Browse > Home / Archive by category 'Security'

Worried about Risk? Now Think about Fear

November 3, 2016

I clicked through a remarkable listicle offered by CSO Magazine from my contract savvy pals at IDG. I don’t know much about risk, but I have encountered fear before. I recall an MBA Wall Street person who did not have enough cash to pay for lunch. I picked up the tab. That fellow had fear in his eyes because his firm had just gone out of business. Paying for a car service, nannies, country clubs, and a big house triggered the person’s fright.

abu gharaib fix

You can be captured and tortured in an off the grid prison. Be afraid. Embrace IDG and be safe. Sort of. Maybe.

Well, CIO Magazine wants to use technology to make you, gentle reader, fearful. In case you are not nervous about your job, the London tabloids reports about a nuclear war, and the exploding mobile phone in your pocket.

Here are the “fears” revealed in “Frightening Technology Trends to Worry About.” Here we go:

  1. Overlooked internal threats. (Yes, someone in your organization is going to destroy you and your livelihood.)
  2. Finding and retaining top talent. (Of course, Facebook or Palantir will hire the one person who can actually make your firm’s software and systems work.)
  3. Multiple generations in the workforce. (Yes, what’s an old person going to do when dealing with those under 25. You are doomed. Doomed, I say.)
  4. Shifts in compliance. (Yes, the regulatory authorities will find violations and prevent your organization from finding new sources of revenue.)
  5. Migrating to the cloud. (Yes, the data are in the cloud. When you lose a file, that cherished document may be gone forever. Plus, the IT wizard at your firm now works at Palantir and is not answering your texts.)
  6. Getting buy in on hyper convergence. (Yes, you are pushing the mantra “everything is digital” and your colleagues wonder if you have lost your mind. Do you see hyper pink elephants?)
  7. Phishing and email attacks. (Yes, your emails are public. Did you use the company system to organize a Cub Scout bake sale, buy interesting products, or set up an alias and create a bogus Twitter account?)
  8. Hacktivism. (Yes, you worry about hackers and activism. Both seem bad and both are terrifying to you. Quick click on the link from Google telling you your account has been compromised and you need to change your password. Do it. Do it now.)
  9. The next zero day attack. (Yes, yes. You click on a video on an interesting Web site and your computing device is compromised. A hacker has your data and control of your mobile phone. And your contacts. My heavens, your contacts. Gone.)
  10. The advanced persistent threat. (Yes, yes, yes. Persistent threats. No matter what you do, your identify will be stolen and your assets sucked into a bank in Bulgaria. It may be happening now. Now I tell you. Now.)
  11. Mobile exploits. (Oh, goodness. Your progeny are using your old mobile phones. Predators will seek them out and strike them down with digital weapons. Kidnapping is a distinct possibility. Ransom. The news at 6 pm. Oh, oh, oh.)
  12. State sponsored attacks. (Not Russia, not China, not a Middle Eastern country. You visited one of these places and enjoyed the people. The people are wonderful. But the countries’ governments will get you. You are toast.)

How do you feel, gentle reader. Terrified. Well, that’s what CSO from IDG has in mind. Now sign up for the consulting services and pay to learn how to be less fearful. Yes, peace of mind is there for the taking. No Zen retreat in Peru. Just IDG, the reassuring real journalistic outfit. Now about those contracts, Dave Schubmehl?

Stephen E Arnold, October 3, 2016

Written by Stephen E. Arnold · Filed Under News, Security, Technology | Comments Off on Worried about Risk? Now Think about Fear 

Job Hunting in Secret Is Not So Secret

November 3, 2016

While the American economy has recovered from the recession, finding a job is still difficult.  Finding a new job can be even harder has you try to be discreet while handling emails, phone calls, and Web traffic under the radar.  A bit of advice is to not search for jobs while at your current position, but that is easier said than done in many respects.  Social media is a useful job seeking tool and LinkedIn now offers a job search incognito mode.  SlashGear discusses the new mode in the article, “LinkedIn’s Open Candidates Feature Helps You Find A Job In Secret.”

The Open Candidates feature allows LinkedIn users to search for a new job while hiding their job search activity from their current employer.  It will try to hide your job search activity, while at the same time it will add a new search feature for recruiters that displays profiles of people who have listed themselves under the Open Candidates feature.  The hope is that it will bring more opportunity to these people.

However, nothing is ever secret on the Internet and LinkedIn can only do its best to help you:

While the new feature will probably be welcome by people who would prefer to carry out a job search while ruffling as few feathers as possible, LinkedIn does warn that even it will try to prevent your current employer from seeing that you’ve listed yourself as an Open Candidate, it can’t guarantee that it will be able to identify all of the recruiters associated with your company.  In other words, use at your own risk.

If you work in a company that tracks your online social life or for a tech organization, you will have difficulty using this feature.  LinkedIn and Microsoft employees will definitely need to use the first piece of advice, search for a new job on your personal computer/device using your own Internet.

Whitney Grace, November 3, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Data, Microsoft, News, Search, Security, Social Media | Comments Off on Job Hunting in Secret Is Not So Secret 

The CIA Claims They Are Psychic

November 2, 2016

Today’s headline sounds like something one would read printed on a grocery store tabloid or a conspiracy Web site.  Before I start making claims about the Illuminati, this is not a claim about magical powers, but rather big data and hard science…I think.  Defense One shares that, “The CIA Says It Can Predict Social Unrest As Early As 3 To 5 Days Out.”  While deep learning and other big data technology is used to drive commerce, science, healthcare, and other industries, law enforcement officials and organizations are using it to predict and prevent crime.

The CIA users big data to analyze data sets, discover trends, and predict events that might have national security ramifications.  CIA Director John Brennan hired Andrew Hallman to be the Deputy Director for Digital Innovations within the agency.  Under Hallman’s guidance, the CIA’s “anticipatory intelligence” has improved.  The CIA is not only using their private data sets, but also augment them with open data sets to help predict social unrest.

The big data science allows the CIA to make more confident decisions and provide their agents with better information to assess a situation.

Hallman said analysts are “becoming more proficient in articulating” observations to policymakers derived in these new ways. What it adds up to, Hallman said, is a clearer picture of events unfolding—or about to unfold—in an increasingly unclear world.

What I wonder is how many civil unrest events have been prevented?  For security reasons, some of them remain classified.  While the news is mongering fear, would it not be helpful if the CIA shared some of its success stats with the news and had them make it a priority to broadcast it?

Whitney Grace, November 2, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Analytics, Big data, Government, News, Privacy, Security | Comments Off on The CIA Claims They Are Psychic 

Facial Recognition Fraught with Inaccuracies

November 2, 2016

Images of more than 117 million adult Americans are with law enforcement agencies, yet the rate of accurately identifying people accurately is minuscule.

A news report by The Register titled Meanwhile, in America: Half of adults’ faces are in police databases says:

One in four American law enforcement agencies across federal, state, and local levels use facial recognition technology, the study estimates. And now some US police departments have begun deploying real-time facial recognition systems.

Though facial recognition software vendors claim accuracy rates anywhere between 60 to 95 percent, statistics tell an entirely different story:

Of the FBI’s 36,420 searches of state license photo and mug shot databases, only 210 (0.6 per cent) yielded likely candidates for further investigations,” the study says. “Overall, 8,590 (4 per cent) of the FBI’s 214,920 searches yielded likely matches.

Some of the impediments for accuracy include low light conditions in which the images are captured, lower procession power or numerous simultaneous search requests and slow search algorithms. The report also reveals that human involvement also reduces the overall accuracy by more than 50 percent.

The report also touches a very pertinent point – privacy. Police departments and other law enforcement agencies are increasingly deploying real-time facial recognition. It not only is an invasion of privacy but the vulnerable networks can also be tapped into by non-state actors. Facial recognition should be used only in case of serious crimes, using it blatantly is an absolute no-no. It can be used in many ways for tracking people, even though they may not be criminals. Thus, it remains to be answered, who will watch the watchmen?

Vishal Ingole, November 2, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Digital Library, Federated search, Government, News, Search, Security, Technology | 1 Comment 

Americans Are Complacent About Online Data Breaches

November 1, 2016

Users of email, social networks, and other online services are aware of possible dangers that data breaches cause, but surprisingly are less concerned about it in 2016, a survey reveals.

Observer recently published a report titled Fears of the Web’s Dark Side—Strangely—Are Not Growing, which reveals:

People’s fears about their email being hacked have receded somewhat since 2014, bizarrely. Across the 1,071 Americans surveyed, that particular worry receded from 69 to 71 percent.

The survey commissioned by Craigconnects also reveals that online users are no longer very concerned about their data getting leaked online that may be used for identity theft; despite large scale breaches like Ashley Madison. Users, as the survey points out have accepted it as a trade-off for the convenience of Internet.

The reason for the complacency setting in probably lies in the fact that people have realized:

The business of social media company is built upon gathering as much information as possible about users and using that information to sell ads,” Michael W. Wellman, CEO of Virgil Security wrote the Observer in an email. “If the service is free, it’s the user that’s being sold.

Nearly 7 percent Americans are victims of identity theft. This, however, has not dissuaded them from taking precautionary measures to protect their identity online. Most users are aware that identity theft can be used for stealing money from bank accounts, but there are other dangers as well. For instance, prescription medication can be obtained legally using details of an identity theft victim. And then there are uses of the stolen data that only Dark Web actors know where such data of millions of victims is available for few hundred dollars.

Vishal Ingole November 1, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Dark Web, News, Security, Social Media, Technology | Comments Off on Americans Are Complacent About Online Data Breaches 

Cyber Security Factoids

October 31, 2016

I came across “Luxembourg to Become a Cyber Security Hub.” I usually ignore these blue chip consulting firm public relations love fests. I did not some interesting factoids in the write up. Who knows if these are correct, but some large organizations pay a lot of money to have the MBAs and accountants deliver these observations:

  • “In Luxembourg, 57%* of players expect to be the victim of cybercrime in the next 24 months.” (I assume that “players” are companies which the consulting firm either has as clients or hopes to make into clients.)
  • There are four trends in cyber security: “1) digital businesses are adopting new technologies and approaches to Cyber Security, 2) threat intelligence and information sharing have become business-critical, 3) organizations are addressing risks associated with the Internet of Things (IoT), and 4) geopolitical threats are rising.”
  • “In the 2017 Global State of Information Security Survey, PwC found more than 80% of European companies had experienced at least on Cyber Security incident in the past year. Likewise, the number of digital security incidents across all industries worldwide rose by 80%. The spending in the Cyber Security space is also increasing with 59% of the companies surveyed affirming that digitalization of the business ecosystem has affected their security spending.”
  • Companies the consulting firm finds interesting include: “Digital Shadows from the UK, Quarkslab from France, SecurityScorecard, enSilo, Skybox Security and RedOwl from the US, NetGuardians from Switzerland,Ironscales and Morphisec from Israel, and Picus Security from Turkey.”

Interesting.

Stephen E Arnold, October 31, 2016

Written by Stephen E. Arnold · Filed Under Consulting, News, Online (general), Security | Comments Off on Cyber Security Factoids 

Big Brother Now in Corporate Avatar

October 31, 2016

Companies in the US are now tracking employee movements and interactions to determine how productive their assets are. Badges created by Humanyze; embedded in employee IDs track these key indicators and suggest appropriate measures to help improve employee productivity.

An article published on Business Insider titled Employees at a dozen Fortune 500 companies wear digital badges that watch and listen to their every move reveals:

Humanyze visualizes the data as webs of social interaction that reveal who’s talking to whom on a by-the-second basis. The goal: Revolutionize how companies think about how they organize themselves.

The badges though only track employees who have explicitly given permission to track their working hours, imagination is the only inhibiting factor that will determine how the meta-data can be used. For instance, as the badges are being embedded into employee IDs (that already have chips), it can also be used by someone with right tools to track the movement of an employee beyond working hours.

Social engineering in the past has been used in the past to breach IT security at large organizations. With Humanyze badges, hackers now will have one more weapon in their arsenal.

One worrisome aspect of these badges becomes apparent here:

But the badges are already around the necks of more than 10,000 employees in the US, Waber says. They’ve led to wild insights. One client moves the coffee machine around each night, so the next morning employees in nearby departments naturally talk more.

The ironic part is, companies are exposing themselves to this threat. Google, Facebook, Amazon are already tracking people online. With services like Humanyze, the Big Brother has also entered the corporate domain. The question is not how the data will be used by hacked; it’s just when?

Vishal Ingole October 31, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under AI, Business intelligence, News, Security, Social Media, Technology | Comments Off on Big Brother Now in Corporate Avatar 

Online Drugs Trade Needs Surgical Strikes

October 25, 2016

Despite shutdown of Silk Road by the FBI in 2013, online drug trade through Dark Net is thriving. Only military-precision like surgical strikes on vendors and marketplaces using technological methods can solve this problem.

RAND Corporation in its research papaer titled Taking Stock of the Online Drugs Trade says that –

Illegal drug transactions on cryptomarkets have tripled since 2013, with revenues doubling. But at $12-21 (€10.5-18.5) million a month, this is clearly a niche market compared to the traditional offline market, estimated at $2.3 (€2) billion a month in Europe alone.

The primary goal of the research paper was to determine first, the size and scope of cryptomarkets and second, to device avenues for law enforcement agencies to intervene these illegal practices. Though the report covered the entire Europe, the role of Netherlands, in particular, was studied in this report. This was owing to the fact that Netherlands has the highest rate of consumption of drugs acquired using cryptomarkets.

Some interesting findings of the report include –

  • Though revenues have doubled, drug cryptomarkets are still niche and generate revenues of $21 million/month as compared to $2.1 billion in offline trade.
  • Cannabis still is the most in demand followed by stimulants like cocaine and ecstasy-type drugs
  • Vendors from US, Australia, Canada and Western Europe dominate the online marketplace

Apart from following the conventional methods of disrupting the drug trade (dismantling logistics, undercover operations, and taking down marketplaces), the only new method suggested includes the use of Big Data techniques.

Cryptomarkets are going to thrive, and the only way to tackle this threat is by following the money (in this case, the cryptocurrencies). But who is going to bell the cat?

Vishal Ingole, October 25, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Big data, Dark Web, ECommerce, Government, Marketing, News, Security | Comments Off on Online Drugs Trade Needs Surgical Strikes 

Half of the Largest Companies: Threat Vulnerable

October 24, 2016

Compromised Credentials, a research report by Digital Shadows reveals that around 1,000 companies comprising of Forbes Global 2000 are at risk as credentials of their employees are leaked or compromised.

As reported by Channel EMEA in Digital Shadows Global Study Reveals UAE Tops List in Middle East for…

The report found that 97 percent of those 1000 of the Forbes Global 2000 companies, spanning all businesses sectors and geographical regions, had leaked credentials publicly available online, many of them from third-party breaches.

Owing to large-scale data breaches in recent times, credentials of 5.5 million employees are available in public domain for anyone to see. Social networks like LinkedINMySpace and Tumblr were the affliction points of these breaches, the report states.

Analyzed geographically, companies in Middle-East seem to be the most affected:

The report revealed that the most affected country in the Middle East – with over 15,000 leaked credentials was the UAE. Saudi Arabia (3360), Kuwait (203) followed by Qatar (99) made up the rest of the list. This figure is relatively small as compared to the global figure due to the lower percentage of organizations that reside in the Middle East.

Affected organizations may not be able to contain the damages by simply resetting the passwords of the employees. It also needs to be seen if the information available is contemporary, not reposted and is unique. Moreover, mere password resetting can cause lot of friction within the IT departments of the organizations.

Without proper analysis, it will be difficult for the affected companies to gauge the extent of the damage. But considering the PR nightmare it leads to, will these companies come forward and acknowledge the breaches?

Vishal Ingole, October 24, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Dark Web, Data, News, Security, Social Media, Technology | Comments Off on Half of the Largest Companies: Threat Vulnerable 

Twitter: A Security Breach

October 21, 2016

Several years ago, the Beyond Search Twitter account was compromised. I received emails about tweets relating to a pop singer named Miley Cyrus. We knew the Twitter CTO at the time and it took about 10 days to fix the issue. At that time, I knew that Twitter had an issue.

I read “Passwords for 32 Million Twitter Accounts May Have Been Hacked and Leaked.” I learned:

the data comes from a Twitter hack in which 32 million Twitter accounts may have been compromised. The incident and the news comes from a rather unusual source that lets you download such data and even lets you remove yourself from the listing for free.

No word about how many days will be consumed addressing affected accounts.

Stephen E Arnold, October 21, 2016

Written by Stephen E. Arnold · Filed Under News, Security, Social Media | Comments Off on Twitter: A Security Breach 

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta