Wait, the Dark Web Is Legal?
July 5, 2016
For research purposes, I surf the Dark Web on a regular basis. It is like skulking around the back alleys of a major city and witnessing all types of crime, but keeping to yourself. I have seen a few Web sites that could be deemed as legal, but most of the content I peruse is illegal: child pornography, selling prescription drugs, and even a hitman service. I have begun to think that everything on the Dark Web is illegal, except Help Net Security tells me that “Dark Web Mapping Reveals That Half Of The Content Is Legal.”
The Centre for International Governance Innovation (CIGI) conducted global survey and discovered that seven in ten (71%) of the surveyors believe the Dark Web needs to be shut down. There is speculation if the participants eve had the right definition about what the Dark Web is and might have confused the terms “Dark Web” and “Dark Net”.
Darksum, however, mapped the Tor end of the Dark Web and discovered some interesting facts:
- “Of the 29,532 .onion identified during the sampling period – two weeks in February 2016 – only 46% percent could actually be accessed. The rest were likely stort-lived C&C servers used to manage malware, chat clients, or file-sharing applications.
- Of those that have been accessed and analyzed with the companies’ “machine-learning” classification method, less than half (48%) can be classified as illegal under UK and US law. A separate manual classification of 1,000 sites found about 68% of the content to be illegal under those same laws.”
Darksum’s goal is to clear up misconceptions about the Dark Web and to better understand what is actually on the hidden sector of the Internet. The biggest hope is to demonstrate the Dark Web’s benefits.
Whitney Grace, July 5, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Google Throws Hat in Ring as Polling Service for Political Campaigns
July 4, 2016
The article on Silicon Angle titled Google is Pitching Its Polling Service at Journos, Politicians…Also, Google Has a Polling Division explores the recent discovery of Google’s pollster ambitions. Compared to other projects Google has undertaken, this desire to join Gallup and Nielsen as a premier polling service seems downright logical. Google is simply taking advantage of its data reach to create Google Consumer Surveys. The article explains,
“Google collects the polling data for the service through pop-up survey boxes before a news article is read, and through a polling application…The data itself, while only representative of people on the internet, is said to be a fair sample nonetheless, as Google selects its sample by calculating the age, location, and demographics of those participating in each poll by using their browsing and search history…the same technology used by Google’s ad services including DoubleClick and AdWords.”
Apparently Google employees have been pitching their services to presidential and congressional campaign staffers, and at least one presidential candidate ran with them. As the article states, the entire project is a “no-brainer,” even with the somewhat uncomfortable idea of politicians gaining access to Google’s massive data trove. Let’s limit this to polling before Google gets any ideas about the census and call it a day.
Chelsea Kerwin, July 4, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Enterprise Search Is Stuck in the Past
July 4, 2016
Enterprise search is one of the driving forces behind an enterprise system because the entire purpose of the system is to encourage collaboration and quickly find information. While enterprise search is an essential tool, according to Computer Weekly’s article. “Beyond Keywords: Bringing Initiative To Enterprise Search” the feature is stuck in the past.
Enterprise search is due for an upgrade. The amount of enterprise data has increased, but the underlying information management system remains the same. Structured data is easy to make comply with the standard information management system, however, it is the unstructured data that holds the most valuable information. Unstructured information is hard to categorize, but natural language processing is being used to add context. Ontotext combined natural language processing with a graph database, allowing the content indexing to make more nuanced decisions.
We need to level up the basic keyword searching to something more in-depth:
“Search for most organisations is limited: enterprises are forced to play ‘keyword bingo’, rephrasing their question multiple times until they land on what gets them to their answer. The technologies we’ve been exploring can alleviate this problem by not stopping at capturing the keywords, but by capturing the meaning behind the keywords, labeling the keywords into different categories, entities or types, and linking them together and inferring new relationships.”
In other words, enterprise search needs the addition of semantic search in order to add context to the keywords. A basic keyword search returns every result that matches the keyword phrase, but a context-driven search actually adds intuition behind the keyword phrases. This is really not anything new when it comes to enterprise or any kind of search. Semantic search is context-driven search.
Whitney Grace, July 4, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
DuckDuckGo Sees Apparent Exponential Growth
July 1, 2016
The Tor-enabled search engine DuckDuckGo has received attention recently for being an search engine that does not track users. We found their activity report that shows a one year average of their direct queries per day. DuckDuckGo launched in 2008 and offers an array of options to prevent “search leakage”. Their website defines this term as the sharing of personal information, such as the search terms queried. Explaining a few of DuckDuckGo’s more secure search options, their website states:
“Another way to prevent search leakage is by using something called a POST request, which has the effect of not showing your search in your browser, and, as a consequence, does not send it to other sites. You can turn on POST requests on our settings page, but it has its own issues. POST requests usually break browser back buttons, and they make it impossible for you to easily share your search by copying and pasting it out of your Web browser’s address bar.
Finally, if you want to prevent sites from knowing you visited them at all, you can use a proxy like Tor. DuckDuckGo actually operates a Tor exit enclave, which means you can get end to end anonymous and encrypted searching using Tor & DDG together.”
Cybersecurity and privacy have become hot topics since Edward Snowden made headlines in 2013, which is notably when DuckDuckGo’s exponential growth begins to take shape. Recognition of Tor also became more mainstream around that time, 2013, which is when the Silk Road shutdown occurred, placing the Dark Web in the news. It appears that starting a search engine focused on anonymity in 2008 was not such a bad idea.
Megan Feil, July 1, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
More Variables Than Technology for Enterprise Security to Consider
June 29, 2016
For all the effort enterprises go to in securing data through technological solutions, there are also other variables to consider: employees. Business Insider released an article, 1 in 5 employees are willing to hand over their work passwords for money, that shares survey research from SailPoint. 20 percent of 1,000 respondents, from organizations with over 1,000 employees, would be willing to sell their work passwords. US employees win the “most likely” award with 27 percent followed by Netherlands with 20 percent, and then UK and France at 16 percent. The article tells us,
“Some employees were willing to sell their passwords for as little as $55 (£38) but most people wanted considerably more, with $82,000 (£56,000) being the global average amount required,according to figures cited by Quartz that weren’t in the report. Unauthorised access to a company’s internal systems could provide a treasure trove of valuable data for criminals. They may be targeting individual user accounts, or they could be after intellectual property, or corporate strategy data.”
Undoubtedly, search and/or cybertheft is easier with a password. While the survey reports findings that may be alarming to organizations, we are left with the question, ‘why’. It may be easy to say morality is the dividing line, but I think this article wrestling with the morality question is on the right track pointing to considering sociological implications, for example, employee engagement and satisfaction cannot be discounted as factors in a decision to sell a password.
Megan Feil, June 29, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Dark Web Hacking Site Changes Hands
June 29, 2016
Navigating the Dark Web can be a hassle, because many of the Web sites are shut down before you have the chance to learn what nefarious content, services, or goods are available. Some of these sites go down on their own, but law enforcement had a part in dismantling them as well. Some Dark Web sites are too big and encrypted to be taken down and sometimes they exchange hands, such as Silk Road and now Hell. Motherboard explains that “Dark Web Hacking Forum ‘Hell’ Appears To Have New Owners.”
The Real Deal, a computer exploit market, claimed to take ownership of Hell, the hacking forum known for spreading large data dumps and stolen data. Real Deal said of their acquisition:
“ ‘We will be removing the invite-only system for at least a week, and leave the “vetting” forum for new users,’ one of The Real Deal admins, who also used the handle The Real Deal, told Motherboard in an encrypted chat. ‘It’s always nice to have a professional community that meets our market’s original niche, hopefully it will bring some more talent both to the market and to the forums,’ the admin continued. ‘And it’s no secret that we as admins would enjoy the benefit of ‘first dibs’ on buying fresh data, resources, tools, etc.’”
The only part of Hell that has new administrators is the forum due to the old head had personal reasons that required more attention. Hell is one of the “steadier” Dark Web sites and it played a role in the Adult FriendFinder hack, was the trading place for Mate1 passwords, and hosted breaches from a car breathalyzer maker.
Standard news for the Dark Web, until the next shutdown and relaunch.
Whitney Grace, June 29, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Is the NSA Is Overwhelmed with Data?
June 28, 2016
US citizens are worried about their civil liberties being compromised by the National Security Agency. ZDNet reports they might not need to be worried anymore in the article, “NSA Is So Overwhelmed With Data, It’s No Longer Effective, Says Whistleblower.”
William Binney is a former official from the National Security Agency (NSA) with thirty years under his belt. Binney has been a civilian for fifteen years, but he is abhorred with the NSA. He said the NSA is so engorged with data that it has lost its effectiveness and important intelligence is lost in the mess. This is how the terrorists win. Binney also shared that an NSA official could run a query and be overwhelmed with so much data they would not know where to start.
” ‘That’s why they couldn’t stop the Boston bombing, or the Paris shootings, because the data was all there,’ said Binney. Because the agency isn’t carefully and methodically setting its tools up for smart data collection, that leaves analysts to search for a needle in a haystack. ‘The data was all there… the NSA is great at going back over it forensically for years to see what they were doing before that,’ he said. ‘But that doesn’t stop it.’”
The problems are worse across the other law enforcement agencies, including the FBI, CIA, and DEA. Binney left the NSA one month after 9/11 and reported that the NSA uses an intrusive and expensive data collection system. The mantra is “to collect it all”, but it is proving ineffective and expensive. According to Binney, it is also taking away half the Constitution.
Binney’s statements remind me of the old Pokémon games. The catchphrase for the franchise is “gotta catch ‘em all” and it was easy with 150 Pokémon along with a few cheat codes. The games have expanded to over seven hundred monsters to catch, plus the cheat codes have been dismantled making it so overwhelming that the game requires endless hours just to level up one character. The new games are an ineffective way to play, because it takes so long and there is just too much to do. The NSA is suffering from too many Pokémon in the form of data.
Whitney Grace, June 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Hacking Team Cannot Sell Spyware
June 27, 2016
I do not like spyware. Once it is downloaded onto your computer, it is a pain to delete and it even steals personal information. I think it should be illegal to make, but some good comes from spyware if it is in the right hands (ideally). Some companies make and sell spyware to government agencies. One of them is the Hacking Team and they recently had some bad news said Naked Security, “Hacking Team Loses Global License To Sell Spyware.”
You might remember Hacking Team from 2015, when its systems were hacked and 500 gigs of internal, files, emails, and product source code were posted online. The security company has spent the past year trying to repair its reputation, but the Italian Ministry of Economic Development dealt them another blow. The ministry revoked Hacking Team’s “global authorization” to sell its Remote Control System spyware suite to forty-six countries. Hacking Team can still sell within the European Union and expects to receive approval to sell outside the EU.
“MISE told Motherboard that it was aware that in 2015 Hacking Team had exported its products to Malaysia, Egypt, Thailand, Kazakhstan, Vietnam, Lebanon and Brazil.
The ministry explained that “in light of changed political situations” in “one of” those countries, MISE and the Italian Foreign Affairs, Interior and Defense ministries decided Hacking Team would require “specific individual authorization.” Hacking Team maintains that it does not sell its spyware to governments or government agencies where there is “objective evidence or credible concerns” of human rights violations.”
Hacking Team said if they suspect that any of their products were used to caused harm, they immediately suspend support if customers violate the contract terms. Privacy International does not believe that Hacking Team’s self-regulation is enough.
It points to the old argument that software is a tool and humans cause the problems.
Whitney Grace, June 27, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Palantir Technologies: Maybe the US Army Should Be Skeptical?
June 20, 2016
I read “How Hired Hackers Got “Complete Control” Of Palantir.” On one hand, Palantir surfed on secrecy as its Hyptokrypto for marketing. The idea that Palantir’s internal network would become a party wave was not part of the 2003-2004 plan. The write up is by a Sillycon Valley observer who may not be invited to a Palantir algorithms meet up.
I am confident that the write up is spot on. If it is not accurate, my hunch is that the Gotham crowd may emulate the feistiness of one of the Palantir founders. Think Hulk Hogan and the estimable publication Gawker.
I noted this passage:
the cybersecurity firm Veris Group concluded that even a low-level breach would allow hackers to gain wide-ranging and privileged access to the Palantir network, likely leading to the “compromise of critical systems and sensitive data, including customer-specific information.”
I circled this statement in true blue:
Their presence [the penetration testers] was finally discovered, the report says, after they broke into the laptops of information security employees — but even then, the intruders were able to monitor the employees’ countermoves in real time, shifting tactics to evade them.
A Hobbit is quoted as saying:
“The findings from the October 2015 report are old and have long since been resolved,” Lisa Gordon, a Palantir spokesperson, said in an emailed statement. “Our systems and our customers’ information were never at risk. As part of our best practices, we conduct regular reviews and tests of our systems, like every other technology company does.”
Gnarly. Palantir seems to have hired a penetration testing outfit. Somehow the report leaked. Secure outfits often try to limit leaks.
Stephen E Arnold, June 20, 2016
Public Opinion of Dark Web May Match Media Coverage
June 17, 2016
A new survey about the Dark Web was released recently. Wired published an article centered around the research, called Dark Web’s Got a Bad Rep: 7 in 10 People Want It Shut Down, Study Shows. Canada’s Center for International Governance Innovation surveyed 24,000 people in 24 countries about their opinion of the Dark Web. The majority of respondents, 71 percent across all countries and 72 percent of Americans, said they believed the “dark net” should be shut down. The article states,
“CIGI’s Jardine argues that recent media coverage, focusing on law enforcement takedowns of child porn sites and bitcoin drug markets like the Silk Road, haven’t improved public perception of the dark web. But he also points out that an immediate aversion to crimes like child abuse overrides mentions of how the dark web’s anonymity also has human rights applications. ‘There’s a knee-jerk reaction. You hear things about crime and its being used for that purpose, and you say, ‘let’s get rid of it,’’ Jardine says.”
We certainly can attest to the media coverage zoning in on the criminal connections with the Dark Web. We cast a wide net tracking what has been published in regards to the darknet but many stories, especially those in mainstream sources emphasize cybercrime. Don’t journalists have something to gain from also publishing features revealing the aspects the Dark Web that benefit investigation and circumvent censorship?
Megan Feil, June 17, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
