A Dark Web Spider for Proactive Protection
April 29, 2016
There is a new tool for organizations to more quickly detect whether their sensitive data has been hacked. The Atlantic discusses “The Spider that Crawls the Dark Web Looking for Stolen Data.” Until now, it was often many moons before an organization realized it had been hacked. Matchlight, from Terbium Labs, offers a more proactive approach. The service combs the corners of the Dark Web looking for the “fingerprints” of its clients’ information. Writer Kevah Waddell reveals how it is done:
“Once Matchlight has an index of what’s being traded on the Internet, it needs to compare it against its clients’ data. But instead of keeping a database of sensitive and private client information to compare against, Terbium uses cryptographic hashes to find stolen data.
“Hashes are functions that create an effectively unique fingerprint based on a file or a message. They’re particularly useful here because they only work in one direction: You can’t figure out what the original input was just by looking at a fingerprint. So clients can use hashing to create fingerprints of their sensitive data, and send them on to Terbium; Terbium then uses the same hash function on the data its web crawler comes across. If anything matches, the red flag goes up. Rogers says the program can find matches in a matter of minutes after a dataset is posted.”
What an organization does with this information is, of course, up to them; but whatever the response, now they can implement it much sooner than if they had not used Matchlight. Terbium CEO Danny Rogers reports that, each day, his company sends out several thousand alerts to their clients. Founded in 2013, Terbium Labs is based in Baltimore, Maryland. As of this writing, they are looking to hire a software engineer and an analyst, in case anyone here is interested.
Cynthia Murrell, April 29, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Duck Duck Go as a Privacy Conscious Google Alternative
April 26, 2016
Those frustrated with Google may have an alternative. Going over to the duck side: A week with Duck Duck Go from Search Engine Watch shares a thorough first-hand account of using Duck Duck Go for a week. User privacy protection seems to be the hallmark of the search service and there is even an option to enable Tor in its mobile app. Features are comparable, such as one designed to compete with Google’s Knowledge Graph called Instant Answers. As an open source product, Instant Answers is built up by community contributions. As far as seamless, intuitive search, the post concludes,
“The question is, am I indignant enough about Google’s knowledge of my browsing habits (and everyone else’s that feed its all-knowing algorithms) to trade the convenience of instantly finding what I’m after for that extra measure of privacy online? My assessment of DuckDuckGo after spending a week in the pond is that it’s a search engine for the long term. To get the most out of using it, you have to make a conscious change in your online habits, rather than just expecting to switch one search engine for another and get the same results.”
Will a majority of users replace “Googling” with “Ducking” anytime soon? Time will tell, and it will be an interesting saga to see unfold. I suppose we could track the evolution on Knowledge Graph and Instant Answers to see the competing narratives unfold.
Megan Feil, April 26, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The Dark Web Cuts the Violence
March 23, 2016
Drug dealing is a shady business that takes place in a nefarious underground and runs discreetly under our noses. Along with drug dealing comes a variety of violence involving guns, criminal offenses, and often death. Countless people have lost their lives related to drug dealing, and that does not even include the people who overdosed. Would you believe that the drug dealing violence is being curbed by the Dark Web? TechDirt reveals, “How The Dark Net Is Making Drug Purchases Safer By Eliminating Associated Violence And Improving Quality.”
The Dark Web is the Internet’s underbelly, where stolen information and sex trafficking victims are sold, terrorists mingle, and, of course, drugs are peddled. Who would have thought that the Dark Web would actually provide a beneficial service to society by sending drug dealers online and taking them off the streets? With the drug dealers goes the associated violence. There also appears to be a system of checks and balances, where drug users can leave feedback a la eBay. It pushes the drug quality up as well, but is that a good or bad thing?
“The new report comes from the European Monitoring Centre for Drugs and Drug Addiction, which is funded by the European Union, and, as usual, is accompanied by an official comment from the relevant EU commissioner. Unfortunately, Dimitris Avramopoulos, the European Commissioner for Migration, Home Affairs and Citizenship, trots out the usual unthinking reaction to drug sales that has made the long-running and totally futile “war on drugs” one of the most destructive and counterproductive policies ever devised:
‘We should stop the abuse of the Internet by those wanting to turn it into a drug market. Technology is offering fresh opportunities for law enforcement to tackle online drug markets and reduce threats to public health. Let us seize these opportunities to attack the problem head-on and reduce drug supply online.’”
The war on drugs is a futile fight, but illegal substances do not benefit anyone. While it is a boon to society for the crime to be taken off the streets, take into consideration that the Dark Web is also a breeding ground for crimes arguably worse than drug dealing.
Whitney Grace, March 23, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Tails Increases Ease of Online Anonymity
March 17, 2016
The interest in browsing the internet anonymously does not appear to be fading. Softpedia recently posted Debian Makes It a Lot Easier for Users to Install the Tails Anonymous Live CD. Called the “amnesic incognito live system”, Tails is a GNU/Linux Live CD distribution which is based on the Debian operating system and allows your online activities to remain anonymous. Tails is driven by Tor and provides its users access to the anonymous Tor network. The article tells us,
Now, we all know how to write a Live ISO image on a USB key or a CD disc, right? But what you probably don’t know is that there’s an app for that, called Tails Installer, which the skilled Debian Privacy Tools maintainers team included in Debian repos. “The previous process for getting started with Tails was very complex and was problematic for less tech-savvy users,” developers explained. “It required starting Tails three times, and copying the full ISO image onto a USB stick twice before having a fully functional Tails USB stick with persistence enabled.”
As the article points out, Tails has a stamp of approval from Edward Snowden. It seems like before Debian, it would have been quite the stretch for many users to even consider adopting the use of Tails. However, using a Linux-based operating system, the pre-requisite for Tails, may also be a hurdle preventing wide-scale adoption. Time will tell.
Megan Feil, March 17, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Facebook Faces French Frippery
February 12, 2016
Facebook and its privacy and information policies are under scrutiny in France. Unlike the US and other countries, French regulators can be a frisky bunch. I recall an incident involving a certain Russian who operated in an interesting manner. If recollection serves, the French authorities kept pecking and pecking and finally chewed the feet off the alleged wrong doer. Persistence and institutional coordination are different in the land of more than 200 types of cheese.
“French Data Privacy Regulator Cracks down on Facebook” reports that the social media outfit has 90 days to “stop tracking non users’ Web activity without their consent.”
This begs the question, “Then what?”
Two things. France will cheerlead for actions against Facebook from its EC colleagues.
Plus the French bureaucracy, the outfit which “invented red tape,” will swing into action. This is often not a good thing. I recall a French born French citizen who had to display her great grandfather’s medal of honor to clear up a citizenship inquiry. The nifty part of this anecdote is that a letter from the president of France to her grandfather was not enough. The picture verified that the grandfather and the French president were shaking hands at the award ceremony. That’s bureaucratic attentiveness in action.
Facebook faces French friskiness in the institutional playground. At least, lunches are usually pretty good. That’s a benefit for the legal eagles who will flock to answer the “then what?” question.
Stephen E Arnold, February 12, 2016
Anonymity Not Always Secured for Tor and Dark Web Users
January 28, 2016
From the Washington Post comes an article pertinent to investigative security technologies called This is how the government is catching people who use child porn sites. This piece outlines the process used by the FBI to identify a Tor user’s identity, despite the anonymity Tor provides. The article explains how this occurred in one case unmasking the user Pewter,
“In order to uncover Pewter’s true identity and location, the FBI quietly turned to a technique more typically used by hackers. The agency, with a warrant, surreptitiously placed computer code, or malware, on all computers that logged into the Playpen site. When Pewter connected, the malware exploited a flaw in his browser, forcing his computer to reveal its true Internet protocol address. From there, a subpoena to Comcast yielded his real name and address.”
Some are concerned with privacy of the thousands of users whose computers are also hacked in processes such as the one described above. The user who was caught in this case is arguing the government’s use of such tools violated the Fourth Amendment. One federal prosecutor quoted in the article describes the search processes used in this case as a “gray area in the law”. His point, that technology is eclipsing the law, is definitely one that deserves more attention from all angles: the public, governmental agencies, and private companies.
Megan Feil, January 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Oscobo: A Privacy Centric Web Search System
January 7, 2016
Before you get too excited, the Oscobo service uses results from Bing. Yep, that is the search engine which uses Baidu in China and Yandex in Russia for results.
The Oscobo search system is about privacy for its users, not about the dreary precision, recall, and relevance issues. “Oscobo Is An Anonymous Search Engine Targeting Brits” reports that the system reminded the article’s author of DuckDuckGo and Hulbee, both working to ensure the privacy of their users.
The results are filtered to cater to the needs of the UK online search it seems.
According to the write up, Oscobo’s business model
is simple paid search, based on bare-bones search data (i.e. whatever string a user is searching for) and their location — given the product is serving the U.K. market this is assumed to be the U.K., but whatever search string they input may further flesh out a more specific location.
There is no definition of “paid search”, however. You can check out the system at https://oscobo.co.uk/.
Stephen E Arnold, January 7, 2016
Google and Students: The Quest for Revenue
January 7, 2016
The Alphabet Google thing is getting more focused in its quest for revenue in the post desktop search world. I read “Google Is Tracking Students As It Sells More Products to Schools, Privacy Advocates Warn.” I remember the good old days when the Google was visiting universities to chat about its indexing of the institutions’ Web sites and the presentations related to the book scanning project. This write up seems, if Jeff Bezos’ newspaper is spot on, to suggest that the Alphabet Google thing is getting more interested in students, not just the institutions.
I read:
More than half of K-12 laptops or tablets purchased by U.S. schools in the third quarter were Chromebooks, cheap laptops that run Google software…. But Google is also tracking what those students are doing on its services and using some of that information to sell targeted ads, according to a complaint filed with federal officials by a leading privacy advocacy group.
The write up points out:
In just a few short years, Google has become a dominant force as a provider of education technology…. Google’s fast rise has partly been because of low costs: Chromebooks can often be bought in the $100 to $200 range, a fraction of the price for a MacBook. And its software is free to schools.
Low prices. Well, Amazon is into that type of marketing too, right? Collecting data. Isn’t Amazon gathering data for its recommendations service?
My reaction to the write up is that the newspaper will have more revelations about the Alphabet Google thing. The security and privacy issue is one that has the potential to create some excitement in the land of online giants.
Stephen E Arnold, January 7, 2015
New Years Resolutions in Personal Data Security
December 22, 2015
The article on ITProPortal titled What Did We Learn in Records Management in 2016 and What Lies Ahead for 2016? delves into the unlearnt lessons in data security. The article begins with a look back over major data breaches, including Ashley Madison, JP Morgan et al, and Vtech and gathers from them the trend of personal information being targeted by hackers. The article reports,
“A Crown Records Management Survey earlier in 2015 revealed two-thirds of people interviewed – all of them IT decision makers at UK companies with more than 200 employees – admitted losing important data… human error is continuing to put that information at risk as businesses fail to protect it properly…but there is legislation on the horizon that could prompt change – and a greater public awareness of data protection issues could also drive the agenda.”
The article also makes a few predictions about the upcoming developments in our approach to data protection. Among them includes the passage of the European Union General Data Protection Regulation (EU GDPR) and the resulting affect on businesses. In terms of apps, the article suggests that more people might start asking questions about the information required to use certain apps (especially when the data they request is completely irrelevant to the functions of the app.) Generally optimistic, these developments will only occur of people and businesses and governments take data breaches and privacy more seriously.
Chelsea Kerwin, December 22, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Internet Sovereignty, Apathy, and the Cloud
December 21, 2015
The OS News post titled Dark Clouds Over the Internet presents an argument that boils down to a choice between international accord and data sharing agreement, or the risk of the Internet being broken up into national networks. Some very worked up commenters engaged in an interesting discussion that spanned government overreaching, democracy, data security, privacy, and for some reason, climate change. One person summarized their opinion thusly:
“Best policy: don’t store data with someone else. There is no cloud. It’s just someone else’s computer.”
In response, a user named Alfman replied that companies are to blame for the current lack of data security, or more precisely, people are generally to blame for allowing this state of affairs to exist,
The privacy issues we’re now seeing are a direct consequence of corporate business models pushing our data into their central silos. None of this is surprising except perhaps how willing users have been to forgo their own privacy. Collectively, it seems that we are very willing to give up our rights for very little in exchange… makes it difficult to achieve critical mass around technologies promoting data independence.”
It is hard to argue with the apathy factor, with data breaches occurring regularly and so little being done by individuals to protect themselves. Good thing these commenters have figured it all out. Next up, solving climate change.
Chelsea Kerwin, December 21, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
