Dark Web Notebook Now Available

June 5, 2017

Arnold Information Technology has published Dark Web Notebook: Investigative Tools and Tactics for Law Enforcement, Security, and Intelligence Organizations. The 250-page book provides an investigator with instructions and tips for the safe use of the Dark Web. The book, delivered as a PDF file, costs $49.

Orders and requests for more information be directed to darkwebnotebook@yandex.com. Purchasers must verify that they work for a law enforcement, security, or intelligence organization. Dark Web Notebook is not intended for general distribution due to the sensitive information it contains.

The author is Stephen E Arnold, whose previous books include CyberOSINT: Next Generation Information Access and Google Version 2.0: The Calculating Predator, among others. Arnold, a former Booz, Allen & Hamilton executive, worked on the US government-wide index and the Threat Open Source Intelligence Gateway.

The Dark Web Notebook was suggested by attendees at Arnold’s Dark Web training sessions, lectures, and webinars. The Notebook provides specific information an investigator or intelligence professional can use to integrate Dark Web information into an operation.

Stephen E Arnold, author of the Dark Web Notebook, said:

“The information in the Dark Web Notebook has been selected and presented to allow an investigator to access the Dark Web quickly and in a way that protects his or her actual identity. In addition to practical information, the book explains how to gather information from the Dark Web. Also included are lists of vendors who provide Dark Web services to government agencies along with descriptions of open source and commercial software tools for gathering and analyzing Dark Web data. Much of the information has never been collected in a single volume written specifically for those engaged in active investigations or operations.”

The book includes a comprehensive table of contents, a glossary of terms and their definitions, and a detailed index.

The book is divided into 13 chapters. These are:

  1. Why write about the Dark Web?
  2. An Introduction to the Dark Web
  3. A Dark Web Tour with profiles of more than a dozen Dark Web sites, their products, and services
  4. Dark Web Questions and Answers
  5. Basic Security
  6. Enhanced Security
  7. Surface Web Resources
  8. Dark Web Search Systems
  9. Hacking the Dark Web
  10. Commercial Solutions
  11. Bitcoin and Variants
  12. Privacy
  13. Outlook

In addition to the Glossary, the annexes include a list of DARPA Memex open source software written to perform specific Dark Web functions, a list of spoofed Dark Web sites operated by law enforcement and intelligence agencies, and a list of training resources.

Kenny Toth, June 5, 2017

Facebook Excitement: The Digital Country and Kids

May 4, 2017

I read “Facebook Admits Oversight after Leak Reveals Internal Research On Vulnerable Children.” The write up reports that an Australian newspaper:

reported that Facebook executives in Australia used algorithms to collect data on more than six million young people in Australia and New Zealand, “indicating moments when young people need a confidence boost.”

social media madness small

The idea one or more Facebook professionals had strikes me as one with potential. If an online service can identify a person’s moment of weakness, that online service could deliver content designed to leverage that insight. The article said:

The data analysis — marked “Confidential: Internal Only” — was intended to reveal when young people feel “worthless” or “insecure,” thus creating a potential opening for specific marketing messages, according to The Australian. The newspaper said this case of data mining could violate Australia’s legal standards for advertising and marketing to children.

Not surprisingly, the “real” journalism said:

“Facebook has an established process to review the research we perform,” the statement continued. “This research did not follow that process, and we are reviewing the details to correct the oversight.”

When Facebook seemed to be filtering advertising based on race, Facebook said:

“Discriminatory advertising has no place on Facebook.”

My reaction is to this revelation is, “What? This type of content shaping is news?”

My hunch is that some folks forget that when advertisers suggest one has a lousy complexion, particularly a disfiguring rash, the entire point is to dig at insecurities. When I buy the book Flow for a friend, I suddenly get lots of psycho-babble recommendations from Amazon.

Facebook, like any other sales oriented and ad hungry outfit, is going to push as many psychological buttons as possible to generate revenue. I have a hypothesis that the dependence some people have on Facebook “success” is part of the online business model.

What’s the fix?

“Fix” is a good word. The answer is, “More social dependence.”

In my experience, drug dealers do not do intervention. The customer keeps coming back until he or she doesn’t.

Enforcement seems to be a hit-and-miss solutions. Intervention makes some Hollywood types oodles of money in reality programming. Social welfare programs slump into bureaucratic floundering.

Could it be that online dependence is a cultural phenomenon. Facebook is in the right place at the right time. Technology makes it easy to refine messages for maximum financial value.

Interesting challenge, and the thrashing about for a “fix” will be fascinating to watch. Perhaps the events will be live streamed on Facebook? That may provide a boost in confidence to Facebook users and to advertisers. Win win.

Stephen E Arnold, May 4, 2017

Which Beyond Search? Text Processing or Meet Market?

April 3, 2017

In Madrid last week, a person showed me a link to Beyond Search. Nope, not this Beyond Search but to an executive recruitment firm based in London. This outfit owns the url beyondsearch.net and had the good sense to piggyback on the semantic value created by my Kentucky thoughts about search, content processing, text analytics and related subjects.

I took a quick look at the company’s Web site, which looks quite a bit like one of those Squarespace instant sites with sliders, large type, and zippy images. There were a couple of points I noted. Permit me to focus on the staff and the partners of the London-based “get you a new job, pal” store front.

First, the list of partners includes a link to a Brazilian executive recruitment company named Grupo Selpe. I used to live in Campinas, and I did a quick check of this company. The connection between Grupo Selpe and Beyond Search seems to be one of Beyond Search’s “directors.” There’s not much information about the executive directors, but we will continue to monitor the named entities. There was one link related to Grupo Selpe and Beyond Search, and it was dated 2005. Odd that in 12 years, there’s only one modest reference to the London shot house type company.

Second, we noted that the founder of Beyond Search is a person allegedly named James Davies. He too exists in a bit of an information vacuum. His LinkedIn page reports that he is a graduate of Keele University, and he has been the founder of two interesting Google-scale operations; specifically:

  • ScaleUp Works, a conference designed to raise investment funds
  • Walker Davies, an outfit described as “the UK’s pre-eminent startup and scale up hiring specialists”.

Walker Davies is interesting because it is listed as one of the “partners” of the Beyond Search recruitment outfit. It strikes me that Walker Davies and Beyond Search are in the same business: Headhunting, a colloquial terms popular in the US for moving a person to a new job.

image

Headhunting refers to the practice of some indigenous people. Beyond Search, despite its aboriginal origins, consumes only geese. Beyond Search in London may consume the careers of certain individuals. Beyond Search is enjoyed by certain individuals familiar with our approach and work for certain government entities engaged in law enforcement. Beyond Search in London is familiar to the pay-to-play aspect of executive recruitment; for instance, this company, Not Actively Looking.

Third, one of the partners of the recruitment outfit is the Financial Times. It apparently had a Non Executive Directors’ Club. I clicked on the link to the Financial Times, a publication which I view as one which tries not to get embroiled in illegal, underhanded, and deceptive practices. (I could be incorrect of course.) What happens when I follow the link? I get a 404 error.

image

This snippet from the headhunting Web site says that Beyond Search is proud to be partners with the Financial times Non Executive Director’s Club. Please, note the typographical error introduced between the logo and the executive placement service’s rendering of the identical text. Careless? No, just a bad link. I saw this when I clicked on the logo:

image

It seems that the Financial Times does not want to be captured in the headhunters’ pot of boiling oil or the Beyond Search headhunting outfit does not have the ability to get details right. If that is indeed the case, I am not sure I would entrust my Beyond Search goose’s job search to those who might plop the dear bird into a pot and sit back and wait for goose with sauerkraut. “Sour” right?

Fourth, The OwenJames’s link is not active. But it seems to be given pride of place on the Beyond Search LinkedIn page. I find that interesting because even my LinkedIn page includes slightly more timely information. Compare the two entries and decide for yourself: The Arnold LinkedIn page vs. the James Davies’ page.

Beyond Search BeyondSearch
image image

Fifth, the Beyond Search partner Paradox is in the coaching business. No, not football in the Roman Abramovich school of management. (See “Ruthless Sacking Is the Hallmark of Roman Abramovich Empire.” The Paradox service strikes me as somewhat vague. As a former Booz, Allen & Hamilton lackey, I understand the value of vagueness. I did enjoy the quote from Niels Bohr: The opposite of a correct statement is a false statement.” But is that what Paradox is about? False statements. I know that folks in Harrod’s Creek are not as sharp as those from more sophisticated cities like London, but the paradox is that I don’t understand how paradox is the heart of leadership.

An outfit with the same name as this beloved blog may have some good qualities. Granted, the punctuation errors, Financial Times’s link which isn’t, and the fascinating grab bag of partners suggests that the headhunter outfit is an interesting operation.

Rah, rah, to any company which wishes to hang on the webbed feet of the flying goose. Remember. When the Beyond Search goose lands, it can lay golden eggs. Sometimes, however, it can leave a deposit which can discolor paint with poo burn like this:

image

The opposite of the truth is what again? Ah, right. The Beyond Search operation in the UK. Recruit on, I say.

Stephen E Arnold, April 3, 2017

Canada: Right to Be Forgotten

February 15, 2017

I found this interesting. According to “Did a Canadian Court Just Establish a New Right to Be Forgotten Online?

the Federal Court of Canada issued a landmark ruling that paves the way for a Canadian version of the right to be forgotten that would allow courts to issue orders with the removal of Google search results on a global basis very much in mind. The case – A.T. v. Globe24H.com – involves a Romanian-based website that downloaded thousands of Canadian judicial and tribunal decisions, posted them online and demanded fees for their swift removal. The decisions are all public documents and available through the Canadian Legal Information Institute (CanLII), a website maintained by the legal profession in support of open access to legal materials

I find the logic interesting. I believe that Thomson Reuters processes public legal documents and charges a fee to access them and the “value add” that WestLaw and its sister outfits impose. Maybe I am addled like the goose in Harrod’s Creek, but it seems that what’s good for one gander is not so good for the Google.

Poor Romanian entrepreneur! Come up with an original idea and learn that a country wants the data removed. No word on the views of Reed Elsevier which operates LexisNexis. Thomson Reuters, anything to add?

The removal of links is a hassle at best and a real pain at the worst for the Google. For researchers, hey, find the information another way.

Stephen E Arnold, February 15, 2017

About Twitter: Kill It, Kill It Now

January 14, 2017

I am not sure what to make of “It’s Time to Kill Twitter, Before It Kills Us.”  I understand how drone swarms can kill. I grasp the notion of fungibles doing bad in airport baggage claim. But I had not considered the idea that sending short digital messages would kill “us.”

The write up explained to me:

The best thing you might say about Twitter is that it’s become the new micro press release—a way for the famous and powerful to promote, with as little effort as possible, their next project, product or random thought.

Twitter, therefore, can trigger people to do bad things. Therefore, kill Twitter.

The logic is obviously rock solid for some folks.

The write up continued:

From its founding, Twitter never had a purpose.

Okay, new media have no purpose. Interesting notion, particularly when viewed in the context of the tradition of communication methods.

But Twitter might be tough to kill. The write up pointed out:

Twitter might prove harder to get rid of than raccoons at a campsite. The company is still worth nearly $12 billion. It still has around 300 million monthly users. And it still has Trump, so if anyone tried to shutter it, he’d probably step in and classify Twitter as essential to our national security and install Ivanka to run it.

Fascinating. The question is, “Is the write up humorous like the Beyond Search weekly video news program, or is the write up making clear that certain types of communication must be stopped?”

News week or news weak?

Stephen E Arnold, January 14, 2017

The Dark Web and Surface Web Connection

January 11, 2017

IBM is doing its part to educate about the Dark Web. IBM Big Data and Analytics Hub shared a podcast episode entitled, Should we shut down the Dark Web?, which addresses the types of illegal activities on the Dark Web, explains challenges for law enforcement and discusses the difficulty in identifying Dark Web actors. Senior product manager of cyber analysis with IBM i2 Safer Planet, Bob Stasio, hosts the podcast. We found what one of the guests, Tyler Carbone, had to say quite interesting,

The parts of the internet we’re particularly interested in is where stolen information is posted and traded. What’s interesting is that that’s happening not through Tor…For what we’re interested in, a lot of stolen information is posted (traded and sold) on lite web sites — you can access them in Internet Explorer or Chrome. They’re just hosted in countries that aren’t particularly listed. One of the most well-known carding marketplaces…is hosted on a .cm….That’s not hidden within Tor at all. The problem is that individuals are logging in in an anonymous way so we can’t follow up with the individuals.

The line between the Surface Web and the Dark Web may be blurring or blurred. Ultimately, the internet is rooted in connection, so it’s hard to imagine clear separation between actors and activities being relegated to one or the other. We recommend giving this podcast a listen to ruminate on questions such as whether the Dark Web could and should be shut down. 

Megan Feil, January 11, 2017

Facebook, Google, Twitter, YouTube: A Spirit of Cooperation

December 6, 2016

I found this write up interesting. No philosophy or subjective comment required. The title of the write up is “Partnering to Help Curb Spread of Online Terrorist Content.” This is what is called “real” news, but that depends upon one’s point of view.

I highlighted this passage:

Facebook, Microsoft, Twitter and YouTube are coming together to help curb the spread of terrorist content online. There is no place for content that promotes terrorism on our hosted consumer services. When alerted, we take swift action against this kind of content in accordance with our respective policies.

The idea is to use “digital fingerprints” in the manner of Terbium Labs and other companies to allow software to match prints and presumably take action in an automated, semi automated, or manual fashion. The  idea is to make it difficult for certain content to be “found” online via these services.

The write up adds:

As we continue to collaborate and share best practices, each company will independently determine what image and video hashes to contribute to the shared database. No personally identifiable information will be shared, and matching content will not be automatically removed. Each company will continue to apply its own policies and definitions of terrorist content when deciding whether to remove content when a match to a shared hash is found. And each company will continue to apply its practice of transparency and review for any government requests, as well as retain its own appeal process for removal decisions and grievances. As part of this collaboration, we will all focus on how to involve additional companies in the future.

I noted the word “collaborate” and its variants.

The filtering addresses privacy in this way:

Throughout this collaboration, we are committed to protecting our users’ privacy and their ability to express themselves freely and safely on our platforms. We also seek to engage with the wider community of interested stakeholders in a transparent, thoughtful and responsible way as we further our shared objective to prevent the spread of terrorist content online while respecting human rights.

Fingerprints in the world of law enforcement are tied to an individual or, in the case of Terbium, to an entity. Walking back from a fingerprint to an entity is a common practice. The business strategy is to filter content that does not match the policies of certain organizations.

Stephen E Arnold, December 6, 2016

The Google: A Real Newspaper Discovers Modern Research

December 4, 2016

I read “Google, Democracy and the Truth about Internet Search.” One more example of a person who thinks he or she is an excellent information hunter and gatherer. Let’s be candid. A hunter gatherer flailing away for 15 or so years using online research tools, libraries, and conversations with actual humans should be able to differentiate a bunny rabbit from a female wolf with baby wolves at her feet.

Natural selection works differently in the hunting and gathering world of online. The intrepid knowledge warrior can make basic mistakes, use assumptions without consequence, and accept whatever a FREE online service delivers. No natural selection operates.

image

A “real” journalist discovers the basics of online search’s power. Great insight, just 50 years from the time online search became available to this moment of insight in December 2017. Slow on the trigger or just clueless?

That’s scary. When the 21st century hunter gatherer seems to have an moment of inspiration and realizes that online services—particularly ad supported free services—crank out baloney, it’s frightening. The write up makes clear that a “real” journalist seems to have figured out that online outputs are not exactly the same as sitting at a table with several experts and discussing an issue. Online is not the same as going to a library and reading books and journal articles, thinking about what each source presents as actual factoids.

Here’s an example of the “understanding” one “real” journalist has about online information:

Google is knowledge. It’s where you go to find things out.

There you go. Reliance on one service to provide “knowledge.” From an ad supported. Free. Convenient. Ubiquitous. Online service.

Yep, that’s the way to keep track of “knowledge.”

Read more

Info-Distortion: Suddenly People Understand

November 16, 2016

I have watched the flood of stories about misinformation, false news, popular online services’ statements about dealing with the issue, and denials that disinformation influence anything. Sigh.

I have refrained from commenting after reading write ups in the New York Times, assorted blogs, and wild and crazy posts on Reddit.

A handful of observations/factoids from rural Kentucky:

  • Detection of weaponized information is a non trivial task
  • Online systems can be manipulated by exploiting tendencies within the procedures of very popular algorithms; most online search systems rely on workhorse algorithms that know their way to the barn. Their predictability makes manipulation easy
  • Textual information which certain specific attributes will usually pass undetected by humans who have to then figure out a way to interrelate a sequence of messages distributed via different outlets

There is some information about the method at my www.augmentext.com site. The flaws in “smart” indexing systems have been known for years and have been exploited by individual actors as well as nation states. The likelihood of identifying and eliminating weaponized information will be an interesting challenge. Yep, I know a team of whiz kids figured out how to solve Facebook’s problem in a short period of time. I just don’t believe the approach applies to some of the methods in use by certain government actors. How do you know an “authority” is not a legend?

Stephen E Arnold, November 16, 2016

Cyber Security Factoids

October 31, 2016

I came across “Luxembourg to Become a Cyber Security Hub.” I usually ignore these blue chip consulting firm public relations love fests. I did not some interesting factoids in the write up. Who knows if these are correct, but some large organizations pay a lot of money to have the MBAs and accountants deliver these observations:

  • “In Luxembourg, 57%* of players expect to be the victim of cybercrime in the next 24 months.” (I assume that “players” are companies which the consulting firm either has as clients or hopes to make into clients.)
  • There are four trends in cyber security: “1) digital businesses are adopting new technologies and approaches to Cyber Security, 2) threat intelligence and information sharing have become business-critical, 3) organizations are addressing risks associated with the Internet of Things (IoT), and 4) geopolitical threats are rising.”
  • “In the 2017 Global State of Information Security Survey, PwC found more than 80% of European companies had experienced at least on Cyber Security incident in the past year. Likewise, the number of digital security incidents across all industries worldwide rose by 80%. The spending in the Cyber Security space is also increasing with 59% of the companies surveyed affirming that digitalization of the business ecosystem has affected their security spending.”
  • Companies the consulting firm finds interesting include: “Digital Shadows from the UK, Quarkslab from France, SecurityScorecard, enSilo, Skybox Security and RedOwl from the US, NetGuardians from Switzerland,Ironscales and Morphisec from Israel, and Picus Security from Turkey.”

Interesting.

Stephen E Arnold, October 31, 2016

Next Page »

  • Archives

  • Recent Posts

  • Meta