Shutting Down a C Suite Person to Cyber Security

January 7, 2020

DarkCyber spotted an interesting approach to marketing. The write up “Implications for CEOs Who Miss Security Targets” offers words of wisdom from a consultancy doing business as Thycotic. With what does this name rhyme? Note: This is a question, you gentle reader, can answer. DarkCyber thinks stenotic perhaps. The word, as you may know, means narrowing.

With the poetry out of the way, what are the issues related to a “security target”?

One of the main reasons behind this is that there is a disconnect between the C-suite and the IT security team. A lack of effective communication between the two can often result in security targets that are based on KPIs that have little relation to business objectives.

Yes, we have a failure to communicate.

Image result for paul newman failure to communicate

And there is evidence, proof from a sample of 550 “IT decision makers”:

a Thycotic survey of 550 IT decision makers shows that a quarter (26 percent) report that IT security is not prioritized or invested in by their boards as strategically important. Further, more than half (52 percent) of IT security decision makers say their organizations struggle to align business goals and security initiatives. Four out of 10 (43 percent) say their business’s goals are not communicated with them and a third (36 percent) admit that they aren’t clear on what the business goals even are.

DarkCyber can add the following downsides:

  1. The IT person will be given an opportunity to [a] testify and [b] find his/her future elsewhere
  2. New cyber security vendors will be hired, adding to the confusion and complexity for sitting ducks to fend off guerilla hunters working alone, in squads, or for an industrialize criminal organization
  3. Employees will be reminded to change their passwords, zip their lips, and avoid clicking on emails which usually look pretty darned authentic.

DarkCyber’s view is that change, particularly with regard to cyber security, comes slowly for many organizations.

PS. The C suite may be given an overhaul.

Stephen E Arnold, January 7, 2020

Mobile Security: Bad News, Consumer

January 1, 2020

An online information service called Hindu Business Line has become a source for amusing digital information. Consider the factoids included in “Most People Are Not Aware of Malware on Their Mobile’.” A word of caution, the Web page may redirect some users to a malicious site, which makes the information just so much more special.

Here are some of the factoids:

  • 23 percent of organizations in Indian run a risk of malware attacks. (DarkCyber thinks that the risk is much higher because malware is a growth business and most users are clueless when it comes to preventing and neutralizing mobile centric malware. Example: The page for this content.)
  • It takes about a year for a person to realize that a mobile device has been affected. (DarkCyber thinks that most users dispose of their mobile phone before the malware has been discovered.)
  • Globally 25 million devices are infected. (DarkCyber wants to point out that there are about 4.5 billion mobile phones globally. Source: Statista. The 25 million number seems quite modest and probably wildly off the mark.)
  • Google had 16 apps on its store which were malware mechanisms. (DarkCyber wants to remind its gentle readers that these are apps Google said it knew about. The real number of malware apps is not known by users and Google is not a Chatty Cathy on this subject.)

Yep, great article. Outstanding in fact.

Stephen E Arnold, January 1, 2020

A Reminder about Malware

December 25, 2019

Digital information systems are faster, more reliable, take up less space, and offer greater insights than paper systems. The one great thing about paper systems, however, is they are immune to malware infestations. Chiapas Parlelo delves into how cyber criminals are using malware to extort money from businesses in the article, “Cyber Criminals: Network Harassment And Extortion Of Large Companies Through Malware.”

A growing cyber crime is uploading malware into a company’s network, then hackers usurp control of the network and hold it for ransom. If the company refuses to pay the ransom, the hackers threaten to destroy or post the information, often it is sensitive and private. Malware is one of the biggest types of cyber crime in Mexico, but it is one among many that includes financial, child pornography, and sexually explicit photos (usually with women). Other crimes are smaller in nature, such as the removal of a few pesos from an account or credit car scams. Cyber crimes cost Mexico three billion dollars in 2016.

The amount of cyber crimes continue to rise, but the best way to not be a victim is to take preventative measures:

“One of the main approaches to cyber criminology is prevention…the importance of basic care measures to avoid being the victim of an attack. He also mentioned that, beyond taking care of the privacy settings of what is shared, special attention should be paid to the content.”

People need cybercrime literacy. It is similar to teaching children not to speak with strangers or follow a person down a dark alley. Educate yourself and it will knock a large portion of the attacks.

Whitney Grace, December 25, 2019

DarkCyber for December 17, 2019, Now Available

December 17, 2019

Robert David Steele, a former CIA professional, learned about Stephen E Arnold’s blockchain research. Steele interviewed Stephen. This week’s DarkCyber is an extract of the original interview. You can access the video on Vimeo.

Kenny Toth, December 17, 2019

Swedish Ethical Hackers Raise More Funding

December 9, 2019

Have you ever heard the cyber security terms white hat and black hat? They are metaphors for types of hacking. The terms originate from old western movies, where the good cowboys wore white hats while the villains had black ones. In reference to hacking, the black hat hackers are bad actors and the white hat hackers are ethical. Ethical hackers had a big score in Sweden says Bisman Area News in the article, “Detectify Raises Additional €21M For Its Ethical Hacking Network.”

Detectify is a Swedish cybersecurity startup that developed a powerful Web site vulnerability scanner. Detectify has raised another €21 million in funding; Balderton Capital led the fundraising with investors Inventure, Insight Partners, and Paua Ventures. The startup plans to use the funding to hire more white hat hackers to accelerate the company’s growth.

Detectify was founded in 2013 by elite white hat hackers. The team’s scanner is a Web site security tool that is automated to scan Web sites and discover vulnerabilities so users can remain on top of the security. The scanner’s most unique feature is that it is powered and updated by an ethical hacker network a.k.a. crowdsourcing.

Detectify used its first funding round in a clever and innovative way:

“As we explained when the startup raised its €5 million Series A round, this sees top-ranked security researchers submit vulnerabilities that are then built into the Detectify scanner and used in customers’ security tests. The clever part is that researchers get paid every time their submitted module identifies a vulnerability on a customer’s website. In other words, incentives are kept aligned, giving Detectify a potential advantage and greater scale compared to similar website security automation tools.”

The company gained clients in the US, including Spotify, Trello, and King. Detectify plans to continue its expansion by relying on talent acquisitions and crowdsourcing.

Whitney Grace, December 9, 2019, 2019

DarkCyber for December 3, 2019, Now Available

December 3, 2019

DarkCyber for December 3, 2019, is now available at on Vimeo, YouTube, and on the DarkCyber blog.

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s program features an interview with Trent Livingston, founder and chief executive officer of ESI Analyst. Livingston highlights the principal features of ESI Analyst. The cloud-centric software generated positive discussion at a recent law enforcement and digital security conference.

In the 10 minute interview, Livingston explains what makes ESI Analyst different from other investigative and eDiscovery systems. He said, “The system’s principal differentiators are its ease of use and affordability.” Livingston explained that licenses pay for blocks of data processed for an investigation or a legal discovery process. There are no per-user fees or annual fees. Cost savings range from 30 to 70 percent in typical use cases.

Other features of ESI Analyst include one-click analytics, options to display data on a map, and link analysis. Plus the system does not require classroom instruction. He noted, “Some users are up and running in as little as 30 minutes.”

In the next release of the software, Livingston’s team will be adding connectors and new report formats. Users will be able to output chat streams and maps in a form suitable for use in a legal matter. Livingston also revealed support for Amazon Web Services and Elasticsearch to add additional information access flexibility to ESI Analyst.

Stephen E Arnold, author of CyberOSINT: Next Generation Information Access, said, “ESI Analyst advances beyond the challenging interfaces and rigid pricing models for IBM Analysts Notebook- and Palantir Technologies Gotham-type systems. More predictable pricing and eliminating tedious classroom instruction reduces costs and improves efficiency. ESI Analyst makes clear the value of innovation for policeware.”

DarkCyber is a weekly production of Stephen E Arnold. The currency series of videos ends with the August 27, 2019, program. The new series of DarkCyber videos begins on November 5, 2019. The new series will focus on policeware with an emphasis on Amazon’s products and services for law enforcement, intelligence professionals, and regulatory authorities in the US, Canada, Australia, New Zealand, and the United Kingdom.

DarkCyber programs are published twice each month without a charge, advertising, or commercial endorsements.

Stephen E Arnold will be speaking on December 11, 2019, at the Mayflower Hotel in Washington, DC. The event is sponsored by DG Vision. Media interested in speaking with Stephen can write darkcyber333 at yandex dot com to arrange a time to discuss the Dark Web and its impact on corporate governance.

Kenny Toth, December 3, 2019

China: Marketing Blockchain

December 2, 2019

For two decades, China has been referred to as a sleeping dragon due to its growing economic prominence. China has yet to overtake the United States as the world’s top economic power and there are many reasons for this. One reason is China’s authoritarian government and another is the country’s substandard business practices. Lying is an international business tool, but one is more likely to be held accountable in the US than China. The International Business Times shares one of China’s newest tall tales, “China’s Blockchain Tech Adoption Inflated? New Expose Reveals Truth Behind Tall Claims.”

As part of China’s desired economic dominance, President Xi Jinping wants his country to be a leader in computer technology, such as blockchains. Xi wants blockchain technology adopted into commercial, economic, and industrial practices, but most Chinese companies that claim to offer blockchain do not.

“According to the Global Times, which is a Chinese state-run media house, numerous companies in China seem to find it simpler to claim that they are utilizing blockchain technology than to truly practice its application. Various Chinese firms across a variety of industries reportedly state that they are employing the use of blockchain tech in some form or another, but lack real evidence to prove that they are doing so. Global Times in their expose report that out of over 3,000 registered businesses, about 500 firms claim to be incorporating blockchain tech in their day-to-day operations, but only about 40 of these companies have been able to demonstrate that they are actively doing so.”

One of China’s problems is that when the government makes demands, the people are forced to adapt or else. Companies say they are harnessing blockchain technology to appease Xi and other leaders, but also to appeal to clients due to its buzzword power. Another problem in China is the amount of “get rick quick” scams. All Chinese industries are loaded with them and due to the country’s lack of checks and balances, they are a lot easier to run. The National Emergency Center of China states there are 755 tokens in the Chinese crypto currency market (crypto currencies use blockchain to operate) and 102 are believed to be Ponzi schemes, while most of the crypto currencies do not have funding.

China’s government, corrupted businesses, and other factors are keeping the sleeping dragon in a long doze.

Whitney Grace, December 2, 2019

DarkCyber for November 19, 2019, Now Available

November 19, 2019

The November 19, 2019, DarkCyber discussed Amazon’s patent US 10,296,764 B1 “Verifiable Cryptographically Secured Ledgers for Human Resource Systems.” Stephen tries his best to make this patent discussion thrilling. Well, perhaps “thrilling” may be stretching the discussion of the system and method disclosed in this 24 page disclosure. But there are some graphics and a number of statements which are probably too simple to satisfy a patent attorney. Nevertheless, if you are curious about Amazon and its invention for human resources, navigate to www.vimeo.com/373810982 and check out the program. This week’s program marks the start of “season two” of DarkCyber. More patents, an interview, and news stories will feature in the coming weeks. After celebrating three quarters of a century of semi-coherent thinking, DarkCyber will appear every two weeks. The interfaces implemented in the software Stephen uses slows him down. The team just tells him, “Okay, Boomer, work harder.” His response cannot be printed in this prestigious blog.

PS. In August, Stephen was quoted by the New York Times, in October by MIT’s Technology Review (yep, the Epstein friendly organization), and this month by Le Monde (that’s in Paris and in French no less). The subjects? Intelligence, Amazon, and the lack of awareness among certain residents of Harrod’s Creek to Stephen’s research. Hey, he lives in Kentucky which holds a proud place in the lower quartile of literacy in the US.

Kenny Toth, November 19, 2019

Remounting the Pegasus Named NSO

November 15, 2019

Those who care about security will want to check out the article, “Pegasus Spyware: All You Need to Know” from the Deccan Herald. Approximately 1,400 smartphones belonging to activists, lawyers, and journalists across four continents suffered cyber attacks that exploited a WhatsApp vulnerability, according to a statement from that company. They say the attacks used the Pegasus software made by (in)famous spyware maker NSO Group. Though the Israeli spyware firm insists only licensed government intelligence and law enforcement agencies use their products, WhatsApp remains unconvinced; the messaging platform is now suing NSO over this.

The article gives a little history on Pegasus and the investigation Citizen Lab and Lookout Security undertook in 2016. We learn the spyware takes two approaches to hacking into a device. The first relies on a familiar technique: phishing. The second, and much scarier, was not a practical threat until now. Writer David Binod Shrestha reports:

“The zero-click vector is far more insidious as it does not require the target user to click or open a link. Until the WhatsApp case, no example of this was seen in real-world usage. Zero-click vectors generally function via push messages that automatically load links within the SMS. Since a lot of recent phones can disable or block push messages, a workaround has evidently been developed. WhatsApp, in its official statement, revealed that a vulnerability in their voice call function was exploited, which allowed for ‘remote code execution via specially crafted series of packets sent to a target phone number.’ Basically, the phones were infected via an incoming call, which even when ignored, would install Pegasus on the device. The data packets containing the spyware code were carried via the internet connection and a small backdoor for its installation was immediately opened when the phone rang. The call would then be deleted from the log, removing any visible trace of infection. The only way you will know if your phone has been infected in the recent attacks is once WhatsApp notifies you via a message on the platform.”

Pegasus itself targets iPhones, but Android users are not immune; a version Google has called Chrysaor focuses on Android. Both versions immediately compromise nearly all the phone’s data (like personal data and passwords) and give hackers access to the mike and camera, live GPS location, keystroke logging, and phone calls. According to the Financial Times, the latest version of Pegasus can also access cloud-based accounts and bypass two-factor authentication. Perhaps most unnerving is the fact that all this activity is undetectable by the user. See the article for details on the spyware’s self-destruct mechanism.

Shrestha shares a list of suggestions for avoiding a Pegasus attack. They are oft-prescribed precautions, but they bear repeating:

“*Never open links or download or open files sent from an unknown source

*Switch off push SMS messages in your device settings

*If you own an iPhone, do not jailbreak it yourself to get around restrictions

*Always install software updates and patches on time

*Turn off Wi-Fi, Bluetooth and locations services when not in use

*Encrypt any sensitive data located on your phone

*Periodically back up your files to a physical storage

*Do not blindly approve app permission requests”

For those who do fall victim to Pegasus, Citizen Lab suggests these remedies—they should delink their cloud accounts, replace their device altogether, change all their passwords, and take security more seriously on the new device. Ouch! Best avoid the attacks altogether.

Cynthia Murrell, November 15, 2019

Russia and Iran: Beards (in the Medieval Sense) Are Back

November 6, 2019

Here is a terrific example of how Russian cyber attackers skillfully sow confusion. The Financial Times reveals, “Russian Cyber attack Unit ‘Masqueraded’ as Iranian Hackers, UK Says.” A joint investigation by the UK’s National Cyber Security Centre and the US’s National Security Agency reveals the espionage group first hacked an Iranian hacking group, then attacked over 35 other countries posing as that group. The Russian group, known as Turla, has been linked to Russian intelligence. Reporters Helen Warrell and Henry Foy write:

“The Iranian group is most likely unaware that its hacking methods have been hacked and deployed by another cyber espionage team, security officials involved in the investigation said. Victims include military establishments, government departments, scientific organizations and universities across the world, mainly in the Middle East. Paul Chichester, NCSC director of operations, said Turla’s activity represented ‘a real change in the modus operandi of cyber actors’ which he said ‘added to the sense of confusion’ over which state-backed cyber groups had been responsible for successful attacks. ‘The reason we are [publicizing] this is because of the different tradecraft we are seeing Turla use,’ he told reporters. ‘We want others to be able to understand this activity.’ Mr Chichester described how Turla began ‘piggybacking’ on Oilrig’s attacks by monitoring an Iranian hack closely enough to use the same backdoor route into an organization or to gain access to the resulting intelligence. … But the Russian group then progressed to initiating their own attacks using Oilrig’s command-and-control infrastructure and software.”

We’re told the group successfully hacked about 20 countries using this tactic. It let them tap into Oilrig’s operational output to gain access to victims faster and easier. Not surprisingly, the Kremlin refused to comment; Russia consistently denies it hacks other states, describing such allegations as “mythical.”

Cynthia Murrell, November 6, 2019

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta