A New Cyber Angle: Differential Traceability
August 20, 2018
Let’s start the week with a bit of jargon: differential traceability.”
How do you separate the bad eggs from the good online? It’s a question we’ve all been wracking our brains to solve ever since the first email was sent. However, the stakes have grown incredibly higher since those innocent days. Recently, some very bright minds have begun digging deeply into the idea of traceability as a way to track down internet offenders and it’s gaining traction, as we discovered from a Communications of the ACM editorial entitled: “Traceability.”
According to the story, it all comes down to differential traceability:
“The ability to trace bad actors to bring them to justice seems to me an important goal in a civilized society. The tension with privacy protection leads to the idea that only under appropriate conditions can privacy be violated. By way of example, consider license plates on cars. They are usually arbitrary identifiers and special authority is needed to match them with the car owners.”
Giving everyone a tag, much like a car, for Internet traffic is an interesting idea. However, much like real license plates, the only ones who will follow the rules will be the ones who aren’t trying to break them.
This phrase meshes nicely with Australia’s proposed legislation to attach fines to specific requests for companies to work around encryption. Cooperate and there is no fine. Fail to cooperate, the company could be fined millions per incident.
Differential? A new concept.
Patrick Roland, August 20, 2018
Amazon Clarification on Network Switches
July 19, 2018
I read an exclusive on Marketwatch. (I did not know it was “real” journalism.) The story is “Exclusive: Amazon Denies It Will Challenge Cisco with Switch Sales.” The story’s main point struck me as:
Amazon.com Inc.’s top cloud-computing executive has officially denied that Amazon Web Services plans to start selling network switches to other businesses, after a report last week claiming that move was in the works damaged stocks of Cisco Systems Inc. and other major networking companies.
I think I understand.
Amazon may be building switches with Amazon Web Services and maybe its streaming data marketplace baked in. But these switches will not be old to “other businesses.”
Such a switch would add some functionality to Amazon’s own infrastructure. I wonder if these switches, assuming they exist, would add some beef to Amazon’s government client activities. For example, some lawful intercept activities take place at network tiers where there are some quite versatile switches.
The write up adds:
Amazon would not comment on whether it is creating its own networking equipment, just that it did not plan to sell such equipment to other businesses.
If Amazon wins more US government cloud and AWS centric work, certification of these devices eliminates possible questions about backdoors or phone home functions in gear sourced from other companies.
To sum up, Amazon does not deny it is building switches (whatever that term includes).
Worth watching in the context of the on going dust up between Oracle’s data marketplace and Amazon’s designs on building a new source of revenue with its marketplace innovations.
Stephen E Arnold, July 19, 2018
Unlocking iPhones: Cat and Mouse Continues
June 25, 2018
In a recent DarkCyber, referenced companies that specialize in unlocking iPhones for law enforcement. Apple responded by suggesting that it would alter the functionality of its lightning USB connector to provide greater user privacy.
At the security conference in Winston Salem, North Carolina, last week, I heard some talk about the issues that the Apple versus law enforcement cat and mouse game would create. (I gave two talks available to the 160 conference attendees. No boos and not thrown tomatoes.)
My impression of these comments is that the games will continue.
I was not surprised to read “A Hacker Figured Out How to Brute Force iPhone Passcodes.” Has the hacker kicked off a new round of game playing? Who knows?
The write up states:
A security researcher has figured out how to brute force a passcode on any up-to-date iPhone or iPad, bypassing the software’s security mechanisms… But Matthew Hickey, a security researcher and co-founder of cybersecurity firm Hacker House, found a way to bypass the 10-time limit and enter as many codes as he wants — even on iOS 11.3.
The method revealed in the write up is clever, like many hacks.
The write up quotes the hacker as saying, “I suspect others will find it [the hack] or have already found it.
Worth monitoring the score line.
Stephen E Arnold, June 25, 2018
Cheerleading for VPNs: Gimme a V, Gimmie an S, Gimmie an N!
June 20, 2018
VPNs Protect Your Data Away From Home
The received wisdom is that a VPN or virtual private network can be used to protect your Internet data from hackers and other bad actors. ZDNet wrote up a piece about VPNs in “Take Home Along: Six Ways A VPN Can Help Travelers Connect Wherever They Go.” Typically remote access from a different country or area than your normal IP area will be flagged as a bad actor, but it can also protect you.
In theory, you can use a VPN to prevent your debit or credit card from being blocked, do home online shopping, watch your streaming services, and use VOIP services. While these are apparent application for a VPN, the article also shares some other that are “naughtier.”
If you are visiting a country, like China, that has restricted access to social media then a VPN in theory will allow you to circumnavigate it. Even more helpful is that it can hide your online tracks from spies:
“Some companies provide VPN access to their employees while traveling. Employees are given software or configurations that allow them to create encrypted tunnels between their laptops and home servers. These enterprise VPN clients do a great job of hiding the content, but they fail in one critical way: They often let a spying nation state know the IP address of those VPN end-points.
The hope is that by using a VPN service provider, you can obfuscate the path back to work, as well as the data you’re transmitting. This is a very good idea to make it just a little harder for nation-state spies and the organized crime hackers that often work with them to find your company’s servers.”
The problem is that not every VPN is fully secure. Why? In some countries, those who use and operate VPNs are either expected to cooperate with the authorities or just want to stay in business and maybe out of jail.
Whitney Grace, June 20, 2018
France: A Player in Cybersecurity
May 9, 2018
We know the French are good at cheese and wine and romance. Heck, we’d say they are the best in the world in those departments. But when it comes to cyber security, most people think they are about as fresh as rotten brie. That image could be changing. We certainly changed our tune after reading some persuasive recent pieces, starting with Express article, “WhatsApp is About to Get a Rival From One of the Most Unlikely Places.”
That place is, obviously, France. Here’s what the story had to say:
“Since none of the major encrypted messaging apps are based in France, it has raised the risk of data breaches at servers outside the country, the French digital ministry said.
“About 20 officials and top civil servants are testing the new app which a state-employed developer has designed, a ministry spokewoman said, with the aim that its use will become mandatory for the whole government by the summer.”
On the surface, this sounds completely laughable, right? But people are starting to talk about the surprising strength of France’s tech industry. If you ask some people, they are on the cusp of becoming a cyber security power. If things go France’s way, cyber technology might rank up there with champagne, as the country’s finer exports.
Patrick Roland, May 9, 2018
Dark Web Security: The New Black
April 3, 2018
Security threats on the general internet have been around since the first email was sent. But a new and more vengeful form of cybercrime is rising up from the Dark Web and the hiddenwebs, and companies are scrambling to fight it. We learned about one such organization in a recent Gov.uk story, “Cyber Security Firm Secures $26 Million Series C Funding.”
According to the story, Digital Shadows helps target threats on the everyday web, but also those more shadowy realms average people have no idea about. This financial boon will help in many ways, according to a spokesman:
“We intend to use this new funding to scale and grow on a global basis. We’ll also continue to invest in the product, and to stay ahead of anyone else, continually ensuring we can provide unique value to the customer… We will continue to work with organizations with 500+ employees, because they need the most help to protect themselves and their assets against digital risks.”
In addition to venture capital firms, governments, too, have been focusing attention on fighting this type of fraud too. The challenge is that security remains a cat and mouse game. Watch this blog for a link to our new video about Grayshift’s iPhone unlocking device. We point out in this video that Apple will button up loopholes, and the security arms race begins again. Dark Web security operates in the same manner. Expensive? Yes. Frustrating? Yes. Profitable for security firms? Yes.
Artificial Intelligence: Tiny Ears May Listen Well
March 29, 2018
The allegations that Facebook-type companies can “listen” to one’s telephone conversations or regular conversations may be “fake” news. But the idea is worth considering.
Artificial intelligence’s ability to process written data is unparalleled. However, the technology has always lagged pretty severely when it comes to spoken words. Soon, that will be a thing of the past if this recent article is to be believed. We learned more from the Smart Data Collective piece, “Natural Language Processing: An Essential Element of Artificial Intelligence.”
According to the story:
“Natural Language Processing (NLP) is an important part of artificial intelligence which is being researched upon to aid enterprises and businesses in the quick, speedy and fast retrieval of both structured and unstructured organizational data when needed. In simple terms, natural language processing (NLP), is the skill of a machine to understand and process human language within the context in which it is spoken.”
This technology is really taking off in the food industry. According to sources, shoppers in London are the first to use language processing apps to help them determine what vitamins their body may be lacking. It may sound like a stretch, but this is the sweet spot where AI really soars. The technology seems to really take off in industries that previously felt like it needed no help. Watch for language processing to begin bleeding into everyday life elsewhere, too. If one is carrying a mobile phone, is it listening and recording, converting text to speech, and indexing that content for psychographic analysis?
Patrick Roland, March 29, 2018
Hidden Webs May Be a Content Escape Hatch
March 28, 2018
Beyond Search and the Dark Cyber research team discussed a topic which raised some concern among the team. Censorship may be nudging some individuals to the hidden Webs; for example, the Dark Web, i2p, ZeroWeb, etc.
In the wake of several US school shootings, the outcry of more control over gun sales has grown louder. Many organizations have begun to distance themselves from firearms related topics, like YouTube who removed all of their firearms content recently. The response has created a strange subculture, as we discovered in this recent NPR story, “Restricted by YouTube, Gun Enthusiasts are Taking Their Videos to Pornhub.”
According to the story:
“InRangeTV, which has some 144,000 subscribers on its YouTube channel, has chosen to publish videos on an adult website called Pornhub…InRangeTV also recently wrote on Facebook that it is defending “Why are we seeing continuing restrictions and challenges towards content about something demonstrably legal yet not against that which is clearly illegal?” It then posted links to YouTube videos on synthesizing meth and other illicit acts.”
This is an odd place for a freedom of speech battle to take place, but not completely. It seems right in line with something Larry Flynt would have perused. Conversely, as far right leaning content is going closer and closer toward the dark web (pornography is not the dark web, but it feels like that’s the direction this is heading) the dark web is beginning to try to take down YouTube with rightwing trolling at an extreme level. What all this means for average citizens is that search is going to get more complicated, no matter what you are hunting for.
We also noted that a site dedicated to off color content has become the new home for those who are interested in weaponry. We think the shift may be gaining momentum. How does one “find” these types of content? Perhaps encrypted chat or old fashioned word of mouth messaging. Worth watching this possible shift.
Patrick Roland, March 28, 2018
The Digital Purloined Letter
March 28, 2018
Want to keep a Secret? Do it in public?
We spend a lot of time worrying about how secure our private data and messages are. If the internet has proven anything to us, it’s that if someone wants to get into your info, they’ll do it. So, one of the world’s most clandestine agencies has started using social media to do perform some of its most secret activities out in the open. We learned more from the recent Engadget piece, “NSA Sent Coded Messages Through Twitter.”
According to the piece, the NSA paid about $100,000 to Russian informants and did most of the communicating in secret messages on Twitter.
“It’s unknown how common this practice is, both on other social networks and from other agencies. However, it wouldn’t be surprising if there have been other instances. This lets intelligence bureaus orchestrate clandestine communications with little effort, and no way of knowing about the secret meaning (outside of leaks like this, of course) if you’re not directly involved.”
This certainly sounds like something straight out of a spy movie, but this level of secrecy is actually available to the general public. You just have to know where to look. For example, as recently as 2016, Facebook had a secret Messenger app that allowed for coded messages and for disappearing messages, not unlike Snapchat. So, if you are thinking of passing secrets to someone, social media is, oddly, a great place for it.
Patrick Roland, March 28, 2018
FOIA Suit Seeks Details of Palantirs Work with ICE
March 21, 2018
Well, this should be interesting. The Electronic Privacy Information Center (Epic.org) has announced, “EPIC FOIA- EPIC Sues for Details of Palantir’s Government Systems.” The brief write-up reports the watchdog’s complaint requesting information on the relationship between data-analysis firm Palantir and the Immigration and Customs Enforcement agency (ICE). The announcement specifies:
The federal agency contracted with the Peter Thiel company to establish vast databases of personal information, and to make secret determinations about the opportunities for employment, travel, and also who is subject to criminal investigations. EPIC is seeking the government contracts with Palantir, as well as assessments and other related documents. The ICE Investigative Case Management System and the FALCON system pull together vast troves of personal data from across the federal government. EPIC wrote in the complaint, ‘Palantir’s “big data” systems raise far-reaching privacy and civil liberties risks.’
Palantir’s role in creating “risk assessment” scores for travelers (US citizens and non-citizens alike) was revealed through an earlier FOIA lawsuit from EPIC. It would be interesting to see what information the organization is able to shake loose.
Cynthia Murrell, March 21, 2018
-
- Subscribe to Beyond Search
Feature archive
News archive
-
