• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

Explaining the 2020 End of Year Cyber Hack of Big, Fat Targets of Opportunity

I know you have heard about the end of year cyber attack. The end of 2020 is a zinger. But what caused the problem? Who is responsible? Which cyber security expert is the one to believe? Beyond Search has located an explanation, courtesy of Lorem Ipsum Anything. We posed these questions to the smart software at this next generation thumb typing site and learned:

Security harm resilience change others Beneficiaries food security persons groups objects. Institutions ecosystems entity referent security freedom change forces resilience example. Absence good want presence phenomenon range protection senses foundations secrecy. damage term purpose systems acts guarding security systems security guard security forces security companies. Security cameras e.g. state of mind telephone line containment room cell.

Makes the uptown explanations from assorted experts wishing they could have explained the cyber kick in the ribs as well. Yep, 2020 is year to remember. “Absence good want presence.”

Well said.

Stephen E Arnold, December 18, 2020

FireEye Breach a Major Concern

The cybersecurity firm responsible for safeguarding data at government organizations (including several US federal agencies) and Fortune 500 companies around the world recently announced it suffered a breach. CEO Kevin Mandia tried to downplay the implications and persuade us his company has everything under control, but Tech Central explains “Why Everyone Should Be Worried by the FireEye Hack.” FireEye revealed the attacker was probably a “sophisticated state-sponsored actor,” but Tech Central informs us:

“Reporters with the Washington Post were more specific: It was Russia. And not just any Russians, but a group known as ‘APT29’ or ‘Cozy Bear,’ hackers affiliated with the Kremlin’s intelligence services. Cozy Bear’s pedigree includes past hacks of the US state department and White House during the Obama administration and, perhaps most famously, of the Democratic National Committee’s servers during the 2016 presidential campaign. (Who did the state department and the White House recruit to clean up the earlier breaches? FireEye.) FireEye said the hackers pilfered its so-called ‘Red Team’ tools. That’s the stuff companies like FireEye use to test vulnerabilities of computer networks to make them more resilient. The tools are meant to mimic a complex assault, and now they’re in the hands of a hostile player. FireEye said the hackers focused primarily on information from its government clients, and it released 300 countermeasures for its customers and the public to use against hacks enabled by the stolen tools. The company also said it hadn’t seen any of its tools used yet for break-ins, and none involved ‘zero-day’ exploits. … ‘We do not believe that this theft will greatly advance the attacker’s overall capabilities,’ FireEye noted.”

Readers should take that assertion with a grain of salt; we are told the federal Cybersecurity & Infrastructure Security Agency is not so confident. Cybersecurity vendors seem to be better at marketing than protecting themselves and, by extension, their clients. This PR challenge is high, though, as the company’s stock market dive reveals. We’re reminded FireEye is not the first cybersecurity firm to be hacked. If the guardians themselves are not secure, is anyone?

Cynthia Murrell, December 17, 2020

Security Vendors: Despite Marketing Claims for Smart Software Knee Jerk Response Is the Name of the Game

Update 3, December 16, 2020 at 1005 am US Eastern, the White House has activate its cyber emergency response protocol. Source: “White House Quietly Activates Cyber Emergency Response” at Cyberscoop.com. The directive is located at this link and verified at 1009 am US Eastern as online.

Update 2, December 16, 2020 at 1002 am US Eastern. The Department of Treasury has been identified as a entity compromised by the SolarWinds’ misstep. Source: US “Treasury, Commerce Depts. Hacked through SolarWinds Compromise” at KrebsonSecurity.com

Update 1, December 16, 2020, at 950 am US Eastern. The SolarWinds’ security misstep may have taken place in 2018. Source: “SolarWinds Leaked FTP Credentials through a Public GitHub Repo “mib-importer” Since 2018” at SaveBreach.com

I talked about security theater in a short interview/conversation with a former CIA professional. The original video of that conversation is here. My use of the term security theater is intended to convey the showmanship that vendors of cyber security software have embraced for the last five years, maybe more. The claims of Dark Web threat intelligence, the efficacy of investigative software with automated data feeds, and Bayesian methods which inoculate a client from bad actors— maybe this is just Madison Avenue gone mad. On the other hand, maybe these products and services don’t work particularly well. Maybe these products and services are anchored in what bad actors did yesterday and are blind to the here and now of dudes and dudettes with clever names?

Evidence of this approach to a spectacular security failure is documented in the estimable Wall Street Journal (hello, Mr. Murdoch) and the former Ziff entity ZDNet. Numerous online publications have reported, commented, and opined about the issue. One outfit with a bit of first hand experience with security challenges (yes, I am thinking about Microsoft) reported “SolarWinds Says Hack Affected 18,000 Customers, Including Two Major Government Agencies.”

One point seems to be sidestepped in the coverage of this “concern.” The corrective measures kicked in after the bad actors had compromised and accessed what may be sensitive data. Just a mere 18,000 customers were affected. Who were these “customers”? The list seems to have been disappeared from the SolarWinds’ Web site and from the Google cache. But Newsweek, an online information service, posted this which may, of course, be horse feathers (sort of like security vendors’ security systems?):

Read more

Security Theatre: Act II of Flimsies or the Security Shibboleth Myth

The election is over. The activities in 2015 and 2016 were Act I. I think we are now in Act II of “Flimsies or the Security Shibboleth Myth.” I am perched happily on a small hill in rural Kentucky. I know zero about the machinations of the giant security outfits and the throbbing US government agencies. I do, however, read some news once in a while; for example, “SolarWinds Orion: More US Government Agencies Hacked.” The main idea is that the cyber breach and theft of pentest tools from FireEye, a prestigious cyber security firm, is very much in the news. The BBC story points out that a number of US government agencies were allegedly breached:

• US Department of Defense (does that include the Defense Intelligence Agency).
• US Department of State (does anyone work there any more?)
• US Department of Homeland Security
• US Department of Treasury (the FinCen folks perhaps?)

A contact told me that the estimable US Department of Commerce was a victim as well.

The main question for me is,

Do these Fancy Dan, often six figure or more cyber security systems work?

Another question:

Are the technologies ranging from Dark Web threat reports to smart software that works like a human immune system real or marketing fluff?

I don’t know the answer to these questions, but I am wondering what Act III will present.

Stephen E Arnold, December 16, 2020

Steele and Arnold: Cyber Security Hand Waving

On December 14, 2020, Robert David Steele, a former CIA professional, and I discussed security hand waving. You can view the short video at this link. My principal contribution was the identification of three types of organizations which have institutionalized security vulnerabilities. These are:

• Colleges and universities hiring instructors and other faculty without probing their backgrounds. No peer reviewed papers and a recommendation from a friend are not enough.
• University exchange programs in which students participate in multi-national research activities. Many of these programs include on campus visits, international travel, and significant information access. No significant vetting of these participants is conducted. Theses programs flourish near some interesting US government facilities; for example, Oak Ridge National Labs in Tennessee.
• Intern programs in the US government, although some state governments have similar set ups. These interns are pressed into duty for Web page maintenance, programming, and fixing broken software. Security checks do take place, but are these sufficiently rigorous when an intern is allegedly updating a Web page at the Railway Retirement Board or similar entity?

Bad actors can easily gain access to useful information. There’s more in the video. I do mention FireEye’s recent security issue, but my interpretation is quite different from the marketing and legal rah rah about the tiny little glitch. Take a peek because I continue to question the efficacy of the in-place security in many organizations. How easy is it to penetrate an organization? I provide three examples of methods which are popular despite the sharp increase in companies selling solutions to lock down unauthorized access.

Stephen E Arnold, December 15, 2020

Alleged CCP Database: 1.9 Million Entries

DarkCyber noted the availability of 1.9 million members of the Chinese Communist Party in 2016. We think we can here “The data are old,” “The data are a scam,” and “That was then, this is now” statements from those listed in the file. The information, which you will have to figure out for yourself, may be on the money or a bit of a spoof. Elaborate spoof, yes. It will help if you can read Chinese or have access to a system which can translate the ideographs into ASCII characters and normalized. Spellings can be variable depending on the translator or the machine translation system one uses. For now, the file is available on Go File at this link.\

Here’s a tiny snippet:

Are there uses of the data? Sure, how about:

• Filtering the list for those individuals in Canada, the UK, and the US and mapping the names against university faculty
• Filtering the list for graduate students in such countries as Australia, Canada, and France. While you are at it, why not do the same for graduate students in the US
• Filtering the list for individuals who are or have been part of a cultural or scientific exchange, particularly within driving or drone distance of a US national research laboratory; e.g., University of New Mexico or the University of Tennessee?

The data appear to be at least four years old and may turn out to be little more than a listing of individuals who purchased a SIM from a Chinese vendor in the last 48 months. On the other hand, some of the information may be a cyber confection. DarkCyber finds the circumstances of the data’s “availability,” its possible accuracy, and its available as open source information interesting.

Stephen E Arnold, December 14, 2020

Interesting Post on Microsoft Github: Teams Vulnerability

I found this interesting post on Github, one of Microsoft’s open source plays. “Important, Spoofing” – Zero-Click, Wormable, Cross-Platform Remote Code Execution in Microsoft Teams.” The post explains how to compromise a Teams environment by sending or editing an existing Teams message. The message looks just peachy to the recipients or recipients. Teams is plural. When the recipient looks at the message the malicious payload executes. The post points out:

That’s it. There is no further interaction from the victim. Now your company’s internal network, personal documents, 365 documents/mail/notes, secret chats are fully compromised. Think about it. One message, one channel, no interaction. Everyone gets exploited.

Microsoft calls the exploit spoofing. Keep in mind that Microsoft has more than 100 million active users of its Zoom killer.

Stephen E Arnold, December 9, 2020

DarkCyber for December 1, 2020, Now Available

DarkCyber reports about Maltrail, an open source cyber tool for detecting malicious traffic. Crime as a Service matures. Now anyone can point-and-click through a ransomware attack. Bad actors helpfully make cyber crime less of a hassle. Insider threats — what DarkCyber calls “the Snowden play” — are becoming more prevalent. Why? A need for money, revenge, or a dose of that old Silicon Valley attitude.

The feature in this episode is a summary of the next-generation in entity recognition from videos and still images. Face recognition is not the most reliable technology in the world; however, researchers from China and Japan have figured out how to match a person’s gait to an individual. Ergo gait recognition. A link to the technical details appears in the program.

The program features a brief extract from a conversation between Robert David Steele, a former CIA professional, and Stephen E Arnold (owner of Dark Cyber). Arnold describes some of the less appreciated reasons why digital information creates new challenges for law enforcement and intelligence professionals. Good news? Not really.

The final story in the program addresses the urgent need for counter unmanned aerial systems by local, county, and statement law enforcement agencies. Individuals are ramming drones into police helicopters. The DarkCyber discussion of this problem includes a link to a series of recommendations promulgated by the British government to address this kinetic use of drones.

DarkCyber is produced by Beyond Search. The video program appears every two weeks. The third season of DarkCyber begins in January 2021. The program is non-commercial, does not accept advertising, and does not beg for dollars. How is this possible? DarkCyber is not sure.

You can view the program at this link.

Kenny Toth, December 1, 2020

Virtual Private Networks: Are These Private?

About a month ago, Google rolled out its own virtual private network. The timing was mostly in sync with Facebook’s expansion of encrypted services for its chat apps. Is encryption good for users, good for large technology companies, and good for law enforcement.

The story “Google One VPN: Everything You Need To Know” is representative of the coverage of Google’s VPN. I noted:

Google isn’t new to the world of VPNs. It actually has used one for its customers on Google Fi for many years now. Essentially with Google Fi, whenever you connected to a public WiFi network, you would automatically be connected through Google Fi’s VPN. As mentioned before, this is because Public WiFi networks are not secure. So while keeping you from using a lot of data, since Fi charges per gigabyte, it also kept you protected. Now, Google is just moving its VPN to where everyone can use it. Whether they are a Fi customer or not.

The write up does not answer the question about the “goodness” of the Google service. The write up asserts:

Google has said numerous times that it will not use the VPN connection to track, log or sell your browsing activity. But then again, how will we know that Google is not doing that? We won’t. And that goes for any other company too. It’s up to you, whether you trust Google not to collect this data when you’re using its VPN. But don’t forget, that if Google really wanted that data, it could easily get it from your Android smartphone too.

As I said in response to questions posed to me by a former CIA professional (view full 20 minute video here):

Online services are inherently surveillance mechanisms.

Many will not agree with this Arnold Law. That’s okay, but VPNs are particularly interesting because the user agreeing to participate in an allegedly secure and private man in the middle service. How secure is a man in the middle service?

Another good question just like “Are VPNs private?”

Stephen E Arnold, November 30, 2020

Amazon and the Cyber Security Industrial Complex

This is probably no big deal. Cyber security, threat intelligence, and wonky proprietary tools from startups populated by retired or RIFed intel officers are a big business. I was asked by a “real news” reporter, “How big?” I dutifully sent links to companies selling market forecasts for global cyber security revenues. How big were these numbers? Acquisition big. The hypothesis I have formulated is that when wild and crazy market size projections fly like hungry sparrows, there is a revenue problem. Specifically there are too many sparrows chasing available bugs and bread crumbs. That’s why Blackberry is in the cyber security business. Why LookingGlass stepped away from Cyveillance. That’s why Dark Web indexes of bad actors’ Crime as a Service offerings are a dime a dozen.

It is, therefore, no surprise that the write up “Trend Micro integrates with AWS Network Firewall” explains that Amazon is continuing to add to its pool of 65,000 plus partners. Many of these outfits like Palantir Technologies are in the cyber intelligence and cyber threat business. Bad actors beware.

The write up reports:

Trend Micro’s built-in IPS intelligence will inspect traffic for malicious intent so that the firewall can stop threats before they get a foothold in a virtual private cloud. Together, AWS and Trend Micro offer a simple, scalable service with reliable protection that does not require any infrastructure management.

What’s the hook? Here’s the statement I circled with an Amazon happy face:

Trend Micro’s threat intelligence will be available free with easy deployment for AWS Network Firewall customers.

What do I make of free cyber security services? No much but I hear the Bezos bulldozer pulling into the cyber intelligence and security services shopping mall. Roll up or roll over time for the cheerful orange machine with a big smile painted on the cab.

Stephen E Arnold, November 24, 2020

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Fogint
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month April 2025 March 2025 February 2025 January 2025 December 2024 November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • The 10X Engineer? More Trouble Than They Are Worth
  • Synthetic Data: It Sucks, Says Designers
  • AI Crawlers Are Bullying Open Source: Stop Grousing and Go Away
  • Now a Magazine Figures Out Why Its Circulation Sucks: Clueless People Do Not Subscribe
  • Zuckerberg Wants WhatsApp To Compete With Telegram

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org