Browse > Home / Archive by category 'Security'

Good Old Sleuthing Can Still Beat Dark Web

November 8, 2016

Undercover investigative work of different agencies in Bergen County, New York resulted in arrest of an 18-year old man who was offering hitman services over the Dark Net.

As reported by Patch.com in news report titled Hitman Who Drove To Mahwah For Meeting Arrested: Prosecutor :

The Mahwah Police Department, Homeland Security Investigations, and the Bergen County Prosecutor’s Office Cyber Crimes Unit investigated Rowling, a Richmondville, New York resident. Rowling allegedly used the dark web to offer his services as a hitman.

Tracking Dark Web participants are extremely difficult, thus undercover agents posing as buyers were scouting hitmen in New York. Rowling without suspecting anything offered his services in return for some cash and a gun. The meeting was fixed at Mason Jar in Mahwah where he was subsequently arrested and remanded to Bergen County Jail.

As per the report, Rowling is being charged with:

In addition to conspiracy to murder, Rowling was charged with possession of a weapon for an unlawful purpose, unlawful possession of a weapon, and possession of silencer, Grewal said.

Drug traffickers, hackers, smugglers of contraband goods and narcotics are increasingly using the Dark Web for selling their goods and services. Authorities under such circumstances have no option but to use old techniques of investigation and put the criminals behind bars. However, most of the Dark Net and its participants are still out of reach of law enforcement agencies.

Vishal Ingole, November 8, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Dark Web, Legal matters, News, Security, Technology | Comments Off on Good Old Sleuthing Can Still Beat Dark Web 

Lucidworks Hires Watson

November 7, 2016

One of our favorite companies to track is Lucidworks, due to their commitment to open source technology and development in business enterprise systems.  The San Diego Times shares that “Lucidworks Integrates IBM Watson To Fusion Enterprise Discovery Platform.”  This means that Lucidworks has integrated IBM’s supercomputer into their Fusion platform to help developers create discovery applications to capture data and discover insights.  In short, they have added a powerful big data algorithm.

While Lucidworks is built on open source software, adding a proprietary supercomputer will only benefit their clients.  Watson has proven itself an invaluable big data tool and paired with the Fusion platform will do wonders for enterprise systems.  Data is a key component to every industry, but understanding and implementing it is difficult:

Lucidworks’ Fusion is an application framework for creating powerful enterprise discovery apps that help organizations access all their information to make better, data-driven decisions. Fusion can process massive amounts of structured and multi-structured data in context, including voice, text, numerical, and spatial data. By integrating Watson’s ability to read 800 million pages per second, Fusion can deliver insights within seconds. Developers benefit from this platform by cutting down the work and time it takes to create enterprise discovery apps from months to weeks.

With the Watson upgrade to Lucidworks’ Fusion platform, users gain natural language processing and machine learning.  It makes the Fusion platform act more like a Star Trek computer that can provide data analysis and even interpret results.

Whitney Grace, November 7, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under algorithms, Data, IBM Watson, News, Security | Comments Off on Lucidworks Hires Watson 

Hackers Having Field Day with Mirai Botnet

November 7, 2016

The massive cyber-attack that crippled major website across the US on October 21 was executed using an extensive network of infected computers and smart devices. The same botnet is now on sale on Dark Web which will enable hackers to launch similar or even massive attacks in the future.

As reported by Cyberscoop in article titled You can now buy a Mirai-powered botnet on the dark web:

A botnet of this size could be used to launch DDoS attacks in addition to automated spam and ransomware campaigns. The price tag was $7,500, payable in bitcoin. The anonymous vendor claimed it could generate a massive 1 terabit per second worth of internet traffic.

The particular botnet used in the Dyn attack are all infected with Mirai malware. Though the source code of the malware is freely available across hacker forums, a vendor over Dark Net is offering ready to use Mirai-Powered botnet for $7,500. This enables any hacker to launch DDoS attack of any scale on any network across the globe.

As the article points out:

With the rise of Mirai, experts say the underground DDoS market is shifting as vendors now have the ability to supercharge all of their offerings; giving them an avenue to potentially find new profits and to sell more destructive DDoS cannons.

Though the botnet at present is for sale, soon the prices may drop or even become free enabling a teenager sitting at home to bring down any major network down with few clicks. Things already have been set in motion, it only needs to be seen, when and where the next attack occurs.

Vishal Ingole, November 7,  2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Dark Web, Marketing, News, Security, Technology | 2 Comments 

Genetics Are Biased

November 4, 2016

DNA does not lie. DNA does not lie if conducted accurately and by an experienced geneticist.  Right now it is popular for people to get their DNA tested to discover where their ancestors came from.  Many testers are surprised when they receive their results, because they learn their ancestors came from unexpected places.  Black Americans are eager to learn about the genetics, due to their slave ancestry and lack of familial records.  For many Black Americans, DNA is the only way they can learn where their roots originated, but Africa is not entirely cataloged.

According to Science Daily’s article “Major Racial Bias Found In Leading Genomics Database,” if you have African ancestry and get a DNA test it will be difficult to pinpoint your results.  The two largest genomics databases that geneticists refer to contain a measurable bias to European genes.  From a logical standpoint, this is understandable as Africa has the largest genetic diversity and remains a developing continent without the best access to scientific advances.  These provide challenges for geneticists as they try to solve the African genetic puzzle.

It also weighs heavily on black Americans, because they are missing a significant component in their genetic make-up they can reveal vital health information.  Most black Americans today contain a percentage of European ancestry.  While the European side of their DNA can be traced, their African heritage is more likely to yield clouded results.  On a financial scale, it is more expensive to test black Americans genetics due to the lack of information and the results are still not going to be as accurate as a European genome.

This groundbreaking research by Dr. O’Connor and his team clearly underscores the need for greater diversity in today’s genomic databases,’ says UM SOM Dean E. Albert Reece, MD, PhD, MBA, who is also Vice President of Medical Affairs at the University of Maryland and the John Z. and Akiko Bowers Distinguished Professor at UM SOM. ‘By applying the genetic ancestry data of all major racial backgrounds, we can perform more precise and cost-effective clinical diagnoses that benefit patients and physicians alike.

While Africa is a large continent, the Human Genome Project and other genetic organizations should apply for grants that would fund a trip to Africa.  Geneticists and biologists would then canvas Africa, collect cheek swabs from willing populations, return with the DNA to sequence, and add to the database.  Would it be expensive?  Yes, but it would advance medical knowledge and reveal more information about human history.  After all, we all originate from Mother Africa.

Whitney Grace, November 4, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Data, Database, News, Privacy, Search, Security | 1 Comment 

Worried about Risk? Now Think about Fear

November 3, 2016

I clicked through a remarkable listicle offered by CSO Magazine from my contract savvy pals at IDG. I don’t know much about risk, but I have encountered fear before. I recall an MBA Wall Street person who did not have enough cash to pay for lunch. I picked up the tab. That fellow had fear in his eyes because his firm had just gone out of business. Paying for a car service, nannies, country clubs, and a big house triggered the person’s fright.

abu gharaib fix

You can be captured and tortured in an off the grid prison. Be afraid. Embrace IDG and be safe. Sort of. Maybe.

Well, CIO Magazine wants to use technology to make you, gentle reader, fearful. In case you are not nervous about your job, the London tabloids reports about a nuclear war, and the exploding mobile phone in your pocket.

Here are the “fears” revealed in “Frightening Technology Trends to Worry About.” Here we go:

  1. Overlooked internal threats. (Yes, someone in your organization is going to destroy you and your livelihood.)
  2. Finding and retaining top talent. (Of course, Facebook or Palantir will hire the one person who can actually make your firm’s software and systems work.)
  3. Multiple generations in the workforce. (Yes, what’s an old person going to do when dealing with those under 25. You are doomed. Doomed, I say.)
  4. Shifts in compliance. (Yes, the regulatory authorities will find violations and prevent your organization from finding new sources of revenue.)
  5. Migrating to the cloud. (Yes, the data are in the cloud. When you lose a file, that cherished document may be gone forever. Plus, the IT wizard at your firm now works at Palantir and is not answering your texts.)
  6. Getting buy in on hyper convergence. (Yes, you are pushing the mantra “everything is digital” and your colleagues wonder if you have lost your mind. Do you see hyper pink elephants?)
  7. Phishing and email attacks. (Yes, your emails are public. Did you use the company system to organize a Cub Scout bake sale, buy interesting products, or set up an alias and create a bogus Twitter account?)
  8. Hacktivism. (Yes, you worry about hackers and activism. Both seem bad and both are terrifying to you. Quick click on the link from Google telling you your account has been compromised and you need to change your password. Do it. Do it now.)
  9. The next zero day attack. (Yes, yes. You click on a video on an interesting Web site and your computing device is compromised. A hacker has your data and control of your mobile phone. And your contacts. My heavens, your contacts. Gone.)
  10. The advanced persistent threat. (Yes, yes, yes. Persistent threats. No matter what you do, your identify will be stolen and your assets sucked into a bank in Bulgaria. It may be happening now. Now I tell you. Now.)
  11. Mobile exploits. (Oh, goodness. Your progeny are using your old mobile phones. Predators will seek them out and strike them down with digital weapons. Kidnapping is a distinct possibility. Ransom. The news at 6 pm. Oh, oh, oh.)
  12. State sponsored attacks. (Not Russia, not China, not a Middle Eastern country. You visited one of these places and enjoyed the people. The people are wonderful. But the countries’ governments will get you. You are toast.)

How do you feel, gentle reader. Terrified. Well, that’s what CSO from IDG has in mind. Now sign up for the consulting services and pay to learn how to be less fearful. Yes, peace of mind is there for the taking. No Zen retreat in Peru. Just IDG, the reassuring real journalistic outfit. Now about those contracts, Dave Schubmehl?

Stephen E Arnold, October 3, 2016

Written by Stephen E. Arnold · Filed Under News, Security, Technology | Comments Off on Worried about Risk? Now Think about Fear 

Job Hunting in Secret Is Not So Secret

November 3, 2016

While the American economy has recovered from the recession, finding a job is still difficult.  Finding a new job can be even harder has you try to be discreet while handling emails, phone calls, and Web traffic under the radar.  A bit of advice is to not search for jobs while at your current position, but that is easier said than done in many respects.  Social media is a useful job seeking tool and LinkedIn now offers a job search incognito mode.  SlashGear discusses the new mode in the article, “LinkedIn’s Open Candidates Feature Helps You Find A Job In Secret.”

The Open Candidates feature allows LinkedIn users to search for a new job while hiding their job search activity from their current employer.  It will try to hide your job search activity, while at the same time it will add a new search feature for recruiters that displays profiles of people who have listed themselves under the Open Candidates feature.  The hope is that it will bring more opportunity to these people.

However, nothing is ever secret on the Internet and LinkedIn can only do its best to help you:

While the new feature will probably be welcome by people who would prefer to carry out a job search while ruffling as few feathers as possible, LinkedIn does warn that even it will try to prevent your current employer from seeing that you’ve listed yourself as an Open Candidate, it can’t guarantee that it will be able to identify all of the recruiters associated with your company.  In other words, use at your own risk.

If you work in a company that tracks your online social life or for a tech organization, you will have difficulty using this feature.  LinkedIn and Microsoft employees will definitely need to use the first piece of advice, search for a new job on your personal computer/device using your own Internet.

Whitney Grace, November 3, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Data, Microsoft, News, Search, Security, Social Media | Comments Off on Job Hunting in Secret Is Not So Secret 

The CIA Claims They Are Psychic

November 2, 2016

Today’s headline sounds like something one would read printed on a grocery store tabloid or a conspiracy Web site.  Before I start making claims about the Illuminati, this is not a claim about magical powers, but rather big data and hard science…I think.  Defense One shares that, “The CIA Says It Can Predict Social Unrest As Early As 3 To 5 Days Out.”  While deep learning and other big data technology is used to drive commerce, science, healthcare, and other industries, law enforcement officials and organizations are using it to predict and prevent crime.

The CIA users big data to analyze data sets, discover trends, and predict events that might have national security ramifications.  CIA Director John Brennan hired Andrew Hallman to be the Deputy Director for Digital Innovations within the agency.  Under Hallman’s guidance, the CIA’s “anticipatory intelligence” has improved.  The CIA is not only using their private data sets, but also augment them with open data sets to help predict social unrest.

The big data science allows the CIA to make more confident decisions and provide their agents with better information to assess a situation.

Hallman said analysts are “becoming more proficient in articulating” observations to policymakers derived in these new ways. What it adds up to, Hallman said, is a clearer picture of events unfolding—or about to unfold—in an increasingly unclear world.

What I wonder is how many civil unrest events have been prevented?  For security reasons, some of them remain classified.  While the news is mongering fear, would it not be helpful if the CIA shared some of its success stats with the news and had them make it a priority to broadcast it?

Whitney Grace, November 2, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Analytics, Big data, Government, News, Privacy, Security | Comments Off on The CIA Claims They Are Psychic 

Facial Recognition Fraught with Inaccuracies

November 2, 2016

Images of more than 117 million adult Americans are with law enforcement agencies, yet the rate of accurately identifying people accurately is minuscule.

A news report by The Register titled Meanwhile, in America: Half of adults’ faces are in police databases says:

One in four American law enforcement agencies across federal, state, and local levels use facial recognition technology, the study estimates. And now some US police departments have begun deploying real-time facial recognition systems.

Though facial recognition software vendors claim accuracy rates anywhere between 60 to 95 percent, statistics tell an entirely different story:

Of the FBI’s 36,420 searches of state license photo and mug shot databases, only 210 (0.6 per cent) yielded likely candidates for further investigations,” the study says. “Overall, 8,590 (4 per cent) of the FBI’s 214,920 searches yielded likely matches.

Some of the impediments for accuracy include low light conditions in which the images are captured, lower procession power or numerous simultaneous search requests and slow search algorithms. The report also reveals that human involvement also reduces the overall accuracy by more than 50 percent.

The report also touches a very pertinent point – privacy. Police departments and other law enforcement agencies are increasingly deploying real-time facial recognition. It not only is an invasion of privacy but the vulnerable networks can also be tapped into by non-state actors. Facial recognition should be used only in case of serious crimes, using it blatantly is an absolute no-no. It can be used in many ways for tracking people, even though they may not be criminals. Thus, it remains to be answered, who will watch the watchmen?

Vishal Ingole, November 2, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Digital Library, Federated search, Government, News, Search, Security, Technology | 1 Comment 

Americans Are Complacent About Online Data Breaches

November 1, 2016

Users of email, social networks, and other online services are aware of possible dangers that data breaches cause, but surprisingly are less concerned about it in 2016, a survey reveals.

Observer recently published a report titled Fears of the Web’s Dark Side—Strangely—Are Not Growing, which reveals:

People’s fears about their email being hacked have receded somewhat since 2014, bizarrely. Across the 1,071 Americans surveyed, that particular worry receded from 69 to 71 percent.

The survey commissioned by Craigconnects also reveals that online users are no longer very concerned about their data getting leaked online that may be used for identity theft; despite large scale breaches like Ashley Madison. Users, as the survey points out have accepted it as a trade-off for the convenience of Internet.

The reason for the complacency setting in probably lies in the fact that people have realized:

The business of social media company is built upon gathering as much information as possible about users and using that information to sell ads,” Michael W. Wellman, CEO of Virgil Security wrote the Observer in an email. “If the service is free, it’s the user that’s being sold.

Nearly 7 percent Americans are victims of identity theft. This, however, has not dissuaded them from taking precautionary measures to protect their identity online. Most users are aware that identity theft can be used for stealing money from bank accounts, but there are other dangers as well. For instance, prescription medication can be obtained legally using details of an identity theft victim. And then there are uses of the stolen data that only Dark Web actors know where such data of millions of victims is available for few hundred dollars.

Vishal Ingole November 1, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Dark Web, News, Security, Social Media, Technology | Comments Off on Americans Are Complacent About Online Data Breaches 

Cyber Security Factoids

October 31, 2016

I came across “Luxembourg to Become a Cyber Security Hub.” I usually ignore these blue chip consulting firm public relations love fests. I did not some interesting factoids in the write up. Who knows if these are correct, but some large organizations pay a lot of money to have the MBAs and accountants deliver these observations:

  • “In Luxembourg, 57%* of players expect to be the victim of cybercrime in the next 24 months.” (I assume that “players” are companies which the consulting firm either has as clients or hopes to make into clients.)
  • There are four trends in cyber security: “1) digital businesses are adopting new technologies and approaches to Cyber Security, 2) threat intelligence and information sharing have become business-critical, 3) organizations are addressing risks associated with the Internet of Things (IoT), and 4) geopolitical threats are rising.”
  • “In the 2017 Global State of Information Security Survey, PwC found more than 80% of European companies had experienced at least on Cyber Security incident in the past year. Likewise, the number of digital security incidents across all industries worldwide rose by 80%. The spending in the Cyber Security space is also increasing with 59% of the companies surveyed affirming that digitalization of the business ecosystem has affected their security spending.”
  • Companies the consulting firm finds interesting include: “Digital Shadows from the UK, Quarkslab from France, SecurityScorecard, enSilo, Skybox Security and RedOwl from the US, NetGuardians from Switzerland,Ironscales and Morphisec from Israel, and Picus Security from Turkey.”

Interesting.

Stephen E Arnold, October 31, 2016

Written by Stephen E. Arnold · Filed Under Consulting, News, Online (general), Security | Comments Off on Cyber Security Factoids 

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta