Cyber Security Factoids
October 31, 2016
I came across “Luxembourg to Become a Cyber Security Hub.” I usually ignore these blue chip consulting firm public relations love fests. I did not some interesting factoids in the write up. Who knows if these are correct, but some large organizations pay a lot of money to have the MBAs and accountants deliver these observations:
- “In Luxembourg, 57%* of players expect to be the victim of cybercrime in the next 24 months.” (I assume that “players” are companies which the consulting firm either has as clients or hopes to make into clients.)
- There are four trends in cyber security: “1) digital businesses are adopting new technologies and approaches to Cyber Security, 2) threat intelligence and information sharing have become business-critical, 3) organizations are addressing risks associated with the Internet of Things (IoT), and 4) geopolitical threats are rising.”
- “In the 2017 Global State of Information Security Survey, PwC found more than 80% of European companies had experienced at least on Cyber Security incident in the past year. Likewise, the number of digital security incidents across all industries worldwide rose by 80%. The spending in the Cyber Security space is also increasing with 59% of the companies surveyed affirming that digitalization of the business ecosystem has affected their security spending.”
- Companies the consulting firm finds interesting include: “Digital Shadows from the UK, Quarkslab from France, SecurityScorecard, enSilo, Skybox Security and RedOwl from the US, NetGuardians from Switzerland,Ironscales and Morphisec from Israel, and Picus Security from Turkey.”
Interesting.
Stephen E Arnold, October 31, 2016
Big Brother Now in Corporate Avatar
October 31, 2016
Companies in the US are now tracking employee movements and interactions to determine how productive their assets are. Badges created by Humanyze; embedded in employee IDs track these key indicators and suggest appropriate measures to help improve employee productivity.
An article published on Business Insider titled Employees at a dozen Fortune 500 companies wear digital badges that watch and listen to their every move reveals:
Humanyze visualizes the data as webs of social interaction that reveal who’s talking to whom on a by-the-second basis. The goal: Revolutionize how companies think about how they organize themselves.
The badges though only track employees who have explicitly given permission to track their working hours, imagination is the only inhibiting factor that will determine how the meta-data can be used. For instance, as the badges are being embedded into employee IDs (that already have chips), it can also be used by someone with right tools to track the movement of an employee beyond working hours.
Social engineering in the past has been used in the past to breach IT security at large organizations. With Humanyze badges, hackers now will have one more weapon in their arsenal.
One worrisome aspect of these badges becomes apparent here:
But the badges are already around the necks of more than 10,000 employees in the US, Waber says. They’ve led to wild insights. One client moves the coffee machine around each night, so the next morning employees in nearby departments naturally talk more.
The ironic part is, companies are exposing themselves to this threat. Google, Facebook, Amazon are already tracking people online. With services like Humanyze, the Big Brother has also entered the corporate domain. The question is not how the data will be used by hacked; it’s just when?
Vishal Ingole October 31, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Online Drugs Trade Needs Surgical Strikes
October 25, 2016
Despite shutdown of Silk Road by the FBI in 2013, online drug trade through Dark Net is thriving. Only military-precision like surgical strikes on vendors and marketplaces using technological methods can solve this problem.
RAND Corporation in its research papaer titled Taking Stock of the Online Drugs Trade says that –
Illegal drug transactions on cryptomarkets have tripled since 2013, with revenues doubling. But at $12-21 (€10.5-18.5) million a month, this is clearly a niche market compared to the traditional offline market, estimated at $2.3 (€2) billion a month in Europe alone.
The primary goal of the research paper was to determine first, the size and scope of cryptomarkets and second, to device avenues for law enforcement agencies to intervene these illegal practices. Though the report covered the entire Europe, the role of Netherlands, in particular, was studied in this report. This was owing to the fact that Netherlands has the highest rate of consumption of drugs acquired using cryptomarkets.
Some interesting findings of the report include –
- Though revenues have doubled, drug cryptomarkets are still niche and generate revenues of $21 million/month as compared to $2.1 billion in offline trade.
- Cannabis still is the most in demand followed by stimulants like cocaine and ecstasy-type drugs
- Vendors from US, Australia, Canada and Western Europe dominate the online marketplace
Apart from following the conventional methods of disrupting the drug trade (dismantling logistics, undercover operations, and taking down marketplaces), the only new method suggested includes the use of Big Data techniques.
Cryptomarkets are going to thrive, and the only way to tackle this threat is by following the money (in this case, the cryptocurrencies). But who is going to bell the cat?
Vishal Ingole, October 25, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Half of the Largest Companies: Threat Vulnerable
October 24, 2016
Compromised Credentials, a research report by Digital Shadows reveals that around 1,000 companies comprising of Forbes Global 2000 are at risk as credentials of their employees are leaked or compromised.
As reported by Channel EMEA in Digital Shadows Global Study Reveals UAE Tops List in Middle East for…
The report found that 97 percent of those 1000 of the Forbes Global 2000 companies, spanning all businesses sectors and geographical regions, had leaked credentials publicly available online, many of them from third-party breaches.
Owing to large-scale data breaches in recent times, credentials of 5.5 million employees are available in public domain for anyone to see. Social networks like LinkedIN, MySpace and Tumblr were the affliction points of these breaches, the report states.
Analyzed geographically, companies in Middle-East seem to be the most affected:
The report revealed that the most affected country in the Middle East – with over 15,000 leaked credentials was the UAE. Saudi Arabia (3360), Kuwait (203) followed by Qatar (99) made up the rest of the list. This figure is relatively small as compared to the global figure due to the lower percentage of organizations that reside in the Middle East.
Affected organizations may not be able to contain the damages by simply resetting the passwords of the employees. It also needs to be seen if the information available is contemporary, not reposted and is unique. Moreover, mere password resetting can cause lot of friction within the IT departments of the organizations.
Without proper analysis, it will be difficult for the affected companies to gauge the extent of the damage. But considering the PR nightmare it leads to, will these companies come forward and acknowledge the breaches?
Vishal Ingole, October 24, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Twitter: A Security Breach
October 21, 2016
Several years ago, the Beyond Search Twitter account was compromised. I received emails about tweets relating to a pop singer named Miley Cyrus. We knew the Twitter CTO at the time and it took about 10 days to fix the issue. At that time, I knew that Twitter had an issue.
I read “Passwords for 32 Million Twitter Accounts May Have Been Hacked and Leaked.” I learned:
the data comes from a Twitter hack in which 32 million Twitter accounts may have been compromised. The incident and the news comes from a rather unusual source that lets you download such data and even lets you remove yourself from the listing for free.
No word about how many days will be consumed addressing affected accounts.
Stephen E Arnold, October 21, 2016
Multiple Vendors Form Alliance to Share Threat Intelligence
October 20, 2016
In order to tackle increasing instances of digital security threats, multiple intelligence threat vendors have formed an alliance that will share the intelligence gathered by each of them.
An article that appeared on Network World titled Recorded Future aligns with other threat intelligence vendors states that stated:
With the Omni Intelligence Partner Network, businesses that are customers of both Recorded Future and participating partners can import threat intelligence gathered by the partners and display it within Intelligence Cards that are one interface within Recorded Future’s platform
Apart from any intelligence, the consortium will also share IP addresses that may be origin point of any potential threat. Led by Recorded Future, the other members of the alliance include FireEye iSIGHT, Resilient Systems and Palo Alto Networks
We had earlier suggested about formation inter-governmental alliance that could be utilized for sharing incident reporting in a seamless manner. The premise was:
Intelligence gathered from unstructured data on the Internet such as security blogs that might shed light on threats that haven’t been caught yet in structured-data feeds
Advent of Internet of Things (IoT) will exacerbate the problems for the connected world. Will Omni Intelligence Partner Network succeed in preempting those threats?
Vishal Ingole, October 20, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
What Lurks in the Dark Web?
October 20, 2016
Organizations concerned about cyber security can effectively thwart any threats conditionally they know a threat is lurking in the dark. An Israeli SaaS-based startup claims it can bridge this gap by offering real-time analysis of data on Dark Web.
TechCrunch in an article Sixgill claims to crawl the Dark Web to detect future cybercrime says:
Sixgill has developed proprietary algorithms and tech to connect the Dark Web’s dots by analyzing so-called “big data” to create profiles and patterns of Dark Web users and their hidden social networks. It’s via the automatic crunching of this data that the company claims to be able to identify and track potential hackers who may be planning malicious and illegal activity.
By analyzing the data, Sixgill claims that it can identify illegal marketplaces, data leaks and also physical attacks on organizations using its proprietary algorithms. However, there are multiple loopholes in this type of setup.
First, some Dark Web actors can easily insert red herrings across the communication channels to divert attention from real threats. Second, the Dark Web was created by individuals who wished to keep their communications cloaked. Mining data, crunching it through algorithms would not be sufficient enough to keep organizations safe. Moreover, AI can only process data that has been mined by algorithms, which is many cases can be false. TOR is undergoing changes to increase the safeguards in place for its users. What’s beginning is a Dark Web arms race. A pattern of compromise will be followed by hardening. Then compromise will occur and the Hegelian cycle repeats.
Vishal Ingole, October 20, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
NSA Aftermath in Germany
October 19, 2016
When it was revealed not too long ago that the United States was actively spying on Germany, the country decided it was time to investigate. Netzpolitik wrote an update on Germany’s investigation in “Snowden’s Legacy: Hearing In The Parliament Committee.” The German parliament launched a committee to head the investigation, which included many hearings. At recent hearing in Germany, five USA experts spoke to the committee, including ACLU technologist Charles Soghoian, Watson Institute’s Timothy H. Edgar, ACLU attorney Ashley Gorski, Open Society Foundation senior advisor Morton H. Halperin, and US Access Now policy manager Amie Stepanovich.
The experts met with the committee as a way to ease tensions between the US and Germany, but also share their knowledge about legal issues related to surveillance and individual’s privacy rights. The overall agreement was that current legal framework for handling these issues is outdated and needs to be revamped. There should not be a difference between technical and legal protection when it comes to privacy. As for surveillance and anonymity, there currently is not a legal checks and balances system to rein in intelligence organizations’ power. The bigger problem is not governmental spying, but how the tools are used:
Nevertheless, Christopher Soghoian noted that the real scandal was not that government agencies were spying on their people, but that technology was so poorly secured that it could have been exploited. Historically, encryption and security have had a very low priority for big Internet companies like Google. Snowden turned the discussion upside-down, his disclosures radicalised the very people who design the software the NSA had privately exploited. Therefore, the most important post-Snowden changes were not made in Government hallways but in the technological community, according to Soghoian.
German surveillance technology manufacturers Gamma Group and Trovicor were also mentioned. As the committee was investigating how the NSA violated Germany’s civil rights, of course, a reference was made to the World Wars. What we can pull from this meeting is we need change and technology needs to beef up its security capabilities.
Whitney Grace, October 19, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Pattern of Life Analysis to Help Decrypt Dark Web Actors
October 18, 2016
Google funded Recorded Future plans to use technologies like natural language processing, social network analysis and temporal pattern analysis to track Dark Web actors. This, in turn, will help security professionals to detect patterns and thwart security breaches well in advance.
An article Decrypting The Dark Web: Patterns Inside Hacker Forum Activity that appeared on DarkReading points out:
Most companies conducting threat intelligence employ experts who navigate the Dark Web and untangle threats. However, it’s possible to perform data analysis without requiring workers to analyze individual messages and posts.
Recorded Future which deploys around 500-700 servers across the globe monitors Dark Web forums to identify and categorize participants based on their language and geography. Using advanced algorithms, it then identifies individuals and their aliases who are involved in various fraudulent activities online. This is a type of automation where AI is deployed rather than relying on human intelligence.
The major flaw in this method is that bad actors do not necessarily use same or even similar aliases or handles across different Dark Web forums. Christopher Ahlberg, CEO of Recorded Future who is leading the project says:
A process called mathematical clustering can address this issue. By observing handle activity over time, researchers can determine if two handles belong to the same person without running into many complications.
Again, researchers and not AI or intelligent algorithms will have to play a crucial role in identifying the bad actors. What’s interesting is to note that Google, which pretty much dominates the information on Open Web is trying to make inroads into Dark Web through many of its fronts. The question is – will it succeed?
Vishal Ingole, October 18, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Demand for British Passports Surge on Dark Web Post Brexit
October 17, 2016
A Freedom of Information Act request submitted by British general insurer Esure reveals that 270,000 British passports have been reported missing so far in 2016. A tiny percentage of these passports are for sale on Dark Web for a premium.
In an article by Jennifer Baker titled Dark Web awash with pricey British passports after UK vote for Brexitstates:
The value of a fake British passport has increased by six percent since the vote in favor of Brexit, and is predicted to rise further if rules on European Union freedom of movement change
Each passport is being sold for around $3,360 and upwards in Bitcoin or its equivalent. Restriction of movement across borders from the European Union to the United Kingdom is considered to be the primary reason for the surge in demand for British passports.
While the asking price for smaller EU nation passports remains tepid on Dark Web, experts are warning that instances of British passport thefts will increase by 20 percent next year.
The offline and online black market for British passports is estimated to be around $57 million a year. According to Ms Baker:
The most common hotspots for passport theft included bars and restaurants (14 percent), the beach (14 percent), busy streets (14 percent) and hotel rooms (13 percent). However, it isn’t just overseas as one in five (19 percent) of people reported a passport being stolen from their own homes.
A stolen passport can be used without any hassles till it is reported lost or stolen, and Brexit rules come into force. Even after being reported, the passport can still be used for identity theft and other online scams. Can there be a better way to curb this practice of identity theft, Brexit or not?
Vishal Ingole, October 17, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
