Do It Huiwei, Please

July 9, 2020

Believe it or not.

Huawei is a mobile device brand not well known in the United States, but it provides an Android based device to millions of consumers in the eastern hemisphere. Huawai devices are manufactured in China and in May the company held its seventeenth annual analyst summit. Ameyaw Debrah shares the story in the article, “Huawei Analyst Summit: Security And Privacy In A Seamless AI Life-Only You Control Your Personal Data.”

The Vice President of Consumer Cloud Services Eric Tan delivered the keynote speech called “Rethink the Seamless AI Experience with the Global HMS Ecosystem” related to Huawei’s privacy and security related to the cloud, hardware, application development, and global certifications. Tan stated that Huawei abides by GDPR, GAPP, and local laws to guarantee privacy compliance.

Another speaker, Dr. Wang Chenglu spoke about “Software-Powered, Seamless AI Experiences and Ecosystems.” He stated how distributed security builds trust between people, data, and devices to protect user privacy and data:

“He explained that firstly, ensure that users are using the correct devices to process data and Huawei has developed a comprehensive security and privacy management system that covers smart phone chips, kernels, EMUI, and applications. This allows devices to establish trusted connections and transfer data based on end-to-end encryption.

Secondly, ensure the right people are accessing data and operating services via the distributed security architecture which makes coordinated, multi-device authentication possible. An authentication capability resource pool is established by combining the hardware capabilities of different devices. The system provides the best security authentication measures based on authentication requests and security level requirements in different business scenarios.”

Huawei stressed that privacy and security are its MO, but can one believe that “only you control your private life” when. a country-supported company is coding up a storm?”

Whitney Grace, July 9, 2020

Work from Home and Be Insecure. Sure, It Is Standard Operating Procedure

June 22, 2020

Remote working is the new normal with COVID-19 and companies have prepped for that in the past decade…sort of. Companies were prepared for telecommuting in short term bursts and a limited number of employees, but not for a consistent length of time. Why? Working remotely requires more than a reliable Internet connection and laptop. It needs a secure network says Tech Radar in, “Most Companies ‘Unprepared’ For Secure Remote Working.”

According to the 2020 Remote Work Report, 41% of companies do not have proper networks to secure their data. They cite lack of the right equipment as the biggest problem. Despite the lack of security, companies will continue to allow their workers to remotely work.

Also according to the report, 72% states malware was their biggest worry. Compliance with their security regulations is another issue says 63%, including the EU’s General Protection Regulation. Companies are also worried about securing Web applications, video conferencing, and file sharing.

It is not surprising that this happened, because tradition lingers on in the business world. Even the most technologically advanced companies have security issues, for example Google says Channel News Asia: “Google Sees Resurgence In State-Backed Hacking, Phishing Related To COVID-19.”

Google sent out warnings:

“Security experts at Alphabet Inc’s Google sent 1,755 warnings in April to users whose accounts were targets of government-backed attackers, following a resurgence in hacking and phishing attempts related to the coronavirus outbreak.

Google said on Wednesday its Threat Analysis Group saw new activity from “hack-for-hire” firms, many based in India, that have been creating Gmail accounts spoofing the World Health Organization (WHO).”

Even the experts are vulnerable! Nobody is safe.

Whitney Grace, June 22, 2020

Free Surveillance: A Marketing Thing

June 14, 2020

There is one key reason many companies once hesitated to let workers telecommute, especially firms that handle sensitive information: security. However, the COVID-19 pandemic is forcing companies to find a way. Mondo Visione reports on one possible solution for financial firms in the brief write-up, “SteelEye Offers Free Communications Surveillance to Support Remote Working—90-Day Offer Aims to Assist Compliance Teams as Employees Work from Multiple Sites.” We learn:

“SteelEye, the compliance technology and data analytics firm, today announced that it is offering financial firms the opportunity to use its Communications Surveillance service for free for up to 90 days as the market adapts to a new style of working. As firms reopen their offices, reduced density rules are likely to prevail for some time, meaning a workforce that is spread between the office and home. Monitoring communications by staff working in multiple locations will require changes in compliance processes, which may prove challenging if access to on-premise technology is needed. To help compliance teams adapt to more flexible working conditions, SteelEye’s Communications Surveillance service is being offered for up to 90, days and 50 monitored users, at no charge and with no obligation for future use. It includes monitoring MS Exchange email and Bloomberg chat, and can be seamlessly integrated to capture communications from staff working remotely.”

SteelEye’s modular, cloud-based Communications Surveillance system can be deployed quickly, the company’s CEO promises, and clients can be on boarded within 24 hours. Risk detection, oversight, and compliance are the platform’s priorities. Founded in 2017, SteelEye is based in London.

Cynthia Murrell, June 14, 2020

Mobile Security Is Possible, But It Is Work

June 10, 2020

Ads are a pain on desktop devices, but they are even more annoying on mobile devices. The worst type of ads are the ones where the X is hidden, making it impossible to close the ad. Mobile ads are only getting worse as mobile devices become SOP and IT-Online shares more insight into the “Mobile Adware: The Silent Plague With No Origin.”

The article focuses on a research from the Check Point’s Cyber Security Report 2020 and the insights are alarming. According to the security report, 27% of companies experienced a security breach through a mobile device. What is even worse is that most companies do not prioritize mobile security, making mobile devices the most vulnerable area. Check Point’s regional director stated:

“ ‘It only takes one compromised mobile device for cybercriminals to steal confidential information and access an organisation’s corporate network,’ explains Pankaj Bhula, Regional Director: Africa at Check Point. ‘More and more mobile threats are created each day, with higher levels of sophistication and larger success rates. Mobile adware, a form of malware designed to display unwanted advertisements on a user’s screen, is utilised by cybercriminals to execute sixth-generation cyberattacks.’”

Adware is like a plague, because it can secretly be downloaded onto a phone and collect a user’s personal information from location to banking information. Adware is designed to sneak onto a phone and deleting it is harder than finding an X on an annoying ad. Adware sneaks onto mobiles devices through applications, usually through a device’s specific store.

It is smart advice to not download third party apps from unverified companies, especially ones discussed in ads or low download rates. Do not trust anything without researching it first.

Whitney Grace, June 10, 2020

Sensors and Surveillance: A Marriage Made in Sci Fi

May 4, 2020

We can expect the volume of data available for analyses, tracking, and monitoring to skyrocket. EurekaAlert!, a site operated by the American Association for the Advancement of Science, reports, “Tiny Sensors Fit 30,000 to a Penny, Transmit Data from Living Tissue.” The project out of the Cornell Center for Materials Research was described in the team’s paper, published in PNAS on April 16. The optical wireless integrated circuits (OWICs) are a mere 100 microns in size. The news release explains:

“[The sensors] are equipped with an integrated circuit, solar cells and light-emitting diodes (LEDs) that enable them to harness light for power and communication. And because they are mass fabricated, with up to 1 million sitting on an 8-inch wafer, each device costs a fraction of that same penny. The sensors can be used to measure inputs like voltage and temperature in hard-to-reach environments, such as inside living tissue and micro fluidic systems. For example, when rigged with a neural sensor, they would be able to noninvasively record nerve signals in the body and transmit findings by blinking a coded signal via the LED. … The OWICS are essentially paramecium-size smartphones that can be specialized with apps. But rather than rely on cumbersome radio frequency technology, as cell phones do, the researchers looked to light as a potential power source and communication medium.”

The researchers have already formed a company, OWiC Technologies, to market the sensors and have applied for a patent. The first planned application is a line of e-tags for product identification. The write-up predicts many different uses will follow for these micro sensors that can track more complicated data with less power for fewer dollars. Stay tuned.

Cynthia Murrell, May 4, 2020

Zoom: Room for Improvements and Hardly a Joke

April 1, 2020

Yesterday a former CEO asked me, “Who is this Ben guy?” The question was in bounds. Since I signed up for Zoom three or four years ago, I sniffed the Silicon Valley outfit and learned that there was some smart money from the Middle Kingdom supporting the operation. Further poking around revealed mixed signals about security. Despite the nice looking interface, some effort was taken years ago to omit, obscure, or misdirect one’s attention from some basic functions. Then there was icon litter. There’s the lack of statefulness when one leaves a meeting from the Zoom Web site to an instant meeting on a user’s computer. There are other oddities if not efforts to do a digital magician’s trick.

The Facebook data thing has been publicly exposed, and allegedly Zoom has cleaned up its act. The Zoom bombs featuring people exposed some individuals who follow the dress code of Adam and Eve have been revealed.

I spotted “Zoom Meetings Aren’t End to End Encrypted, Despite Misleading Marketing.” News on March 31, 2020. Not exactly a revelation to our Ben fellow, but the information is now public:

Zoom is using its own definition of the term, one that lets Zoom itself access unencrypted video and audio from meetings.

Now where does that information go? Maybe the Middle Kingdom?

Ben’s Zoom set up involves:

  • A prepaid credit card which is used to pay for the “pro” service
  • An email created just for Zoom
  • A network separated Mac Mini just for video conferences
  • A hot spot so that traffic flows through a pre paid service, not DarkCyber’s regular provider
  • No use of Zoom cloud recording
  • Turn off anything that allows an attendee to fiddle around
  • Ignore in meeting message functions.

Not perfect but for those students who had a bit of a surprise when Zoom bombed, our approach has prevented this type of revelation.

Stephen E Arnold, April 1, 2020

Want a Line Up of AI-Fueled Cybersecurity Firms?

March 25, 2020

Artificial intelligence and cybersecurity seem like a natural pairing. Check out a list of firms that think so, too, in Built In’s write-up, “30 Companies Merging AI and Cybersecurity to Keep us Safe and Sound.” Reporter Alyssa Schroer explains:

“By the year 2021, cybercrime losses will cost upwards of $6 trillion annually. It’s no surprise, then, that the cybersecurity industry is exploding as it grows to protect the networks and systems on which companies and organizations operate and store data. Because effective information security requires smarter detection, many cybersecurity companies are upping their game by using artificial intelligence to achieve that goal. A new wave of AI-powered solutions and products keep bad actors on their toes while giving IT teams much needed relief. Here are 30 companies merging artificial intelligence and cybersecurity to make the virtual world safer.”

Navigate to the article for the names of all 30 companies. They include well established firms like Symantec, Darktrace, and Fortinet alongside many less familiar names. Several serve specific industries. Schroer lists the location of each entry and describes how it is applying AI tech to cybersecurity. For example, for Shape Security she writes:

“Shape Security provides software that fights imitation attacks like fake accounts, credential stuffing and credit application fraud for businesses in retail, finance, government, tech and travel. Shape’s machine learning models have been given access to data resembling attackers, enabling the system to learn what human activity looks like against fraud. The company’s solutions, Enterprise Defense and Blackfish, use this AI to identify the differences between real and artificial users and then block, redirect or flag the fraudulent source.”

Hacking tools and procedures have become prolific and incredibly efficient. It makes sense to fight them with well-crafted machine learning solutions. Any organization looking to employ one of these (or similar) firms should do its research and choose a well-designed solution that meets its particular needs.

Cynthia Murrell, March 25, 2020

A Term to Understand: Geofencing

March 25, 2020

DarkCyber has reported in its twice-a-month video news program about companies providing specialized geofencing solutions; for example, our go-to touchstone Geofeedia and others like PredPol. You can find these programs by searching DarkCyber on YouTube or Vimeo.

A news story from a “trusted” source reports “Taiwan’s New Electronic Fence for Quarantines Leads Wave of Virus Monitoring.” The “first” means, DarkCyber assumes, refers to a publicized use of a large-scale geofencing operation applied to numerous citizens.

When you read the story, several questions come to mind which the “trusted” story does not touch upon:

  • What vendors provide the geofencing solution in Taiwan and the other countries mentioned in the write up?
  • What technologies are used in addition to the latitude, longitude, time stamp data generated by mobile devices connected to or pinging a “network”?
  • What additional software systems are used to make sense of the data?
  • How long has the infrastructure in Taiwan and the other countries mentioned been in operation?
  • What was the ramp up time?
  • What was the cost of the system?
  • What other applications does the Taiwan system support at this time? In the near future?
  • Are special data handling and security procedures required?

News is one thing. Event A happened. Factoids without context leave questions unanswered. Does one trust an absence of information? DarkCyber does. Of course. Obviously.

Stephen E Arnold, March 25, 2020

Hacking Team Write Up Contains Dicey Tricks and Possibly Useful Information

March 9, 2020

One of the problems DarkCyber encounters is figuring out what’s true, what’s shaped, and what’s off base. DarkCyber worked its way through a comparatively long write up about specialized service providers called “Cyberwar for Sale.” Be aware that the blog url may return a 404, display questionable links like a plea for the visitor to install wonky Flash or Microsoft support from an unidentified source, or display images some may find disturbing or illegal in some jurisdictions. The write up provides information on a range of subjects which may be of interest to those looking for content about some government activities.

The original article about Hacking Team was written by Mattathias Schwartz. The appeared in “mainstream media.” Examples include the Intercept. The recycling in AllyCanbeg blog flowed in our newsfeed on March 1, 2020.

DarkCyber worked through the Ally Canbeg version possibly modified by Ally Brake. One never knows when the factoids or alleged factoids will be useful. Another point of this write up  is that looking for certain information can present challenges: Spam, scams, etc.


This is the Ally Canbeg blog on Blogspot. The story requires an explicit url. Be careful clicking within the story. Ally is wily in DarkCyber’s opinion.  The site requires that the visitor’s ad blocker be disabled. The reason is that money is needed to create the content.

The DarkCyber team has extracted statements and information from the Ally Canbeg blog post. The goal is to make the assertions somewhat easier to follow. The factoids may be true or false, but taken as a whole, DarkCyber finds the write up interesting.

Despite the dicey nature of the blog, DarkCyber spotted a number of statements, possibly accurate, about the activities of Hacking Team, FinFisher, Trovicor, and NICE. Each of these firms is allegedly providing tools to compromise targets’ electronic communications and devices. Keep in mind that the AllyCanbeg blog is characterizing these companies. DarkCyber is summarizing information from the blog.

Let’s run through some of the statements in the blog post which DarkCyber found suggestive. DarkCyber has created some categories and group information in these. The source document is a bit scattered, and it is likely that the Ally Canbeg entity assembled the allegedly accurate information from a number of different sources. DarkCyber concludes that the write up itself is a polemic against Hacking Team, against “authorities” who use tools to act in a manner offensive to Ally Canbeg-type individuals, and the general state of surveillance systems and methods.

The Hacking Team Company
  • Compared with conventional arms, surveillance software is subject to few trade controls. An effort by the US to regulate these types of software and systems under the Wassenaar Arrangement failed. Information about this agreement is available at this link.
  • Hacking Team (founded in 2003) is based in Milan, Italy and has fewer than 50 employees. The founder is David Vincenzetti. Eric Rabe is identified as the company’s spokesperson in the US. Philippe Vinci is a company vice president. Alessandro Scarafile is an engineer with the company.
  • The Hacking Team opened in 2015 a US subsidiary in Reston, Virginia. The idea was to sell the solution to the US military, the Department of Justice, and the Royal Canadian Mounted Police. Metro police departments were identified as prospects; for example, San Bernadino, CA, Washington, DC, New York, NY, Fort Lauderdale, FL, and Orlando, FL.
Government Failings
  • The US government changed the rules of criminal procedure. The idea was to make it easier for federal agents to hack into multiple computers with a single warrant.
  • The Electronic Frontier Foundation says about the Hacking Team technology: “This is much more intrusive than the interception of a phone call. They [presumably the authorities who purchased the Hacking Team solution] are not only listening; they are taking over your laptop.”
Business Practices
  • Hacking Team customers sign contracts agreeing to comply with local laws. Ally Canberg writes, “Leaked documents suggest that employees have sometimes turned a blind eye.”
  • Hacking Team marketed by sending emails to US military and intelligence community members. Government employees were on the list too.
The Hacking Team RCS Solution
  • The company’s espionage tool is call RCS, shorthand for Remote Control System. The cost of the software is allegedly “as little as $200,000 a year.”
  • RCS obtains information at the source before it can be encrypted. The unencrypted data is transferred to the designated capture point.
  • The functions of RCS, once installed using techniques difficult for the target to identify, perform surveillance of text messages, emails, phone and Skype calls, location data.
  • The methods for installing RCS include getting physical access to the device and then placing necessary software on the device. RCS can be installed over a WiFi network. An email containing malware in an attachment lures the target to open the attached file. Network injection may also be an option. Information about network injection can be found at this link. Social engineering can also be used.
  • The Hacking Team was itself hacked in 2015. More than 400 gigabytes of information was made public. The RCS source code is allegedly “now public.”
  • RCS captures images from built in cameras, sound from built in microphones, screenshots, detailed records of applications opened, information about bitcoins transferred, a continuous log of location with latitude and longitude data, address books, calendars, hone calls, Skype calls and passwords, and browser histories.
  • Keyloggers record every key pressed.
  • Data from a target’s device can be displayed on a time line.
  • Data from a compromised device is routed through a series of dedicated servers scattered around  the world.
  • The US FBI and the Drug Enforcement Administration have allegedly licensed the software. According to Ally Canbeg, the FBI’s licensing fees have been more than $700,000 paid since 2011.
  • Hacking Team’s software has been licensed to Ecuador, Honduras, Ethiopia, Bahrain, Mexico (the company’s biggest export market), Morocco, Egypt, Singapore (the company’s first non-European customer),and Saudi Arabia, among others.
  • Hacking Team has “a three year relationship” with Russia’s FSB, the equivalent of a national police force. Allegedly the Russian deal as intermediated by Kvant, a Russian entity.
  • SS8, a company “backed by Kleiner Perkins Caulfield Byers and the Harris Corporation” compete with the Hacking Team for customers.
Why Specialized Software Is a Big Seller
  • Why vendors of specialized software have gained traction. The write up states: “Geopolitical winds have been blowing in favor of the Hacking Tem and other self described allies of law and order…As George Tenet famously said about pre-September 11 intelligence, blinking red: The imploding Middle East, a restive nuclear armed Russia, battalions of ISIS-trained jihadis roaming around Europe with their encrypted thumb drives and Dark Web expertise. Against this backdrop of ever-increasing danger, concerns about human rights are naive at best.” Hacking Team emails “exploit this sense of danger and alarm.” The theme of the sales and marketing, according to Ally Canbeg is “privacy is secrecy and secrecy is terrorism.”
DarkCyber Observations
  1. Ally Canbeg or Ally Brake present the information in a way likely to lead to unexpected behaviors on the site visitors computer. The blog runs on Blogspot, and DarkCyber thinks that Google, the owner of Blogspot, is not doing a very good job of monitoring code in the blogs on its service.
  2. Hacking Team is an example of a company behaving in a manner inappropriate to individuals with certain sensibilities.
  3. The information appears to be recycled from Mattathias Schwartz.
  4. Mentioning one competitor leaves the impression that a very small number of firms offer similar technology. Numerous firms offer similar capabilities.

Net Net

Wow. Dicey blog. Recycled information. Intent? Questionable.

Stephen E Arnold, March 9, 2020

Cyber Security Marketing: About to Get Much Noisier in 2020

March 4, 2020

Businesses at Risk for Cyber attack but Take Few Precautions” states:

Although businesses are increasingly at risk for cyber attacks on their mobile devices, many aren’t taking steps to protect smartphones and tablets.

Let’s assume this statement is accurate and based on verifiable data.

Given this assumption, what will 2020 mean for the hundreds of vendors selling cyber “early warning” intelligence, smart cyber moats, and tools to prevent phishing emails from snapping confidential information?

The answer is, “More marketing.”

Another possible answer is, “More insight into how some organizations respond to threats like ransomware and loss of data.

Interesting disconnect which does not seem to slow venture firms’ appetites for smart cyber intelligence firms.

If the risk is high, why not take action? Perhaps priorities, cost, and complexity have an impact?

Stephen E Arnold, March 4, 2020

Next Page »

  • Archives

  • Recent Posts

  • Meta