CyberOSINT banner

Cybercriminal Talent Recruitment Moves Swiftly on the Dark Web

April 8, 2016

No matter the industry, it’s tough to recruit and keep talent. As the Skills shortage hits hackers published by Infosecurity Magazine reports, cybercriminals are no exception. Research conducted by Digital Shadows shows an application process exists not entirely dissimilar from that of tradition careers. The jobs include malware writers, exploit developers, and botnet operators. The article explains how Dark Web talent is recruited,

“This includes job ads on forums or boards, and weeding out people with no legitimate technical skills. The research found that the recruitment process often requires strong due diligence to ensure that the proper candidates come through the process. Speaking to Infosecurity, Digital

Shadows’ Vice President of Strategy Rick Holland said that in the untrusted environment of the attacker, reputation is as significant as in the online world and if someone does a bad job, then script kiddies and those who have inflated their abilities will be called out.”

One key difference cited is the hiring timeline; the Dark Web moves quickly. As you might imagine, apparently only a short window of opportunity to cash in stolen credit cards. The sense of urgency related to many Dark Web activities suggests speedier cybersecurity solutions are on the scene. As cybercrime-as-a-service expands, criminals’ efforts and attacks will only be swifter.

 

Megan Feil, April 8, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

UK Cybersecurity Director Outlines Agencys Failures in Ongoing Cyberwar

April 8, 2016

The article titled GCHQ: Spy Chief Admits UK Agency Losing Cyberwar Despite £860M Funding Boost on International Business Times examines the surprisingly frank confession made by Alex Dewdney, a director at the Government Communications Headquarters (GCHQ). He stated that in spite of the £860M funneled into cybersecurity over the past five years, the UK is unequivocally losing the fight. The article details,

“To fight the growing threat from cybercriminals chancellor George Osborne recently confirmed that, in the next funding round, spending will rocket to more than £3.2bn. To highlight the scale of the problem now faced by GCHQ, Osborne claimed the agency was now actively monitoring “cyber threats from high-end adversaries” against 450 companies across the UK aerospace, defence, energy, water, finance, transport and telecoms sectors.”

The article makes it clear that search and other tools are not getting the job done. But a major part of the problem is resource allocation and petty bureaucratic behavior. The money being poured into cybersecurity is not going towards updating the “legacy” computer systems still in place within GCHQ, although those outdated systems represent major vulnerabilities. Dewdney argues that without basic steps like migrating to an improved, current software, the agency has no hope of successfully mitigating the security risks.

 

Chelsea Kerwin, April 8, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Google Hummingbird Revealed by a Person Not Working for Google

April 7, 2016

Another wizard has scrutinized the Google and figured out how to make sure your site becomes number one with a bullet.

To get the wisdom, navigate to “Hummingbird – Mastering the art of Conversational Search.” The problem for the GOOG is that it costs a lot of money to index Web sites no one visits. Advertisers want traffic. That means the GOOG has to find a way to reduce costs and sell either more ads or fewer ads at a higher price.

The write up pays scant attention to the realities of the Google. But you will learn the tips necessary to work traffic magic. Okay, I don’t get too excited about info about Google from folks who are not working at the company or who have worked at the company. Sorry. Looking at the Google and reading tea leaves does not work for me.

But what works, according to the write up, are these sure fire tips. Here we go:

  1. Bone up on latent semantic indexing. Let’s see. That method has been around for 30, maybe 40 years. Get a move on, gentle reader.
  2. Make your Web site mobile friendly. Unfortunately mobile Web sites don’t get more traffic than a regular Web site which does not get much traffic. Sorry. The majority of clicks flow to a small percentage of the accessible Web sites.
  3. Forget the keyword thing. Well, I usually use words to write my articles and Web sites. I worry about focusing on a small number of topics and using the words necessary to get my point across. Keywords, in my opinion, are derivatives of information. Forgetting keywords is easy. I never used them before.
  4. Make your write ups accurate. Okay, that’s a start. What does one do with “real” news from certain sources. The info is baloney, but everyone pretends it is accurate. What’s up with that? The accuracy angle is part of Google’s scoring methods. Each has to deal with what’s correct in his or her own way. Footnotes and links are helpful. What happens when someone disagrees. Is this “accurate”? Oh, well.
  5. “Be bold and broad.” In my experience, not much content is bold and broad.

Now you understand Google Hummingbird. Will your mobile Web site generate hundreds of thousands of uniques if you adhere to this road map? Nah. Why not follow Google’s guidelines from the Google itself?

Stephen E Arnold, April 7, 2016

The Missing Twitter Manual Located

April 7, 2016

Once more we turn to the Fuzzy Notepad’s advice and their Pokémon mascot, Evee.  This time we visited the fuzz pad for tips on Twitter.  The 140-character social media platform has a slew of hidden features that do not have a button on the user interface.  Check out “Twitter’s Missing Manual” to read more about these tricks.

It is inconceivable for every feature to have a shortcut on the user interface.   Twitter relies on its users to understand basic features, while the experienced user will have picked up tricks that only come with experience or reading tips on the Internet.  The problem is:

“The hard part is striking a balance. On one end of the spectrum you have tools like Notepad, where the only easter egg is that pressing F5 inserts the current time. On the other end you have tools like vim, which consist exclusively of easter eggs.

One of Twitter’s problems is that it’s tilted a little too far towards the vim end of the scale. It looks like a dead-simple service, but those humble 140 characters have been crammed full of features over the years, and the ways they interact aren’t always obvious. There are rules, and the rules generally make sense once you know them, but it’s also really easy to overlook them.”

Twitter is a great social media platform, but a headache to use because it never came with an owner’s manual.  Fuzzy notepad has lined up hint for every conceivable problem, including the elusive advanced search page.

 

Whitney Grace, April 7, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Potential Corporate Monitoring Concerns Tor Users

April 7, 2016

The Dark Web has been seen as a haven by anyone interested in untraceable internet activity. However, a recent article from Beta News, Tor Project says Google, CloudFlare and others are involved in dark web surveillance and disruption, brings to light the potential issue of Tor traffic being monitored. A CDN and DDoS protection service called CloudFlare has introduced CAPTCHAs and cookies to Tor for monitoring purpose and accusations about Google and Yahoo have also been made. The author writes,

“There are no denials that the Tor network — thanks largely to the anonymity it offers — is used as a platform for launching attacks, hence the need for tools such as CloudFlare. As well as the privacy concerns associated with CloudFlare’s traffic interception, Tor fans and administrators are also disappointed that this fact is being used as a reason for introducing measures that affect all users. Ideas are currently being bounced around about how best to deal with what is happening, and one of the simpler suggestions that has been put forward is adding a warning that reads “Warning this site is under surveillance by CloudFlare” to sites that could compromise privacy.”

Will a simple communications solution appease Tor users? Likely not, as such a move would essentially market Tor as providing the opposite service of what users expect. This will be a fascinating story to see unfold as it could be the beginning of the end of the Dark Web as it is known, or perhaps the concerns over loss of anonymity will fuel further innovation.

 

Megan Feil, April 7, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Google Search, Jr.

April 6, 2016

As a kid friendly society, we cater to the younger generations by making “child friendly” versions of everything from books to meals.  When the Internet made headway into our daily lives, kid friendly dashboards were launched to keep the young ones away from pedophiles and to guarantee they only saw age-appropriate content.  The kid protocols sucked, for lack of better terms, because the people designing them were not the greatest at judging content.

With more tech-savvy, child wise Web developers running the show now, there are more kid friendly products with more intelligence behind their design.  One of the main Internet functions that parents wish were available for their offspring is a safe search engine, but so far their answers have been ignored.

The Metro reports there is now a “New Search Engine Kiddle Is Like Google For Children-Here’s What It Does.”  Kiddle’s purpose is to filter results that are safe for kids to read and also is written in simple language.

Kiddle is not affiliated with the search engine giant, however:

“Kiddle is not an official Google product, but the company uses a customized Google search to deliver child-friendly results.  Kiddle uses Google colors but instead of the traditional white background has adopted an outer space theme, fit with a friendly robot.  It will work in the same manner as Google but its search will be heavily filtered.”

The results will be filleted as such: the first three sites will be kid friendly, four through seven will be written in simple language, and the remaining will be from regular Google filtered through by the Kiddle search.

Kids need to understand how to evaluate content and use it wisely, but the Internet prevents them from making the same judgments other generations learned, as they got older.  However, kids are also smarter than we think so a “kid friendly” search tool is usually dumbed down to the cradle.  Kiddle appears to have the best of both worlds, at least it is better than parental controls.

 

Whitney Grace, April 6, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Nasdaq Joins the Party for Investing in Intelligence

April 6, 2016

The financial sector is hungry for intelligence to help curb abuses in capital markets, judging by recent actions of Goldman Sachs and Credit Suisse. Nasdaq invests in ‘cognitive’ technology, from BA wire, announces their investment in Digital Reasoning. Nasdaq plans to connect Digital Reasoning algorithms with Nasdaq’s technology which surveils trade data. The article explains the benefits of joining these two products,

“The two companies want to pair Digital Reasoning software of unstructured data such as voicemail, email, chats and social media, with Nasdaq’s Smarts business, which is one of the foremost software for monitoring trading on global markets. It is used by more than 40 markets and 12 regulators. Combining the two products is designed to assess the context, content and relationships behind trading and spot signals that could indicate insider trading, market manipulation or even expenses rules violations.”

We have followed Digital Reasoning, and other intel vendors like them, for quite some time as they target sectors ranging from healthcare to law to military. This is just a case of another software intelligence vendor making the shift to the financial sector. Following the money appears to be the name of the game.

 

Megan Feil, April 6, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Forget World Population, Domain Population Is Overcrowded

April 5, 2016

Back in the 1990s, if you had a Web site without a bunch of gobbidly-gook after the .com, you were considered tech savvy and very cool.  There were plenty of domain names available in those days and as the Internet became more of a tool than a novelty, demand for names rose. It is not as easy anymore to get the desired Web address, says Phys.org in the article, “Overcrowded Internet Domain Space Is Stifling Demand, Suggesting A Future ‘Not-Com’ Boom.”

Domain names are being snapped up fast, so quickly, in fact, that Web development is being stunted.  As much as 25% of domains are being withheld, equaling 73 million as of summer 2015 with the inability to register domain names that would drive Internet traffic.

“However, as the Internet Corporation for Assigned Names and Numbers (ICANN) has begun to roll out the option to issue brand new top-level domains for almost any word, whether it’s dot-hotel, dot-books or dot-sex – dubbed the ‘not-coms’ – the research suggests there is substantial untapped demand that could fuel additional growth in the domain registrations.”

One of the factors that determine prime Internet real estate is a simple, catchy Web address.  With new domains opening up beyond the traditional .org, .com, .net, .gov endings, an entire new market is also open for entrepreneurs to profit from.  People are already buying not-com’s for cheap with the intention to resale them for a pretty penny.  It bears to mention, however, that once all of the hot not-com’s are gone, we will be in the same predicament as we are now.  How long will that take?

 

Whitney Grace, April 5, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Google DeepMind Acquires Healthcare App

April 5, 2016

What will Google do next? Google’s London AI powerhouse has set up a new healthcare division and acquired a medical app called Hark, an article from Business Insider, tells us the latest. DeepMind, Google’s artificial intelligence research group, launched a new division recently called DeepMind Health and acquired a healthcare app. The article describes DeepMind Health’s new app called Hark,

“Hark — acquired by DeepMind for an undisclosed sum — is a clinical task management smartphone app that was created by Imperial College London academics Professor Ara Darzi and Dr Dominic King. Lord Darzi, director of the Institute of Global Health Innovation at Imperial College London, said in a statement: “It is incredibly exciting to have DeepMind – the world’s most exciting technology company and a true UK success story – working directly with NHS staff. The types of clinician-led technology collaborations that Mustafa Suleyman and DeepMind Health are supporting show enormous promise for patient care.”

The healthcare industry is ripe for disruptive technology, especially technologies which solve information and communications challenges. As the article alludes to, many issues in healthcare stem from too little conveyed and too late. Collaborations between researchers, medical professionals and tech gurus appears to be a promising answer. Will Google’s Hark lead the way?

 

Megan Feil, April 5, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Paywalls Block Pleasure Reading

April 4, 2016

Have you noticed something new in the past few months on news Web sites?  You click on an interesting article and are halfway though reading it when a pop-up banner blocks out the screen.  The only way to continue reading is to enter your email, find the elusive X icon, or purchase a subscription.  Ghacks.net tells us to expect more of these in, “Read Articles Behind Paywalls By Masquerading As Googlebot.”

Big new sites such as the Financial Times, The New York Times, The Washington Post, and The Wall Street Journal are now experimenting with the paywall to work around users’ ad blockers.  The downside is that content will be locked up and sites might lose viewers, but that might be a risk they are willing to take to earn a bigger profit.

There used be some tricks to get around paywalls:

“It is no secret that news sites allow access to news aggregators and search engines. If you check Google News or Search for instance, you will find articles from sites with paywalls listed there.  In the past, news sites allowed access to visitors coming from major news aggregators such as Reddit, Digg or Slashdot, but that practice seems to be as good as dead nowadays.  Another trick, to paste the article title into a search engine to read the cached story on it directly, does not seem to work properly anymore as well as articles on sites with paywalls are not usually cached anymore.”

The best way, the article says, is to make the Web site think you are a Googlebot.  Web sites allow Googlebots roam freely to appear higher in search engine results.  There are a few ways to trick the Web sites into thinking you are a Googlebot based on your Internet browser, Firefox or Chrome.  Check them out, but it will not be long before those become old-fashioned too.

 

Whitney Grace, April 4, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

« Previous PageNext Page »