Top Trends for Cyber Security and Analytics in 2016
December 23, 2015
With the end of the year approaching, people try to predict what will happen in the New Year. The New Year brings on a sort of fortunetelling, because if companies are able to correctly predict what will happen in 2016 then it serves for positive profit margins and a healthier customer base. The IT industry has its own share of New Year soothsayers and the Executive Biz blog shares that “Booz Allen Cites Top Cyber, Analytics Trends In 2016; Bill Stewart Comments” with possible trends in cyber security and data analytics for the coming year.
Booz Allen Hamilton says that companies will want to merge analytical programs with security programs to receive data sets that show network vulnerabilities; they have been dubbed “fusion centers.”
“ ‘As cyber risk and advanced analytics demand increasing attention from the C-suite, we are about to enter a fundamentally different period,’ said Bill Stewart, executive vice president and leader of commercial cyber business at Booz Allen. ‘The dynamics will change… Skilled leaders will factor these changing dynamics into their planning, investments and operations.’”
The will also be increased risks coming from the Dark Web and risks that are associated with connected systems, such as cloud storage. Booz Allen also hints that companies will need skilled professionals who know how to harness cyber security risks and analytics. That suggestion is not new, as it has been discussed since 2014. While the threat from the Internet and vulnerabilities within systems has increased, the need for experts in these areas as well as better programs to handle them has always been needed. Booz Allen is restating the obvious, the biggest problem is that companies are not aware of these risks and they usually lack the budget to implement preemptive measures.
Whitney Grace, December 23, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The Modern Law Firm and Data
December 16, 2015
We thought it was a problem if law enforcement officials did not know how the Internet and Dark Web worked as well as the capabilities of eDiscovery tools, but a law firm that does not know how to work with data-mining tools much less the importance of technology is losing credibility, profit, and evidence for cases. According to Information Week in “Data, Lawyers, And IT: How They’re Connected” the modern law firm needs to be aware of how eDiscovery tools, predictive coding, and data science work and see how they can benefit their cases.
It can be daunting trying to understand how new technology works, especially in a law firm. The article explains how the above tools and more work in four key segments: what role data plays before trial, how it is changing the courtroom, how new tools pave the way for unprecedented approaches to law practice, how data is improving how law firms operate.
Data in pretrial amounts to one word: evidence. People live their lives via their computers and create a digital trail without them realizing it. With a few eDiscovery tools lawyers can assemble all necessary information within hours. Data tools in the courtroom make practicing law seem like a scenario out of a fantasy or science fiction novel. Lawyers are able to immediately pull up information to use as evidence for cross-examination or to validate facts. New eDiscovery tools are also good to use, because it allows lawyers to prepare their arguments based on the judge and jury pool. More data is available on individual cases rather than just big name ones.
“The legal industry has historically been a technology laggard, but it is evolving rapidly to meet the requirements of a data-intensive world.
‘Years ago, document review was done by hand. Metadata didn’t exist. You didn’t know when a document was created, who authored it, or who changed it. eDiscovery and computers have made dealing with massive amounts of data easier,’ said Robb Helt, director of trial technology at Suann Ingle Associates.”
Legal eDiscovery is one of the main branches of big data that has skyrocketed in the past decade. While the examples discussed here are employed by respected law firms, keep in mind that eDiscovery technology is still new. Ambulance chasers and other law firms probably do not have a full IT squad on staff, so when learning about lawyers ask about their eDiscovery capabilities.
Whitney Grace, December 16, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Know Thy Hacker
December 10, 2015
Writer Alastair Paterson at SecurityWeek suggests that corporations and organizations prepare their defenses by turning a hacking technique against the hackers in, “Using an Attacker’s ‘Shadow’ to Your Advantage.” The article explains:
“A ‘digital shadow’ is a subset of a digital footprint and consists of exposed personal, technical or organizational information that is often highly confidential, sensitive or proprietary. Adversaries can exploit these digital shadows to reveal weak points in an organization and launch targeted attacks. This is not necessarily a bad thing, though. Some digital shadows can prove advantageous to your organization; the digital shadows of your attackers. The adversary also casts a shadow similar to that of private and public corporations. These ‘shadows’ can be used to better understand the threat you face. This includes attacker patterns, motives, attempted threat vectors, and activities. Armed with this enhanced understanding, organizations are better able to assess and align their security postures.”
Paterson observes that one need not delve into the Dark Web to discern these patterns, particularly when the potential attacker is a “hactivist” (though one can find information there, too, if one is so bold). Rather, hactivists often use social media to chronicle their goals and activities. Monitoring these sources can give a company clues about upcoming attacks through records like target lists, responsibility claims, and discussions on new hacking techniques. Keeping an eye on such activity can help companies build appropriate defenses.
Cynthia Murrell, December 10, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Cybercrime to Come
December 2, 2015
Apparently, we haven’t seen anything yet. An article at Phys.org, “Kaspersky Boss Warns of Emerging Cybercrime Threats,” explain that personal devices and retail databases are just the beginning for cyber criminals. Their next focus has the potential to create more widespread chaos, according to comments from security expert Eugene Kaspersky. We learn:
“Russian online security specialist Eugene Kaspersky says cyber criminals will one day go for bigger targets than PCs and mobiles, sabotaging entire transport networks, electrical grids or financial systems. The online threat is growing fast with one in 20 computers running on Microsoft Windows already compromised, the founder and chief executive of security software company Kaspersky Lab told AFP this week on the sidelines of a cybersecurity conference in Monaco.”
The article also notes that hackers are constantly working to break every security advance, and that staying safe means more than installing the latest security software. Kaspersky noted:
“It’s like everyday life. If you just stay at home and if you don’t have visitors, you are quite safe. But if you like to walk around to any district of your city, you have to be aware of their street crimes. Same for the Internet.”
Kaspersky’s company, Kaspersky Lab, prides itself on its extensive knowledge of online security. Founded in 1997 and headquartered in Moscow, the company is one of the leading security firms in the world.
Cynthia Murrell, December 2, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Do Not Go Gently into That Dark Web
November 26, 2015
The article titled Don’t Toy With The Dark Web, Harness It on Infoworld’s DarkReading delves into some of the misconceptions about the Dark Web. The first point the article makes is that a great deal of threats to security occur on the surface web on such well-known sites as Reddit and social media platforms like Instagram. Not only are these areas of the web easier to search without Tor or I2P, but they are often more relevant, particularly for certain industries and organizations. The article also points out the harm in even “poking around” the Dark Web,
“It can take considerable time, expertise and manual effort to glean useful information. More importantly, impromptu Dark Web reconnaissance can inadvertently expose an organization to greater security risks because of unknown malicious files that can infiltrate the corporate network. Additionally, several criminal forums on the Dark Web utilize a “vouching” system, similar to a private members club, that might require an investigator to commit a crime or at least stray into significantly unethical territory to gain access to the content.”
A novice could easily get into more trouble than they bargained for, especially when taking receipt of stolen goods is considered a felony. Leave the security work to professionals, and make sure the professionals you employ have checked out this Dark Web reading series.
Chelsea Kerwin, November 26, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Insight into Hacking Team
November 25, 2015
Short honk: Curious about the world of exploits available to governments and other authorized entities? You may find “Metadata Investigation: Inside Hacking Team” interesting.” Keep in mind that “metadata” means indexes, entity extraction, and other controlled and uncontrolled data content. The report from Share Lab was online on November 23, 2015, when I last checked the link. I discuss Hacking Team and several other firms in my forthcoming monograph about the Dark Web.
Stephen E Arnold, November 25, 2015
Improper Information Access: A Way to Make Some Money
November 24, 2015
I read “Zerodium Revealed Prices” (original is in Russian). the main point of the write up is that exploits or hacks are available for a price. Some of these are attacks which may not be documented by the white hat folks who monitor the exploit and malware suburbs connected to the information highway.
The paragraph I noted explained what Zerodium will pay for a fresh, juicy exploit.
Here’s the explanation. Please, recognize that Russian, unlike one of my relative’s language skills, is not my go to language:
For a remote control access exploit which intercepts the victim’s computer through Safari or Microsoft’s browser company is willing to pay $ 50 000. A more sophisticated “entry point” is considered Chrome: for the attack through Zerodium pays $ 80,000. Zerodium will pay $5,000 for a vulnerability in WordPress, Joomla and Drupal. Breaking the TorBrowser can earn the programmer about $30.000… A remote exploit bypassing the protection Android or Windows Phone, will bring its author a $100,000. A working exploit of iOS will earn the developer $500,000.
Zerodium explains itself this way:
Zerodium is a privately held and venture backed startup, founded by cybersecurity veterans with unparalleled experience in advanced vulnerability research and exploitation. We’ve created
Zerodium to build a global community of talented and independent security researchers working together to provide the most up-to-date source of cybersecurity research and capabilities.
The company’s logo is nifty too:
The purple OD emphasizes the zero day angle. Are exploits search and information access? Yep, they can be. Not advocating, just stating a fact.
Stephen E Arnold, November 24, 2015
Sell Your Soul for a next to Nothing on the Dark Web
October 13, 2015
The article on ZDNet titled The Price of Your Identity in the Dark Web? No More Than a Dollar provides the startlingly cheap value of stolen data on the Dark Web. We have gotten used to hearing about data breaches at companies that we know and use (ahem, Ashley Madison), but what happens next? The article explains,
“Burrowing into the Dark Web — a small area of the Deep Web which is not accessible unless via the Tor Onion network — stolen data for sale is easy to find. Accounts belonging to US mobile operators can be purchased for as little as $14 each, while compromised eBay, PayPal, Facebook, Netflix, Amazon and Uber accounts are also for sale. PayPal and eBay accounts which have a few months or years of transaction history can be sold for up to $300 each.”
According to the Privacy Rights Clearinghouse the most common industries affected by data breaches are healthcare, government, retail, and education sectors. But it also stresses that a high number of data breaches are not caused by hackers or malicious persons at all. Instead, unintended disclosure is often the culprit. Dishearteningly, there is really no way to escape being a target besides living out some Ron Swanson off the grid fantasy scenario. Every organization that collects personal information is a potential breach target. It is up to the organizations to protect the information, and while many are making that a top priority, most have a long way to go.
Chelsea Kerwin, October 13, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Redundant Dark Data
September 21, 2015
Have you heard the one about how dark data hides within an organization’s servers and holds potential business insights? Wait, you did not? Then where have you been for the past three years? Datameer posted an SEO heavy post on its blog called, “Shine Light On Dark Data.” The post features the same redundant song and dance about how dark data retained on server has valuable customer trend and business patterns that can put them bring them out ahead of the competition.
One new fact is presented: IDC reports that 90% of digital data is dark. That is a very interesting fact and spurs information specialists to action to get a big data plan in place, but then we are fed this tired explanation:
“This dark data may come in the form of machine or sensor logs that when analyzed help predict vacated real estate or customer time zones that may help businesses pinpoint when customers in a specific region prefer to engage with brands. While the value of these insights are very significant, setting foot into the world of dark data that is unstructured, untagged and untapped is daunting for both IT and business users.”
The post ends on some less than thorough advice to create an implementation plan. There are other guides on the Internet that better prepare a person to create a big data action guide. The post’s only purpose is to serve as a search engine bumper for Datameer. While Datameer is one of the leading big data software providers, one would think they wouldn’t post a “dark data definition” post this late in the game.
Whitney Grace, September 21, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Content Matching Helps Police Bust Dark Web Sex Trafficking Ring
September 4, 2015
The Dark Web is not only used to buy and sell illegal drugs, but it is also used to perpetuate sex trafficking, especially of children. The work of law enforcement agencies working to prevent the abuse of sex trafficking victims is detailed in a report by the Australia Broadcasting Corporation called “Secret ‘Dark Net’ Operation Saves Scores Of Children From Abuse; Ringleader Shannon McCoole Behind Bars After Police Take Over Child Porn Site.” For ten months, Argos, the Queensland, police anti-pedophile taskforce tracked usage on an Internet bulletin board with 45,000 members that viewed and uploaded child pornography.
The Dark Web is notorious for encrypting user information and that is one of the main draws, because users can conduct business or other illegal activities, such as view child pornography, without fear of retribution. Even the Dark Web, however, leaves a digital trail and Argos was able to track down the Web site’s administrator. It turned out the administrator was an Australian childcare worker who had been sentenced to 35 years in jail for sexually abusing seven children in his care and sharing child pornography.
Argos was able to catch the perpetrator by noticing patterns in his language usage in posts he made to the bulletin board (he used the greeting “hiya”). Using advanced search techniques, the police sifted through results and narrowed them down to a Facebook page and a photograph. From the Facebook page, they got the administrator’s name and made an arrest.
After arresting the ringleader, Argos took over the community and started to track down the rest of the users.
” ‘Phase two was to take over the network, assume control of the network, try to identify as many of the key administrators as we could and remove them,’ Detective Inspector Jon Rouse said. ‘Ultimately, you had a child sex offender network that was being administered by police.’ ”
When they took over the network, the police were required to work in real-time to interact with the users and gather information to make arrests.
Even though the Queensland police were able to end one Dark Web child pornography ring and save many children from abuse, there are still many Dark Web sites centered on child sex trafficking.
Whitney Grace, September 4, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
