April 4, 2017
One thing that any company wants is more profit. Companies generate more profit by selling their products and services to more clients. Dataminr wanted to add more clients to their roster and a former Hillary Clinton wanted to use his political connections to get more clients for Dataminr of the foreign variety. The Verge has the scoop on how this happened in, “Leaked Emails Reveal How Dataminr Was Pitched To Foreign Governments.”
Dataminr is a company specializing in analyzing Twitter data and turning it into actionable data sets in real-time. The Clinton aide’s personal company, Beacon Global Strategies, arranged to meet with at least six embassies and pitch Dataminr’s services. All of this came to light when classified emails were leaked to the public on DCLeaks.com:
The leaked emails shed light on the largely unregulated world of international lobbying in Washington, where “strategic advisors,” “consultants,” and lawyers use their US government experience to benefit clients and themselves, while avoiding public scrutiny both at home and overseas.
Beacon isn’t registered to lobby in Washington. The firm reportedly works for defense contractors and cybersecurity companies, but it hasn’t made its client list public, citing non-disclosure agreements. Beacon’s relationship with Dataminr has not been previously reported.
The aide sold Dataminr’s services in a way that suggest they could be used for surveillance. Beacon even described Dataminr as a way to find an individual’s digital footprint. Twitter’s development agreement forbids third parties from selling user data if it will be used for surveillance. But Twitter owns a 5% stake in Dataminr and allows them direct access to their data firehose.
It sounds like some back alley dealing took place. The ultimate goal for the Clinton aide was to make money and possibly funnel that back into his company or get a kickback from Dataminr. It is illegal for a company to act in this manner, says the US Lobbying Disclosure Act, but there are loopholes to skirt around it.
This is once again more proof that while a tool can be used for good, it can also be used in a harmful manner. It begs the question, though, that if people leave their personal information all over the Internet, is it not free for the taking?
Whitney Grace, April 4, 2017
March 21, 2017
Journalist William Langewiesche at Vanity Fair presents the storied career of a hacker-turned-security expert, whom he pseudonymously calls Opsec, in the extensive article, “Welcome to the Dark Net, a Wilderness Where Invisible World Wars are Fought and Hackers Roam Free.” The engaging piece chronicles the rise of the Dark Web alongside Opsec’s cyber adventures, which began when he was but a child in the late ’80s. It also clearly explains how some things work on and around the Dark Web, and defines some jargon. I would recommend this article as a clear and entertaining introduction to the subject, so readers may want to check out the whole thing.
Meanwhile, I found this tidbit about a recent botnet attack interesting. For background, Opsec now works for a large, online entertainment company. Langewiesche describes an intrusion the security expert recently found into that company’s systems:
The Chinese [hacking team] first went into a subcontractor, a global offshore payment processor that handled credit-card transactions, and then, having gained possession of that network, quietly entered the Company through a legitimate back door that had been installed on the Company’s network to administer consumer accounts. The initial breach was a work of art. The Chinese wrote a piece of customized software purely for that job. It was a one-of-a-kind ‘callback dropper,’ a Trojan horse that could be loaded with any of many malware modules, but otherwise stood empty, and regularly checked in with its masters to ask for instructions. Once inside the network, the Chinese were able to move laterally because the Company, for the sake of operational efficiency, had not compartmentalized its network. …
First, using ‘bounce points’ within the network to further obscure their presence, [the hackers] went after the central domain controller, where they acquired their own administrative account, effectively compromising 100 million user names and passwords and gaining the ability to push software packages throughout the network. Second, and more important, the Chinese headed into the network’s ‘build’ system, a part of the network where software changes are compiled and then uploaded to a content-distribution network for the downloading of updates to customers. In that position they acquired the ability to bundle their own software packages and insert them into the regular flow, potentially reaching 70 million personal computers or more. But, for the moment, they did none of that. Instead they installed three empty callback Trojans on three separate network computers and left them standing there to await future instructions. Opsec and his team concluded that the purpose was to lay the groundwork for the rapid construction of a giant botnet.
Opsec suspects the same payment processor vulnerability was exploited at other companies, as well, as part of a plan to launch this giant botnet as part of a global cyber-war. Considering he only caught the attack due to one small error made by the hackers, the discovery is unnerving. Opsec has his ideas on how to fight such a series of attacks, but he is holding off at the behest of his employer. Officially, at least. See the article for more information.
Cynthia Murrell, March 21, 2017
February 23, 2017
Do lawmakers understand how much they do not understand about technology? An article at Roll Call tells us, “Proposed Tech-Export Rules Bashed by Companies, Researchers.” It is perfectly understandable that human-rights organizations have pressed for limits on the spread of surveillance technology and “intrusion software”—a broad term for technology that steals data from computers and mobile devices, including some tools that can hijack hardware. Several Western governments have taken up that banner, imposing restrictions designed to keep this technology out of the hands of bad actors. In fact, 41 nations pledged their commitment to the cause when they signed on to the Wassenarr Arrangement in 2013.
While the intentions behind these restrictions are good, many critics insist that they have some serious unintended side effects for the good guys. Writer Gopal Ratnam reports:
Although such technologies can be used for malicious or offensive purposes, efforts to curb their exports suggests that the regulators didn’t understand the nature of the computer security business, critics say. Unlike embargoes and sanctions, which prohibit dealing with specific countries or individuals, the proposed restrictions would have forced even individual researchers working on computer security to obtain licenses, they say.
Besides, say some, the bad guys are perfectly capable of getting around the restrictions. Eva Galperin, of the nonprofit Electronic Frontier Foundation, insists human rights would be better served by applying pressure generally to repressive regimes, instead of trying to stay ahead of their hackers. Ratnam goes on to discuss specific ways restrictions get in the way of legitimate business, like hampering penetration tests or impeding communication between researchers. See the article for more details.
Cynthia Murrell, February 23, 2017
February 20, 2017
It looks like the NSA is hacking computers around the world by accessing hard-drive firmware, reports Sott in their article, “Russian Researchers Discover NSA Spying and Sabotage Software Hidden in Hard Drives.” We learn that Russian security firm Kaspersky Lab found the sneaky software lurking on hard drives in 30 countries, mostly at government institutions, telecom and energy companies, nuclear research facilities, media outlets, and Islamic activist organizations. Apparently, the vast majority of hard drive brands are vulnerable to the technique. Writer Joseph Menn reports:
According to Kaspersky, the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on. Disk drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up. ‘The hardware will be able to infect the computer over and over,’ lead Kaspersky researcher Costin Raiu said in an interview.
Though the leaders of the still-active espionage campaign could have taken control of thousands of PCs, giving them the ability to steal files or eavesdrop on anything they wanted, the spies were selective and only established full remote control over machines belonging to the most desirable foreign targets, according to Raiu. He said Kaspersky found only a few especially high-value computers with the hard-drive infections.
Kaspersky’s reconstructions of the spying programs show that they could work in disk drives sold by more than a dozen companies, comprising essentially the entire market. They include Western Digital Corp, Seagate Technology Plc, Toshiba Corp, IBM, Micron Technology Inc and Samsung Electronics Co Ltd.”
Kaspersky did not come right out and name the NSA as the source of the spyware, but did connect it to Stuxnet, a known NSA tool. We also learn that a “former NSA employee” confirmed Kaspersky’s analysis, stating these tools are as valuable as Stuxnet.
Menn notes that this news could increase existing resistance to Western technology overseas due to security concerns. Researcher Raiu specifies that whoever created the spyware must have had access to the proprietary source code for the drives’ firmware. While Western Digital, Seagate, and Micron deny knowledge, Toshiba, Samsung, and IBM remain mum on the subject. Navigate to the article to read more details, or to view the four-minute video (scroll down a bit for that.)
Cynthia Murrell, February 20, 2017
February 14, 2017
A feature article on CNN recently provided some background on Dark Web marketplaces. Entitled Inside the illegal online weapons trade, this piece shares the story of Michael Andrew Ryan. Ryan adopted the moniker gunrunner and opened up a gun sales business on the Dark Web while based in a small town in Kansas. Dark Web trading statistics are tough to pinpoint. However, in comparison with other illegal online trading, gun sales on the Dark Web are less than 3% according to a Carnegie Mellon professor and researcher. The author writes,
By the way, it’s entirely legal to buy guns online in the U.S. — although the process is more complicated, depending on various factors. Nonetheless, the ATF said it’s taking enforcement to a new level by creating an Internet Investigations Center aimed at combating illegal online gunrunners. The center includes federal agents, legal counsel and investigators. Their job: track illegal online firearms trafficking and feed intelligence to agents in the field. It’s a gigantic task, which aims to hit a constantly moving target.
While we will not comment on the sensationalizing and dramatizing of the Dark Web through Ryan’s story, we can say found the concluding remarks above to be helpful. This presents a good picture of the interconnectivity between multiple layers of law enforcement. It also hints at a need for technology upgrades in this cybersecurity arena.
Megan Feil, February 14, 2017
January 30, 2017
Apparently, money laundering has become a very complicated endeavor, with tools like Bitcoin “washers” available via the Dark Web. Other methods include trading money for gaming or other virtual currencies and “carding.” ZDNet discusses law enforcement’s efforts to keep up in, “How Machine Learning Can Stop Terrorists from Money Laundering.”
It will not surprise our readers to learn authorities are turning to machine learning to cope with new money laundering methods. Reporter Charlie Osborne cites the CEO of cybersecurity firm ThetaRay, Mark Gazit, when she writes:
By taking advantage of Big Data, machine learning systems can process and analyze vast streams of information in a fraction of the time it would take human operators. When you have millions of financial transactions taking place every day, ML provides a means for automated pattern detection and potentially a higher chance of discovering suspicious activity and blocking it quickly. Gazit believes that through 2017 and beyond, we will begin to rely more on information and analytics technologies which utilize machine learning to monitor transactions and report crime in real time, which is increasingly important if criminals are going to earn less from fraud, and terrorism groups may also feel the pinch as ML cracks down on money laundering.
Of course, criminals will not stop improving their money-laundering game, and authorities will continue to develop tools to thwart them. Just one facet of the cybersecurity arms race.
Cynthia Murrell, January 30, 2017
January 13, 2017
Law enforcement officials use fake social media accounts and online profiles to engage with criminals. Their goal is to deter crime, possibly even catching criminals in the act for a rock solid case. While this happened way back in 2011, the comments are still coming. In light of the recent presidential election and the violent acts of the past year, it is no wonder the comments are still fresh. Tech Dirt talked about how the, “US Military Kicks Off Plan To Fill Social Networks With Fake Sock Puppet Accounts.”
The goal was for a company to develop a software that would allow one person to create and manage various social media profiles (including more than one profile on the same platform). These accounts will then, and we are speculating on this given how dummy accounts have been used in the past, to catch criminals. The article highlights how the government would use the sock puppet accounts:
Apparently a company called Ntrepid has scored the contract and the US military is getting ready to roll out these “sock puppet” online personas. Of course, it insists that all of this is targeting foreign individuals, not anyone in the US. And they promise it’s not even going to be used on US-based social networks like Facebook or Twitter, but does anyone actually believe that’s true?
Then the comments roll in a conversation that a span of five years the commentators argue about what it means to be American, reaffirming that the US government spies on its citizens, and making fun of sock puppets.
Whitney Grace, January 13, 2017
January 13, 2017
The Dark Web continues to be under the microscope. Sophos’ blog, Naked Security, published an article, The Dark Web: Just How Dark Is It? questioning the supposed “dark” motivations of its actors. This piece also attempts to bust myths about the complete anonymity of Tor. There is an entry guard, which knows who the user is, and an exit node, which knows the user’s history and neither of these are easy to avoid. Despite pointing out holes in the much-believed argument full anonymity always exists on Tor, the author makes an effort to showcase “real-world” scenarios for why their average readers may benefit from using Tor:
If you think a web site is legitimate, but you’re not completely sure and would like to “try before you buy,” why not take an incognito look first, shielding your name, your IP number, even your country? If you’re investigating a website that you think has ripped off your intellectual property, why advertise who you are? If you want to know more about unexceptionable topics that it would nevertheless be best to keep private, such as medical issues, lifestyle choices or a new job, why shouldn’t you keep your identity to yourself? Similarly, if you want to offer online services to help people with those very issues, you’d like them to feel confident that you’ll do your best to uphold their privacy and anonymity.
We’re not convinced — but perhaps that is because the article put its foot in its mouth. First, they tell us Tor does not provide full anonymity and then the author attempts to advocate readers use Tor for anonymity. Which is it? More investigation under a different lens may be needed.
Kenny Toth, January 13, 2017
January 5, 2017
It would be quite the understatement to say the Internet had drastically changed the spy business. The evolution comes with its ups and downs, we learn from the article, “CIA Cyber Official Sees Data Flood as Both Godsend and Danger” at the Stars and Stripes. Reporter Nafeesa Syeed cites an interview with Sean Roche, the CIA’s associate deputy director for digital innovation. The article informs us:
A career CIA official, Roche joined the agency’s new Directorate for Digital Innovation, which opened in October, after serving as deputy director for science and technology.[…]
Roche’s division was the first directorate the CIA added in half a century. His responsibilities include updating the agency’s older systems, which aren’t compatible with current technology and in some cases can’t even accommodate encryption. The directorate also combined those handling the agency’s information technology and internet systems with the team that monitors global cyber threats. ‘We get very good insights into what the cyber actors are doing and we stop them before they get to our door,’ Roche said.
Apparently, finding tech talent has not been a problem for the high-profile agency. In fact, Syeed tells us, many agents who had moved on to the IT industry are returning, in senior positions, armed with their cyber experience. Much new talent is also attracted by the idea of CIA caché. Roche also asserts he is working to boost ethnic diversity in the CIA by working with organizations that encourage minorities to pursue work in technical fields. What a good, proactive idea! Perhaps Roche would consider also working with groups that promote gender equity in STEM fields.
In case you are curious, Roche’s list of the top nations threatening our cybersecurity includes Russia, China, Iran, and North Korea. No surprises there.
Cynthia Murrell, January 5, 2017
January 2, 2017
Recently a conference took place about cybersecurity in the enterprise world. In the Computer World article, Offensive hackers should be part of enterprise DNA, the keynote speaker’s address is quoted heavily. CEO of Endgame Nate Fick addressed the audience, which apparently included many offensive hackers, by speaking about his experience in the private sector and in the military. His perspective is shared,
“We need discontinuity in the adoption cure,” Fick said, “but you can’t hack back. Hacking back is stupid, for many reasons not just that it is illegal.” He argued that while it is illegal, laws change. “Remember it used to be illegal to drink a beer in this country, and it was legal for a kid to work in a coal mine,” he said. Beyond the issue of legality, hacking back is, what Fick described as, climbing up the escalatory ladder, which you can’t do successfully unless you have the right tools. The tools and the power or ability to use them legally has historically been granted to the government.
Perhaps looking toward a day where hacking back will not be illegal, Fick explains an alternative course of action. He advocates for stronger defense and clear government policies around cybersecurity that declare what constitutes as a cyberthreat offense. The strategy being that further action on behalf of the attacked would count as defense. We will be keeping our eyes on how long hacking back remains illegal in some jurisdictions.
Megan Feil, January 2, 2017