Commercial Solutions for Government: A Path Forward

April 13, 2018

I often hear grumbling when I tell law enforcement and intelligence professionals to use commercial tools. Some LE and intel professionals are confident that open source tools like Maltego, a little midnight oil, and their in house technical staff can build a system better than commercial offerings. In my 50 year work career, that can happen. But it does not happen often. The 18f alternative to Squarespace is a good example of spending money for software which falls short of low cost, widely available commercial tools.

Cybercrime has become a serious hurdle for police. It seems that under-funded departments and agencies find that procurement cycles and technological advances by bad actors combine to make certain tasks difficult. We noted the PC Magazine story, “Feds Bust Black Market Forum Behind $530M in Cybercrimes.”

According to the article:

“The Department of Justice on Wednesday announced the indictments of 36 suspects allegedly responsible for the black market Infraud forum, which sold stolen credit card details, malware, and information that could be used for identity theft, including Social Security numbers.”

This is a win for cybercrime cops. Several of the American suspects have been arrested and several more international criminals are being extradited. However, we believe that only the private sector can adequately combat clever cybercrime. We recently heard about what seems to be a positive plan from Entrepreneur magazine.

Google’s new Chronicle cyber security company may offer LE a useful tool. The specialty for Chronicle is Zero Day Attacks, which are those sneaky cyber attacks that happen instantly—unlike ransomware, for example. This is just one small piece of a massive private sector puzzle that can help put cybercrime under control for good.

Combine the capabilities of Google with Recorded Future (a company in which Google has a stake), and the open source alternatives may come up short.

Patrick Roland, April 13, 2018

Yikes! Google Kiddie YouTube a Target

April 12, 2018

I thought Google and its kiddie YouTube had figured out how to show age appropriate videos to children. If the information in the story “Child Advocates Ask FTC to Investigate YouTube” is accurate, the GOOG may face some PR challenges. Nothing is quite as volatile as an online advertising site displaying videos which can be perceived as inappropriate. Because the write up is branded “AP” which once meant Associated Press, I am unwilling to quote from the write up. If my understanding of the assertions in the “news” story are accurate, I recall learning:

  • “Child advocate groups” — no, I don’t know what outfits these are — want Google to be “investigated.”
  • Google apparently profits from showing ads to children. (Who knew?)
  • Google has an app but it is not too popular with parents. (I don’t know who does not use the app because the AP story did not tell me as I recall.)
  • Google has channels aimed at children. One of these may be named ChuChuTV. (Nifty spelling of “choo”.)
  • Advertisers can get access to children but if the child says, “Googzilla, I am not 13” some content is blocked. (If I were a child, I would probably figure out how to get access to the video about unicorn slime pretty quickly.)

Among the entities I recall seeing identified in the article are:

  • Georgetown University law clinic
  • Jeff Chester, The Center for Digital Democracy
  • Josh Golin, Campaign for a Commercial Free Childhood
  • Senator Edward Markey
  • Juliana Gruenwald Henderson, an FTC professional
  • Kandi Parsons, once an FTC lawyer

What’s missing? Links, examples of bad videos, data about what percent of kiddie YouTube programming is objectionable, and similar factual data.

I don’t want to be suspicious, but regardless of filtering method, some content may be viewed as offensive because subjective perception is not what smart software does well at this point in time.

In March 2018 I was appointed to a Judicial Commission focused on human trafficking and child sex abuse. My hope is that the documents and data which flow to me do not include assertions without specific entities being identified or with constraints that make me fearful of quoting from these documents in my writings.

After 50 years of professional work, I am not easily surprised. Therefore, I am not surprised that online ad vendors similar to Google  would focus on generating revenue. I am not surprised that videos vetted by smart software may make mistakes when “close enough for horseshoes” or “good enough” thresholds may be implemented for decision making. I am not surprised that individuals who spend time watching kiddie videos find content which is inappropriate.

Perhaps follow up stories from the “Associated Press” will beef up the details and facts about Google’s problems with kiddie YouTube. Quotes from folks are what “real” journalists do. Links, facts, and data are different from quotes. Make enough phone calls, and one can probably get a statement that fits the “real” news template.

Net net: I think more specifics would be helpful particularly if the goal is to find Google “guilty” of breaking a law, wrong doing, or some other egregious behavior. For now, however, the matter warrants monitoring. Accusations about topics like trafficking and child sex abuse and related issues are inflammatory. Quotes don’t cut it for me.

Stephen E Arnold, April 12, 2018

Now That Craigslist Censors Content Where Will That Info Go?

March 27, 2018

Short honk: I read in Newsweek (sorry, The Daily Beast) this story: “The New Law That Killed Craigslist’s Personals Could End the Web As We’ve Known It.” Like many write ups, the main point for The Daily Beast write up strikes me as:

Under current law, the site can’t be held legally liable if someone uses veiled terms to solicit commercial sex—aka prostitution—through the Craigslist personals. But FOSTA will change that, opening up Craigslist (and every other digital platform) to serious legal and financial jeopardy should it accidently “promote” or “facilitate” prostitution.

What happens when censorship forces some content producers to find other communication channels? The research for my “Dark Web Notebook” suggests that some content producers will shift to hidden services; for example, peer to peer, encrypted chat system. Others will turn to the information leaking Dark Web. And a few will become innovators, cooking up new communication confections to dodge authorities.

In my upcoming lecture for some lawyers at a well known government agency, I emphasize that the cyber enforcement task is going to become much more difficult and quickly.

There are some fixes, and if you want to talk about this options, write darkcyber333 at yandex dot com for more information. (Yes, I have a nifty video conferencing system and a PayPal account.)

Stephen E Arnold, March 27, 2018

Is the UK Approach to Security a Pathfinder?

March 4, 2018

The United States Government may face a dilemma. Citizens want the Internet to be safer and more accurate. However, the government wants those citizens to solve that problem themselves. The idea of government policing of the internet upsets a lot of folks. However, maybe there is a way to make everyone happy. The United Kingdom thinks it has the solution for government internet policing, as we learned from a recent GCN article, “How the UK Created Her Majesty’s Cyber Service.”

According to the story, one of the many elements of this plan, include:

“DMARC deployment in the public sector, which will make it more expensive or riskier for attackers to spoof messages that appear to come from the government. Getting all government domains to use Domain-Based Message Authentication, Reporting and Conformance will demonstrate that the technology can be implemented at scale.”

However, it’ll be worth watching how these good intentions play out. Vietnam recently attempted to employ a similar internet policing strategy. Instead of employing a Great Firewall like China, the nation attempted has tried to respond when issues arise…and that’s not good. The Vietnamese government is unable to respond fast enough and the Washington Post is wondering whether their internet could actually fail. Strange crossroads many are at and worth monitoring.

What may be instructive is the UK’s approach. The Guardian story “MI5 Agents Can Commit Crime in UK, Government Reveals” indicates that Britain is making “exceptions” in order to fight crime. Which threat is larger: Criminals or legal authorities?

Patrick Roland, March 4, 2018

Shiver Me Timbers! Is this the End of Pirate Bay?

March 1, 2018

Admit it!  You, like millions of other people, have downloaded an illegal movie, music, book, or other media from Pirate Bay.  Is it illegal?  Yes.  Are you going to be charged?  Probably not.  Downloading illegal movies, music, books, and other media is not law enforcement’s top priority because they are more preoccupied with more dangerous crimes.  Online piracy has been dealt a serious blow and torrent sites like Pirate Bay may sink into the Internet’s briny deep.  Read the details in Express’ article, “End Of Pirate Bay? Torrent Sites Left Fearing 2018 Will ‘Kill’ Off Online Piracy.”

Pirate Bay has haunted the Internet ocean for over fifteen years and is a reliable staple for downloading the illegal content of all kind.  Law enforcement has tried to sink Pirate Bay and other torrent sites for years, but when one Web site is destroyed another pops up in its place.  A non-law enforcement entity will deal a blow to torrent sites: Google.  In 2018, Google will launch its new Chrome browser that features an ad-blocker.  The ad-blocker automatically blocks autoplay videos and other annoying pop-ups.  Why is this bad for torrent sites?

Torrent websites rely on the revenue they bring in from advertising, and the Chrome ad blocker has left some fearing if they’ll be able to carry on.  The owner of one torrent site, who did not want to be named, previously told TorrentFreak that the ad blocker could signal the end of torrents.  They said: ‘The torrent site economy is in a bad state. Profits are very low. Profits are f***** compared to previous years.  Chrome’s ad-blocker will kill torrent sites. If they don’t at least cover their costs, no one is going to use money out of his pocket to keep them alive.  I won’t be able to do so at least.’

Law enforcement agencies and governments have tried to halt online piracy for years.  As they have wised up to how torrent Web sites skirt the authorities and laws have changed to ensure takedowns, online piracy may be near its end.

Torrent Websites are nearly as old as the Internet.  It is hard to imagine the Internet without the more discoverable illicit activities compared to the Dark Web.  While Google Chrome and its ad-blocker may be the end for this generation of online piracy, give China, Russia, the Middle East, and Eastern European countries a few months.  They will come up with something and it will probably be on the Dark Web.

Whitney Grace, March 1, 2018

Digital Currencies: Now You Have It, Now You Do Not

February 2, 2018

We noted an interesting assertion in “Cryptocurrency ICOs: It’s Impossible to Police What You Can’t See.” The passage points attention to the ease with which initial coin offerings and tokens can be converted into “scams.” We noted:

ICOs have paved the way for so-called “exit scams,” in which fake companies launch an ICO and make off with investor proceeds. BitConnect is one of the latest companies which wound up its exchange operations, crashing the price of its BitConnect Coin (BCC) in the process. Investors were promised converted funds in BCC, but as their original investment had to be made in ETH, they have suffered countless losses as BCC’s value crashed and burned, leading many to believe the whole system was a scam — and one, unfortunately, which has cost its investors millions of dollars.

We loved this quote, attributed to Arianne King, managing partner and Solicitor Advocate of Al Bawardi Critchlow:

“It’s hard to police what you can’t even see.”

The Beyond Search DarkCyber research team would like to point out that modest strides have been made in deanonymizing some activities related to digital currencies.

The write up pointed out:

Investor cryptocurrency funds can be whisked away to multiple wallets and potentially “washed” through Dark Web services to become extremely difficult to track, and without cold, hard currency in a scammer’s bank account, little can be done.

Online is an interesting “environment,” fostering fake news, teen anxiety, and good old fashioned fraud.

Stephen E Arnold, February 2, 2018

AlphaBay Takedown Just One Chapter in Dark Web Saga

January 9, 2018

Did the takedown of AlphaBay last summer have much effect, or will black markets on the dark web carry on with business as usual? Both, according to Wired’s article, “The Biggest Dark Web Takedown Yet Sends Black Markets Reeling.” Writer Andy Greenberg details the immediate aftermath as customers of AlphaBay, the largest dark web marketplace in existence, frantically searched for other sources—apparently causing technical difficulties for two of the leading alternatives. He also notes the (reasonable) secrecy around just how the FBI pulled this off, causing other dark web vendors to wonder whether they will be next.

On the other hand, a robust demand for black market goods has been a fact of life for millennia, and that does not stop with AlphaBay’s defeat. Greenberg writes:

Even so, the chaos in the wake of AlphaBay’s disappearance shouldn’t deal a death blow to the dark web’s vibrant drug trade, or even cause much more than a temporary shakeup, says Carnegie Mellon’s Christin. He points to prior dark web crises like the 2013 takedown of the Silk Road, the bust of the Silk Road’s sequel site in late 2014, or the so-called ‘exit scam’ pulled by the dark web market Evolution in 2015, in which its administrators abruptly absconded with their patrons’ bitcoins. Each time, Christin points out, the dark web’s overall business took a temporary dive, but came roaring back more quickly after those setbacks and continued to grow as a whole. AlphaBay, for example, had more than 20 times as many product listings as the original Silk Road. (Some research has found that even bad news about the dark web markets only attracts more users to them.) And AlphaBay’s buyers and customers will eventually find a new home.

And so the adventure continues. What is next in the fight between law enforcement and dark web marketplaces? Stay tuned.

Cynthia Murrell, January 9, 2018

Dark Web Criminals Seek Alternatives to Bitcoin

January 8, 2018

Law enforcement has been getting better at using Bitcoin to track criminals on the dark web, so bad actors are exploring alternatives, we learn from the article, “Dark Web Finds Bitcoin Increasingly More of a Problem Than a Help, Tires Other Digital Currencies” at CNBC.

Reporter Evelyn Cheng writes:

In the last three years, new digital currencies such as monero have emerged in an effort to increase privacy. Unlike the open transaction record of bitcoin, monero’s technology hides the name of the sender, amount and receiver. A representative from monero did not respond to email and Twitter requests for comment. Monero hit a record high Monday of $154.58, up more than 1,000 percent this year, according to CoinMarketCap.

Digital currency ethereum is an increasing target for cybercrime as well, according to Chainalysis. Ethereum is up about 4,300 percent this year amid a flood of funds into the digital currency for initial coin offerings, which have raised the equivalent of nearly $1.8 billion in the last three years, CoinDesk data showed. Cybercriminals raised $225 million in ethereum so far this year, Chainalysis said in a report posted Aug. 7 on its website. Phishing attacks — disguised emails or other communication used to trick people into disclosing personal information — make up more than half of all ethereum cybercrime revenue this year at $115 million, the study said. The Ethereum Foundation did not return a CNBC request for comment.

Make no mistake, Bitcoin is still in the lead even with criminals—its popularity makes it easy to quickly convert with no third parties involved. As that popularity continues to increase and the currency becomes more mainstream, though, other options await.

Cynthia Murrell, January 8, 2018

Law Enforcement Do Not Like Smartphones

December 26, 2017

Smartphones and privacy concerns are always hot topics after mass shootings and terroristic acts.  The killers and terrorists always use their smartphones to communicate with allies, buy supplies, and even publicize their actions.  Thanks to these criminals, law enforcement officials want tech companies to build backdoors into phones so they can always can the information.  The remainder of the public does not like this.  One apple spoils the entire batch.  KPTV explains why smartphones are a problem in “Why Smartphones Are Giving Police Fits.”

After the recent mass shooting in Texas, police were unable to hack into the killer’s phone because of all the privacy software in place.  Law enforcement do not like this because they are unable to retrieve data from suspects’ phones.  Software developers insist that the encryption software is necessary for digital privacy, but police do not like that.  It holds up their investigations.

…it could take specialists weeks to unlock the phone and access material that may reveal the killer’s motive and other information.

 

The FBI’s first option is likely to pressure the device-maker to help access the phone, but if that won’t work they could try breaking into it. Sometimes “brute force” attacks aimed at methodically guessing a user’s passcode can open a device, though that won’t work with all phones.

Arora said the difficulty of breaking into the phone would depend on numerous factors, including the strength of the gunman’s passcode and the make and model of the phone. Police may have more options if it’s an Android phone, since security practices can vary across different manufacturers.

The tech companies, though, are out to protect the average person, especially after the Edward Snowden incident.  The worry is that if all smartphones have a backdoor, then it will be used for more harm than good.  It establishes a dangerous precedent.

Law enforcement, however, needs to do their jobs.  This is similar to how the Internet is viewed.  It is a revolutionary tool, but a few bad apples using it for sex trafficking, selling illegal goods, and child porn ruins it for the rest of us.

Whitney Grace, December 26, 2017

China Has an AI Police Station and That Is Not a Good Thing

December 12, 2017

The wave of things artificial intelligence can do is amazing. In China, they are even handling law enforcement with intelligent machines. While this might be a boon for efficiency, people like Stephen Hawking are not happy. We learned more from the Sanvada article, “Check Out The Artificial Intelligence-Powered Police Station in China.”

According to the story:

Recently China announced the opening of an AI-powered police station in Wuhan illustrating its plans to fully incorporate artificial intelligence as a functional part of its systems.

But the most interesting turn comes later, stating:

Artificial intelligence may not yet be up to the task. After all, not every case in the designated area will relate to car or driving related issues. Artificial intelligence has yet to be proven to have the capability of solving complex disputes. It may not use of all of the facts or comprehend the intricate dynamics of human relationships or the damage which can be caused to people whether it is in the case of molestation or rape and hence, may not have the sensitivity to deal with such scenarios.

We love the multitude of uses for AI but have to agree with the skepticism of Sanvada. One of the smartest people on the planet also agrees. Stephen Hawking recently commented that “AI could be the worst event in human history.” Let’s hope he’s not right and let’s hope wise guidance proves that AI police stations stay a novelty in the world of AI.

Patrick Roland, December 12, 2017

Next Page »

  • Archives

  • Recent Posts

  • Meta