NSA Aftermath in Germany

October 19, 2016

When it was revealed not too long ago that the United States was actively spying on Germany, the country decided it was time to investigate.  Netzpolitik wrote an update on Germany’s investigation in “Snowden’s Legacy: Hearing In The Parliament Committee.”  The German parliament launched a committee to head the investigation, which included many hearings.  At recent hearing in Germany, five USA experts spoke to the committee, including ACLU technologist Charles Soghoian, Watson Institute’s Timothy H. Edgar, ACLU attorney Ashley Gorski, Open Society Foundation senior advisor Morton H. Halperin, and US Access Now policy manager Amie Stepanovich.

The experts met with the committee as a way to ease tensions between the US and Germany, but also share their knowledge about legal issues related to surveillance and individual’s privacy rights.  The overall agreement was that current legal framework for handling these issues is outdated and needs to be revamped.  There should not be a difference between technical and legal protection when it comes to privacy.  As for surveillance and anonymity, there currently is not a legal checks and balances system to rein in intelligence organizations’ power.  The bigger problem is not governmental spying, but how the tools are used:

Nevertheless, Christopher Soghoian noted that the real scandal was not that government agencies were spying on their people, but that technology was so poorly secured that it could have been exploited. Historically, encryption and security have had a very low priority for big Internet companies like Google. Snowden turned the discussion upside-down, his disclosures radicalised the very people who design the software the NSA had privately exploited. Therefore, the most important post-Snowden changes were not made in Government hallways but in the technological community, according to Soghoian.

German surveillance technology manufacturers Gamma Group and Trovicor were also mentioned.  As the committee was investigating how the NSA violated Germany’s civil rights, of course, a reference was made to the World Wars.  What we can pull from this meeting is we need change and technology needs to beef up its security capabilities.

Whitney Grace, October 19, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

For the Paranoid at Heart: New Privacy Concerns from Columbia University and Google

September 23, 2016

The article on PhysOrg titled Location Data on Two Apps Enough to Identify Someone, Says Study illustrates the inadequacy of deleting names and personal details from big data sets. Location metadata undermines the anonymity of this data. Researchers at Columbia University and Google teamed up to establish that individuals can easily be identified simply by comparing their movements across two data sets. The article states,

What this really shows is that simply removing identifying information from large-scale data sets is not sufficient,” said Yves-Alexandre de Montjoye, a research scientist at the MIT Media Lab who was not involved in the study. “We need to move to a model of privacy-through-security. Instead of anonymizing data and making it public, there should be technical controls over who gets access to the data, how it is used, and for what purpose.

Just by bringing your phone with you, (and who doesn’t?) you create vast amounts of location metadata about yourself, often without your knowledge. As more and more apps require you to offer your location, it becomes less difficult for various companies to access the data. If you are interested in exploring how easy it is to figure out your identity based on your social media usage, visit You Are Where You Go.

Chelsea Kerwin, September 23, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/


Hundreds of Thousands of Patient Records Offered up on the Dark Web

September 19, 2016

Some of us suspected this was coming, despite many assurances to the contrary. Softpedia informs us, “Hacker Selling 651,894 Patient Records on the Dark Web.” Haughtily going by the handle TheDarkOverlord, the hacker responsible is looking to make over seven hundred grand off the data. Reporter Catalin Cimpanu writes:

The hacker is selling the data on The Real Deal marketplace, and he [or she] says he breached these companies using an RDP (Remote Desktop Protocol) bug. TheDarkOverlord has told DeepDotWeb, who first spotted the ads, that it’s ‘a very particular bug. The conditions have to be very precise for it.’ He has also provided a series of screenshots as proof, showing him accessing the hacked systems via a Remote Desktop connection. The hacker also recalls that, before putting the data on the Dark Web, he contacted the companies and informed them of their problems, offering to disclose the bug for a price, in a tactic known as bug poaching. Obviously, all three companies declined, so here we are, with their data available on the Dark Web. TheDarkOverlord says that all databases are a one-time sale, meaning only one buyer can get their hands on the stolen data.

The three databases contain information on patients in Farmington, Missouri; Atlanta, Georgia; and the Central and Midwest areas of the U.S. TheDarkOverloard asserts that the data includes details like contact information, Social Security numbers, and personal facts like gender and race. The collection does not, apparently, include medical history. I suppose that is a relief—for now.

Cynthia Murrell, September 19, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/


Is Google Biotech Team Overreaching?

September 9, 2016

Science reality is often inspired by science fiction, and Google’s biotech research division, Verily Life Sciences, is no exception. Business Insider posts, “‘Silicon Valley Arrogance’? Google Misfires as It Strives to Turn Star Trek Fiction Into Reality.” The “Star Trek” reference points to Verily’s Tricorder project, announced three years ago, which set out to create a cancer-early-detection device. Sadly, that hopeful venture may be sputtering out. STAT reporter Charles Piller writes:

Recently departed employees said the prototype didn’t work as hoped, and the Tricorder project is floundering. Tricorder is not the only misfire for Google’s ambitious and extravagantly funded biotech venture, now named Verily Life Sciences. It has announced three signature projects meant to transform medicine, and a STAT examination found that all of them are plagued by serious, if not fatal, scientific shortcomings, even as Verily has vigorously promoted their promise.

Piller cites two projects, besides the Tricorder, that underwhelm. We’re told that independent experts are dubious about the development of a smart contact lens that can detect glucose levels for diabetics. Then there is the very expensive Baseline study—an attempt to define what it means to be healthy and to catch diseases earlier—which critics call “lofty” and “far-fetched.” Not surprisingly, Google being Google, there are also some privacy concerns being raised about the data being collected to feed the study.

There are several criticisms and specific examples in the lengthy article, and interested readers should check it out. There seems to be one central notion, though— that Verily Live Sciences is attempting to approach the human body like a computer when medicine is much, much more complicated than that. The impressive roster of medical researchers on the team seems to provide little solace to critics. The write-up relates:

It’s axiomatic in Silicon Valley’s tech companies that if the math and the coding can be done, the product can be made. But seven former Verily employees said the company’s leadership often seems not to grasp the reality that biology can be more complex and less predictable than computers. They said Conrad, who has a PhD in anatomy and cell biology, applies the confident impatience of computer engineering, along with extravagant hype, to biotech ideas that demand rigorous peer review and years or decades of painstaking work.

Are former employees the most objective source? I suspect ex-Googlers and third-party scientists are underestimating Google. The company has a history of reaching the moon by shooting for the stars, and for enduring a few failures as a price of success. I would not be surprised to see Google emerge on top of the biotech field. (As sci fi fans know, biotech is the medicine of the future. You’ll see.) The real question is how the company will treat privacy, data rights, and patient safety along the way.

Cynthia Murrell, September 9, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/

Big Data Processing Is Relative to Paradigm of Today

September 7, 2016

The size and volume that characterizes an information set as big data — and the tools used to process — is relative to the current era. A story from NPR reminds us of this as they ask, Can Web Search Predict Cancer? Promise And Worry Of Big Data And Health. In 1600’s England, a statistician essentially founded demography by compiling details of death records into tables. Today, trends from big data are drawn through a combination of assistance from computer technology and people’s analytical skills. Microsoft scientists conducted a study showing that Bing search queries may hold clues to a future diagnosis of pancreatic cancer.

The Microsoft scientists themselves acknowledge this [lack of comprehensive knowledge and predictive abilities] in the study. “Clinical trials are necessary to understand whether our learned model has practical utility, including in combination with other screening methods,” they write. Therein lies the crux of this big data future: It’s a logical progression for the modern hyper-connected world, but one that will continue to require the solid grounding of a traditional health professional, to steer data toward usefulness, to avoid unwarranted anxiety or even unnecessary testing, and to zero in on actual causes, not just correlations within particular health trends.”

As the producers of data points in many social-related data sets, and as the original analyzers of big data, it makes sense that people remain a key part of big data analytics. While this may be especially pertinent in matters related to health, it may be more intuitively understood in this sector in contrast to others. Whether health or another sector, can the human variable ever be taken out of the data equation? Perhaps such a world will give rise to whatever is beyond the current buzz around the phrase big data.

Megan Feil, September 7, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/

Social Media Snooping Site Emerges for Landlord and Employers

September 2, 2016

The promise of unlocking the insights in big data is one that many search and analytics companies make. CNet shares the scoop on a new company: Disturbing new site scrapes your private Facebook and informs landlords, employers. Their website is Score Assured and it provides a service as an intermediary between your social media accounts and your landlord. Through scanning every word you have typed on Facebook, Twitter, LinkedIn or even Tinder, this service will then filter all the words through a neuro-linguistic programming tool to provide a report on your reputation. We learned,

There’s no reason to believe that Score Assured’s “analysis” will offer in any way an accurate portrayal of who you are or your financial wherewithal. States across the country are already preparing or enacting legislation to ensure that potential employers have no right to ask for your password to Facebook or other social media. In Washington, for example, it’s illegal for an employer to ask for your password. Score Assured offers landlords and employers (the employer service isn’t live yet) the chance to ask for such passwords slightly more indirectly. Psychologically, the company is preying on a weakness humans have been displaying for some time now: the willingness to give up their privacy to get something they think they really want.

Scraping and finding tools are not new, but could this application be any more 2016? The author of this piece is onto the zeitgeist of “I’ve got nothing to hide.” Consequently, data — even social data — becomes a commodity. Users’ willingness to consent is the sociologically interesting piece here. It remains to be seen whether the data mining technology is anything special.

Megan Feil, September 2, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Intuitive Interfaces Matter on Dark Web Sites Too

September 1, 2016

Did you know some sites on the Dark Web have a sleek look and intuitive user experience?  VeriClouds published this information, including screenshots and more in a piece called Dark Web: Sophisticated eCommerce platform trading in your personal information. Channels for cybercriminals allow users to search for Dark Web commodities such as personal or sensitive information by: category, product type, price, sale type, location and shipping options. Mirroring the processes and policies of traditional retail, some sellers also have refund options. The article states:

Platforms like these are so much more than just rudimentary command line setups or chat rooms. They offer many of the same features as online stores like Amazon or Ebay with vendor ratings, buyer feedback, detailed search options and facilitated transaction and delivery services. Collections of data are presented with detailed descriptions (similar to an ecommerce product pages), and some even provide tutorials on how to best utilize that data to scam victims.

On one level, this report shows us how much an intuitive user experience has become the expectation, not an added bonus — anywhere on the web. Related to this heightened expectation for even intangible “things” to have an effective look and feel, we are reminded this is the information age. As information is a commodity, it is no surprise to see the rise in cyber theft of such invisible goods on the Dark Web or otherwise. For example, as the article mentioned, last year’s estimate by the Federal Trade Commission showed 9.9 million victims of identity theft.

Megan Feil, September 1, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Google Enables Users to Delete Search History, Piece by Piece

August 31, 2016

The article on CIO titled Google Quietly Brings Forgetting to the U.S. draws attention to Google have enabled Americans to view and edit their search history. Simply visit My Activity and login to witness the mind-boggling amount of data Google has collected in your search career. To delete, all you have to do is complete two clicks. But the article points out that to delete a lot of searches, you will need an afternoon dedicated to cleaning up your history. And afterward you might find that your searches are less customized, as are your ads and autofills. But the article emphasizes a more communal concern,

There’s something else to consider here, though, and this has societal implications. Google’s forget policy has some key right-to-know overlaps with its takedown policy. The takedown policy allows people to request that stories about or images of them be removed from the database. The forget policy allows the user to decide on his own to delete something…I like being able to edit my history, but I am painfully aware that allowing the worst among us to do the same can have undesired consequences.

Of course, by “the worse among us” he means terrorists. But for many people, the right to privacy is more important than the hypothetical ways that terrorists will potentially suffer within a more totalitarian, Big Brother state. Indeed, Google’s claim that the search history information is entirely private is already suspect. If Google personnel or Google partners can see this data, doesn’t that mean it is no longer private?

Chelsea Kerwin, August 31, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Another Day Another Possible Data Breach

August 19, 2016

Has the next Ashley Madison incident happened? International Business Times reports on breached information that has surfaced on the Dark Web. The article, Fling.com breach: Passwords and sexual preferences of 40 million users up for sale on dark web, sheds some light on what happened in the alleged 40 million records posted on the The Real Deal marketplace. One source claims the leaked data was old information. Another source reports a victim who says they never had an account with Fling.com. The article states,

“The leak is the latest in a long line of dating websites being targeted by hackers and follows similar incidents at Ashley Madison, Mate1BeautifulPeople and Adult Friend Finder. In each of these cases, hundreds of thousands – if not millions – of sensitive records were compromised. While in the case of Ashley Madison alone, the release of information had severe consequences – including blackmail attempts, high-profile resignations, and even suicide. Despite claims the data is five years old, any users of Fling.com are now advised to change their passwords in order to stay safe from future account exploitation.”

Many are asking about the facts related to this data breach on the Dark Web — when it happened and if the records are accurate. We’re not sure if it’s true, but it is sensational. The interesting aspect of this story is in the terms of service for Fling.com. The article reveals Fling.com is released from any liability related to users’ information.


Megan Feil, August 19, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

There is a Louisville, Kentucky Hidden /Dark Web meet up on August 23, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233019199/


Content Cannot Be Searched If It Is Not There

August 16, 2016

Google Europe is already dealing with a slew of “right to be forgotten” requests, but Twitter had its own recent fight with deletion related issue.  TechCrunch shares the story about “Deleted Tweet Archive PostGhost Shut Down After Twitter Cease And Desist” order.  PostGhost was a Web site that archived tweets from famous public figures.  PostGhost gained its own fame for recording deleted tweets.

The idea behind PostGhost was to allow a transparent and accurate record.  The Library of Congress already does something similar as it archives every Tweet.  Twitter, however, did not like PostGhost and sent them a cease and desist threatening to remove their API access.  Apparently,Google it is illegal to post deleted tweets, something that evolved from the European “right to be forgotten” laws.

So is PostGhost or Twitter wrong?

“There are two schools of thought when something like this happens. The first is that it’s Twitter’s prerogative to censor anything and all the things. It’s their sandbox and we just play in it.  The second school of thought says that Twitter is free-riding on our time and attention and in exchange for that they should work with their readers and users in a sane way.”

Twitter is a platform for a small percentage of users, the famous and public figures, who instantly have access to millions of people when they voice their thoughts.  When these figures put their thoughts on the Internet it has more meaning than the average tweet.  Other Web sites do the same, but it looks like public figures are exempt from this rule.  Why?  I am guessing money is exchanging hands.


Whitney Grace, August 16, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

There is a Louisville, Kentucky Hidden /Dark Web meet up on August 23, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233019199/

Next Page »