Apple and Its Snowden Moment
February 14, 2018
I don’t pay much attention to the antics of Apple, its employees, or its helpers. I did note this story in Boy Genius Report: “We Now Know Why an Apple Employee Decided to Leak Secret iPhone Code.” My take is that the trigger was a bit of the high school science club mentality and the confusion of what is straight and true with the odd ball ethos of clever, young tech wizards.
The cat is out of the bag. Removing content from Github does not solve the problem of digital information’s easy copy feature.
How will Apple handle its Snowden moment? Will the leaker flee to a friendly computing nation state like Google or Microsoft? Will the Apple iPhone code idealist hole up in a Motel 6 at SFO until the powers that be can debrief him and move him to a safe cubicle?
I think the episode suggests that insider threats are a challenge in today’s online environment. With the report that security service providers are suffering from false positives, the reality of protecting secrets is a bit different from the fog of assumption that some have about their next generation systems. I call it the “illusion of security.”
Reality is what one makes it, right?
Stephen E Arnold, February 14, 2018
The Future of Social Media is Old School
February 8, 2018
Before social media, the only way to express yourself online was via a mostly anonymous series of blogs and sites that were impossible to go viral because virality didn’t exist. Oddly, some bright minds are going back to this method with txt.fyi, a platform where you can post anything you want without it going to search engines. This old-fashioned message board was examined in a recent Wired article, “This Stripped-Down Blogging Tool Exemplifies Antisocial Media.”
I wanted something where people could publish their thoughts without any false game of social manipulation, one-upmanship, and favor-trading,” he says. This is what I found so interesting about his creation. Its antivirality doesn’t necessarily prevent a post from becoming wildly popular. (A txt.fyi URL shared on, say, Facebook could perhaps go viral.) But its design favors messages to someone, not everyone.
[The inventor] discovered someone using txt.fyi to write letters to a deceased relative. It was touching and weirdly human, precisely the sort of unconventional expression we used to see a lot more of online. But today we sand down those rough edges, those barbaric yawps, in the quest for social spread. Even if you don’t want to share something, Medium or Tumblr or Snapchat tries to make you. They have the will to virality baked in.
This is a neat idea and might have a longer shelf life than you’d think. That’s because we are firm believers that every good idea on the internet gets retooled for awfulness. (Reddit, anyone?) This quasi-dark web blogging approach is almost certain to be used for nefarious purposes and will become a tool for hate speech and crime.
Patrick Roland, February 8, 2018
OpenText Wants to Be the Big Dog in Cyber Security
February 4, 2018
My wife and I rescued a French bull dog. We also have a boxer, which is three times the size of the rescued canine. The rescued canine thinks he is a bull mastiff. We believe that the French bull dog has a perception problem.
Here’s a quote from “OpenText Enfuse 2018 To Showcase The Future of Cybersecurity and Digital Investigations”:
OpenText’s industry leading digital investigation, forensic security and data risk management solutions are defining the future of cybersecurity, digital investigations and e-Discovery, and serve to extend the security capabilities of OpenText’s leading information management platform.”
I noticed this statement at the bottom of the “real” news story:
Certain statements in this press release may contain words considered forward-looking statements or information under applicable securities laws.
I think our French bull dog might say something like this when he tries to impose his will on Max, our large, strong, aggressive boxer.
In the cyber marketplace, will IBM i2 roll over and play dead? Will Palantir Technologies whimper and scamper back to Philz Coffee? Will the UAE vendor DarkMatter get into the pizza business? Will the Google and In-Q-Tel funded Recorded Future decide that real estate development is where the action is?
Forward looking? Yeah, no kidding.
Stephen E Arnold, February 4, 2018
DuckDuckGo: Delivering Privacy. That Is the Claim.
January 25, 2018
I read “Protecting Your Personal Data Has Never Been This Easy.” The metasearch engine asserts that it delivers what other browsers cannot. Privacy.
I don’t feel strongly about browsers. I don’t feel much about free Web search systems either.
I circled this statement in the write up:
Today we’re taking a major step to simplify online privacy with the launch of fully revamped versions of our browser extension and mobile app, now with built-in tracker network blocking, smarter encryption, and, of course, private search – all designed to operate seamlessly together while you search and browse the web.
DuckDuckGo was one of the Surface Web services to offer a Dark Web alternative. The New York Times dabbles in the Dark Web as well.
I assume that DuckDuckGo’s browser extension will perform as advertised.
However, I would point out that operations mounted by Lebanon’s GDGS and other government authorities use a wide range of mechanisms to obtain information about certain online users.
A number of companies operating outside the US have systems and methods which perform a number of surveillance functions. Each week, I mention some of the firms and describe in simple terms a few of the methods employed by those who have the responsibility to enforce laws and protect citizens. You can view the DarkCyber videos at this link.
Several observations:
- Some of the engineers working for specialists who design, deploy, and manage systems for governments are using sophisticated systems which perform remarkable data collection tasks
- Mathematical recipes identify items of data which are “interesting” and knit these together into useful patterns. Australia’s success in shutting down a Dark Web site has become a useful case example for innovative data analysis and investigation
- Users, regardless of the security methods employed, are often the vector for revealing information. One anecdote circulated at a security event I attended. Lebanon’s surveillance activities were revealed by a mistake by the operatives.
Has DuckDuckGo delivered on its privacy promise? On the surface, one might conclude that the metasearch system has executed a slam duck. However, mashing a nerf ball through a hoop hanging on an office door is different from pulling off the stunt in the NBA finals.
Stephen E Arnold, January 25, 2018
Amazon Embraces a Sqrrl
January 24, 2018
I love names with no vowels. I read “Amazon’s Cloud Business Acquires Sqrrl, a Security Start-Up with NSA Roots.” Sqrrl is one of a number of cybersecurity vendors with interesting technology. The article sees the main point of the Amazon deal as part of the online giant’s effort to “pick up business from US intelligence agencies.”
Amazon has a “secret” region of data centers. Keep in mind that Ashburn, Virginia, may be the home to secret data centers. Some government agencies want their data housed in a secure manner.
Is there another angle to the deal?
Here in Harrod’s Creek, we asked: “Has Amazon’s AWS system been the target of individuals or groups looking to harvest data stored with what might be called casual procedures.”
Leaving data on some cloud services publicly accessible servers is a bit like leaving a hot and juicy hamburger on a picnic table on a warm summer day.
Sqrrl, without vowels of course, has some interesting technology which may have more utility than offering a dot point in response to an RFP.
Stephen E Arnold, January 24, 2018
Cyber Weapons Becoming Big Bucks
January 15, 2018
Cyberwarfare, meet capitalism. Here’s a twist we didn’t see coming. According to sources, digital weaponry and the defenses needed to fight them are now one of the hottest markets in the world. Just take a look at a recent SAT PR News story, “Cyber Weapon Market is Expected to Reach a Valuation of US $521.87 billion by the End of 2021.”
According to the story:
Governments, intelligence agencies, and other organizations have spiked their investment to identify zero-day exploits and use them against enemy networks when necessary. With an aim of capitalizing on the prevalent trend, several traditional arms manufacturing companies are expanding their businesses in the cyber security segment. This will in turn fuel the development of cyber weapons.
The market is also expected to gain from the increasing demand for security across critical infrastructure and utilities.
This should come as no surprise. Just as government contractors have cashed in on creating physical weaponry, the digital world is finally going to have its Raytheons. Look at this Fast Company story about how a company you’ve probably never heard of, Pegasus, is worth a billion dollars. Welcome to the new dot-com boom.
Watch our Dark Cyber video news program each week. The video is available at www.arnoldit.com/wordpress
Patrick Roland, January 15, 2018
Some Think the Time Has Come for Government Regulation of Social Media
December 7, 2017
In this era of fake news and data hacking, some people think it’s time for the government to step in and help. As the stakes get higher, commentators think that we can no longer police ourselves on the internet. This thought was brought up in a recent Bill Moyers piece, “The Facebook Inside Facebook.”
According to the story:
But in the US, it’s time to consider more dramatic measures. Speaking of disclosure, many social scientists outside the company would like Facebook to open up more of its data — for one reason among others, to understand how their algorithms work. There are those in the company who say they would respond reasonably if reformers and researchers got specific about what data they want to see. What specifically should they ask?
Should there be, along British lines, a centrally appointed regulatory board? Since 2003, the UK has had an Office of Communications with regulatory powers. Its board is appointed by a Cabinet minister.
This is an interesting prospect. Perhaps an FCC-style regulatory commission could help weed out all the quirks that make social media potentially dangerous. Even Mark Zuckerberg’s mentor thinks the time has come. However, all of this would require Facebook to open up their algorithms to outside eyes and, as anyone remotely interested in social media knows, those codes are the company’s bread and butter. We think it’ll be a snowy day in Death Valley before Silicon Valley welcomes oversight.
Patrick Roland, December 7, 2017
The Worlds Wealthiest People Should Fear Big Data
November 24, 2017
One of the strengths that the planets elite and wealthy have is secrecy. In most cases, average folks and media don’t know where big money is stored or how it is acquired. However, that recently changed for The Queen of England, several Trump cabinet members, and other powerful men and women. And they should be afraid of what big data and search can do with their info, as we learned in the Guardian’s piece, “Paradise Papers Leak Reveals Secrets of the World’s Elite Hidden Wealth.”
The story found a lot of fishy dealings with political donors and those in power, Queen Elizabeth having tax-free money in the Caymans and more. According to the story:
At the centre of the leak is Appleby, a law firm with outposts in Bermuda, the Cayman Islands, the British Virgin Islands, the Isle of Man, Jersey and Guernsey. In contrast to Mossack Fonseca, the discredited firm at the centre of last year’s Panama Papers investigation, Appleby prides itself on being a leading member of the “magic circle” of top-ranking offshore service providers.
Appleby says it has investigated all the allegations, and found “there is no evidence of any wrongdoing, either on the part of ourselves or our clients”, adding: “We are a law firm which advises clients on legitimate and lawful ways to conduct their business. We do not tolerate illegal behaviour.
Makes you wonder what would happen if some of the brightest minds in search and big data got ahold of this information? We suspect a lot of the financial knots this money ties to keep itself concealed would untangle. In an age of increasing transparency, we wouldn’t be shocked to see that happen.
Patrick Roland, November 24, 2017
Think Facebook Is Going to Fix Its Data Issues, Think Again
November 23, 2017
Facebook has been in hot water lately with its massive flubs with fake news. But the water is about to get scalding when you look at how fast and lose it plays with data. We learned some shocking things from a Fast Company story, “This Time, Facebook is Sharing Its Employees’ Data.”
According to the story:
Still, through a little-known arrangement, Facebook Inc. routinely shares the sensitive income and employment data of its U.S.-based employees with the Work Number database, owned by Equifax Workforce Solutions. Yes, that Equifax.
Every week, Facebook provides an electronic data feed of its employees’ hourly work and wage information to Equifax Workforce Solutions, formerly known as TALX, a St. Louis-based unit of Equifax, Inc. The Work Number database is managed separately from the Equifax credit bureau database that suffered a breach exposing the data of more than 143 million Americans, but it contains another cache of extensive personal information about Facebook’s employees, including their date of birth, social security number, job title, salary, pay raises or decreases, tenure, number of hours worked per week, wages by pay period, healthcare insurance coverage, dental care insurance coverage, and unemployment claim records.
This is pretty groundbreaking news. If the social media king can’t even keep its own employee data safe from the Equifaxes and hackers of the world, how safe are we supposed to think they keep our own data? For Facebook to earn back customer trust, it’ll have to jump through some pretty serious hoops. We’ll sit back and wait for the circus to arrive, in that case.
Patrick Roland, November 23, 2017
Fake Hitman Dark Web Site Rakes in the Bitcoin
November 16, 2017
No one can accuse these scammers of not going all in. Motherboard reports, “This Fake Hitman Site Is the Most Elaborate, Twisted Dark Web Scam Yet.” Reporter Joseph Cox describes the almost-certainly fake hitman-services website Besa Mafia. He writes:
Although many already suspected the site was a sham, Risk Based Security reported last week that supposedly hacked data shining more light on its behind-the-scenes dealings had been posted online. Included in that dump were alleged lists of ‘hitmen,’ photos of targets customers had uploaded, orders made on the site, and a large cache of messages purportedly between users and site admins.
Although the site is almost definitely a scam—and a seemingly profitable one at that—the sheer effort its creators have gone to puts Besa Mafia head and shoulders above just about anything else on the dark web.”
Yes, to protect its stream of bitcoin profit (apparently about $23,000 by the time of the data dump), the site admins literally threaten to burn the cars of those who give them negative reviews. Less dramatically, they also seem to be seeding the Dark Web with positive reviews of their own non-existent services
Another interesting point from the data dump—in a hedge, the website has been supplying information on would-be clients and contractors to law enforcement. The article reports:
In one message from the dump, the admin writes that the site not only cheats people out of their bitcoin; it also provides information to law enforcement about ordered hits. ‘This website is to scam criminals of their money. We report them for 2 reasons: to stop murder, this is moral and right; to avoid being charged with conspiracy to murder or association to murder, if we get caught,’ the admin writes.
They certainly thought this through. See the article for more details on this fake purveyor of violent services.
Cynthia Murrell, November 16, 2017
-
- Subscribe to Beyond Search
Feature archive
News archive
-
