Consumers As Unwitting Data Conduits as Cyberware Flames

June 30, 2020

India and China are not friending one another. The issue I noted today concerns social media services designed —  maybe targeted is a more appropriate word — at consumers.

Most users of apps like TikTok of 30 second video renown are not aware and do not want to know about data surveillance, known to some as data sucking or data hoovering. (A Hoover was a vacuum cleaner for DarkCyber readers unfamiliar with such a device.)

Information has been floating around that TikTok and other “authorized” apps available from the Google and from the would-be Intel-killer Apple allow the basic social media function to take place while the app gobbles a range of data. Put something on your clipboard? Those data are now in a server in Wuhan.

“India Bans TikTok As Tensions with China Escalate” reports:

India’s Ministry of Electronics and Information Technology said in a statement Monday that it had received many complaints about misuse and transmission of user data by some mobile apps to servers outside India.

Yes, another Captain Obvious insight. Is Captain Obvious working for one of India’s government services?

For those who have wandered the aisles of some interesting conferences, TikTok data is only the tip of the data iceberg.

In fact, I told one hip real news person that chasing some of the smaller data resellers was like understanding the global nature of agribusiness by talking to a quinoa farmer 20 miles from Cusco.

The information is interesting to DarkCyber for three reasons:

  1. The insight light bulb is flashing in some government units. That’s a start.
  2. India is recognizing that consumers going about their daily lives are providing an intelligence windfall of reasonably good size. Consumers use their mobile phones, consumers talk, and consumers enter secure facilities and check out craze dances in the break room.
  3. Cyber warfare is not just chewing away at juicy servers in Australia or Canada. Cyber warfare is wrapped up in those low cost, feature packed hardware devices which, according to the sticker on the box, are “smart.”

The current time period is one filled with interesting activities. What do you think, Captain Obvious?

Stephen E Arnold, June 30, 2020

App Store Curation: Hey, the Method Is a Marvel

June 29, 2020

I don’t think about app store curation policies. One of the DarkCyber researchers was excited about Hey. At lunch, this individual groused about Apple’s editorial review process or what I call curation. Newspapers in the good old days used to do curation. Not so much any more. I still have a headache after my talk with a New York based big time real journalist.

I read “Another 53 iOS Apps Besides TikTok Are Grabbing Clipboard Data.” The write up, if accurate, illustrates how a company can create its own myth from Olympus. Then do exactly what most Silicon Valley companies do; that is, anything that is easy and good for them.

The write up states:

ikTok may be ending its nosy clipboard reading on iOS, but that doesn’t mean other app developers are mending their ways. Security researcher Tommy Mysk told Ars Technica in an interview that an additional 53 apps identified in March are still indiscriminately capturing universal clipboard data when they open, potentially sharing sensitive data with other nearby devices using the same Apple ID. The apps are major titles, too — they’d normally be trustworthy. The behavior is visible in news apps for Fox News, the New York Times and the Wall Street Journal. You’ll also find it in games like Bejeweled, Fruit Ninja and PUBG Mobile.

Did Aristotle cover this type of  mental glitch in his Nicomachean Ethics?

Of course he did.

Stephen E Arnold, June 29, 2020

Facebook: Trust Crisis? You Must Be Joking, Never

June 26, 2020

I read “Facebook Faces Trust Crisis As Ad boycott Grows.” The lovable college drop out who founded Facebook seems to be in pickle. The write up reveals that the company Facebook has to mend some fences with advertisers.

Specifically:

In a call with over 200 advertisers Tuesday, Facebook’s head of trust and safety policy Neil Potts “acknowledged that the company suffered from a trust deficit,” according to the Financial Times. A source familiar with the meeting confirmed the comment. The conversation occurred amid a growing boycott of Facebook and Facebook-owned Instagram’s ad platform by roughly a dozen brands.

In a moment of insight, the author of the write up states:

The political and social pressure on Facebook is ramping up, but the tech giant doesn’t show any signs of seriously changing its policies in response to the mounting pressure, as most politicians and marketers seem to benefit too much from Facebook advertising to really give it up long-term.

What’s this mean? There are some good reasons to allow Facebook to just keep being Facebook. One of them is the data Facebook gathers has value to some individuals in government agencies. Losing Backpage was a set back, but losing Facebook, hey, let’s talk about this.

Second, where there are eyeballs, there are advertisers. The ethical compass of advertisers spins toward selling and making money. That pull is strong enough to light up some folks’ Faraday effect.

Stephen E Arnold, June 26, 2020

Lucky Ukraine: A Data Bomb Test Site

June 26, 2020

Russia surprised the world when Putin ordered his soldiers to invade Ukraine and annex Crimea. Putin’s actions against the Ukraine are not the only modern war stories circling Russia. The Small Wars Journal examines how the Great Bear could be conducting a futuristic warfare using technology: “Russia In Ukraine 2013-2016: The Application Of New Type Warfare Maximizing The Exploitation Of Cyber, IO, and Media.”

Russia could be masters of cyber and information warfare tp support militaristic/political objectives against domestic and international enemies. The thesis study reads logically, but also Russia’s recent actions support it:

“The Russians were able to use Ukraine operations as a test for New Generation Warfare (NGW) to enhance the deep battle concept. Russia has adeptly executed deep battle, creating time and space to effectively employ limited ground forces and special operations to achieve desired effects. The employment of the cyber domain created windows of opportunity for success and simultaneous execution of offensive and defensive tasks across the strategic and operational levels and other domains. Additionally, the cyber capabilities employed allowed the Russians to achieve three critical strategic effects; 1) troop levels were minimized through integrated cyber operations and operational advantage gained; 2) Russian leadership maintained plausible deniability through effective cyber and information operations delaying international intervention; 3) cyber operations achieved desired effects and kept the threshold for violence below an international outcry for intervention or interference allowing the Russians to achieve the strategic objective to control key terrain in Ukraine.”

While Russia remains the punch line for jokes about international affairs, the country is not a laughing matter as history shows. Under Putin’s leadership, Russia proves to be masterful at manipulating multiple information sources: TV, Internet, radio, etc. to cover their rears while executing desired. Russia has invested capital in homegrown technology, instead of relying on foreign made.

Russia used its cyber forces to overwhelm the Ukraine with malware and disinformation through media channels to annex the Crimean territory. It was a brilliant, mostly bloodless tactic, because Ukraine does not have the technology nor physical forces to fend off the Great Bear. Smaller countries, especially in Eastern Europe and Asia, remain sitting ducks if the enter Russia’s crosshairs.

The biggest issue is proving Russia’s culpability and whether the country will be held accountable. Russia’s more militaristic past still casts shadows on its current society, but Russian citizens are not in favor of being a military power again. Like the rest of the world, they want to live a steady, peaceful life.

Whitney Grace, June 26, 2020

JEDI Winner Continues to Excel in Software Updates

June 25, 2020

Will the US Department of Defense be happy with updates to a JEDI system that cause crashes? Probably slightly unhappy. “New Windows 10 Update Fail Breaks Some of Its Best Features” reports:

people have been complaining that after installing the Windows 10 May 2020 Update (also known as Windows 10 version 2004), they cannot access files synced to OneDrive – even if they can be seen in Windows 10.

The write up adds:

Even more embarrassingly for Microsoft, it seems this bug has been around for months in early versions of Windows 10 May 2020 Update, with Windows Insiders, who can try out versions of Windows 10 before other people in order to spot bugs like this, complaining that OneDrive no longer works.

Visualize this. You are in a fire zone. You need cloud data. Bad actors ranging rounds are getting closer.

Take a deep breath and follow this procedure:

Press Windows Key R
Key this string: %localappdata%\Microsoft\OneDrive\onedrive.exe /reset
Access needed data.
No problemo. Microsofties may ponder this when they grab a carry out lunch at Bai Tong’s. 
Stephen E Arnold, June 25, 2020

Geospatial: Context and Opinions

June 24, 2020

DarkCyber spotted a sequence of tweets published by that well managed, completely coherent, and remarkable outfit Twitter. Twitter disseminated brief emissions from Joe Morrison who uses the handle “mouth of Morrison.” Love that Twitter thing!

The write up in Quibi style chunks is about geospatial technology. As it turns out, mobile devices and smart gizmos output geographic coordinates. These are useful to many.

The observations in the stream of tweets explain that geospatial is mostly a bad idea. DarkCyber says, “Ho, ho, ho.”

Two warrant highlighting, but you may find other faves in the list.

Let’s begin:

The most successful and ambitious mapping project of all time, Google Maps, is an advertising platform. There is no “geospatial industry,” only industries with spatial problems.

Yep, the Google. Nevertheless, one must give the GOOG credit for buying Keyhole, morphing an intelligence operation into a cog in ad sales, and then building a large scale geospatial data vacuum cleaner. Remember the comment about capturing Wi-Fi data: “Wow, no idea how that happened.” Does that help you jog down memory lane.

The second emission we noted is:

In geo, you either die a hero or live long enough to make the majority of your revenue from defense and intelligence.

This is sort of accurate. Including law enforcement might be a more accurate characterization of where the money is, however.

These earthworm emissions are amusing; for example, “ESRI is a petty, anti competitive bully”. Are any lawyers paying attention? Also, big companies use open source software and don’t give back. No kidding? Ever hear of code cost reduction?

Worth a look. More context, explanation, and details would add some muscle to the tweeter bones.

Stephen E Arnold, June 24, 2020

Australia: Facial Recognition Diffuses

June 17, 2020

Facial recognition is in the new in the US. High-profile outfits have waved brightly colored virtue signaling flags. The flags indicate, “We are not into this facial recognition thing.” Interesting if accurate. “Facial Surveillance Is Slowly Being Trialed around the Country” provides some information about using smart software to figure out who is who. (Keep in mind that Australia uses the Ripper device to keep humans from becoming a snack for a hungry shark.)

The write up reports:

Facial recognition technology uses artificial intelligence to identify individuals based on their unique facial features and match it with existing photos on a database, such as a police watch list. While it’s already part of our everyday lives, from tagging photos on Facebook to verifying identities at airport immigration, its use by law enforcement via live CCTV is an emerging issue.

That’s the spoiler. Facial recognition is useful and the technology is becoming a helpful tool, like a flashlight or hammer.

The article explains that “All states and territories [in Australia] are using facial recognition software.”

Police in all states and territories confirmed to 7.30 they do use facial recognition to compare images in their databases, however few details were given regarding the number of live CCTV cameras which use the technology, current trials and plans for its use in the future.

The interesting factoid in the write up is that real time facial recognition systems are now in use in Queensland and Western Australia and under consideration in in New South Wales.

The article points out:

Real-time facial recognition software can simply be added to existing cameras, so it is difficult to tell which CCTV cameras are using the technology and how many around the country might be in operation.

DarkCyber believes that this means real time facial recognition is going to be a feature update, not unlike getting a new swipe action with a mobile phone operating system upgrade.

The article does not identify vendors providing these features, nor are data about accuracy, costs, and supporting infrastructure required.

What’s intriguing is that the article raises the thought that Australia might be on the information highway leading to a virtual location where Chinese methods are part of the equipment for living.

Will Australia become like China?

Odd comparison that. There’s the issue of population, the approach to governance, and the coastline to law enforcement ratio.

The write up also sidesteps the point that facial recognition is a subset of pattern recognition, statistical cross correlation, and essential plumbing for Ripper.

Who provides the smart software for that shark spotting drone? Give up? Maybe Amazon, the company not selling facial recognition to law enforcement in the US.

Interesting, right?

Stephen E Arnold, June 17, 2020

 

Amazon: Can Money Buy Smooth Sailing?

June 15, 2020

What is the obvious solution when you must not leave home but there are things to purchase? Amazon.com, of course. And where do businesses turn when they must suddenly facilitate remote workers? For many, the solution is Amazon’s AWS. During this pandemic the tech giant has grown even larger, but with this success comes a lot of criticism. Yahoo News tells us, “Amazon Hit from All Sides as Crisis Highlights Growing Power.” One prominent example—New York state Attorney General Letitia James and others were disgusted Amazon fired a worker who had led a protest over covid-19-related safety concerns. The company says the employee was actually fired for refusing to quarantine after testing positive for the disease. Hmm.

AFP reporter Julie Jammot writes:

“As Amazon becomes an increasingly important lifeline in the pandemic crisis, it is being hit with a wave of criticism from activists, politicians and others who question the tech giant’s growing influence. Amazon has become the most scrutinized company during the health emergency. It has boosted its global workforce to nearly one million and dealt with protests over warehouse safety and reported deaths of several employees. But Amazon has also pledged to spend at least $4 billion in the current quarter — its entire expected operating profit — on coronavirus mitigation efforts, including relief contributions and funding research. Amazon’s AWS cloud computing unit, which powers big portions of the internet, is also a key element during the crisis with more people and companies working online. Amazon’s market value has hovered near record levels around $1.2 trillion dollars as it reported rising revenues and lower profits in the past quarter.”

The company’s size alone, say activists, is reason enough for scrutiny. Some are concerned about the way Amazon treats workers, others balk at the financial gain CEO Jeff Bezos has personally enjoyed during this time. Though the company has increased pay above minimum wage during the crisis, to $15 an hour, critics say it could afford to pay much more. There is also concern that, with its popular streaming service on top of everything else, the company just wields too much influence in people’s daily lives.

Amazon seems to have sailed through the biological disturbance. Now comes the legal thunderstorms. Smooth cruising ahead? Unlikely.

Cynthia Murrell, June 15, 2020

Conferences: A Juicy Source of Intelligence?

June 9, 2020

Conferences are interesting. These face-to-face experiences are becoming virtual. After decades of operating off the radar for most attendees, the content of conferences is “suddenly” getting some love.

Decades ago, I worked at a company which produced a database called CPI or Conference Papers Index. That database was sold to another firm, and I am not sure if the original product persists 39 years later. Only a handful of customers accessed this product compared to our flagship databases ABI/INFORM and Business Dateline.

Potential Organized Fraud in ACM/IEEE Computer Architecture Conferences” caused me to think about who (the people) and the companies (the outfits hiring the people) used CPI. Almost 40 years ago, the who and the companies were either government agencies from countries which now provide high technology to the US and other nation states and companies either based in the US with non-US owners or outfits with names difficult to connect to a particular discipline. Did I care 40 years ago? Nope. We wanted to sell that database for several reasons:

  1. Conference organizers were among the most disorganized and distracted outfits we tapped for information; for example, copies of talks, abstracts, and names and affiliations of speakers. Much effort and many “let’s have lunch” and “yes, we will send that information tomorrow.” Sorry, lesson learned. Conferences 40 years ago were a different content animal. Fiefdoms, ego centric owners who wanted “total control”, trade associations eager to serve their members and preserve their mostly concierge type jobs, and similar flora and fauna. Much remains unchanged even as conferences undergo Rona-ization.
  2. Customers were not plentiful. The customers the CPI attracted wanted more: More images, more full text, more presentation foils. Delivering more cost money and it was not clear that if we invested the money to get “more” information that it would be a profitable operation. My hunch is that indexes of conferences, including the wonky listings one can find on the Internet, are essentially useless. Why? Sponsors are not indexed consistently. Names of speakers are not included as searchable content. The presentations, if one is lucky, becomes a YouTube video, usually delivered with both lousy audio and video. Sigh. Conferences are today a black hole of content. Going into the virtual conference business just makes the black hole deeper and weirder than before Rona.
  3. Conference organization is a remarkable exercise in rejecting, begging, and scrambling. Each conference wants stars for the keynotes. Each conference wants new talent to deliver hot information. Each conference desperately needs sponsors; that is, people to pay for snacks (yuck), liquor (much loved by attendees except for virtual presentations unless a company FedExes bottles to an attendee-with-a-budget’s home), and lunch (now a weird buffet brown bag thing which hopefully will disappear from real and virtual events completely). The organizer wants to put on a stellar show but lacks the expertise, money, and organizational talent to pull off most events.

What’s the fix?

If the information in the write up is accurate, it seems — note the hedge word “seems” — that individuals, companies, and countries are doing everything in their power to get their hands on the same information that people told us to include in our Conference Papers Index.

Valuable data include:

  • Abstracts of proposed talks, some submitted a year before an event in certain event cycles
  • The actual draft presentations: Text, PDFs of the visuals, author’s biography, and author details
  • Names of speakers, addresses, email, etc.

The blog post suggests that some fancy dancing has been underway in the rarified world of big tech at the ACM and IEEE computer architecture conferences.

The article is worth reading.

However, there is context for what amounts to intelligence exploitation.

The question is, “Will most conference organizers care?” Another question, “Will most conference organizers be sufficiently adept at addressing the alleged problem?”

DarkCyber has a tentative answer, “Nope. The sucking of conference data is an institutionalized behavior for many “experts,” their employers, some government entities, and even employees of conference companies.

Net net: Squeeze the fruit for informational juice.

Stephen E Arnold, June 9, 2020

Rounding Error? Close Enough for Horse Shoes in Michigan

June 9, 2020

Ah, Michigan. River Rouge, the bridge to Canada, and fresh, sparkling water. These cheerful thoughts diminished when I read “Government’s Use of Algorithm Serves Up False Fraud Charges.”

The write up describes a smart system. The smart system was not as smart as some expected. The article states:

While the agency still hasn’t publicly released details about the algorithm, class actions lawsuits allege that the system searched unemployment datasets and used flawed assumptions to flag people for fraud, such as deferring to an employer who said an employee had quit — and was thus ineligible for benefits — when they were really laid off.

Where did the system originate? A D student in the University of Michigan’s Introduction to Algorithms class? No. The article reports:

The state’s unemployment agency hired three private companies to develop MiDAS, as well as additional software. The new system was intended to replace one that was 30 years old and to consolidate data and functions that were previously spread over several platforms, according to the agency’s 2013 self-nomination for an award with the National Association of State Chief Information Officers. The contract to build the system was for more than $47 million. At the same time as the update, the agency also laid off hundreds of employees who had previously investigated fraud claims.

Cathy O’Neil may want to update her 2016 “Weapons of Math Destruction.” Michigan has produced some casualties. What other little algorithmic surprises are yet to be discovered? Will online learning generate professionals who sidestep these types of mathiness? Sure.

Stephen E Arnold, June 9, 2020

Next Page »

  • Archives

  • Recent Posts

  • Meta