Cyber Security Marketing: About to Get Much Noisier in 2020
March 4, 2020
“Businesses at Risk for Cyber attack but Take Few Precautions” states:
Although businesses are increasingly at risk for cyber attacks on their mobile devices, many aren’t taking steps to protect smartphones and tablets.
Let’s assume this statement is accurate and based on verifiable data.
Given this assumption, what will 2020 mean for the hundreds of vendors selling cyber “early warning” intelligence, smart cyber moats, and tools to prevent phishing emails from snapping confidential information?
The answer is, “More marketing.”
Another possible answer is, “More insight into how some organizations respond to threats like ransomware and loss of data.
Interesting disconnect which does not seem to slow venture firms’ appetites for smart cyber intelligence firms.
If the risk is high, why not take action? Perhaps priorities, cost, and complexity have an impact?
Stephen E Arnold, March 4, 2020
Clever Teens and a Less Than Clever Instagram
March 1, 2020
Teenagers are young, inexperienced, and do anything for a laugh. Most of their time their antics result in trouble with horrible consequences, but this time the victim is Instagram. Instagram is one of the most popular social media platforms for teenagers and, being a generation who never knew a world without the Internet, they figured out how to hack aka mess with the algorithm. CNET has the story about, “Teens Have Figured Out How To Mess With Instagram’s Tracking Algorithm.”
Teenagers may post their entire lives on social media, but some of them are concerned about social media platforms such as Instagram tracking their data. They especially do not like Instagram tracking them, so they formed a plan. Using groups of trusted friends with access to multiple accounts, teenagers are fooling Instagram. Here is how:
“First, make multiple accounts. You might have an Instagram account dedicated to you and friends, or another just for your hobby. Give access to one of these low-risk accounts to someone you trust.
Then request a password reset, and send the link to that trusted friend who’ll log on from a different device. Password resets don’t end Instagram sessions, so both you and the second person will be able to access the same account at the same time.
Finally, by having someone else post the photo, Instagram grabs metadata from a new, fresh device. Repeat this process with a network of, say, 20 users in 20 different locations with 20 different devices? Now you’re giving Instagram quite the confusing cocktail of data.”
The hilarious part is that while it is not against Instagram’s policies, the parent company Facebook advises against it because of security risks. While it is laughable that Facebook is worried about privacy, when that company and other collect user data to tailor Internet experiences with personalized ads. However, if one person on the Instagram account posted something malicious, the entire group is accountable.
In order to have access to one of these “hacking” accounts, users must follow strict rules. They must only post content that the original users approve, do not accept follow requests or follow others, and any violations results in dismissal from access.
Clever teens. Less clever Instagram and, by extension, the fun folks at Facebook.
Whitney Grace, March 1, 2020
Hacked Personal Info: Seems Cheap
February 27, 2020
This comes as no surprise to us, but apparently it is news to some. The SmartDataCollective announces, “Terrifying Big Data Report Shows Anyone Can Get Your Info for $2.” Writer Matt James points to the recent case of WeLeakInfo as an illustration of how little it can cost to buy sensitive personal information online. He writes:
“The eerie fact that WeLeakInfo was selling access to private data for as little as $2 should leave everyone worried – could anyone with some loose change really have your password, social security number, home IP address or email? Yes, if you were a victim of any recent data leak or cyber attack. According to a source in the US Department of Justice, data sold through the site originated from leaks and cyber attacks affecting large online service providers like WeWork, Regus, and many more. Online travel agents and websites that store user information – particularly data about user credentials, payment details, and personal information – were the primary targets of attackers. The 12 billion items collected on the site was not an exaggeration. It seems that a common bot can scrape a huge volume of personal data in just a few hours. Coupled with more modern attack methods such as botnets and smart scrapers, the amount of data that a coordinated attack can collect is staggering. More importantly, there is no data not valuable enough to sell.”
Yes, we’re reminded, it is not just the obvious data like credit card info, addresses, and social security numbers we should be concerned about. Login information, for example, can be used to facilitate cyber-attacks. James runs through the measures one can take to keep data as secure as possible: limit what you share and review privacy policies when you do; use a VPN or proxy server; check in with sites like Have I Been Pwned now and then; and change your (strong) passwords every six months. A good password manager can securely generate and keep track of strong passwords.
Cynthia Murrell, February 27, 2020
DarkCyber for February 25, 2020, Now Available
February 25, 2020
This week’s DarkCyber video news program features an interview with Dr. Rado Kotorov, the chief executive officer of Trendalyze. The company provides time series analytics on steroids.
Most professionals are aware that some Wall Street traders analyze time series data for stocks. In the last decade, the business of buying and selling stocks has evolved. Today there are more data available and the importance
of obtaining certain data in near real time has sky rocketed. Plugging numbers into Excel is useful; however, more sophisticated analytic systems are required to deal with financial data.
The shift from a hard working broker making trades before heading to the Kiwanis club has ended. The focus is now on high frequency trading and using advanced analytics, pattern analysis, machine learning, deep learning, AI, and a suite of tools designed to exploit price fluctuations in nano seconds.
In this interview, Dr. Kotorov explains that the methods of Wall Street high frequency traders have now moved into other business sectors. Examples range from health care to companies like Amazon, Tesla, and Walmart. Time series analyses provide high-value results for policeware and government systems.
Dr. Kotorov reviews a theory of intelligence which relies on time series analysis of real time flows of large volumes of data. Specifically, the approach enables more refinement in certain machine learning applications as well as adding precision to some artificial intelligence approaches.
Dr. Kotorov, who holds a law degree and a Ph.D. in philosophy, heads one of the fastest growing analytics firms in the world.
For more information about Trendalyze, navigate to the url presented in the interview.
DarkCyber is a video news program produced by Stephen E Arnold, publisher of DarkCyber blog. The blog and the twice-a-month video news program are provided without advertising or sponsored content.
Kenny Toth, February 25, 2020
Smart Intelligence Analysis Software: What Operators Need Versus What Operators Get
February 24, 2020
DarkCyber noted “The ABCs of AI Enabled Intelligence Analysis.” The major problem with today’s intelware solutions is stated clearly:
The inability to adjust analysis tools to the operational environment is a prodigious problem.
Vendors want operators (licensees) to adapt to their environment. The idea is that the vendor’s environment is the only way to get the most out of an intelware system. What if the customer does not like this approach? Yeah.
Now the marketers, developers, and field engineers will insist that this statement is incorrect.
Here’s a passage from the write up which explains the operator’s point of view:
There are two key concepts to any data-centric system: First, analysis tools and applications should change with the data, and second, data should be easily accessible. Analysts must be able to configure the tools and algorithms of the systems to meet the realities of the battlefield, and data access should be as seamless as possible.
So what’s wrong? Here’s the explanation:
Within a data-centric context, the use of machine learning algorithms has led to breakthroughs in nearly every analysis endeavor, from fraud detection to image identification. To take advantage of these advances, intelligence analysts need systems that allow them to use computational tools and to constantly adjust, or retrain, their algorithms to a changing battlefield. Unfortunately, nearly all analysis software products in use today — including advanced systems like Palantir or Analyst Notebook — are closed systems that do not allow analysts to code custom algorithms, use the latest machine-learning algorithms, use the latest research in “explainable AI,” or even allow analysts to provide feedback to the software’s algorithms.
DarkCyber recommends taking a look at this write up.
Several observations:
- Marketers, vendors, and field engineers are busy with their own agendas. As a result, paying customers are usually ignored. Their requests are not on the road map, too difficult to make, or of no interest.
- Existing intelware solutions are purpose built to require training, support, and tradition. In one demo, the marketer could not understand that his actions were obscured by the control panel of the video conferencing system used to show off features. The person did not listen; the eager beaver was on auto pilot.
- Legacy systems like Analyst Notebook are often rarely used. The license is simply paid because, as one top dog law enforcement professional told me, “We don’t want to be without it. But no one has been to training recently. It is just here.”
These three problems are not part of the “AI baloney party.” I think these dot points underscore how deep the disconnect and how severe a problem today’s intelware helps foster.
For those who want to point out that certain tools developed in other countries are “better, faster, and cheaper.” Based on DarkCyber’s exposure to these systems, the newest tools are repeating the errors of the past 20 years.
A goldfish knows only water. The real world is different. But intelware fish don’t die. They force the customer to learn how to exist within their watery world.
Stephen E Arnold, February 24, 2020
UK Authorities: A Stiff Upper Lip
February 18, 2020
They were not going to tell anyone what had happened. A confidential report reveals the United Nations fell victim to a massive data breach last year, we learn from The New Humanitarian’s report, “Exclusive: The Cyber Attack the UN Tried to Keep Under Wraps.” Why the organization felt justified keeping this information secret even from those it affected is a mystery, but the cover up does emphasize the power of diplomatic immunity. TNH senior editor Ben Parker describes what his team learned about the extent of the damage:
“Although it is unclear what documents and data the hackers obtained in the 2019 incident, the report seen by TNH implies that internal documents, databases, emails, commercial information, and personal data may have been available to the intruders – sensitive data that could have far-reaching repercussions for staff, individuals, and organizations communicating with and doing business with the UN. The compromised servers included 33 in the UN Office at Geneva, three at OHCHR in Geneva, and at least four in the Vienna office. According to the report, the breach also grabbed ‘active directories’, with each likely to list hundreds of users as well as human resources and health insurance systems, other databases, and network resources. The three affected offices have in total about 4,000 staff. The report, prepared by the UN Office at Geneva in the midst of containment efforts, suggests the cyber attack most seriously affected their office, which houses 1,600 staff working in a range of political and development units, including Syria peace talks, the humanitarian coordination office (OCHA), and the Economic Commission for Europe.”
The scope of the UN’s operations makes such a breach particularly troubling, but it is not entirely unexpected. An audit in 2012 identified an “unacceptable level of risk” in the organization’s cybersecurity. Despite taking measures to address the concerns, a 2018 review found its security-assessment project to be severely lacking.
News of the breach is sure to concern anyone in sensitive regions working with the United Nations, particularly on human rights issues. In many countries, those who share information with the UN’s human rights office can be subject to surveillance, imprisonment, and even torture. Though it is not known who was behind the attack, it is said to look like the work of a “sophisticated threat actor”—a good description of nation states’ hacking programs. Failing to prevent the breach is bad enough. Refusing to notify everyone who might have been affected, notes Parker, is a dangerous breach of trust.
Cynthia Murrell, February 18, 2020
New Security System: Science Fact or Science Fiction?
February 15, 2020
It is an understatement that digital security is a growing concern, but that could change with a new invention. The Eurasia Review discussed the latest in the security field in the article, “New Security System To Revolutionize Communications Privacy.” An international research team of scientists from the University of St. Andrews, King Abdullah University of Science and Technology, and Center for Unconventional Processes of Sciences created an unshakable security system and is described as will “revolutionize communications privacy.”
How does the revolutionary system work?
“The international team of scientists have created optical chips that enable information to be sent from user to user using a one-time un-hackable communication that achieves ‘perfect secrecy’ allowing confidential data to be protected more securely than ever before on public classical communication channels. Their proposed system uses silicon chips that contain complex structures that are irreversibly changed, to send information in a one-time key that can never be recreated nor intercepted by an attacker.”
The optical chips offer perfect secrecy on a global scale and the costs are estimated to be feasible. Current cryptographic techniques are fast and easy to share, but advanced computers with quantum algorithms can crack them. The new encryption systems is supposedly unbreakable, uses existing communication networks, and takes up a lot less space.
Theoretically the system is perfect, because the chip generates keys that unlock each message. The keys are never stored, communicated, nor ever be created. It adds an extra security level that the regular cryptographic technology does not have.
The new security system inventors or academics, not from big technology companies, and they work at organizations in the United Kingdom, Saudi Arabia, and the United States. They are not for-profit organizations, but the scientists are searching for commercial applications for the security system.
Whitney Grace, February 15, 2020
DarkCyber for February 11, 2020, Now Available
February 11, 2020
This week’s program includes three stories. The first describes an open source repository of intelligence-centric and investigative information. The listing of programs and resources is available on Github. The second story explains why facial recognition is of interest to law enforcement agencies. Vendors provide free trials to their systems. The goal is for the vendor to make a sale. The law enforcement agency has an opportunity to learn and test the systems. Because facial recognition is in its infancy, DarkCyber believes that use of advanced systems will increase. The final story provides information about the CIA’s online information service. A free book about the craft of intelligence is reviewed. You can view the video at either of these locations:
The video runs about 10 minutes.
Kenny Toth, February 11, 2020
LexisNexis: Expanding Its Cyber and Policeware Capabilities
February 10, 2020
LexisNexis, once holder of an exclusive with the New York Times, has been working to retain its government and commercial customer revenue. The cyber online business is booming, but legal information remains a difficult business. Lose a Top 50 US law firm as a client, and the canny marketers have to convert a couple of hundred smaller outfits. Why’s this sector difficult? Free or lower-cost legal content and Reed Elsevier’s principal competitor Thomson Reuters.
LexisNexis has not been standing still, but it has been chugging along in the cyber security sector and policeware markets for many years. Oh, you didn’t know? Well, LexisNexis marketing is on a par with Google’s ad group. That’s the creative team which delivered an ageing parent downer to a Super Bowl audience.
LexisNexis announce on February 2, 2020:
[Its] Risk Solutions, part of RELX, today announced it has entered into an agreement to acquire Emailage®, a global provider of fraud prevention and risk management solutions. Emailage will become a part of the Business Services group of LexisNexis Risk Solutions. Founded in 2012 and based in the Phoenix metro area with offices across the globe, Emailage helps organizations reduce online fraud by building multi-dimensional profiles associated with customer email addresses to render predictive risk scores.
DarkCyber interprets this a helping entities deal with phishing. The reference to predictive analytics is in line with other companies offering alert services.
We noted this statement from the new LexisNexis human resource:
Rei Carvalho, CEO of Emailage, said, “LexisNexis Risk Solutions is laser-focused on providing its customers a 360 degree view into an identity, which aligns with our mission to help customers who seek fast, low-friction, global digital identity fraud solutions to combat fraud without sacrificing consumer experience. We are thrilled to be recognized as a pioneer in email intelligence-based fraud risk scoring solutions and look forward to aligning our solutions to help organizations fight fraud on a more comprehensive level.”
The “360” references a customer’s ability to see “around” an issue, not from the point of view of other “360” cyber security vendors. LexisNexis has a large collection of content upon which to draw. Cyber security services could be a larger, more sustainable market than the pursuit of search licenses from law firms. There are many lawyers, but not many spend for online as they did in the good old days. Today’s clients often cap research fees. Fear and must have defense are more potent tools in the security sector than the glories of online search when an “answer” may not be found.
For information about this cluster of services, navigate to www.relx.com.
Stephen E Arnold, February 10. 2020
Tor Deanonymization
February 4, 2020
DarkCyber noted “Deanonymizing Tor Circuits.” The write up may be useful to some wrestling with bot attacks using the Tor “network.” The comments to the post on Hacker News contain some useful information as well. These comments are at this link.
Several of the observations characterize the tone and content of the comment set:
- [On anonymity] “Tor is the only viable alternative and we know it can be at least seriously compromised by the bigger nations.”
- [On guard control] “There’s a second attack. The attacker can run one or more hostile guard nodes. If he can knock me off enough guards, my tor daemon will eventually choose one of his guards. Then he can identify my actual network address and directly attack my server.”
- [The problem] “Censorship is a political problem, technical solutions provide a temporary hot fix, but the political problem has to be solved at one point.”
- [Example of a block] “Operators of Internet sites have the ability to prevent traffic from Tor exit nodes or to offer reduced functionality for Tor users. … The BBC blocks the IP addresses of all known Tor guards and exit nodes from its iPlayer service, although relays and bridges are not blocked.”
Some HackerNews items can be difficult to locate via the site’s search utility. As a result, collecting Tor related information can be challenging.
Stephen E Arnold, February 4, 2020