The Time Google Flagged Itself for Potentially Malicious Content
June 13, 2016
Did you know Google recently labeled itself as ‘partially dangerous’? Fortune released a story, Google Has Stopped Rating ‘Google.com’ as ‘Partially Dangerous’, which covers what happened. Google has a Safe Browsing tool which identifies potentially harmful websites by scanning URLs. Users noticed that Google itself was flagged for a short time. Was there a rational explanation? This article offers a technology-based reason for the rating,
“Fortune noted that Google’s Safe Browsing tool had stopped grading its flagship site as a hazard on Wednesday morning. A Google spokesperson told Fortune that the alert abated late last night, and that the Safe Browsing service is always on the hunt for security issues that might need fixing. The issue is likely the result of some Google web properties hosting risky user-generated content. The safety details of the warning specifically called out Google Groups, a service that provides online discussion boards and forums. If a user posted something harmful there, Google’s tool would have factored that in when assessing the security of the google.com domain as a whole, a person familiar with the matter told Fortune.”
We bet some are wondering whether this is a reflection of Google management or the wonkiness of Google’s artificial intelligence? Considering hacked accounts alone, it seems like malicious content would be posted in Google Groups fairly regularly. This flag seems to be a flag for more than the “partially dangerous” message spells out. The only question remaining is, a flag for what?
Megan Feil, June 13, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
More Data to Fuel Debate About Malice on Tor
June 9, 2016
The debate about malicious content on Tor continues. Ars Technica published an article continuing the conversation about Tor and the claims made by a web security company that says 94 percent of the requests coming through the network are at least loosely malicious. The article CloudFlare: 94 percent of the Tor traffic we see is “per se malicious” reveals how CloudFlare is currently handling Tor traffic. The article states,
“Starting last month, CloudFlare began treating Tor users as their own “country” and now gives its customers four options of how to handle traffic coming from Tor. They can whitelist them, test Tor users using CAPTCHA or a JavaScript challenge, or blacklist Tor traffic. The blacklist option is only available for enterprise customers. As more websites react to the massive amount of harmful Web traffic coming through Tor, the challenge of balancing security with the needs of legitimate anonymous users will grow. The same network being used so effectively by those seeking to avoid censorship or repression has become a favorite of fraudsters and spammers.”
Even though the jury may still be out in regards to the statistics reported about the volume of malicious traffic, several companies appear to want action sooner rather than later. Amazon Web Services, Best Buy and Macy’s are among several sites blocking a majority of Tor exit nodes. While a lot seems unclear, we can’t expect organizations to delay action.
Megan Feil, June 9, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Websites Found to Be Blocking Tor Traffic
June 8, 2016
Discrimination or wise precaution? Perhaps both? MakeUseOf tells us, “This Is Why Tor Users Are Being Blocked by Major Websites.” A recent study (PDF) by the University of Cambridge; University of California, Berkeley; University College London; and International Computer Science Institute, Berkeley confirms that many sites are actively blocking users who approach through a known Tor exit node. Writer Philip Bates explains:
“Users are finding that they’re faced with a substandard service from some websites, CAPTCHAs and other such nuisances from others, and in further cases, are denied access completely. The researchers argue that this: ‘Degraded service [results in Tor users] effectively being relegated to the role of second-class citizens on the Internet.’ Two good examples of prejudice hosting and content delivery firms are CloudFlare and Akamai — the latter of which either blocks Tor users or, in the case of Macys.com, infinitely redirects. CloudFlare, meanwhile, presents CAPTCHA to prove the user isn’t a malicious bot. It identifies large amounts of traffic from an exit node, then assigns a score to an IP address that determines whether the server has a good or bad reputation. This means that innocent users are treated the same way as those with negative intentions, just because they happen to use the same exit node.”
The article goes on to discuss legitimate reasons users might want the privacy Tor provides, as well as reasons companies feel they must protect their Websites from anonymous users. Bates notes that there is not much one can do about such measures. He does point to Tor’s own Don’t Block Me project, which is working to convince sites to stop blocking people just for using Tor. It is also developing a list of best practices that concerned sites can follow, instead. One site, GameFAQs, has reportedly lifted its block, and CloudFlare may be considering a similar move. Will the momentum build, or must those who protect their online privacy resign themselves to being treated with suspicion?
Cynthia Murrell, June 8, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Emerging Technology May Have Application for Security
June 6, 2016
New technologies for use in security are increasingly receiving attention. An article, Lip-reading technology ‘could capture what people on CCTV say’ claim researchers from Mirror discusses one example. The University of East Anglia in Norwich developed what is called a visual speech recognition technology. The purpose is to identify what people are saying in situations where audio is not good enough to hear. One application mentioned is for videos recorded from security cameras. The post describes more,
“Helen Bear, from the university’s school of computing science, said the technology could be applied to a wide range of situations from criminal investigations to entertainment. She added: “Lip-reading has been used to pinpoint words footballers have shouted in heated moments on the pitch, but is likely to be of most practical use in situations where there are high levels of noise, such as in cars or aircraft cockpits. “Crucially, whilst there are still improvements to be made, such a system could be adapted for use for a range of purposes – for example, for people with hearing or speech impairments.” Some sounds like “P” and “B” look similar on the lips and have traditionally been hard to decipher, the researchers said.”
Whether in real life or online, security and cybersecurity efforts and technologies are making headlines, keeping pace with security threats and breaches. It is interesting that applications for emerging technologies like this have such a range, but this particular technology seems to be rooted in brick-and-mortar security. We think there is a need for more focus on security as it relates to the Dark Web.
Megan Feil, June 6, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
monograph
Google Has Much at Stake in Intel Tax Case
June 3, 2016
In the exciting department of tax activities, 9to5Google reports, “Google Could Effectively Recoup All the Tax it Paid Last Year if Intel Wins Test Case.” Why is Google so invested in a dispute between Intel and the IRS? Writer Ben Lovejoy explains:
“In essence, the case hinges on share compensation packages paid by overseas subsidiaries. The IRS says that the cost of these should be offset against the expenses of the overseas companies; Intel says no, the cost should be deducted by the U.S. parent company – reducing its tax liabilities in its home country. The IRS introduced the rule in 2003. Companies like Google have abided by the rule but reserved the right to reallocate costs if a court ruling went against the IRS, giving them a huge potential windfall.”
This windfall could amount to $3.5 billion for Alphabet, now technically Google’s “parent” company (but really just a reorganized Google). Apparently, according to the Wall Street Journal, at least 20 tech companies, including Microsoft and eBay, are watching this case very closely.
Google is known for paying the fewest taxes it thinks it can get away with, a practice very unpopular with some. We’re reminded:
“Google has recently come under fire for its tax arrangements in Europe, a $185M back-tax deal in the UK being described as ‘disproportionately small’ and possibly illegal. France is currently seeking to claim $1.76B from the company in back taxes.”
So, how much will the world’s tax collectors be able to carve out of the Google revenue pie? I suspect it will vary from year to year, and will keep courts and lawyers around the world very busy.
Cynthia Murrell, June 3, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
European Companies Help Egypt Spy on Citizens
June 2, 2016
It seems that, as Egypt was brutally repressing citizens during the massive protests of 2010 and 2011, European companies were selling citizen-surveillance tech to that country’s secret spy agency. Hammerhead Combat Systems shares the article, “Espionage Files: European Companies Sold Spy Tech to a Secret Egyptian Intelligence Unit Amid Brutal Repression.” The article cites a report from Privacy International; writer Namir Shabibi tells us:
“The investigation, entitled ‘The President’s Men? Inside the Technical Research Department, the secret player in Egypt’s intelligence infrastructure,’ is the first to shed light on the growth of the TRD intelligence unit, its pivotal role in Egyptian intelligence apparatus and its links to European companies.
“The TRD’s growth is consistent with claims by human rights defenders that the Egyptian security service was in reality untouched by the revolution. Instead, it quietly went about strengthening itself under the cover of political turmoil.
“The report implicates two European companies in the sale of surveillance technology to TRD. At the time of mass protests in Egypt between 2010-11, it claims Nokia Siemens Networks provided the TRD mass surveillance capabilities including an interception management system and a monitoring center.
“Moreover, according to Privacy International, leaked emails from Italian surveillance equipment seller Hacking Team dated from last year show that it expected to earn a million euros from the sale of intrusive surveillance technologies to the unit. The technology would allow TRD complete access to the computers and smartphones of targeted individuals.”
Note that Nokia Siemens owns Trovicor, which does real-time surveillance and intercepts. The article states that former President Hosni Mubarak used the TRD to fight his political opponents and that the system may date back as far as Anwar Sadat’s rule. Seemingly unabashed, Hacking Team asserts they are in compliance with Italian regulations. On the other hand, European Member of Parliament Marietje Schaake suspects these two companies have violated existing EU rules and, if not, insists new rules must be created immediately. See the piece (originally published at Vice News), or navigate to the Privacy International report itself, for more details.
Cynthia Murrell, June 3, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Speculation About Beyond Search
June 2, 2016
If you are curious to learn more about the purveyor of the Beyond Search blog, you should check out Singularity’s interview with “Stephen E Arnold On Search Engine And Intelligence Gathering.” A little bit of background about Arnold is that he is an expert specialist in content processing, indexing, online search as well as the author of seven books and monographs. His past employment record includes Booz, Allen, & Hamilton (Edward Snowden was a contractor for this company), Courier Journal & Louisville Times, and Halliburton Nuclear. He worked on the US government’s Threat Open Source Intelligence Service and developed a cost analysis, technical infrastructure, and security for the FirstGov.gov.
Singualrity’s interview covers a variety of topics and, of course, includes Arnold’s direct sense of humor:
“During our 90 min discussion with Stephen E. Arnold we cover a variety of interesting topics such as: why he calls himself lucky; how he got interested in computers in general and search engines in particular; his path from college to Halliburton Nuclear and Booze, Allen & Hamilton; content and web indexing; his who’s who list of clients; Beyond Search and the core of intelligence; his Google Trilogy – The Google Legacy (2005), Google Version 2.0 (2007), and Google: The Digital Gutenberg (2009); CyberOSINT and the Dark Web Notebook; the less-known but major players in search such as Recorded Future and Palantir; Big Brother and surveillance; personal ethics and Edward Snowden.”
When you listen to the experts in certain fields, you always get a different perspective than what the popular news outlets gives. Arnold offers a unique take on search as well as the future of Internet security, especially the future of the Dark Web.
Whitney Grace, June 2, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Next-Generation Business Intelligence Already Used by Risk Analysis Teams
June 1, 2016
Ideas about business intelligence have certainly evolved with emerging technologies. Addressing this, an article, Why machine learning is the new BI from CIO, speaks to this transformation of the concept. The author describes how reactive analytics based on historical data do not optimally assist business decisions. Questions about customer satisfaction are best oriented toward proactive future-proofing, according to the article. The author writes,
“Advanced, predictive analytics are about calculating trends and future possibilities, predicting potential outcomes and making recommendations. That goes beyond the queries and reports in familiar BI tools like SQL Server Reporting Services, Business Objects and Tableau, to more sophisticated methods like statistics, descriptive and predictive data mining, machine learning, simulation and optimization that look for trends and patterns in the data, which is often a mix of structured and unstructured. They’re the kind of tools that are currently used by marketing or risk analysis teams for understanding churn, customer lifetimes, cross-selling opportunities, likelihood of buying, credit scoring and fraud detection.”
Does this mean that traditional business intelligence after much hype and millions in funding is a flop? Or will predictive analytics be a case of polishing up existing technology and presenting it in new packaging? After time — and for some after much money has been spent — we should have a better idea of the true value.
Megan Feil, June 1, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Considering an Epistemology of the Dark Web
May 31, 2016
The comparisons of Nucleus to Silk Road are rolling in. An article from Naked Security by Sophos recently published Dark Web marketplace “Nucleus” vanishes – and no one knows why. This piece echoes the questions those following this story have wondered. Was it attacked by ransomware? Maybe they were busted? The article also offers the low-down on how Tor works to explain why accurate investigations into the Dark Web are challenging. We learned,
“That’s why Tor also supports so-called hidden services, which have special URLs ending .onion, where your anonymised network requests are not only bounced around inside the Tor network, but also processed and answered from inside Tor. This makes it hard to find the servers behind a hidden service, which in turn makes it hard to block that service, even if it’s clearly breaking the law by selling firearms improperly or trafficking in illegal drugs. This, in turn, means it’s hard to measure what’s really going on in the Dark Web, and how many underground marketplaces exist to bring buyers and sellers together.”
We found it refreshing this piece reiterated how data about the Dark Web is not easy to pinpoint. From several tens of thousands of Dark Web sites to much lower counts, many cybersecurity groups and researchers seem certain they have the right number. But to continue on the endless hypotheses train related to the nucleus disappearance, we’ll weigh in. Maybe law enforcement outside the US operated the site? Just a thought.
Megan Feil, May 31, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Hacktivists Become Educators on Dark Web
May 30, 2016
A well-known hactivist group is putting themselves out there on the Dark Web. International Business Times reported on the collective’s new chatroom in a piece entitled Anonymous hackers launch dark web chatroom OnionIRC to teach next generation of hacktivists. Anoynmous intends to teach those interested in hacktivism about the basics: coding, encryption and even history. IBT journalists went undercover and logged into the chat room to learn more about the next generation of hacktivists. Reporting back, the article states,
“[we] found roughly 40 people logged in and talking about topics, such as GPG encryption, NSA surveillance and how the government reportedly installs backdoors into computer software. According to HackRead, which first reported on the chatroom, the IRC has at times been particularly dysfunctional. Indeed, during our time in the chatroom, some of the contributors appeared to lack any hacking knowledge at all. “I want to learn Bash. Beginner level. Where should I start?” wrote one anonymous contributor. “With a Bash Book,” came the reply. This group, at least in its current form, is a far-cry from the more sophisticated and feared members that in the past have been known to hack federal agencies and assist in global political uprisings.”
This article’s reference to the “next generation of hacktivists” calls to mind a question about the age demographics of Dark Web users. Our bet is that, while they may tend young, there is likely to be significant representation from a variety of age groups. While it’s captured media attention, the Dark Web is no new phenomenon.
Megan Feil, May 30, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
