New Security System: Science Fact or Science Fiction?
February 15, 2020
It is an understatement that digital security is a growing concern, but that could change with a new invention. The Eurasia Review discussed the latest in the security field in the article, “New Security System To Revolutionize Communications Privacy.” An international research team of scientists from the University of St. Andrews, King Abdullah University of Science and Technology, and Center for Unconventional Processes of Sciences created an unshakable security system and is described as will “revolutionize communications privacy.”
How does the revolutionary system work?
“The international team of scientists have created optical chips that enable information to be sent from user to user using a one-time un-hackable communication that achieves ‘perfect secrecy’ allowing confidential data to be protected more securely than ever before on public classical communication channels. Their proposed system uses silicon chips that contain complex structures that are irreversibly changed, to send information in a one-time key that can never be recreated nor intercepted by an attacker.”
The optical chips offer perfect secrecy on a global scale and the costs are estimated to be feasible. Current cryptographic techniques are fast and easy to share, but advanced computers with quantum algorithms can crack them. The new encryption systems is supposedly unbreakable, uses existing communication networks, and takes up a lot less space.
Theoretically the system is perfect, because the chip generates keys that unlock each message. The keys are never stored, communicated, nor ever be created. It adds an extra security level that the regular cryptographic technology does not have.
The new security system inventors or academics, not from big technology companies, and they work at organizations in the United Kingdom, Saudi Arabia, and the United States. They are not for-profit organizations, but the scientists are searching for commercial applications for the security system.
Whitney Grace, February 15, 2020
LexisNexis: Expanding Its Cyber and Policeware Capabilities
February 10, 2020
LexisNexis, once holder of an exclusive with the New York Times, has been working to retain its government and commercial customer revenue. The cyber online business is booming, but legal information remains a difficult business. Lose a Top 50 US law firm as a client, and the canny marketers have to convert a couple of hundred smaller outfits. Why’s this sector difficult? Free or lower-cost legal content and Reed Elsevier’s principal competitor Thomson Reuters.
LexisNexis has not been standing still, but it has been chugging along in the cyber security sector and policeware markets for many years. Oh, you didn’t know? Well, LexisNexis marketing is on a par with Google’s ad group. That’s the creative team which delivered an ageing parent downer to a Super Bowl audience.
LexisNexis announce on February 2, 2020:
[Its] Risk Solutions, part of RELX, today announced it has entered into an agreement to acquire Emailage®, a global provider of fraud prevention and risk management solutions. Emailage will become a part of the Business Services group of LexisNexis Risk Solutions. Founded in 2012 and based in the Phoenix metro area with offices across the globe, Emailage helps organizations reduce online fraud by building multi-dimensional profiles associated with customer email addresses to render predictive risk scores.
DarkCyber interprets this a helping entities deal with phishing. The reference to predictive analytics is in line with other companies offering alert services.
We noted this statement from the new LexisNexis human resource:
Rei Carvalho, CEO of Emailage, said, “LexisNexis Risk Solutions is laser-focused on providing its customers a 360 degree view into an identity, which aligns with our mission to help customers who seek fast, low-friction, global digital identity fraud solutions to combat fraud without sacrificing consumer experience. We are thrilled to be recognized as a pioneer in email intelligence-based fraud risk scoring solutions and look forward to aligning our solutions to help organizations fight fraud on a more comprehensive level.”
The “360” references a customer’s ability to see “around” an issue, not from the point of view of other “360” cyber security vendors. LexisNexis has a large collection of content upon which to draw. Cyber security services could be a larger, more sustainable market than the pursuit of search licenses from law firms. There are many lawyers, but not many spend for online as they did in the good old days. Today’s clients often cap research fees. Fear and must have defense are more potent tools in the security sector than the glories of online search when an “answer” may not be found.
For information about this cluster of services, navigate to www.relx.com.
Stephen E Arnold, February 10. 2020
Cellebrite Has Capabilities: Now It Has More
February 4, 2020
Forensic tools firm Cellebrite is broadening its range with an upcoming acquisition. AppleInsider reveals, “Cellebrite Expands to Mac Forensic Tools with $33M BlackBag Purchase.” The Israel-based company is owned by Japan’s Sun Corp. It received an influx of $110 million in June from IGP Capital and is expected to make more acquisitions soon. Until now, Cellebrite has specialized in forensic tools for smartphones and tablets, especially iOS devices. Writer Malcolm Owen writes:
“Its clients largely consist of law enforcement agencies and other government organizations. Cellebrite is thought to have been the firm that provided the FBI with assistance in the San Bernardino investigation in 2016, with it allegedly receiving $900,000 for helping crack the shooter’s iPhone.
We also note:
“While Cellebrite is focused on mobile devices and cloud, BlackBag instead centers its work on computer forensics, including tools for quickly searching through volumes of data stored on servers. The purchase of BlackBag increases the capabilities of Cellebrite, making it capable of operating on more platforms. Part of BlackBag’s work includes accessing Macs and MacBooks, with its MacQuisition tool claimed to perform live data acquisition, targeted data acquisition, and forensic imaging of macOS devices. The tool is said to be the first and only one capable of creating images of Macs equipped with Apple’s T2 chip, which handles encryption and other security-related tasks.”
Those wondering if certain devices and systems can be compromised, ask your Cellebrite contact. For those unaware of Cellebrite’s capabilities, contact the company directly. For some in the US government, awareness of Cellebrite’s new services and products is not apparently up to date.
Cynthia Murrell, February 4, 2020
Data Leak Exposes Methods
January 22, 2020
The cat is out of the Hermes handbag. Raw Story reports, “Massive Leak of Data Reveals New Money-Hiding Secrets of Superrich—and this in ‘Only the Beginning’.” Last summer, the transparency group Distributed Denial of Secrets leaked data from the Formations House, a British company that serves the well-to-do around the world. It has taken journalists some time to analyze the roughly 100 GB of data, dubbed “#29Leaks,” and now news stories are cropping up. They say the company has been creating legal entities as fronts for money laundering, tax evasion, and fraud. We learn:
“According to Unicorn Riot, reporting from the data will have an international scope: Formations House has been the subject of international scrutiny for years, and the #29Leaks documents have been under investigation for some time. It is expected that news stories in Central America, Africa and Europe will examine information drawn from this set of leaks. The use of Formations House-managed companies to move money around between offshore and private banking centers like Luxembourg and other parts of the world is among the main themes of this dataset. Other documents expected to be covered in detail show how the African nation of The Gambia is commonly used to create banks and insurance companies on paper for wealthy people in other continents, which Formations House and related parties package and facilitate. On Tuesday The Times of London showed, via undercover reporting, how Formations House sets up shell companies for its clients. McClatchy reported on how Formations House helped Iran’s national oil company avoid sanctions. The Organized Crime and Corruption Reporting Project detailed schemes across Eastern Europe. The Economic Times, meanwhile, dug into the company’s Pakistani-British management.”
The Pursuance Project, which has been helping make sense of the leaked information, expects reporting will continue to emerge. In fact, they say, they are only beginning to analyze all the data available from this trove.
Cynthia Murrell, January 22, 2020
DarkCyber for January 14, 2020, Now Available
January 14, 2020
The DarkCyber for January 14, 2020, is now available. The program includes stories about ToTok, cyber trends in 2020, and information about the new Amazon Blockchain Policeware report. You can view the video on Vimeo at this link: https://vimeo.com/384343454.
We want to thank the people who commented on our interview with Robert David Steele. We posted this video on December 31, 2019. If you missed that program, you can view it at this link: https://vimeo.com/382165736.
Kenny Toth, January 14, 2020
Shutting Down a C Suite Person to Cyber Security
January 7, 2020
DarkCyber spotted an interesting approach to marketing. The write up “Implications for CEOs Who Miss Security Targets” offers words of wisdom from a consultancy doing business as Thycotic. With what does this name rhyme? Note: This is a question, you gentle reader, can answer. DarkCyber thinks stenotic perhaps. The word, as you may know, means narrowing.
With the poetry out of the way, what are the issues related to a “security target”?
One of the main reasons behind this is that there is a disconnect between the C-suite and the IT security team. A lack of effective communication between the two can often result in security targets that are based on KPIs that have little relation to business objectives.
Yes, we have a failure to communicate.
And there is evidence, proof from a sample of 550 “IT decision makers”:
a Thycotic survey of 550 IT decision makers shows that a quarter (26 percent) report that IT security is not prioritized or invested in by their boards as strategically important. Further, more than half (52 percent) of IT security decision makers say their organizations struggle to align business goals and security initiatives. Four out of 10 (43 percent) say their business’s goals are not communicated with them and a third (36 percent) admit that they aren’t clear on what the business goals even are.
DarkCyber can add the following downsides:
- The IT person will be given an opportunity to [a] testify and [b] find his/her future elsewhere
- New cyber security vendors will be hired, adding to the confusion and complexity for sitting ducks to fend off guerilla hunters working alone, in squads, or for an industrialize criminal organization
- Employees will be reminded to change their passwords, zip their lips, and avoid clicking on emails which usually look pretty darned authentic.
DarkCyber’s view is that change, particularly with regard to cyber security, comes slowly for many organizations.
PS. The C suite may be given an overhaul.
Stephen E Arnold, January 7, 2020
Mobile Security: Bad News, Consumer
January 1, 2020
An online information service called Hindu Business Line has become a source for amusing digital information. Consider the factoids included in “Most People Are Not Aware of Malware on Their Mobile’.” A word of caution, the Web page may redirect some users to a malicious site, which makes the information just so much more special.
Here are some of the factoids:
- 23 percent of organizations in Indian run a risk of malware attacks. (DarkCyber thinks that the risk is much higher because malware is a growth business and most users are clueless when it comes to preventing and neutralizing mobile centric malware. Example: The page for this content.)
- It takes about a year for a person to realize that a mobile device has been affected. (DarkCyber thinks that most users dispose of their mobile phone before the malware has been discovered.)
- Globally 25 million devices are infected. (DarkCyber wants to point out that there are about 4.5 billion mobile phones globally. Source: Statista. The 25 million number seems quite modest and probably wildly off the mark.)
- Google had 16 apps on its store which were malware mechanisms. (DarkCyber wants to remind its gentle readers that these are apps Google said it knew about. The real number of malware apps is not known by users and Google is not a Chatty Cathy on this subject.)
Yep, great article. Outstanding in fact.
Stephen E Arnold, January 1, 2020
Countries Want Technological Backdoors
December 11, 2019
“Think of the children” is usually a weak claim people use to justify questionable actions, but law enforcement officials across the world are protecting children the correct way by teaming together to prevent child exploitation on the Internet. Ars Technica shares the story in the article, “Think Of The Children: FBI Sought Interpol Statement Against End-To-End Crypto.” Law enforcement officials, including the US Department of Justice, want there to be backdoors in technology for warranted search and surveillance.
US Attorney General William Barr and his UK and Australian peers asked Facebook to delay its plan to use end-to-end encrypt for all its company’s messaging tools. The FBI and the Department of Justice are encouraged other international law enforcement organizations to join their plea at the International Criminal Police Organization’s 37th Meeting of the Interpol Specialists Groups Group on Crimes Against Children. Delaying end-to-end encryption would find child sexual exploitation. Interpol has not officially supported the delay plea yet.
“The draft resolution went on to lay responsibility for child exploitation upon the tech industry: ‘The current path towards default end-to-end encryption, with no provision for lawful access, does not allow for the protection of the world’s children from sexual exploitation. Technology providers must act and design their services in a way that protects user privacy, on the one hand, while providing user safety, on the other hand. Failure to allow for Lawful Access on their platforms and products, provides a safe haven to offenders utilizing these to sexually exploit children, and inhibits our global law enforcement efforts to protect children.’”
Barr and his peers want technology experts should to agree with them about backdoors. Facebook and other social media companies already comply by terms in the CLOUD Act, a law to provide law officials with data no matter in the world it is located. Barr claims that if Facebook and other companies do not comply, they are allowing children to be exploited further. Research has shown, however, that encryption has had little effect on impeding law officials.
Facebook and other companies state there is not a backdoor skeleton key to any technology and if they did design one it would put people at risk.
Law enforcement officials have the right mindset, but they are missing the essential purpose of encryption and how a backdoor could be exploited by bad actors, including those who harm children.
Whitney Grace, December 11, 2019
Swedish Ethical Hackers Raise More Funding
December 9, 2019
Have you ever heard the cyber security terms white hat and black hat? They are metaphors for types of hacking. The terms originate from old western movies, where the good cowboys wore white hats while the villains had black ones. In reference to hacking, the black hat hackers are bad actors and the white hat hackers are ethical. Ethical hackers had a big score in Sweden says Bisman Area News in the article, “Detectify Raises Additional €21M For Its Ethical Hacking Network.”
Detectify is a Swedish cybersecurity startup that developed a powerful Web site vulnerability scanner. Detectify has raised another €21 million in funding; Balderton Capital led the fundraising with investors Inventure, Insight Partners, and Paua Ventures. The startup plans to use the funding to hire more white hat hackers to accelerate the company’s growth.
Detectify was founded in 2013 by elite white hat hackers. The team’s scanner is a Web site security tool that is automated to scan Web sites and discover vulnerabilities so users can remain on top of the security. The scanner’s most unique feature is that it is powered and updated by an ethical hacker network a.k.a. crowdsourcing.
Detectify used its first funding round in a clever and innovative way:
“As we explained when the startup raised its €5 million Series A round, this sees top-ranked security researchers submit vulnerabilities that are then built into the Detectify scanner and used in customers’ security tests. The clever part is that researchers get paid every time their submitted module identifies a vulnerability on a customer’s website. In other words, incentives are kept aligned, giving Detectify a potential advantage and greater scale compared to similar website security automation tools.”
The company gained clients in the US, including Spotify, Trello, and King. Detectify plans to continue its expansion by relying on talent acquisitions and crowdsourcing.
Whitney Grace, December 9, 2019, 2019
Turkey Surveillance: No, Not the Bird Watching Context
November 20, 2019
A company that makes surveillance software and sells it assorted governments, FinFisher, is fighting back against Netzpolitik, a website working to hold such companies accountable. Bloomberg declares, “Clash Over Surveillance Software Turns Personal in Germany.” Netzpolitik and several advocacy groups filed a criminal complaint against FinFisher, alleging it had sold its spyware to Turkey without the required German federal license. Such complaints are not new, but this one named names within FinFisher as responsible parties. An investigation has been opened by Munich prosecutors.
Not only does FinFisher deny supplying Turkey with spyware, it also claims Netzpolitik is unjustly prejudicing the investigation. It issued a cease-and-desist letter demanding an article about the Turkey allegations be taken down. Though the site’s owner insists the reporting is accurate, he removed the article to avoid the legal fight and a potential injunction. Reporter Ryan Gallagher writes:
“Netzpolitik filed the complaint against FinFisher in collaboration with Reporters Without Borders Germany, the Society for Civil Rights and the European Center for Constitutional and Human Rights. It alleges that covert operators of FinFisher’s technology set up a fake Turkish-language opposition website and Twitter accounts that were used to lure government critics into clicking on a malicious link. It isn’t clear who created the website and social media profiles. FinFisher says it ‘partners exclusively with Law Enforcement and Intelligence Agencies,’ according to its website.
“People who clicked the link — sent through the fake Twitter accounts to supporters of the opposition Republican People’s Party — were prompted to download an Android application that was in fact surveillance software, which would monitor their calls, text messages, photos, and location data, according to a technical report published by the digital rights group Access Now. Source code found on the website used to target the Turkish activists was ‘practically identical’ to the source code of FinSpy, surveillance software developed by FinFisher, the complaint alleges.”
FinFisher is no stranger to scrutiny. News articles have been written, advocacy group reports have been issued, and a WikiLeaks data release has been lobbed. Just recently, Reuters linked the company’s tech to an Uzbekistan agency’s effort to spy on activists and journalists. FinFisher claims it no longer trucks with governments outside the EU unless they are an “EU-001” designated country. (That list includes the likes of Australia, Canada, Japan, New Zealand, Norway, Switzerland, and the U.S.) Though other countries may retain old versions of the technology, AccessNow’s chief technologist notes that licensing restrictions and required updates would make them difficult or impossible to use without FinFisher’s support.
Cynthia Murrell, November 20, 2019
-
- Subscribe to Beyond Search
Feature archive
News archive
-
