• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

 Subscribe

Big Tech Vows, Warrants, Commits, Guarantees, and Assures to Make Security Way Way Way Better

I had to laugh. I read some of the write ups explaining the pledges of big tech to the White House about security. The US is at or near the bottom when it comes to security. America plays offense. The defense thing is not what George Washington would do.

Here’s a representative write up: “Google, Microsoft Plan to Spend Billions on Cybersecurity after Meeting with Biden.” This triggered a chuckle and a snort:

IBM CEO Arvind Krishna told CNBC ahead of the meeting and outside the White House on Wednesday that cybersecurity is “the issue of the decade.” He said he hoped to see more coordination between the public and private sectors coming out of the meeting and said IBM would do its part to help skill workers in the space.

Why are adversaries of the US running exfiltration, ransomware, and intellectual property theft operations?

Let me count the ways:

1. Systems from outfits like Apple and Microsoft can be compromised because security is an add on, an afterthought, or a function implemented to protect revenues
2. Senior managers in many US firms are clueless about security and assume that our employees won’t create problems by selling access, clicking on scammer emails, or working from home on projects funded by bad actors
3. Customers pay little or no attention to security, often ignoring or working around security safeguards when they exist. Hey, security distracts those folks from scrolling through Facebook or clicking on TikTok videos.

There are other reasons as well; for example, how about the steady flow of one off security gaps discovered by independent researchers. Where are the high end threat intelligence services. If a single person can find a big, gaping security hole, why are the hundreds of smart cyber security systems NOT finding this type of flaw? Oh, right. Well, gee. A zero day by 1,000 evil techies in China or Moldova is the answer. Sorry, not a good answer.

There is a cyber security crisis in America. Yes, Windows may be the giant piece of cheese for the digital rats. Why hack US systems? That’s where there are lots of tasty cheese.

Is there a fix which billions “invested” over five years can fix?

Nope.

Pipe dreams, empty words, and sheepish acquiescence to a fact that bad actors around the world find enervating.

More stringent action is needed from this day. That’s not happening in my opinion. Who created the cyber security problem? Oh, right the outfits promising do not do it again. Quick action after decades of hand waving. And government regulations, certification, and verification that cyber security systems actually work? Wow, that’s real work. Let’s have a meeting to discuss a statement of work and get some trusted consulting firm on this pronto.

I have tears in my eyes and not from laughing. Nothing funny here.

Stephen E Arnold, August 26, 2021

About Those Painful Fines

Never one to let pesky regulations get in the way of doing business, “Amazon Hit with Record $888M Fine Over GDPR Violations,” reports CNet. Even that eye-popping sum represents but a minor cost of doing business to the online retail giant. Luxembourg authorities levied the 746 million euro fine on July 16, saying Amazon violated the EU’s GDPR data protection laws. At issue is the way the company processes customer data. Citing reporting from Bloomberg, writer Katie Collins tells us:

“[The CNPD’s] into Amazon was based on a 2018 complaint by French privacy group La Quadrature du Net. The group says it represents the interests of thousands of Europeans to ensure their data isn’t used by big tech companies to manipulate their behavior for political or commercial purposes. It didn’t immediately respond to request for comment. Amazon is under growing scrutiny both at home and abroad over the way it uses customer data. Regulators are concerned that not only could the company’s data processing policies violate privacy protections for consumers while they’re shopping online, they might give the company an advantage over competitors operating within its marketplace. Meanwhile, Amazon is keen for customers to know that their data is safe, and unlike many GDPR fines, this one hasn’t been issued due to a data breach. ‘Maintaining the security of our customers’ information and their trust are top priorities,’ said an Amazon spokesman in a statement on Friday. ‘There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed.’”

Nice attempt at deflection, Amazon. A data breach is not the issue here, but rather willful disregard of EU privacy regulations. The Amazon spokesperson insists the fine is based on “subjective and untested interpretations” of the GDPR and that it is entirely out of proportion. Though it plans to appeal the fine, it is a price the company can easily pay.

To answer the question, will the fine have an impact? Nope, a monetary penalty is ineffective. Consider this: Russia Fines Google For Not Deleting Banned Content. How much? Three million rubles  or about $40,000US. Facebook might be fined as much as $82,000 by the Russian bear.

Painful not.

Cynthia Murrell, August 25, 2021

DarkCyber for August 24, 2021, Now Available

The program for August 24, 2021, is now available at this link. This program, number 17 in the 2021 series, contains five stories. These are:

The NSO Group matter has produced some interesting knock on effects.

The consequence of NSO Group’s activities include criticism from the United Nations and Edward Snowden, a whistle blower and resident of Moscow. The Taliban’s takeover of Afghanistan was remarkable.

The core technology for the antagonists is discussed. You will learn about the musician Tankz and his method for making illegal credit card fraud accessible to young people in the UK and elsewhere. In addition to alleged financial crime, Tankz sings about Pyrex whipping. Ask your children what this is and then decide if you need to take action.

The program includes another reminder than one can find anti-security actors on the Regular Web and the Dark Web. The challenge is to make sure you do not become the victim of a scam.

The US government created an interesting report about nuclear war. It is not clear how lo9ng this document will remain available from a public Web server. You can check the link in the DarkCyber video for yourself. Tip: The document explains how the US may select a target for a nuclear strike.

The final story reports that the drone called Avenger has a new capability: Autonomous decision capability enabled by track and follow electronics. No human operator needed when a target is identified.

DarkCyber is produced by Stephen E Arnold and the DarkCyber research team. New programs appear every two weeks unless one of the video distribution services decides to remove the content derived from open sources of information. Tankz and a fellow traveler named DankDex, purveyor of the Fraud Bible, appear to post without pushback.

Kenny Toth, August 24, 2021

Health And Human Services Continues Palantir Contract

The Us Department of Health and Human Services (HHS) renewed its contract with Palantir to continue using Tiberius. Fed Scoop shares the details about the renewal in the article, “HHS Renews, Expands Palantir’s Tiberius Contract To $31M.” Palantir designed Tiberius as a COVID-19 vaccine distribution platform. It has evolved beyond assisting HHS employees understand the vaccine supply chain to being the central information source for dosage programs.

HHS partnered with Palantir in mid-2020 under Trump’s administration. It was formerly known as Operation Warp Speed and now is called Countermeasure Acceleration Group. The renewed contract expands the Palantir’s deal from $17 million to $31 million. Palantir will continue upgrading Tiberius. Agencies will now use the platform to determine policy decision about additional doses, boosters, and international distribution.

When Palantir was first implemented it had not been designed to handle Federal Retail Pharmacy nor Long-Term Car Facility programs. These now provide more analysis gaps for vaccination gaps. Tiberius is also used for:

“Tiberius already has between 2,000 and 3,000 users including those at HHS, CDC, BARDA, the Countermeasure Acceleration Group, the Office of the Assistant Secretary for Preparedness and Response, the Federal Emergency Management Agency, the Pentagon, and other agencies involved in pandemic response. State and territory employees make up two-thirds of the user base, which also includes sub-state entities that receive vaccines like New York City and Chicago and commercial users including all retail pharmacies.”

Trump was supportive of Palantir; Biden’s team seems okay with the platform.

Whitney Grace, August 23, 2021

CISA Head Embraces Cooperation with Public-Private Task Force

Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly is wielding the power of cooperation in the fight against ransomware and other threats. Her agency will work with both other security agencies and big tech companies. This novel approach might just work. The article “Black Hat: New CISA Head Woos Crowd With Public-Private Task Force” at Threatpost reports on Easterly’s keynote presentation at this year’s Black Hat USA conference.

The partnership is logically named the Joint Cyber Defense Collaborative (JCDC) and had 20 corporate partners signed up by the end of July. Amazon, AT&T, Google Cloud, Microsoft, Verizon, and FireEye Mandiant are some of the biggest names participating. (Is FireEye, perhaps, trying to redeem itself?) Easterly also plans to work with other federal agencies like the DoD, NSA, and FBI to make sure their efforts align. We are told ransomware will be the team’s first priority. Writer Tom Spring reveals a bit about the new director:

“Easterly is a former NSA deputy for counterterrorism and has a long history within the U.S. intelligence community. She served for more than 20 years in the Army, where she is credited for creating the armed service’s first cyber battalion. More recently she worked at Morgan Stanley as global head of the company’s cybersecurity division. Easterly replaced CISA acting director Brandon Wales after the agency’s founder and former director Christopher Krebs was fired by former President Trump in 2020.”

But will the cybersecurity veteran be able to win over her corporate colleagues? The article notes one point in her favor:

“During a question-and-answer session, the CISA director scored points with the audience by stating that she supported strong encryption. ‘I realized that there are other points of view across the government, but I think strong encryption is absolutely fundamental for us to be able to do what we need to do,’ she said. … While acknowledging distrust within some segments of the cybersecurity community, Easterly urged the audience of security professionals to trust people first. ‘We know some people never want to trust an organization,’ she said. ‘In reality we trust people – you trust people. … When you work closely together with someone to solve problems, you can begin to create that trust.’

Will the JCDC members and CISA’s fellow agencies be able to trust one another enough to make the partnership a success? We certainly hope so, because effective solutions are sorely needed.

Cynthia Murrell, August 20, 2021

A Simple Question: Just One Cyber Security Firm?

There are quite a few cyber security, cyber intelligence, and cyber threat companies. I have a list of about 100 of the better known outfits in this business. Presumably there are dozens, maybe hundreds of trained analysts and finely tuned intelware programs looking for threats and stolen data 24×7.

I read “Secret Terrorist Watchlist with 2 million Records Exposed Online.” The write up states:

July this year, Security Discovery researcher Bob Diachenko came across a plethora of JSON records in an exposed Elasticsearch cluster that piqued his interest.

Here’s my question: Why was a single researcher the only expert aware of this serious breach (if indeed it is valid)?

My hunch is that the Fancy Dan 24×7 smart systems and the legions of developers refining smart intelware have produced systems that simply don’t work. If they did, numerous alerting services would have spotted the alleged do not fly data. The “single researcher” would have been late to the party. He wasn’t. Thank goodness for this research, Mr. Diachenko.

Those systems, as far as I know, did not. The question remains, “Maybe these commercial services don’t work particularly well?” Marketing is really easy, even fun. Delivering on crazy assertions is a different sort of job.

Stephen E Arnold, August 17, 2021

Online and In Control: WhatsApp Fingered

I read an interesting article called “Did America just lose Afghanistan because of WhatsApp?” I am not sure the author is going to become the TikTok sensation of policy analysis. The point of view is interesting, and it may harbor some high-value insight.

The write up states:

Open source reporting shows that rather than rocking up and going toe to toe with the Afghan national army, they appear to have simply called everyone in the entire country, instead, told them they were in control, and began assuming the functions of government as they went:

The Taliban let the residents of Kabul know they were in control through WhatsApp, gave them numbers to call if they ran into any problems. https://t.co/TPOZt8AQsm pic.twitter.com/QhggIWYymx

The article contains other references to Taliban communications via social media like Twitter and WhatsApp. The author notes:

WhatsApp is an American product. It can be switched off by its parent, Facebook, Inc, at any time and for any reason. The fact that the Taliban were able to use it at all, quite apart from the fact that they continue to use it to coordinate their activities even now as American citizens’ lives are imperiled by the Taliban advance which is being coordinated on that app, suggests that U.S. military intelligence never bothered to monitor Taliban numbers and never bothered to ask Facebook to ban them. They probably still haven’t even asked Facebook to do this, judging from the fact that the Taliban continues to use the app with impunity. This might explain why Afghanistan collapsed as quickly as it did.

The articles makes another statement which is thought provoking; to wit:

And as a result, they [the Taliban] took Afghanistan with almost no conflict. I suspect this is because they convinced everyone they would win before they showed up.

The write up contains links and additional detail. Consult the source document for this information. I am not sure how long the post will remain up, nor do I anticipate that it will receive wide distribution.

Stephen E Arnold, August 17, 2021

Europe: Privacy Footnote

If you are not familiar with Chatcontrol, there’s a mostly useful list of resources on the Digital Human Rights blog. The article “Messaging and Chat Control” offers some context as well as a foreshadowing of the possible trajectory of this EU initiative.

The Chatcontrol legislation meshes with Apple’s recent statement that it would be more proactive and transparent about its monitoring activity. You can get a sense of this action in “Expanded Protections for Children.”

A schism exists between those who want to move whatever content is of interest freely. On the other side of the gap are those who want to put controls on digital content flow.

Observations I noted on a flight home from Washington, DC Monday, August 10, 2021, included:

• Digital content flows accelerate and facilitate some unpleasant facets of human behavior. Vendors have done little since the dawn of “online” to manage corrosive bits. Is this now a surprise that after 50 years, elected officials are trying to take action.
• The failure to regulate has been a result of generate misunderstanding of the nature of unfettered digital information flows. As I have pointed out, digital content works exactly like glass beads propelled at a rusted fender. Once the rust is gone, keeping the nozzle aimed at the fender blasts the fender away as well. Hence, we have the social fabric in its present and rapidly deteriorating condition.
• One property of digital information is that those with expertise in digital information can innovate. Thus, there will be workarounds. Some of these will be deployed more rapidly than the filtering and control mechanisms can be updated. I point this out because once a control system is imposed, it becomes increasingly difficult and expensive to keep in tip top shape.

Net net: China has been the pace-setter in this approach to digital information. How easy is it to sketch the trajectory of these long-overdue actions? That’s an interesting question to ponder after a half century to stumble into the school room with a mobile phone and a perception that the online equipped person is a wizard.

Stephen E Arnold, August 11, 2021

NSO Group: Origins

I read “Israel Tries to Limit Fallout from the Pegasus Spyware Scandal.”

I noted this statement which is has been previously bandied about:

Israel has been trying to limit the damage the Pegasus spyware scandal is threatening to do to France-Israel relations. The Moroccan intelligence service used the software, made by an Israeli company with close ties to Israel’s defense and intelligence establishments, to spy on dozens of French officials, including fourteen current and former cabinet ministers, among them President Emmanuel Macron and former prime minister Edouard Phillipe.

The write up reports:

There were reasons for Macron’s irritation: The NSO Group was established in 2009 by three Israelis — Niv Carmi, Shalev Hulio, and Omri Lavie. Contrary to popular belief, the three were not veterans of the vaunted Unit 8200, the IDF’s signal intelligence branch (although many of the company’s employees are). It is generally accepted by intelligence services around the world that many Israeli high-tech companies share information they glean from their contracts abroad with the Israeli security services, if they think such information is vital to Israel’s security (this is why the Committee on Foreign Investment in the United States, or CFIUS, has been reluctant to allow Israeli cyber companies access to the U.S. market).

Interesting.

Stephen E Arnold, August 11, 2021

Who Phoned Home Those Research Results?

A routine at universities with grant hungry tenure surfers works like this: Recruit smart grad students, gin up a magnetic research project, chase grants, and publish in a “respected” peer reviewed journal. A bonus is a TED Talk. Winner, right?

I read “A Tweet Cost Him His Doctorate: The Extent of China’s Influence on Swiss Universities.” The write up points out as allegedly really true:

Education is a key aspect of China’s global power strategy. The Chinese government wants to control the country’s image throughout the world. To this end, it exerts influence abroad, and has no compunction about engaging in repressive actions.

I am not affiliated with any university. I don’t do academic anything. I do pay attention, however, to what probably are irrelevant and minor factoids; for example:

ITEM: The participation of Chinese nationals in assorted University of Tennessee activities; for example, research associated with fission and fusion with field trips to interesting places

ITEM: The number of Chinese professionals’ names appearing on papers related to smart software with possible relevance to autonomous systems

ITEM: The confluence of a research center and a PhD student writing tweets someone in the Middle Kingdom does not appreciate.

Important items or not, the fate of a student in a Swiss university is sealed. The write up states:

Only a few people in Switzerland have sought to disclose and criticize Chinese attempts to influence universities here… Cooperation between Chinese and Swiss universities has expanded in recent years. The University of St. Gallen has 15 such agreements, almost twice as many as ETH Zurich. For the last eight years, St. Gallen has also been home to a «China Competence Center,» the aim of which is to «strengthen and deepen productive relations with China». 

The article points out:

Today, Gerber says starting to tweet was a mistake. The fact that he could lose three years of research work because of this still leaves him stunned. Yes, he was publicly critical of China, and once shared a cartoon that he would not share today. «But I didn’t do anything wrong,» he said. Gerber has now given up pursuit of his doctorate. «I don’t want to have to censor myself, certainly not in Switzerland,» he said. In the meantime, he has found a job that has nothing to do with China.

One question: What about American universities or a tour of ORNL?

Stephen E Arnold, August 9, 2021

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • Consulting Tips: How to Guide Group Thinking
  • Anthropic AI: New Allegations of Frisky Behavior
  • A Tool to Fool AI Detectors
  • Professional Publishing: An Issue at the Core of Mostly-Verifiable Research
  • Eric Schmidt, Truth Teller at Stanford University, Bastion of Ethical Behavior

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org