Mouse Movements Are the New Fingerprints
May 6, 2016
A martial artist once told me that an individual’s fighting style, if defined enough, was like a set of fingerprints. The same can be said for painting style, book preferences, and even Netflix selections, but what about something as anonymous as a computer mouse’s movement? Here is a new scary thought from PC & Tech Authority: “Researcher Can Indentify Tor Users By Their Mouse Movements.”
Juan Carlos Norte is a researcher in Barcelona, Spain and he claims to have developed a series of fingerprinting methods using JavaScript that measures times, mouse wheel movements, speed movement, CPU benchmarks, and getClientRects. Combining all of this data allowed Norte to identify Tor users based on how they used a computer mouse.
It seems far-fetched, especially when one considers how random this data is, but
“’Every user moves the mouse in a unique way,’ Norte told Vice’s Motherboard in an online chat. ‘If you can observe those movements in enough pages the user visits outside of Tor, you can create a unique fingerprint for that user,’ he said. Norte recommended users disable JavaScript to avoid being fingerprinted. Security researcher Lukasz Olejnik told Motherboard he doubted Norte’s findings and said a threat actor would need much more information, such as acceleration, angle of curvature, curvature distance, and other data, to uniquely fingerprint a user.”
This is the age of big data, but looking Norte’s claim from a logical standpoint one needs to consider that not all computer mice are made the same, some use lasers, others prefer trackballs, and what about a laptop’s track pad? As diverse as computer users are, there are similarities within the population and random mouse movement is not individualistic enough to ID a person. Fear not Tor users, move and click away in peace.
Whitney Grace, May 6, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Be the CIA Librarian
May 3, 2016
Research is a vital tool for the US government, especially the Central Intelligence Agency which is why they employee librarians. The Central Intelligence Agency is one of the main forces of the US Intelligence Community, focused on gathering information for the President and the Cabinet. The CIA is also the topic of much fictionalized speculation in stories, mostly spy and law enforcement dramas. Having played an important part in the United States history, could you imagine the files in its archives?
If you have a penchant for information, the US government, and a library degree then maybe you should apply to the CIA’s current job opening: as a CIA librarian. CNN Money explains one of the perks of the job is its salary: “The CIA Is Hiring…A $100,000 Librarian.” Beyond the great salary, which CNN is quick to point out is more than the typical family income. Librarians server as more than people who recommend decent books to read, they serve as an entry point for research and bridge the gap between understanding knowledge and applying it in the actual field.
“In addition to the cachet of working at the CIA, ‘librarians also have opportunities to serve as embedded, or forward deployed, information experts in CIA offices and select Intelligence Community agencies.’ Translation: There may be some James Bond-like opportunities if you want them.”
Most of this librarian’s job duties will probably be assisting agents with tracking down information related to intelligence missions and interpreting it. It is just a guess, however. Who knows, maybe the standard CIA agent touts a gun to the stacks?
Whitney Grace, May 3, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
New Security Service Enters Consumer Space
April 29, 2016
It looks like another company is entering the arena of consumer cybersecurity. An article from Life Hacker, Privacy Lets You Create “Virtual” Credit Card Numbers, Deactivate One Instantly If It’s Stolen, shares the details of Privacy. Their tool generates disposable card numbers online, which can be tied to accounts with participating banks or Visa cards, and then allows users to easily deactivate if one is stolen. The service is free to users because Privacy makes money acting as a credit card processor. The article tells us,
“Privacy just gives you the ability to create virtual “accounts” that are authorized to charge a given amount to your account. You can set that account to be single use or multi-use, and if the amount is used up, then the transaction doesn’t go through to your main account. If one of your virtual accounts gets hit with an account you don’t recognize, you’ll be able to open the account from the Privacy Chrome or Firefox extension and shut it down immediately. The Chrome extension lets you manage your account quickly, auto-fill shopping sites with your virtual account numbers, or quickly create or shut down numbers.”
We think the concept of Privacy and the existence of such a service points to the perception consumers find security measures increasingly important. However, why trust Privacy? We’re not testing this idea, but perhaps Privacy is suited for Dark Web activity.
Megan Feil, April 29, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
A Dark Web Spider for Proactive Protection
April 29, 2016
There is a new tool for organizations to more quickly detect whether their sensitive data has been hacked. The Atlantic discusses “The Spider that Crawls the Dark Web Looking for Stolen Data.” Until now, it was often many moons before an organization realized it had been hacked. Matchlight, from Terbium Labs, offers a more proactive approach. The service combs the corners of the Dark Web looking for the “fingerprints” of its clients’ information. Writer Kevah Waddell reveals how it is done:
“Once Matchlight has an index of what’s being traded on the Internet, it needs to compare it against its clients’ data. But instead of keeping a database of sensitive and private client information to compare against, Terbium uses cryptographic hashes to find stolen data.
“Hashes are functions that create an effectively unique fingerprint based on a file or a message. They’re particularly useful here because they only work in one direction: You can’t figure out what the original input was just by looking at a fingerprint. So clients can use hashing to create fingerprints of their sensitive data, and send them on to Terbium; Terbium then uses the same hash function on the data its web crawler comes across. If anything matches, the red flag goes up. Rogers says the program can find matches in a matter of minutes after a dataset is posted.”
What an organization does with this information is, of course, up to them; but whatever the response, now they can implement it much sooner than if they had not used Matchlight. Terbium CEO Danny Rogers reports that, each day, his company sends out several thousand alerts to their clients. Founded in 2013, Terbium Labs is based in Baltimore, Maryland. As of this writing, they are looking to hire a software engineer and an analyst, in case anyone here is interested.
Cynthia Murrell, April 29, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Businesses as Beneficiaries of the Dark Web
April 28, 2016
Who makes money off the Dark Web? Vice’s Motherboard covers this in a recent article, The Booming and Opaque Business of Dark Web Monitoring. Much coverage exists on the cybercriminals using Tor, but this article describes the two types of threat intelligence monitoring businesses which specialize in crawling the Dark Web. The first approach is algorithm-based, such as the method used by Terbium Labs’ Matchlight product which scans and scours marketplaces for sensitive data or intellectual property. The alternative approach used by some companies is explained,
“The other tactic is a more human approach, with analysts going undercover in hacking forums or other haunts, keeping tabs on what malware is being chatted about, or which new data dump is being traded. This information is then provided to government and private clients when it affects them, with each monitoring company digesting it in their own particular way. But, there is a lot of misleading or outright fabricated information in the dark web. Often, particular listings or entire sites are scams, and forum chatter can be populated with people just trying to rip each other off. For that reason, it’s not really good enough to just report everything and anything you see to a customer.”
Recent media coverage mostly zeroes in on cybercrime related to the Dark Web, so this article is a refreshing change of pace as it covers the businesses capitalizing on the existence of this new platform where stolen data and security breaches can find a home. Additionally, an important question about this business sector is raised: how do these Dark Web monitoring companies valuable leads from scams aimed at deceiving?
Megan Feil, April 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Developing Nations Eager to Practice Cyber Surveillance
April 28, 2016
Is it any surprise that emerging nations want in on the ability to spy on their citizens? That’s what all the cool governments are doing, after all. Indian Strategic Studies reports, “Even Developing Nations Want Cyber Spying Capabilities.” Writer Emilio Iasiello sets the stage—he contrasts efforts by developed nations to establish restrictions versus developing countries’ increased interest in cyber espionage tools.
On one hand, we could take heart from statements like this letter and this summary from the UN, and the “cyber sanctions” authority the U.S. Department of Treasury can now wield against foreign cyber attackers. At the same time, we may uneasily observe the growing popularity of FinFisher, a site which sells spyware to governments and law enforcement agencies. A data breach against FinFisher’s parent company, Gamma International, revealed the site’s customer list. Notable client governments include Bangladesh, Kenya, Macedonia, and Paraguay. Iasiello writes:
“While these states may not use these capabilities in order to conduct cyber espionage, some of the governments exposed in the data breach are those that Reporters without Borders have identified as ‘Enemies of the Internet’ for their penchant for censorship, information control, surveillance, and enforcing draconian legislation to curb free speech. National security is the reason many of these governments provide in ratcheting up authoritarian practices, particularly against online activities. Indeed, even France, which is typically associated with liberalism, has implemented strict laws fringing on human rights. In December 2013, the Military Programming Law empowered authorities to surveil phone and Internet communications without having to obtain legal permission. After the recent terrorist attacks in Paris, French law enforcement wants to add addendums to a proposed law that blocks the use of the TOR anonymity network, as well as forbids the provision of free Wi-Fi during states of emergency. To put it in context, China, one of the more aggressive state actors monitoring Internet activity, blocks TOR as well for its own security interests.”
The article compares governments’ cyber spying and other bad online behavior to Pandora’s box. Are resolutions against such practices too little too late?
Cynthia Murrell, April 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
FinFisher How To: The Hacking Team
April 27, 2016
The idea is that math and science club types are competitive. Sure, many did not grasp fencing foils or head to the table tennis club. But the old competitive spark is there. To get a sense of how one outfit (FinFisher) hacked into another outfit (Hacking Team) point your browser at “Hack Back.” I want to raise several questions:
- Do these companies compete for law enforcement and intelligence contracts?
- Why did the “60 Minutes” report about hacking which aired on April 17, 2016, not mention FinFisher? Did “60 Minutes” “real” journalists overlook this company?
- Can either of these companies retrieve data from mobile phones?
- Who owns Gamma Group?
Ah, gentle reader, many questions.
Stephen E Arnold, April 27, 2016
Research Outlines Overview of Dark Web Landscape
April 27, 2016
The Dark Web continues to be a subject of study. Coin Desk published an article, Bitcoin Remains Most Popular Digital Currency on Dark Web, reporting on a study from two professors in the Department of War Studies at King’s College London. Their research found that Dark Web sites offered illegal goods and services in 12 categories, such as arms, drugs, and finance. As may be expected, the results revealed bitcoin to be the preferred digital currency of hidden-services commerce. We learned,
“The report, “Cryptopolitik and the Darknet,” which appeared in the February-March edition of Survival: Global Politics and Strategy, analyzed about 300,000 web addresses, identifying 5,205 live websites, out of which 2,723 were classified as illicit with a “high degree of confidence.” Of those, each was placed in one of twelve categories, including drugs, arms, and finance. The drugs category was the most frequently identified, with 423 websites, followed by finance with 327 websites. 1,021 websites were categorized as “other” by the research team. Among the financial websites identified as illicit, there were three categories: bitcoin-based methods for money-laundering, stolen credit card numbers and trade in counterfeit currency.”
In addition to this overview of the Dark Web landscape, the article also points out previous research which pokes holes in the conceptualization of the Dark Web as completely anonymous. An attack costing $2,500 is the price of busting a bitcoin user. Playing defense, a coin-mixing service called CleanCoin, helps bitcoin users remain traceless. What will be the next move?
Megan Feil, April 27, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Bold Hackers
April 27, 2016
It looks like some hackers are no longer afraid of the proverbial light, we learn from “Sony Hackers Still Active, ‘Darkhotel’ Checks Out of Hotel Hacking” at InformationWeek. Writer Kelly Jackson Higgins cites Kaspersky security researcher Juan Andres Guerrero-Saade, who observes that those behind the 2014 Sony hack, thought to be based in North Korea, did not vanish from the scene after that infamous attack. Higgins continues:
“There has been a noticeable shift in how some advanced threat groups such as this respond after being publicly outed by security researchers. Historically, cyber espionage gangs would go dark. ‘They would immediately shut down their infrastructure when they were reported on,’ said Kurt Baumgartner, principal security researcher with Kaspersky Lab. ‘You just didn’t see the return of an actor sometimes for years at a time.’
“But Baumgartner says he’s seen a dramatic shift in the past few years in how these groups react to publicity. Take Darkhotel, the Korean-speaking attack group known for hacking into WiFi networks at luxury hotels in order to target corporate and government executives. Darkhotel is no longer waging hotel-targeted attacks — but they aren’t hiding out, either.
“In July, Darkhotel was spotted employing a zero-day Adobe Flash exploit pilfered from the HackingTeam breach. ‘Within 48 hours, they took the Flash exploit down … They left a loosely configured server’ exposed, however, he told Dark Reading. ‘That’s unusual for an APT [advanced persistent threat] group.’”
Seeming to care little about public exposure, Darkhotel has moved on to other projects, like reportedly using Webmail to attack targets in Southeast Asia.
On the other hand, one group which experts had expected to see more of has remained dark for some time. We learn:
“Kaspersky Lab still hasn’t seen any sign of the so-called Equation Group, the nation-state threat actor operation that the security firm exposed early last year and that fell off its radar screen in January of 2014. The Equation Group, which has ties to Stuxnet and Flame as well as clues that point to a US connection, was found with advanced tools and techniques including the ability to hack air gapped computers, and to reprogram victims’ hard drives so its malware can’t be detected nor erased. While Kaspersky Lab stopped short of attributing the group to the National Security Agency (NSA), security experts say all signs indicate that the Equation Group equals the NSA.”
The Kaspersky team doesn’t think for a minute that this group has stopped operating, but believe they’ve changed up their communications. Whether a group continues to lurk in the shadows or walks boldly in the open may be cultural, they say; those in the Far East seem to care less about leaving tracks. Interesting.
Cynthia Murrell, April 27, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Duck Duck Go as a Privacy Conscious Google Alternative
April 26, 2016
Those frustrated with Google may have an alternative. Going over to the duck side: A week with Duck Duck Go from Search Engine Watch shares a thorough first-hand account of using Duck Duck Go for a week. User privacy protection seems to be the hallmark of the search service and there is even an option to enable Tor in its mobile app. Features are comparable, such as one designed to compete with Google’s Knowledge Graph called Instant Answers. As an open source product, Instant Answers is built up by community contributions. As far as seamless, intuitive search, the post concludes,
“The question is, am I indignant enough about Google’s knowledge of my browsing habits (and everyone else’s that feed its all-knowing algorithms) to trade the convenience of instantly finding what I’m after for that extra measure of privacy online? My assessment of DuckDuckGo after spending a week in the pond is that it’s a search engine for the long term. To get the most out of using it, you have to make a conscious change in your online habits, rather than just expecting to switch one search engine for another and get the same results.”
Will a majority of users replace “Googling” with “Ducking” anytime soon? Time will tell, and it will be an interesting saga to see unfold. I suppose we could track the evolution on Knowledge Graph and Instant Answers to see the competing narratives unfold.
Megan Feil, April 26, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
