Want a Line Up of AI-Fueled Cybersecurity Firms?

March 25, 2020

Artificial intelligence and cybersecurity seem like a natural pairing. Check out a list of firms that think so, too, in Built In’s write-up, “30 Companies Merging AI and Cybersecurity to Keep us Safe and Sound.” Reporter Alyssa Schroer explains:

“By the year 2021, cybercrime losses will cost upwards of $6 trillion annually. It’s no surprise, then, that the cybersecurity industry is exploding as it grows to protect the networks and systems on which companies and organizations operate and store data. Because effective information security requires smarter detection, many cybersecurity companies are upping their game by using artificial intelligence to achieve that goal. A new wave of AI-powered solutions and products keep bad actors on their toes while giving IT teams much needed relief. Here are 30 companies merging artificial intelligence and cybersecurity to make the virtual world safer.”

Navigate to the article for the names of all 30 companies. They include well established firms like Symantec, Darktrace, and Fortinet alongside many less familiar names. Several serve specific industries. Schroer lists the location of each entry and describes how it is applying AI tech to cybersecurity. For example, for Shape Security she writes:

“Shape Security provides software that fights imitation attacks like fake accounts, credential stuffing and credit application fraud for businesses in retail, finance, government, tech and travel. Shape’s machine learning models have been given access to data resembling attackers, enabling the system to learn what human activity looks like against fraud. The company’s solutions, Enterprise Defense and Blackfish, use this AI to identify the differences between real and artificial users and then block, redirect or flag the fraudulent source.”

Hacking tools and procedures have become prolific and incredibly efficient. It makes sense to fight them with well-crafted machine learning solutions. Any organization looking to employ one of these (or similar) firms should do its research and choose a well-designed solution that meets its particular needs.

Cynthia Murrell, March 25, 2020

A Term to Understand: Geofencing

March 25, 2020

DarkCyber has reported in its twice-a-month video news program about companies providing specialized geofencing solutions; for example, our go-to touchstone Geofeedia and others like PredPol. You can find these programs by searching DarkCyber on YouTube or Vimeo.

A news story from a “trusted” source reports “Taiwan’s New Electronic Fence for Quarantines Leads Wave of Virus Monitoring.” The “first” means, DarkCyber assumes, refers to a publicized use of a large-scale geofencing operation applied to numerous citizens.

When you read the story, several questions come to mind which the “trusted” story does not touch upon:

  • What vendors provide the geofencing solution in Taiwan and the other countries mentioned in the write up?
  • What technologies are used in addition to the latitude, longitude, time stamp data generated by mobile devices connected to or pinging a “network”?
  • What additional software systems are used to make sense of the data?
  • How long has the infrastructure in Taiwan and the other countries mentioned been in operation?
  • What was the ramp up time?
  • What was the cost of the system?
  • What other applications does the Taiwan system support at this time? In the near future?
  • Are special data handling and security procedures required?

News is one thing. Event A happened. Factoids without context leave questions unanswered. Does one trust an absence of information? DarkCyber does. Of course. Obviously.

Stephen E Arnold, March 25, 2020

Hacking Team Write Up Contains Dicey Tricks and Possibly Useful Information

March 9, 2020

One of the problems DarkCyber encounters is figuring out what’s true, what’s shaped, and what’s off base. DarkCyber worked its way through a comparatively long write up about specialized service providers called “Cyberwar for Sale.” Be aware that the blog url may return a 404, display questionable links like a plea for the visitor to install wonky Flash or Microsoft support from an unidentified source, or display images some may find disturbing or illegal in some jurisdictions. The write up provides information on a range of subjects which may be of interest to those looking for content about some government activities.

The original article about Hacking Team was written by Mattathias Schwartz. The appeared in “mainstream media.” Examples include the Intercept. The recycling in AllyCanbeg blog flowed in our newsfeed on March 1, 2020.

DarkCyber worked through the Ally Canbeg version possibly modified by Ally Brake. One never knows when the factoids or alleged factoids will be useful. Another point of this write up  is that looking for certain information can present challenges: Spam, scams, etc.

image

This is the Ally Canbeg blog on Blogspot. The story requires an explicit url. Be careful clicking within the story. Ally is wily in DarkCyber’s opinion.  The site requires that the visitor’s ad blocker be disabled. The reason is that money is needed to create the content.

The DarkCyber team has extracted statements and information from the Ally Canbeg blog post. The goal is to make the assertions somewhat easier to follow. The factoids may be true or false, but taken as a whole, DarkCyber finds the write up interesting.

Despite the dicey nature of the blog, DarkCyber spotted a number of statements, possibly accurate, about the activities of Hacking Team, FinFisher, Trovicor, and NICE. Each of these firms is allegedly providing tools to compromise targets’ electronic communications and devices. Keep in mind that the AllyCanbeg blog is characterizing these companies. DarkCyber is summarizing information from the blog.

Let’s run through some of the statements in the blog post which DarkCyber found suggestive. DarkCyber has created some categories and group information in these. The source document is a bit scattered, and it is likely that the Ally Canbeg entity assembled the allegedly accurate information from a number of different sources. DarkCyber concludes that the write up itself is a polemic against Hacking Team, against “authorities” who use tools to act in a manner offensive to Ally Canbeg-type individuals, and the general state of surveillance systems and methods.

The Hacking Team Company
  • Compared with conventional arms, surveillance software is subject to few trade controls. An effort by the US to regulate these types of software and systems under the Wassenaar Arrangement failed. Information about this agreement is available at this link.
  • Hacking Team (founded in 2003) is based in Milan, Italy and has fewer than 50 employees. The founder is David Vincenzetti. Eric Rabe is identified as the company’s spokesperson in the US. Philippe Vinci is a company vice president. Alessandro Scarafile is an engineer with the company.
  • The Hacking Team opened in 2015 a US subsidiary in Reston, Virginia. The idea was to sell the solution to the US military, the Department of Justice, and the Royal Canadian Mounted Police. Metro police departments were identified as prospects; for example, San Bernadino, CA, Washington, DC, New York, NY, Fort Lauderdale, FL, and Orlando, FL.
Government Failings
  • The US government changed the rules of criminal procedure. The idea was to make it easier for federal agents to hack into multiple computers with a single warrant.
  • The Electronic Frontier Foundation says about the Hacking Team technology: “This is much more intrusive than the interception of a phone call. They [presumably the authorities who purchased the Hacking Team solution] are not only listening; they are taking over your laptop.”
Business Practices
  • Hacking Team customers sign contracts agreeing to comply with local laws. Ally Canberg writes, “Leaked documents suggest that employees have sometimes turned a blind eye.”
  • Hacking Team marketed by sending emails to US military and intelligence community members. Government employees were on the list too.
The Hacking Team RCS Solution
  • The company’s espionage tool is call RCS, shorthand for Remote Control System. The cost of the software is allegedly “as little as $200,000 a year.”
  • RCS obtains information at the source before it can be encrypted. The unencrypted data is transferred to the designated capture point.
  • The functions of RCS, once installed using techniques difficult for the target to identify, perform surveillance of text messages, emails, phone and Skype calls, location data.
  • The methods for installing RCS include getting physical access to the device and then placing necessary software on the device. RCS can be installed over a WiFi network. An email containing malware in an attachment lures the target to open the attached file. Network injection may also be an option. Information about network injection can be found at this link. Social engineering can also be used.
  • The Hacking Team was itself hacked in 2015. More than 400 gigabytes of information was made public. The RCS source code is allegedly “now public.”
  • RCS captures images from built in cameras, sound from built in microphones, screenshots, detailed records of applications opened, information about bitcoins transferred, a continuous log of location with latitude and longitude data, address books, calendars, hone calls, Skype calls and passwords, and browser histories.
  • Keyloggers record every key pressed.
  • Data from a target’s device can be displayed on a time line.
  • Data from a compromised device is routed through a series of dedicated servers scattered around  the world.
Licensees
  • The US FBI and the Drug Enforcement Administration have allegedly licensed the software. According to Ally Canbeg, the FBI’s licensing fees have been more than $700,000 paid since 2011.
  • Hacking Team’s software has been licensed to Ecuador, Honduras, Ethiopia, Bahrain, Mexico (the company’s biggest export market), Morocco, Egypt, Singapore (the company’s first non-European customer),and Saudi Arabia, among others.
  • Hacking Team has “a three year relationship” with Russia’s FSB, the equivalent of a national police force. Allegedly the Russian deal as intermediated by Kvant, a Russian entity.
Competitors
  • SS8, a company “backed by Kleiner Perkins Caulfield Byers and the Harris Corporation” compete with the Hacking Team for customers.
Why Specialized Software Is a Big Seller
  • Why vendors of specialized software have gained traction. The write up states: “Geopolitical winds have been blowing in favor of the Hacking Tem and other self described allies of law and order…As George Tenet famously said about pre-September 11 intelligence, blinking red: The imploding Middle East, a restive nuclear armed Russia, battalions of ISIS-trained jihadis roaming around Europe with their encrypted thumb drives and Dark Web expertise. Against this backdrop of ever-increasing danger, concerns about human rights are naive at best.” Hacking Team emails “exploit this sense of danger and alarm.” The theme of the sales and marketing, according to Ally Canbeg is “privacy is secrecy and secrecy is terrorism.”
DarkCyber Observations
  1. Ally Canbeg or Ally Brake present the information in a way likely to lead to unexpected behaviors on the site visitors computer. The blog runs on Blogspot, and DarkCyber thinks that Google, the owner of Blogspot, is not doing a very good job of monitoring code in the blogs on its service.
  2. Hacking Team is an example of a company behaving in a manner inappropriate to individuals with certain sensibilities.
  3. The information appears to be recycled from Mattathias Schwartz.
  4. Mentioning one competitor leaves the impression that a very small number of firms offer similar technology. Numerous firms offer similar capabilities.

Net Net

Wow. Dicey blog. Recycled information. Intent? Questionable.

Stephen E Arnold, March 9, 2020

Cyber Security Marketing: About to Get Much Noisier in 2020

March 4, 2020

Businesses at Risk for Cyber attack but Take Few Precautions” states:

Although businesses are increasingly at risk for cyber attacks on their mobile devices, many aren’t taking steps to protect smartphones and tablets.

Let’s assume this statement is accurate and based on verifiable data.

Given this assumption, what will 2020 mean for the hundreds of vendors selling cyber “early warning” intelligence, smart cyber moats, and tools to prevent phishing emails from snapping confidential information?

The answer is, “More marketing.”

Another possible answer is, “More insight into how some organizations respond to threats like ransomware and loss of data.

Interesting disconnect which does not seem to slow venture firms’ appetites for smart cyber intelligence firms.

If the risk is high, why not take action? Perhaps priorities, cost, and complexity have an impact?

Stephen E Arnold, March 4, 2020

Here Is a Cheery Observation: Everything Is Hackable

March 2, 2020

We noted Vineet Kumar’s observations about security. “From Needle to Airplane, Everything Is Hackable, Says India’s Leading Cybersecurity Guru” includes this statement:

Every industry is hackable today. From the needle to the airplane, everything is hackable today. Smart technology penetration into organizations and even into homes leaves everyone susceptible to hacking.

Is there a fix?

Yep, embrace Mr. Kumar’s Cyber Peace Foundation.

What’s the outfit deliver?

Cyber Peace Foundation is a leading multi-stakeholders initiative and is crowdsourcing cybersecurity needs for civil society. The organization has over 12,000 members and 1,200 volunteers, from different parts of the world. It engages in spreading awareness and promoting technical research and in bringing together the government, industry experts, and academia.

There’s also a conference and a global cyber challenge:

Throwing light on the need for safer cyberspace: There are different ways and means through which your data can be stolen. By just clicking on one link, all your date can be gone and you may not even realize that your data is gone.

If everything is hackable, presumably his conference registration and its other Web forms are security risks. Odd that he did not emphasize the security of his operation, its bug bounty hunters, and it ethical hackers exempt from his glittering generality about “everything.”

Gurus are exempt perhaps?

Stephen E Arnold, March 2, 2020

Clever Teens and a Less Than Clever Instagram

March 1, 2020

Teenagers are young, inexperienced, and do anything for a laugh. Most of their time their antics result in trouble with horrible consequences, but this time the victim is Instagram. Instagram is one of the most popular social media platforms for teenagers and, being a generation who never knew a world without the Internet, they figured out how to hack aka mess with the algorithm. CNET has the story about, “Teens Have Figured Out How To Mess With Instagram’s Tracking Algorithm.”

Teenagers may post their entire lives on social media, but some of them are concerned about social media platforms such as Instagram tracking their data. They especially do not like Instagram tracking them, so they formed a plan. Using groups of trusted friends with access to multiple accounts, teenagers are fooling Instagram. Here is how:

“First, make multiple accounts. You might have an Instagram account dedicated to you and friends, or another just for your hobby. Give access to one of these low-risk accounts to someone you trust.

Then request a password reset, and send the link to that trusted friend who’ll log on from a different device. Password resets don’t end Instagram sessions, so both you and the second person will be able to access the same account at the same time.

Finally, by having someone else post the photo, Instagram grabs metadata from a new, fresh device. Repeat this process with a network of, say, 20 users in 20 different locations with 20 different devices? Now you’re giving Instagram quite the confusing cocktail of data.”

The hilarious part is that while it is not against Instagram’s policies, the parent company Facebook advises against it because of security risks. While it is laughable that Facebook is worried about privacy, when that company and other collect user data to tailor Internet experiences with personalized ads. However, if one person on the Instagram account posted something malicious, the entire group is accountable.

In order to have access to one of these “hacking” accounts, users must follow strict rules. They must only post content that the original users approve, do not accept follow requests or follow others, and any violations results in dismissal from access.

Clever teens. Less clever Instagram and, by extension, the fun folks at Facebook.

Whitney Grace, March 1, 2020

Microsoft: More Excitement from the Outfit Which Ships Wonky Windows 10 Updates

February 24, 2020

China is worrisome, because the country keeps quiet and is quick to cover up anything that projects a negative light. Other facts about China include that it loves foreign money and advanced technology. The technology bit becomes worrisome, especially with a recent report from Tom’s Hardware: “Report: Microsoft Shared Cortana, Skype Recordings In China With Few Protections.” Like every large company, Microsoft wants Chinese dollars, so the company shared recordings from digital assistants to train the speech recognition with contractors. The Guardian reported that Microsoft shared these recordings with China minus security safeguards.

The source came from a former Microsoft contractor who listened to the recordings on his personal laptop. Microsoft apparently emailed URLs, emails, and passwords to contractors to access Cortana and Skype recordings. If they are only recordings used to train speech recognition, why is this alarming? All of China’s Internet traffic is filtered through a government blockade. So all of Microsoft’s Skype and Cortana recordings were inadvertently accessed by the Chinese government. But…

“But it gets worse. The Guardian reported that Microsoft generated the usernames and passwords used to access this system. The usernames were said to follow “a simple schema,” which suggests they would have been fairly easy to guess, and the password was “the same for every employee who joined in any given year.” Contractors were allowed to work from home, too, without direct supervision.”

Some people can figure out how to abuse brilliantly crafted systems, but wonky stuff. Hasta la vista, data. Microsoft released a press release that stated the recordings were fewer than ten words, no one had access to longer conversations, they always observe the highest privacy standards, and they have updated their privacy standards. In other words, Microsoft failed and Chinese contractors outsmarted their system.

Microsoft and other companies working with Chinese contractors and other foreign entities can do better to protect sensitive material. Now about those Windows 10 updates.

Whitney Grace, February 24, 2020

Encrypted Chat: Important but Possibly a Threat to Some Interests

February 18, 2020

Here is some interesting, if blatantly slanted, information. The founder of Telegram Messenger, Pavel Durov, describes the reasons his company’s rival is trouble in the post, “Why Using WhatsApp Is Dangerous.” He writes:

“A few months ago I wrote about a WhatsApp backdoor that allowed hackers to access all data on any phone running WhatsApp [1]. Facebook, its parent company, claimed at the time that they had no proof the flaw had ever been used by attackers [2]. Last week it became clear that this backdoor had been exploited to extract private communications and photos of Jeff Bezos – the richest person on the planet – who unfortunately relied on WhatsApp [3]. Since the attack seemed to originate from a foreign government, it is likely that countless other business and government leaders have been targeted [4]. In my November post, I predicted this would happen [5]. The United Nations now recommends its officials remove WhatsApp from their devices [6], while people close to Donald Trump have been advised to change their phones [7]. Given the gravity of the situation, one would expect Facebook/WhatsApp to apologize and pledge not to plant backdoors in their apps going forward. Instead, they announced that Apple, not WhatsApp, was to blame. Facebook’s vice president claimed that iOS, rather than WhatsApp, had been hacked [8].”

(Yes, those numbers represent footnote citations. See the post for those, and many more, relevant links.)

The post explains why, exactly, the Bezos breach could not have been the fault of iOS. It also explains why WhatsApp’s promise of “end-to-end encryption” is not all it’s cracked up to be. For one thing, users tend to back their chats up to the cloud; we’re reminded, as an example, that the FBI got Apple to relinquish plans to encrypt its iCloud. Then there are the backdoors—enforcement agencies pressure app developers to secretly build vulnerabilities into their platforms. These are usually described as “accidental” security flaws when discovered, as 12 have been found in WhatsApp in the last year alone. Finally, it is impossible to know whether the encryption implemented on a messaging app uses the code the company claims it does. Except for Telegram, of course, which has been open source with fully documented encryption since 2013, Durov emphasizes.

The telegram founder cheerfully admits his bias, asserting that, of course, he believes Telegram Secret Chats is more secure than the competition. That is largely because, unlike other platforms, his company refuses to comply with enforcement agencies’ demands for backdoors. As a result, Telegram is banned in Russia and Iran, unlike the dodgy WhatsApp. To read more details of Durov’s/ Telegram’s perspective, check out the post for yourself.

Cynthia Murrell, February 18, 2020

Tor Deanonymization

February 4, 2020

DarkCyber noted “Deanonymizing Tor Circuits.” The write up may be useful to some wrestling with bot attacks using the Tor “network.” The comments to the post on Hacker News contain some useful information as well. These comments are at this link.

Several of the observations characterize the tone and content of the comment set:

  • [On anonymity] “Tor is the only viable alternative and we know it can be at least seriously compromised by the bigger nations.”
  • [On guard control] “There’s a second attack. The attacker can run one or more hostile guard nodes. If he can knock me off enough guards, my tor daemon will eventually choose one of his guards. Then he can identify my actual network address and directly attack my server.”
  • [The problem] “Censorship is a political problem, technical solutions provide a temporary hot fix, but the political problem has to be solved at one point.”
  • [Example of a block] “Operators of Internet sites have the ability to prevent traffic from Tor exit nodes or to offer reduced functionality for Tor users. … The BBC blocks the IP addresses of all known Tor guards and exit nodes from its iPlayer service, although relays and bridges are not blocked.”

Some HackerNews items can be difficult to locate via the site’s search utility. As a result, collecting Tor related information can be challenging.

Stephen E Arnold, February 4, 2020

Amazon Security in the News: AWS Documentation

January 29, 2020

Curious about Amazon’s security features? Navigate to this link and review AWS Security Documentation by Category. In order to make sense of the information, one needs to speak Amazonia; for example, Glacier, Snowball, ECR, ECS, and SQS plus another bulldozer blade of product and service nomenclature. Because an Amazon phone breach allegedly took place, DarkCyber entered the query “mobile” into the AWS Security Documentation search function. Here’s the result:

image

There were 138 pages of results, numbering 1,379 results.

A somewhat cursory review of the information provided zero guidance related to the security issue encountered by Mr. Bezos. Perhaps if he had used an Amazon phone, the documentation would have provided some guidance? Perhaps.

Stephen E Arnold, January 29, 2020

Next Page »

  • Archives

  • Recent Posts

  • Meta