CyberOSINT banner

More Palantir Spotting

June 27, 2016

Trainspotting is a collection of short stories or a novel presented as a series of short stories by Irvine Welsh. The fun lovers in the fiction embrace avocations which seem to be addictive. The thrill is the thing. Now I think I have identified Palantir spotting.

Navigate to “Palantir Seeks to Muzzle Former Employees.” I am not too interested in the allegations in the write up. What is interesting is that the article is one of what appears to be of series of stories about Palantir Technologies enriched with non public documents.

image

The Thingverse muzzle might be just the ticket for employees who want to chatter about proprietary information. I assume the muzzle is sanitary and durable, comes in various sizes, and adapts to the jaw movement of the lucky dog wearing the gizmo.

Why use the phrase “Palantir spotting.” It seems to me that making an outfit which provides services and software to government entities is an unusual hobby. I, for example, lecture about the Dark Web, how to recognize recycled analytics algorithms and their assorted “foibles,” and how to find information in the new, super helpful Google Web search system.

Poking the innards of an outfit with interesting software and some wizards who might be a bit testy is okay if done with some Onion type  or Colbert like humor. Doing what one of my old employers did in the 1970s to help ensure that company policies remain inside the company is old hat to me.

In the write up, I noted:

The Silicon Valley data-analysis company, which recently said it would buy up to $225 million of its own common stock from current and former staff, has attached some serious strings to the offer. It is requiring former employees who want to sell their shares to renew their non-disclosure agreements, agree not to poach Palantir employees for 12 months, and promise not to sue the company or its executives, a confidential contract reviewed by BuzzFeed News shows. The terms also dictate how former staff can talk to the press. If they get any inquiries about Palantir from reporters, the contract says, they must immediately notify Palantir and then email the company a copy of the inquiry within three business days. These provisions, which haven’t previously been reported, show one way Palantir stands to benefit from the stock purchase offer, known as a “liquidity event.”

Okay, manage information flow. In my experience, money often comes with some caveats. At one time I had lots and lots of @Home goodies which disappeared in a Sillycon Valley minute. The fine print for the deal covered the disappearance. Sigh. That’s life with techno-financial wizards. It seems life has not changed too much since the @Home affair decades ago.

I expect that there will be more Palantir centric stories. I will try to note these when they hit my steam powered radar detector in Harrod’s Creek. My thought is that like the protagonists in Trainspotting, Palantir spotting might have some after effects.

I keep asking myself this question:

How do company confidential documents escape the gravitational field of a comparatively secretive company?

The Palantir spotters are great data gatherers or those with access to the documents are making the material available. No answers yet. Just that question about “how”.

Stephen E Arnold, June 27, 2016

Peak Unicorn: Hooves of Doom

June 23, 2016

I loved the phrase “peak unicorn.” The co9mbination of mixed metaphors and a mythical horned equine is delicious. Navigate to “The Unicorn Godmother Dishes on Silicon Valley.” I find the addition of a “godmother” a bit like a 1958 Chevrolet Impala with additional chrome bolted on by an ambitious retro rod shop. Unicorns, peaks, and godmothers!

The main point of the write up in my opinion is not fruit salad metaphors. Here’s the passage I highlighted in passion fruit reddish purple:

I think we’re in a valuation-adjustment period where we’ve basically had very bullish markets both in the private and the public sectors for tech stocks over the past three to five years, and valuation multiples just got out of whack. There was too much money pouring into tech; and a perception developed that the only way to win was to offer a higher price. You know if there’s one house in a neighborhood that everybody wants, generally the way to get the house is to offer a higher price.

Yes, real estate. The “value” of a house in Holmby Hills compared to the value of a home in Pig, Kentucky.

The write up makes clear that some folks in Sillycon Valley may be getting nervous. Time to cash in and enjoy the good life. Unicorn farming in Pig, Kentucky? Search and content processing vendors are welcome too. A quick trip via flying car I hear.

Stephen E Arnold, June 23, 2016

Digital Currencies: More Excitement

June 21, 2016

An “attacker” explains the legal perception he has. You can read this argument at this link. I do not have a horse in this race. In my recent lecture at a security conference in Myrtle Beach, SC, I pointed out that digital currencies work reasonably well for what I call small scale transactions. Putting one’s life savings into a digital currency is a step some bad actors are reluctant to take. Traditional non digital money laundering and tax evasion methods will slowly yield to Fancy Dan types of “money.” But if you are adventurous, have a go.

Stephen E Arnold, June 21, 2106

The Job Duties of a Security Analyst

June 15, 2016

The Dark Web is a mysterious void that the average user will never venture into, much less understand than the nefarious reputation the media crafts for it.  For certain individuals, however, not only do they make a lively hood by surfing the Dark Web, but they also monitor potential threats to our personal safety.  The New York Times had the luck to interview one Dark Web security analyst and shared some insights into her job with the article, “Scouring The Dark Web To Keep Tabs On Terrorists.”

Flashpoint security analyst Alex Kassirer was interviewed and she described that she spent her days tracking jihadists, terrorist group propaganda, and specific individuals.  Kassirer said that terrorists are engaging more in cybercrimes and hacking in lieu/addition of their usual physical aggressions.  Her educational background is very impressive with a bachelor’s from George Washington University with a focus on conflict and security, a minor in religious studies, and she also learned some Arabic.  She earned her master’s in global affairs at New York University and interned at Interpol, the Afghan Embassy, and Flashpoint.

She handles a lot of information, but she provides:

“I supply information about threats as they develop, new tactics terrorists are planning and targets they’re discussing. We’ve also uncovered people’s personal information that terrorists may have stolen. If I believe that the information might mean that someone is in physical danger, we notify the client. If the information points to financial fraud, I work with the cybercrime unit here.”

While Kassirer does experience anxiety over the information she collects, she knows that she is equipped with the tools and works with a team of people who are capable of disrupting terroristic plots.

 

Whitney Grace, June 15, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Ransomware as a Service Deals in Bitcoins of Course

June 14, 2016

Countless “as-a-service” models exist online. A piece from SCMagazine, Dark web forums found offering Cerber ‘ransomware as a service’, reveals more information about one such service called ransomware-as-a-service (RaaS), which we’ve heard about now for quite some time. Ransomware injects a virus onto a machine that encrypts the user’s files where they remain inaccessible until the victim pays for a key. Apparently, an Eastern European ransomware, Cerber, has been offering RaaS on Russian Dark Web forums. According to a cyber intelligence firm Sensecy, this ransomware was setup to include “blacklisted” countries so the malware does not execute on computers in certain locations. The article shares,

“Malwarebytes Labs senior security researcher Jerome Segura said the blacklisted geographies – most of which are Eastern European countries – provide “an indication of where the malware originated.” However, he said Malwarebytes Labs has not seen an indication that the ransomware is connected to the famed APT28 group, which is widely believed to be tied to the Russian government. The recent attacks demonstrate a proliferation of ransomware attacks targeting institutions in the U.S. and Western nations, as recent reports have warned. Last week, the Institute for Critical Infrastructure Technology (ICIT) released a study that predicted previously exploited vulnerabilities will soon be utilized to extract ransom.”

Another interesting bit of information to note from this piece is the going ransom is one bitcoin. Segura mentions the value ransomers ask for may be changing as he has seen some cases where the ransomer works to identify whether the user may be able to pay more. Regardless of the location of a RaaS provider, these technological feats are nothing new. The interesting piece is the supposedly untraceable ransom medium supplanting cash.

 

Megan Feil, June 14, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Alphabet Google Factoid: Media Spend Control

May 31, 2016

I noted “Google Now Controls 12 Percent of All Global Media Spend.” My immediate reaction was, “Just 12 percent.” I assumed that the Alphabet Google thing had cornered much more of the media spend. I learned:

Alphabet controls 12 percent of all global media spend, which primarily comes from Google and YouTube’s ad sales. The company collects $60 billion in U.S. ad spend—a figure 166 percent larger than No. 2 ranking The Walt Disney Company. To compare, Google’s ad revenue was 136 percent larger than Walt Disney last year. Alphabet’s overall ad revenue is up 17 percent year-over-year.

Google is not without competition. I love “competition” in the online digital world. The write up points out:

Facebook in particular continues to become an advertising juggernaut. The social network jumped from No. 10 in 2015 to No. 5 this year, making it the fastest-growing company on Zenith’s list with 65 percent year-over-year growth. Chinese Internet company Baidu is the second fastest-growing company, with ad revenues up 52 percent.

I am not an ad expert. I certainly don’t know anything about media spend. After 15 years of slogging, the 12 percent figure strikes me as interesting. It seems that in a shorter time period, Facebook has been the hot item. Search or social media? Which is the “winner”? Both? Who are the losers?

Traditional media. Another surprise?

Stephen E Arnold, May 31, 2016

Financial Institutes Finally Realize Big Data Is Important

May 30, 2016

One of the fears of automation is that human workers will be replaced and there will no longer be any more jobs for humanity.  Blue-collar jobs are believed to be the first jobs that will be automated, but bankers, financial advisors, and other workers in the financial industry have cause to worry.  Algorithms might replace them, because apparently people are getting faster and better responses from automated bank “workers”.

Perhaps one of the reasons why bankers and financial advisors are being replaced is due to their sudden understanding that “Big Data And Predictive Analytics: A Big Deal, Indeed” says ABA Banking Journal.  One would think that the financial sector would be the first to embrace big data and analytics in order to keep an upper hand on their competition, earn more money, and maintain their relevancy in an ever-changing world.   They, however, have been slow to adapt, slower than retail, search, and insurance.

One of the main reasons the financial district has been holding back is:

“There’s a host of reasons why banks have held back spending on analytics, including privacy concerns and the cost for systems and past merger integrations. Analytics also competes with other areas in tech spending; banks rank digital banking channel development and omnichannel delivery as greater technology priorities, according to Celent.”

After the above quote, the article makes a statement about how customers are moving more to online banking over visiting branches, but it is a very insipid observation.  Big data and analytics offer the banks the opportunity to invest in developing better relationships with their customers and even offering more individualized services as a way to one up Silicon Valley competition.  Big data also helps financial institutions comply with banking laws and standards to avoid violations.

Banks do need to play catch up, but this is probably a lot of moan and groan for nothing.  The financial industry will adapt, especially when they are at risk of losing more money.  This will be the same for all industries, adapt or get left behind.  The further we move from the twentieth century and generations that are not used to digital environments, the more we will see technology integration.

Whitney Grace, May 30, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Open Source Software Needs a Micro-Payment Program

May 27, 2016

Open source software is an excellent idea, because it allows programmers across the globe to share and contribute to the same project.  It also creates a think tank like environment that can be applied (arguably) to any tech field.  There is a downside to open source and creative commons software and that is it not a sustainable model.  Open Source Everything For The 21st Century discusses the issue in their post about “Robert Steele: Should Open Source Code Have A PayPal Address & AON Sliding Scale Rate Sheet?”

The post explains that open source delivers an unclear message about how code is generated, it comes from the greater whole rather than a few people.  It also is not sustainable, because people do need funds to survive as well as maintain the open source software.  Fair Source is a reasonable solution: users are charged if the software is used at a company with fifteen or more employees, but it too is not sustainable.

Micro-payments, small payments of a few cents, might be the ultimate solution.  Robert Steele wrote that:

“I see the need for bits of code to have embedded within them both a PayPalPayPal-like address able to handle micro-payments (fractions of a cent), and a CISCO-like Application Oriented Network (AON) rules and rate sheet that can be updated globally with financial-level latency (which is to say, instantly) and full transparency. Some standards should be set for payment scales, e.g. 10 employees, 100, 1000 and up; such that a package of code with X number of coders will automatically begin to generate PayPal payments to the individual coders when the package hits N use cases within Z organizational or network structures.”

Micro-payments are not a bad idea and it has occasionally been put into practice, but not very widespread.  No one has really pioneered an effective system for it.

Steele is also an advocate for “…Internet access and individual access to code is a human right, devising new rules for a sharing economy in which code is a cost of doing business at a fractional level in comparison to legacy proprietary code — between 1% and 10% of what is paid now.”

It is the ideal version of the Internet, where people are able to make money from their content and creations, users’ privacy is maintained, and ethics is essential are respected.  The current trouble with YouTube channels and copyright comes to mind as does stolen information sold on the Dark Web and the desire to eradicate online bullying.

 

Whitney Grace, May 27, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

The Guardian Adheres to Principles

May 20, 2016

In the 1930s, Britain’s newspaper the Guardian was founded, through a generous family’s endowment, on the ideas of an unfettered press and free access to information. In continued pursuit of these goals, the publication has maintained a paywall-free online presence, despite declining online-advertising revenue. That choice has cost them, we learn from the piece, ”Guardian Bet Shows Digital Risks” at USA Today. Writer Michael Wolff explains:

“In order to underwrite the costs of this transformation, most of the trust’s income-producing investments have been liquidated in recent years in order to keep cash on hand — more than a billion dollars.

“In effect, the Guardian saw itself as departing the newspaper business and competing with new digital news providers like BuzzFeed and Vox and Vice Media, each raising ever-more capital from investors with which to finance their growth. The Guardian — unlike most other newspapers that are struggling to make it in the digital world without benefit of access to outside capital — could use the interest generated by its massive trust to indefinitely deficit-finance its growth. At a mere 4% return, that would mean it could lose more than $40 million a year and be no worse for wear.

“But … the cost of digital growth mounted as digital advertising revenue declined. And with zero interest rates, there has been, practically speaking, no return on cash. Hence, the Guardian’s never-run-out endowment has plunged by more than 12% since the summer and, suddenly looking at a finite life cycle, the Guardian will now have to implement another transition: shrinking rather than expanding.”

The Guardian’s troubles point to a larger issue, writes Wolff; no one has been able to figure out a sustainable business model for digital news. For its part, the Guardian still plans to avoid a paywall, but will try to coax assorted fees from its users. We shall see how that works out.

 

Cynthia Murrell, May 20, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

 

 

Now Big Data Has to Be Fast

May 15, 2016

I read “Big Data Is No Longer Enough: It’s Now All about Fast Data.” The write up is interesting because it shifts the focus from having lots of information to infrastructure which can process the data in a timely manner. Note that “timely” means different things in different contexts. For example, to a crazed MBA stock market maven, next week is not too useful. To a clueless marketing professional with a degree in art history, “next week” might be just speedy enough.

The write up points out:

Processing data at these breakneck speeds requires two technologies: a system that can handle developments as quickly as they appear and a data warehouse capable of working through each item once it arrives. These velocity-oriented databases can support real-time analytics and complex decision-making in real time, while processing a relentless incoming data feed.

The point omitted from the article is that speed comes at a cost. The humans required to figure out what’s needed to go fast, the engineers to build the system, and the time required to complete the task. The “cloud” is not a solution to the cost.

Another omission in the article is that the numerical recipes required to “make sense” of large volumes of data require specialist knowledge. A system which outputs nifty charts may be of zero utility when it comes to making a decision.

The write up ignores the information in “What Beats Big Data? Small Data.” Some organizations cannot afford the cost of fast data. Even outfits which have the money can find themselves tripping over their analyses. See, for example, “Amazon Isn’t Racist, It’s Just Been an Unfortunate Victim of Big Data.” Understanding the information is important. Smart software often lacks the ability to discern nuances or issues with data quality, poor algorithm selection, or knowing what to look for in the first place.

Will the write up cause marketers and baloney makers to alter their pitches about Big Data and smart software. Not a chance. Vendors’ end game is revenue; licensees have a different agenda. When the two do not meet, there may be some excitement.

Stephen E Arnold, May 15, 2016

Next Page »