CyberOSINT banner

New Security Service Enters Consumer Space

April 29, 2016

It looks like another company is entering the arena of consumer cybersecurity. An article from Life Hacker, Privacy Lets You Create “Virtual” Credit Card Numbers, Deactivate One Instantly If It’s Stolen, shares the details of Privacy. Their tool generates disposable card numbers online, which can be tied to accounts with participating banks or Visa cards, and then allows users to easily deactivate if one is stolen. The service is free to users because Privacy makes money acting as a credit card processor. The article tells us,

“Privacy just gives you the ability to create virtual “accounts” that are authorized to charge a given amount to your account. You can set that account to be single use or multi-use, and if the amount is used up, then the transaction doesn’t go through to your main account. If one of your virtual accounts gets hit with an account you don’t recognize, you’ll be able to open the account from the Privacy Chrome or Firefox extension and shut it down immediately. The Chrome extension lets you manage your account quickly, auto-fill shopping sites with your virtual account numbers, or quickly create or shut down numbers.”

We think the concept of Privacy and the existence of such a service points to the perception consumers find security measures increasingly important. However, why trust Privacy? We’re not testing this idea, but perhaps Privacy is suited for Dark Web activity.


Megan Feil, April 29, 2016

Sponsored by, publisher of the CyberOSINT monograph

Research Outlines Overview of Dark Web Landscape

April 27, 2016

The Dark Web continues to be a subject of study. Coin Desk published an article, Bitcoin Remains Most Popular Digital Currency on Dark Web, reporting on a study from two professors in the Department of War Studies at King’s College London. Their research found that Dark Web sites offered illegal goods and services in 12 categories, such as arms, drugs, and finance. As may be expected, the results revealed bitcoin to be the preferred digital currency of hidden-services commerce. We learned,

“The report, “Cryptopolitik and the Darknet,” which appeared in the February-March edition of Survival: Global Politics and Strategy, analyzed about 300,000 web addresses, identifying 5,205 live websites, out of which 2,723 were classified as illicit with a “high degree of confidence.” Of those, each was placed in one of twelve categories, including drugs, arms, and finance. The drugs category was the most frequently identified, with 423 websites, followed by finance with 327 websites. 1,021 websites were categorized as “other” by the research team. Among the financial websites identified as illicit, there were three categories: bitcoin-based methods for money-laundering, stolen credit card numbers and trade in counterfeit currency.”

In addition to this overview of the Dark Web landscape, the article also points out previous research which pokes holes in the conceptualization of the Dark Web as completely anonymous. An attack costing $2,500 is the price of busting a bitcoin user. Playing defense, a coin-mixing service called CleanCoin, helps bitcoin users remain traceless. What will be the next move?


Megan Feil, April 27, 2016

Sponsored by, publisher of the CyberOSINT monograph


Google and Its Hidden Costs

April 26, 2016

I read “Alphabet: Sunk by Hidden Costs.” (You will have to register or maybe pay to read the source article containing the MBA analysis.) I was a bit surprised at the notion of hidden costs. Money comes in. Money goes out. The only reason money is hidden relates to the popular human pass time of not keeping track of what people, products, etc. cost and making a comprehensible notation of who authorized the expenditure, when, and why. Without this information, money is not hidden. Money is just ignored. Cash flow or venture funding is okay. We will be fine.

The write up points out that Google’s financial results were hooked to “some hidden costs.” The write up points out:

One place to blame for the bigger than expected loss is the Other Bets category. The loss in these long shot investments surged to $802 million from only $633 million last year. The operating loss was only $140 million higher than last year when excluding the stock-based compensation. Surely, analysts factored in larger losses from this sector.


The Alphabet Google has its math and science club projects. Is the “money is plentiful” concept a mismatch with the spending for cheating death, Loon balloons, and dealing with legal hassles?

Hidden costs underscore management and detail behaviors. MBA speak may not make the problem go away. Google’s failure rate with start ups may follow a normal distribution. Hidden money just underscores the risk associated with these ventures.

Stephen E Arnold, April 26, 2016

Project Cumulus Tracks Stolen Credentials

April 26, 2016

Ever wonder how far stolen information can go on the Dark Web? If so, check out “Project Cumulus—Tracking Fake Phished Credentials Leaked to Dark Web” at Security Affairs. Researchers at Bitglass baited the hook and tracked the mock data.  Writer Pierluigi Paganini explains:

“The researchers created a fake identity for employees of a ghostly retail bank, along with a functional web portal for the financial institution, and a Google Drive account. The experts also associated the identities with real credit-card data, then leaked ‘phished’ Google Apps credentials to the Dark Web and tracked the activity on these accounts. The results were intriguing, the leaked data were accessed in 30 countries across six continents in just two weeks. Leaked data were viewed more than 1,000 times and downloaded 47 times, in just 24 hours the experts observed three Google Drive login attempts and five bank login attempts. Within 48 hours of the initial leak, files were downloaded, and the account was viewed hundreds of times over the course of a month, with many hackers successfully accessing the victim’s other online accounts.”

Yikes. A few other interesting Project Cumulus findings: More than 1400 hackers viewed the credentials; one tenth of those tried to log into the faux-bank’s web portal; and 68% of the hackers accessed Google Drive through the Tor network. See the article for more details. Paganini concludes with a reminder to avoid reusing login credentials, especially now that we see just how far stolen credentials can quickly travel.


Cynthia Murrell, April 26, 2016

Sponsored by, publisher of the CyberOSINT monograph


Unicorn Land: Warm Hot Chocolate and a Nap May Not Help

April 25, 2016

In the heady world of the unicorn, there are not too many search and content processing companies. I do read open source information about Palantir Technologies. Heck, I might even wrap up my notes about Palantir Gotham and make them available to someone with a yen to know more about a company which embraces secrecy but has a YouTube channel explaining how its system works.

I was poking around for open source information about how Palantir ensures that a person with a secret clearance does not “see” information classified at a higher level of access. From what I have read, the magic is in time stamps, open source content management, and some middleware. I took a break from reading the revelations from a person in the UK who idled away commute time writing about Palantir and noted “On the Road to Recap: Why the Unicorn Financing Market Just Became Dangerous for All Involved.”

I enjoy “all” type write ups. As I worked through the 5,600 word write up, I decided not to poke fun at the logic of “all” and jotted down the points which struck me as new information and the comments which I thought might be germane to Palantir, a company which (as I document in my Palantir Notebook) has successfully fast cycles of financing between 2003 and 2015 when the pace appears to have slowed.

There is no direct connection between the On the Road to Recap article and Palantir, and I certainly don’t want to draw explicit parallels. In this blog post, let me highlight some of the passages from the source article and emphasize that you might want to read the original article. If you are interested in search and content processing vendors like Attivio, Coveo, Sinequa, Smartlogic, and others of their ilk, some of the “pressures” identified in the source article are likely to apply. If the write up is on the money, I am certainly delighted to be in rural Kentucky thinking about what to have for lunch.

The first point I noted was new information to me. You, gentle reader, may be MBAized and conversant with the notion of understanding the lay of the land; to wit:

most participants in the ecosystem have exposure to and responsibility for specific company performance, which is exactly why the changing landscape is important to understand.

Ah, reality. I know that many search and content processing vendors operate without taking a big picture view. The focus is on what I call “what can we say to close a deal right now” type thinking. The write up roasts that business school chestnut of understanding life as it is, not as a marketer believes it to be.

I noted this statement in the source article:

Late 2015 also brought the arrival of “mutual fund markdowns.” Many Unicorns had taken private fundraising dollars from mutual funds. These mutual funds “mark-to-market” every day, and fund managers are compensated periodically on this performance. As a result, most firms have independent internal groups that periodically analyze valuations. With the public markets down, these groups began writing down Unicorn valuations. Once more, the fantasy began to come apart. The last round is not the permanent price, and being private does not mean you get a free pass on scrutiny.

Write downs, to me, mean one might lose one’s money.

I then learned a new term, dirty term sheets. Here’s the definition I highlighted in a bilious yellow marker hue:

“Dirty” or structured term sheets are proposed investments where the majority of the economic gains for the investor come not from the headline valuation, but rather through a series of dirty terms that are hidden deeper in the document. This allows the Shark to meet the valuation “ask” of the entrepreneur and VC board member, all the while knowing that they will make excellent returns, even at exits that are far below the cover valuation. Examples of dirty terms include guaranteed IPO returns, ratchets, PIK Dividends, series-based M&A vetoes, and superior preferences or liquidity rights. The typical Silicon Valley term sheet does not include such terms. The reason these terms can produce returns by themselves is that they set the stage for a rejiggering of the capitalization table at some point in the future. This is why the founder and their VC BOD member can still hold onto the illusion that everything is fine. The adjustment does not happen now, it will happen later.

I like rejiggering. I have experienced used car sales professionals rejiggering numbers for a person who once worked for me. Not a good experience as I recall.

I then circled this passage:

One of the shocking realities that is present in many of these “investment opportunities” is a relative absence of pertinent financial information. One would think that these opportunities which are often sold as “pre-IPO” rounds would have something close to the data you might see in an S-1. But often, the financial information is quite limited. And when it is included, it may be presented in a way that is inconsistent with GAAP standards. As an example, most Unicorn CEOs still have no idea that discounts, coupons, and subsidies are contra-revenue.

So what’s this have to do in my addled brain with Palantir? I had three thoughts, which are my opinion, and you may ignore them. In fact, why not stop reading now.

  1. Palantir is a unicorn and it may be experiencing increased pressure to generate a right now pay out to its stakeholders. One way Palantir can do this is to split its “secret” business from its Metropolitan business for banks. The “secret” business remains private, and the Metropolitan business becomes an IPO play. The idea is to get some money to keep those who pumped more than $700 million into the company since 2003 sort of happy.
  2. Palantir has to find a way to thwart those in its “secret” work from squeezing Palantir into a niche and then marginalizing the company. There are some outfits who would enjoy becoming the go-to solution for near real time operational intelligence analysis. Some outfits are big (Oracle and IBM), and others are much, much smaller (Digital Reasoning and Modus Operandi). If Palantir pulls off this play, then the government contract cash can be used to provide a sugar boost to those who want some fungible evidence of a big, big pay day.
  3. Palantir has to amp up its marketing, contain overhead, and expand its revenue from non government licenses and consulting.

Is Palantir’s management up to this task? The good news is that Palantir has not done the “let’s hire a Google wizard” to run the company. The bad news is that Palantir had an interesting run of management actions which resulted in a bit of a legal hassle with i2 Group before IBM bought it.

I will continue looking for information about Gotham’s security system and method. In the back of my mind will be the information and comments in On the Road to Recap.

Stephen E Arnold, April 25, 2016

Local News Station Produces Dark Web Story

April 22, 2016

The Dark Web continues to emerge as a subject of media interest for growing audiences. An article, Dark Web Makes Illegal Drug, Gun Purchases Hard To Trace from Chicago CBS also appears to have been shared as a news segment recently. Offering some light education on the topic, the story explains the anonymity possible for criminal activity using the Dark Web and Bitcoin. The post describes how these tools are typically used,

“Within seconds of exploring the deep web we found over 15,000 sales for drugs including heroin, cocaine and marijuana. In addition to the drugs we found fake Illinois drivers licenses, credit card and bank information and dangerous weapons. “We have what looks to be an assault rifle, AK 47,” said Petefish. That assault rifle AK 47 was selling for 10 bitcoin which would be about $4,000. You can buy bitcoins at bitcoin ATM machines using cash, leaving very little trace of your identity. Bitcoin currency along with the anonymity and encryption used on the dark web makes it harder for authorities to catch criminals, but not impossible.”

As expected, this piece touches on the infamous Silk Road case along with some nearby cases involving local police. While the Dark Web and cybercrime has been on our radar for quite some time, it appears mainstream media interest around the topic is slowly growing. Perhaps those with risk to be affected, such as businesses, government and law enforcement agencies will also continue catching on to the issues surrounding the Dark Web.


Megan Feil, April 22, 2016

Sponsored by, publisher of the CyberOSINT monograph


Newly Launched Terbium Software to Monitor Dark Web for Enterprise

April 11, 2016

Impacting groups like Target to JP Morgan Chase, data breaches are increasingly common and security firms are popping up to address the issue. The article Dark Web data hunter Terbium Labs secures $6.4m in fresh funding from ZDNet reports Terbium Labs received $6.4 million in Series A funding. Terbium Labs released software called Matchlight which provides real-time surveillance of the Dark Web and alerts enterprises when their organization’s data surfaces. Consumer data, sensitive company records, and trade secrets are among the types of data for which enterprises are seeking protection. We learned,

Earlier this month, cloud security firm Bitglass revealed the results of an experiment focused on how quickly stolen data spreads through the Dark Web. The company found that within days, financial credentials leaked to the underground spread to 30 countries across six continents with thousands of users accessing the information.”

While Terbium appears to offer value for stopping a breach once it’s started, what about preventing such breaches in the first place? Perhaps there are opportunities for partnerships with Terbium and players in the prevention arena. Or, then again, maybe companies will buy piecemeal services from individual vendors.


Megan Feil, April 11, 2016

Sponsored by, publisher of the CyberOSINT monograph

What Not to Say to a Prospective Investor (Unless They Just Arrived via Turnip Truck)

April 11, 2016

The article on Pando titled Startups Anonymous: Things Founders Say to Investors That Are Complete BS is an installment from a weekly series on the obstacles and madness inherent in the founder/investor relationship. Given that one person is trying to convince the other to give them money, and the other is looking for reasons to not give money, the conversations often turn comical faster than it takes the average startup to go broke. The article provides a list of trending comments that one might overhear coming from a founder’s mouth (while their nose simultaneously turns red and elongates.) Here are a few gems, along with their translated meanings,

“Our growth has been all organic.” Translation: Our friends are using it. “My cofounder turned down a job at Google to focus on our company.” Translation: He applied for an internship a while back and it fell through. “We want to create a very minimalist design.” Translation: We’re not designers and can’t afford to hire a decent one. “This is a $50 billion per year untapped market.” Translation: I heard this tactic works for getting investors.”

The frustrations of fundraising is no joke, but founders get their turn to laugh at investors in the companion article titled What I’d Really Like to Say to Investors. For example: “If today, we had the revenue you’d like to see, I wouldn’t be talking to you right now. It’s as simple as that.” Injecting honesty into these interactions is apparently always funny, perhaps because as founders get increasingly desperate, their BS artistry rises in correlation.


Chelsea Kerwin, April 11, 2016

Sponsored by, publisher of the CyberOSINT monograph

Nasdaq Joins the Party for Investing in Intelligence

April 6, 2016

The financial sector is hungry for intelligence to help curb abuses in capital markets, judging by recent actions of Goldman Sachs and Credit Suisse. Nasdaq invests in ‘cognitive’ technology, from BA wire, announces their investment in Digital Reasoning. Nasdaq plans to connect Digital Reasoning algorithms with Nasdaq’s technology which surveils trade data. The article explains the benefits of joining these two products,

“The two companies want to pair Digital Reasoning software of unstructured data such as voicemail, email, chats and social media, with Nasdaq’s Smarts business, which is one of the foremost software for monitoring trading on global markets. It is used by more than 40 markets and 12 regulators. Combining the two products is designed to assess the context, content and relationships behind trading and spot signals that could indicate insider trading, market manipulation or even expenses rules violations.”

We have followed Digital Reasoning, and other intel vendors like them, for quite some time as they target sectors ranging from healthcare to law to military. This is just a case of another software intelligence vendor making the shift to the financial sector. Following the money appears to be the name of the game.


Megan Feil, April 6, 2016

Sponsored by, publisher of the CyberOSINT monograph

Glueware: A Sticky and Expensive Mess

April 5, 2016

I have been gathering open source information about DCGS, a US government information access and analysis system. I learned that the DCGS project is running a bit behind its original schedule formulated about 13 years ago. I also learned that the project is little over budget.

I noted “NASA Launch System Software Upgrade Now 77% overt Budget.” What interested me was the reference to “glueware.” The idea appears to be that it is better, faster, and maybe cheaper to use many different products. The “glueware” idea allows these technologies to be stuck or glued together. This is an interesting idea.

According to the write up:

To develop its new launch software, NASA has essentially kluged together a bunch of different software packages, Martin noted in his report. “The root of these issues largely results from NASA’s implementation of its June 2006 decision to integrate multiple products or, in some cases, parts of products rather than developing software in-house or buying an off-the-shelf product,” the report states. “Writing computer code to ‘glue’ together disparate products has turned out to be more complex and expensive than anticipated. As of January 2016, Agency personnel had developed 2.5 million lines of ‘glue-ware,’ with almost two more years of development activity planned.”

The arguments for the approach boil down to the US government’s belief that many flowers blooming in one greenhouse is better than buying flowers from a farm in Encinitas.

The parallels with DCGS and its well known government contractors and Palantir with its home brew Gotham system are interesting to me. What happens if NASA embraces a commercial provider? Good news for that commercial provider and maybe some push back from the firms chopped out of the pork loin. What happens if Palantir gets rebuffed? Unicorn burgers, anyone?

Stephen E Arnold, April 5, 2016

Next Page »