January 19, 2017
A prison librarian in England who purchased drugs and weapons over the Dark Web for supplying them to prisoners was sentenced to 7-years in prison.
The Register in a news report Prison Librarian Swaps Books for Bars After Dark-Web Gun Buy Caper says:
Dwain Osborne, of Avenue Road, Penge, in London, was nabbed in October of 2015 after he sought to procure a Glock 19 – a staple of police and security forces worldwide – and 100 rounds of ammunition on the dark web. A search of Osborne’s house revealed the existence of a storage device, two stolen passports, and a police uniform.
Osborne was under the impression that like other Dark Web actors, he too is untraceable. What made the sleuths suspicious is not known, however, the swift action and prosecution are commendable. Law enforcement agencies are challenged by this new facet of crime wherein most perpetrators manage to remain anonymous.
Most arrests related to the purchase of arms and drugs over Dark Web were result of undercover operations. However, going beyond this type of modus operandi is the need of the hour.
Systems like Apacke Teka seem to be promising, but it is premature to say how such kind of systems will evolve and most importantly, will be implemented.
Vishal Ingole, January 19, 2017
January 16, 2017
I read “How Autonomy Fooled Hewlett-Packard.” The article was written by Jack T. Cielsielski, who is president of R.G. Associates, Inc. in Baltimore, Maryland. Mr. Ciesielski’s company publishes “The Analyst’s Accounting Observer, which is described as “a research service for institutional investors.” The company offers this example return on a $1 million investment:
The caption for the chart is “All performance data is net of advisory fees. 3, 5, 10 year returns are annualized total returns. Inception is the annualized total return since 12/31/1992. S&P 500 Total Return sourced from www.standardandpoors.com. Past performance is not indicative of future results.”
I am not sure if the write up is a Fortune-edited article, a Fortune-commissioned article, or an inclusion in Fortune which an entity purchased. For the purposes of Beyond Search, I will assume that the article is an example of “real” reporting and spot on in its objectivity and accuracy. I recognize that depending on where one sits and the tools and information available will affect what one perceives. This is the viewshed problem, which is illustrated below. Each color shows what the respective observer “sees.”
I was interested in the write up because the legal dispute between the “old” Hewlett Packard and executives of Autonomy is on going. Obviously neither Mr. Ciesielski Fortune does not want to find itself in the legal crossfire. My assumption is, therefore, that Fortune’s “real” journalists have figured out some of the nuances of the HP-Autonomy matter. I would point out that these nuances were overlooked or misinterpreted by HP’s executives, Board members, advisers, lawyers, and accountants. Too bad neither HP nor Autonomy had Fortune-caliber experts assisting when the $11 billion deal was conceived, executed, understood, and prosecuted. Some outfits have smarter, more thorough investigators, researchers, and analysts.
The write up points out that the former top dog of Autonomy USA (Christopher Egan) had to pay $800,000 in November 2016 he garnered from the HP buy out. The prime mover in this check writing was the US Securities & Exchange Commission. The Fortune article states:
HP relied on figures he had helped inflate. The facts of the case are now public.
Here’s the method used by Autonomy as reported by Fortune:
Autonomy’s UK-based senior managers directed a program swelling revenues by almost $200 million. Autonomy sold its software through “value-added” resellers, legitimate businesses providing additional services and support to product end users while also selling Autonomy’s software. Just five resellers, in 30 transactions, provided services to Autonomy that couldn’t be called legitimate.
January 3, 2017
I read “Good Luck in Making Google Reveal Its Algorithm.” The title is incorrect. I think the word I expected was “algorithms and administrative interfaces.” The guts of Google’s PageRank system appear in the PageRank patent assigned to the Stanford Board of Directors. Because the “research” for PageRank is based in part on a US government grant, the PageRank method discloses the basic approach of the Google. If one looks at the “references” to other work, one will find mentions of Eugene Garfield (the original citation value wizard), the IBM Almaden Clever team, and a number of other researchers and inventors who devised a way to figure out what’s important in the context of linked information.
What folks ignore is that it is expensive to reengineer the algorithmic plumbing at an outfit like Google. Think in terms of Volkswagen rewriting its emissions code and rebuilding its manufacturing plants to produce non cheating vehicles. That’s the same problem the Google has faced but magnified by the rate at which changes have been required to keep the world’s most loved Web search system [a] working, [b] ahead of the spoofers who can manipulate Mother Google’s relevance ranking, [c] diverse content including videos and the social Plus stuff, and [d] mobile.
The result is that Google has taken its Airstream trailer and essentially added tailfins, solar panels, and new appliances; that is, the equivalent of a modern microwave instead of the old, inefficient toaster oven. But the point is that the Google Airstream is still an Airstream just “new and improved.”
The net net is that Google itself cannot easily explain what happens within the 15 years and ageing fast relevance Airstream. Outsiders essentially put up content, fiddle with whatever controls are available, and then wait to see what happens when one runs a query for the content.
The folks driving the Ford F-150 pulling the trailer have controls in the truck. The truck has a dashboard. The truck has extras. The truck has an engine. The entire multi part assemble is the Google search system.
The point is that Google’s algorithm is not ONE THING. It is a highly complex system, and there are not many people around who know the entire thing. The fact that it works is great. Sometimes, however, the folks driving the Ford F 150 have to fiddle with the dials and knobs. That administrative control panel is hooked to some parts of the gear in the Airstream. Other dials just do things to deal with what is happening right now. Love bugs make it hard to see out of the windscreen, so the driver squirts bug remover fluid and turns on the windshield wipers. The Airstream stuff comes along for the ride.
The article cited above explains that Google won’t tell a German whoop-de-doo how it works. Well, the author has got the “won’t tell” part right. Even if Google wanted to explain how its “algorithm” works, the company would probably just point to a stack of patents and journal articles and say, “There you go.”
The write up states:
We know that search results – and social media news feeds – are assembled by algorithms that determine the websites or news items likely to be most “relevant” for each user. The criteria used for determining relevance are many and varied, but some are calibrated by what your digital trail reveals about your interests and social network and, in that sense, the search results or news items that appear in your feed are personalized for you. But these powerful algorithms, which can indeed shape how you see the world, are proprietary and secret, which is wrong. So, Merkel argues, they should be less opaque.
The article also is correct when it says:
So just publishing secret stuff doesn’t do the trick. In a way, this is the hard lesson that WikiLeaks learned.
The write up uses Google as a whipping post. The issue is not math. The issue is the gap between those who use methods that are “obvious” and those who look for fuzzy solutions. Why not focus on other companies which use “obvious” systems and methods? Answer: Google is a big, fat, slow moving, predictable, ageing target.
Convenient for real journalists. Oh, 89 percent of this rare species does their research via Google, clueless about how the sausage is made. Grab those open source documents and start reading.
Stephen E Arnold, January 4, 2016
December 21, 2016
We trust that government Web sites are safe and secure with our information as well as the data that keeps our countries running. We also expect that government Web sites have top of the line security software and if they did get hacked, they would be able to rectify the situation in minutes. Sadly, this is not the case says Computer World, because they posted an article entitled, “A Black Market Is Selling Access To Hacked Government Servers For $6.”
If you want to access a government server or Web site, all you need to do is download the Tor browser, access the xDedic marketplace on the Dark Web, and browse their catalog of endless government resources for sale. What is alarming is that some of these Web sites are being sold for as little as six dollars!
How did the xDedic “merchants” get access to these supposed secure government sites? It was through basic trial and error using different passwords until they scored a hit. Security firm Kaspersky Lab weighs in:
It is a hacker’s dream, simplifying access to victims, making it cheaper and faster, and opening up new possibilities for both cybercriminals and advanced threat actors,’ Kaspersky said.
Criminal hackers can use the servers to send spam, steal data such as credit card information, and launch other types of attack…Once buyers have done their work, the merchants put the server back up for sale. The inventory is constantly evolving.
It is believed that the people who built the xDedic are Russian-speakers, possibly from a country with that as a language. The Web site is selling mostly government site info from the Europe, Asia, and South America. The majority of the Web sites are marked as “other”, however. Kaspersky track down some of the victims and notified them of the stolen information.
The damage is already done. Governments should be investing in secure Web software and testing to see if they can hack into them to prevent future attacks. The Dark Web scores again.
Whitney Grace, December 21, 2016
December 19, 2016
I love IBM, Big Blue, creator of Watson. Watson, as you may know, is a confection consisting of goodies from IBM’s internal code wizards, acquired technologies like the instantly Big Data friendly Vivisimo, and Lucene. Yep, like Attivio and many other “search” vendors, open source Lucene is the way to reduce the costs for basic information retrieval.
I assume you know about OpenLava, which is an open source system for managing certain types of IBM systems. The Open Lava Web page here states:
With an active community of users and developers, OpenLava development is accelerating, delivering high-quality implementations of important new features including:
- Fair-share scheduling – allocate resources between users and groups according to configurable policies
- Job pre-emption – Ensure that critical users, jobs and groups have the resources they need – when they need them
- Docker support – Providing application isolation, fast service deployment and cloud mobility
- Cloud & VM friendly auto-scaling – Easily add or remove cluster nodes on the fly without cluster re-configuration
These features are in addition to the many advanced capabilities already in OpenLava including job arrays, run-windows, n-way host failover, job limits, dependencies for multi-step workflows, parallel job support and much more.
I read “OpenLava under IBM Attack.” I believe everything I read on the Internet. The write up explains that that Big Blue wants the OpenLava open source code removed. The write up states:
IBM claims that the versions of OpenLava starting from 3.0 infringe their copyright
and that some source code have been stolen from them, copied, or otherwise taken
from their code base.
- The folks involved with OpenLava did knowingly and intentionally rip off IBM’s software, and the marketer of Watson and its open source tinged Watson is taking a logical and appropriate action against the open source alternative to IBM’s own management software
- IBM is unhappy with OpenLava’s adoption by IBM customers. IBM customers should buy only software from IBM-authorized sources. Other old school enterprise software companies have this philosophy too.
- There is a failure to communicate. OpenLava is not making its case understandable to the outfit poised to hire 25,000 more employees and IBM is not making itself clear to the crafty folks at OpenLava.
I don’t have a dog in the fight. But I find it interesting that IBM Watson with its Lucene tinged capabilities is finding open source distasteful in some circumstances.
Life was far simpler when open source projects were more malleable. Next stop? The legal eagles’ nests.
Stephen E Arnold, December 19, 2016
December 18, 2016
The article titled Ricochet Uses Power of the Dark Web to Help Journalists, Sources Dodge Metadata Laws on The Age announces the completion of a formal security audit that gives would-be users of the software the go-ahead. Ricochet is secure messaging resource intended to enable whistleblowers and human rights activists to communicate with journalists without fear of being exposed. The article explains,
Ricochet… would be able to deliver a level of security and anonymity that isn’t possible with current messaging software, including Wickr — the self-destructing message platform… “The key difference between Ricochet and anything else that’s out there is that it does not use a server. It uses the same technology that ran Silk Road, it uses dark web technology,” Mr Gray said, referring to the notorious online black on which drug dealers thrived until the FBI shut it down in November 2014.
The article does address concerns that software such as this might be useful to terrorist operations in addition to its stated purpose. The makers point out that Ricochet is designed for one-on-one communication, which is not very appealing to the terrorists who have been more focused on reaching many people to coordinate their activities. At the same time, they accept that it might be used by a criminal element and state that such uses don’t negate the positive potential of the software.
Chelsea Kerwin, December 18, 2016
December 16, 2016
Because individual nations are having spotty success fighting dark-web-based crime, the United Nations is stepping up. DeepDotWeb reports, “UN Trying to Find Methods to Stop the Dark Web Drug Trade.” The brief write-up cites the United Nation’s Office on Drugs and Crime’s (UNODC’s) latest annual report, which reveals new approaches to tackling drugs on the dark web. The article explains why law-enforcement agencies around the world have been having trouble fighting the hidden trade. Though part of the problem is technical, another is one of politics and jurisdiction. We learn:
Since most of the users use Tor and encryption technologies to remain hidden while accessing dark net marketplaces and forums, law enforcement authorities have trouble to identify and locate their IP addresses. …
Police often finds itself trapped within legal boundaries. The most common legal issues authorities are facing in these cases are which jurisdiction should they use, especially when the suspect’s location is unknown. There are problems regarding national sovereignties too. When agencies are hacking a dark net user’s account, they do not really know which country the malware will land to. For this reason, the UNODC sees a major issue when sharing intelligence when it’s not clear where in the world that intelligence would be best used.
The write-up notes that the FBI has been using tricks like hacking Dark Net users and tapping into DOD research. That agency is also calling for laws that would force suspects to decrypt their devices upon being charged. In the meantime, the UNODC supports the development of tools that will enhance each member state’s ability to “collect and exploit digital evidence.” To see the report itself, navigate here, where you will find an overview and a link to the PDF.
Cynthia Murrell, December 16, 2016
December 16, 2016
While the mainstream media believes that the Dark Web is full of dark actors, research by digital security firms says that most content is legal. It only says one thing; the Dark Web is still a mystery.
The SC Magazine in an article titled Technology Helping Malicious Business on the Dark Web Grow says:
The Dark Web has long had an ominous appeal to Netizens with more illicit leanings and interests. But given a broadening reach and new technologies to access this part of the web and obfuscate dealings here, the base of dark web buyers and sellers is likely growing.
On the other hand, the article also says:
But despite its obvious and well-earned reputation for its more sinister side, at least one researcher says that as the dark web expands, the majority of what’s there is actually legal. In its recent study, intelligence firm Terbium Labs found that nearly 55 percent of all the content on the dark web is legal in nature, meaning that it may be legal pornography, or controversial discussions, but it’s not explicitly illegal by U.S. law.
The truth might be entirely different. The Open Web is equally utilized by criminals for carrying out their illegal activities. The Dark Web, accessible only through Tor Browser allows anyone to surf the web anonymously. We may never fully know if the Dark Web is the mainstay of criminals or of individuals who want to do their work under the cloak of anonymity. Till then, it’s just a guessing game.
Vishal Ingole, December 16, 2016
December 15, 2016
Incidences of law enforcement agencies arresting criminals for selling their services on Dark Web are increasing. However, their success can be attributed to the foolishness of the criminals, rather than technological superiority.
Cyber In Sight in a news report titled IcyEagle: A Look at the Arrest of an Alleged Dark Web Vendor, the reporter says:
the exact picture of how law enforcement has managed to track down and identify Glende remains unclear, the details released so far, provide an interesting behind the scenes view of the cybercrime-related postings we often highlight on this blog.
The suspect in this case inadvertently gave details of his service offerings on AlphaBay. Cops were able to zero on his location and managed to put him under arrest for drug peddling. The report reveals further:
An undercover officer purchased stolen bank account information from IcyEagle in March and April 2016, according to the indictment. Interestingly, Glende was also arrested by local police for selling drugs around the same time. A tip from U.S. Postal Inspectors led to police officers finding a “trove” of drugs at his Minnesota home in March.
It is thus apparent that the criminals, in general, are of the opinion that since they are selling on Dark Web, they are untraceable, which clearly is not the case. The trace, however, was possible only because the suspect handed it over himself. Hackers and real cyber criminals are still out of the ambit of law enforcement agencies, which needs to change soon.
Vishal Ingole, December 15, 2016
December 14, 2016
I remember a time, long ago, when my family was confident that newspapers and TV reporters were telling us most of the objective facts most of the time. We also had faith that, though flawed human beings, most representatives in Congress were honestly working hard for (what they saw as) positive change. Such confidence, it seems, has gone the way of pet rocks and parachute pants. The Washington Examiner reports, “Fishwrap: Confidence in Newspapers, TV News Hits Bottom.” The brief write-up gives the highlights of a recent Gallup survey. Writer Paul Bedard tells us:
Gallup found that just 20 percent have confidence in newspapers, a 10-point drop in 10 years. TV news saw an identical 10-point drop, from 31 percent to 21 percent. But it could be worse. Of all the institutions Gallup surveyed on, Congress is at the bottom, with just 9 percent having confidence in America’s elected leaders, a finding that is clearly impacting the direction and tone of the 2016 elections. And Americans aren’t putting their faith in religion. Gallup found that confidence in organized religion dropped below 50 percent, to an all-time low of 41 percent.
Last decade’s financial crisis, the brunt of which many are still feeling, has prompted us to also lose faith in our banks (confidence dropped from 49 percent in 2006 to just 27 percent this year). There is one institution in which Americans still place our confidence—the military. Some 73 percent of are confident of that institution, a level that has been constant over the last decade. Could that have anything to do with the outsized share of tax revenue that segment consistently rakes in? Nah, that can’t be it.
Cynthia Murrell, December 14, 2016