Is Your Data up for Sale on Dark Web?

January 4, 2017

A new service has been launched in UK that enables users to find out if their confidential information is up for sale over the Dark Web.

As reported by Hacked in an article This Tool Lets You Scan the Dark Web for Your (Stolen) Personal Data, it says:

The service is called OwlDetect and is available for £3,5 a month. It allows users to scan the dark web in search for their own leaked information. This includes email addresses, credit card information and bank details.

The service uses a supposedly sophisticated algorithm that has alleged capabilities to penetrate up to 95% of content on the Dark Web. The inability of Open Web search engines to index and penetrate Dark Web has led to mushrooming of Dark Web search engines.

OwlDetect works very similar to early stage Google, as it becomes apparent here in the article:

This new service has a database of stolen data. This database was created over the past 10 years, presumably with the help of their software and team. A real deep web search engine does exist, however.

This means the search is not real time and is as good as searching your local hard drive. Most of the data might be outdated and companies that owned this data might have migrated to secure platforms. Moreover, the user might also have deleted the old data. Thus, the service just tells you that were you ever hacked or was your data was even stolen?

Vishal Ingole,  January 4, 2017

Legal Clarity Recommended for Understanding Cyberthreat Offense and Defense

January 2, 2017

Recently a conference took place about cybersecurity in the enterprise world. In the Computer World article, Offensive hackers should be part of enterprise DNA, the keynote speaker’s address is quoted heavily. CEO of Endgame Nate Fick addressed the audience, which apparently included many offensive hackers, by speaking about his experience in the private sector and in the military. His perspective is shared,

“We need discontinuity in the adoption cure,” Fick said, “but you can’t hack back. Hacking back is stupid, for many reasons not just that it is illegal.” He argued that while it is illegal, laws change. “Remember it used to be illegal to drink a beer in this country, and it was legal for a kid to work in a coal mine,” he said. Beyond the issue of legality, hacking back is, what Fick described as, climbing up the escalatory ladder, which you can’t do successfully unless you have the right tools. The tools and the power or ability to use them legally has historically been granted to the government.

Perhaps looking toward a day where hacking back will not be illegal, Fick explains an alternative course of action. He advocates for stronger defense and clear government policies around cybersecurity that declare what constitutes as a cyberthreat offense. The strategy being that further action on behalf of the attacked would count as defense. We will be keeping our eyes on how long hacking back remains illegal in some jurisdictions.

Megan Feil, January 2, 2017

Cybersecurity Technology and the Hacking Back Movement

December 19, 2016

Anti-surveillance hacker, Phineas Fisher, was covered in a recent Vice Motherboard article called, Hacker ‘Phineas Fisher’ Speaks on Camera for the First Time—Through a Puppet. He broke into Hacking Team, one of the companies Vice called cyber mercenaries. Hacking team and other firms sels hacking and surveillance tools to police and intelligence agencies worldwide. The article quotes Fisher saying,

I imagine I’m not all that different from Hacking Team employees, I got the same addiction to that electronic pulse and the beauty of the baud [a reference to the famous Hacker’s manifesto]. I just had way different experiences growing up. ACAB [All Cops Are Bastards] is written on the walls, I imagine if you come from a background where you see police as largely a force for good then writing hacking tools for them makes some sense, but then Citizen Lab provides clear evidence it’s being used mostly for comic-book villain level of evil. Things like spying on journalists, dissidents, political opposition etc, and they just kind of ignore that and keep on working. So yeah, I guess no morals, but most people in their situation would do the same. It’s easy to rationalize things when it makes lots of money and your social circle, supporting your family etc depends on it.

The topics of ethical and unethical hacking were discussed in this article; Fisher states the tools used by Hacking Team were largely used for targeting political dissidents and journalists. Another interesting point to note is that his evaluation of Hacking Team’s software is that it “works well enough for what it’s used for” but the real value it offers is “packaging it in some point-and-click way.” An intuitive user experience remains key.

Megan Feil, December 19, 2016

« Previous Page

  • Archives

  • Recent Posts

  • Meta