Does Security Sell? Will Security Provide Revenue Lift?

June 14, 2018

Years ago Oracle positioned its enterprise search system as more secure than any other information access available at that time. How did that work out? Do you use SES? Why did Oracle buy Endeca, ostensibly an enterprise search system of sorts? What happened to Triple Hop? Artificial Linguistics? The other search systems Oracle has acquired? My hunch is that security did not sell.

Now Apple is betting that its secure Apply phone will cruise along, sucking up the majority of the profits from mobile phones. The company has determined that engineers working for vendors focused on law enforcement and intelligence agencies will no longer be able to use the connection and charging port to hack into a mobile device.

Who knows? Maybe Apple can make security generate big revenue flows and juicy profits?

Apple to Close iPhone Security Hole That Police Use to Crack Devices” explains that Apple will close a “technological loophole.” The move may rekindle the push from some law enforcement and intelligence professionals for a way to unlock bad actors’ iPhones.

Our weekly video DarkCyber described products available from Grayshift and has mentioned Cellebrite in our weekly reports.

Our view is that considerable discussion and legal fireworks will ensue. Compromise? Nope, that’s an approach not too popular in some circles. Are companies governments? Can governments impact how companies do business.

This is a major issue, and the outcome is not as clear as the information about China’s surveillance actions. How has Apple adapted to China’s rules? How is Apple adapting the US laws?

Interesting days ahead.

Stephen E Arnold, June 14, 2018

DarkCyber, May 29, 2018, Now Available

May 29, 2018

Stephen E Arnold’s DarkCyber video news program for Tuesday, May 29, 2018, is now available.

This week’s story line up is:

  • The “personality” of a good Web hacker
  • Why lists are replacing free Dark Web search services
  • Where to find a directory of OSINT software
  • A new Dark Web index from a commercial vendor.

You can find this week’s program at either www.arnoldit.com/wordpress or on Vimeo at https://vimeo.com/272088088.

On June 5, 2018, Stephen will be giving two lectures at the Telestrategies ISS conference in Prague. The audiences will consist of intelligence, law enforcement, and security professionals from Europe. A handful of attendees from other countries will be among the attendees.

On Tuesday, June 5, 2018, Stephen will reveal one finding from our analysis of Amazon’s law enforcement, war fighting, and intelligence services initiative.

Because his books have been reused (in several cases without permission) by other analysts, the information about Amazon is available via online or in person presentations.

The DarkCyber team has prepared short video highlighting one research finding. He will include some of the DarkCyber research information in his Prague lectures.

The Amazon-centric video will be available on Tuesday, June 5, 2018. After viewing the video, if you want the details of his for fee lecture, write him at darkcyber333@yandex dot com. Please, put “Amazon” in the subject line.

Several on the DarkCyber team believe that most people will dismiss Stephen’s analysis of Amazon. The reason is that people buy T shirts, books, and videos from the company. However, the DarkCyber research team has identified facts which suggest a major new revenue play from the one time bookseller.

Just as Stephen’s analyses of Google in 2006 altered how some Wall Street professionals viewed Google, his work on Amazon is equally significant. Remember those rumors about Alexa recording what it “hears”? Now think of Amazon’s services/products as pieces in a mosaic.

The picture is fascinating and it has significant financial implications as well.

Enjoy today’s program at this link.

Kenny Toth, May 29, 2018

Plan a Hike or an Attack: Piece of Cake Now

May 26, 2018

Forget the utility of the procedure for outdoor hikers described in “Plot a Hike on Google Earth.” My first thought was, “What a Mother’s Little Helper” for those involved in military orienteering. I particularly liked the use of Strava, an application with data of some value to those eager to locate certain types of behavior patterns inadvertently created by joggers. I also liked the bouncing between a desktop / laptop computer and mobile devices. No problem for personnel operating from a semi fixed base station. Finally, the “fly around” functionality is helpful. My problem with these capabilities is that they are available to anyone. My personal view is that certain types of technology applications can be put to what I would describe as questionable uses. Why go through the hassle of joining the military or law enforcement, cope with the rigors of FLETC and other training program, and sharpen one’s skills in the field. Take a short cut and put the capabilities in whatever context one wants. Sorry. Too much information.

Stephen E Arnold, May 26, 2018

DarkCyber for April 24, 2018, Now Available

April 24, 2018

DarkCyber for April 124, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/266003727 .

Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.

This week’s lead story focuses on universities as unwitting accomplices for student cyber criminals. Five students at Manchester University began selling drugs via SilkRoad. The students “graduated” to their own brand and branched out. Before UK law enforcement shut down the students’ operation, more than 6,000 drug sales were completed. Plus, university computer systems have become targets for malicious crypto currency mining operations. A student can take classes in computer science and be up and scamming quickly.

Stephen E Arnold, producer of DarkCyber and author of “CyberOSINT: Next Generation Information Access” said: “The combination of easy access to high-value information about programming and computer systems plus the lure of easy money can turn a good student into a good criminal. Universities, despite their effort to implement more robust security, are targets for bad actors. Students can operate Dark Web businesses from their campus residence. Outsiders can exploit the institution’s computer system in order to install crypto currency mining software. At this time, colleges and universities are in a cat and mouse game with high stakes and stiff penalties for students, administrators, and school security professionals.”

DarkCyber revisits the security of virtual private networks. This week’s program answers a viewer’s question about improving the security of a VPN. In addition to changing the ports the VPN uses, DarkCyber points out that a tech savvy individual can operate his or her own VPN or use additional specialized software to shore up the often leaky security many VPN services provide.

Vendors of “policeware” are generally unknown to most tech professionals. DarkCyber highlights a new, UK based company doing business as Grey Heron. The company offers a range of cyber security services. The firm’s staff appears to include individuals once affiliated with the Hacking Team, another policeware vendor which found itself the victim of a cyber attack two years ago. If Gray Heron taps the Hacking Team’s technical talent, the firm may make an impact in this little known sector of the software market.

The final story in DarkCyber for April 24, 2018, highlights several findings from a study sponsored by Bromium, a cyber security company. The researchers at a UK university gathered data which provide some surprising and interesting information about the Dark Web. For example, the new report asserts that more than $200 billion is laundered on the Dark Web in a single year. If true, these newly revealed research data provide hard metrics about the role of digital currency in today’s online economy.

Beginning in May 2018, coverage of the Dark Web and related subjects will be increased within Beyond Search.

Kenny Toth, April 24, 2018

DarkCyber Profiles the Grayshift iPhone Unlocking Appliance

April 5, 2018

DarkCyber has released a special video report about Grayshift’s iPhone unlocking device for law enforcement forensics professionals. The GrayKey device unlocks most iPhones quickly and without the need to ship the suspect’s mobile phone off site.

The video is available on Vimeo at https://vimeo.com/262858305.

The video covers the pricing for the iPhone unlocker and its key features. Plus, the video product overview identifies the challenges that Grayshift will have to overcome if it wants to become the preferred provider of plug-and-unlock iPhone devices.

Stephen E Arnold said, “Grayshift’s GrayKey is important because it offers an easy-to-use iPhone unlocking system. Four digit passcode protected devices can be unlocked in two to three hours. Apple mobiles with six digit passcodes can be unlocked in two to three days. The device can be used in a mobile forensics lab and costs a fraction of some competitive solutions. GrayKey looks like the right product at the right time and at the right price.”

DarkCyber is a weekly video new program for law enforcement, intelligence, and security professionals. The special report series will focus on a single product, service, or technical innovation.

This is a special report in his CyberOSINT Tools series. These special reports will be issued when notable products, services, or technologies become available to law enforcement and intelligence professionals.

Stephen E Arnold is the author of “Dark Web Notebook” and “CyberOSINT: Next Generation Information Access.” He has been named as a technology adviser to the UK based Judicial Commission of Inquiry into Human Trafficking and Child Sex Abuse.” Mr. Arnold also lectures to law enforcement and intelligence professionals attending the Telestrategies ISS conferences in Prague, Washington, DC, and Panama City, Panama. In recent months, he has shared his research with law enforcement and intelligence professionals in the US and Europe. His most recent lectures focus on deanonymizing chat and digital currency transactions. One hour and full day programs are available via webinars and on-site presentations.

Kenny Toth, April 5, 2018

AI Will Be 2018s Biggest Tech Topic

February 20, 2018

Seems like some algorithm should have predicted this a long time ago, but our best bet is that AI leads the way in most important tech topics of the new year. We are not alone. Datanami recently penned an article, “What Will AI Bring in 2018? Experts Sound Off.”

According to the story:

Artificial intelligence and machine learning are often misunderstood and misused terms. Many startups and larger technology companies attempt to boost their appeal by forcing an association with these phrases. Well, the buzz will have to stop in 2018…This will be the year we begin to demand substance to justify claims of anything that’s capable of using data to predict any outcome of any relevance for business, IT or security. While 2018 will not be the year when AI capabilities mature to match human skills and capacity, AI using machine learning will increasingly help organizations make decisions on massive amounts of data that otherwise would be difficult for us to make sense of.

This comes as no surprise to us. AI has been cracking mysteries left and right lately and is finally getting down to seriously important work. Take, for example, how AI is helping solve the opioid crisis. AI will be 2018’s big story and it couldn’t come at a better time for us.

Patrick Roland, February 20, 2018

A BitCoin Crackdown Will Not Stop The Flood

February 19, 2018

Bitcoin’s rocketing value has put a spotlight on this intentionally shadowy money system. Now, with all that attention governments are starting to crack down. However, we don’t think that’ll help. We were tipped off to this trend from a recent BitCoinIst story, “AUSTRALIAN BANKS REPORTEDLY FREEZING THE ACCOUNTS OF BITCOIN USERS.”

According to the story:

The Australian banks which have been accused of freezing accounts of Bitcoin users have been listed as the National Australia Bank, ANZ, Commonwealth Bank of Australia, and Westpac Banking Corporation. The claim was made in a tweet saying that user activity associated with certain websites (BTC Markets, CoinSpot Australia, CoinJar, and Coinbase) have been affected as triggering suspicious activity on Australian users’ bank accounts.

 

Should your bank refuse to make a payment of your money, then you are rendered powerless to access your own money. The banks’ heavy handedness in this regard only gives further fuel to those proponents of decentralized money that lie outside of institutional control, such as Bitcoin and the rest of cryptocurrency. That Australian banks are still not providing fail-safes to their customers when they fall foul of unspecified account flagging is not portraying the country’s banks in a positive manner at all.

While it is worth applauding Australia’s attempt at stopping criminal activity this way, it’s only part of the oldest story in the book. As soon as someone solves a problem, two new ones crop up. Those being new cryptocurrencies, like Monero, which criminals are beginning to flock to. Fat chance stopping this flood of trouble.

Patrick Roland, February 19, 2018

Apple and Its Snowden Moment

February 14, 2018

I don’t pay much attention to the antics of Apple, its employees, or its helpers. I did note this story in Boy Genius Report: “We Now Know Why an Apple Employee Decided to Leak Secret iPhone Code.” My take is that the trigger was a bit of the high school science club mentality and the confusion of what is straight and true with the odd ball ethos of clever, young tech wizards.

The cat is out of the bag. Removing content from Github does not solve the problem of digital information’s easy copy feature.

How will Apple handle its Snowden moment? Will the leaker flee to a friendly computing nation state like Google or Microsoft? Will the Apple iPhone code idealist hole up in a Motel 6 at SFO until the powers that be can debrief him and move him to a safe cubicle?

I think the episode suggests that insider threats are a challenge in today’s online environment. With the report that security service providers are suffering from false positives, the reality of protecting secrets is a bit different from the fog of assumption that some have about their next generation systems. I call it the “illusion of security.”

Reality is what one makes it, right?

Stephen E Arnold, February 14, 2018

 The Future of Social Media is Old School

February 8, 2018

Before social media, the only way to express yourself online was via a mostly anonymous series of blogs and sites that were impossible to go viral because virality didn’t exist. Oddly, some bright minds are going back to this method with txt.fyi, a platform where you can post anything you want without it going to search engines. This old-fashioned message board was examined in a recent Wired article, “This Stripped-Down Blogging Tool Exemplifies Antisocial Media.”

I wanted something where people could publish their thoughts without any false game of social manipulation, one-upmanship, and favor-trading,” he says. This is what I found so interesting about his creation. Its antivirality doesn’t necessarily prevent a post from becoming wildly popular. (A txt.fyi URL shared on, say, Facebook could perhaps go viral.) But its design favors messages to someone, not everyone.

 

[The inventor] discovered someone using txt.fyi to write letters to a deceased relative. It was touching and weirdly human, precisely the sort of unconventional expression we used to see a lot more of online. But today we sand down those rough edges, those barbaric yawps, in the quest for social spread. Even if you don’t want to share something, Medium or Tumblr or Snapchat tries to make you. They have the will to virality baked in.

This is a neat idea and might have a longer shelf life than you’d think. That’s because we are firm believers that every good idea on the internet gets retooled for awfulness. (Reddit, anyone?) This quasi-dark web blogging approach is almost certain to be used for nefarious purposes and will become a tool for hate speech and crime.

Patrick Roland, February 8, 2018

OpenText Wants to Be the Big Dog in Cyber Security

February 4, 2018

My wife and I rescued a French bull dog. We also have a boxer, which is three times the size of the rescued canine. The rescued canine thinks he is a bull mastiff. We believe that the French bull dog has a perception problem.

Image result for french bulldog compared to boxer

Here’s a quote from “OpenText Enfuse 2018 To Showcase The Future of Cybersecurity and Digital Investigations”:

OpenText’s industry leading digital investigation, forensic security and data risk management solutions are defining the future of cybersecurity, digital investigations and e-Discovery, and serve to extend the security capabilities of OpenText’s leading information management platform.”

I noticed this statement at the bottom of the “real” news story:

Certain statements in this press release may contain words considered forward-looking statements or information under applicable securities laws.

I think our French bull dog might say something like this when he tries to impose his will on Max, our large, strong, aggressive boxer.

In the cyber marketplace, will IBM i2 roll over and play dead? Will Palantir Technologies whimper and scamper back to Philz Coffee? Will the UAE vendor DarkMatter get into the pizza business? Will the Google and In-Q-Tel funded Recorded Future decide that real estate development is where the action is?

Forward looking? Yeah, no kidding.

Stephen E Arnold, February 4, 2018

Next Page »

  • Archives

  • Recent Posts

  • Meta