Dark Web Security: The New Black

April 3, 2018

Security threats on the general internet have been around since the first email was sent. But a new and more vengeful form of cybercrime is rising up from the Dark Web and the hiddenwebs, and companies are scrambling to fight it. We learned about one such organization in a recent Gov.uk story, “Cyber Security Firm Secures $26 Million Series C Funding.”

According to the story, Digital Shadows helps target threats on the everyday web, but also those more shadowy realms average people have no idea about. This financial boon will help in many ways, according to a spokesman:

“We intend to use this new funding to scale and grow on a global basis. We’ll also continue to invest in the product, and to stay ahead of anyone else, continually ensuring we can provide unique value to the customer… We will continue to work with organizations with 500+ employees, because they need the most help to protect themselves and their assets against digital risks.”

In addition to venture capital firms, governments, too, have been focusing attention on fighting this type of fraud too. The challenge is that security remains a cat and mouse game. Watch this blog for a link to our new video about Grayshift’s iPhone unlocking device. We point out in this video that Apple will button up loopholes, and the security arms race begins again. Dark Web security operates in the same manner. Expensive? Yes. Frustrating? Yes. Profitable for security firms? Yes.

Patrick Roland, April 3, 2018

Artificial Intelligence: Tiny Ears May Listen Well

March 29, 2018

The allegations that Facebook-type companies can “listen” to one’s telephone conversations or regular conversations may be “fake” news. But the idea is worth considering.

Artificial intelligence’s ability to process written data is unparalleled. However, the technology has always lagged pretty severely when it comes to spoken words. Soon, that will be a thing of the past if this recent article is to be believed. We learned more from the Smart Data Collective piece, “Natural Language Processing: An Essential Element of Artificial Intelligence.”

According to the story:

“Natural Language Processing (NLP) is an important part of artificial intelligence which is being researched upon to aid enterprises and businesses in the quick, speedy and fast retrieval of both structured and unstructured organizational data when needed. In simple terms, natural language processing (NLP), is the skill of a machine to understand and process human language within the context in which it is spoken.”

This technology is really taking off in the food industry. According to sources, shoppers in London are the first to use language processing apps to help them determine what vitamins their body may be lacking. It may sound like a stretch, but this is the sweet spot where AI really soars. The technology seems to really take off in industries that previously felt like it needed no help. Watch for language processing to begin bleeding into everyday life elsewhere, too. If one is carrying a mobile phone, is it listening and recording, converting text to speech, and indexing that content for psychographic analysis?

Patrick Roland, March 29, 2018

Hidden Webs May Be a Content Escape Hatch

March 28, 2018

Beyond Search and the Dark Cyber research team discussed a topic which raised some concern among the team. Censorship may be nudging some individuals to the hidden Webs; for example, the Dark Web, i2p, ZeroWeb, etc.

In the wake of several US school shootings, the outcry of more control over gun sales has grown louder. Many organizations have begun to distance themselves from firearms related topics, like YouTube who removed all of their firearms content recently. The response has created a strange subculture, as we discovered in this recent NPR story, “Restricted by YouTube, Gun Enthusiasts are Taking Their Videos to Pornhub.”

According to the story:

“InRangeTV, which has some 144,000 subscribers on its YouTube channel, has chosen to publish videos on an adult website called Pornhub…InRangeTV also recently wrote on Facebook that it is defending “Why are we seeing continuing restrictions and challenges towards content about something demonstrably legal yet not against that which is clearly illegal?” It then posted links to YouTube videos on synthesizing meth and other illicit acts.”

This is an odd place for a freedom of speech battle to take place, but not completely. It seems right in line with something Larry Flynt would have perused. Conversely, as far right leaning content is going closer and closer toward the dark web (pornography is not the dark web, but it feels like that’s the direction this is heading) the dark web is beginning to try to take down YouTube with rightwing trolling at an extreme level. What all this means for average citizens is that search is going to get more complicated, no matter what you are hunting for.

We also noted that a site dedicated to off color content has become the new home for those who are interested in weaponry. We think the shift may be gaining momentum. How does one “find” these types of content? Perhaps encrypted chat or old fashioned word of mouth messaging. Worth watching this possible shift.

Patrick Roland, March 28, 2018

The Digital Purloined Letter

March 28, 2018

Want to keep a Secret? Do it in public?

We spend a lot of time worrying about how secure our private data and messages are. If the internet has proven anything to us, it’s that if someone wants to get into your info, they’ll do it. So, one of the world’s most clandestine agencies has started using social media to do perform some of its most secret activities out in the open. We learned more from the recent Engadget piece, “NSA Sent Coded Messages Through Twitter.

According to the piece, the NSA paid about $100,000 to Russian informants and did most of the communicating in secret messages on Twitter.

“It’s unknown how common this practice is, both on other social networks and from other agencies. However, it wouldn’t be surprising if there have been other instances. This lets intelligence bureaus orchestrate clandestine communications with little effort, and no way of knowing about the secret meaning (outside of leaks like this, of course) if you’re not directly involved.”

This certainly sounds like something straight out of a spy movie, but this level of secrecy is actually available to the general public. You just have to know where to look. For example, as recently as 2016, Facebook had a secret Messenger app that allowed for coded messages and for disappearing messages, not unlike Snapchat. So, if you are thinking of passing secrets to someone, social media is, oddly, a great place for it.

Patrick Roland, March 28, 2018

FOIA Suit Seeks Details of Palantirs Work with ICE

March 21, 2018

Well, this should be interesting. The Electronic Privacy Information Center (Epic.org) has announced, “EPIC FOIA- EPIC Sues for Details of Palantir’s Government Systems.” The brief write-up reports the watchdog’s complaint requesting information on the relationship between data-analysis firm Palantir and the Immigration and Customs Enforcement agency (ICE). The announcement specifies:

The federal agency contracted with the Peter Thiel company to establish vast databases of personal information, and to make secret determinations about the opportunities for employment, travel, and also who is subject to criminal investigations. EPIC is seeking the government contracts with Palantir, as well as assessments and other related documents. The ICE Investigative Case Management System and the FALCON system pull together vast troves of personal data from across the federal government. EPIC wrote in the complaint, ‘Palantir’s “big data” systems raise far-reaching privacy and civil liberties risks.’

Palantir’s role in creating “risk assessment” scores for travelers (US citizens and non-citizens alike) was revealed through an earlier FOIA lawsuit from EPIC. It would be interesting to see what information the organization is able to shake loose.

Cynthia Murrell, March 21, 2018

Secrets via Social Media

February 28, 2018

Social media has been under fire for its lax policies on fake news. While they are aiming to correct the algorithmic chaos that has led to such an unhappy state of business, this is not the only way in which the format is being used for odd deeds. One of the strangest came from Yahoo! Finance’s story, “NSA Sent Coded Messages Through Twitter.”

According to the story:

“…the National Security Agency used Twitter to send “nearly a dozen” coded messages to a Russian contact claiming to have agency data stolen by the Shadow Brokers. Reportedly, the NSA would tell the Russian to expect public tweets in advance, either to signal an intent to make contact or to prove that it was involved and was open to further chats.”

This made headlines for two reasons. One, because the Russian contact offered the NSA suspicious information on President Trump that the NSA declined to accept. Second, that a spy agency would do its business on such a public forum. For those of us who love a good spy novel or The Americans, we assume this type of clandestine communication is done in the shadows and back alleys. However, Tweeting to spy contacts falls right in line with espionage’s history of using public forums for secret messages. Take, for example, the Cold War tradition of running numbers stations. For decades, spooky coded messages were broadcast on a variety of shortwave radio stations around the globe, which many believe was a worldwide way of spies to communicate…right out in the open. So, think of Twitter as a modern day shortwave radio. The NSA already does.

Patrick Roland, February 27, 2018

Step Into the Dark Web My Sweet

February 27, 2018

Parents tell their children, “If you do not go looking for trouble, it will not come looking for you.” How many of us would like to believe this is true?  Sometimes, without even trying, trouble finds us and we can become entangled in illegal activities.  One of the benefits of the Dark Web (if there are any) is that it is very hard to stumble upon and get in trouble.  The Dark Web requires a special browser, then you need to search for the Web site addresses, and most of the time those do not work.  If you do get embroiled in the Dark Web, merchants of illegal goods will do their best to earn your trust and your dollars.  Natuilus explains how in the article, “How Darknet Sellers Built Trust.”

There is always a risk buying online, even from reputable places like eBay and Amazon.  The Dark Web, however, has a very high buyer satisfaction rate and sellers are reputable.  One would think that the Dark Web would be chock full of scammers, but it is not.  Before the FBI shut down the Silk Road in 2013, an illegal drug marketplace, more than 100 of drug orders the agency placed tested for high purity levels.

Reputation is everything for Dark Web sellers and their selling profiles mirror eBay and Amazon.  There are even discount programs, sales, and loyalty programs; even more amazing are the sellers that appeal to buyer’s ethics by selling “organic” and “conflict-free” drugs.  While Dark Web sellers have a high approval rate, it is possible that the feedback is inflated.

Social pressure encourages us to leave high scores in public forums. If you have experienced an Uber driver saying at the end of a trip, “You give me five stars, I’ll give you five stars, ” that’s tit for tat or grade inflation in action. I know I’m reluctant to give a driver a rating lower than four stars even if I have sat white-knuckled during the ride as he whizzed through lights and cut corners. Drivers risk being kicked off the Uber platform if their ratings dip below 4.6 and I don’t want to be responsible for them losing, in some instances, their livelihood. Maybe they are just having a bad day. That, and the driver knows where I live. In other words, reviews spring from a complex web of fear and hope. Whether we are using our real name or a pseudonym, we fear retaliation and also hope our niceties will be reciprocated.

Despite the “inflation,” sellers and buyers are quite happy with their illegal marketplace.  It takes the place of the street dealer and there is a chain of accountability in online discussion forums.  The risk factor is also taken out.  It is a lot safer to have drugs delivered to a mailbox than meeting someone in a dark alley.

The Dark Web marketplace is a white collar retail experience, except the products sold, are illegal.  At least they offer discounts on multiple purchases and fewer stabbings.

Whitney Grace, February 27, 2018

No Google Makes People Go Crazy

February 26, 2018

Beyond being the top search engine in the western world, Google has wormed its way into our daily lives with more than one service.  Google offers email, free Web storage, office suite software (word processing, presentations, spreadsheets), blogging software, YouTube, online ad services, and many more.  If we did not have Google, many of us would experience withdrawal symptoms.  So what would you do without Google?  TechCrunch posted the article,“That Time I Got Locked Out Of My Google Account For A Month” and author Ron Miller explained how it impacted his life.

Miller, like most of us, forgot his Google password and jumped through the hoops to recover it.  After plying the red tape, he was denied access to his account and was simply locked out.  The biggest problem was that he did not have any recourse.  As a technology journalist, Miller had Google contacts, but without that access, he did not know what he would have done.  Miller’s Google contact tried to get support for his case, but for two weeks he was given the runaround.  Finally, the PR contact came through and using an alternate email address, Miller finally had access to his sweet, sweet Google data.

Miller learned that there was little he could have done without his PR contact and others locked out of the accounts are SOL.  What is a Google user supposed to do?

The only thing I can suggest, and which I think I will do in the future, is to use a password manager and don’t leave it to chance. One day you could click “Forgot Password” and that could be the last time you access your Google account.  Your digital life could be hanging by that thin thread called your password, and if you can’t remember it at some point, it is like you don’t exist and you are cut off.

Hey, Google, please make retrieving a password easier!

Whitney Grace, February 26, 2018

Just Checking Out Source Code. For Security.

February 18, 2018

Russia and the US have an uneasy alliance, but economic trade and technology ease the tension. When it comes to defense software, Russia apparently purchased some from international brands based in the US. The only problem is that it might put the US in danger. SC Media explains how in the article, “Global Tech Firms Let Russian Defense Agency Peek Into Source Code To Search For Flaws.”

The situation, as reported, is that US tech companies McAfee, Symantec, Micro Focus, and SAP have allowed a Russian defense agency access to the source code in order to find vulnerabilities. Russia claims it is to prevent bad actors from using the software, but the US sees it a different way.

The Pentagon and lawmakers are not too happy with the tech companies. It sounds like a chase to earn the almighty dollar…er…ruble. How does the US feel in their own words?

“‘I fear that access to our security infrastructure – whether it be overt or covert – by adversaries may have already opened the door to harmful security vulnerabilities,’ Sen. Jeanne Shaheen, D-N.H., said, according to Reuters.The software is used not only by the Pentagon, the report said, but also at NASA, the State Department, the FBI and within the intelligence community, where it’s used to fend off attacks by nation-states such as Russia. ‘Even letting people look at source code for a minute is incredibly dangerous,’ Reuters quoted Steve Quane, executive vice president for network defense at Trend Micro, as saying.”

Who will win, US security or demand for profit?

Whitney Grace, February 18, 2018

Apple and Its Snowden Moment

February 14, 2018

I don’t pay much attention to the antics of Apple, its employees, or its helpers. I did note this story in Boy Genius Report: “We Now Know Why an Apple Employee Decided to Leak Secret iPhone Code.” My take is that the trigger was a bit of the high school science club mentality and the confusion of what is straight and true with the odd ball ethos of clever, young tech wizards.

The cat is out of the bag. Removing content from Github does not solve the problem of digital information’s easy copy feature.

How will Apple handle its Snowden moment? Will the leaker flee to a friendly computing nation state like Google or Microsoft? Will the Apple iPhone code idealist hole up in a Motel 6 at SFO until the powers that be can debrief him and move him to a safe cubicle?

I think the episode suggests that insider threats are a challenge in today’s online environment. With the report that security service providers are suffering from false positives, the reality of protecting secrets is a bit different from the fog of assumption that some have about their next generation systems. I call it the “illusion of security.”

Reality is what one makes it, right?

Stephen E Arnold, February 14, 2018

Next Page »

  • Archives

  • Recent Posts

  • Meta