Bug-Free, Efficient Tor Network Inching Towards Completion

November 30, 2016

The development team behind the Tor Project recently announced the release of Tor 0.2.9.5 that is almost bug-free, stable and secure.

Softpedia in a release titled New Tor “The Onion Router” Anonymity Network Stable Branch Getting Closer says:

Tor 0.2.9.5 Alpha comes three weeks after the release of the 0.2.9.4 Alpha build to add a large number of improvements and bug fixes that have been reported by users since then or discovered by the Tor Project’s hard working development team. Also, this release gets us closer to the new major update of The Onion Router anonymity network.

Numerous bugs and loopholes were being reported in Tor Network that facilitated backdoor entry to snooping parties on Tor users. With this release, it seems those security loopholes have been plugged.

The development team is also encouraging users to test the network further to make it completely bug-free:

If you want to help the Tor Project devs polish the final release of the Tor 0.2.9 series, you can download Tor 0.2.9.5 Alpha right now from our website and install it on your GNU/Linux distribution, or just fetch it from the repositories of the respective OS. Please try to keep in mind, though, that this is a pre-release version, not to be used in production environments.

Though it will always be a cat and mouse game between privacy advocates and those who want to know what goes on behind the veiled network, it would be interesting to see who will stay ahead of the race.

Vishal Ingole, November 30, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Tor Comes to the Rescue of Turkish Online Activists

November 29, 2016

Authorities in Turkey have effectively banned the use of social media platforms like Facebook, Twitter, and YouTube. Tor, however, has to come to the rescue of users, particularly online activists who want to get the word out about the social unrest in the country.

Motherboard in a report tiled Turks Are Flocking to Tor After Government Orders Block of Anti-Censorship Tools says:

Turkish Internet users are flocking to Tor, the anonymizing and censorship circumvention tool, after Turkey’s government blocked Twitter, Facebook, and YouTube. Usage of Tor inside of Turkey went up from around 18,000 users to 25,000 users on Friday, when the government started blocking the popular social media networks, according to Tor’s official metrics.

Apart from direct connection to the Tor Network through TOR browser, the network also allows users to use bridge relays that circumvent any access restrictions by ISPs. Though it’s not yet clear if ISPs in Turkey have also banned Tor access; however, the bridge relay connections have seen a spike in number since the ban was implemented.

It is speculated that the Government may have notified ISPs to ban Tor access, but failed to tell them to do so effectively, which becomes apparent here (a Tweet by a user):

I believe the government just sent the order and didn’t give any guide about how to do it,” Sabanc? told Motherboard in an online chat via Twitter. “And now ISPs trying to figure it out.

This is not the first time Tor has come to the rescue of online activists. One thing though is sure, more and more people concerned about their privacy or do not want to be repressed turning towards anonymous networks like Tor.

Vishal Ingole, November 29, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Genetics Are Biased

November 4, 2016

DNA does not lie. DNA does not lie if conducted accurately and by an experienced geneticist.  Right now it is popular for people to get their DNA tested to discover where their ancestors came from.  Many testers are surprised when they receive their results, because they learn their ancestors came from unexpected places.  Black Americans are eager to learn about the genetics, due to their slave ancestry and lack of familial records.  For many Black Americans, DNA is the only way they can learn where their roots originated, but Africa is not entirely cataloged.

According to Science Daily’s article “Major Racial Bias Found In Leading Genomics Database,” if you have African ancestry and get a DNA test it will be difficult to pinpoint your results.  The two largest genomics databases that geneticists refer to contain a measurable bias to European genes.  From a logical standpoint, this is understandable as Africa has the largest genetic diversity and remains a developing continent without the best access to scientific advances.  These provide challenges for geneticists as they try to solve the African genetic puzzle.

It also weighs heavily on black Americans, because they are missing a significant component in their genetic make-up they can reveal vital health information.  Most black Americans today contain a percentage of European ancestry.  While the European side of their DNA can be traced, their African heritage is more likely to yield clouded results.  On a financial scale, it is more expensive to test black Americans genetics due to the lack of information and the results are still not going to be as accurate as a European genome.

This groundbreaking research by Dr. O’Connor and his team clearly underscores the need for greater diversity in today’s genomic databases,’ says UM SOM Dean E. Albert Reece, MD, PhD, MBA, who is also Vice President of Medical Affairs at the University of Maryland and the John Z. and Akiko Bowers Distinguished Professor at UM SOM. ‘By applying the genetic ancestry data of all major racial backgrounds, we can perform more precise and cost-effective clinical diagnoses that benefit patients and physicians alike.

While Africa is a large continent, the Human Genome Project and other genetic organizations should apply for grants that would fund a trip to Africa.  Geneticists and biologists would then canvas Africa, collect cheek swabs from willing populations, return with the DNA to sequence, and add to the database.  Would it be expensive?  Yes, but it would advance medical knowledge and reveal more information about human history.  After all, we all originate from Mother Africa.

Whitney Grace, November 4, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

The CIA Claims They Are Psychic

November 2, 2016

Today’s headline sounds like something one would read printed on a grocery store tabloid or a conspiracy Web site.  Before I start making claims about the Illuminati, this is not a claim about magical powers, but rather big data and hard science…I think.  Defense One shares that, “The CIA Says It Can Predict Social Unrest As Early As 3 To 5 Days Out.”  While deep learning and other big data technology is used to drive commerce, science, healthcare, and other industries, law enforcement officials and organizations are using it to predict and prevent crime.

The CIA users big data to analyze data sets, discover trends, and predict events that might have national security ramifications.  CIA Director John Brennan hired Andrew Hallman to be the Deputy Director for Digital Innovations within the agency.  Under Hallman’s guidance, the CIA’s “anticipatory intelligence” has improved.  The CIA is not only using their private data sets, but also augment them with open data sets to help predict social unrest.

The big data science allows the CIA to make more confident decisions and provide their agents with better information to assess a situation.

Hallman said analysts are “becoming more proficient in articulating” observations to policymakers derived in these new ways. What it adds up to, Hallman said, is a clearer picture of events unfolding—or about to unfold—in an increasingly unclear world.

What I wonder is how many civil unrest events have been prevented?  For security reasons, some of them remain classified.  While the news is mongering fear, would it not be helpful if the CIA shared some of its success stats with the news and had them make it a priority to broadcast it?

Whitney Grace, November 2, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

UK Public Annoyed with GHCQ Data Collection

October 30, 2016

I don’t have a dog in this fight, and I don’t want this type of pooch. The annoyance story “Public Wants Illegally Collected Data on Them Deleted.” The write up explains that a survey “proves” that the citizens of the United Kingdom want allegedly illegally collected data about them deleted. Here’s the passage I highlighted:

Comparitech.com and OnePoll have polled 1,000 members of the UK public, and 70 per cent wants that data gone. This is something the IPT failed to stipulate in its ruling.  For almost half (45 per cent), a compensation is in order, as well. The ruling has decreased the trust the UK public had in the government, and two thirds (68 per cent) also said it had lost trust in social media and email. Half (51 per cent) is more concerned about hackers stealing data, 14 per cent were most concerned with the government, and 31 per cent couldn’t decide between the two.

Let’s assume the sample size for a country with a population of about 70 million is just dandy. The two major data points of removing data and compensating citizens for the data are interesting. But what does “deleted” mean? How does one know if the data have been deleted or just converted to values in a metadata repository? And what’s with the compensation? What is the value of a single datum for a single person? Data gain value when normalized and aggregated. Calculating what a single UK citizen should receive might be a challenge for the wonks at Cambridge U. but I am confident someone in the economics unit is up to the task.

The really fascinating item in the write up is this statement:

A third (38 per cent) is willing to pay to increase their online privacy. There’s a good business idea for you.

A lot of people will fork over cash to have privacy. What a quaint notion in the UK and for some folks in the British government.

Stephen E Arnold, October 30, 2016

Posting to the Law Enforcement Database

October 28, 2016

The article titled Police Searches of Social Media Face Privacy Pushback on Underground Network discusses the revelations of an NPR article of the same name. While privacy laws are slow to catch up to the fast-paced changes in social media, law enforcement can use public data to track protesters (including retroactive tracking). The ACLU and social media networks are starting to push back against the notion that this is acceptable. The NPR article refers to the Twitter guidelines,

The guidelines bar search companies from allowing law enforcement agencies to use the data to “investigate, track or surveil Twitter’s users (…) in a manner that would require a subpoena, court order, or other valid legal process or that would otherwise have the potential to be inconsistent with our users’ reasonable expectations of privacy.” But that policy is very much open to interpretation, because police don’t usually need legal orders to search public social media…

Some police departments have acknowledged that fuzziness around privacy laws puts the onus on them to police their own officers. The Dunwoody, Georgia police department requires supervisor approval for social media searches. They explain that this is to prevent targeting “particular groups” of people. According to the article, how this issue unfolds is largely up to police departments and social media giants like Twitter and Facebook to decide. But social media has been around for over a decade. Where are the laws defining and protecting our privacy?

Chelsea Kerwin, October 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

NSA Aftermath in Germany

October 19, 2016

When it was revealed not too long ago that the United States was actively spying on Germany, the country decided it was time to investigate.  Netzpolitik wrote an update on Germany’s investigation in “Snowden’s Legacy: Hearing In The Parliament Committee.”  The German parliament launched a committee to head the investigation, which included many hearings.  At recent hearing in Germany, five USA experts spoke to the committee, including ACLU technologist Charles Soghoian, Watson Institute’s Timothy H. Edgar, ACLU attorney Ashley Gorski, Open Society Foundation senior advisor Morton H. Halperin, and US Access Now policy manager Amie Stepanovich.

The experts met with the committee as a way to ease tensions between the US and Germany, but also share their knowledge about legal issues related to surveillance and individual’s privacy rights.  The overall agreement was that current legal framework for handling these issues is outdated and needs to be revamped.  There should not be a difference between technical and legal protection when it comes to privacy.  As for surveillance and anonymity, there currently is not a legal checks and balances system to rein in intelligence organizations’ power.  The bigger problem is not governmental spying, but how the tools are used:

Nevertheless, Christopher Soghoian noted that the real scandal was not that government agencies were spying on their people, but that technology was so poorly secured that it could have been exploited. Historically, encryption and security have had a very low priority for big Internet companies like Google. Snowden turned the discussion upside-down, his disclosures radicalised the very people who design the software the NSA had privately exploited. Therefore, the most important post-Snowden changes were not made in Government hallways but in the technological community, according to Soghoian.

German surveillance technology manufacturers Gamma Group and Trovicor were also mentioned.  As the committee was investigating how the NSA violated Germany’s civil rights, of course, a reference was made to the World Wars.  What we can pull from this meeting is we need change and technology needs to beef up its security capabilities.

Whitney Grace, October 19, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

For the Paranoid at Heart: New Privacy Concerns from Columbia University and Google

September 23, 2016

The article on PhysOrg titled Location Data on Two Apps Enough to Identify Someone, Says Study illustrates the inadequacy of deleting names and personal details from big data sets. Location metadata undermines the anonymity of this data. Researchers at Columbia University and Google teamed up to establish that individuals can easily be identified simply by comparing their movements across two data sets. The article states,

What this really shows is that simply removing identifying information from large-scale data sets is not sufficient,” said Yves-Alexandre de Montjoye, a research scientist at the MIT Media Lab who was not involved in the study. “We need to move to a model of privacy-through-security. Instead of anonymizing data and making it public, there should be technical controls over who gets access to the data, how it is used, and for what purpose.

Just by bringing your phone with you, (and who doesn’t?) you create vast amounts of location metadata about yourself, often without your knowledge. As more and more apps require you to offer your location, it becomes less difficult for various companies to access the data. If you are interested in exploring how easy it is to figure out your identity based on your social media usage, visit You Are Where You Go.

Chelsea Kerwin, September 23, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/

 

Hundreds of Thousands of Patient Records Offered up on the Dark Web

September 19, 2016

Some of us suspected this was coming, despite many assurances to the contrary. Softpedia informs us, “Hacker Selling 651,894 Patient Records on the Dark Web.” Haughtily going by the handle TheDarkOverlord, the hacker responsible is looking to make over seven hundred grand off the data. Reporter Catalin Cimpanu writes:

The hacker is selling the data on The Real Deal marketplace, and he [or she] says he breached these companies using an RDP (Remote Desktop Protocol) bug. TheDarkOverlord has told DeepDotWeb, who first spotted the ads, that it’s ‘a very particular bug. The conditions have to be very precise for it.’ He has also provided a series of screenshots as proof, showing him accessing the hacked systems via a Remote Desktop connection. The hacker also recalls that, before putting the data on the Dark Web, he contacted the companies and informed them of their problems, offering to disclose the bug for a price, in a tactic known as bug poaching. Obviously, all three companies declined, so here we are, with their data available on the Dark Web. TheDarkOverlord says that all databases are a one-time sale, meaning only one buyer can get their hands on the stolen data.

The three databases contain information on patients in Farmington, Missouri; Atlanta, Georgia; and the Central and Midwest areas of the U.S. TheDarkOverloard asserts that the data includes details like contact information, Social Security numbers, and personal facts like gender and race. The collection does not, apparently, include medical history. I suppose that is a relief—for now.

Cynthia Murrell, September 19, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/

 

Is Google Biotech Team Overreaching?

September 9, 2016

Science reality is often inspired by science fiction, and Google’s biotech research division, Verily Life Sciences, is no exception. Business Insider posts, “‘Silicon Valley Arrogance’? Google Misfires as It Strives to Turn Star Trek Fiction Into Reality.” The “Star Trek” reference points to Verily’s Tricorder project, announced three years ago, which set out to create a cancer-early-detection device. Sadly, that hopeful venture may be sputtering out. STAT reporter Charles Piller writes:

Recently departed employees said the prototype didn’t work as hoped, and the Tricorder project is floundering. Tricorder is not the only misfire for Google’s ambitious and extravagantly funded biotech venture, now named Verily Life Sciences. It has announced three signature projects meant to transform medicine, and a STAT examination found that all of them are plagued by serious, if not fatal, scientific shortcomings, even as Verily has vigorously promoted their promise.

Piller cites two projects, besides the Tricorder, that underwhelm. We’re told that independent experts are dubious about the development of a smart contact lens that can detect glucose levels for diabetics. Then there is the very expensive Baseline study—an attempt to define what it means to be healthy and to catch diseases earlier—which critics call “lofty” and “far-fetched.” Not surprisingly, Google being Google, there are also some privacy concerns being raised about the data being collected to feed the study.

There are several criticisms and specific examples in the lengthy article, and interested readers should check it out. There seems to be one central notion, though— that Verily Live Sciences is attempting to approach the human body like a computer when medicine is much, much more complicated than that. The impressive roster of medical researchers on the team seems to provide little solace to critics. The write-up relates:

It’s axiomatic in Silicon Valley’s tech companies that if the math and the coding can be done, the product can be made. But seven former Verily employees said the company’s leadership often seems not to grasp the reality that biology can be more complex and less predictable than computers. They said Conrad, who has a PhD in anatomy and cell biology, applies the confident impatience of computer engineering, along with extravagant hype, to biotech ideas that demand rigorous peer review and years or decades of painstaking work.

Are former employees the most objective source? I suspect ex-Googlers and third-party scientists are underestimating Google. The company has a history of reaching the moon by shooting for the stars, and for enduring a few failures as a price of success. I would not be surprised to see Google emerge on top of the biotech field. (As sci fi fans know, biotech is the medicine of the future. You’ll see.) The real question is how the company will treat privacy, data rights, and patient safety along the way.

Cynthia Murrell, September 9, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/

Next Page »