Amazon: Lobbying Is a Component of the Model Of Course

November 23, 2021

Small news item from the trusted source Thomson Reuters. The title of the item is “Amazon Wages Secret War on Americans’ Privacy, Documents Show.” What’s interesting is that the trusted outfit has tapped into Amazon “internal documents.” These content objects reveal to the intrepid trusted real news folks that

“Amazon.com has killed or undermined privacy protections in more than three dozen bills across 25 states, as the e-commerce giant amassed a lucrative trove of personal data on millions of American consumers.”

In my lectures about this online bookstore I described some of Amazon’s public documents about its data wrangling, data stores, and data analytics capabilities. Sure, my lectures were directed at law enforcement and intelligence professionals.

How can an old person like myself using open source intelligence capture the scope, capabilities, and functionality of Amazon’s capabilities without resorting to the use of company confidential information.

If a person were to reveal company confidential information about Thomson Reuters or any of its subsidiaries, how might the Thomson Reuters “trust” brigade react to this situation?

I am no cheerleader for Amazon. I have been critical of leakers, including the cutesy Edward Snowden person.

Lobbying is an established component of many business organizations processes. Let’s think about big pharma, shall we? No, let’s not. What about those Beltway Bandits? No, let’s not.

“Trust” is an interesting concept, and I am disappointed that sensationalism and confidential information is what helps define “trust.”

Yep, real journalism. Why not rely more on open source information and good old fashioned analysis, interviews, and research? Is “too good to pass up” a factor? Blocking and tackling, right?

Stephen E Arnold, November 23, 2021

Gmail: Is It a Go To Platform for Bad Actors?

November 22, 2021

91% of All Bait Attacks Conducted over Gmail” is a report. Like many other cyber security related studies, the information is shaped to send a shiver of fear through the reader. Now is the assertion “all” accurate? Categorical affirmatives appear to make the writer appear confident in the data presented. The phrase “bait attack” sounds like insider speak. What’s the write up present? Here’s a passage I found interesting:

Researchers from Barracuda analyzed bait attack patterns in September 2021 from 10,500 organizations.

Where are the findings; specifically, the information about “bait attacks”?

The answer is, “Not in the article.” The write up points the reader to a link for a study conducted by Barracuda. If you want to read that report in its marketing home, navigate here. Then accept cookies. You will see that the examples are indeed email. The connection to Google is that the service is popular. It makes sense that bad actors would use a large email system as a convenient method of reaching individuals, obtaining information about valid and invalid email accounts, and other sorts of mischief.

What’s the fix? Put the onus on Goggle? Nah. Buy a Barracuda product? But if the cyber defense system worked, wouldn’t the method become less effective. Organizations would license the solution in droves. Has that happened?

Well, the attacks are widespread, according to the research. Google apparently is not able to manage the messages. The user remains an unwitting target.

So what’s the fix?

My thought is that Gmail accounts have to be verified. Cyber security companies should publish reports that reveal significant payoffs from their methods. Users should be smarter, more willing to keep their email address under wraps, and better at security.

Right now, none of these actions and attitudes are happening. What is happening is content marketing and jargon.

Some companies are quite good at talk. Cyber security solutions? That’s another story. I love that “all” approach too.

Stephen E Arnold, November 22, 20201

An Example of Modern Moral Responsibility Avoidance

November 22, 2021

Virtual Private Networks (VPNs) are supposed to be one of the  Surfside condo’s garage pillars of network security. In reality, however, it all depends on the VPN provider. We learn about one cryptic hack from Tech.co’s piece, “Researchers Uncover Mystery Data Breach of 300 Million VPN Records.” Writer Jack Turner explains:

Security firm Comparitech claims to have discovered an exposed database in early October, which held over 100GB of data and 300 million records, in various forms. Within the data that was compromised were 45 million user records that included email addresses, encrypted passwords, full name and username; 281 million user device records including IP address, county code, device and user ID; and 6 million purchase records including the product purchased and receipts. All in all, it represents a motherlode of data that could conceivably be used for nefarious purposes, including phishing campaigns, should it fall into the wrong hands. While the database was closed within a week of Comparitech discovering it, the data it contained has apparently been made public.”

Not good. But what makes this case so mysterious? The VPN provider ActMobile Networks, which operates a number of VPN brands, denies even maintaining any databases. However, we learn:

“According to Comparitech, if the data didn’t come from ActMobile, it came from someone trying very hard to impersonate them. The SSL certificate of the compromised server shows it belonging to actmobile.com, the WHOIS record for the IP address where the data was located is listed as being owned by ActMobile Networks, and the database held several references to ActMobile’s VPN brands.”

Hmm. Turner emphasizes it is important to choose a VPN that indeed does not maintain logs, though they may cost a little more. See the article for Tech.co’s top nine recommendations.

And moral responsibility. Hey, these are zeros and ones, not fuzzy stuff.

Cynthia Murrell November 22, 2021

Heads Up, Dark Overlord: Annoying the FBI May Not Be a Great Idea

November 19, 2021

Well this is embarrassing. The New York Post reports, “FBI Server Hacked, Spam Emails Sent to Over 100,000 People.” Writer Patrick Reilly tells us:

“The FBI’s email server was apparently hacked on Friday night to send threatening spam emails to over 100,000 people, the agency said. Authorities have not determined the sender or motive behind the rambling, incoherent emails, filled with technological nonsense. The emails warned receivers that their information may be under attack by Vinny Troia, famous hacker and owner of cybersecurity company Night Lion Security, in connection with notorious cybersecurity group TheDarkOverlord. The FBI confirmed the incident on Saturday, but said the hacked systems were ‘taken offline quickly,’ after it had been reported. ‘The FBI and CISA are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account,’ the agency said in a statement. ‘This is an ongoing situation and we are not able to provide any additional information at this time. The impacted hardware was taken offline quickly upon discovery of the issue. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity ic3.gov or cisa.gov.’”

First reported by European nonprofit the Spamhaus Project, the emails came from an FBI server. Readers may recall TheDarkOverlord stole Netflix videos in 2017 and released them online as torrents after the streaming platform refused to pay the ransom. A year before that, the same outfit stole patient information (though, thankfully, not medical records) from three medical databases. Those groups also refused to give in to demands, so the hacker(s) sold the data from hundreds of thousands of patients on the Dark Web. If this attack is indeed the work of TheDarkOverlord, we wonder what the outfit expects will happen when annoying a quite capable entity. I have an anecdote for my lectures. That’s a plus for me.

Cynthia Murrell November 19, 2021

About Microsoft Exchange Security?

November 12, 2021

I spotted “Microsoft urges Exchange Admins to Patch Their On-Prem Servers Now.” I like the “now.” I interpret this suggestion to mean, “Well, our much hyped security enhancements… are sort of not enough.”

The write up asserts:

[“November 2021 Exchange Server Security Updates” goes on to add that the bug only impacts on-premise Microsoft Exchange servers, including those used by customers in Exchange Hybrid mode.

With Microsoft telemetry, smart updates, and remote access controls to Microsoft systems — why are licensees hanging in the digital wind?

Net net: This type of “bulletin” is catnip to bad actors. Perhaps it is too expensive to do more than issue PR about security.

Stephen E Arnold, November 12, 2021

Who Remembers Palantir or Anduril? Maybe Peter Thiel?

November 4, 2021

Despite sci-fi stoked fears about artificial general intelligences (AGI) taking over the world, CNBC reports, “Palantir’s Peter Thiel Thinks People Should Be Concerned About Surveillance AI.” Theil, co-founder of Palantir and investor in drone-maker Anduril, is certainly in the position to know what he is talking about. The influential venture capitalist made the remarks at a recent event in Miami. Writer Sam Shead reports:

“Tech billionaire Peter Thiel believes that people should be more worried about ‘surveillance AI’ rather than artificial general intelligences, which are hypothetical AI systems with superhuman abilities. … Those that are worried about AGI aren’t actually ‘paying attention to the thing that really matters,’ Thiel said, adding that governments will use AI-powered facial recognition technology to control people. His comments come three years after Bloomberg reported that ‘Palantir knows everything about you.’ Thiel has also invested in facial recognition company Clearview AI and surveillance start-up Anduril. Palantir, which has a market value of $48 billion, has developed data trawling technology that intelligence agencies and governments use for surveillance and to spot suspicious patterns in public and private databases. Customers reportedly include the CIA, FBI, and the U.S. Army. AGI, depicted in a negative light in sci-fi movies such as ‘The Terminator’ and ‘Ex Machina,’ is being pursued by companies like DeepMind, which Thiel invested in before it was acquired by Google. Depending on who you ask, the timescale for reaching AGI ranges from a few years, to a few decades, to a few hundred years, to never.”

Yes, enthusiasm for AGI has waned as folks accept that success, if attainable at all, is a long way off. Meanwhile, Thiel is now very interested in crypto currencies. For the famously libertarian mogul, that technology helps pave the way for his vision of the future: a decentralized world. That is an interesting position for a friend of law enforcement.

Cynthia Murrell, November 4, 2021

Encouragement for Bad Actors: Plenty of Targets Guaranteed

November 2, 2021

If the information in the Silicon Valley-esque business news service Venture Beat is accurate, 2022 is going to be a good year for bad actors. “Report: 55% of Execs Say That SolarWinds Hack Hasn’t Affected Software Purchases.” Now “purchase” is a misleading word. Vendors like users to subscribe, so the revenue projections are less fraught. Subscriptions can be tough to terminate, and paying that bill is like a bad habit, easy to fall into, tough to get out of.

The article states:

According to a recent study by Venalfi, more than half of executives (55%) with responsibility for both security and software development reported that the SolarWinds hack has had little or no impact on the concerns they consider when purchasing software products for their company. Additionally, 69% say their company has not increased the number of security questions they are asking software providers about the processes used to assure software security and verify code.

This statement translates to status quo-ism.

The Microsoft products are targets because Microsoft’s yummy software is widely used and is like a 1980s Toys-R-Us filled with new Teddy bears, battery powered trucks, and role-model dolls.

What’s the fix for escalating cyber attacks? Different business policies and more rigorous security procedures.

To sum up, a potentially big year for bad actors, some of whom practice their craft from prison with a contraband smartphone. The Fancy Bear types will be dancing and some of the APT kids will be wallowing in endless chocolate cake.

Digitally speaking, of course.

Stephen E Arnold, November 2, 2021

DarkCyber for November 2, 2021: Spies, Secrets, AI, and a Robot Dog with a Gun

November 2, 2021

The DarkCyber for November 2, 2021 is now available at this link. This program includes six cyber “bites”. These are short items about spies who hide secrets in peanut butter sandwiches, a drug lord who required 500 troops and 22 helicopters to arrest, where to get the Pandora Papers, a once classified document about autonomous killing policies, a US government Web site described as invasive, and a report about the National Security Agency’s contributions to computer science.

The feature in the cyber news program is a look at the Allen Institute’s Ask Delphi system. The smart software serves up answers to ethical questions. The outputs are interesting and provide an indication of the issues that bright AI engineers will have to address.

The final story provides information about a robot dog. The digital canine is equipped with a weapon which fires a cartridge the size of a hot dog at the World Series snack shop. That’s interesting information, but the “killer” feature is that the robot is its own master. Watch DarkCyber to learn the trick this machine can perform.

DarkCyber is produced by Stephen E Arnold. The video contains no advertising and the stories are not subsidized. The video is available at www.arnoldit.com/wordpress or at https://youtu.be/Y24vJetf5eY.

Kenny Toth, November 2, 2021

British Cyber Boss Nails Why Ransomware Is a Growth Business

October 29, 2021

I spotted “Ransomware Has Proliferated Because It’s Largely Uncontested, Says GCHQ Boss.” The statement is accurate but the word “uncontested” may have a nuance not hitting the radar of some of the cyber wizards residing in Harrod’s Creek, Kentucky.

“Uncontested” means a bunch of cyber sailboats are floating around with their commanders thinking about a grilled chicken.

The write up says:

we have up until quite recently left a lot of this playing space to those criminal actors in effect to proliferate and to make a lot of money.

Stated in the lingo of Harrod’s Creek, I think the head of the British version of the National Security Agency means coordinated, aggressive action is needed on a consistent, sustained basis.

Will this ideal be achieved? The write up provides one view:

There’s suspicion in the US that Russia turns a blind eye to ransomware gangs operating in its territory. Following the ransomware attack on Colonial Pipeline last year, Biden said he warned Russian President Vladimir Putin that critical infrastructure should be off limits.

Stephen E Arnold, October 29, 2021

SolarWinds: Three Is Allegedly Better Than One

October 29, 2021

Most organizations have one, generally semi-organized development approach. “SolarWinds’ CEO Wants To Give The Hackers Who Attacked It A Headache By Massively Multiplying Code” reports that the poster child for putting malware in a software distribution system has a way to thwart the 1,000 programmers bent on doing bad things to good American software.

And the solution? Forbes, the capitalist tool, reveals:

But arguably the biggest change—and the one that’s most likely to attract the attention of other CEOs and technology leaders—is his [Sudhakar Ramakrishna, the new SolarWinds CEO] decision to create three separate software development pipelines rather than the single one SolarWinds had before.

In bad actor land, one attack surface is okay. Three attack surfaces are, I suppose, more okay. SolarWinds begs to disagree.

The idea is that “hackers now have to break into multiple systems rather than a monolithic development pipeline.”

I did an analysis of the SolarWinds’ misstep for a financial outfit. A couple of members of my research team kept pressing me to emphasize that the breach may have been facilitated by an insider or by someone hired by a front company for a bad actor who had experience working in the SolarWinds’ digital vineyard. I mentioned the possibility and referenced several recruitment sites which say they can provide part-timers with experience in major enterprise software systems.

My question, “If the insider or the part time wizard is involved, maybe three development pipelines won’t work?” The possibility exists.

Stephen E Arnold, October 29, 2021

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta