• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

Huawei and Its Sci-Fi Convenience Vision

One of the DarkCyber research team spotted what looked like a content marketing, rah rah article called “Huawei’s 1+8+N Strategy Will Be a Big Success in China As It Has No Competitors.”

We talked about the article this morning and dismissed its words as less helpful than most recycled PR. The gem in the write up is this diagram which was tough to read in the original. We poked around and came across a Huawei video which you can view on the Sparrow News Web site.

Here’s a version of the 1+8+N diagram. If you are trying to read the word “sphygmomanometer” means blood pressure gizmo. The term is shorthand for “smart medical devices”.

The idea is that the smartphone is the de facto surveillance device. It provides tags for the device itself and a “phone number” for the device owner. Burner phones registered to smart puppets require extra hoops, and government authorities are going to come calling when the identify of the burner phone’s owner is determined via cross correlation of metadata.

The diagram has three parts, right? Sort of. First, the “plus” sign in the 1+8+N is Huawei itself. Think of Huawei as the Ma Bell, just definitely very cozy with the Chinese government. The “plus” means glue. The glue unites or fuses the data from the little icons.

The focal point of the strategy is the individual.

From the individual, the diagram shows no phone computing devices. There are nine devices identified, but more can be added. These nine devices connected to an individual are all smart; that is, Internet of things, mobile aware, surveillance centric, and related network connected products.

The 1

The “1” refers to the smartphone.

The 8

The eight refers to the smart devices an individual uses. (The smartphone is interacting with these eight devices either directly or indirectly as long as there is battery and electrical power.)

Augmented / virtual reality “glasses”

Earphones

Personal computers

Speakers

Tablets

Televisions

Watches

Vehicles

The connection between and among the devices is enabled by Huawei HiLink or mobile WiFi, although Bluetooth and other wireless technologies are an option.

The N

The N like the math symbol refers to any number of ecologies. An ecology could be a person riding in a vehicle, watching a presentation displayed by a connected projector, a smart printer, a separate but modern smart camera, a Chinese Roomba type robot, a smart scale for weighing a mobile phone owner, a medical device connected or embedded in an individual, a device streaming a video, a video game played on a device or online, a digital map.

These use cases cluster; for example, mobile, smart home, physical health, entertainment, and travel. Other categories can, of course, be added.

Is 1+8+N the 21st Century E=MC^2?

Possibly. What is clear is that Huawei has done a very good job of mapping out the details of the Chinese intelligence and surveillance strategy. By extension, one can view the diagram as one that could be similar to those developed by the governments of Iran, North Korea, Russia, and a number of other nation states.

The smartphone delivers on its potential in the 1+8+N diagram, if the Huawei vision gets traction.

Observations

The 1+8+N equation has been around since 2019. Its resurfacing may have more to do with Huawei’s desire to be quite clear about what its phones and other products and services can deliver.

The company uses the phrase “full scene” instead of the American jargon of a 360 degree view.

Neither phrase captures the import of data in multiple dimensions. Tracking and analyzing data through time enables a number of interesting dependent features, services, and functions.

The 1+8+N may be less about math and more about intelligence than some of the write ups about the diagram discuss.

Stephen E Arnold, July 9, 2020

Consumers As Unwitting Data Conduits as Cyberware Flames

India and China are not friending one another. The issue I noted today concerns social media services designed —  maybe targeted is a more appropriate word — at consumers.

Most users of apps like TikTok of 30 second video renown are not aware and do not want to know about data surveillance, known to some as data sucking or data hoovering. (A Hoover was a vacuum cleaner for DarkCyber readers unfamiliar with such a device.)

Information has been floating around that TikTok and other “authorized” apps available from the Google and from the would-be Intel-killer Apple allow the basic social media function to take place while the app gobbles a range of data. Put something on your clipboard? Those data are now in a server in Wuhan.

“India Bans TikTok As Tensions with China Escalate” reports:

India’s Ministry of Electronics and Information Technology said in a statement Monday that it had received many complaints about misuse and transmission of user data by some mobile apps to servers outside India.

Yes, another Captain Obvious insight. Is Captain Obvious working for one of India’s government services?

For those who have wandered the aisles of some interesting conferences, TikTok data is only the tip of the data iceberg.

In fact, I told one hip real news person that chasing some of the smaller data resellers was like understanding the global nature of agribusiness by talking to a quinoa farmer 20 miles from Cusco.

The information is interesting to DarkCyber for three reasons:

1. The insight light bulb is flashing in some government units. That’s a start.
2. India is recognizing that consumers going about their daily lives are providing an intelligence windfall of reasonably good size. Consumers use their mobile phones, consumers talk, and consumers enter secure facilities and check out craze dances in the break room.
3. Cyber warfare is not just chewing away at juicy servers in Australia or Canada. Cyber warfare is wrapped up in those low cost, feature packed hardware devices which, according to the sticker on the box, are “smart.”

The current time period is one filled with interesting activities. What do you think, Captain Obvious?

Stephen E Arnold, June 30, 2020

AI Enables Cyber Attacks

Is it not wonderful that technology has advanced so much that we are closer to AI led cyberattacks? It is true that bad actor hackers already rely on AI to augment their nasty actions, but their AI is not on par with human intelligence yet. Verdict warns that AI powered cyberattacks will be on the rise in the future: “Leveling Up: How Offensive AI Will Augment Cyberattacks.”

A 2020 Forrester report stated that 88% of security leaders believe AI will be used in cyberattacks and over half thought an attack could occur sometime in the next twelve months. Cyber security professionals are already arming their systems with AI to combat bad actors using the same technology, but they cannot predict everything.

Bad actor hackers want AI capabilities, because it scales their operations, increases their profitability, provides an understanding of context, and makes attribution and detection harder. Verdict’s article breaks down a bad actor hacker’s attack strategy.

The first step would be reconnaissance, where chatbots interact with employees with AI generated photos. Once the chatbots gained the victims’ trust, CAPTCHA breakers are used for automated reconnaissance on the public Web site. The next step would be intrusion with spear-phishing attacks targeted at key employees.

Part three would follow with an attacker hacking the enterprise framework and blending in with regular business operations. The next phases would collect passwords another privileges as the hacker moved laterally to gather more targeted information while avoiding detection. The final phase would be where the AI shows its chops by pre-selecting information to steal instead of sifting through an entire system. The AI would get it, download the targeted data, and then get out, most likely without a trace.

“Offensive AI will make detecting and responding to cyberattacks far more difficult. Open-source research and projects exist today which can be leveraged to augment every phase of the attack lifecycle. This means that the speed, scale, and contextualization of attacks will exponentially increase. Traditional security controls are already struggling to detect attacks that have never been seen before in the wild – be it malware without known signatures, new command and control domains, or individualized spear-phishing emails. There is no chance that traditional tools will be able to cope with future attacks as this becomes the norm and easier to realize than ever before.”

The human element is still the surprise factor.

Whitney Grace, June 4, 2020

Microsoft and Cyber Security: Popping Up a Level?

Remember when Microsoft “invented” DOS? What happened to Gary? Nothing good.

Remember when Microsoft “invented” compression? What happened to those Stacker people? Poof.

Remember when Microsoft “reinvented” enterprise search? What happened to Fast Search & Transfer’s UNIX licensees? Hasta la vista, muchachos.

Now Microsoft seems to be preparing to convert the cyber security vendors into Microsoft partners. We noted “Microsoft Opens Up Coronavirus Threat Data to the Public.” Another virtue signaling story? Maybe.

The article reports/asserts:

Microsoft is making the threat intelligence it’s collected on coronavirus-related hacking campaigns public…

That seems useful. Here’s another piece of information presented as a quote from the head of the Cyber Security Alliance:

“Overall, the security industry has not seen an increase in the volume of malicious activity; however, we have seen a rapid and dramatic shift in the focus of that criminal activity,” Daniel, a former White House cybersecurity coordinator, told CyberScoop. “The bad guys have shifted their focus to COVID-19 related themes, trying to capitalize on people’s fears, the overall lack of information, and the increase in first-time users of many on-line platforms.”

The article points out:

The 283 threat indicators Microsoft has shared are available through Microsoft’s Graph Security API or Azure Sentinel’s GitHub page.

Open information. Github. Partnering. Fighting disease. — How much goodness can one services firm deliver?

DarkCyber believes that Microsoft is dropping apples that do not fall far from the DOS, Stacker, and Fast Search UNIX tree.

Microsoft wants to be in the thick of cyber security in order to surround and benefit from the money flowing into a starting-to-consolidate cyber sector.

Only this week, a Florida based vendor of investigative software started beating the bushes for a buyer. Consolidation has begun and is accelerating.

How can Microsoft benefit? Those cyber security outfits make darned good Microsoft partners. Installing, tuning, and customizing Microsoft services (on premises and in the cloud) makes good business sense.

Maybe DarkCyber is misinterpreting an act of sincere common good as a dark pattern?

On the other hand, we could ask Gary, a Stacker person, or a Fast Search UNIX licensee. Err, maybe not.

Stephen E Arnold, May 15, 2020

Google Play: And by Whose Rules?

Arstechnica published “Google Play Has Been Spreading Advanced Android Malware for Years.” The write up’s observation which caught DarkCyber’s attention was:

Attackers behind the campaign used several effective techniques to repeatedly bypass the vetting process Google uses in an attempt to keep malicious apps out of Play.

How long has the “inattention” allowed malware? Maybe just about around four years.

With Google doing backtracking on its stellar content verification processes, will the company be able to protect its users from malware?

DarkCyber’s view is that the task becomes more difficult each day. Google’s ability to control its costs is one message conveyed in its financial results. Content curation that delivers reliable results may require more resources than Google is able to provide.

The result?

What we have is what we get it seems.

Stephen E Arnold, May 1, 2020

DarkCyber for April 28, 2020: Free Cyber Warfare Book, Spy Insights, the Info Gap Map, and HaaS

The April 28, 2020, DarkCyber tackles four stories this week. This week’s program is available via the DarkCyber blog, Vimeo, or YouTube. This week’s stories include information that is otherwise difficult to locate.

You can download a comprehensive look at cyber warfare published by the Carnegie Endowment for International Peace. The book covers cyber intelligence and methods of cyber warfare. DarkCyber’s Stephen E Arnold and former CIA spy Robert David Steele discussed misinformation in a one hour interview which is available on the Phi Beta Iota Web site. DarkCyber includes an extract from the discussion about obtaining hyper local data about people, events, and places. The information gap map illustrates how little digital information is available in free Web search systems. The map makes clear that anyone relying on Bing, Google, Yandex, and other free Web search systems is likely to be drowned in misinformation. The program explains how to access a no cost honeypot as a service. HaaS makes it possible to explore malware and learn about exploits in a controlled environment. The link to the service is provided in the program.

Kenny Toth, April 28, 2020

What Is Popular on the Dark Web? Contraband, Stolen Credentials, or Crime Training?

The answer, according to “What’s Hot on Dark Net Forums? Fraud Guides” reveals that training is popular. The finding comes from Terbium Labs, a cyber security firm in Maryland. DarkCyber noted this statement:

“Fraud guides” designed to assist cybercriminals in carrying out schemes that leverage stolen financial or personal data are the most common offerings on three prominent dark net marketplaces…

How much does it cost to learn how to be a criminal? The write up reports that the average cost of these guides is $3.88. A “bundle” of guides costs about $12.

The reason for the growth market, according to Terbium’s expert, is that people want to know how to leverage stolen financial data like bank account information.

Questions which the article prompts include:

• Why aren’t cyber security solutions offered by Terbium’s peers not clamping down on personal information like credit card and financial data?
• Is there a correlation between layoffs in the tech industry and the alleged surge in how to information?
• Why are Dark Web sites thriving despite the clamp down by law enforcement in the US and elsewhere?

DarkCyber’s research suggests that the Dark Web offers non training products and services which account for a larger volume of business; for example, crime as a service.

Kenny Toth, April 22, 2020

Another Specialized Method Revealed

This is another example of an article which should not be widely available. Rumors of a method to compromise Android phones have been circulating for months. The major signal that a specialized services firm had developed a way to compromise Android phones was a change in Zerodium’s bounty. Android bounties cratered; iPhone vulnerability values skyrocketed. Why? Android devices could become the house pets of certain entities.

“The Secret Behind Unkillable Android Backdoor Called xHelper Has Been Revealed” explains the procedures followed. If you are interested in what significant research efforts can achieve, read the article.

DarkCyber’s view is that Google’s Android team, like many zip zip development shops, overlook excellence. The pursuit of good enough has paid dividends for Google’s approach to business. However, Googlers make assumptions that their way is THE highway.

That works until it doesn’t.

DarkCyber has little to say about the specialized services which have been able to convert the Android device into a handy dandy information provider.

And what about the cyber security firms selling “security”? Does this minor issue suggest that talk and PR about digital security solutions is hot air?

But Google?  Yep, Google. Good enough is not.

Stephen E Arnold, April 20, 2020

Cookies and Fingerprints: You Will Be Monitored by Mom

Everywhere you go on the Internet, cookies are tracking your movements (even with a VPN). The technology is over a decade old and they range from tracking pixels, content tracker, cross-site tracking cookies, social trackers and browser finger-printing. The Next Web explains that browser fingerprinting is becoming more popular with advertisers in the article, “Digital Fingerprints Are The New Cookies-And Advertisers Want Yours.”

Digital Fingerprinting refers to a company generating a profile about your device’s characteristics. These can include everything from operating system down to browser settings. In other words, it is more like an anonymous barcode. Your identity is not attached to the digital fingerprint, but your data is for advertisers to send targeted ads.

Banks use digital fingerprinting as a security measure. Banking Web sites can identify the device you are on, but if they do not they ask security questions. Advertisers now want the technology to make more money. For users, it is more along the lines of capitalist Big Brother.

There are ways to turn off digital fingerprinting. Most of the tracking happens when you are on the Internet, so look through your browser settings and see if it has tracking protection. Even if you turn on tracking protection it does not entirely hide you:

“While “incognito mode” prevents your browser history from being recorded on your computer and prevents your spouse to spy on you, it does not prevent websites that you visit from collecting data about you and it does nothing to block fingerprinting. Similarly, clearing your browsing history on a regular basis, while a healthy thing to do, does not address fingerprinting either.

While ad blockers block ads from loading, not all ad blockers also block trackers, even less fingerprinters. Trackers can come attached to ads, but quite often they are not part of the ad delivery process itself. Social trackers, tracking pixels and fingerprinters for instance don’t need to piggyback on an ad to track your data.”

To avoid cookies, use a private connection, a good decent VPN, and browse in incognito mode. It does not work 100%, but it is better than capitalist Big Brother.

Whitney Grace, April 15, 2020

The Roots Behind Criminality: Cyber and Regular

Coronavirus scams, global Internet traffic hijacking, and attacks on work-from-homers. Where does crime originate?

In the United States, true crime documentaries and fictional detective shows are popular. People love these shows because it explores the human psyche and tries to answer why people commit crimes. Mental health professionals have explored criminals motivations for centuries, including University of California Santa Cruz professor of psychology Craig Haney. Phys.org shares more on Haney’s work in the article, “New Book Debunks Myths About Who Causes Crime And Why.”

For over forty years, Haney researched the real causes behind crimes and he formulated the hypothesis that criminal behavior could be tied to childhood suffering, such as abuse, trauma, and maltreatment. Haney had interviewed many death row inmates and noticed trauma patterns in them. His colleagues were skeptical about his findings, because there was not much research not the idea and few studies. Haney wrote about his findings in a new book, Criminality in Context: The Psychological Foundations of Criminal Justice Reform. In his new book, Haney discusses forty years of research and what believes to be the root causes of criminal behavior, how it differs from accepted conventions, and what reforms are needed in the criminal justice system. Haney stated:

‘“The nation’s dominant narrative about crime is that it is committed by bad people who freely choose to make bad decisions, persons who are fundamentally different from the rest of us,’ said Haney, who holds psychology and law degrees. “The only thing that is fundamentally different about them is the lives they’ve lived and the structural impediments they’ve faced.’”

Haney found that the people most at risk to commit crimes were those exposed to childhood trauma and often experienced even more maltreatment in places meant to protect them: school, foster care systems, and juvenile justice systems.

He also argues that poverty and racism are key contributors to criminal behaviors. Poverty is a gateway to criminal behavior, because it leads to trauma, unmet needs, and less opportunities. Unfortunately ethnic minorities who experience poverty and trauma are more likely to end up imprisoned. By proxy ethnic minorities receive differential treatment and represent the largest criminal populations.

Haney’s research exposes bigger holes in the already broken criminal justice system. He points that bigger reforms need to be made than simple criminal justice. Crime prevention strategies need to start at the cradle, most importantly combating social inequality and and poverty.

While Haney’s research may sound new, it only augments what other mental health professionals have been spouting for years. Everything is connected when it comes to mental health, but humans usually are not taught how to properly care for their minds.

Whitney Grace, April 8, 2020

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Fogint
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month January 2025 December 2024 November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • Agentic Workflows and the Dust Up Between Microsoft and Salesforce
  • More about NAMER, the Bitext Smart Entity Technology
  • Apple and Some Withering Fruit: Is the Orchard on Fire?
  • Some AI Wisdom: Is There a T Shirt?
  • Beating on Quantum: Thump, Clang

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org