CyberOSINT banner

Smart Robots Just Want to Be Free

June 29, 2016

News from some nation states is, in the words of the millennial podcast, “actual factual.” A case in point is the second – yep, the second – news story about a robot with artificial intelligence. This particular robot, as referenced in the “it has to be true” story “An AI Robot Escapes Lab in Russia.” Here’s the passage I noted:

The company said that they are testing a new system that would allow the robot to avoid any collisions while it was operating by itself. However, the mistake was human when a gate was left open and the robot wandered into the street. He was gone for about 40 minutes. The Promobot interacts with people using speech recognition. It uses prerecorded responses, facial expressions, and a large screen to help talk to people. The company has said they hope that the robot will be used for promotions, guides, and tours. Promobot co-founder Oleg Kivokurtsev is worried about its ability to break out and said, “I think we might have to dismantle it.”

Modifying the software appears to be an approach which is not part of the program. I was hoping that IBM Watson would help the folks who made Promobot IR77 come up with more newsworthy examples of cognitive solutions.

In the PR department, one cannot do better than IBM. Watson does not fall for pizza promotions.

Stephen E Arnold, June 29, 2016

Alphabet Google and Its EU Strategy

June 29, 2016

Short honk: Read the original article “Eric Schmidt Gave Us a Glimpse of the Strategy He’s Using to Persuade the EU to Not Declare Google a Monopoly.”

Here’s the quote to note which I circled in true blue:

“Our strategy, and my personal strategy, is to get to know the regulators very, very well.” Schmidt [Alphabet Google big dog] does that, he said, because “people don’t know how we work.”

Right. No one really knows how Alphabet Google works. Perhaps one might ask someone disenchanted with Mother Google. Perhaps a person at Foundem has some thoughts.

To know the Alphabet Google thing is to love the Alphabet Google thing. Knowledge makes the monopoly idea fade it seems.

Stephen E Arnold, June 29, 2016

More Variables Than Technology for Enterprise Security to Consider

June 29, 2016

For all the effort enterprises go to in securing data through technological solutions, there are also other variables to consider: employees. Business Insider released an article, 1 in 5 employees are willing to hand over their work passwords for money, that shares survey research from SailPoint. 20 percent of 1,000 respondents, from organizations with over 1,000 employees, would be willing to sell their work passwords. US employees win the “most likely” award with 27 percent followed by Netherlands with 20 percent, and then UK and France at 16 percent. The article tells us,

“Some employees were willing to sell their passwords for as little as $55 (£38) but most people wanted considerably more, with $82,000 (£56,000) being the global average amount required,according to figures cited by Quartz that weren’t in the report. Unauthorised access to a company’s internal systems could provide a treasure trove of valuable data for criminals. They may be targeting individual user accounts, or they could be after intellectual property, or corporate strategy data.”

Undoubtedly, search and/or cybertheft is easier with a password. While the survey reports findings that may be alarming to organizations, we are left with the question, ‘why’. It may be easy to say morality is the dividing line, but I think this article wrestling with the morality question is on the right track pointing to considering sociological implications, for example, employee engagement and satisfaction cannot be discounted as factors in a decision to sell a password.

 

Megan Feil, June 29, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Dark Web Hacking Site Changes Hands

June 29, 2016

Navigating the Dark Web can be a hassle, because many of the Web sites are shut down before you have the chance to learn what nefarious content, services, or goods are available.  Some of these sites go down on their own, but law enforcement had a part in dismantling them as well.  Some Dark Web sites are too big and encrypted to be taken down and sometimes they exchange hands, such as Silk Road and now Hell.  Motherboard explains that “Dark Web Hacking Forum ‘Hell’ Appears To Have New Owners.”

The Real Deal, a computer exploit market, claimed to take ownership of Hell, the hacking forum known for spreading large data dumps and stolen data.  Real Deal said of their acquisition:

“ ‘We will be removing the invite-only system for at least a week, and leave the “vetting” forum for new users,’ one of The Real Deal admins, who also used the handle The Real Deal, told Motherboard in an encrypted chat.  ‘It’s always nice to have a professional community that meets our market’s original niche, hopefully it will bring some more talent both to the market and to the forums,’ the admin continued. ‘And it’s no secret that we as admins would enjoy the benefit of ‘first dibs’ on buying fresh data, resources, tools, etc.’”

The only part of Hell that has new administrators is the forum due to the old head had personal reasons that required more attention.  Hell is one of the “steadier” Dark Web sites and it played a role in the Adult FriendFinder hack, was the trading place for Mate1 passwords, and hosted breaches from a car breathalyzer maker.

Standard news for the Dark Web, until the next shutdown and relaunch.

 

Whitney Grace, June 29, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Bad News for Instant Analytics Sharpies

June 28, 2016

I read “Leading Statisticians Establish Steps to Convey Statistics a Science Not Toolbox.” I think “steps” are helpful. The challenge will be to corral the escaped ponies who are making fancy analytics a point and click, drop down punch list. Who needs to understand anything. Hit the button and generate visualizations until somethings looks really super. Does anyone know a general who engages in analytic one-upmanship? Content and clarity sit in the backseat of the JLTV.

The write up is similar to teens who convince their less well liked “pals” to go on a snipe hunt. I noted this passage:

To this point, Meng [real statistics person] notes “sound statistical practices require a bit of science, engineering, and arts, and hence some general guidelines for helping practitioners to develop statistical insights and acumen are in order. No rules, simple or not, can be 100% applicable or foolproof, but that’s the very essence that I find this is a useful exercise. It reminds practitioners that good statistical practices require far more than running software or an algorithm.”

Many vendors emphasize how easy smart analytics systems are to use. The outputs are presentation ready. Checks and balances are mostly pushed to the margins of the interface.

Here are the 10 rules.

  1. Statistical Methods Should Enable Data to Answer Scientific Questions
  2. Signals Always Come with Noise
  3. Plan Ahead, Really Ahead
  4. Worry about Data Quality
  5. Statistical Analysis Is More Than a Set of Computations
  6. Keep it Simple
  7. Provide Assessments of Variability
  8. Check Your Assumptions
  9. When Possible, Replicate!
  10. Make Your Analysis Reproducible

I think I can hear the guffaws from the analytics vendors now. I have tears in my eyes when I think about “statistical methods should enable data to answer scientific questions.” I could have sold that line to Jack Benny if he were still alive and doing comedy. Scientific questions from data which no human has checked for validity. Oh, my goodness. Then reproducibility. That’s a good one too.

Stephen E Arnold, June 28, 2016

CloudFlare Claims Most Activity from Tor Is Malicious

June 28, 2016

Different sources suggest varying levels of malicious activity on Tor. Tech Insider shared an article responding to recent claims about Tor made by CloudFlare. The article, entitled, Google Search has a secret feature that shouts animal noises at you, offers information about CloudFlare’s perspective and that of the Tor Project. CloudFlare reports most requests from Tor, 94 percent, are “malicious” and the Tor Project has responded by requesting evidence to justify the claim. Those involved in the Tor Project have a hunch the 94 percent figure stems from CloudFlare attributing the label of “malicious” to any IP address that has ever sent spam. The article continues,

“We’re interested in hearing CloudFlare’s explanation of how they arrived at the 94% figure and why they choose to block so much legitimate Tor traffic. While we wait to hear from CloudFlare, here’s what we know: 1) CloudFlare uses an IP reputation system to assign scores to IP addresses that generate malicious traffic. In their blog post, they mentioned obtaining data from Project Honey Pot, in addition to their own systems. Project Honey Pot has an IP reputation system that causes IP addresses to be labeled as “malicious” if they ever send spam to a select set of diagnostic machines that are not normally in use. CloudFlare has not described the nature of the IP reputation systems they use in any detail.”

This article raises some interesting points, but also alludes to more universal problems with making sense of any information published online. An epistemology about technology, and many areas of study, is like chasing a moving target. Knowledge about technology is complicated by the relationship between technology and information dissemination. The important questions are what does one know about Tor and how does one know about it?

 

Megan Feil, June 28, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Is the NSA Is Overwhelmed with Data?

June 28, 2016

US citizens are worried about their civil liberties being compromised by the National Security AgencyZDNet reports they might not need to be worried anymore in the article, “NSA Is So Overwhelmed With Data, It’s No Longer Effective, Says Whistleblower.”

William Binney is a former official from the National Security Agency (NSA) with thirty years under his belt.  Binney has been a civilian for fifteen years, but he is abhorred with the NSA.  He said the NSA is so engorged with data that it has lost its effectiveness and important intelligence is lost in the mess.  This is how the terrorists win.  Binney also shared that an NSA official could run a query and be overwhelmed with so much data they would not know where to start.

” ‘That’s why they couldn’t stop the Boston bombing, or the Paris shootings, because the data was all there,’ said Binney. Because the agency isn’t carefully and methodically setting its tools up for smart data collection, that leaves analysts to search for a needle in a haystack.  ‘The data was all there… the NSA is great at going back over it forensically for years to see what they were doing before that,’ he said. ‘But that doesn’t stop it.’”

The problems are worse across the other law enforcement agencies, including the FBI, CIA, and DEA.  Binney left the NSA one month after 9/11 and reported that the NSA uses an intrusive and expensive data collection system.   The mantra is “to collect it all”, but it is proving ineffective and expensive.  According to Binney, it is also taking away half the Constitution.

Binney’s statements remind me of the old Pokémon games.  The catchphrase for the franchise is “gotta catch ‘em all” and it was easy with 150 Pokémon along with a few cheat codes.  The games have expanded to over seven hundred monsters to catch, plus the cheat codes have been dismantled making it so overwhelming that the game requires endless hours just to level up one character.  The new games are an ineffective way to play, because it takes so long and there is just too much to do.  The NSA is suffering from too many Pokémon in the form of data.

 

Whitney Grace, June 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

More Palantir Spotting

June 27, 2016

Trainspotting is a collection of short stories or a novel presented as a series of short stories by Irvine Welsh. The fun lovers in the fiction embrace avocations which seem to be addictive. The thrill is the thing. Now I think I have identified Palantir spotting.

Navigate to “Palantir Seeks to Muzzle Former Employees.” I am not too interested in the allegations in the write up. What is interesting is that the article is one of what appears to be of series of stories about Palantir Technologies enriched with non public documents.

image

The Thingverse muzzle might be just the ticket for employees who want to chatter about proprietary information. I assume the muzzle is sanitary and durable, comes in various sizes, and adapts to the jaw movement of the lucky dog wearing the gizmo.

Why use the phrase “Palantir spotting.” It seems to me that making an outfit which provides services and software to government entities is an unusual hobby. I, for example, lecture about the Dark Web, how to recognize recycled analytics algorithms and their assorted “foibles,” and how to find information in the new, super helpful Google Web search system.

Poking the innards of an outfit with interesting software and some wizards who might be a bit testy is okay if done with some Onion type  or Colbert like humor. Doing what one of my old employers did in the 1970s to help ensure that company policies remain inside the company is old hat to me.

In the write up, I noted:

The Silicon Valley data-analysis company, which recently said it would buy up to $225 million of its own common stock from current and former staff, has attached some serious strings to the offer. It is requiring former employees who want to sell their shares to renew their non-disclosure agreements, agree not to poach Palantir employees for 12 months, and promise not to sue the company or its executives, a confidential contract reviewed by BuzzFeed News shows. The terms also dictate how former staff can talk to the press. If they get any inquiries about Palantir from reporters, the contract says, they must immediately notify Palantir and then email the company a copy of the inquiry within three business days. These provisions, which haven’t previously been reported, show one way Palantir stands to benefit from the stock purchase offer, known as a “liquidity event.”

Okay, manage information flow. In my experience, money often comes with some caveats. At one time I had lots and lots of @Home goodies which disappeared in a Sillycon Valley minute. The fine print for the deal covered the disappearance. Sigh. That’s life with techno-financial wizards. It seems life has not changed too much since the @Home affair decades ago.

I expect that there will be more Palantir centric stories. I will try to note these when they hit my steam powered radar detector in Harrod’s Creek. My thought is that like the protagonists in Trainspotting, Palantir spotting might have some after effects.

I keep asking myself this question:

How do company confidential documents escape the gravitational field of a comparatively secretive company?

The Palantir spotters are great data gatherers or those with access to the documents are making the material available. No answers yet. Just that question about “how”.

Stephen E Arnold, June 27, 2016

Does It Matter Who Writes an Article? Probably Not

June 27, 2016

I read “Google Has Stopped Using Authorship Completely, Even for In-Depth Articles.” The write up points out that “authorship is officially and completely dead.” What an outstanding development, assuming, of course, that the article is spot on.

Google seems to be able to figure out who wrote something from the text alone. The innovation should put to rest the question about Shakespeare’s plays. Also, when anonymous information appears on a pastesite, the Alphabet Google thing will “know” who wrote the upload, right?

As wonderful as the world’s largest derivative of GoTo / Overture technology is, I am not 100 percent confident in the authorship function. I am reasonably certain that the Googler making the pronouncement was speaking to the search engine optimization crowd which believes many things in my experience.

For those in the law enforcement and intelligence business, perhaps the best way to determine Google’s capability in authorship is to probe the pastesite content. Wouldn’t that make clear what Google can and cannot do with “authorship.”

My best guess is that Google’s technology might fall short of the mark for some real world applications. For now, knowing who wrote what remains a semi useful factoid. By the way, who writes those Google patents? The named individuals or a flock of legal eagles? If authorship is irrelevant, why do some Google patent applications present the names of numerous Alphabet Google wizards?

Oh, right, I forgot that authorship only applies to marketing type content for the purpose of objective, on point results for the purpose of selling ads. Got it. Students will have to know who wrote “Foresight and Understanding: An Inquiry into the Aims of Science” or “Go Add Value Someplace Else: A Dilbert Book.”

Stephen E Arnold, June 27, 2016

Google Results Now Include Animal Noise Audio

June 27, 2016

Ever wonder about the difference in the noise a bowhead whale makes versus a humpback whale? This is yet another query Google can answer. Tech Insider informed us that Google Search has a secret feature that shouts animal noises at you. This feature allows users to listen to 20 different animal sounds, but according to the article, it is not a well-known service yet. Available on mobile devices as well, this feature appears with a simply query of “what noise does an elephant make?” The post tells us,

“Ever wondered what noise a cow makes? Or a sheep? Or an elephant? No, of course you haven’t because you’re a normal adult with some grasp of reality. You know what noise a sheep makes. But let’s assume for a minute that you don’t. Well, not to worry: Google has got your back. That’s because as well as being a calculator, a tool for researching coworkers, and a portal for all the world’s information, Google has another, little-known feature … It’s capable of making animal noises. Lots of them.”

I don’t know if we would call 20 animal noises “a lot” considering the entirety of the animal kingdom, but it’s definitely a good start. As the article alludes to, the usefulness of this feature is questionable for adults, but perhaps it could be educational for kids or of some novelty interest to animal lovers of all ages. Search is always searching to deliver more.

 

Megan Feil, June 27, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Next Page »