ethical standards. The online services make the leaders of a half dozen major religions look like moral slackers.
“Doman Spoofing on Gannett Sites” suggests that one of the brightest lights in the galaxy of highly regarded “real news” outfits may have been putting its thumb on the grocer’s scale. The write up asserts:
Domain spoofing — where ad inventory is misrepresented as being from a different site — is often talked about as a solved problem by adtech insiders. Despite this, USA Today and hundreds of local newspapers owned by Gannett were sending spoofed bid requests to multiple ad exchanges for over 9 months.
The write up marshals evidence which will be impenetrable to those who are not familiar with Web coding and advertising mechanisms. Nevertheless, the main point is that Gannett is in the center of something that looks to the author (braedon.dev_) suspicious.
The write up adds:
This is unlikely to be the only case of this kind of authorized spoofing in the wild. Exchanges, DSPs, and anti-fraud vendors need to take a good look at why it seemingly went undetected for so long, and where else it might be happening.
My goodness, is domain spoofing and digital bait and switch widespread? Of course not. Ad sales are infused with the integrity of the MBA and coders who do what seems like fun.
Stephen E Arnold, March 16. 2022
Google: Defines Excellence for Android Users
March 3, 2022
I read a hoot of a story. “Data Stealing App Found in Google Play Downloaded Thousands of Times.” The idea for branded stores is consistency, compatibility, and trust. No one wants to buy an air fryer that explodes and maims an influencer. Why would one want to download a mobile app which allows a bad actor to seize data or control of one’s mobile device.
The write up reports:
A notorious Android banking trojan designed to steal user data, like passwords and text messages, has been discovered in Google Play and downloaded thousands of times. The TeaBot banking trojan, also known as Anatsa and Toddler, was first observed in May 2021 targeting European banks by stealing two-factor authentication codes sent by text message.
Yep, malware direct from the Google. Let’s rundown those qualities of a branded store:
- Consistency
- Compatibility
- Trust
Check, check, and check.
Ah, Google, are you entering a security drag race against the Softies?
Stephen E Arnold, March 3, 2022
Microsoft and Security: A Probably Trivial Item
March 2, 2022
An online publication called Venture Beat published “Russia May Use SolarWinds-Like Hacks in Cyberwar over Ukraine.” The article contained a paragraph I found suggestive. Here’s the passage:
…the attackers are believed to have gained access for as much as nine months to numerous companies and government agencies, including FireEye, Microsoft and the Departments of Defense, State and Treasury.
The point for me is that the extent of the breaches is not fully known. It is easier to issue news releases and make high-profile marketing moves than come to grips with the allegedly accurate information in the Venture Beat article.
Stephen E Arnold,March 2, 2022
Insider Threat: A Tricky Risk for Everyone
February 28, 2022
I spotted two report. One is from the once-upon-a-time Google- and In-Q-Tel outfit Recorded Future. The company published “Conti Ransomware Gang Chats Leaked by Pro-Ukraine Member”. Another version (maybe not verification of the Recorded Future story) appeared in “Backing Russia Backfires as Conti Ransomware Gang Internal Chats Leak.” I am never sure if stories are spot on, recycled rumors, or “real” news.
The main point of both stories is thought provoking.
A group of bad actors named “Conti” want to support a specific regime. One of the members of this group was not on board with the concept. This individual obtained confidential messages from members of the Conti outfit. With the information in hand, the “insider” made the content available to people outside of the gang.
From my point of view, the two stories make one point clear: If true, insider threats are often more of a threat that other types of actions. If false, the two stories provide a road map for individuals who want to pay off or cause some other factor to spark an insider into spilling the beans.
Net net: Insider threats are a vulnerability which warrant attention, not just a Fancy Dan automated email list of new exploits. Plus, this is a useful anecdote to share with those who tell me, “It can’t happen in my group.”
Stephen E Arnold, February 28, 2022
Australia: A Harbinger of Investigative Capability
February 11, 2022
Australia is a country which has been a pioneer in some investigative methods. Another innovation has been described in “Home Affairs Says Online Account Takeover Powers Now in Use.” The write up states:
…the Australian Federal Police and Australian Criminal Intelligence Commission have access to three new warrants to tackle serious crime enabled by anonymising technology. The warrants allow the agencies to take control of a person’s online account, as well as add, copy, delete or alter material to disrupt criminal activity and collect intelligence from online networks.
Australia is a participant in the Five Eyes’ group. Others in that federation are likely to monitor how Australia’s innovation works in the real world. Worth watching.
Stephen E Arnold, February 11, 2022
-
- Subscribe to Beyond Search
Feature archive
News archive
-
