CyberOSINT banner

The Surprisingly Diverse Types of Cybercriminals Threatening Your Business

July 29, 2016

The article titled BAE Systems Unmasks Today’s Cybercriminals- Australia on BAE Systems digs into the research on the industrialization of cyber crime, which looks increasingly like other established and legal industries. While most cybercriminals are still spurred to action by financial gain, there are also those interested more in a long-term strategy of going after intellectual property and selling the data on the black market. The article states,

“Some cyber criminals are becoming even more professional, offering skills and services, such as “project management” to other criminal organisations. They are writing their own software that comes with service agreements and money-back guarantees if the code gets detected, with the promise of a replacement. This ‘industrialisation’ of cyber crime means it has never been more important for businesses to understand and protect themselves against the risks they face,” said Dr Rajiv Shah, regional general manager, BAE Systems Applied Intelligence.”

The article pinpoints six profiles including career criminals but also internal employees, activists and, and what they call “The Getaway,” or underage criminals who won’t be sentenced like adults. Perhaps the most insidious of these is The Insider, who can be a disgruntled employee or a negligent employee with more access than is good for them or the company they work for.

 

Chelsea Kerwin, July 29, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Environmental Big Data Applied to Sustainable Health Purchasing

July 29, 2016

The US healthcare system has some of the best medical procedures and practices in the world, but the governing system is a violent mess.  One aspect tangled in the nightmare is purchasing.  Wharton University explains how big data can improve sustainability in everything in purchasing in everything from drugs to cleaning supplies: “The Four A’s: Turning Big Data Into Useful Information.”

The health care system is one of the biggest participants in group purchasing organizations (GPOs).  One significant downplayed feature that all GPOs share is its green product usage.  GPOs rely on using green products to cut back on waste and cost (in some cases), however, they could do more if they had access to environmental big data.  It helps the immediate bottom line, but it does more for the future:

“Longer term, it makes good business sense for hospitals and clinics, which spend so much battling environmentally caused illnesses, to reduce, and where possible eliminate, the chemicals and other pollutants that are damaging their patients’ health. That is precisely why Premier’s GreenHealthy program is eager to move beyond price alone and take EPP into consideration. ‘Price doesn’t give us the whole story,’ said [Kevin Lewis, national program coordinator for the GreenHealthy division of Premier Inc]. ‘Our prime concern is making our patients safer.’”

Individual health service providers, however, do not have access to certain healthcare metrics and data, unless they ask for it from manufacturers/supplies.  Even worse is that the health metrics data is often outdated.

The GPOs and the health providers could work together to exchange information to keep all data along the supply chain updated.  It would create a sustainability chain that would benefit the environment and the bottom line.

 

Whitney Grace, July 29, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Facebook Acknowledges Major Dependence on Artificial Intelligence

July 28, 2016

The article on Mashable titled Facebook’s AI Chief: ‘Facebook Today Could Not Exist Without AI’ relates the current conversations involving Facebook and AI. Joaquin Candela, the director of applied machine learning at Facebook, states that “Facebook could not exist without AI.” He uses the examples of the News Feed, ads, and offensive content, all of which involve AI stimulating a vastly more engaging and personalized experience. He explains,

“If you were just a random number and we changed that random number every five seconds and that’s all we know about you then none of the experiences that you have online today — and I’m not only talking about Facebook — would be really useful to you. You’d hate it. I would hate it. So there is value of course in being able to personalize experiences and make the access of information more efficient to you.”

And we thought all Facebook required is humans and ad revenue. Candela makes it very clear that Facebook is driven by machine learning and personalization. He paints a very bleak picture of what Facebook would look like without AI- completely random ads, unranked New Feeds, and offensive content splashing around like beached whale. Only in the last few years, computer vision has changed Facebook’s process of removing such content. What used to take reports and human raters now is automated.
 

Chelsea Kerwin, July 28, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Baidu Hopes Transparency Cleans up Results

July 28, 2016

One of the worries about using commercial search engines is that search results are polluted with paid links. In the United States, paid results are differentiated from organic results with a little banner or font change.  It is not so within China and Seeking Alpha shares an interesting story about a Chinese search engine, “Baidu Cleans Up Search Site, Eyes Value.”  Baidu recently did a major overhaul of its search engine, which was due a long, long time ago. Baidu was more interested in generating profits than providing its users a decent service.   Baidu neglected to inform its users that paid links appeared alongside organic results, but now they have been separated out like paid links in the US.

Results are cleaner, but it did not come in time to help one user:

“For anyone who has missed this headline-grabbing story, the crisis erupted after 21-year-old cancer patient Wei Zexi used Baidu to find a hospital to treat his disease. He trusted the hospital he chose partly because it appeared high in Baidu’s results. But he was unaware the hospital got that ranking because it paid the most in an online auctioning system that has helped to make Baidu hugely profitable. Wei later died after receiving an ineffective experimental treatment, though not before complaining loudly about how he was misled.”

The resulting PR nightmare forced Baidu to clean up its digital act.  This example outlines one of the many differences between US and Chinese business ethics.  On average the US probably has more educated consumers than China, who will call out companies when they notice ethical violations.  While it is true US companies are willing to compromise ethics for a buck, at least once they are caught they cannot avoid the windfall.  China on the other hand, does what it wants when it wants.

 

Whitney Grace, July 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Avast: Pirate Libraries

July 26, 2016

They are called “pirate libraries,” but one would be better-served envisioning Robin Hood than Blackbeard.  Atlas Obscura takes a look at these floaters of scientific-journal copyrights in, “The Rise of Pirate Libraries.” These are not physical libraries, but virtual ones, where researchers and other curious folks can study articles otherwise accessible only through expensive scientific journal paywalls. Reporter Sarah Laskow writes:

“The creators of these repositories are a small group who try to keep a low profile, since distributing copyrighted material in this way is illegal. Many of them are academics. The largest pirate libraries have come from Russia’s cultural orbit, but the documents they collect are used by people around the world, in countries both wealthy and poor. Pirate libraries have become so popular that in 2015, Elsevier, one of the largest academic publishers in America, went to court to try to shut down two of the most popular, Sci-Hub and Library Genesis.

“These libraries, Elsevier alleged, cost the company millions of dollars in lost profits. But the people who run and support pirate libraries argue that they’re filling a market gap, providing access to information to researchers around the world who wouldn’t have the resources to obtain these materials any other way.”

The development of these illicit repositories traces back to Russia and its surrounds, where academics had a long history of secretly sharing documents under the repressive Soviet Union.  In the 1990s, this tradition began to move online; one of the first pirate-library websites was Lib.Ru. Since then, illegally shared knowledge from more parts of the world has been made available, particularly from Western publishers and universities. Furthermore, the speed with which materials make it online has increased considerably.

Which is more worthy: protecting the stranglehold academic journals have managed to legally establish, and profit from, on research and other information? Or allowing people who possess great curiosity, but who lack deep pockets, to access the latest research? The scholarly pirates have made their choice.

 

 

Cynthia Murrell, July 26, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

There is a Louisville, Kentucky Hidden Web/Dark Web meet up on July 26, 2016. Information is at this link: http://bit.ly/29tVKpx.

 

Meet the Company Selling Our Medical Data

July 22, 2016

A company with a long history is getting fresh scrutiny. An article at Fortune reports, “This Little-Known Firm Is Getting Rich Off Your Medical Data.” Writer Adam Tanner informs us:

“A global company based in Danbury, Connecticut, IMS  buys bulk data from pharmacy chains such as CVS , doctor’s electronic record systems such as Allscripts, claims from insurers such as Blue Cross Blue Shield and from others who handle your health information. The data is anonymized—stripped from the identifiers that identify individuals. In turn, IMS sells insights from its more than half a billion patient dossiers mainly to drug companies.

“So-called health care data mining is a growing market—and one largely dominated by IMS. Last week, the company reported 2015 net income of $417 million on revenue of $2.9 billion, compared with a loss of $189 million in 2014 (an acquisition also boosted revenue over the year). ‘The outlook for this business remains strong,’ CEO Ari Bousbib said in announcing the earnings.”

IMS Health dates back to the 1950s, when a medical ad man sought to make a buck on drug-sales marketing reports. In the 1980s and ‘90s, the company thrived selling profiles of specific doctors’ proscribing patterns to pharmaceutical marketing folks. Later, they moved into aggregating information on individual patients—anonymized, of course, in accordance with HIPAA rules.

Despite those rules, some are concerned about patient privacy. IMS does not disclose how it compiles their patient dossiers, and it may be possible that records could, somehow someday, become identifiable. One solution would be to allow patients to opt out of contributing their records to the collection, anonymized or not, as marketing data firm Acxiom began doing in 2013.

Of course, it isn’t quite so simple for the consumer. Each health record system makes its own decisions about data sharing, so opting out could require changing doctors. On the other hand, many of us have little choice in our insurance provider, and a lot of those firms also share patient information. Will IMS move toward transparency, or continue to keep patients in the dark about the paths of their own medical data?

 

Cynthia Murrell, July 22, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

There is a Louisville, Kentucky Hidden Web/Dark
Web meet up on July 26, 2016.
Information is at this link: http://bit.ly/29tVKpx.

Interview with an Ethical Hacker

July 20, 2016

We’ve checked out a write-up on one of the white-hats working for IBM at Business Insider— “Here’s What It’s Really Like to Be a Hacker at One of the World’s Biggest Tech Companies.”  We wonder, does this wizard use Watson? The article profiles Charles Henderson. After summarizing the “ethical hacker’s” background, the article describes some of his process:

“The first thing I do every morning is catch up on what happened when I was sleeping. The cool thing is, since I run a global team, when I’m sleeping there are teams conducting research and working engagements with customers. So in the morning I start by asking, ‘Did we find any critical flaws?’ ‘Do I need to tell a client we found a vulnerability and begin working to fix it?’ From there, I am working with my team to plan penetration tests and make sure we have the resources we need to address the issues we have found. There isn’t an hour that goes by that I don’t find a cool, new way of doing something, which means my days are both unpredictable and exciting.

“I also do a lot of research myself. I like to look at consumer electronic devices, anything from planes to trains to automobiles to mobile devices. I try to find ways to break into or break apart these devices, to find new flaws and vulnerabilities.”

Henderson also mentions meeting with clients around the world to consult on security issues, and lists some projects his team has tackled. For example, a “physical penetration test” which involved stealing a corporate vehicle, and sending “tiger teams” to burgle client buildings. His favorite moments, though, are those when he is able to fix a vulnerability before it is exploited. Henderson closes with this bit of advice for aspiring hackers: “Always be curious. Never take anything at face value.”

 

 

Cynthia Murrell, July 20, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

There is a Louisville, Kentucky Hidden Web/Dark
Web meet up on July 26, 2016.
Information is at this link: http://bit.ly/29tVKpx.

Hewlett Packard Makes Haven Commercially Available

July 19, 2016

The article InformationWeek titled HPE’s Machine Learning APIs, MIT’s Sports Analytics Trends: Big Data Roundup analyzes Haven OnDemand, a large part of Hewlett Packard Enterprise’s big data strategy. For a look at the smart software coming out of HP Enterprise, check out this video. The article states,

“HPE’s announcement this week brings HPE Haven OnDemand as a service on the Microsoft Azure platform and provides more than 60 APIs and services that deliver deep learning analytics on a wide range of data, including text, audio, image, social, Web, and video. Customers can start with a freemium service that enables development and testing for free, and grow into a usage and SLA-based commercial model for enterprises.”

You may notice from the video that the visualizations look a great deal like Autonomy IDOL’s visualizations from the early 2000s. That is, dated, especially when compared to visualizations from other firms. But Idol may have a new name: Haven. According to the article, that name is actually a relaxed acronym for Hadoop, Autonomy IDOL, HP Vertica, Enterprise Security Products, and “n” or infinite applications. HPE promises that this cloud platform with machine learning APIs will assist companies in growing mobile and enterprise applications. The question is, “Can 1990s technology provide what 2016 managers expects?”

 

Chelsea Kerwin, July 19, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

There is a Louisville, Kentucky Hidden Web/Dark
Web meet up on July 26, 2016.
Information is at this link: http://bit.ly/29tVKpx.

The Watson Update

July 15, 2016

IBM invested a lot of resources, time, and finances into developing the powerful artificial intelligence computer Watson.  The company has been trying for years to justify the expense as well as make money off their invention, mostly by having Watson try every conceivable industry that could benefit from big data-from cooking to medicine.  We finally have an update on Watson says ZDNet in the article, “IBM Talks About Progress On Watson, OpenPower.”

Watson is a cognitive computer system that learns, supports natural user interfaces, values user expertise, and evolves with new information.  Evolving is the most important step, because that will allow Watson to keep gaining experience and learn.  When Watson was first developed, IBM fed it general domain knowledge, then made the Watson Discovery to find answers to specific questions.  This has been used in the medical field to digest all the information created and applying it to practice.

IBM also did this:

“Most recently IBM has been focused on making Watson available as a set of services for customers that want to build their own applications with natural question-and-answer capabilities. Today it has 32 services available on the Watson Developer Cloud hosted on its Bluemix platform-as-a-service… Now IBM is working on making Watson more human. This includes a Tone Analyzer (think of this as a sort spellchecker for tone before you send that e-mail to the boss), Emotion Analysis of text, and Personality Insights, which uses things you’ve written to assess your personality traits.”

Cognitive computing has come very far since Watson won Jeopardy.  Pretty soon the technology will be more integrated into our lives.  The bigger question is how will change society and how we live?

 

Whitney Grace,  July 15, 2016

There is a Louisville, Kentucky Hidden Web/Dark

Web meet up on July 26, 2016. Information is at this link: http://bit.ly/29tVKpx.

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

The U.S. Government Pushes Improved Public Access to Code Developed for Government Use

July 15, 2016

The article on Matthias Kirschner’s blog titled US Government Commits to Publish Publicly Financed Software Under Free Software Licenses relates the initiative in the draft policy involving governmental support for increased access to tailored software code built for the Federal Government. Kirschner is the President of the Free Software Foundation Europe, and thereby is interested in promoting the United States’ new policy in the European Union. The article explains,

“The Source Code Policy is intended for efficient use of US taxpayers’ money and reuse of existing custom-made software across the public sector. It is said to reduce vendor lock-in of the public sector, and decrease duplicate costs for the same code which in return will increase transparency of public agencies. The custom-build software will also be published to the general public either as public domain, or as Free Software so others can improve and reuse the software.”

Kirschner believes in empowering people by providing this sort of software, and the US government appears to be equally enthusiastic about promoting innovation rather than redundant software purchases. There are also examples of how non-techy people can use open source resources on the White House article about the draft policy. That article lists tools like free housing counselors, sexual assault data, and even college research through College Scorecard. All in all, this seems like a no-brainer.

 

Chelsea Kerwin, July 15, 2016

There is a Louisville, Kentucky Hidden Web/Dark

Web meet up on July 26, 2016.

Information is at this link: http://bit.ly/29tVKpx.

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Next Page »