CyberOSINT banner

Facebook Faces French Frippery

February 12, 2016

Facebook and its privacy and information policies are under scrutiny in France. Unlike the US and other countries, French regulators can be a frisky bunch. I recall an incident involving a certain Russian who operated in an interesting manner. If recollection serves, the French authorities kept pecking and pecking and finally chewed the feet off the alleged wrong doer. Persistence and institutional coordination are different in the land of more than 200 types of cheese.

French Data Privacy Regulator Cracks down on Facebook” reports that the social media outfit has 90 days to “stop tracking non users’ Web activity without their consent.”

This begs the question, “Then what?”

Two things. France will cheerlead for actions against Facebook from its EC colleagues.

Plus the French bureaucracy, the outfit which “invented red tape,” will swing into action. This is often not a good thing. I recall a French born French citizen who had to display her great grandfather’s medal of honor to clear up a citizenship inquiry. The nifty part of this anecdote is that a letter from the president of France to her grandfather was not enough. The picture verified that the grandfather and the French president were shaking hands at the award ceremony. That’s bureaucratic attentiveness in action.

Facebook faces French friskiness in the institutional playground. At least, lunches are usually pretty good. That’s a benefit for the legal eagles who will flock to answer the “then what?” question.

Stephen E Arnold, February 12, 2016

Dark Web Crime Has Its Limits

February 12, 2016

The Dark Web is an intriguing and mysterious phenomenon, but rumors about what can be found there are exaggerated. Infomania examines what is and what is not readily available in that murky realm in, “Murder-for-Hire on the Dark Web? It Can’t Be True!

Anonymity is the key factor in whether certain types of criminals hang out their shingles on the TOR network. Crimes that can be more easily committed without risking identification include drug trafficking, fraud, and information leaks.  On the other hand, contract assassins, torture-as-entertainment, and human trafficking are not actually to be found, despite reports to the contrary. See the article for details on each of these, and more. The article cites independent researcher Chris Monteiro as it summarizes:

The dark web is rife with cyber crime. But it’s more rampant with sensationalized myths about assassination and torture schemes — which, as Chris can attest, simply aren’t true. “What’s interesting is so much of the coverage of these scam sites is taken at face value. Like, ‘There is a website. Therefore its contents must be true.’ Even when mainstream media picks it up, very few pick it up skeptically,” he says.

Take the Assassination Market, for example. When news outlets got wind of its alleged existence in 2013, they ran with the idea of “Murder-for-hire!!” on the Internet underground. Although Chris has finally demonstrated that these sites are not real, their legend lives on in Internet folklore. “Talking about the facts — this is how cybercrime works, this is how Tor and Bitcoin work — is a lot less sexy than saying, ‘If you click on the wrong link, you’ll be kidnapped, and you’ll end up in a room where you’ll be livestreamed, murdered, and you’re all over the internet!’” Chris says. “All I can do is point out what’s proven and what isn’t.”

So, next time someone spins a scary tale about killers-for-hire who are easily found online, you can point them to this article. Yes, drug trafficking, stolen data, and other infractions are big problems associated with the Dark Web, but let us not jump at shadows.


Cynthia Murrell, February 12, 2016

Sponsored by, publisher of the CyberOSINT monograph

Google Versus Russia: Does Google Have SU 35 Capabilities?

February 6, 2016

I read “Kremlin Considering Google Tax on Technology Services.” The article suggests that Russia may tax online services. The services named include Google, Facebook, and Apple. I know that Facebook works hard to avoid certain conflicts. Apple has its hands full with the specter of not having any hot products in 2016. So the Google?

The world’s most valuable company may have to pay more than a UK “get out of jail” fine if the write up is accurate. I learned from the “real” news source:

Klimenko, an early Russian Internet innovator, was appointed as President Vladimir Putin’s Internet adviser in December.  His suggestion of a kind of value-added tax on technology services in Russia comes only days after he asserted that Google, Facebook, and other social-media companies will be blocked in Russia “sooner or later” if they do not comply with a law enacted in August requiring them to locate facilities that store Russia data in Russia. And it comes after Russian news agencies reported that Putin on January 29 signed an executive order asking federal agencies to work with Klimenko on amending legislation to ensure equal operating conditions for companies within Russia with respect to the Internet.

Google may get a chance to demonstrate its potency if Russia boosts taxes. I recall that Mr. Brin’s space flight did not work out. Will this new chess match result in Google’s sitting on the sidelines in Russia?

Worth monitoring. Now about that source and its “real” journalists? Nah, never mind.

Stephen E Arnold, February 6, 2016

The Encrypted Enterprise Search

February 3, 2016

Another enterprise software distributor has taken the leap into a proprietary encrypted search engine.  Computer Technology Review informs us that “VirtualWorks Releases Its Encrypted Enterprise Search Platform ViaWorks Built On Hitachi Technology.”  VirtualWorks’s enterprise search platform is called ViaWorks and the company’s decision to release an encrypted search engine comes after there has been a rise in data security breaches as well as concern about how to prevent such attacks.  We will not even mention how organizations want to move to the cloud, but are fearful of hacking.  More organizations from shopping in person on the Internet, banking, healthcare, government, and even visiting a library use self-service portals that rely on personal information to complete tasks.  All of these portals can be hacked, so trade organizations and the government are instituting new security measures.

Everyone knows, however, that basic rules and a firewall are not enough to protect sensitive information.  That is why companies like VirtualWorks stay one step ahead of the game with a product like ViaWork built on Hitachi’s Searchable Encryption technology.  ViaWorks is a highly encrypted platform that does not sacrifice speed and accuracy for security

“ViaWorks encrypted enterprise search features are based on AES, a worldwide encryption standard established by NIST; special randomization process, making the encrypted data resistant to advanced statistical attacks; with key management and encryption APIs that store encryption keys securely and encrypt the original data.  ViaWorks provides key management and encryption APIs that store encryption keys securely and encrypt the original data, respectively. Users determine which field is encrypted, such as index files, search keyword or transaction logs.”

VirtualWorks already deployed ViaWorks in beta tests within healthcare, government, insurance, and finance.  Moving information to the cloud saves money, but it presents a security risk and slow search.  A commercial encrypted search engine paired with cloud computing limits the cyber risk.


Whitney Grace, February 3, 2016
Sponsored by, publisher of the CyberOSINT monograph

UK Tax and Google: Cue Sinatra Singing Regrets, I Have a Few

February 2, 2016

This corporate tax thing is pretty exciting. I recall that in some of my early jobs, corporate taxes were mostly routine. Halliburton had a system, and it seemed to work in a swell way.

I read “Google Tax Deal ‘Not a Glorious Moment’, says Minister.” According to the write up:

Business secretary Sajid Javid says he shared Britons’ sense of injustice as criticism grows of agreement with tech firm.

Confused? I am. The “real” news story revealed:

The admission by the business secretary, Sajid Javid, came as a senior executive from Google claimed he could not say how much UK profit has been generated by the technology firm in the past decade, or how many meetings had been held between the company’s executives and ministers. It follows the announcement nine days ago that the government came to an agreement with Google in which £130m will be paid in back taxes covering the past decade.

I thought that Googlers used Google’s cloud services for calendaring, spreadsheets, and the like. I thought that it was easy for Google services users to check out who met whom and when. I thought is was pretty easy to set up an updating spreadsheet which calculated the tax owed on certain revenue items.

I obviously was wrong. That happens a lot.

The British government which strives to appear organized is apparently confused. I learned:

Peter Barron, head of communications at Google across Europe, told the Andrew Marr Show he could not answer questions about Google’s profits over the past decade despite reports that it had made £7.2bn and therefore is paying less than 3% in corporation tax on its UK profits.

The sums strike me as trivial. For example, I learned:

Google is expected to announce on Monday that it has amassed £30bn of profits from non-US sales in Bermuda, where companies are not liable to pay corporation tax. The UK is Google’s largest non-US market, accounting for 11% of its global revenues, according to documents filed in America. The Observer revealed that the UK government has been privately lobbying the EU to remove Bermuda from an official blacklist. Barron said the arrangement in Bermuda had no impact on the amount of tax it pays in the UK. “It’s very, very important to make it clear that the Bermuda arrangement has absolutely no bearing on the amount of tax that we pay in the UK. No bearing whatsoever,” he said. When asked how much of the £30bn may have come from the UK, he said: “I don’t know the answer, I haven’t got the answer [at] my fingertips, except I would say that about 10% of global revenues come from the UK.”

Like Google’s position regarding the alleged problems with its self driving cars, humans are making problems. I believe it. Troublesome humans. Use algorithms.

Stephen E Arnold, February 2, 2016

Anonymity Not Always Secured for Tor and Dark Web Users

January 28, 2016

From the Washington Post comes an article pertinent to investigative security technologies called This is how the government is catching people who use child porn sites. This piece outlines the process used by the FBI to identify a Tor user’s identity, despite the anonymity Tor provides. The article explains how this occurred in one case unmasking the user Pewter,

“In order to uncover Pewter’s true identity and location, the FBI quietly turned to a technique more typically used by hackers. The agency, with a warrant, surreptitiously placed computer code, or malware, on all computers that logged into the Playpen site. When Pewter connected, the malware exploited a flaw in his browser, forcing his computer to reveal its true Internet protocol address. From there, a subpoena to Comcast yielded his real name and address.”

Some are concerned with privacy of the thousands of users whose computers are also hacked in processes such as the one described above. The user who was caught in this case is arguing the government’s use of such tools violated the Fourth Amendment. One federal prosecutor quoted in the article describes the search processes used in this case as a “gray area in the law”. His point, that technology is eclipsing the law, is definitely one that deserves more attention from all angles: the public, governmental agencies, and private companies.


Megan Feil, January 28, 2016

Sponsored by, publisher of the CyberOSINT monograph



Alphabet Google Android Revenue

January 22, 2016

I read “Google’s Android Generates $31 Billion Revenue, Oracle Says.” Who knows how accurate this “number” is, but I find it interesting because the “number” allegedly spins off $22 billion in profit.

My math is not too good. But I think it means that the Alphabet Google thing has more profit than costs when  it comes to Android. Numbers north of 200 percent strike me as okay.

The write up asserts:

An analysis of the search engine giant’s tightly held financial information was disclosed Jan. 14 by an Oracle attorney in the database maker’s lawsuit accusing Google of using its Java software without paying for it to develop Android. Google said in a court filing that the lawyer based her statement on information derived from its confidential internal financial documents. “Look at the extraordinary magnitude of commerciality here,” the Oracle attorney, Annette Hurst, told a federal magistrate judge as she discussed Android revenue and profit, which have never been publicly disclosed.

I wonder if Oracle perceives that the use of its Java technology has contributed to this revenue.

I think so. The write up states:

The five-year-old showdown between Google and Oracle has returned to U.S. District Judge William Alsup in San Francisco after a pit stop at the U.S. Supreme Court, where Google lost a bid to derail the case. The damages Oracle now seeks may exceed $1 billion since it expanded its claims to cover newer Android versions.

There is nothing like a flock of legal eagles circling alleged revenue to signal that spring is not far away. Yandex is grousing a bit about Android. Gee, I wonder why.

Stephen E Arnold, January 22, 2016

Data Discrimination Is Real

January 22, 2016

One of the best things about data and numbers is that they do not lie…usually.  According to Slate’s article, “FTC Report Details How Big Data Can Discriminate Against The Poor,” big data does a huge disservice to people of lower socioeconomic status by reinforcing existing negative patterns.  The Federal Trade Commission (FTC), academics, and activists have expressed for some time that big data analytics.

“At its worst, big data can reinforce—and perhaps even amplify—existing disparities, partly because predictive technologies tend to recycle existing patterns instead of creating new openings. They can be especially dangerous when they inform decisions about people’s access to healthcare, credit, housing, and more. For instance, some data suggests that those who live close to their workplaces are likely to maintain their employment for longer. If companies decided to take that into account when hiring, it could be accidentally discriminatory because of the radicalized makeup of some neighborhoods.”

The FTC stresses that big data analytics has positive benefits as well.  It can yield information that can create more job opportunities, transform health care delivery, give credit through “non-traditional methods, and more.

The way big data can avoid reinforcing these problems and even improve upon them is to include biases from the beginning.  Large data sets can make these problems invisible or even harder to recognize.  Companies can use prejudiced data to justify the actions they take and even weaken the effectiveness of consumer choice.

Data is supposed to be an objective tool, but the sources behind the data can be questionable.  It becomes important for third parties and the companies themselves to investigate the data sources, run multiple tests, and confirm that the data is truly objective.  Otherwise we will be dealing with social problems and more reinforced by bad data.

Whitney Grace, January 22, 2016
Sponsored by, publisher of the CyberOSINT monograph

Woman Fights Google and Wins

January 21, 2016

Google is one of those big corporations that if you have a problem with it, you might as well let it go.  Google is powerful, respected, and has (we suspect) a very good legal department.  There are problems with Google, such as the “right to be forgotten” and Australian citizens have a big bone to pick with the search engine.  Australian News reports that “SA Court Orders Google Pay Dr. Janice Duffy $115,000 Damages For Defamatory Search Results.”

Duffy filed a lawsuit against Google for displaying her name along with false and defamatory content within its search results.  Google claimed no responsibility for the actual content, as it was not the publisher.  The Australian Supreme Court felt differently:

“In October, the court rejected Google’s arguments and found it had defamed Dr Duffy due to the way the company’s patented algorithm operated.  Justice Malcolm Blue found the search results either published, republished or directed users toward comments harmful to her reputation.  On Wednesday, Justice Blue awarded Dr Duffy damages of $100,000 and a $15,000 lump sum to cover interest.”

Duffy was not the only one who was upset with Google.  Other Australians filed their own complaints, including Michael Trkulja with a claim search results linked him to crime and Shane Radbone sued to learn the identities of bloggers who wrote negative comments.

It does not seem that Google should be held accountable, but technically they are not responsible for the content.  However, Google’s algorithms are wired to bring up the most popular and in-depth results.  Should they develop a filter that measures negative and harmful information or is it too subjective?


Whitney Grace, January 21, 2016
Sponsored by, publisher of the CyberOSINT monograph


Meg Whitman Prediction: From Advocates of Quitting

January 15, 2016

I love predictions. Most folks forget the ones which do not materialize. The others get a moment of Internet fame and then die like day lilies.,

I read an interesting chunk of prognosticative fluff in “Meg Whitman Will Leave HP and 4 Other Predictions For 2016.”

The prediction is that Ms. Whitman will “declare victory” and head to a more halcyon place. Fortune asks, “Who could blame her?”

That’s nifty. A quitter. I suppose when one works at Fortune, the idea of quitting is a pretty attractive one.

Will Ms. Whitman depart? I don’t know. I do know that the litigation she spawned will continue through 2016 and probably years to come.

When she departs, the law firms dealing with her Autonomy allegations may give her a bouquet of —what?—day lilies?

Stephen E Arnold, January 15, 2016

Next Page »