CyberOSINT banner

Meet the Company Selling Our Medical Data

July 22, 2016

A company with a long history is getting fresh scrutiny. An article at Fortune reports, “This Little-Known Firm Is Getting Rich Off Your Medical Data.” Writer Adam Tanner informs us:

“A global company based in Danbury, Connecticut, IMS  buys bulk data from pharmacy chains such as CVS , doctor’s electronic record systems such as Allscripts, claims from insurers such as Blue Cross Blue Shield and from others who handle your health information. The data is anonymized—stripped from the identifiers that identify individuals. In turn, IMS sells insights from its more than half a billion patient dossiers mainly to drug companies.

“So-called health care data mining is a growing market—and one largely dominated by IMS. Last week, the company reported 2015 net income of $417 million on revenue of $2.9 billion, compared with a loss of $189 million in 2014 (an acquisition also boosted revenue over the year). ‘The outlook for this business remains strong,’ CEO Ari Bousbib said in announcing the earnings.”

IMS Health dates back to the 1950s, when a medical ad man sought to make a buck on drug-sales marketing reports. In the 1980s and ‘90s, the company thrived selling profiles of specific doctors’ proscribing patterns to pharmaceutical marketing folks. Later, they moved into aggregating information on individual patients—anonymized, of course, in accordance with HIPAA rules.

Despite those rules, some are concerned about patient privacy. IMS does not disclose how it compiles their patient dossiers, and it may be possible that records could, somehow someday, become identifiable. One solution would be to allow patients to opt out of contributing their records to the collection, anonymized or not, as marketing data firm Acxiom began doing in 2013.

Of course, it isn’t quite so simple for the consumer. Each health record system makes its own decisions about data sharing, so opting out could require changing doctors. On the other hand, many of us have little choice in our insurance provider, and a lot of those firms also share patient information. Will IMS move toward transparency, or continue to keep patients in the dark about the paths of their own medical data?


Cynthia Murrell, July 22, 2016

Sponsored by, publisher of the CyberOSINT monograph

There is a Louisville, Kentucky Hidden Web/Dark
Web meet up on July 26, 2016.
Information is at this link:

Interview with an Ethical Hacker

July 20, 2016

We’ve checked out a write-up on one of the white-hats working for IBM at Business Insider— “Here’s What It’s Really Like to Be a Hacker at One of the World’s Biggest Tech Companies.”  We wonder, does this wizard use Watson? The article profiles Charles Henderson. After summarizing the “ethical hacker’s” background, the article describes some of his process:

“The first thing I do every morning is catch up on what happened when I was sleeping. The cool thing is, since I run a global team, when I’m sleeping there are teams conducting research and working engagements with customers. So in the morning I start by asking, ‘Did we find any critical flaws?’ ‘Do I need to tell a client we found a vulnerability and begin working to fix it?’ From there, I am working with my team to plan penetration tests and make sure we have the resources we need to address the issues we have found. There isn’t an hour that goes by that I don’t find a cool, new way of doing something, which means my days are both unpredictable and exciting.

“I also do a lot of research myself. I like to look at consumer electronic devices, anything from planes to trains to automobiles to mobile devices. I try to find ways to break into or break apart these devices, to find new flaws and vulnerabilities.”

Henderson also mentions meeting with clients around the world to consult on security issues, and lists some projects his team has tackled. For example, a “physical penetration test” which involved stealing a corporate vehicle, and sending “tiger teams” to burgle client buildings. His favorite moments, though, are those when he is able to fix a vulnerability before it is exploited. Henderson closes with this bit of advice for aspiring hackers: “Always be curious. Never take anything at face value.”



Cynthia Murrell, July 20, 2016

Sponsored by, publisher of the CyberOSINT monograph

There is a Louisville, Kentucky Hidden Web/Dark
Web meet up on July 26, 2016.
Information is at this link:

The Web, the Deep Web, and the Dark Web

July 18, 2016

If it was not a challenge enough trying to understand how the Internet works and avoiding identity theft, try carving through the various layers of the Internet such as the Deep Web and the Dark Web.  It gets confusing, but “Big Data And The Deep, Dark Web” from Data Informed clears up some of the clouds that darken Internet browsing.

The differences between the three are not that difficult to understand once they are spelled out.  The Web is the part of the Internet that we use daily to check our email, read the news, check social media sites, etc.  The Deep Web is an Internet sector not readily picked up by search engines.  These include password protected sites, very specific information like booking a flight with particular airline on a certain date, and the TOR servers that allow users to browse anonymously.  The Dark Web are Web pages that are not indexed by search engines and sell illegal goods and services.

“We do not know everything about the Dark Web, much less the extent of its reach.

“What we do know is that the deep web has between 400 and 550 times more public information than the surface web. More than 200,000 deep web sites currently exist. Together, the 60 largest deep web sites contain around 750 terabytes of data, surpassing the size of the entire surface web by 40 times. Compared with the few billion individual documents on the surface web, 550 billion individual documents can be found on the deep web. A total of 95 percent of the deep web is publically accessible, meaning no fees or subscriptions.”

The biggest seller on the Dark Web is child pornography.  Most of the transactions take place using BitCoin with an estimated $56,000 in daily sales.  Criminals are not the only ones who use the Dark Web, whistle-blowers, journalists, and security organizations use it as well.  Big data has not even scratched the surface related to mining, but those interested can find information and do their own mining with a little digging


Whitney Grace,  July 18 , 2016
Sponsored by, publisher of the CyberOSINT monograph

There is a Louisville, Kentucky Hidden Web/Dark
Web meet up on July 26, 2016.
Information is at this link:

Six Cybercriminal Archetypes from BAE Systems

July 11, 2016

Tech-security firm BAE Systems has sketched out six cybercriminal types, we learn from “BAE Systems Unmasks Today’s Cybercriminals” at the MENA Herald.  We’re told the full descriptions reveal the kinds of havoc each type can wreak, as well as targeted advice for thwarting them.  The article explains:

“Threat intelligence experts at BAE Systems have revealed ‘The Unusual Suspects’, built on research that demonstrates the motivations and methods of the most common types of cybercriminal. The research, which is derived from expert analysis of thousands of cyber attacks on businesses around the world. The intention is to help enterprises understand the enemies they face so they can better defend against cyber attack.”

Apparently, such intel is especially needed in the Middle East, where cybercrime was recently found to affect about 30 percent of organizations.  Despite the danger, the same study from PwC found that regional companies were not only unprepared for cyber attacks, many did not even understand the risks.

The article lists the six cybercriminal types BAE has profiled:

“The Mule – naive opportunists that may not even realise they work for criminal gangs to launder money;

The Professional – career criminals who ‘work’ 9-5 in the digital shadows;

The Nation State Actor – individuals who work directly or indirectly for their government to steal sensitive information and disrupt enemies’ capabilities;

The Activist – motivated to change the world via questionable means;

The Getaway – the youthful teenager who can escape a custodial sentence due to their age;

The Insider – disillusioned, blackmailed or even over-helpful employees operating from within the walls of their own company.”

Operating in more than 40 countries, BAE Systems is committed to its global perspective. Alongside its software division, the company also produces military equipment and vehicles. Founded in 1999, the company went public in 2013. Unsurprisingly, BAE’s headquarters  are in Arlington, Virginia, just outside of Washington DC.  As of this writing, they are also hiring in several locations.



Cynthia Murrell, July 11, 2016

Sponsored by, publisher of the CyberOSINT monograph

VirtualWorks Purchases Natural Language Processing Firm

July 8, 2016

Another day, another merger. PR Newswire released a story, VirtualWorks and Language Tools Announce Merger, which covers Virtual Works’ purchase of Language Tools. In Language Tools, they will inherit computational linguistics and natural language processing technologies. Virtual Works is an enterprise search firm. Erik Baklid, Chief Executive Officer of VirtualWorks is quoted in the article,

“We are incredibly excited about what this combined merger means to the future of our business. The potential to analyze and make sense of the vast unstructured data that exists for enterprises, both internally and externally, cannot be understated. Our underlying technology offers a sophisticated solution to extract meaning from text in a systematic way without the shortcomings of machine learning. We are well positioned to bring to market applications that provide insight, never before possible, into the vast majority of data that is out there.”

This is another case of a company positioning themselves as a leader in enterprise search. Are they anything special? Well, the news release mentions several core technologies will be bolstered due to the merger: text analytics, data management, and discovery techniques. We will have to wait and see what their future holds in regards to the enterprise search and business intelligence sector they seek to be a leader in.

Megan Feil, July 8, 2016
Sponsored by, publisher of the CyberOSINT monograph


Publicly Available Information Is Considered Leaked When on Dark Web

July 7, 2016

What happens when publicly available informed is leaked to the Dark Web? This happened recently with staff contact information from the University of Liverpool according to an article, Five secrets about the Dark Web you didn’t know from CloudPro. This piece speaks to perception that the Dark Web is a risky place for even already publicly available information. The author reports on how the information was compromised,

“A spokeswoman said: “We detected an automated cyber-attack on one of our departmental online booking systems, which resulted in publically available data – surname, email, and business telephone numbers – being released on the internet. We take the security of all university-related data very seriously and routinely test our systems to ensure that all data is protected effectively. We supported the Regional Organised Crime Unit (TITAN) in their investigations into this issue and reported the case to the Information Commissioner’s Office.”

Data security only continues to grow in importance and as a concern for large enterprises and organizations. This incident is an interesting case to be reported, and it was the only story we had not seen published again and again, as it illustrates the public perception of the Dark Web being a playing ground for illicit activity. It brings up the question about what online landscapes are considered public versus private.


Megan Feil, July 7, 2016

Sponsored by, publisher of the CyberOSINT monograph

The Computer Chip Inspired by a Brain

July 6, 2016

Artificial intelligence is humanity’s attempt to replicate the complicated thought processes in their own brains through technology.  IBM is trying to duplicate the human brain and they have been successful in many ways with supercomputer Watson.  The Tech Republic reports that IBM has another success under their belt, except to what end?  Check out the article, “IBM’s Brain-Inspired Chip TrueNorth Changes How Computers ‘Think,’ But Experts Question Its Purpose.”

IBM’s TrueNorth is the first computer chip with an one million neuron architecture.  The chip is a collaboration between Cornell University and IBM with the  BARPA SyNAPSE Program, using $100 million in public funding.  Most computer chips use the Von Neumann architecture, but the TrueNorth chip better replicates the human brain.  TrueNorth is also more energy efficient.

What is the purpose of the TrueNorth chip, however?  IBM created an elaborate ecosystem that uses many state of the art processes, but people are still wondering what the real world applications are:

“ ‘…it provides ‘energy-efficient, always-on content generation for wearables, IoT devices, smartphones.’ It can also give ‘real-time contextual understanding in automobiles, robotics, medical imagers, and cameras.’ And, most importantly, he said, it can ‘provide volume-efficient, unprecedented neural network acceleration capability per unit volume for cloud-based streaming processing and provide volume, energy, and speed efficient multi-modal sensor fusion at an unprecedented neural network scale.’”

Other applications include cyber security, other defense goals, and large scale computing and hardware running on the cloud.  While there might be practical applications, people still want to know why IBM made the chip?

” ‘It would be as if Henry Ford decided in 1920 that since he had managed to efficiently build a car, we would try to design a car that would take us to the moon,’ [said Nir Shavit, a professor at MIT’s Computer Science and Artificial Intelligence Laboratory]. ‘We know how to fabricate really efficient computer chips. But is this going to move us towards Human quality neural computation?’ Shavit fears that its simply too early to try to build neuromorphic chips. We should instead try much harder to understand how real neural networks compute.’”

Why would a car need to go to the moon?  It would be fun to go to the moon, but it doesn’t solve a practical purpose (unless we build a civilization on the moon, although we are a long way from that).  It continues:

” ‘The problem is,’ Shavit said, ‘that we don’t even know what the problem is. We don’t know what has to happen to a car to make the car go to the moon. It’s perhaps different technology that you need. But this is where neuromorphic computing is.’”

In other words, it is the theoretical physics of computer science.


Whitney Grace,  July 6, 2016
Sponsored by, publisher of the CyberOSINT monograph


Wait, the Dark Web Is Legal?

July 5, 2016

For research purposes, I surf the Dark Web on a regular basis.  It is like skulking around the back alleys of a major city and witnessing all types of crime, but keeping to yourself.  I have seen a few Web sites that could be deemed as legal, but most of the content I peruse is illegal: child pornography, selling prescription drugs, and even a hitman service.  I have begun to think that everything on the Dark Web is illegal, except Help Net Security tells me that “Dark Web Mapping Reveals That Half Of The Content Is Legal.”

The Centre for International Governance Innovation (CIGI) conducted global survey and discovered that seven in ten (71%) of the surveyors believe the Dark Web needs to be shut down.  There is speculation if the participants eve had the right definition about what the Dark Web is and might have confused the terms “Dark Web” and “Dark Net”.

Darksum, however, mapped the Tor end of the Dark Web and discovered some interesting facts:

  • “Of the 29,532 .onion identified during the sampling period – two weeks in February 2016 – only 46% percent could actually be accessed. The rest were likely stort-lived C&C servers used to manage malware, chat clients, or file-sharing applications.
  • Of those that have been accessed and analyzed with the companies’ “machine-learning” classification method, less than half (48%) can be classified as illegal under UK and US law. A separate manual classification of 1,000 sites found about 68% of the content to be illegal under those same laws.”

Darksum’s goal is to clear up misconceptions about the Dark Web and to better understand what is actually on the hidden sector of the Internet.  The biggest hope is to demonstrate the Dark Web’s benefits.


Whitney Grace,  July 5, 2016
Sponsored by, publisher of the CyberOSINT monograph

Google Throws Hat in Ring as Polling Service for Political Campaigns

July 4, 2016

The article on Silicon Angle titled Google is Pitching Its Polling Service at Journos, Politicians…Also, Google Has a Polling Division explores the recent discovery of Google’s pollster ambitions. Compared to other projects Google has undertaken, this desire to join Gallup and Nielsen as a premier polling service seems downright logical. Google is simply taking advantage of its data reach to create Google Consumer Surveys. The article explains,

“Google collects the polling data for the service through pop-up survey boxes before a news article is read, and through a polling application…The data itself, while only representative of people on the internet, is said to be a fair sample nonetheless, as Google selects its sample by calculating the age, location, and demographics of those participating in each poll by using their browsing and search history…the same technology used by Google’s ad services including DoubleClick and AdWords.”

Apparently Google employees have been pitching their services to presidential and congressional campaign staffers, and at least one presidential candidate ran with them.  As the article states, the entire project is a “no-brainer,” even with the somewhat uncomfortable idea of politicians gaining access to Google’s massive data trove. Let’s limit this to polling before Google gets any ideas about the census and call it a day.



Chelsea Kerwin,  July 4, 2016

Sponsored by, publisher of the CyberOSINT monograph

Enterprise Search Is Stuck in the Past

July 4, 2016

Enterprise search is one of the driving forces behind an enterprise system because the entire purpose of the system is to encourage collaboration and quickly find information.  While enterprise search is an essential tool, according to Computer Weekly’s article. “Beyond Keywords: Bringing Initiative To Enterprise Search” the feature is stuck in the past.

Enterprise search is due for an upgrade.  The amount of enterprise data has increased, but the underlying information management system remains the same.  Structured data is easy to make comply with the standard information management system, however, it is the unstructured data that holds the most valuable information.  Unstructured information is hard to categorize, but natural language processing is being used to add context.  Ontotext combined natural language processing with a graph database, allowing the content indexing to make more nuanced decisions.

We need to level up the basic keyword searching to something more in-depth:

“Search for most organisations is limited: enterprises are forced to play ‘keyword bingo’, rephrasing their question multiple times until they land on what gets them to their answer. The technologies we’ve been exploring can alleviate this problem by not stopping at capturing the keywords, but by capturing the meaning behind the keywords, labeling the keywords into different categories, entities or types, and linking them together and inferring new relationships.”

In other words, enterprise search needs the addition of semantic search in order to add context to the keywords.  A basic keyword search returns every result that matches the keyword phrase, but a context-driven search actually adds intuition behind the keyword phrases.  This is really not anything new when it comes to enterprise or any kind of search.  Semantic search is context-driven search.


Whitney Grace,  July 4, 2016
Sponsored by, publisher of the CyberOSINT monograph

Next Page »