• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

Amazon: Lobbying Is a Component of the Model Of Course

Small news item from the trusted source Thomson Reuters. The title of the item is “Amazon Wages Secret War on Americans’ Privacy, Documents Show.” What’s interesting is that the trusted outfit has tapped into Amazon “internal documents.” These content objects reveal to the intrepid trusted real news folks that

“Amazon.com has killed or undermined privacy protections in more than three dozen bills across 25 states, as the e-commerce giant amassed a lucrative trove of personal data on millions of American consumers.”

In my lectures about this online bookstore I described some of Amazon’s public documents about its data wrangling, data stores, and data analytics capabilities. Sure, my lectures were directed at law enforcement and intelligence professionals.

How can an old person like myself using open source intelligence capture the scope, capabilities, and functionality of Amazon’s capabilities without resorting to the use of company confidential information.

If a person were to reveal company confidential information about Thomson Reuters or any of its subsidiaries, how might the Thomson Reuters “trust” brigade react to this situation?

I am no cheerleader for Amazon. I have been critical of leakers, including the cutesy Edward Snowden person.

Lobbying is an established component of many business organizations processes. Let’s think about big pharma, shall we? No, let’s not. What about those Beltway Bandits? No, let’s not.

“Trust” is an interesting concept, and I am disappointed that sensationalism and confidential information is what helps define “trust.”

Yep, real journalism. Why not rely more on open source information and good old fashioned analysis, interviews, and research? Is “too good to pass up” a factor? Blocking and tackling, right?

Stephen E Arnold, November 23, 2021

Gmail: Is It a Go To Platform for Bad Actors?

“91% of All Bait Attacks Conducted over Gmail” is a report. Like many other cyber security related studies, the information is shaped to send a shiver of fear through the reader. Now is the assertion “all” accurate? Categorical affirmatives appear to make the writer appear confident in the data presented. The phrase “bait attack” sounds like insider speak. What’s the write up present? Here’s a passage I found interesting:

Researchers from Barracuda analyzed bait attack patterns in September 2021 from 10,500 organizations.

Where are the findings; specifically, the information about “bait attacks”?

The answer is, “Not in the article.” The write up points the reader to a link for a study conducted by Barracuda. If you want to read that report in its marketing home, navigate here. Then accept cookies. You will see that the examples are indeed email. The connection to Google is that the service is popular. It makes sense that bad actors would use a large email system as a convenient method of reaching individuals, obtaining information about valid and invalid email accounts, and other sorts of mischief.

What’s the fix? Put the onus on Goggle? Nah. Buy a Barracuda product? But if the cyber defense system worked, wouldn’t the method become less effective. Organizations would license the solution in droves. Has that happened?

Well, the attacks are widespread, according to the research. Google apparently is not able to manage the messages. The user remains an unwitting target.

So what’s the fix?

My thought is that Gmail accounts have to be verified. Cyber security companies should publish reports that reveal significant payoffs from their methods. Users should be smarter, more willing to keep their email address under wraps, and better at security.

Right now, none of these actions and attitudes are happening. What is happening is content marketing and jargon.

Some companies are quite good at talk. Cyber security solutions? That’s another story. I love that “all” approach too.

Stephen E Arnold, November 22, 20201

An Example of Modern Moral Responsibility Avoidance

Virtual Private Networks (VPNs) are supposed to be one of the  Surfside condo’s garage pillars of network security. In reality, however, it all depends on the VPN provider. We learn about one cryptic hack from Tech.co’s piece, “Researchers Uncover Mystery Data Breach of 300 Million VPN Records.” Writer Jack Turner explains:

“Security firm Comparitech claims to have discovered an exposed database in early October, which held over 100GB of data and 300 million records, in various forms. Within the data that was compromised were 45 million user records that included email addresses, encrypted passwords, full name and username; 281 million user device records including IP address, county code, device and user ID; and 6 million purchase records including the product purchased and receipts. All in all, it represents a motherlode of data that could conceivably be used for nefarious purposes, including phishing campaigns, should it fall into the wrong hands. While the database was closed within a week of Comparitech discovering it, the data it contained has apparently been made public.”

Not good. But what makes this case so mysterious? The VPN provider ActMobile Networks, which operates a number of VPN brands, denies even maintaining any databases. However, we learn:

“According to Comparitech, if the data didn’t come from ActMobile, it came from someone trying very hard to impersonate them. The SSL certificate of the compromised server shows it belonging to actmobile.com, the WHOIS record for the IP address where the data was located is listed as being owned by ActMobile Networks, and the database held several references to ActMobile’s VPN brands.”

Hmm. Turner emphasizes it is important to choose a VPN that indeed does not maintain logs, though they may cost a little more. See the article for Tech.co’s top nine recommendations.

And moral responsibility. Hey, these are zeros and ones, not fuzzy stuff.

Cynthia Murrell November 22, 2021

Heads Up, Dark Overlord: Annoying the FBI May Not Be a Great Idea

Well this is embarrassing. The New York Post reports, “FBI Server Hacked, Spam Emails Sent to Over 100,000 People.” Writer Patrick Reilly tells us:

“The FBI’s email server was apparently hacked on Friday night to send threatening spam emails to over 100,000 people, the agency said. Authorities have not determined the sender or motive behind the rambling, incoherent emails, filled with technological nonsense. The emails warned receivers that their information may be under attack by Vinny Troia, famous hacker and owner of cybersecurity company Night Lion Security, in connection with notorious cybersecurity group TheDarkOverlord. The FBI confirmed the incident on Saturday, but said the hacked systems were ‘taken offline quickly,’ after it had been reported. ‘The FBI and CISA are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account,’ the agency said in a statement. ‘This is an ongoing situation and we are not able to provide any additional information at this time. The impacted hardware was taken offline quickly upon discovery of the issue. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity ic3.gov or cisa.gov.’”

First reported by European nonprofit the Spamhaus Project, the emails came from an FBI server. Readers may recall TheDarkOverlord stole Netflix videos in 2017 and released them online as torrents after the streaming platform refused to pay the ransom. A year before that, the same outfit stole patient information (though, thankfully, not medical records) from three medical databases. Those groups also refused to give in to demands, so the hacker(s) sold the data from hundreds of thousands of patients on the Dark Web. If this attack is indeed the work of TheDarkOverlord, we wonder what the outfit expects will happen when annoying a quite capable entity. I have an anecdote for my lectures. That’s a plus for me.

Cynthia Murrell November 19, 2021

About Microsoft Exchange Security?

I spotted “Microsoft urges Exchange Admins to Patch Their On-Prem Servers Now.” I like the “now.” I interpret this suggestion to mean, “Well, our much hyped security enhancements… are sort of not enough.”

The write up asserts:

[“November 2021 Exchange Server Security Updates” goes on to add that the bug only impacts on-premise Microsoft Exchange servers, including those used by customers in Exchange Hybrid mode.

With Microsoft telemetry, smart updates, and remote access controls to Microsoft systems — why are licensees hanging in the digital wind?

Net net: This type of “bulletin” is catnip to bad actors. Perhaps it is too expensive to do more than issue PR about security.

Stephen E Arnold, November 12, 2021

Who Remembers Palantir or Anduril? Maybe Peter Thiel?

Despite sci-fi stoked fears about artificial general intelligences (AGI) taking over the world, CNBC reports, “Palantir’s Peter Thiel Thinks People Should Be Concerned About Surveillance AI.” Theil, co-founder of Palantir and investor in drone-maker Anduril, is certainly in the position to know what he is talking about. The influential venture capitalist made the remarks at a recent event in Miami. Writer Sam Shead reports:

“Tech billionaire Peter Thiel believes that people should be more worried about ‘surveillance AI’ rather than artificial general intelligences, which are hypothetical AI systems with superhuman abilities. … Those that are worried about AGI aren’t actually ‘paying attention to the thing that really matters,’ Thiel said, adding that governments will use AI-powered facial recognition technology to control people. His comments come three years after Bloomberg reported that ‘Palantir knows everything about you.’ Thiel has also invested in facial recognition company Clearview AI and surveillance start-up Anduril. Palantir, which has a market value of $48 billion, has developed data trawling technology that intelligence agencies and governments use for surveillance and to spot suspicious patterns in public and private databases. Customers reportedly include the CIA, FBI, and the U.S. Army. AGI, depicted in a negative light in sci-fi movies such as ‘The Terminator’ and ‘Ex Machina,’ is being pursued by companies like DeepMind, which Thiel invested in before it was acquired by Google. Depending on who you ask, the timescale for reaching AGI ranges from a few years, to a few decades, to a few hundred years, to never.”

Yes, enthusiasm for AGI has waned as folks accept that success, if attainable at all, is a long way off. Meanwhile, Thiel is now very interested in crypto currencies. For the famously libertarian mogul, that technology helps pave the way for his vision of the future: a decentralized world. That is an interesting position for a friend of law enforcement.

Cynthia Murrell, November 4, 2021

Encouragement for Bad Actors: Plenty of Targets Guaranteed

If the information in the Silicon Valley-esque business news service Venture Beat is accurate, 2022 is going to be a good year for bad actors. “Report: 55% of Execs Say That SolarWinds Hack Hasn’t Affected Software Purchases.” Now “purchase” is a misleading word. Vendors like users to subscribe, so the revenue projections are less fraught. Subscriptions can be tough to terminate, and paying that bill is like a bad habit, easy to fall into, tough to get out of.

The article states:

According to a recent study by Venalfi, more than half of executives (55%) with responsibility for both security and software development reported that the SolarWinds hack has had little or no impact on the concerns they consider when purchasing software products for their company. Additionally, 69% say their company has not increased the number of security questions they are asking software providers about the processes used to assure software security and verify code.

This statement translates to status quo-ism.

The Microsoft products are targets because Microsoft’s yummy software is widely used and is like a 1980s Toys-R-Us filled with new Teddy bears, battery powered trucks, and role-model dolls.

What’s the fix for escalating cyber attacks? Different business policies and more rigorous security procedures.

To sum up, a potentially big year for bad actors, some of whom practice their craft from prison with a contraband smartphone. The Fancy Bear types will be dancing and some of the APT kids will be wallowing in endless chocolate cake.

Digitally speaking, of course.

Stephen E Arnold, November 2, 2021

DarkCyber for November 2, 2021: Spies, Secrets, AI, and a Robot Dog with a Gun

The DarkCyber for November 2, 2021 is now available at this link. This program includes six cyber “bites”. These are short items about spies who hide secrets in peanut butter sandwiches, a drug lord who required 500 troops and 22 helicopters to arrest, where to get the Pandora Papers, a once classified document about autonomous killing policies, a US government Web site described as invasive, and a report about the National Security Agency’s contributions to computer science.

The feature in the cyber news program is a look at the Allen Institute’s Ask Delphi system. The smart software serves up answers to ethical questions. The outputs are interesting and provide an indication of the issues that bright AI engineers will have to address.

The final story provides information about a robot dog. The digital canine is equipped with a weapon which fires a cartridge the size of a hot dog at the World Series snack shop. That’s interesting information, but the “killer” feature is that the robot is its own master. Watch DarkCyber to learn the trick this machine can perform.

DarkCyber is produced by Stephen E Arnold. The video contains no advertising and the stories are not subsidized. The video is available at www.arnoldit.com/wordpress or at https://youtu.be/Y24vJetf5eY.

Kenny Toth, November 2, 2021

British Cyber Boss Nails Why Ransomware Is a Growth Business

I spotted “Ransomware Has Proliferated Because It’s Largely Uncontested, Says GCHQ Boss.” The statement is accurate but the word “uncontested” may have a nuance not hitting the radar of some of the cyber wizards residing in Harrod’s Creek, Kentucky.

“Uncontested” means a bunch of cyber sailboats are floating around with their commanders thinking about a grilled chicken.

The write up says:

we have up until quite recently left a lot of this playing space to those criminal actors in effect to proliferate and to make a lot of money.

Stated in the lingo of Harrod’s Creek, I think the head of the British version of the National Security Agency means coordinated, aggressive action is needed on a consistent, sustained basis.

Will this ideal be achieved? The write up provides one view:

There’s suspicion in the US that Russia turns a blind eye to ransomware gangs operating in its territory. Following the ransomware attack on Colonial Pipeline last year, Biden said he warned Russian President Vladimir Putin that critical infrastructure should be off limits.

Stephen E Arnold, October 29, 2021

SolarWinds: Three Is Allegedly Better Than One

Most organizations have one, generally semi-organized development approach. “SolarWinds’ CEO Wants To Give The Hackers Who Attacked It A Headache By Massively Multiplying Code” reports that the poster child for putting malware in a software distribution system has a way to thwart the 1,000 programmers bent on doing bad things to good American software.

And the solution? Forbes, the capitalist tool, reveals:

But arguably the biggest change—and the one that’s most likely to attract the attention of other CEOs and technology leaders—is his [Sudhakar Ramakrishna, the new SolarWinds CEO] decision to create three separate software development pipelines rather than the single one SolarWinds had before.

In bad actor land, one attack surface is okay. Three attack surfaces are, I suppose, more okay. SolarWinds begs to disagree.

The idea is that “hackers now have to break into multiple systems rather than a monolithic development pipeline.”

I did an analysis of the SolarWinds’ misstep for a financial outfit. A couple of members of my research team kept pressing me to emphasize that the breach may have been facilitated by an insider or by someone hired by a front company for a bad actor who had experience working in the SolarWinds’ digital vineyard. I mentioned the possibility and referenced several recruitment sites which say they can provide part-timers with experience in major enterprise software systems.

My question, “If the insider or the part time wizard is involved, maybe three development pipelines won’t work?” The possibility exists.

Stephen E Arnold, October 29, 2021

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Fogint
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month April 2025 March 2025 February 2025 January 2025 December 2024 November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • Errors? AI Makes Accuracy Irrelevant
  • Bye-Bye Newsletters, Hello AI Marketing Emails
  • Management? Never Been Easier
  • Telegram Lecture at TechnoSecurity & Digital Forensics on June 4, 2025
  • Looking Busy, While Slacking

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org