CREST Includes Additional Documents

January 22, 2017

Short honk: The CIA has responded to a Freedom of Information Act request and posted additional documents. These are searchable via the CREST system. The content is accessible at this link.

Stephen E Arnold, January 22, 2017

Where to Sell Cyber-Centric Software and Services

January 20, 2017

The Lost Angeles Times published “A Look at the 17 Agencies That Make Up the U.S. Intelligence Community.” My hunch is that the “real” journalists thought that the list would be “real” news. I scanned the information and noted:

  • No useful urls were provided
  • Where to track funding and new project announcements was not included
  • Specific information about the objectives of each entity was omitted
  • The sub entities associated with the principal intelligence entity; for example, Strategic Capabilities Office.

What is the list? Well, if a small outfit in Orange County wants to sell its products and services to the US government’s “intelligence’ entities, the list provides a starting point for research.

The article could have been become a useful way to stimulate outfits not participating in these agencies’ projects to get the ball rolling. The write up contains one useful thing—a list of agencies which blurs the role of the Department of Defense and omits some interesting entities:

Air Force Intelligence, Surveillance and Reconnaissance
Army Military Intelligence
Central Intelligence Agency
Coast Guard Intelligence
Defense Intelligence Agency
Drug Enforcement Administration, Office of National Security Intelligence
Energy Department, Office of Intelligence and Counterintelligence
Federal Bureau of Investigation
Homeland Security, Office of Intelligence and Analysis
Marine Corp Intelligence
National Geospatial Intelligence Agency
National Reconnaissance Office
National Security Agency
Office of Naval Intelligence
Office of the Director of National Intelligence
State Department, Bureau of Intelligence and Research
Treasury Department, Office of Intelligence and Analysis

My hunch is that the “real” newspaper is revealing the vapidity of its editorial method. But, hey, I live in rural Kentucky and don’t understand the ways of the big city folks.

Stephen E Arnold, January 20, 2017

DARPA Open Catalog

January 18, 2017

If you are interested in DARPA’s open catalog of open source software, you can find the pointers at this link. The public facing Web site does not provide the names of the companies or research organizations working on the software. The cyber-related listings available in 2015 and early 2-16 no longer appear. Links do point to the program manager for specific projects; for example, the office responsible to ADAMS which detects anomalies in Big Data sets. For generalists interested in DARPA Dark Web projects, the information is difficult to locate using open source tools. The change in the scope of the public facing Open Catalog appears to have taken place July 2016. Some information about specific software can be located if one knows the name of a research entity involved in the Memex project; for example, a query for Stanford University’s DeepDive which was updated in early 2016. One use of DeepDive is to identify spouses in the news.

Stephen E Arnold, January 18, 2017

The Uncertainty for Beltway Bandits: Billions at Stake

January 17, 2017

I don’t find CNBC a source of useful information. I did notice a write up with a title which caught my attention; specifically “Trump’s Rift with Intelligence Community Is Spooking US Spy Agency Contractors.” The business of some intelligence agencies boils down to information access, search, and content processing. With digital content readily available, the Beltway Bandits (contractors, consulting outfits, and body shops which provide “services” to the US government have been, are, and should be in hog heaven. Successful Beltway Bandits wallow in money, not mud, I wish to point out.

The CNBC story asserts:

The changing political landscape in Washington and friction between President-elect Donald Trump and the U.S. intelligence community could have major implications not only for the spy agencies but for the shadow private contractors such as Booz Allen Hamilton that support them.

Yikes. The Boozer!

The idea is that

Booz Allen, which gets 97 percent of it revenue from U.S. government agencies, provides everything from cyber and IT services to work designed to enhance the nation’s intelligence capabilities.

CNBC notes:

Overall, the U.S. budget for the national intelligence program was $53 billion in fiscal 2016 and another $17.7 billion for the military intelligence program.

My view from rural Kentucky is that the “total” is probably different from what CNBC reports. One example: What about the budget for projects for the White House, what about entities with one innocuous name which perform “interesting” work. Are these figures tallied?

CNBC notes that despite the uncertainty which accompanies any new president taking office, spending for information and intelligence is likely to go up.

My thought is that Booz, Allen and similar firms are going to chug along. Information access is a tough problem. Who is the president and his appointees going to rely upon? A Yandex query? Experts in Cairo, Illinois? Nope. The Beltway crowd, a tradition for decades.

Stephen E Arnold, January 17, 2017

The Government Has a Sock Puppet Theater

January 13, 2017

Law enforcement officials use fake social media accounts and online profiles to engage with criminals.  Their goal is to deter crime, possibly even catching criminals in the act for a rock solid case.  While this happened way back in 2011, the comments are still coming.  In light of the recent presidential election and the violent acts of the past year, it is no wonder the comments are still fresh.  Tech Dirt talked about how the, “US Military Kicks Off Plan To Fill Social Networks With Fake Sock Puppet Accounts.”

The goal was for a company to develop a software that would allow one person to create and manage various social media profiles (including more than one profile on the same platform).  These accounts will then, and we are speculating on this given how dummy accounts have been used in the past, to catch criminals.  The article highlights how the government would use the sock puppet accounts:

Apparently a company called Ntrepid has scored the contract and the US military is getting ready to roll out these “sock puppet” online personas. Of course, it insists that all of this is targeting foreign individuals, not anyone in the US. And they promise it’s not even going to be used on US-based social networks like Facebook or Twitter, but does anyone actually believe that’s true?

Then the comments roll in a conversation that a span of five years the commentators argue about what it means to be American, reaffirming that the US government spies on its citizens, and making fun of sock puppets.

Whitney Grace, January 13, 2017

The Sophistication of the Dark Web Criminals of Today

January 11, 2017

Vendors of stolen credit card information on the dark web are now verifying their customers’ identities, we learn from an article at the International Business Times, “The Fraud Industry: Expect to be KYC’d by Criminals When Buying Stolen Credit Cards on the Dark Web.” Yes, that is ironic. But these merchants are looking for something a little different from the above-board businesses that take KYC measures. They want to ensure potential clients are neither agents of law-enforcement nor someone who will just waste their time.  Reporter Ian Allison cites Richard Harris, an expert in fraud detection through machine learning, when he writes:

Harris said some websites begin with a perfunctory request that the buyer produce some stolen card numbers of their own to show they are in the game. ‘There are various websites like that where undercover cops have been caught out and exposed. Like anybody else, they are in business and they take the security of their business seriously,’ he said.

Things have moved on from the public conception of a hacker in a hoodie who might hack the Pentagon’s website one day and steal some credit card details the next. That was 10 or 15 years ago. Today this is a business, pure and simple. It is about money and lots of it, like for instance the recent hit in Japan that saw a criminal gang make off with ¥1.4bn (£8.9m, $13m) from over 1,400 ATMs in under three hours. They simultaneously targeted teller machines located in Tokyo, Kanagawa, Aichi, Osaka, Fukuoka, Nagasaki, Hyogo,Chiba and Nigata. The Japanese police suspect more than 100 criminals were involved in the heist.

Harris is excited about the potential for machine learning to help thwart such sophisticated and successful, criminals. The article continues with more details about today’s data-thievery landscape, such as the dark-web bulletin boards where trade occurs, and the development of “sniffers” — fake wi-fi hubs that entice users with a promise of free connectivity, then snatch passwords and other delectable data. Allison also mentions the feedback pages on which customers review dark-web vendors, and delves into ways the dark web is being used to facilitate human trafficking. See the write-up for more information.

Cynthia Murrell, January 11, 2017

BAE Lands US Air Force Info Fusion Job

January 6, 2017

I read “BAE Systems Awarded $49 Million Air Force Research Lab Contract to Enhance Intelligence Sharing.” The main point is that the US Air Force has a pressing need for integrating, analyzing, and sharing text, audio, images, and data. The write up states:

The U.S. Air Force Research Lab (AFRL) has awarded BAE Systems a five-year contract worth up to $49 million to develop, deploy, and maintain cross domain solutions for safeguarding the sharing of sensitive information between government networks.

The $49 million contract will enhance virtualization, boost data processing, and support the integration of machine learning solutions.

I recall reading that the Distributed Common Ground System performs some, if not most, of these “fusion” type functions. The $49 million seems a pittance when compared to the multi-billion dollar investments in DCGS.

My hunch is that Palantir Technologies may point to this new project as an example of the US government’s penchant for inventing, not using commercial off the shelf software.

Tough problem it seems.

Stephen E Arnold, January 6, 2016

CIA Adapts to Cyber Reality

January 5, 2017

It would be quite the understatement to say the Internet had drastically changed the spy business. The evolution comes with its ups and downs, we learn from the article, “CIA Cyber Official Sees Data Flood as Both Godsend and Danger” at the Stars and Stripes. Reporter Nafeesa Syeed cites an interview with Sean Roche, the CIA’s associate deputy director for digital innovation. The article informs us:

A career CIA official, Roche joined the agency’s new Directorate for Digital Innovation, which opened in October, after serving as deputy director for science and technology.[…]

Roche’s division was the first directorate the CIA added in half a century. His responsibilities include updating the agency’s older systems, which aren’t compatible with current technology and in some cases can’t even accommodate encryption. The directorate also combined those handling the agency’s information technology and internet systems with the team that monitors global cyber threats. ‘We get very good insights into what the cyber actors are doing and we stop them before they get to our door,’ Roche said.

Apparently, finding tech talent has not been a problem for the high-profile agency. In fact, Syeed tells us, many agents who had moved on to the IT industry are returning, in senior positions, armed with their cyber experience. Much new talent is also attracted by the idea of CIA caché. Roche also asserts he is working to boost ethnic diversity in the CIA by working with organizations that encourage minorities to pursue work in technical fields. What a good, proactive idea! Perhaps Roche would consider also working with groups that promote gender equity in STEM fields.

In case you are curious, Roche’s list of the top nations threatening our cybersecurity includes Russia, China, Iran, and North Korea. No surprises there.

Cynthia Murrell, January 5, 2017

US Patent Search Has a Ways to Go

January 3, 2017

A recent report was released by the U.S. Government Accountability Office entitled Patent Office Should Strengthen Search Capabilities and Better Monitor Examiners’ Work. Published on June 30, 2016, the report totals 91 pages in the form of a PDF. Included in the report is an examination by the U.S. Patent and Trademark Office (USPTO) of the challenges in identifying relevant information to an existing claimed invention that effect patent search. The website says the following in regards to the reason for this study,

GAO was asked to identify ways to improve patent quality through use of the best available prior art. This report (1) describes the challenges examiners face in identifying relevant prior art, (2) describes how selected foreign patent offices have addressed challenges in identifying relevant prior art, and (3) assesses the extent to which USPTO has taken steps to address challenges in identifying relevant prior art. GAO surveyed a generalizable stratified random sample of USPTO examiners with an 80 percent response rate; interviewed experts active in the field, including patent holders, attorneys, and academics; interviewed officials from USPTO and similarly sized foreign patent offices, and other knowledgeable stakeholders; and reviewed USPTO documents and relevant laws.

In short, the state of patent search is currently not very good. Timeliness and accuracy continue to be concerned when it comes to providing effective search in any capacity. Based on the study’s findings, it appears bolstering the effectiveness of these areas can be especially troublesome due to clarity of patent applications and USPTO’s policies and search tools.

Megan Feil, January 3, 2017

Norwegian Investigators Bust Child Pornography Racket over Dark Web

January 3, 2017

A yearlong investigation has busted a huge child pornography racket and resulted in a seizure of 150 Terabytes of pornographic material. Out of 51 accused, 20 so far have been arrested.

New Nationalist in a news piece titled – 150 Terabytes! Norway Busts Largest Dark Web, Child Porn Networks in History — US, UK Media Ignore Story says:

It’s one of the largest child sex abuse cases in history. A year-long special investigation called “Operation Darkroom” resulted in the seizure of 150 terabytes of data material in the form of photos, movies and chat logs containing atrocities against children as young as infancy, Norwegian police announced at a news conference in late November.

The investigation has opened a Pandora’s box of pedophiles. The accused list mostly comprises of educated individuals like politicians, lawyers, teachers, and a police officer too. Most accused are yet to be apprehended by the investigators.

Despite the bust happening in November followed by a press conference, US and UK based media has turned a blind eye towards this happening. The news report further states:

The Library of Congress holds about 600 terabytes of Web data. Its online archive grows at a rate of about 5 terabytes per month. Also note the horrifically sadistic nature of the material seized. And note that police are investigating the reach as worldwide, which means it involves a massive scale of evil filth. But nobody in the criminally compliant mainstream media thinks its newsworthy.

It might be possible that the world media was busy with US Presidential elections, thus its reporting was very low key. An interesting take away from this entire sad episode – the Dark Web is not a hideout of hackers, terrorists, drug dealers, and hitmen – seemingly upright citizens lurk on Dark Web too.

Vishal Ingole, January 3, 2017

Next Page »