CyberOSINT banner

Painting an IT Worker’s House Requires an NDA

March 27, 2015

You would not think that contractors, gardeners, painters, plumbers, and electricians would have to sign an non-disclosure agreement before working on someone’s home, but according to the New York Times it is happening all over Silicon Valley“For Tech Titans, Sharing Has Its Limits” explains how home and garden maintenance workers now have to sign NDAs for big name tech workers just like they have to with celebrities.  Most of the time, workers do not even know who they are working for or recognize the names.  This has made it hard to gather information on how many people require NDAs, but Mark Zuckerberg recently had a lawsuit that sheds some light about why they are being used.  He goes to great lengths to protect his privacy, but ironically tech people who use NDAs are the ones who make a profit off personal information disclosures.

“The lawsuit against Mr. Zuckerberg involves a different residence, 35 miles south in Palo Alto. In it, a part-time developer named Mircea Voskerician claims that he had a contract to buy a $4.8 million house adjoining Mr. Zuckerberg’s residence, and offered to sell a piece of the property to Mr. Zuckerberg. He says that in a meeting at Facebook headquarters in Menlo Park, he discussed a deal to sell his interest in the entire property to Mr. Zuckerberg. In exchange, he says, Mr. Zuckerberg would make introductions between him and powerful people in Silicon Valley, potential future business partners and clients. Mr. Voskerician passed up a better offer on the house, the suit contends, but Mr. Zuckerberg did not follow through on the pledge to make introductions.”

Voskerician said he only signed the NDA on as a condition to the proposed agreement, but Zuckerberg’s legal representation says the NDA means all information related to him.  On related terms, Facebook is making more privacy rules so only certain people can see user information.  It still does not change how big name IT workers want their own information kept private.  It seems sharing is good as long as it is done according to a powerful company’s definition of sharing.

Whitney Grace, March 27, 2015
Stephen E Arnold, Publisher of CyberOSINT at www.xenky.com

The Ins and Outs of the Black Market Economy

March 24, 2015

The article titled The Cybercrime Economy: Welcome To The Black Market of The Internet on ZeroFox discusses the current state of the black market and the consequences of its success. The author delves into the economy of the black market, suggesting that it, too, is at the mercy of supply and demand. Some of the players in the structure of the black market include malware brokers, botnet “herders,” and monetization specialists. The article says,

“So what’s the big deal — how does this underground economy influence the economy we see day to day? The financial markets themselves are highly sensitive to the impact of cyber crime… Additionally, fluctuating bitcoin markets (which affects forex trades) and verticals that can be affected through social engineering (the Fin4 example) are both targets for exploitation on a mass scale….There is a good reason cyber security spending surpassed 70 billion in 2014: breaches are costly. Very costly.”

As for how to upset the economy of the black market, the article posits that “cutting off the head” will not work. Supply and demand keep the black market running, not some figurehead. Instead, the article suggests that the real blame lies on the monopolies that drive up prices and force consumers to look for illegal options.

Chelsea Kerwin, March 24, 2015

Stephen E Arnold, Publisher of CyberOSINT at www.xenky.com

Modus Operandi Gets a Big Data Storage Contract

March 24, 2015

The US Missile Defense Agency awarded Modus Operandi a huge government contract to develop an advanced data storage and retrieval system for the Ballistic Missile Defense System.  Modus Operandi specializes in big data analytic solutions for national security and commercial organizations.  Modus Operandi posted a press release on their Web site to share the news, “Modus Operandi Awarded Contract To Develop Advanced Data Storage And Retrieval System For The US Missile Defense Agency.”

The contract is a Phase I Small Business Innovation Research (SBIR), under which Modus Operandi will work on the DMDS Analytic Semantic System (BASS).  The BASS will replace the old legacy system and update it to be compliant with social media communities, the Internet, and intelligence.

“ ‘There has been a lot of work in the areas of big data and analytics across many domains, and we can now apply some of those newer technologies and techniques to traditional legacy systems such as what the MDA is using,’ said Dr. Eric Little, vice president and chief scientist, Modus Operandi. ‘This approach will provide an unprecedented set of capabilities for the MDA’s data analysts to explore enormous simulation datasets and gain a dramatically better understanding of what the data actually means.’ ”

It is worrisome that the missile defense system is relying on an old legacy system, but at least it is being upgraded now.  Modus Operandi also sales Cyber OSINT and they are applying this technology in an interesting way for the government.

Whitney Grace, March 24, 2015
Stephen E Arnold, Publisher of CyberOSINT at www.xenky.com

Digital Shadows Searches the Shadow Internet

March 23, 2015

The deep Web is not hidden from Internet users, but regular search engines like Google and Bing do not index it in their results.  Security Affairs reported on a new endeavor to search the deep Web in the article, “Digital Shadows Firm Develops A Search Engine For The Deep Web.”  Memex and Flashpoint are two search engine projects that are already able to scan the deep Web.  Digital Shadows, a British cyber security firm, is working on another search engine specially designed to search the Tor network.

The CEO of Digital Shadows Alistair Paterson describes the project as Google for Tor.  It was made for:

“Digital Shadows developed the deep Web search engine to offer its services to private firms to help them identifying cyber threats or any other illegal activity that could represent a threat.”

While private firms will need and want this software to detect illegal activities, law enforcement officials currently need deep Web search tools more than other fields.  They use it to track fraud, drug and sex trafficking, robberies, and tacking contraband.  Digital Shadows is creating a product that is part of a growing industry.  The company will not only make profit, but also help people at the same time.

Whitney Grace, March 23, 2015
Stephen E Arnold, Publisher of CyberOSINT at www.xenky.com

Accenture Makes a Big Purchase to Chase Government Clients

March 20, 2015

Accenture Federal Services (AFS) is one of the leading companies that provide technology and digital solutions for the US federal government. The parent company Accenture LLP has sought to increase its amount of federal contracts as well a products and services, so the company decided to purchase Agilex Technologies, Inc says Big News Network in “Accenture Unit To Agilex Technologies.”

” ‘Acquiring Agilex will help AFS further solidify our position as an innovative leader in the federal market. Combining our digital capabilities and agile methods will accelerate our ability to help clients harness the power of emerging digital technologies and rapid, predictable systems deployment for the federal government’s most complex challenges,’ said David Moskovitz, Accenture Federal Services chief executive.”

AFS plans to use Agilex’s technology to improve its own analytics, cloud, and mobile technology for federal organizations. Agilex, like its new owner, has worked with every cabinet-level department and federal agencies in defense, intelligence, public safety, civilian and military health organizations.

AFS will have more to offer its federal clients, but it does beg the question if it will lead to a monopoly on government contracts or increase the competition?

Whitney Grace, March 20, 2015

Stephen E Arnold, Publisher of CyberOSINT at www.xenky.com

Qwant Develops Qwant Junior, the Search Engine for Children

March 17, 2015

The article on Telecompaper titled Qwant Tests Child-Friendly Search Engine discusses the French companies work. Qwant is focused on targeting 3 to 13 year olds with Qwant Junior, in partnership with the Education Ministry. Twenty percent of the company is owned by digital publishing powerhouse Axel Springer. The child-friendly search engine will attempt to limit the access to inappropriate content while encouraging children to use the search engine to learn. The article explains,

“The new version blocks or lists very far down in search results websites that show violence and pornography, as well as e-commerce sites. The version features an education tab separately from the general web search that offers simplified access to educational programme, said co-founder Eric Leandri. Qwant Junior’s video tab offers child-appropriate videos from YouTube, Dailymotion and Vimeo. After tests with the ministry, the search engine will be tested by several hundred schools.”

Teaching youngsters the ways of the search engine is important in our present age. The concept of listing pornography “very far down” on the list of results might unsettle some parents of young teens smart enough to just keep scrolling, but it is France! Perhaps the expectation of blocking all unsavory material is simply untenable. Qwant is planning on a major launch by September, and is in talks with Brazil for a similar program.

Chelsea Kerwin, March 17, 2014

Stephen E Arnold, Publisher of CyberOSINT at www.xenky.com

Assessing SharePoint Content Security

March 17, 2015

With the volume of content housed in SharePoint implementations constantly growing, security threats are becoming an increasingly large problem as well. For organizations that are not sure how to measure the security of their SharePoint infrastructure, Metalogix may have a solution. CMS Wire covers the news in their article, “9 Metrics To Assess SharePoint Content Security.”

The article begins:

“Is your SharePoint content secure? More importantly, do you know how to assess your content security? Given the number of SharePoint environments, it’s likely that a lot of people would answer ‘no.’ Metalogix, however, has just released a new tool it claims will help. The new Insider Threat Index (ITI) offers SharePoint managers insight into their content security based on nine metrics.”

A lot of resources are devoted to helping organizations make the most of their SharePoint solution. Security is not the only concern, but also efficiency, structure, and user experience. To keep up with these and other topics, consider the SharePoint feed on ArnoldIT.com. Stephen E. Arnold has spent his career following all things search, including SharePoint. His expert-run Web site allows users to find lots of tips, tricks, and news pertaining to the enterprise.

Emily Rae Aldridge, March 17, 2015

Stephen E Arnold, Publisher of CyberOSINT at www.xenky.com

AI: Outputs Become Inputs, No Humans Necessary in Some Situations

January 13, 2015

Here’s the thing. The time between an an actionable item and taking action is a big deal. For example, you hear about buying shares of X at the gym. Two days later you call your financial advisor and say, “Should we buy shares of X?”

He says, “Well, the stock has jumped 25 percent yesterday.”

The point: You heard about an actionable item—buying shares. When you cranked up to buy the stock, the big jump was history.

The train left the station, and you are standing on the platform watching the riders head to the bank.

How does one get less “wait” between the actionable item and taking action? The answer is automation. The slow down is usually human. Humans want to deliberate, think about stuff, and procrastinate.

A system that takes actionable outputs and does something about them reduces the “wait.” The idea is to assign a probability to reflect your confidence in the actionable item. The system computes that probability, looks at your number, and then either does or does not take an action.

This happens in milliseconds. Financial institutions pay hundreds of millions to shave milliseconds off their financial transactions. The objective is to use probability and automation to make sure these wizards do not miss the financial train.

Now read “Artificial Intelligence Experts Sign Open Letter to Protect Mankind from Machines.” The write up asserts:

AI experts around the globe are signing an open letter issued Sunday by the Future of Life Institute that pledges to safely and carefully coordinate progress in the field to ensure it does not grow beyond humanity’s control. Signees include co-founders of Deep Mind, the British AI company purchased by Google in January 2014; MIT professors; and experts at some of technology’s biggest corporations, including IBM’s Watson supercomputer team and Microsoft Research.

Sounds great. Won’t compute in the real world. The reason is that time means money to some, security to others, and opportunity for 20 somethings.

The reality is that outputs of smart systems will be piped directly into other smart systems. These systems will act based on probability and other considerations. Why burn out a human when you can disintermediate the human, save money, and give the person an opportunity to study Zen or pursue a hobby? Why wait to discover a security breach when a smart system can take proactive action?

Who resists accepting a recommendation from Amazon or Google “suggest”? I am not sure users of smart systems realize that automation and smart software—crude as it is—is not getting bogged down in the “humanity’s control” thing.

Need an example? Check out weapon systems. Need another? Read the CyberOSINT report available here.

Stephen E Arnold, January 13, 2015

Security, Data Analytics Make List of Predicted Trends in 2015

January 9, 2015

The article on ZyLab titled Looking Ahead to 2015 sums up the latest areas of focus at the end of one year and the beginning of the next. Obviously security is at the top of the list. According to the article, incidents of breaches in security grew 43% in 2014. We assume Sony would be the first to agree that security is of the utmost importance to most companies. The article goes on to predict audio data being increasingly important as evidence,

“Audio evidence brings many challenges. For example, the review of audio evidence can be more labor intensive than other types of electronically stored information because of the need to listen not only to the words but also take into consideration tone, expression and other subtle nuances of speech and intonation…As a result, the cost of reviewing audio evidence can quickly become prohibitive and with only a proportional of the data relevant in most cases.”

The article also briefly discusses various data sources, data analytics and information governance in their prediction of the trends for 2015. The article makes a point of focusing on the growth of data and types of data sources, which will hopefully coincide with an improved ability to discover the sort of insights that companies desire.

Chelsea Kerwin, January 09, 2014

Sponsored by ArnoldIT.com, developer of Augmentext

Need Some Emails?

January 1, 2015

I read “Why Deleting Sensitive Information from Github Does Save You.” The write up is intended for developers. The information in the article makes it easy to suck up Github content and extract several million live emails. Here’s an example from the write up:

GHTorrent advertises itself as an “offline mirror of data”. In a nutshell, it keeps track of a ton of data that flows through Github’s Events API stream, and recursively resolves dependencies to relate, say, a commit object to an event object. Currently, they suggest they have accumulated the data from 2012-2014. This database has incredible potential for researchers, but also allows for hackers to pull previously deleted or changed data en masse. Granted, from what I can tell they don’t store the actual file content (so your accidentally committed password won’t be stored), but that doesn’t mean that there isn’t sensitive data to be had.

Want to know how? Just navigate to the original story.

Stephen E Arnold, January 1, 2015

Next Page »