• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

SolarWinds Are Gusting and Blowing Hard

Many pundits have reacted to the New York Times’ story “As Understanding of Russian Hacking Grows, So Does Alarm.” Work through those analyses. What’s missing? Quite a lot, but in this short blog post I want to address one issue that has mostly ignored.

At one time, there was a list on the SolarWinds’ Web site of the outfits which had been compromised. That list disappeared. I posted “Sun Spotting in the Solar Wind” on December 23, 2020. In that post, I reported three outfits which had been allegedly compromised by the SolarWinds’ misstep (and some of the information I used as a source remains online):

City of Barrie (Canada)

Newton Public Schools (US)

Regina Public Schools (Canada).

The question is, “Why are outfits like a municipality known as part of the Greater Golden Horseshoe, Newton’s public schools, and the Regina public schools? (I’ve been to Regina in the winter. Unforgettable is it.)

My research team and I discussed the alleged exploits taking up residence in these organizations; that is, allegedly, of course, of course.

Here’s what my team offered:

• A launch pad for secondary attacks. The idea is that the original compromise was like a rat carrying fleas infected with the bubonic plague (arguably more problematic than the Rona)
• A mechanism for placing malicious code on the computing devices of administrators, instructors, and students. As these individuals thumb typed away, these high trust individuals were infecting others in their social circle. If the infections were activated, downloads of tertiary malware could take place.
• Institutions like these would connect to other networks. Malware could be placed in server nodes serving other institutions; for example, big outfits like Rogers Communications, a government ministry or two, and possibly the cloud customers of the beloved Rogers as well as BCE (Bell Canada’s parent) and Telus.

The odd ducks in the list of compromised organization, just might not be so odd after all.

That’s the problem, isn’t it? No one knows exactly when the misstep took place, what primary and downstream actions were triggered, and where subsequent rats with fleas infected with bubonic plague have go to.

Net net: It’s great to read so many words about a misstep and not have signals that the issue is understood, not even by the Gray Lady herself.

Stephen E Arnold, January 6, 2020

Telecom Security: An Oxymoron?

Two ideas: First, an unanticipated suggestion for bad actors and a reminder that the telco pros at AT&T are more like the New York Jets than the A team at the old AT&T IBM facility in Piscataway.

I read “Nashville Bombing Froze Wireless Communications, Exposed Achilles’ Heel’ in Regional Network.” USA Today is not my go to source for high technology information. One of my research team was a technology columnist, and I recall his comments about those who reviewed his write ups. Those mentioned at lunch were different from the topics my team and I discussed. Remember those Dummy books from some rolling-in-dough dead tree publisher. My recollection is that the technology write ups were simpler, edited by the estimable Gannett to TV Digest readability. It seems that USA Today pushed its content barriers with this USA Today write up about the Nashville incident included some information of use to bad actors. Here are a couple of examples:

• An injury to one’s Achilles’ heel means crippling. To a pro football player like AT&T, that’s not good.
• Single-point-of-failure. For a professional telecom like AT&T, this means zero effective redundancy, fail over, or smart route arounds. (Was the pre Judge Green AT&T built this way?)
• Three feet of water pooled where the back up generators lived. Water and generators, water and batteries – quite a one-two combo like an ailing quarterback and an ineffective but expensive offensive line.

Okay, enough already.

What do these factoids say to a person struggling for an idea to impair a major US telco? Maybe six RVs at regional centers conveniently located near fiber rich interstates? What about pulling a Quinn in front of Nashville-type facilities simultaneously with a half dozen cheap RVs?

Sound like a working idea?

The USA Today makes the idea more appealing with the statement from an AT&T professional:

Our systems are not redundant enough.

No kidding. Is it necessary, dear Gannett, to provide a roadmap for bad actors? Let’s hope the write ups in USA Today are not crafted with an eye toward readers who are looking for info between the lines. That takes more thought than making something simple.

And for the pros at the AT&T practice field, why not up your game. Less direct marketing of a failing TV venture and more of the old fashioned Ma Bell?

Stephen E Arnold, January 4, 2020

Microsoft: Information Released Like a Gentle Solar Wind

I read the New Year’s Eve missive from Microsoft, a company which tries to be “transparent, “Microsoft Internal Solorigate Investigation Update.” I am not sure, but I think the Microsoft Word spell checker does not know that SolarWinds is not spelled Solarigate. Maybe Microsoft is writing about some other security breach or prefers a neologism to end the fine year 2020?

Here’s a passage I found interesting:

Our investigation has, however, revealed attempted activities beyond just the presence of malicious SolarWinds code in our environment. This activity has not put at risk the security of our services or any customer data, but we want to be transparent and share what we’re learning as we combat what we believe is a very sophisticated nation-state actor. We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated. [Bold added to highlight intriguing statements]

To me, an old person who lives in rural Kentucky, it sure sounds as if Microsoft is downplaying:

• Malicious code within Microsoft’s systems
• The code performed “unusual activity” whatever this actually means I don’t know
• The malicious code made it to MSFT source code repositories
• Whatever happened has allegedly been fixed up.

What’s that unknown unknowns idea? Microsoft may be writing as if there are no unknown unknowns related to the SolarWinds misstep.

If you want more timely Solarigate misstep info, here’s what Microsoft suggests as a New Year’s Eve diversion:

For the up-to-date information and guidance, please visit our resource center at https://aka.ms/solorigate.

Stephen E Arnold, December 31, 2020

DarkCyber for December 29, 2020, Is Now Available

DarkCyber for December 29, 2020, is now available on YouTube at this link or on the Beyond Search blog at this link. This week’s program includes seven stories. These are:

A Chinese consulting firm publishes a report about the low profile companies indexing the Dark Web. The report is about 114 pages long and does not include Chinese companies engaged in this business.

A Dark Web site easily accessible with a standard Internet browser promises something that DarkCyber finds difficult to believe. The Web site contains what are called “always” links to Dark Web sites; that is, those with Dot Onion addresses.

Some pundits have criticized the FBI and Interpol for their alleged failure to take down Jokerstash. This Dark Web site sells access to “live” credit cards and other financial data. Among those suggesting that the two law enforcement organizations are falling short of the mark are four cyber security firms. DarkCyber explains one reason for this alleged failure.

NSO Group, a specialized services company, has been identified as the company providing technology to “operators” surveilling dozens of Al Jazeera journalists. DarkCyber points out that a commercial firm is not in a position to approve or disapprove the use of its technology by the countries which license the Pegasus platform.

Facebook has escalated its dispute with Apple regarding tracking. Now the social media company has alleged that contractors to the French military are using Facebook in Africa via false accounts. What’s interesting is that Russia is allegedly engaged in a disinformation campaign in Africa as well.

The drone news this week contaisn two DJI items. DJI is one of the world’s largest vendors of consumer and commercial drones. The US government has told DJI that it may no longer sell its drones in the US. DJI products remain available in the US. DJI drones have been equipped with flame throwers to destroy wasp nests. The flame throwing drones appear formidable.

DarkCyber is a twice a month video news program reporting on the Dark Web, lesser known Internet services, and cyber crime. The program is produced by Stephen E Arnold and does not accept advertising or sponsorships.

Kenny Toth, December 29, 2020

Shopify: Going with the Flow

I read “Thousands of Fraudsters Are Selling via Shopify, Analysis Finds.” I know Shopify has been a must mention platform by one of the New Age broadcast stars, or I think it is podcast stars now. Other than that hype hose, I know zero about the company. In the write up, I spotted an interesting factoid. If the datum is accurate, I have learned a great deal about the governance of the firm and its ethical compass. Herewith is the allegedly accurate factoid:

According to the ecommerce authentication service FakeSpot, which analyzed more than 120,000 Shopify sites, as many as 21 per cent posed a risk to shoppers.

Yowza.

Stephen E Arnold, December 22, 2020

A New Year Is Coming: Let Us Confront the New Reality

Nope, not Covid. Nope, not the financial crisis. Nope, not the social discontinuities. Nope, not the big technology monopoly clown show.

What then?

How about security insecurity. Do you like the phrase? I do because it communicates that users of online systems may never know if the system or systems are secure.

One can pretend, what I call security theater, of course.

The new reality is that an actor or actors has slipped in the stage door after driving a delivery van near the security theater and double parked for what may have been months. The individuals do not work according to New York City labor rules. Nope, these actors moved around, ordered takeout, and lounged on the sidewalks. People passing did not notice. You know the New York attitude: We are definitely with it. This is Broadway.

I read “A Hack Foretold.” I was not impressed. The reason is that the original Internet was technology Play-Doh. Who could imagine the parti-colored constructs blobs of red, blue, and yellow could become.

The write up states with the assured naiveté of a thumb typer:

The point is the authorities have known about hacking for a long time. Whole bureaucracies have been established, and presidential directives have been promulgated, to enhance cybersecurity—and some of their actions have been effective. Still, the contest between cyber offense and -defense is a never-ending race, where the offense has the advantage and, so, the defense must never let up its guard. While security is a lot better than it used to be, vast networks have been left exposed in one way or another, and dedicated hackers who very much want to get inside those networks—and who have the resources of a nation-state—figure out a way.

I want to point out that the cyber security industry has flowered into billions of dollars a year because home economics majors, working with MBAs, constructed a fantasy story about computer security.

Security insecurity is little more than another symptom of efficiency thinking. What can be done to reduce costs and maximize revenue. Oh, so some people lose their jobs in Canton, Illinois, when the John Deere factory goes away. “Tough cookies,” say the efficiency wizards.

We have created a situation in which security insecurity is going to become a digital Covid. I am delighted I am old, retired, and living in a hollow in rural Kentucky. Can you imagine the meetings, the memoranda, the reports, and the self-serving explanations of:

• Cyber security vendors
• Smart software which acts like an antibody to protect a system
• Individual security experts who did the “good enough” work to spoof the clueless lawyers, accountants, bureaucrats, and MBAs who manage technology operations
• Consultants like those who populate LinkedIn and BrightTALK with lectures about security
• Experts who assert that monitoring the Dark Web, Facebook, and chat provide an early warning of actions to come.

I could go on and toss in security appliance vendors, university professors who convert a clever workaround into a peer reviewed paper for IEEE or ACM, and former bad actors who see the light and become trusted advisors after serving jail time.

The New Reality is that I am not sure how one goes about determining the priorities for figuring out what was compromised, determining what other vulnerabilities have been installed, and bring up systems which do not have the charming characteristics of specialized software firms which have code that hides itself so that it can happily reinstall itself.

I spoke with a former CIA professional twice in the last 48 hours. He asked me, “What do I recommend to remediate the problem?” My answer was, “Investigate.”

The actors lounging in front of the security theater are not chatterboxes, and I have seen zero verifiable evidence that defines the timing, scope, and actions of these actors. Why guess then? Why look back and say “woulda, coulda, shoulda.” The time to embrace the New Reality is here.

The security theater has to go dark, and we need a new construct. Expensive, time consuming, and difficult for sure. Failure, however, means changes that those wrought by Covid are trivial. Thumb typers, are you confident your online activities are secure? In deference to the holiday season, here’s a modified carol: Deck the halls with boughs of folly, Tra la la, la la la la.

Stephen E Arnold, December 21, 2020

Explaining the 2020 End of Year Cyber Hack of Big, Fat Targets of Opportunity

I know you have heard about the end of year cyber attack. The end of 2020 is a zinger. But what caused the problem? Who is responsible? Which cyber security expert is the one to believe? Beyond Search has located an explanation, courtesy of Lorem Ipsum Anything. We posed these questions to the smart software at this next generation thumb typing site and learned:

Security harm resilience change others Beneficiaries food security persons groups objects. Institutions ecosystems entity referent security freedom change forces resilience example. Absence good want presence phenomenon range protection senses foundations secrecy. damage term purpose systems acts guarding security systems security guard security forces security companies. Security cameras e.g. state of mind telephone line containment room cell.

Makes the uptown explanations from assorted experts wishing they could have explained the cyber kick in the ribs as well. Yep, 2020 is year to remember. “Absence good want presence.”

Well said.

Stephen E Arnold, December 18, 2020

Security Vendors: Despite Marketing Claims for Smart Software Knee Jerk Response Is the Name of the Game

Update 3, December 16, 2020 at 1005 am US Eastern, the White House has activate its cyber emergency response protocol. Source: “White House Quietly Activates Cyber Emergency Response” at Cyberscoop.com. The directive is located at this link and verified at 1009 am US Eastern as online.

Update 2, December 16, 2020 at 1002 am US Eastern. The Department of Treasury has been identified as a entity compromised by the SolarWinds’ misstep. Source: US “Treasury, Commerce Depts. Hacked through SolarWinds Compromise” at KrebsonSecurity.com

Update 1, December 16, 2020, at 950 am US Eastern. The SolarWinds’ security misstep may have taken place in 2018. Source: “SolarWinds Leaked FTP Credentials through a Public GitHub Repo “mib-importer” Since 2018” at SaveBreach.com

I talked about security theater in a short interview/conversation with a former CIA professional. The original video of that conversation is here. My use of the term security theater is intended to convey the showmanship that vendors of cyber security software have embraced for the last five years, maybe more. The claims of Dark Web threat intelligence, the efficacy of investigative software with automated data feeds, and Bayesian methods which inoculate a client from bad actors— maybe this is just Madison Avenue gone mad. On the other hand, maybe these products and services don’t work particularly well. Maybe these products and services are anchored in what bad actors did yesterday and are blind to the here and now of dudes and dudettes with clever names?

Evidence of this approach to a spectacular security failure is documented in the estimable Wall Street Journal (hello, Mr. Murdoch) and the former Ziff entity ZDNet. Numerous online publications have reported, commented, and opined about the issue. One outfit with a bit of first hand experience with security challenges (yes, I am thinking about Microsoft) reported “SolarWinds Says Hack Affected 18,000 Customers, Including Two Major Government Agencies.”

One point seems to be sidestepped in the coverage of this “concern.” The corrective measures kicked in after the bad actors had compromised and accessed what may be sensitive data. Just a mere 18,000 customers were affected. Who were these “customers”? The list seems to have been disappeared from the SolarWinds’ Web site and from the Google cache. But Newsweek, an online information service, posted this which may, of course, be horse feathers (sort of like security vendors’ security systems?):

Read more

Security Theatre: Act II of Flimsies or the Security Shibboleth Myth

The election is over. The activities in 2015 and 2016 were Act I. I think we are now in Act II of “Flimsies or the Security Shibboleth Myth.” I am perched happily on a small hill in rural Kentucky. I know zero about the machinations of the giant security outfits and the throbbing US government agencies. I do, however, read some news once in a while; for example, “SolarWinds Orion: More US Government Agencies Hacked.” The main idea is that the cyber breach and theft of pentest tools from FireEye, a prestigious cyber security firm, is very much in the news. The BBC story points out that a number of US government agencies were allegedly breached:

• US Department of Defense (does that include the Defense Intelligence Agency).
• US Department of State (does anyone work there any more?)
• US Department of Homeland Security
• US Department of Treasury (the FinCen folks perhaps?)

A contact told me that the estimable US Department of Commerce was a victim as well.

The main question for me is,

Do these Fancy Dan, often six figure or more cyber security systems work?

Another question:

Are the technologies ranging from Dark Web threat reports to smart software that works like a human immune system real or marketing fluff?

I don’t know the answer to these questions, but I am wondering what Act III will present.

Stephen E Arnold, December 16, 2020

DarkCyber for December 15, 2020, Now Available

The DarkCyber video news program for December 15, 2020, is now available at this link. This week’s program includes:

• Fact or fiction: Work around iCloud security for an iPad
• Germany opens backdoor to one encrypted email system
• The Dark Web and Covid is a thing
• Smart weapons and surgical strikes: The future of war
• NSO Group in the spotlight again
• Current information about beam weapons.

You may also view the program via the embedded player on the Beyond Search Web site at this link. Plus, no begging for dollars and no advertising.

Kenny Toth, December 15, 2020

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Fogint
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • Explaining Graykey: Helpful or Harmful for Law Enforcement?
  • Apple: Another Problem Becoming Evident
  • Early AI Adoption: Some Benefits
  • FOGINT: Security Tools Over Promise & Under Deliver
  • More Googley Human Resource Goodness

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org