Booz Boo Boo: Blue Chip? Maybe Not

June 1, 2017

I read “Booz Allen, NGA Probe Intel Leak.” Let’s assume that the information in the write up is “sort of” accurate. I suggest this because the article invokes the name of “Edward Snowden” and the name of “Hal Martin.” Both of these individuals allegedly behaved with a bit of professional “looseness.”

But the write up does more than remind me that the once highly regarded blue chip management consulting firm has become an example of how not to manage its own employees and contractors.

Too bad. I worked at Booz, Allen & Hamilton when the firm’s reputation was reasonably well regarded. Today I am not so sure I would place the Booz Allen outfit identified in the FCW article in my “I want to work their” Top 10.

The main point of the write up seems to me to be:

Edward Snowden, Hal Martin and now another Booz Allen Hamilton employee could be involved in the leak of sensitive intelligence data — though in the latest case, it appears it could be accidental.

The information, according the FCW, was sensitive. The error was a result of a misconfiguration error.

Nevertheless, a company charged with working within the constraints set forth by the client should have management procedures in place to prevent alleged security issues.

Booz, Allen & Hamilton once kept a low profile. Now the firm finds itself making headlines.

FCW is not the grocery store tabloid-type of “real news” outfit, of course. However, I ask myself, “Management or mismanagement?”

And from an outfit which once provided management consulting services to the world’s leading organizations.

Interesting.

Stephen E Arnold, June 1, 2017

Dark Web Monitoring

May 26, 2017

As criminals have flocked to the Dark Web, the need for companies to protect themselves from hackers has escalated quickly. But are Dark Web Monitoring services worth the price tag, or is this today’s snake oil? Motherboard examines that issue in, “The Booming, and Opaque, Business of Dark Web Monitoring.”

There are two basic approaches to Dark Web Monitoring, explains contributor Joseph Cox. The first relies on algorithms to flag stolen data, while the second sends humans on fishing expeditions to Dark Web forums. Either way, though, the complexity and underground nature of the Dark Web make wild-goose chases inevitable. Cox writes:

Fundamental problems with the very idea of some of these services, such as the issue of verifying information gleaned from forums and marketplaces, means they might be providing an illusion of security, rather than the real thing.

 

There is a lot of misleading or outright fabricated information in the dark web. Often, particular listings or entire sites are scams, and forum chatter can be populated with people just trying to rip each other off. For that reason, it’s not really good enough to just report everything and anything you see to a customer.

Cox consulted with several Dark Web Monitoring vendors, who describe a balancing act—avoid passing along false flags (which cost clients time and money) while ensuring real threats do not slip through their fingers. A “confidence-level” some services include with each report aims to mitigate that uncertainty, but it is an inexact science. Especially since the Dark Web is ever changing.

Cynthia Murrell, May 26, 2017

Your Tax Information Might Be for Sale on Dark Web

May 23, 2017

Theft of personal and sensitive information continues to be a threat for Internet users. Tax information is available for sale for as low as $30 in bulk over Dark Web.

WTMJ-TV published a news report titled Officials Say Thieves Are Stealing Tax Info and Selling It on the Dark Web says:

It may be past tax time, but that doesn’t mean the stress is over. Experts say thieves are stealing W-2 information and selling it on the part of the Internet hidden from search engines known as the dark web.

In this particular instance, the culprit masquerading as a high-level company executive asked the clerk at a company office to mail all W-2 forms. Though the con was discovered immediately, albeit it was too late.

Despite strict IT security policies, data thieves manage to steal sensitive information using a technique called as social engineering. This includes gathering bits and pieces of information from multiple employees and using it together to con someone higher-up for stealing the information. Experts are of the opinion that prevention is the only protection in such cases.

Vishol Ingole, May 23, 2017

Malware Infected USB Sticks on the Loose

May 18, 2017

Oops. We learn from TechRepublic that “IBM Admits it Sent Malware-Infected USB Sticks to Customers.”

The article cites the company’s support Advisory Post announcing the problem, a resource anyone who has received an IBM Storwize V3500, V3700 or V5000 USB drive should check for the models and serial numbers affected. The recommended fix—destroy the drive and, if you’d already inserted it, perform a malware purge on your computer.

Writer Conner Forrest describes:

So, what does the infected drive actually do to a system? ‘When the initialization tool is launched from the USB flash drive, the tool copies itself to a temporary folder on the hard drive of the desktop or laptop during normal operation,’ the IBM post said. Then, a malicious file is copied to a temporary folder called %TMP%\initTool on Windows or /tmp/initTool on Linux or Mac. It is important to note that, while the file is copied onto a machine, it isn’t actually executed during the initialization process, the post also said. As reported by ZDNet’s Danny Palmer, the malware was listed by Kaspersky lab as a member of the Reconyc Trojan malware family, which is primarily used in Russia and India.

It might be understandable if this were the first time this had happened, but IBM also unwittingly distributed infected USB drives back in 2010, at the AusCERT conference in Australia. Let us hope there is not a third time; customers rightly expect more vigilance from such a prominent company.

Cynthia Murrell, May 18, 2017

Salesforce Einstein and Enterprise AI

May 5, 2017

One customer-relationship-management (CRM) firm is determined to leverage the power of natural language processing within its clients’ organizations. VentureBeat examines “What Salesforce Einstein Teaches Us About Enterprise AI.” The company positions its AI tool as a layer within its “Clouds” that brings the AI magic to CRM. They vow that the some-odd 150,000 existing Salesforce customers can deploy Einstein quickly and easily.

Salesforce has invested much in the project, having snapped up RelatelQ for $390 million, BeyondCore for $110 million, Predicition IO for $58 million, and MetaMind for an undisclosed sum. Competition is fierce in this area, but the company is very pleased with the results so far. Writer Mariya Yao cites Salesforce chief scientist Richard Socher as she examines:

The Salesforce AI Research team is innovating on a ‘joint many-task’ learning approach that leverages transfer learning, where a neural network applies knowledge of one domain to other domains. In theory, understanding linguistic morphology should also accelerate understanding of semantics and syntax.

In practice, Socher and his deep learning research team have been able to achieve state-of-the-art results on academic benchmark tests for main entity recognition (identifying key objects, locations, and persons) and semantic similarity (identifying words and phrases that are synonyms). Their approach can solve five NLP tasks — chunking, dependency parsing, semantic relatedness, textual entailment, and part of speech tagging — and also builds in a character model to handle incomplete, misspelled, or unknown words.

Socher believes that AI researchers will achieve transfer learning capabilities in more comprehensive ways in 2017 and that speech recognition will be embedded in many more aspects of our lives. ‘Right now, consumers are used to asking Siri about the weather tomorrow, but we want to enable people to ask natural questions about their own unique data.’

That would indeed be helpful. The article goes on to discuss the potentials for NLP in the enterprise and emphasizes the great challenge of implementing solutions into a company’s workflow. See the article for more discussion. Based in San Francisco, Salesforce was launched in 1999 by a former Oracle executive.

Cynthia Murrell, May 5, 2017

Can Digital Shadows Meet the Award Hype for Their Cyber Defense Product

April 28, 2017

The article on Zawya titled Digital Shadows Continues to Make Waves with Two Prestigious Award Wins positions Digital Shadows as the juggernaut of the risk management market with its product SearchLight sweeping up honors left and right from Cyber Defense Magazine, Momentum Partners, and the 2016 SINET awards. Each accolade cites Digital Shadows cutting edge technology and strategy. What makes the company so innovative?

Digital Shadows monitors for digital risks beyond the boundary of an organization, identifying cyber threats, data leakage and reputational risk. It then notifies clients of data leaks online; hacktivists’ or cybercriminals’ plans to target the organization; employees or suppliers putting themselves and their company at risk; along with criminals selling company information and data on the surface and dark web.

Beyond this, the alerts themselves are verified and rated in urgency by a team of analysts who also advise the organization on how to proceed for customized threat intelligence. Alastair Paterson, CEO and Co-Founder, calls the process a “marriage” between the technology and the human team. Digital Shadows has seen monumental growth in the triple digits for the past three years including opening new offices in Dallas, San Francisco, and London and building an employee base of over 100 people.

Chelsea Kerwin, April 28, 2017

SirionLabs Plants New United States Headquarters in California

April 27, 2017

The article on TechCrunch titled SirionLabs Establishes US Foothold to Scale Its NLP Contract Management Software frames the rapid growth and expansion of the enterprise vendor management software provider founded in 2012. SirionLabs was founded by CEO Ajay Agrawal, who recognized the large cost of supplier relationship management built into a contract’s value and decided to start a company focused on automating the process, but only partially. The article explains,

The establishment of a U.S. presence represents a strategic shift in the company’s growth plans…While the startup has had offices in the U.K., Germany, Denmark and Singapore, it has been slow to establish a permanent U.S. team…Sirion, the company’s platform, is currently used by companies like BP and Vestas to manage service providers and augment humans that traditionally manage vendor relationships. The startup expects to use natural language processing to analyze more than $8 billion in total contract value over the next year.

In order to mitigate the risk of the enormous number of potential discrepancies in a given contract, Sirion compels both parties to be accountable by agreeing on the outcome. That addendum hasn’t scared off BP, or Seal Software clients such as Deloitte, HP, Experian, and SalesForce.

Chelsea Kerwin, April 27, 2017

UK Big Brother Invades More Privacy

April 18, 2017

The United Kingdom has been compared to George Orwell’s 1984 dystopia before, especially in the last two decades with their increasing amount of surveillance technology.  Once more UK citizens face privacy invasion reports the Guardian in “UK Public Faces Mass Invasion Of Privacy As Big Data And Surveillance Merge.”  The UK’s Surveillance Camera Commissioner Tony Porter expressed his worry that government regulators were unable to keep up with technological advances.

Big data combined with video surveillance, facial recognition technology, and the profuse use of more cameras is making it harder to protect individuals’ privacy.  People are being recorded 24/7 and often without their knowledge.  Another worry is that police are not being vigilant with private information.  One example is that license plate information has not been deleted after the two-year limit.

Porter wants changes to be made in policies and wants people to be aware of the dangers:

Porter’s new strategy, published on Tuesday, points out that an overwhelming majority of people currently support the use of CCTV in public places. But he questions whether this support can continue because of the way surveillance is changing.

 

‘I’m worried about overt surveillance becoming much more invasive because it is linked to everything else,’ Porter said. ‘You might have a video photograph of somebody shopping in Tesco. Now it is possible to link that person to their pre-movements, their mobile phone records, any sensor detectors within their house or locality. As smart cities move forward, these are challenges are so much greater for people like myself. And members of the public need to decide whether they are still happy with this.’

Porter admitted that advanced surveillance technology had allowed law enforcement to arrest terrorists and track down missing people, but it still can lead to worse privacy invasions.  Porter hopes is new three-year strategy will inform authorities about how technology will impact privacy.

The good thing about surveillance technology is how it can track down bad guys, but it can be harmful to innocent citizens.  The BBC should run some PSAs about video surveillance and privacy to keep their citizens informed.  I suggest they do not make them as scary as this one about electricity.

Whitney Grace, April 18, 2017

Whose Message Is It Anyway?

April 11, 2017

Instant messaging service provider WhatsApp is in a quandary. While privacy of its users is of utmost importance to them, where do they draw the line if it’s a question of national security?

In an editorial published in The Telegraph titled WhatsApp Accused of Giving Terrorists ‘a Secret Place to Hide’ as It Refuses to Hand over London Attacker’s Messages, the writer says:“The Government was considering legislation to force online firms to take down extremist material, but said it was time for the companies to “recognise that they have a responsibility” to get their own house in order.

Apps like WhatsApp offer end-to-end encryption for messages sent using its network. This makes it impossible (?) for anyone to intercept and read them, even technicians at WhatsApp. On numerous occasions, WhatsApp, owned by Facebook, has come under fire for protecting its user privacy. In this particular incident, the London attacker Ajao used WhatsApp to send message to someone. While Soctland Yard wants access to the messages sent by the terrorist, WhatsApp says its hands are tied.

The editorial also says that social media networks are no more tech companies, rather they are turning into publishing companies thus the onus is on them to ensure the radical materials are also removed from their networks. Who ultimately will win the battle remains to be seen, but right now, WhatsApp seems to have the edge.

Vishal Ingole, April 11, 2017

Whither the Tech Industry Under Trump Administration?

March 30, 2017

The Silicon-Valley-based tech industry has done quite well under the Obama administration, we’re reminded in the Hill’s article, “Tech’s Power Shifts as Obama fades to Trump.” Lobbying efforts by internet companies have escalated over the past eight years, catching up to the traditional telecommunications industry. Writers Ali Breland and David McCabe quote a mysterious source:

‘Everybody is amazed by Google’s sort of cozy relationship with the White House,’ said one communications industry insider who asked to remain anonymous. ‘They don’t even try to hide it.’

Ah, dear Google. What now?

The writers cite Noah Theran, of the Internet Association—a group that represents Google, Twitter, and Amazon—as they emphasize the importance of working closely with government. If policy makers don’t understand what is happening in the tech industry, it will be nigh impossible for them to regulate it sensibly.

To complicate matters, apparently, these upstart internet companies have ruffled the feathers of the old-school telecoms, who seem to believe the FCC and Obama administration unfairly favored their new rivals, Google in particular. The article continues:

The tension wasn’t always present. Silicon Valley at one point had famously dismissed Washington, D.C., assessing that it could be the new capital of change in the U.S. That attitude shifted as the tech industry saw a greater need to work with Washington. A touchstone was the Justice Department antitrust suit against Microsoft. After having to appeal an initial order to break into two separate business, Microsoft quickly learned that it needed to have a Washington, D.C. presence if it wanted to preemptively ease regulatory problems later on. …

Trump’s presidency may change how the battles play out for the next four to eight years, however. Trump has had a rockier relationship with some tech companies, including Apple. He at one point during the campaign suggested a boycott of the company’s products over its encrypted phone.

Hoo boy. Hang on to your hats, technology-supporters; this could be a bumpy ride.

Cynthia Murrell, March 30, 2017

Next Page »

  • Archives

  • Recent Posts

  • Meta