Browse > Home / Archive by category 'Security'

Secrets via Social Media

February 28, 2018

Social media has been under fire for its lax policies on fake news. While they are aiming to correct the algorithmic chaos that has led to such an unhappy state of business, this is not the only way in which the format is being used for odd deeds. One of the strangest came from Yahoo! Finance’s story, “NSA Sent Coded Messages Through Twitter.”

According to the story:

“…the National Security Agency used Twitter to send “nearly a dozen” coded messages to a Russian contact claiming to have agency data stolen by the Shadow Brokers. Reportedly, the NSA would tell the Russian to expect public tweets in advance, either to signal an intent to make contact or to prove that it was involved and was open to further chats.”

This made headlines for two reasons. One, because the Russian contact offered the NSA suspicious information on President Trump that the NSA declined to accept. Second, that a spy agency would do its business on such a public forum. For those of us who love a good spy novel or The Americans, we assume this type of clandestine communication is done in the shadows and back alleys. However, Tweeting to spy contacts falls right in line with espionage’s history of using public forums for secret messages. Take, for example, the Cold War tradition of running numbers stations. For decades, spooky coded messages were broadcast on a variety of shortwave radio stations around the globe, which many believe was a worldwide way of spies to communicate…right out in the open. So, think of Twitter as a modern day shortwave radio. The NSA already does.

Patrick Roland, February 27, 2018

Written by Stephen E. Arnold · Filed Under News, Security | Comments Off on Secrets via Social Media 

Step Into the Dark Web My Sweet

February 27, 2018

Parents tell their children, “If you do not go looking for trouble, it will not come looking for you.” How many of us would like to believe this is true?  Sometimes, without even trying, trouble finds us and we can become entangled in illegal activities.  One of the benefits of the Dark Web (if there are any) is that it is very hard to stumble upon and get in trouble.  The Dark Web requires a special browser, then you need to search for the Web site addresses, and most of the time those do not work.  If you do get embroiled in the Dark Web, merchants of illegal goods will do their best to earn your trust and your dollars.  Natuilus explains how in the article, “How Darknet Sellers Built Trust.”

There is always a risk buying online, even from reputable places like eBay and Amazon.  The Dark Web, however, has a very high buyer satisfaction rate and sellers are reputable.  One would think that the Dark Web would be chock full of scammers, but it is not.  Before the FBI shut down the Silk Road in 2013, an illegal drug marketplace, more than 100 of drug orders the agency placed tested for high purity levels.

Reputation is everything for Dark Web sellers and their selling profiles mirror eBay and Amazon.  There are even discount programs, sales, and loyalty programs; even more amazing are the sellers that appeal to buyer’s ethics by selling “organic” and “conflict-free” drugs.  While Dark Web sellers have a high approval rate, it is possible that the feedback is inflated.

Social pressure encourages us to leave high scores in public forums. If you have experienced an Uber driver saying at the end of a trip, “You give me five stars, I’ll give you five stars, ” that’s tit for tat or grade inflation in action. I know I’m reluctant to give a driver a rating lower than four stars even if I have sat white-knuckled during the ride as he whizzed through lights and cut corners. Drivers risk being kicked off the Uber platform if their ratings dip below 4.6 and I don’t want to be responsible for them losing, in some instances, their livelihood. Maybe they are just having a bad day. That, and the driver knows where I live. In other words, reviews spring from a complex web of fear and hope. Whether we are using our real name or a pseudonym, we fear retaliation and also hope our niceties will be reciprocated.

Despite the “inflation,” sellers and buyers are quite happy with their illegal marketplace.  It takes the place of the street dealer and there is a chain of accountability in online discussion forums.  The risk factor is also taken out.  It is a lot safer to have drugs delivered to a mailbox than meeting someone in a dark alley.

The Dark Web marketplace is a white collar retail experience, except the products sold, are illegal.  At least they offer discounts on multiple purchases and fewer stabbings.

Whitney Grace, February 27, 2018

Written by Stephen E. Arnold · Filed Under Dark Web, Marketing, News, Security | 1 Comment 

No Google Makes People Go Crazy

February 26, 2018

Beyond being the top search engine in the western world, Google has wormed its way into our daily lives with more than one service.  Google offers email, free Web storage, office suite software (word processing, presentations, spreadsheets), blogging software, YouTube, online ad services, and many more.  If we did not have Google, many of us would experience withdrawal symptoms.  So what would you do without Google?  TechCrunch posted the article,“That Time I Got Locked Out Of My Google Account For A Month” and author Ron Miller explained how it impacted his life.

Miller, like most of us, forgot his Google password and jumped through the hoops to recover it.  After plying the red tape, he was denied access to his account and was simply locked out.  The biggest problem was that he did not have any recourse.  As a technology journalist, Miller had Google contacts, but without that access, he did not know what he would have done.  Miller’s Google contact tried to get support for his case, but for two weeks he was given the runaround.  Finally, the PR contact came through and using an alternate email address, Miller finally had access to his sweet, sweet Google data.

Miller learned that there was little he could have done without his PR contact and others locked out of the accounts are SOL.  What is a Google user supposed to do?

The only thing I can suggest, and which I think I will do in the future, is to use a password manager and don’t leave it to chance. One day you could click “Forgot Password” and that could be the last time you access your Google account.  Your digital life could be hanging by that thin thread called your password, and if you can’t remember it at some point, it is like you don’t exist and you are cut off.

Hey, Google, please make retrieving a password easier!

Whitney Grace, February 26, 2018

Written by Stephen E. Arnold · Filed Under Google, News, search engine, Security | Comments Off on No Google Makes People Go Crazy 

Just Checking Out Source Code. For Security.

February 18, 2018

Russia and the US have an uneasy alliance, but economic trade and technology ease the tension. When it comes to defense software, Russia apparently purchased some from international brands based in the US. The only problem is that it might put the US in danger. SC Media explains how in the article, “Global Tech Firms Let Russian Defense Agency Peek Into Source Code To Search For Flaws.”

The situation, as reported, is that US tech companies McAfee, Symantec, Micro Focus, and SAP have allowed a Russian defense agency access to the source code in order to find vulnerabilities. Russia claims it is to prevent bad actors from using the software, but the US sees it a different way.

The Pentagon and lawmakers are not too happy with the tech companies. It sounds like a chase to earn the almighty dollar…er…ruble. How does the US feel in their own words?

“‘I fear that access to our security infrastructure – whether it be overt or covert – by adversaries may have already opened the door to harmful security vulnerabilities,’ Sen. Jeanne Shaheen, D-N.H., said, according to Reuters.The software is used not only by the Pentagon, the report said, but also at NASA, the State Department, the FBI and within the intelligence community, where it’s used to fend off attacks by nation-states such as Russia. ‘Even letting people look at source code for a minute is incredibly dangerous,’ Reuters quoted Steve Quane, executive vice president for network defense at Trend Micro, as saying.”

Who will win, US security or demand for profit?

Whitney Grace, February 18, 2018

Written by Stephen E. Arnold · Filed Under News, Security | 1 Comment 

Apple and Its Snowden Moment

February 14, 2018

I don’t pay much attention to the antics of Apple, its employees, or its helpers. I did note this story in Boy Genius Report: “We Now Know Why an Apple Employee Decided to Leak Secret iPhone Code.” My take is that the trigger was a bit of the high school science club mentality and the confusion of what is straight and true with the odd ball ethos of clever, young tech wizards.

The cat is out of the bag. Removing content from Github does not solve the problem of digital information’s easy copy feature.

How will Apple handle its Snowden moment? Will the leaker flee to a friendly computing nation state like Google or Microsoft? Will the Apple iPhone code idealist hole up in a Motel 6 at SFO until the powers that be can debrief him and move him to a safe cubicle?

I think the episode suggests that insider threats are a challenge in today’s online environment. With the report that security service providers are suffering from false positives, the reality of protecting secrets is a bit different from the fog of assumption that some have about their next generation systems. I call it the “illusion of security.”

Reality is what one makes it, right?

Stephen E Arnold, February 14, 2018

Written by Stephen E. Arnold · Filed Under cybercrime, cybersecurity, News, Security | 1 Comment 

Russia Considers Building a Garden Wall

February 14, 2018

In a move that could presage the future of the internet, Russia is considering a walled garden for itself and its fellow BRICS members; TechDirt reports, “Russia Says Disconnecting From the Rest of the Net ‘Out of the Question,’ but Wants Alternative DNS Servers for BRICS Nations.” We learn it was the Russian Security Council that recommended its government develop this infrastructure, proposing the creation of a separate, independent DNS backup system. The write-up observes:

Perhaps the most interesting aspect of the story is the following comment by Putin’s Press Secretary, Dmitry Peskov: ‘Russia’s disconnection from the global internet is of course out of the question,’ Peskov told the Interfax news agency. However, the official also emphasized that ‘recently, a fair share of unpredictability is present in the actions of our partners both in the US and the EU, and we [Russia] must be prepared for any turn of events.’ That offers a pragmatic recognition that disconnection from the global Internet is no longer an option for a modern state, even if Iran begs to differ. It’s true that local DNS servers provide resilience, but they also make it much easier for a government to limit access to foreign sites by ordering their IP addresses to be blocked — surely another reason for the move.

The “unpredictability” of the US and Europe? That’s a bit rich. We’re reminded Russia has been trying to localize control over parts of the Internet since at least 2012, and it looks like its fellow BRICS members may be supportive.

Cynthia Murrell, February 14, 2018

Written by Stephen E. Arnold · Filed Under Government, Internet, News, Security | Comments Off on Russia Considers Building a Garden Wall 

Strava: Revealing Secrets

January 28, 2018

I read “Fitness Tracker Heat Map Reveals Sensitive Information about US Soldiers around the World.” The main point is that Strava has aggregated data from a variety of sources. The data from Fitbit-type devices reveals details about certain facilities; for example, military bases. The write up stated:

Strava boasts 27 million users around the world, including people using Fitbit, Jawbone and Vitofit and the company’s mobile app. It posted the Global Heat Map online in November 2017, which shows a pattern of accumulated activity over the two-year period, shows activity in war zones and deserts in countries including Iraq and Syria.

Security risk or a way to identify popular paths and highways?

Stephen E Arnold, January 28, 2018

Written by Stephen E. Arnold · Filed Under News, Security | Comments Off on Strava: Revealing Secrets 

Encryption and Decryption: A Difficult Global Problem

January 10, 2018

I read “FBI’s Wray Calls for Significant Innovation’ in Accessing Encrypted Data.” The story echoed a statement which appeared in one of the technical product sheets from a company few people reading generalized online content have heard about.

The firm is Shoghi, and it is based in India. The main business of the firm is designing and licensing hardware and software for military and law enforcement use. The company can acquire data from a range of sources, including undersea cables. In the company’s description of its https intercept service, I noted this statement:

“Interception of this secure HTTPS traffic is possible at various point but it is normally not possible to achieve the decryption of the HTTPS traffic due to the secrecy algorithms used for encryption of the data.”

HTTPS poses a challenge. Encrypted hardware poses a problem. The volume of data continues to increase.

When a major lawful intercept company is quite explicit about the difference between intercept (capture) and being able to “read” the information, the problem is not confined to the US. Shoghi has as customers more than 65 countries and, it appears, each has the same problem.

Jumping back to the Fox story and Mr. Wray’s call for innovation, I want to point out that:

  1. The problem is not just the FBI’s; it is a problem for many authorities
  2. The “weakening” of the Internet is a powerful argument; however, as the fabric of security continues to fray from insider and outsider activities continues to capture headlines, the Internet has not become weak. The Internet is what it was designed to be: Robust in delivering packets and weak in terms of inherent security.
  3. The technical innovation referenced in the write up is what Shoghi wants its licensees to do: Figure out how to make sense of the captured data.
  4. The solution may reside with specialist firms which have developed technologies which perform date and time stamp analysis, clustering, digital fingerprinting of handles (user names), link analyses, and other text processing methods.

To sum up, Mr. Wray has identified a problem. Keep in mind that it is one that exists for countries other than the US. From my point of view, identifying specialists with non-intuitive ways of approaching the encryption problem warrant additional funding in the efforts to crack this “problem.”

My Dark Web Notebook team has compiled a list of companies with orthogonal approaches. We do make this information available on a fee basis. If you are interested, write benkent2020 at yahoo dot com for more information. Also, the January 23, 2018 “Dark Cyber” video includes a segment about the encryption problem for lawful intercept and surveillance vendors.

Stephen E Arnold, January 10, 2018

Written by Stephen E. Arnold · Filed Under DarkCyber, News, Security | Comments Off on Encryption and Decryption: A Difficult Global Problem 

Machine Learning Becomes Major Battle Ground

December 14, 2017

It has been known for a while that machine learning is the next great platform for tech visionaries to master. While this ground level opportunity gives many a chance to make a mark, the big names in tech are catching up quick. We got a hint about this competition from the recent Recorded Future press release, “Recorded Future Expands Automated Threat Intelligence Solution With Analyst-Originated Intelligence.”

According to the story:

By adding current and finished threat intelligence to the broadest compilation of machine learning and natural language processing generated intelligence, only Recorded Future can provide organizations with the relevant expert insights and analysis they need for operational improvements and targeted risk reduction.

 

This new analyst-originated information provides customers with access to new insight as well as additional third-party intelligence research on threat actors, vulnerabilities, malware, and other indicators of compromise (IOCs). It is available in multiple formats to suit the diverse needs of customers.

Recorded Future has a bright future, no doubt about it. But we’d be leery of putting all our money on this horse. At this very moment, Amazon is gearing up to get a serious foothold in the world of machine learning. Seeing the merchandising giant getting into this arena is a terrifying threat to any startup. Be on the lookout.

Patrick Roland, December 14, 2017

Written by Stephen E. Arnold · Filed Under AI, Amazon, News, Security | Comments Off on Machine Learning Becomes Major Battle Ground 

Instant Messaging Security Is Becoming a Serious Issue

November 29, 2017

It might sound like a problem from twenty years ago, but the security of instant messages is a serious concern. We didn’t even know it was a thing, but once we started digging—yikes. We started this journey with the Make Use Of article, “Signal Desktop Brings Secure Messaging to Your PC.”

According to the story:

Signal, the messaging app which values privacy above all else, now has a standalone desktop app. Signal Desktop, which is available for Windows, MacOS, and Linux, replaces the Signal Chrome app. The app itself isn’t very different, but having a dedicated desktop offering is always welcome.

 

While most of the big messaging apps are starting to take your privacy seriously, Signal has made this its number one priority. This has made it popular with people for whom privacy is of the utmost importance, such as politicians and journalists. All of whom can now use Signal Desktop.

Sounds like Signal is hitting the desktop market just in time. A recent study found that doctors are sharing sensitive patient information via instant messaging software. Whoa. If anything should be secure, it’s that. Let’s hope they get onboard soon.

Patrick Roland, November 29, 2017

Written by Stephen E. Arnold · Filed Under Applications, News, Security, Windows | Comments Off on Instant Messaging Security Is Becoming a Serious Issue 

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta