CyberOSINT banner

Meet the Company Selling Our Medical Data

July 22, 2016

A company with a long history is getting fresh scrutiny. An article at Fortune reports, “This Little-Known Firm Is Getting Rich Off Your Medical Data.” Writer Adam Tanner informs us:

“A global company based in Danbury, Connecticut, IMS  buys bulk data from pharmacy chains such as CVS , doctor’s electronic record systems such as Allscripts, claims from insurers such as Blue Cross Blue Shield and from others who handle your health information. The data is anonymized—stripped from the identifiers that identify individuals. In turn, IMS sells insights from its more than half a billion patient dossiers mainly to drug companies.

“So-called health care data mining is a growing market—and one largely dominated by IMS. Last week, the company reported 2015 net income of $417 million on revenue of $2.9 billion, compared with a loss of $189 million in 2014 (an acquisition also boosted revenue over the year). ‘The outlook for this business remains strong,’ CEO Ari Bousbib said in announcing the earnings.”

IMS Health dates back to the 1950s, when a medical ad man sought to make a buck on drug-sales marketing reports. In the 1980s and ‘90s, the company thrived selling profiles of specific doctors’ proscribing patterns to pharmaceutical marketing folks. Later, they moved into aggregating information on individual patients—anonymized, of course, in accordance with HIPAA rules.

Despite those rules, some are concerned about patient privacy. IMS does not disclose how it compiles their patient dossiers, and it may be possible that records could, somehow someday, become identifiable. One solution would be to allow patients to opt out of contributing their records to the collection, anonymized or not, as marketing data firm Acxiom began doing in 2013.

Of course, it isn’t quite so simple for the consumer. Each health record system makes its own decisions about data sharing, so opting out could require changing doctors. On the other hand, many of us have little choice in our insurance provider, and a lot of those firms also share patient information. Will IMS move toward transparency, or continue to keep patients in the dark about the paths of their own medical data?


Cynthia Murrell, July 22, 2016

Sponsored by, publisher of the CyberOSINT monograph

There is a Louisville, Kentucky Hidden Web/Dark
Web meet up on July 26, 2016.
Information is at this link:

Coveo Wins a Stevie. Congrats Coveo. What Is a Stevie?

July 21, 2016

The article titled Coveo Sweeps Early 2016 Awards Programs on Coveo promotes some of the many honors and recognitions that the Coveo company and its apps have earned. Among these is the Gold Stevie Award they earned for Sales and Customer Service through Coveo Reveal. The article details the competition for this prestigious yet unknown award,

“More than 2,100 nominations from organizations of all sizes and in virtually every industry were evaluated in this year’s competition, an increase of 11% over 2015. Finalists were determined by the average scores of 115 professionals worldwide, acting as preliminary judges. More than 60 members of several specialized judging committees determined the Gold, Silver and Bronze Stevie Award placements from among the Finalists during final judging.”

Coveo Reveal is the first cloud-based, machine leaning search platform for the enterprise. Its main users are customer service professionals, who are able to gain a stronger understanding of areas that can be improved in the overall search process. No surprise that it is winning awards, but we are unfamiliar with this Stevie recognition. According to the American Stevie Awards website, the award has been around since 2002 is named Stevie as in Stephen after the Greek derivation: “crowned.”


Chelsea Kerwin, July 21, 2016

Sponsored by, publisher of the CyberOSINT monograph

There is a Louisville, Kentucky Hidden Web/Dark
Web meet up on July 26, 2016.
Information is at this link:


Scholarship Evolving with the Web

July 21, 2016

Is big data good only for the hard sciences, or does it have something to offer the humanities? Writer Marcus A Banks thinks it does, as he states in, “Challenging the Print Paradigm: Web-Powered Scholarship is Set to Advance the Creation and Distribution of Research” at the Impact Blog (a project of the London School of Economics and Political Science). Banks suggests that data analysis can lead to a better understanding of, for example, how the perception of certain historical events have evolved over time. He goes on to explain what the literary community has to gain by moving forward:

“Despite my confidence in data mining I worry that our containers for scholarly works — ‘papers,’ ‘monographs’ — are anachronistic. When scholarship could only be expressed in print, on paper, these vessels made perfect sense. Today we have PDFs, which are surely a more efficient distribution mechanism than mailing print volumes to be placed onto library shelves. Nonetheless, PDFs reinforce the idea that scholarship must be portioned into discrete units, when the truth is that the best scholarship is sprawling, unbounded and mutable. The Web is flexible enough to facilitate this, in a way that print could never do. A print piece is necessarily reductive, while Web-oriented scholarship can be as capacious as required.

“To date, though, we still think in terms of print antecedents. This is not surprising, given that the Web is the merest of infants in historical terms. So we find that most advocacy surrounding open access publishing has been about increasing access to the PDFs of research articles. I am in complete support of this cause, especially when these articles report upon publicly or philanthropically funded research. Nonetheless, this feels narrow, quite modest. Text mining across a large swath of PDFs would yield useful insights, for sure. But this is not ‘data mining’ in the maximal sense of analyzing every aspect of a scholarly endeavor, even those that cannot easily be captured in print.”

Banks does note that a cautious approach to such fundamental change is warranted, citing the development of the data paper in 2011 as an example.  He also mentions Scholarly HTML, a project that hopes to evolve into a formal W3C standard, and the Content Mine, a project aiming to glean 100 million facts from published research papers. The sky is the limit, Banks indicates, when it comes to Web-powered scholarship.


Cynthia Murrell, July 21, 2016

Sponsored by, publisher of the CyberOSINT monograph

There is a Louisville, Kentucky Hidden Web/Dark
Web meet up on July 26, 2016.
Information is at this link:


Six Cybercriminal Archetypes from BAE Systems

July 11, 2016

Tech-security firm BAE Systems has sketched out six cybercriminal types, we learn from “BAE Systems Unmasks Today’s Cybercriminals” at the MENA Herald.  We’re told the full descriptions reveal the kinds of havoc each type can wreak, as well as targeted advice for thwarting them.  The article explains:

“Threat intelligence experts at BAE Systems have revealed ‘The Unusual Suspects’, built on research that demonstrates the motivations and methods of the most common types of cybercriminal. The research, which is derived from expert analysis of thousands of cyber attacks on businesses around the world. The intention is to help enterprises understand the enemies they face so they can better defend against cyber attack.”

Apparently, such intel is especially needed in the Middle East, where cybercrime was recently found to affect about 30 percent of organizations.  Despite the danger, the same study from PwC found that regional companies were not only unprepared for cyber attacks, many did not even understand the risks.

The article lists the six cybercriminal types BAE has profiled:

“The Mule – naive opportunists that may not even realise they work for criminal gangs to launder money;

The Professional – career criminals who ‘work’ 9-5 in the digital shadows;

The Nation State Actor – individuals who work directly or indirectly for their government to steal sensitive information and disrupt enemies’ capabilities;

The Activist – motivated to change the world via questionable means;

The Getaway – the youthful teenager who can escape a custodial sentence due to their age;

The Insider – disillusioned, blackmailed or even over-helpful employees operating from within the walls of their own company.”

Operating in more than 40 countries, BAE Systems is committed to its global perspective. Alongside its software division, the company also produces military equipment and vehicles. Founded in 1999, the company went public in 2013. Unsurprisingly, BAE’s headquarters  are in Arlington, Virginia, just outside of Washington DC.  As of this writing, they are also hiring in several locations.



Cynthia Murrell, July 11, 2016

Sponsored by, publisher of the CyberOSINT monograph

Publicly Available Information Is Considered Leaked When on Dark Web

July 7, 2016

What happens when publicly available informed is leaked to the Dark Web? This happened recently with staff contact information from the University of Liverpool according to an article, Five secrets about the Dark Web you didn’t know from CloudPro. This piece speaks to perception that the Dark Web is a risky place for even already publicly available information. The author reports on how the information was compromised,

“A spokeswoman said: “We detected an automated cyber-attack on one of our departmental online booking systems, which resulted in publically available data – surname, email, and business telephone numbers – being released on the internet. We take the security of all university-related data very seriously and routinely test our systems to ensure that all data is protected effectively. We supported the Regional Organised Crime Unit (TITAN) in their investigations into this issue and reported the case to the Information Commissioner’s Office.”

Data security only continues to grow in importance and as a concern for large enterprises and organizations. This incident is an interesting case to be reported, and it was the only story we had not seen published again and again, as it illustrates the public perception of the Dark Web being a playing ground for illicit activity. It brings up the question about what online landscapes are considered public versus private.


Megan Feil, July 7, 2016

Sponsored by, publisher of the CyberOSINT monograph

OnionScan Checks for Falsely Advertised Anonymous Sites on Dark Web

July 6, 2016

Dark Web sites are not exempt from false advertising about their anonymity. A recently published article from Vice’s Motherboard shares a A Tool to Check If Your Dark Web Site Is Really Anonymous. The program is called OnionScan and it determines issues on sites that may unmask servers or reveal their owners. An example of this is that could potentially be metadata, such as photo location information, hidden in images on the site. Sarah Jamie Lewis, an independent security researcher who developed OnionScan, told Motherboard:

The first version of OnionScan will be released this weekend, Lewis said. “While doing some research earlier this year I kept coming across the same issues in hidden services—exposed Apache status pages, images not stripped of exif data, pages revealing information about the tools used to build it with, etc. The goal is [to] provide an easy way of testing these things to drive up the security bar,” Lewis added. It works “pretty much the same as any web security scanner, just tailored for deanonymization vectors,” she continued.”

It is interesting that it appears this tool has been designed to protect users from the mistakes made by website administrators who do not set up their sites properly. We suppose it’s only a matter of time before we start seeing researchers publish the number of truly secure and anonymous Dark Web sites versus those with outstanding issues.



Megan Feil, July 6, 2016

Sponsored by, publisher of the CyberOSINT monograph


Watson Weekly: IBM Watson Service for Use in the IBM Cloud: Bluemix Paas, IBM SPSS, Watson Analytics

July 5, 2016

The article on ComputerWorld titled Review: IBM Watson Strikes Again relates the recent expansions of Watson’s cloud service portfolio, who is still most famous for winning on Jeopardy. The article beings by evoking that event from 2011, which actually only reveals a small corner of Watson’s functions. The article mentions that to win Jeopardy, Watson basically only needed to absorb Wikipedia, since 95% of the answers are article titles. New services for use in the IBM Cloud include the Bluemix Paas, IBM SPSS, and Predictive Analytics. Among the Bluemix services is this gem,

“Personality Insights derives insights from transactional and social media data…to identify psychological traits, which it returns as a tree of characteristics in JSON format. Relationship Extraction parses sentences into their components and detects relationships between the components (parts of speech and functions) through contextual analysis. The Personality Insights API is documented for Curl, Node, and Java; the demo for the API analyzes the tweets of Oprah, Lady Gaga, and King James as well as several textual passages.”

Bluemix also consists of AlchemyAPI for ftext and image content reading, Concept Expansion and Concept Insights, which offers text analysis and linking of concepts to Wikipedia topics. The article is less kind to Watson Analytics, a Web app for data analysis with ML, which the article claims “tries too hard” and is too distracting for data scientists.


Chelsea Kerwin,  July 5, 2016

Sponsored by, publisher of the CyberOSINT monograph

Who Will Connect the Internet of Things to Business

June 23, 2016

Remember when Nest Labs had all the hype a few years ago? An article from BGR reminds us how the tides have turned: Even Google views its Nest acquisition as a disappointment. It was in 2014 that Google purchased Nest Labs for $3.2 billion. Their newly launched products, a wifi smoke alarm and thermostat, at the time seemed to the position the company for greater and greater success. This article offers a look at the current state:

“Two and a half years later and Nest is reportedly in shambles. Recently, there have been no shortage of reports suggesting that Nest CEO Tony Fadell is something of a tyrannical boss cut from the same cloth as Steve Jobs (at his worst). Additionally, the higher-ups at Google are reportedly disappointed that Nest hasn’t been able to churn out more hardware. Piling it on, Re/Code recently published a report indicating that Nest generated $340 million in revenue last year, a figure that Google found disappointing given how much it spent to acquire the company. And looking ahead, particulars from Google’s initial buyout deal with Nest suggest that the pressure for Nest to ramp up sales will only increase.”

Undoubtedly there are challenges when it comes to expectations about acquired companies’ performance. But when it comes to the nitty gritty details of the work happening in those acquisitions, aren’t managers supposed to solve problems, not simply agree the problem exists? How the success of “internet of things” companies will pan out seems to be predicated on their inherent interconnectedness — that seems to apply at both the levels of product and business.


Megan Feil, June 23, 2016

Sponsored by, publisher of the CyberOSINT monograph

ZyLab Places eDiscovery in the Cloud

June 23, 2016

Through their Press Room site, ZyLab announces, “Zylab Introduces eDiscovery as a Service.” Billed as a cost-saving alternative to in-house solutions, the new platform allows users to select and pay for only the services they need through a monthly subscription. The press-release tells us:

“ZyLAB today announces that its eDiscovery solutions are now also delivered via the Internet in a software-as-a-service (SaaS) model in EMEA and AP via a managed service provider model. ZyLAB’s eDiscovery as a Service is introduced as the cost-effective alternative for organizations that do not have the time or IT resources to bring an eDiscovery solution in house. …

“With ZyLAB’s eDiscovery as a Service every type of company, in every industry can now easily scope the level of system they require. ZyLAB’s services span the entire Electronic Discovery Reference Model (EDRM) so a company can select the precise services that meet the needs of their current matter. The Service Level Agreement (SLA) will outline those selections and guarantee the availability of the data, ZyLAB’s software, and ongoing maintenance from ZyLAB’s Professional Services consultants.”

We are assured ZyLab’s SaaS solutions are of the same caliber as their on-premises solutions.  This approach can save a lot of time and hassle, especially for companies without a dedicated IT department. The write-up notes there are no long-term contracts or volume constraints involved,

and, of course, no new hardware to buy. If a company is willing to trust their data to a third party’s security measures, this could be a cost-effective way to manage eDiscovery.

Of course, if you were to trust anyone with your sensitive data, ZyLab’s record makes them a good choice. In fact, the company has been supplying eDiscovery and Information Government tech to prominent organizations for over three decades now. Large corporations, government organizations, regulatory agencies, and law firms around the world rely on their eDiscovery platform. The company was founded in 1983, with the release of the first full-text retrieval software for the PC. It’s eDiscovery/ Information Management platform was released in 2010.


Cynthia Murrell, June 23, 2016

Sponsored by, publisher of the CyberOSINT monograph


The Paradox of Marketing and Anonymity

June 22, 2016

While Dark Web users understand the perks of anonymity, especially for those those involved with illicit activity, consistency in maintaining that anonymity appears to be challenging. published an article that showcases how one drug dealer revealed his identity while trying to promote his brand: Drug dealer busted after trying to trademark his dark web username. David Ryan Burchard of Merced, California reportedly made $1.25 million by selling marijuana and cocaine on the Dark Web before he trademarked the username he used to sell drugs, “caliconnect”. The article summarizes,

“He started out on Silk Road and moved on to other shady marketplaces in the wake of its highly-publicized shutdown. Burchard wound up on Homeland Security’s list of top sellers, though they were having trouble establishing a rock-solid connection between him and his online persona. They knew that Burchard was accumulating a large Bitcoin stash and that there didn’t appear to be a legitimate source. Then, finally, investigators got the break they were looking for. It seems that Burchard decided that his personal brand was worth protecting, and he filed paperwork to trademark “caliconnect.””

Whether this points to the proclivity of human nature to self-promote or the egoism of one person in a specific situation, it seems that all covering the story are drawing attention to this foiling move as a preventable mistake on Burchard’s part. Look no farther than the title of a recent Motherboard article: Pro-Tip: If You’re a Suspected Dark Web Drug Dealer, Don’t Trademark Your #Brand. The nature of promotions and marketing on the Dark Web will be an interesting area to see unfold.


Megan Feil, June 22, 2016

Sponsored by, publisher of the CyberOSINT monograph

Next Page »