CyberOSINT banner

Local News Station Produces Dark Web Story

April 22, 2016

The Dark Web continues to emerge as a subject of media interest for growing audiences. An article, Dark Web Makes Illegal Drug, Gun Purchases Hard To Trace from Chicago CBS also appears to have been shared as a news segment recently. Offering some light education on the topic, the story explains the anonymity possible for criminal activity using the Dark Web and Bitcoin. The post describes how these tools are typically used,

“Within seconds of exploring the deep web we found over 15,000 sales for drugs including heroin, cocaine and marijuana. In addition to the drugs we found fake Illinois drivers licenses, credit card and bank information and dangerous weapons. “We have what looks to be an assault rifle, AK 47,” said Petefish. That assault rifle AK 47 was selling for 10 bitcoin which would be about $4,000. You can buy bitcoins at bitcoin ATM machines using cash, leaving very little trace of your identity. Bitcoin currency along with the anonymity and encryption used on the dark web makes it harder for authorities to catch criminals, but not impossible.”

As expected, this piece touches on the infamous Silk Road case along with some nearby cases involving local police. While the Dark Web and cybercrime has been on our radar for quite some time, it appears mainstream media interest around the topic is slowly growing. Perhaps those with risk to be affected, such as businesses, government and law enforcement agencies will also continue catching on to the issues surrounding the Dark Web.

 

Megan Feil, April 22, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Battlefield Moves Online Forming Cyber Industrial Complex

April 13, 2016

Undoubtedly, in recent decades many processes and products have moved online. Warfare may not be exempt from this migration. Meet The Cyber-Industrial Complex: Private Contractors May Get $7B Windfall From Pentagon’s Cyberwar On ISIS, an article from International Business Times, tells us more. Defense Secretary Ashton Carter recently confirmed U.S. development of digital weapons and training of online soldiers. According to the article,

“Cyberwar threatens to cause havoc worldwide, but it could be good for the U.S. economy and a handful of publicly listed companies. Defense Secretary Ashton Carter, as part of a $582.7 billion budget request to fund his department through 2017, recently said nearly $7 billion of that will be allocated toward improving the military’s ability to develop and deploy offensive cyberweapons. That’s great news for a number of private contractors, who stand to benefit from the spending., and the highly skilled individuals they may end up hiring.”

The article explains these capabilities have been utilized by the U.S. in the past, such as the Kosovo war, but now the U.S. is claiming these tools and tactics. It is an interesting leap to visualize what attacks will evolve to look like on an online battlefield. Equally interesting is the article’s point about conflict being a business opportunity for some; it may also be true to say more problems, more money.

 

Megan Feil, April 13, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

ID Agent Alerts Government Contractors to Cyber Risk

April 12, 2016

All kinds of information shows up on the Dark Web, including thousands of emails of federal contractors. A recent article from Fierce Government IT, Report: Thousands of contractor emails found on Dark Web, shares several findings from a study conducted by ID Agent, a firm promoting its Dark Web security intelligence product. The study, “Federal Supply Chain Analysis: Cyber Threats from the Dark Web” relied on historical data loss information regarding numbers of email accounts stolen to analyze contracting areas based on their cyber risk.

The write-up expands on where ID Agent sees opportunity,

“Having cyber criminals with access to these accounts is scary enough, but malicious actors operating on the Dark Web have also taken many more forms in recent years. “While stolen personal information is concerning, national and corporate espionage continues to play a major role in the activities conducted via the Dark Web,” the report noted. ID Agent is by no means a disinterested party in disclosing the risk of these email accounts, as it hopes to market its Dark Web ID product that regularly provides this sort of threat intelligence to customers. Still, the study’s findings are a wake-up call to government contractors and the agencies employing them.”

ID Agent uses a proprietary algorithm for situating the risk of various companies and organizations. While this is a new market space, they are certainly not the only game in town when it comes to security and intelligence solutions which take the Dark Web into account. This appears to be an expanding ecosystem.

 

Megan Feil, April 12, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

FBI Runs Child Porn Website to Take down Child Porn Website

April 12, 2016

The article on MotherBoard titled How The FBI Located Suspected Administrator of the Dark Web’s Largest Child Porn Site provides a comprehensive overview of the events that led to the FBI being accused of “outrageous conduct” for operating a child pornography site for just under two weeks in February of 2015 in order to take down Playpen, a dark web child porn service. The article states,

“In order to locate these users in the real world, the agency took control of Playpen and operated it from February 20 to March 4 in 2015, deploying a hacking tool to identify visitorsof the site. The FBI hacked computers in the US, Greece, Chile, and likely elsewhere.

But, in identifying at least two high ranking members of Playpen, and possibly one other, the FBI relied on information provided by a foreign law enforcement agency (FLA), according to court documents.”

Since the dial-up era, child pornographers have made use of the Internet. The story of comedian Barry Crimmins exposing numerous child pornographers who were using AOL’s early chat rooms to share their pictures is a revealing look at that company’s eagerness to turn a blind eye. In spite of this capitulation, the dark web is the current haven for such activities, and the February 2015 hacking project was the largest one yet.

 

 

 

Chelsea Kerwin, April 12, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
==

UK Cybersecurity Director Outlines Agencys Failures in Ongoing Cyberwar

April 8, 2016

The article titled GCHQ: Spy Chief Admits UK Agency Losing Cyberwar Despite £860M Funding Boost on International Business Times examines the surprisingly frank confession made by Alex Dewdney, a director at the Government Communications Headquarters (GCHQ). He stated that in spite of the £860M funneled into cybersecurity over the past five years, the UK is unequivocally losing the fight. The article details,

“To fight the growing threat from cybercriminals chancellor George Osborne recently confirmed that, in the next funding round, spending will rocket to more than £3.2bn. To highlight the scale of the problem now faced by GCHQ, Osborne claimed the agency was now actively monitoring “cyber threats from high-end adversaries” against 450 companies across the UK aerospace, defence, energy, water, finance, transport and telecoms sectors.”

The article makes it clear that search and other tools are not getting the job done. But a major part of the problem is resource allocation and petty bureaucratic behavior. The money being poured into cybersecurity is not going towards updating the “legacy” computer systems still in place within GCHQ, although those outdated systems represent major vulnerabilities. Dewdney argues that without basic steps like migrating to an improved, current software, the agency has no hope of successfully mitigating the security risks.

 

Chelsea Kerwin, April 8, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Glueware: A Sticky and Expensive Mess

April 5, 2016

I have been gathering open source information about DCGS, a US government information access and analysis system. I learned that the DCGS project is running a bit behind its original schedule formulated about 13 years ago. I also learned that the project is little over budget.

I noted “NASA Launch System Software Upgrade Now 77% overt Budget.” What interested me was the reference to “glueware.” The idea appears to be that it is better, faster, and maybe cheaper to use many different products. The “glueware” idea allows these technologies to be stuck or glued together. This is an interesting idea.

According to the write up:

To develop its new launch software, NASA has essentially kluged together a bunch of different software packages, Martin noted in his report. “The root of these issues largely results from NASA’s implementation of its June 2006 decision to integrate multiple products or, in some cases, parts of products rather than developing software in-house or buying an off-the-shelf product,” the report states. “Writing computer code to ‘glue’ together disparate products has turned out to be more complex and expensive than anticipated. As of January 2016, Agency personnel had developed 2.5 million lines of ‘glue-ware,’ with almost two more years of development activity planned.”

The arguments for the approach boil down to the US government’s belief that many flowers blooming in one greenhouse is better than buying flowers from a farm in Encinitas.

The parallels with DCGS and its well known government contractors and Palantir with its home brew Gotham system are interesting to me. What happens if NASA embraces a commercial provider? Good news for that commercial provider and maybe some push back from the firms chopped out of the pork loin. What happens if Palantir gets rebuffed? Unicorn burgers, anyone?

Stephen E Arnold, April 5, 2016

Bandwidth Item from DARPA

April 5, 2016

Short honk. If you follow the activities of the US government, you may be interested in “DARPA Wants to Give Radio Waves AI to ‘Stretch Bandwidth.” The idea is an important one. The reason is that the US government requires bandwidth to move around certain interesting data. Worth noting. Now about the value of bandwidth “owned” by commercial entities?

Stephen E Arnold, April 5, 2016

Advertising and Search Confidence: Google As Government

March 26, 2016

I read “US State Department Emails: Google Wanted in 2012 to Help Syria’s Rebels Overthrow Assad.” The story might be a load of horse feathers. I stopped and read the article and noted this passage:

Messages between former secretary of state Hillary Clinton’s team and one of the company’s executives detailed the plan for Google to get involved in the region. “Please keep close hold, but my team is planning to launch a tool … that will publicly track and map the defections in Syria and which parts of the government they are coming from,” Jared Cohen, the head of what was then the company’s “Google Ideas” division, wrote in a July 2012 email to several top Clinton officials.

Perhaps this is Palantir envy? Clever folks are confident of their abilities. And here is a See Also reference.

Stephen E Arnold, March 26, 2016

DocPoint and Concept Searching: The ONLY Choice. Huh?

March 24, 2016

DocPoint is a consulting and services firm focusing on the US government’s needs. The company won’t ignore commercial firms’ inquiries, but the line up of services seems to be shaped for the world of GSAAdvantage users.

I noted that DocPoint has signed on to resell the Concept Searching indexing system. In theory, the SharePoint search service performs a range of indexing functions. In actual practice, like my grandmother’s cookies, many of the products are not cooked long enough. I tossed those horrible cookies in the trash. The licensees of SharePoint don’t have the choice I did when eight years old.

DocPoint is a specialist firm which provides what Microsoft cannot or no longer chooses to offer its licensees. Microsoft is busy trying to dominate the mobile phone market and doing bug fixes on the Surface product line.

The scoop about the DocPoint and Concept Searching deal appears in “DocPoint Solutions Adds Concept Searching To GSA Schedule 70.” The Schedule 70 reference means, according to WhatIs.com:

a long-term contract issued by the U.S. General Services Administration (GSA) to a commercial technology vendor.  Award of a Schedule contract signifies that the GSA has determined that the vendor’s pricing is fair and reasonable and the vendor is in compliance with all applicable laws and regulations. Purchasing from pre- approved vendors allows agencies to cut through red tape and receive goods and services faster. A vendor doesn’t need to win a GSA Schedule contract in order to do business with U.S. government agencies, but having a Schedule contract can cut down on administrative costs, both for the vendor and for the agency. Federal agencies typically submit requests to three vendors on a Schedule and choose the vendor that offers the best value.

To me, the deal is a way for Concept Searching to generate revenue via a third party services firm.

In the write up about the tie up, I highlighted this paragraph which is a single paragraph with an amazing assertion:

A DocPoint partner since 2012, Concept Searching is the only [emphasis added] company whose solutions deliver automatic semantic metadata generation, auto-classification, and powerful taxonomy tools running natively in all versions of SharePoint and SharePoint Online. By blending these technologies with DocPoint’s end-to-end enterprise content management (ECM) offerings, government organizations can maximize their SharePoint investment and obtain a fully integrated solution for sharing, securing and searching for mission-critical information.

Note the statement “only company whose solutions deliver…” “Only” means, according to the Google define function:

No one or nothing more besides; solely or exclusively.

Unfortunately the DocPoint assertion about Concept Searching as the only firm appears to be wide of the mark. Concept Search is one of many companies offering the functions set forth in the content marketing “news” story. In my files, I have the names of dozens of commercial firms offering semantic metadata generation, auto-classification, and taxonomy tools. I wonder if Layer2 or Smartlogic have an opinion about “only”?

Stephen E Arnold, March 24, 2016

More Amazing Factoids: US Government Web Sites Best Amazon and Google in User Satisfaction

March 22, 2016

I read “Government Websites Best Amazon, Google in User Satisfaction.” From the write up generated by “real” journalist at a “real” media outfit, I learned:

By one measure, a well-established gauge of user satisfaction, the government actually beats out many of the top business sites on the Web, including perennial consumer favorites Amazon, Expedia and Google.

Where doth the datum originate? Well, the hardly annoying pop up survey outfit ForeSee. According to the write up:

ForeSee evaluates websites on a 100-point customer-satisfaction scale, looking at a variety of factors like search, functionality and ease of navigation. The firm also focuses on outcomes, such as the likelihood that users would return to the site or recommend it to others.

Now for the data:

… 36 percent of the 101 websites ForeSee evaluated in the fourth quarter of 2015 notched scores of 80 or above, what the firm deems as the threshold where websites are “meeting or exceeding the standards of excellence for highly satisfied visitors.” That mark was up from 30 percent in the first quarter of the year. Leading the pack were four websites maintained by the Social Security Administration. Two SSA sites scored 90 on ForeSee’s satisfaction index, and two others scored 89. For comparison, Amazon netted an 86 on the same index. Vanguard.com came in at 80, followed by Google (78), Pinterest (78), Expedia (77) and NYTimes.com (76).

I have added some bold face to make it easier to see the slam dunk the US government Web sites are putting in the face of Team Traffic.

Wow, up from 30% in a matter of months. The Social Security Administration must be doing something right. A couple of questions:

  • Does the SSA site support remembering certain passwords for users or do some must have functions lose the state of certain users?
  • Has foot traffic at Social Security offices declined because the SSA Web sites are satisfying such a large percentage of users?
  • Are the SSA Web sites integrated, or are disparate systems, including mainframes, still generating content for internal reports and public Web queries?

Well, the write up focuses on the lousy job some consumer centric sites are doing with user satisfaction. Are we comparing apples and oranges, or is this just a convenient way to reward some good government clients and remind the most used Web sites that some folks don’t like the modern Web?

No answers, but I am sure some of the university-inspired wizards at ForeSee will have logical, but glib, answers.

By the way, what’s the traffic at the four best Web sites doing in the same time period? My information suggests that traffic to US government Web sites is not booming because the US government Web sites have not made the transitions required to deal with the growing base of users with mobile devices.

Stephen E Arnold, March 22, 2016

Next Page »