CyberOSINT banner

A Technical Shift in Banking Security

July 23, 2015

Banks may soon transition from asking for your mother’s maiden name to tracking your physical behavior in the name of keeping you (and their assets) safe. IT ProPortal examines “Fraud Prevention: Knowledge-Based Ananlytics in Steep Decline.” Writer Lara Lackie cites a recent report from the Aite Group that indicates a shift from knowledge-based analytics to behavioral analytics for virtual security checkpoints. Apparently, “behavioral analytics” is basically biometrics without the legal implications. Lackie writes:

“Examples of behavioural analytics/biometrics can include the way someone types, holds their device or otherwise interacts with it. When combined, continuous behavioural analysis, and compiled behavioural biometric data, deliver far more intelligence than traditionally available without interrupting the user’s experience….

Julie Conroy, research director, Aite Group, said in the report “When the biometric is paired with strong device authentication, it is even more difficult to defeat. Many biometric solutions also include liveliness checks, to ensure it’s a human being on the other end.’

“NuData Security’s NuDetect online fraud engine, which uses continuous behavioural analysis and compiled behavioral biometric data, is able to predict fraud as early as 15 days before a fraud attempt is made. The early detection offered by NuDetect provides organisations the time to monitor, understand and prevent fraudulent transactions from taking place.”

The Aite report shows over half the banks surveyed plan to move away from traditional security questions over the next year, and six of the 19 institutions plan to enable mobile-banking biometrics by the end of this year. Proponents of the approach laud behavioral analytics as the height of fraud detection. Are Swype patterns and indicators of “liveliness” covered by privacy rights? That seems like a philosophical question to me.

Cynthia Murrell, July 23, 2015

Sponsored by, publisher of the CyberOSINT monograph

Another the End of Article with Some Trivial Omissions

July 19, 2015

Far be it from me to find fault with an economics essay published by the British open source, online hip newspaper The Guardian. I want to point you at “The End of Capitalism Has Begun.” Like Francis Fukuyama’s end of book, the end seems to be unwilling to arrive. Note: if you find that the article has disappeared online, you may have to sign up to access the nuggets generated by The Guardian. Another alternative, which is pretty tough in rural Kentucky, is to visit your local convenience store and purchase a dead tree edition. Do not complain to me about a dead link, which in this blog are little tombstones marking online failures.

There is some rugby and polo club references in the article. The one that I circled was the reference to Karl Marx’s “The Fragment on Machines” from his thriller  The Grundrisse, which connoted to me “floor plans.” But, my German like my math skills are not what they used to be. Anyway, who am I kidding. I know you have read that document. If not, you can get a sniff at this link.

According to the Guardian, the point of the fragment is:

he [Marx] had imagined something close to the information economy in which we live. And, he wrote, its existence would “blow capitalism sky high.

The end of capitalism?

Another interesting item in the essay is the vision of the future. At my age, I do not worry too much about the future beyond waking each morning and recognizing my surroundings. The Guardian worries about 20175. Here’s the passage I highlighted:

I don’t mean this as a way to avoid the question: the general economic parameters of a post capitalist society by, for example, the year 2075, can be outlined. But if such a society is structured around human liberation, not economics, unpredictable things will begin to shape it.

Why raise the issue?

Now to the omission. I know this is almost as irrelevant as the emergence of a monitored environment. What about the growing IS/ISIS/Daesh movement? The Greek matter is interesting to me because if the state keeps on trucking down the interstate highway its has been following, the trucks will be loaded with folks eager to take advantage of the beach front property and nice views Greece affords.

I noted a number of other points away from which the essay steered its speeding Russian Zil. How does one find information in the end of world?

I think about information access more than I ponder the differences between Horatio in Hamlet and Daniel Doyce in Little Dorrit. To get up to speed on Daniel Doyce, check out this link.

Like Fukuyama’s social analysis, this end of may point to speaking engagements and consulting work. The hope is that the author may want these to be never-ending. Forget the information access and the implications and impacts of IS/ISIS/Daesh.

Let’s hope online search works unless it is now the end of that too.

Stephen E Arnold, July 19, 2015

dtSearch and Encrypted PDFs

July 18, 2015

Short honk: The Little Engine That Could information access system is dtSearch. Long a fave with Microsoft centric folks looking for an alternative for keyword search, dtSearch has added some oomph. “New dtSearch Release Enhances Support for Encrypted PDFs.” According to the write up:

The release expands these document filters to directly support a broader range of encrypted PDFs, covering PDF files encrypted with an owner password up to 128-bit RC4 and 128-bit and 256-bit AES.

For more information about what can be processed, navigate to

Stephen E Arnold, July 18, 2015

Search the Snowden Documents

July 16, 2015

This cat has long since forgotten what the inside of the bag looked like. Have you perused the documents that were released by Edward Snowden, beginning in 2013? A website simply titled “Snowden Doc Search” will let you do just that through a user-friendly search system. The project’s Description page states:

“The search is based upon the most complete archive of Snowden documents to date. It is meant to encourage users to explore the documents through its extensive filtering capabilities. While users are able to search specifically by title, description, document, document date, and release date, categories also allow filtering by agency, codeword, document topic, countries mentioned, SIGADS, classification, and countries shared with. Results contain not only full document text, pdf, and description, but also links to relevant articles and basic document data, such as codewords used and countries mentioned within the document.”

The result of teamwork between the Courage Foundation and Transparency Toolkit, the searchable site is built upon the document/ news story archive maintained by the Edward Snowden Defense Fund. The sites Description page also supplies links to the raw dataset and to Transparency Toolkit’s Github page, for anyone who would care to take a look. Just remember, “going incognito doesn’t hide your browsing from your employer, your internet service provider, or the websites you visit.” (Chrome)

Cynthia Murrell, July 16 , 2015

Sponsored by, publisher of the CyberOSINT monograph

How Not to Drive Users Away from a Website

July 15, 2015

Writer and web psychologist Liraz Margalit at the Next Web has some important advice for websites in “The Psychology Behind Web Browsing.” Apparently, paying attention to human behavioral tendencies can help webmasters avoid certain pitfalls that could damage their brands. Imagine that!

The article cites a problem an unspecified news site encountered when it tried to build interest in its videos by making them play automatically when a user navigated to their homepage. I suspect I know who they’re talking about, and I recall thinking at the time, “how rude!” I thought it was just because I didn’t want to be chastised by people near me for suddenly blaring a news video. According to Margalit, though, my problem goes much deeper: It’s an issue of control rooted in pre-history. She writes:

“The first humans had to be constantly on alert for changes in their environment, because unexpected sounds or sights meant only one thing: danger. When we click on a website hoping to read an article and instead are confronted with a loud, bright video, the automatic response is not so different from that our prehistoric ancestors, walking in the forest and stumbling upon a bear or a saber-toothed hyena.”

This need for safety has morphed into a need for control; we do not like to be startled or lost. When browsing the Web, we want to encounter what we expect to encounter (perhaps not in terms of content, but certainly in terms of format.) The name for this is the “expectation factor,” and an abrupt assault on the senses is not the only pitfall to be avoided. Getting lost in an endless scroll can also be disturbing; that’s why those floating menus, that follow you as you move down the page, were invented. Margalit  notes:

“Visitors like to think they are in charge of their actions. When a video plays without visitors initiating any interaction, they feel the opposite. If a visitor feels that a website is trying to ‘sell’ them something, or push them into viewing certain content without permission, they will resist by trying to take back the interaction and intentionally avoid that content.”

And that, of course, is the opposite of what websites want, so giving users the control they expect is a smart business move. Besides, it’s only polite to ask before engaging a visitor’s Adobe Flash or, especially, speakers.

Cynthia Murrell, July 15, 2015

Sponsored by, publisher of the CyberOSINT monograph

The Skin Search

July 15, 2015

We reported on how billboards in Russia were getting smarter by using facial recognition software to hide ads advertising illegal products when they recognized police walking by.  Now the US government might be working on technology that can identify patterns on tattoos, reports Quartz in, “The US Government Wants Software That Can Detect And Interpret Your Tattoos.”

The Department of Justice, Department of Defense, and the FBI sponsored a competition that the National Institute of Standards and Technology (NIST) recently held on June 8 to research ways to identify ink:

“The six teams that entered the competition—from universities, government entities, and consulting firms—had to develop an algorithm that would be able to detect whether an image had a tattoo in it, compare similarities in multiple tattoos, and compare sketches with photographs of tattoos. Some of the things the National Institute of Standards and Technology (NIST), the competition’s organizers, were looking to interpret in images of tattoos include swastikas, snakes, drags, guns, unicorns, knights, and witches.”

The idea is to use visual technology to track tattoos among crime suspects and relational patterns. Vision technology, however, is still being perfected.  Companies like Google and major universities are researching ways to make headway in the technology.

While the visual technology can be used to track suspected criminals, it can also be used for other purposes.  One implication is responding to accidents as they happen instead of recording them.  Tattoo recognition is the perfect place to start given the inked variety available and correlation to gangs and crime.  The question remains, what will they call the new technology, skin search?

Whitney Grace, July 15, 2015

Sponsored by, publisher of the CyberOSINT monograph

CSC Attracts Buyer And Fraud Penalties

July 1, 2015

According to the Reuters article “Exclusive: CACI, Booz Allen, Leidos Eyes CSC’s Government Unit-Sources,” CACI International, Leidos Holdings, and Booz Allen Hamilton Holdings

have expressed interest in Computer Sciences Corp’s public sector division.  There are not a lot of details about the possible transaction as it is still in the early stages, so everything is still hush-hush.

The possible acquisition came after the news that CSC will split into two divisions: one that serves US public sector clients and the other dedicated to global commercial and non-government clients.  CSC has an estimated $4.1 billion in revenues and worth $9.6 billion, but CACI International, Leidos Holdings, and Booz Allen Hamilton might reconsider the sale or getting the price lowered after hearing this news: “Computer Sciences (CSC) To Pay $190M Penalty; SEC Charges Company And Former Executives With Accounting Fraud” from Street Insider.  The Securities and Exchange Commission are charging CSC and former executives with a $190 million penalty for hiding financial information and problems resulting from the contract they had with their biggest client.  CSC and the executives, of course, are contesting the charges.

“The SEC alleges that CSC’s accounting and disclosure fraud began after the company learned it would lose money on the NHS contract because it was unable to meet certain deadlines. To avoid the large hit to its earnings that CSC was required to record, Sutcliffe allegedly added items to CSC’s accounting models that artificially increased its profits but had no basis in reality. CSC, with Laphen’s approval, then continued to avoid the financial impact of its delays by basing its models on contract amendments it was proposing to the NHS rather than the actual contract. In reality, NHS officials repeatedly rejected CSC’s requests that the NHS pay the company higher prices for less work. By basing its models on the flailing proposals, CSC artificially avoided recording significant reductions in its earnings in 2010 and 2011.”

Oh boy!  Is it a wise decision to buy a company that has a history of stealing money and hiding information?  If the company’s root products and services are decent, the buyers might get it for a cheap price and recondition the company.  Or it could lead to another disaster like HP and Autonomy.

Whitney Grace, July 1, 2015

Sponsored by, publisher of the CyberOSINT monograph

Matchlight Lights Up Stolen Data

June 26, 2015

It is a common gimmick on crime shows for the computer expert to be able to locate information, often stolen data, by using a few clever hacking tricks.  In reality it is not that easy and quick to find stolen data, but eWeek posted an article about a new intelligence platform that might be able to do the trick: “Terbium Labs Launches Matchlight Data Intelligence Platform.”  Terbium Labs’ Matchlight is able to recover stolen data as soon as it is released on the Dark Web.

How it works is simply remarkable.  Matchlight attaches digital fingerprints to a company’s files, down to the smallest byte.  Data recovered on the Dark Web can then be matched to the Terbium Labs’s database.  Matchlight is available under a SaaS model.  Another option they have for clients is a one-way fingerprinting feature that keeps a company’s data private from Terbium Labs.  They would only have access to the digital fingerprints in order to track the data.  Matchlight can also be integrated into already existing SharePoint or other document management systems.  The entire approach to Matchlight is taking a protective stance towards data, rather than a defensive.

“We see the market shifting toward a risk management approach to information security,” [Danny Rogers, CEO and co-founder of Terbium} said. “Previously, information security was focused on IT and defensive technologies. These days, the most innovative companies are no longer asking if a data breach is going to happen, but when. In fact, the most innovative companies are asking what has already happened that they might not know about. This is where Matchlight provides a unique solution.”

Across the board, data breaches are becoming common and Matchlight offers an automated way to proactively protect data.  While the digital fingerprinting helps track down stolen data, does Terbium Labs have a way to prevent it from being stolen at all?

Whitney Grace, June 26, 2015

Sponsored by, publisher of the CyberOSINT monograph

Chrome Restricts Extensions amid Security Threats

June 22, 2015

Despite efforts to maintain an open Internet, malware seems to be pushing online explorers into walled gardens, akin the old AOL setup. The trend is illustrated by a story at PandoDaily, “Security Trumps Ideology as Google Closes Off its Chrome Platform.” Beginning this July, Chrome users will only be able to download extensions for that browser  from the official Chrome Web Store. This change is on the heels of one made in March—apps submitted to Google’s Play Store must now pass a review. Extreme measures to combat an extreme problem with malicious software.

The company tried a middle-ground approach last year, when they imposed the our-store-only policy on all users except those using Chrome’s development build. The makers of malware, though, are adaptable creatures; they found a way to force users into the development channel, then slip in their pernicious extensions. Writer Nathanieo Mott welcomes the changes, given the realities:

“It’s hard to convince people that they should use open platforms that leave them vulnerable to attack. There are good reasons to support those platforms—like limiting the influence tech companies have on the world’s information and avoiding government backdoors—but those pale in comparison to everyday security concerns. Google seems to have realized this. The chaos of openness has been replaced by the order of closed-off systems, not because the company has abandoned its ideals, but because protecting consumers is more important than ideology.”

Better safe than sorry? Perhaps.

Cynthia Murrell, June 22, 2015

Sponsored by, publisher of the CyberOSINT monograph

Cloud Search: Are Data Secure?

June 19, 2015

I have seen a flurry of news announcements about Coveo’s cloud based enterprise search. You can review a representative example by reading “Coveo Lassos the Cloud for Enterprise Search.” Coveo is also aware of the questions about security. See “How Does Coveo Secure Your Data and Services.”

With Coveo’s me-too cloud service, I thought about other vendors which offer cloud-based solutions. The most robust based on our tests is Blossom Search. The company was founded by Dr. Alan Feuer, a former Bell Labs’ wizard. When my team was active in government work, we used the Blossom system to index a Federal law enforcement agency’s content shortly after Blossom opened for business in 1999. As government procurements unfold, Blossom was nosed out by an established government contractor, but the experience made clear:

  1. Blossom’s indexing method delivered near real time updates
  2. Creating and building an initial index was four times faster than the reference system against which we test Dr. Feuer’s solution. (The two reference systems were Fast Search & Transfer and Verity.)
  3. The Blossom security method conformed to the US government guidelines in effect at the time we did the work.

I read “Billions of Records at Risk from Mobile App Data Flow.” With search shifting from the desktop to other types of computing devices, I formulated several questions:

  1. Are vendors deploying search on clouds similar to Amazon’s system and method ensuring the security of their customers’ data? Open source vendors like resellers of Elastic and proprietary vendors like MarkLogic are likely to be giving some additional thought to the security of their customers’ data.
  2. Are licensees of cloud based search systems performing security reviews as we did when we implemented the Blossom search system? I am not sure if the responsibility for this security review rests with the vendor, the licensee, or a third party contracted to perform the work.
  3. How secure are hybrid systems; that is, an enterprise search or content processing system which pulls, processes, and stores customer data across disparate systems? Google, based on my experience, does a good job of handling search security for the Google Search Appliance and for Site Search. Other vendors may be taking similar steps, but the information is not presented with basic marketing information.

My view is that certain types of enterprise search may benefit from a cloud based solution. There will be other situations in which the licensee has a contractual or regulatory obligation to maintain indexes and content in systems which minimize the likelihood that alarmist headlines like “Billions of Records at Risk from Mobile App Data Flow.”

Security is the search industry’s industry of a topic which is moving up to number one with a “bullet.”

Stephen E Arnold, June 19, 2015

Next Page »