CyberOSINT banner

CSC Attracts Buyer And Fraud Penalties

July 1, 2015

According to the Reuters article “Exclusive: CACI, Booz Allen, Leidos Eyes CSC’s Government Unit-Sources,” CACI International, Leidos Holdings, and Booz Allen Hamilton Holdings

have expressed interest in Computer Sciences Corp’s public sector division.  There are not a lot of details about the possible transaction as it is still in the early stages, so everything is still hush-hush.

The possible acquisition came after the news that CSC will split into two divisions: one that serves US public sector clients and the other dedicated to global commercial and non-government clients.  CSC has an estimated $4.1 billion in revenues and worth $9.6 billion, but CACI International, Leidos Holdings, and Booz Allen Hamilton might reconsider the sale or getting the price lowered after hearing this news: “Computer Sciences (CSC) To Pay $190M Penalty; SEC Charges Company And Former Executives With Accounting Fraud” from Street Insider.  The Securities and Exchange Commission are charging CSC and former executives with a $190 million penalty for hiding financial information and problems resulting from the contract they had with their biggest client.  CSC and the executives, of course, are contesting the charges.

“The SEC alleges that CSC’s accounting and disclosure fraud began after the company learned it would lose money on the NHS contract because it was unable to meet certain deadlines. To avoid the large hit to its earnings that CSC was required to record, Sutcliffe allegedly added items to CSC’s accounting models that artificially increased its profits but had no basis in reality. CSC, with Laphen’s approval, then continued to avoid the financial impact of its delays by basing its models on contract amendments it was proposing to the NHS rather than the actual contract. In reality, NHS officials repeatedly rejected CSC’s requests that the NHS pay the company higher prices for less work. By basing its models on the flailing proposals, CSC artificially avoided recording significant reductions in its earnings in 2010 and 2011.”

Oh boy!  Is it a wise decision to buy a company that has a history of stealing money and hiding information?  If the company’s root products and services are decent, the buyers might get it for a cheap price and recondition the company.  Or it could lead to another disaster like HP and Autonomy.

Whitney Grace, July 1, 2015

Sponsored by, publisher of the CyberOSINT monograph

Matchlight Lights Up Stolen Data

June 26, 2015

It is a common gimmick on crime shows for the computer expert to be able to locate information, often stolen data, by using a few clever hacking tricks.  In reality it is not that easy and quick to find stolen data, but eWeek posted an article about a new intelligence platform that might be able to do the trick: “Terbium Labs Launches Matchlight Data Intelligence Platform.”  Terbium Labs’ Matchlight is able to recover stolen data as soon as it is released on the Dark Web.

How it works is simply remarkable.  Matchlight attaches digital fingerprints to a company’s files, down to the smallest byte.  Data recovered on the Dark Web can then be matched to the Terbium Labs’s database.  Matchlight is available under a SaaS model.  Another option they have for clients is a one-way fingerprinting feature that keeps a company’s data private from Terbium Labs.  They would only have access to the digital fingerprints in order to track the data.  Matchlight can also be integrated into already existing SharePoint or other document management systems.  The entire approach to Matchlight is taking a protective stance towards data, rather than a defensive.

“We see the market shifting toward a risk management approach to information security,” [Danny Rogers, CEO and co-founder of Terbium} said. “Previously, information security was focused on IT and defensive technologies. These days, the most innovative companies are no longer asking if a data breach is going to happen, but when. In fact, the most innovative companies are asking what has already happened that they might not know about. This is where Matchlight provides a unique solution.”

Across the board, data breaches are becoming common and Matchlight offers an automated way to proactively protect data.  While the digital fingerprinting helps track down stolen data, does Terbium Labs have a way to prevent it from being stolen at all?

Whitney Grace, June 26, 2015

Sponsored by, publisher of the CyberOSINT monograph

Chrome Restricts Extensions amid Security Threats

June 22, 2015

Despite efforts to maintain an open Internet, malware seems to be pushing online explorers into walled gardens, akin the old AOL setup. The trend is illustrated by a story at PandoDaily, “Security Trumps Ideology as Google Closes Off its Chrome Platform.” Beginning this July, Chrome users will only be able to download extensions for that browser  from the official Chrome Web Store. This change is on the heels of one made in March—apps submitted to Google’s Play Store must now pass a review. Extreme measures to combat an extreme problem with malicious software.

The company tried a middle-ground approach last year, when they imposed the our-store-only policy on all users except those using Chrome’s development build. The makers of malware, though, are adaptable creatures; they found a way to force users into the development channel, then slip in their pernicious extensions. Writer Nathanieo Mott welcomes the changes, given the realities:

“It’s hard to convince people that they should use open platforms that leave them vulnerable to attack. There are good reasons to support those platforms—like limiting the influence tech companies have on the world’s information and avoiding government backdoors—but those pale in comparison to everyday security concerns. Google seems to have realized this. The chaos of openness has been replaced by the order of closed-off systems, not because the company has abandoned its ideals, but because protecting consumers is more important than ideology.”

Better safe than sorry? Perhaps.

Cynthia Murrell, June 22, 2015

Sponsored by, publisher of the CyberOSINT monograph

Cloud Search: Are Data Secure?

June 19, 2015

I have seen a flurry of news announcements about Coveo’s cloud based enterprise search. You can review a representative example by reading “Coveo Lassos the Cloud for Enterprise Search.” Coveo is also aware of the questions about security. See “How Does Coveo Secure Your Data and Services.”

With Coveo’s me-too cloud service, I thought about other vendors which offer cloud-based solutions. The most robust based on our tests is Blossom Search. The company was founded by Dr. Alan Feuer, a former Bell Labs’ wizard. When my team was active in government work, we used the Blossom system to index a Federal law enforcement agency’s content shortly after Blossom opened for business in 1999. As government procurements unfold, Blossom was nosed out by an established government contractor, but the experience made clear:

  1. Blossom’s indexing method delivered near real time updates
  2. Creating and building an initial index was four times faster than the reference system against which we test Dr. Feuer’s solution. (The two reference systems were Fast Search & Transfer and Verity.)
  3. The Blossom security method conformed to the US government guidelines in effect at the time we did the work.

I read “Billions of Records at Risk from Mobile App Data Flow.” With search shifting from the desktop to other types of computing devices, I formulated several questions:

  1. Are vendors deploying search on clouds similar to Amazon’s system and method ensuring the security of their customers’ data? Open source vendors like resellers of Elastic and proprietary vendors like MarkLogic are likely to be giving some additional thought to the security of their customers’ data.
  2. Are licensees of cloud based search systems performing security reviews as we did when we implemented the Blossom search system? I am not sure if the responsibility for this security review rests with the vendor, the licensee, or a third party contracted to perform the work.
  3. How secure are hybrid systems; that is, an enterprise search or content processing system which pulls, processes, and stores customer data across disparate systems? Google, based on my experience, does a good job of handling search security for the Google Search Appliance and for Site Search. Other vendors may be taking similar steps, but the information is not presented with basic marketing information.

My view is that certain types of enterprise search may benefit from a cloud based solution. There will be other situations in which the licensee has a contractual or regulatory obligation to maintain indexes and content in systems which minimize the likelihood that alarmist headlines like “Billions of Records at Risk from Mobile App Data Flow.”

Security is the search industry’s industry of a topic which is moving up to number one with a “bullet.”

Stephen E Arnold, June 19, 2015

Latest Version of DataStax Enterprise Now Available

June 19, 2015

A post over at the SD Times informs us, “DataStax Enterprise 4.7 Released.” Enterprise is DataStax’s platform that helps organizations manage Apache Cassandra databases. Writer Rob Marvin tells us:

“DataStax Enterprise (DSE) 4.7 includes a production-certified version of Cassandra 2.1, and it adds enhanced enterprise search, analytics, security, in-memory, and database monitoring capabilities. These include a new certified version of Apache Solr and Live Indexing, a new DSE feature that makes data immediately available for search by leveraging Cassandra’s native ability to run across multiple data centers. …

“DSE 4.7 also adds enhancements to security and encryption through integration with the DataStax OpsCenter 5.2 visual-management and monitoring console. Using OpsCenter, developers can store encryption keys on servers outside the DSE cluster and use the Lightweight Directory Access Protocol to manage admin security.”

Four main features/ updates are listed in the write-up: extended search analytics, intelligent query routing, fault-tolerant search operations, and upgraded analytics functionality. See the article for details on each of these improvements.

Founded in 2010, DataStax is headquartered in San Mateo, California. Clients for their Cassandra-management software (and related training and professional services) range from young startups to Fortune 100 companies.

Cynthia Murrell, June 19, 2015

Sponsored by, publisher of the CyberOSINT monograph

NSA Blanket Data Collection Preventing Accurate Surveillance

June 4, 2015

The article on ZDNet titled NSA Is So Overwhelmed with Data, It’s No Longer Effective, Says Whistleblower examines the concept of “bulk data failure” by the NSA and other agencies. William Binney, a whistleblower who has been out of the NSA for over a decade, says that the sheer amount of data the NSA collects leads to oversights and ineffective surveillance. The article states,

“Binney said he estimated that a “maximum” of 72 companies were participating in the bulk records collection program — including Verizon, but said it was a drop in the ocean. He also called PRISM, the clandestine surveillance program that grabs data from nine named Silicon Valley giants, including Apple, Google, Facebook, and Microsoft, just a “minor part” of the data collection process. “The Upstream program is where the vast bulk of the information was being collected,” said Binney.”

It appears that big data presents challenges even when storage, servers, and money are available. Binney blames the data overload for bungles that have led to the Boston bombing and Paris shooting. He believes the NSA had the information needed to prevent the attacks, but couldn’t see the trees for the forest. Smart data collection, rather than mass data collection, is his suggestion to fix this information overload.

Chelsea Kerwin, June 4, 2014

Sponsored by, publisher of the CyberOSINT monograph

Prepare To Update Your Cassandra

June 2, 2015

It is time for an update to Apache’s headlining, open source, enterprise search software!  The San Diego Times let us know that “DataStax Enterprise 4.7 Released” and it has a slew of updates set to make open source search enthusiasts drool.   DataStax is a company that built itself around the open source Apache Cassandra software.  The company specializes in enterprise applications for search and analytics.

The newest release of DataStax Enterprise 4.7 includes several updates to improve a user’s enterprise experience:

“…includes a production-certified version of Cassandra 2.1, and it adds enhanced enterprise search, analytics, security, in-memory, and database monitoring capabilities. These include a new certified version of Apache Solr and Live Indexing, a new DSE feature that makes data immediately available for search by leveraging Cassandra’s native ability to run across multiple data centers.”

The update also includes DataStax’s OpCenter 5.2 for enhanced security and encryption.  It can be used to store encryption keys on servers and to manage admin security.

The enhanced search capabilities are the real bragging points: fault-tolerant search operations-used to customize failed search responses, intelligent search query routing-queries are routed to the fastest machines in a cluster for the quickest response times, and extended search analytics-using Solr search syntax and Apache Spark research and analytics tasks can run simultaneously.

DataStax Enterprise 4.7 improves enterprise search applications.  It will probably pull in users trying to improve their big data plans.  Has DataStax considered how its enterprise platform could be used for the cloud or on mobile computing?

Whitney Grace, June 2, 2015

Sponsored by, publisher of the CyberOSINT monograph

Russian High Tech Propaganda

June 1, 2015

The Soviet Union was known for its propaganda, and Russia under Vladimir Putin seems to have brought the art into the digital age. The Guardian gives us the inside scoop in, “Salutin’ Putin: Inside a Russian Troll House.” Journalists spoke to two writers who were formerly among the hundreds working at the nondescript headquarters of Russia’s “troll army” in St Petersburg. There, writers are tasked with lauding Putin and lambasting the evils of the West in posts and comment sections on a wide variety of websites. Though the organization cannot be directly tied to the Kremlin, it’s reported the entity does not pay any taxes and does not register its employees. It does, however, seem to have grown heartily in the two years since Russia went (back) into the Ukraine.

It is said that working conditions at the “troll house” involve 12-hour shifts, a dreary environment, strict rules, and low pay, though that sounds no different from conditions in many jobs around the world. Workers describe writing a certain number of “ordinary posts” about things like music, travel, or dating advice; writers are  responsible for coming up with those topics themselves. Interspersed with such bland content, however, they write pieces asserting political perspectives assigned to them each morning. Editors check carefully to make sure the stories are on point.

I’d recommend reading through the whole article, but this is the section that struck me most:

“‘I would go home at the end of the day and see all the same news items on the television news. It was obvious that the decisions were coming from somewhere,’ said Marat. Many people have accused Russian television of ramping up propaganda over the past 18 months in its coverage of Ukraine, so much so that the EU even put Dmitry Kiselev, an opinionated television host and director of a major news agency, on its sanctions list.

“After two months of working in the troll agency, Marat began to feel he was losing his sanity, and decided he had to leave. From the snatched conversations over coffee, he noted that the office was split roughly 50/50 between people who genuinely believed in what they were doing, and those who thought it was stupid but wanted the money. Occasionally, he would notice people changing on the job.

“‘Of course, if every day you are feeding on hate, it eats away at your soul. You start really believing in it. You have to be strong to stay clean when you spend your whole day submerged in dirt,’ he said.”

Sounds like some people I know who always have a certain U.S. news channel blasting away in the background. Writer Shaun Walker is unsure whether the site they found in St Petersburg is the only location for this activity, or whether there are other hubs throughout Russia. The effectiveness of such propaganda on Russian citizens, however, seems clear to Russian journalist Andrei Soshnikov (quoted in the article), especially with the older, less tech-savvy set. As disheartening as these revelations are, they should not be surprising.

Cynthia Murrell, June 1, 2015

Sponsored by, publisher of the CyberOSINT monograph



Sinequa and Systran Partner on Cyber Defense

May 20, 2015

Enterprise search firm Sinequa and translation tech outfit Systran are teaming up on security software. “Systran and Sinequa Combine in the Field of Cyber Defense,” announces (The article is in French, but Google Translate is our friend.) The write-up explains:

“Sinequa and Systran have indeed decided to cooperate to develop a solution for detecting and processing of critical information in multiple languages ??and able to provide investigators with a panoramic view of a given subject. On one side Systran provides safe instant translation in over 45 languages, and the other Sinequa provides big data processing platform to analyze, categorize and retrieve relevant information in real time. The integration of the two solutions should thus facilitate the timely processing of structured and unstructured data from heterogeneous sources, internal and external (websites, audio transcripts, social media, etc.) and provide a clear and comprehensive view of a subject for investigators.”

Launched in 2002, Sinequa is a leader in the Enterprise Search field; the company boasts strong business analytics, but also emphasizes user-friendliness. Based in Paris, the firm maintains offices in Frankfurt, London, and New York City. Systran has a long history of providing innovative translation services to defense and security organizations around the world. The company’s headquarters are in Seoul, with other offices located in Daejeon, South Korea; Paris; and San Diego.

Cynthia Murrell, May 20, 2015

Stephen E Arnold, Publisher of CyberOSINT at

Searching Bureaucracy

May 19, 2015

The rise of automatic document conversion could render vast amounts of data collected by government agencies useful. In their article, “Solving the Search Problem for Large-Scale Repositories,” GCN explains why this technology is a game-changer, and offers tips for a smooth conversion. Writer Mike Gross tells us:

“Traditional conversion methods require significant manual effort and are economically unfeasible, especially when agencies are often precluded from using offshore labor. Additionally, government conversion efforts can be restricted by  document security and the number of people that require access.     However, there have been recent advances in the technology that allow for fully automated, secure and scalable document conversion processes that make economically feasible what was considered impractical just a few years ago. In one particular case the cost of the automated process was less than one-tenth of the traditional process. Making content searchable, allowing for content to be reformatted and reorganized as needed, gives agencies tremendous opportunities to automate and improve processes, while at the same time improving workflow and providing previously unavailable metrics.”

The write-up describes several factors that could foil an attempt to implement such a system, and I suggest interested parties check out the whole article. Some examples include security and scalability, of course, as well as specialized format and delivery requirements, and non-textual elements. Gross also lists criteria to look for in a vendor; for instance, assess how well their products play with related software, like scanning and optical character recognition tools, and whether they will be able to keep up with the volumes of data at hand. If government agencies approach these automation advances with care and wisdom, instead of reflexively choosing the lowest bidder, our bureaucracies’ data systems may actually become efficient. (Hey, one can dream.)

Cynthia Murrell, May 19, 2015

Stephen E Arnold, Publisher of CyberOSINT at


Next Page »