Honkin' News banner

Another Day Another Possible Data Breach

August 19, 2016

Has the next Ashley Madison incident happened? International Business Times reports on breached information that has surfaced on the Dark Web. The article, Fling.com breach: Passwords and sexual preferences of 40 million users up for sale on dark web, sheds some light on what happened in the alleged 40 million records posted on the The Real Deal marketplace. One source claims the leaked data was old information. Another source reports a victim who says they never had an account with Fling.com. The article states,

“The leak is the latest in a long line of dating websites being targeted by hackers and follows similar incidents at Ashley Madison, Mate1BeautifulPeople and Adult Friend Finder. In each of these cases, hundreds of thousands – if not millions – of sensitive records were compromised. While in the case of Ashley Madison alone, the release of information had severe consequences – including blackmail attempts, high-profile resignations, and even suicide. Despite claims the data is five years old, any users of Fling.com are now advised to change their passwords in order to stay safe from future account exploitation.”

Many are asking about the facts related to this data breach on the Dark Web — when it happened and if the records are accurate. We’re not sure if it’s true, but it is sensational. The interesting aspect of this story is in the terms of service for Fling.com. The article reveals Fling.com is released from any liability related to users’ information.

 

Megan Feil, August 19, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

There is a Louisville, Kentucky Hidden /Dark Web meet up on August 23, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233019199/

 

Content Cannot Be Searched If It Is Not There

August 16, 2016

Google Europe is already dealing with a slew of “right to be forgotten” requests, but Twitter had its own recent fight with deletion related issue.  TechCrunch shares the story about “Deleted Tweet Archive PostGhost Shut Down After Twitter Cease And Desist” order.  PostGhost was a Web site that archived tweets from famous public figures.  PostGhost gained its own fame for recording deleted tweets.

The idea behind PostGhost was to allow a transparent and accurate record.  The Library of Congress already does something similar as it archives every Tweet.  Twitter, however, did not like PostGhost and sent them a cease and desist threatening to remove their API access.  Apparently,Google it is illegal to post deleted tweets, something that evolved from the European “right to be forgotten” laws.

So is PostGhost or Twitter wrong?

“There are two schools of thought when something like this happens. The first is that it’s Twitter’s prerogative to censor anything and all the things. It’s their sandbox and we just play in it.  The second school of thought says that Twitter is free-riding on our time and attention and in exchange for that they should work with their readers and users in a sane way.”

Twitter is a platform for a small percentage of users, the famous and public figures, who instantly have access to millions of people when they voice their thoughts.  When these figures put their thoughts on the Internet it has more meaning than the average tweet.  Other Web sites do the same, but it looks like public figures are exempt from this rule.  Why?  I am guessing money is exchanging hands.

 

Whitney Grace, August 16, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

There is a Louisville, Kentucky Hidden /Dark Web meet up on August 23, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233019199/

The Reach of Cyber Threat Intelligence Companies

August 10, 2016

The social media monitoring complex appears to be gaining a follower. LittleSis News shared an article highlighting their investigative findings, You are being followed: The business of social media surveillance. This post not only reveals the technology companies engaged in surveillance and developing tools for surveillance, those at LittleSis News also filed freedom of information requests to twenty police departments about their social media monitoring. The article concludes with,

“Because social media incites within us a compulsion to share our thoughts, even potentially illegal ones, law enforcement sees it as a tool to preempt behavior that appears threatening to the status quo. We caught a glimpse of where this road could take us in Michigan, where the local news recently reported that a man calling for civil unrest on Facebook because of the Flint water crisis was nearly the target of a criminal investigation. At its worst, social media monitoring could create classes of “pre-criminals” apprehended before they commit crimes if police and prosecutors are able to argue that social media postings forecast intent. This is the predictive business model to which Geofeedia CEO Phil Harris aspires.”

In addition to Geofeedia, the other cyber threat intelligence companies listed are: BrightPlanet, ZeroFOX, Intrado, LifeRaft, Magnet Forensics, Media Sonar Technologies, Signal Corporation Limited. These companies specialize in everything from analyzing deep web content to digital forensics software. Ultimately data is their specialty, not people. These technologies and their applications will undoubtedly stir up questions about the relationship between people, the data they produce on social media, and state actors.

 

Megan Feil, August 10, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

There is a Louisville, Kentucky Hidden/Dark Web meet up on August 23, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233019199/

 

Technology: The New Dr. Evil in the Digital Dark Age

August 9, 2016

When I ride my mule down the streets of Harrod’s Creek, I marvel at the young folks who walk while playing with their mobile phones. Heading home after buying oats for Melissa, I look forward to my kerosene lamps.

Technology does not frighten me. I find technology and the whiz kids amusing. I read “Technology Is Now Pop Culture’s Favorite Enemy.” Goodness. I find gizmos and bits fun. The write up suggests that fun loving, top one percenters in education and wealth are finding themselves at the wrong end of a varmint trap.

I find it interesting that technology, which some folks in big cities believe is the way out of a gloomy tunnel, is maybe not flowers, butterflies, and rainbows. (The unicorns have taken to the woods it seems. No unicorns at the moment.)

I learned:

The ubiquitous nature of futuristic technology has lead to an exponential increase in our distrust of each other and the products we use, but most interesting, has taken away some of the blame from government bodies and corporations. We no longer fear agency bodies as much as we fear the physical technology they use.

That seems harsh. I like the phrase, “We’re from the government and here to help you.” Don’t you?

The write up adds a philosophical note:

Despite us being more savvy of how to use social media or despite us having a better understanding of how computers work in general, most of us still aren’t fluent in how it all fits together. We give so much of ourselves over to our devices, and we don’t ask for much in return. When we give something that inanimate that much control over us, it’s terrifying to think that we’re willingly giving up our freedom.

Let’s think about technology in terms of public Web search. One plugs a query into a system. The system returns a list of results; that is, suggestions where information related to the query may be found.

But what is happening is that the person reviewing the outputs does not have to ask, “Are these results accurate? Are they advertising? Are they comprehensive?” There is another question as well, “Is the information objective?” And what about, “Is the information accurate; that is, verifiable?”

The search systems perform another magic trick. The user becomes a content input. This means that the person with access to the queries as a group or the query subset related to a particular individual has new information. In my experience, knowledge is power, and the folks using the search system do not generally have access to this information.

Asymmetry results. The technology outfits offering service have more information than the users. Search does more to illuminate the dark corners of those using the search system than the results of a search illuminate the user’s mind.

Without the inclination to figure out what’s valid and what’s not or lacking the expertise to perform this type of search results vetting, the users become the used.

That sounds philosophical but there is a practical value to the observation. Without access and capability, the information presented becomes a strong influence on how one thinks, views facts, and has behavior influenced.

My thought is, “Welcome to the medieval world.” It is good to be a king or a queen. To be an information peasant is the opposite.

Giddy up, Melissa. Time to be heading back to the digital hollow to think about the new digital Dr. Evil.

Stephen E Arnold, August 9, 2016

Jurors for Google v. Oracle Case Exposed to Major Privacy Violation Potential

August 1, 2016

The article titled Judge Doesn’t Want Google to Google the Favorite Books and Songs of Potential Jurors on Billboard provides some context into the difficulties of putting Google on trial. Oracle is currently suing Google for copyright violations involving a Java API code. The federal judge presiding over the case, William Alsup, is trying to figure out how to protect the privacy of the jurors from both parties—but mostly Google. The article quotes from Alsup,

“For example, if a search found that a juror’s favorite book is To Kill A Mockingbird, it wouldn’t be hard for counsel to construct a copyright jury argument (or a line of expert questions) based on an analogy to that work and to play upon the recent death of Harper Lee, all in an effort to ingratiate himself or herself into the heartstrings of that juror,” he writes. ” The same could be done… with any number of other juror attitudes…”

Alsup considered a straightforward ban on researching jurors, but this would put both sides’ attorneys at a disadvantage. Instead, Google and Oracle have until the end of the month to either consent to a voluntary ban, or agree to clearly inform the jurors of their intentions regarding social media research.

 

Chelsea Kerwin, August 1, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Environmental Big Data Applied to Sustainable Health Purchasing

July 29, 2016

The US healthcare system has some of the best medical procedures and practices in the world, but the governing system is a violent mess.  One aspect tangled in the nightmare is purchasing.  Wharton University explains how big data can improve sustainability in everything in purchasing in everything from drugs to cleaning supplies: “The Four A’s: Turning Big Data Into Useful Information.”

The health care system is one of the biggest participants in group purchasing organizations (GPOs).  One significant downplayed feature that all GPOs share is its green product usage.  GPOs rely on using green products to cut back on waste and cost (in some cases), however, they could do more if they had access to environmental big data.  It helps the immediate bottom line, but it does more for the future:

“Longer term, it makes good business sense for hospitals and clinics, which spend so much battling environmentally caused illnesses, to reduce, and where possible eliminate, the chemicals and other pollutants that are damaging their patients’ health. That is precisely why Premier’s GreenHealthy program is eager to move beyond price alone and take EPP into consideration. ‘Price doesn’t give us the whole story,’ said [Kevin Lewis, national program coordinator for the GreenHealthy division of Premier Inc]. ‘Our prime concern is making our patients safer.’”

Individual health service providers, however, do not have access to certain healthcare metrics and data, unless they ask for it from manufacturers/supplies.  Even worse is that the health metrics data is often outdated.

The GPOs and the health providers could work together to exchange information to keep all data along the supply chain updated.  It would create a sustainability chain that would benefit the environment and the bottom line.

 

Whitney Grace, July 29, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Rare Sighting in Silicon Valley: A Unicorn

July 8, 2016

Unicorns are mythical creatures with a whole slew of folklore surrounding them, but in modern language the horned beast has been used as a metaphor for a rare occurrence.  North Korea once said that Kim Jong Un spotted a unicorn from their despotic controlled media service, but Fortune tells us that a unicorn was spotted in California’s Silicon Valley: “The SEC Wants Unicorns To Stop Bragging About Their Valuations”.

Unicorns in the tech world are Silicon Valley companies valued at more than one billion.  In some folklore, unicorns are vain creatures and love to be admired, the same can be said about Silicon Valley companies and startups as they brag about their honesty with their investors.  Mary Jo White of the SEC said she wanted them to stop blowing the hot air.

“ ‘The concern is whether the prestige associated with reaching a sky-high valuation fast drives companies to try to appear more valuable than they actually are,’ she said.”

Unlike publicly traded companies, the SEC cannot regulate private unicorns, but they still value protecting investors and facilitating capital formation.  Silicon Valley unicorns have secondary markets forming around their pre-IPO status.  The status they retain before they are traded on the public market.  The secondary market uses derivative contracts, which can contribute to misconceptions about their value.  White wants the unicorns to realize they need to protect their investors once they go public with better structures and controls for their daily operations.

Another fact from unicorn folklore is that unicorns are recognized as symbols of truth.  So while the braggart metaphor is accurate, the truthful aspect is not.

 

Whitney Grace,  July 8 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Publicly Available Information Is Considered Leaked When on Dark Web

July 7, 2016

What happens when publicly available informed is leaked to the Dark Web? This happened recently with staff contact information from the University of Liverpool according to an article, Five secrets about the Dark Web you didn’t know from CloudPro. This piece speaks to perception that the Dark Web is a risky place for even already publicly available information. The author reports on how the information was compromised,

“A spokeswoman said: “We detected an automated cyber-attack on one of our departmental online booking systems, which resulted in publically available data – surname, email, and business telephone numbers – being released on the internet. We take the security of all university-related data very seriously and routinely test our systems to ensure that all data is protected effectively. We supported the Regional Organised Crime Unit (TITAN) in their investigations into this issue and reported the case to the Information Commissioner’s Office.”

Data security only continues to grow in importance and as a concern for large enterprises and organizations. This incident is an interesting case to be reported, and it was the only story we had not seen published again and again, as it illustrates the public perception of the Dark Web being a playing ground for illicit activity. It brings up the question about what online landscapes are considered public versus private.

 

Megan Feil, July 7, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Hacking Team Cannot Sell Spyware

June 27, 2016

I do not like spyware.  Once it is downloaded onto your computer, it is a pain to delete and it even steals personal information.  I think it should be illegal to make, but some good comes from spyware if it is in the right hands (ideally).  Some companies make and sell spyware to government agencies.  One of them is the Hacking Team and they recently had some bad news said Naked Security, “Hacking Team Loses Global License To Sell Spyware.”

You might remember Hacking Team from 2015, when its systems were hacked and 500 gigs of internal, files, emails, and product source code were posted online.  The security company has spent the past year trying to repair its reputation, but the Italian Ministry of Economic Development dealt them another blow.  The ministry revoked Hacking Team’s “global authorization” to sell its Remote Control System spyware suite to forty-six countries.  Hacking Team can still sell within the European Union and expects to receive approval to sell outside the EU.

“MISE told Motherboard that it was aware that in 2015 Hacking Team had exported its products to Malaysia, Egypt, Thailand, Kazakhstan, Vietnam, Lebanon and Brazil.

The ministry explained that “in light of changed political situations” in “one of” those countries, MISE and the Italian Foreign Affairs, Interior and Defense ministries decided Hacking Team would require “specific individual authorization.”  Hacking Team maintains that it does not sell its spyware to governments or government agencies where there is “objective evidence or credible concerns” of human rights violations.”

Hacking Team said if they suspect that any of their products were used to caused harm, they immediately suspend support if customers violate the contract terms.   Privacy International does not believe that Hacking Team’s self-regulation is enough.

It points to the old argument that software is a tool and humans cause the problems.

 

Whitney Grace, June 27, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Banks as New Dark Web Educators

June 15, 2016

The Dark Web and deep web can often get misidentified and confused by readers. To take a step back, Trans Union’s blog offers a brief read called, The Dark Web & Your Data: Facts to Know, that helpfully addresses some basic information on these topics. First, a definition of the Dark Web: sites accessible only when a physical computer’s unique IP address is hidden on multiple levels. Specific software is needed to access the Dark Web because that software is needed to encrypt the machine’s IP address. The article continues,

“Certain software programs allow the IP address to be hidden, which provides anonymity as to where, or by whom, the site is hosted. The anonymous nature of the dark web makes it a haven for online criminals selling illegal products and services, as well as a marketplace for stolen data. The dark web is often confused with the “deep web,” the latter of which makes up about 90 percent of the Internet. The deep web consists of sites not reachable by standard search engines, including encrypted networks or password-protected sites like email accounts. The dark web also exists within this space and accounts for approximately less than 1 percent of web content.”

For those not reading news about the Dark Web every day, this seems like a fine piece to help brush up on cybersecurity concerns relevant at the individual user level. Trans Union is on the pulse in educating their clients as banks are an evergreen target for cybercrime and security breaches. It seems the message from this posting to clients can be interpreted as one of the “good luck” variety.

 

Megan Feil, June 15, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Next Page »