DarkCyber for February 9, 2021, Now Available
February 9, 2021
DarkCyber is a twice-a-month video news program about the Dark Web, cyber crime, and lesser known online services. The program is produced by Stephen E Arnold. You can view the program on the Beyond Search blog or on YouTube at this link.
This week’s program features a discussion of Microsoft’s explanation of the SolarWinds’ misstep. The online explanation is a combination of forensic information with an old-fashioned, almost Balmer-esque marketing pitch. Plus, DarkCyber responds to a viewer who wanted more information about locating bad actor hackers promoting their criminal capabilities on the Dark Web. The program highlights two Dark Web services and provides information to two online resources which offer additional information. Three other stories round out the February 9, 2021, program. Allegedly some of the software stolen in the SolarWinds’ misstep (a data breach which compromised more than 18,000 companies and government organizations) is available for sale. Information about the cost of the software and how to buy are provided. Next you learn about the app tracking technology which is creating friction between Apple and Facebook. Who benefits from tracking users’ actions hundreds of times each day? DarkCyber answers this question. The final story is another signature drone news item. If you think that one drone poses a challenge, consider the difficulty of dealing with thousands of miniature weaponized drones converging on a unit or disrupting warfighting tactics under live fire.
Kenny Toth, February 9, 2021
Google Speaks But Is MIT Technology Review Delivering Useful Information or Just PR?
February 4, 2021
I read “Google Says It’s Too Easy for Hackers to Find New Security Flaws.” I assume that the Google is thrilled that its systems and methods were not directly implicated in the SolarWinds’ misstep and possibly VMWare’s and Microsoft’s. But I don’t know because the information is dribbling out at irregular intervals and in my opinion has either been scrubbed or converted to euphemism. A good example is the Reuters’ report “Exclusive: Suspected Chinese Hackers Used SolarWinds Bug to Spy on US Payroll Agency — Sources.”
The esteemed institution supported by Jeffrey Epstein and housing a expert who allegedly had ties to an American adversary’s officials reports:
Attackers are exploiting the same types of software vulnerabilities over and over again, because companies often miss the forest for the trees.
What makes this story different is that the Google is now agreeing that today’s software is easy to compromise. The write up quotes an expert who offers:
Over its six-year lifespan, Google’s team has publicly tracked over 150 major zero-day bugs, and in 2020 Stone’s team documented 24 zero-days that were being exploited—a quarter of which were extremely similar to previously disclosed vulnerabilities. Three were incompletely patched, which meant that it took just a few tweaks to the hacker’s code for the attack to continue working. Many such attacks, she says, involve basic mistakes and “low hanging fruit.”
This is news? I think it is more self congratulatory just like the late January 2021 explanation of the SolarWinds’ misstep which I discuss in the February 9, 2021 DarkCyber video program. You can view the video on this blog.
Stephen E Arnold, February 4, 2021
The SolarWinds Misstep: Who Else Walked Off the Cliff?
February 2, 2021
“Hack Said to Extend Beyond SolarWinds” is a troubling “real” news story. The idea that bad actors may have gained access to commercial and government servers for more than a year was troubling. According to the write up, the data breach has another dimension:
Close to a third of the victims didn’t run the SolarWinds Corp. software initially considered the main avenue of attack for the hackers…
What was the shared point of vulnerability?
The write up dances around the topic, but DarkCyber believes that Microsoft software is the common factor for the breaches, a fact presented at the end of the article:
Mr. Wales [US government cyber security wizard] said his [Cyber Security and Infrastructure] agency isn’t aware of cloud software other than Microsoft’s targeted in the attack.
The Wall Street Journal article reporting a government official’s public statement is located behind a paywall.
Is Microsoft capable of providing cloud and desktop services which are secure. Will a rock band craft a TikTok video based on a remake of the Platters’ hit song the Great Pretender modified to the Great Defender?
Yes I’m the great defender
Just laughin’ and gay like a clown
I seem to be what I’m not, you see
I’m showing my code like a crown
Pretending that JEDI’s still around.
Apologies to Buck Ram.
Stephen E Arnold, February 2, 2021
Post SolarWinds: Enhanced Security Methods. Er, What?
January 22, 2021
I find it interesting that the SolarWinds’ security misstep has faded. I assumed (the old ass of you and me saw is applicable) that after a teeny little security breach, information technology professionals would exert a teeny little effort to make sure obvious security lapses were remediated. Was I incorrect? Absolutely, gentle reader.
I noted the Beeb’s article “Malware Found on Laptops Given Out by Government”. The “government” is the United Kingdom’s Brexit capable entity. I learned:
Some of the laptops given out in England to support vulnerable children home-schooling during lockdown contain malware….The malware, which they said appeared to be contacting Russian servers, is believed to have been found on laptops given to a handful of schools.
I love the “some” and the “handful.” Ho ho ho.
Like the SolarWinds’ misstep, numbers in which one can be confident are not readily available. What is available is the indifference organizations have to the risks and threats malware on school laptops and educational computers pose. Thinking about human trafficking and child pornography. Distasteful for sure, but these “government” computers may provide information useful for other pursuits; for example, blackmail, extortion, and parent or guardian financial information.
One source for the tolerant Beeb allegedly said:
“We believe this is not widespread.”
Right, 18,000 organizations compromised via the SolarWinds’ misstep should be ignored.
Let’s here it for security well implemented. Wait. I don’t hear any rah rah. Must be an intercepted Internet stream which does not happen in the UK.
Stephen E Arnold, January 22, 2021
Post SolarWinds: No Kidding! Cyber Threats in 2021
January 21, 2021
KnowBe4 is a cyber security company based in Clearwater, Florida. The company offers a wide range of cyber security services and information. Like other cyber security firms, its systems and analysts did not notice the SolarWinds’ misstep. From my vantage point in rural Kentucky, this could be a miscommunication, a misunderstanding on my part, or another example of the ineffectiveness of US cyber security solutions offered by “experts.”
I spotted an article written by a KnowBe4 professional called “Top IT Security Threats in 2021.” This “content strategy and evangelist” seems to operate from the KnowBe4 office in South Africa.
Yep, there are cyber security threats. The SolarWinds’ misstep and the failure of heavily promoted cyber security and threat intelligence vendors to “notice” the breach remains fresh in my mind. FireEye is thinking about the misstep as well. That company released a free cyber tool to help entities figure out if their systems are compromised. (Quick comprehension test #1: What if the tool does not locate a breach? Is the system actually secure? Take the time needed to answer this question. Hint: Think about false positives for Covid tests?)
What are the threats in 2021? KnowBe4’s “content strategy and evangelist points out:
- Phishing
- Ransomware
- Remote working
- Passwords
- Disinformation.
Comprehensive, but isn’t something missing? (Quick comprehension test #2: What’s missing?)
The SolarWinds’ misstep?
If KnowBe4-type solutions worked, wouldn’t SolarWinds be off the security radar?
I like companies which have crystal ball capabilities; that is, the outfits know before? Marketing is more important than performance maybe?
Stephen E Arnold, January 21, 2021
Does This Mean Bad Actors Are Now Riding in 10,000 SolarWinds Powered Digital Sailboats?
January 12, 2021
I read “Hackers Breaking into Networks without SolarWinds, CISA Says.” The write up states that the Cybersecurity and Infrastructure Security Agency offered:
“Specifically, we are investigating incidents in which activity indicating abuse of Security Assertion Markup Language (SAML) tokens consistent with this adversary’s behavior is present, yet where impacted SolarWinds instances have not been identified,” according to updated guidance published Jan 6. “CISA is continuing to work to confirm initial access vectors and identify any changes to the tactics, techniques, and procedures (TTPs).”
Based upon my limited understanding, is this similar to 10,000 sailboats zipping around a big lake? A couple of coast guard patrols may have difficulty monitoring the carefree scofflaws. To make matters more challenging, the sailboats are used by other people who are trespassing on government land and private property in order to join the digital rave.
To sum up, the SolarWinds’ misstep may have been the one lane road which the visitors are using to explore the great big data lake. And the party has been going on for how long? Oh, right. No one knows for sure.
Stephen E Arnold, January 14, 2021
DarkCyber for January 12, 2021, Now Available
January 12, 2021
DarkCyber is a twice-a-month video news program about online, the Dark Web, and cyber crime. You can view the video on Beyond Search or at this YouTube link.
The program for January 12, 2021, includes a featured interview with Mark Massop, DataWalk’s vice president. DataWalk develops investigative software which leapfrogs such solutions as IBM’s i2 Analyst Notebook and Palantir Gotham. In the interview, Mr. Massop explains how DataWalk delivers analytic reports with two or three mouse clicks, federates or brings together information from multiple sources, and slashes training time from months to several days.
Other stories include DarkCyber’s report about the trickles of information about the SolarWinds’ “misstep.” US Federal agencies, large companies, and a wide range of other entities were compromised. DarkCyber points out that Microsoft’s revelation that bad actors were able to view the company’s source code underscores the ineffectiveness of existing cyber security solutions.
DarkCyber highlights remarkable advances in smart software’s ability to create highly accurate images from poor imagery. The focus of DarkCyber’s report is not on what AI can do to create faked images. DarkCyber provides information about how and where to determine if a fake image is indeed “real.”
The final story makes clear that flying drones can be an expensive hobby. One audacious drone pilot flew in restricted air zones in Philadelphia and posted the exploits on a social media platform. And the cost of this illegal activity. Not too much. Just $182,000. The good news is that the individual appears to have avoided one of the comfortable prisons available to authorities.
One quick point: DarkCyber accepts zero advertising and no sponsored content. Some have tried, but begging for dollars and getting involved in the questionable business of sponsored content is not for the DarkCyber team.
Finally, this program begins our third series of shows. We have removed DarkCyber from Vimeo because that company insisted that DarkCyber was a commercial enterprise. Stephen E Arnold retired in 2017, and he is now 77 years old and not too keen to rejoin the GenX and Millennials in endless Zoom meetings and what he calls “blatant MBA craziness.” (At least that’s what he told me.)
Kenny Toth, January 12, 2021
A Tiny Clue about the Entity Interested In the SolarWinds Misstep
January 11, 2021
I read “Putin’s Disinformation Campaign claims Stunning Victory with Capital Hill Coup.” The write up points out that a study by the Berkman Klein Center for Internet & Society describes a broad campaign against the United States. The article references a Rand study which offers additional color.
However, my interpretation of the write up is that Russia may be just one facet of the “truth decay” approach. Disinformation is complemented by penetration of US networks and systems. Even if no data were exfiltrated, undermining confidence is cyber security methods is another chess move by Russia.
The buzzword is widening the fissures. Serious weakness, exploitable weakness.
Stephen E Arnold, January 11, 2021
Cyber Security: An Oxymoron Maybe?
January 8, 2021
AI neural networks are only as smart as they are programmed and the technology is still in its infancy. In other words, AI neural networks are biased and make mistakes. This is not a problem now, especially when many AI neural networks are in the experimental stage; however, as the technology advances says we need to discuss future problems now in, “The Inevitable Symbiosis Of Cybersecuriity And AI.”
AI neural networks, like other technology, is hackable. The problem Hacker Noon brings up is that companies that rely on AI to power their products and services, such as Tesla’s self-driving algorithm, are ready to launch them to the public. Are these companies aware of vulnerabilities in their algorithms and actively resolving them or are they ignoring them?
AI engineers are happy to discuss how AI is revolutionizing cybersecurity, but there is little about how the cybersecurity is or could improve AI. Cybersecurity companies are not applying their algorithms to find vulnerabilities. Complacency is the enemy of AI safety:
“Moreover, there are still few use cases where it is paramount to guarantee the AI algorithms have no life-threatening vulnerabilities. But as AI takes over more and more tasks such as driving, flying, designing drugs to treat illnesses and so on, AI engineers will need to also learn the craft of, and be, cybersecurity experts.
I want to emphasize that the responsibility of engineering safer AI algorithms cannot be delegated to an external cybersecurity firm. Only the engineers and researchers designing the algorithms have the intimate knowledge necessary to deeply understand what and why vulnerabilities exists and how to effectively and safely fix them.”
Cyber security: An oxymoron?
Whitney Grace, January 8, 2021
DarkTrace: A Controversial View
January 6, 2021
I spotted that a post about Darktrace had been removed from Reddit. I became curious because the comment thread was on Reddit when I checked today (January 4, 2021). I located the original Darktrace post on the Archive.org site at this link. This content may be disappeared, and some of the points run counter to the rah rah write ups about the company. Here are some of the factoids and assertions which caught my attention:
- A Darktrace initial public offering is likely to take place in the near future
- 10 members of the Darktrace executive team allegedly had ties to Autonomy, the search and content management vendor acquired by HP
- Michael Lynch is part of an investment firm which funded Darktrace
- Goldman Sachs snubbed the Darktrace float.
None of the information in the Reddit post struck me as controversial. The data appear to come from a variety of open sources, including the Darktrace Web site, news reports, LinkedIn biographies, and public documents.
Why did I chase down the original post? The removal of the information from the threat sparked a number of interesting Reddit comments about Darktrace, the company’s business tactics, and the cyber security sector.
With the SolarWinds’ misstep still in the news cycle, it strikes me that cyber security related posts provide additional color about the products and services some of the higher profile vendors are offering.
Reddit obviously does not agree.
Stephen E Arnold, January 6, 2021
-
- Subscribe to Beyond Search
Feature archive
News archive
-
