Hacking a Newspaper: Distancing and Finger Pointing
May 15, 2015
I read “This Is How the Syrian Electronic Army Hacked the Washington Post.” Hacking into a company’s computer system is not something I condone. The target of the hacking is not too keen on the practice either I assume.
One of our Twitter accounts was compromised. We contacted Twitter. Even though we knew the CTO, it took a couple of days to sort out the problem. Apparently Miley Cyrus became a fan of Beyond Search and wanted to share her photo graphs via the blog’s newsfeed. One reader, an Exalead professional, was quite incensed that I was pumping out Miley snaps. I assume he found a better source of search and content processing news or left the field entirely due to the shock I imparted to him. I did not objectify the hacking incident. I don’t think I mentioned it until this moment. A script from somewhere in the datasphere got lucky.
In the aforementioned write up, I noted this passage:
Th3 Pr0, one of the members of the group, confirmed to Motherboard that they were indeed the group behind the attack, which appeared to last for around 30 minutes. Th3 Pr0 said that they were able to insert the alerts by hacking into Instart Logic, a content delivery network (CDN) used by the Washington Post. “We hacked InStart CDN service, and we were working on hacking the main site of Washington Post, but they took down the control panel,” Th3 Pr0 told Motherboard in an email. “We just wanted to deliver a message on several media sites like Washington Post, US News and others, but we didn’t have time :P.” The group often defaces media sites by hacking into other third parties, such as ad networks, that serve content on the sites.
The Washington Post, it seems, was not the problem. A content delivery network was the problem.
The article then reminded me:
This is the second time the hackers get to the Washington Post. The group briefly disrupted the site in 2013 with a phishing attack.
But the kicker for me is this statement:
This hack shows, once again, that a site is only as secure as its third-party resources,including ads, are.
Well, these problems are short lived. The problems are not the problems of the Washington Post. Bueno indeed. Perhaps Amazon’s Jeff Bezos will provide some security inputs to the Washington Post folks. Fool me once, shame on me. Fool me twice, well, blame the third party.
Works in Washington I assume.
Stephen E Arnold, May 15, 2015
SAP and Business Intelligence: Simple Stuff, Really Simple
May 14, 2015
I came across an interesting summary of SAP’s business intelligence approach. Navigate to “SAP BI Suite Roadmap Strategy Update from ASUG SapphireNow.” ASUG, in case you are not into the SAP world, means America’s SAP User Group. Doesn’t everyone know that acronym? I did not.
The article begins with a legal disclaimer, always a strange attractor to me. I find content on the Web which includes unreadable legal lingo sort of exciting.
It is almost as thrilling as some of the security methods which SAP employs across its systems and software. I learned from a former SAP advisor that SAP was, as I recall the comment, “Security has never been a priority at SAP.”
The other interesting thing about the article is that it appears to be composed of images captured either from a low resolution screen capture program or a digital camera without a massive megapixel capability.
I worked through the slides and comments as best as I could. I noted several points in addition to the aforementioned lacunae regarding security; to wit:
- SAP wants to simplify the analytics landscape. This is a noble goal, but my experience has been that SAP is a pretty complex beastie. That may be my own ignorance coloring what is just an intuitive, tightly integrated example of enterprise software.
- SAP likes dedicating servers or clusters of servers to tasks. There is a server for the in memory database. There is a server for what I think used to be Business Objects. There is the SAP desktop. There are edge servers in case your SAP installation is not for a single user. There is the SAP cloud which, I assume, is an all purpose solution to computational and storage bottlenecks. Lots of servers.
- Business Objects is the business intelligence engine. I am not confident in my assessment of complexity, but, as I recall, Business Objects can be a challenge.
My reaction to the presentation is that for the faithful who owe their job and their consulting revenue to SAP’s simplified business intelligence solutions and servers, joy suffuses their happy selves.
For me, I keep wondering about security. And whatever happened to TREX? What happened to Inxight’s Thingfinder and related server technologies?
How simple can an enterprise solution be? Obviously really simple. Did I mention security?
Stephen E Arnold, May 14, 2015
Elasticsearch Transparent about Failed Jepsen Tests
May 11, 2015
The article on Aphyr titled Call Me Maybe: Elasticsearch 1.5.0 demonstrates the ongoing tendency for Elasticsearch to lose data during network partitions. The author goes through several scenarios and found that users can lose documents if nodes crash, a primary pauses, a network partitions into two intersecting components or into two discrete components. The article explains,
“My recommendations for Elasticsearch users are unchanged: store your data in a database with better safety guarantees, and continuously upsert every document from that database into Elasticsearch. If your search engine is missing a few documents for a day, it’s not a big deal; they’ll be reinserted on the next run and appear in subsequent searches. Not using Elasticsearch as a system of record also insulates you from having to worry about ES downtime during elections.”
The article praises Elasticsearch for their internal approach to documenting the problems, and especially the page they opened in September going into detail on resiliency. The page clarifies the question among users as to what it meant that the ticket closed. The page states pretty clearly that ES failed their Jepsen tests. The article exhorts other vendors to follow a similar regimen of supplying such information to users.
Chelsea Kerwin, May 11, 2014
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Defense Contractor Makes Leap Investment Into Cybersecurity
April 30, 2015
The expression goes “you should look before you leap,” meaning you should make plans and wise choices before you barrel headfirst into what might be a brick wall. Some might say Raytheon could be heading that way with their recent investment, but The Wall Street Journal says they could be making a wise choice in the article, “Raytheon To Plow $1.7 Billion Into New Cyber Venture.”
Raytheon recently purchased Websense Inc., a cybersecurity company with over 21,000 clients. Websense will form the basis of a new cyber joint venture and it is projected to make $500 million in sales for 2015. Over the next few years, Raytheon predicts the revenue will surge:
“Raytheon, which is based in Waltham, Mass., predicted the joint venture would deliver high-single-digit revenue growth next year and mid-double-digit growth in 2017, and would be profitable from day one. Raytheon will have an 80% stake in the new cyber venture, with Vista Partners LLC holding 20%.”
While Raytheon is a respected name in the defense contracting field, their biggest clients have been with the US military and intelligence agencies. The article mentions how it might be difficult for Raytheon’s sales team and employees to switch to working with non-governmental clients. Raytheon, however, is positioned to use Websense’s experience with commercial clients and its own dealings within the security industry to be successful.
Raytheon definitely has looked before its leapt into this joint venture. Where Raytheon has shortcomings, Websense will be able to compensate and vice versa.
Whitney Grace, April 30, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
IBM Provides Simple How-To Guide for Cloudant
April 24, 2015
The article titled Integrate Data with Cloudant and CouchDB NoSQL Database Using IBM InfoSphere Information Server on IBM offers a breakdown of the steps necessary to load JSON documents and attachments to Cloudant. In order to follow the steps, the article notes that you will need Cloudant, CouchDB, and IBM InfoSphere DataStage. The article concludes,
“This article provided detailed steps for loading JSON documents and attachments to Cloudant. You learned about the job design to retrieve JSON documents and attachments from Cloudant. You can modify the sample jobs to perform the same integration operations on a CouchDB database. We also covered the main features of the new REST step in InfoSphere DataStage V11.3, including reusable connection, parameterized URLs, security configuration, and request and response configurations. The JSON parser step was used in examples to parse JSON documents.”
Detailed examples with helpful images guide you through each part of the process, and it is possible to modify the examples for CouchDB. Although it may seem like a statement of the obvious the many loyal IBM users out there, perhaps there are people who still need to be told. If you are interested in learning the federation of information with a logical and simple process, use IBM.
Chelsea Kerwin, April 24, 2014
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Ignoring Search Updates are a Security Risk
April 23, 2015
Searching is an essential function for basic Internet use and it is a vital function in enterprise systems. While searching on the Internet with a search engine might not seem like a security risk, the comparable action on enterprise search could be potentially dangerous. Security Enterprises points out the potential security risks in the article, “SearchBlox Vulnerabilities Underscore Importance Of Updating Enterprise Search Tools.”
Recently the Carnegie Mellon Software Engineering Institute CERT Division compiled a list of all the security risks from SearchBlox’s software. They included ways for hackers to view private information, upload files, cross-site (XSS) scripting, and cross-site request forgeries. Enterprise security developers can learn from SearchBlox’s vulnerabilities by being aware and repairing them before a hacker discovers the information leak.
The problem, however, might come from within an organization rather than out:
“Of all the possible threats, the ability for cybercriminals to conduct XSS attacks from within the product’s default search box is likely the most concerning, Threatpost reported. On the other hand, anyone trying to take advantage of such SearchBlox vulnerabilities would need to be an authenticated user, though there is no shortage of stories about insider threats within the enterprise.”
The article alludes that SearchBlox’s vulnerabilities came from day-to-day activities that keep an organization running. Using SearchBlox as an example, other organizations with enterprise systems will be able to learn where their own products need patches so the same issues don’t happen with them. So what do you take away: most hackers are probably insiders and look for holes in the ordinary, everyday routines.
Whitney Grace, April 23, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Search Updates and Security Issues
April 22, 2015
Searching is an essential function for basic Internet use and it is a vital function in enterprise systems. While searching on the Internet with a search engine might not seem like a security risk, the comparable action on enterprise search could be potentially dangerous. Security Enterprises points out the potential security risks in the article, “SearchBlox Vulnerabilities Underscore Importance Of Updating Enterprise Search Tools.”
Recently the Carnegie Mellon Software Engineering Institute CERT Division compiled a list of all the security risks from SearchBlox’s software. They included ways for hackers to view private information, upload files, cross-site (XSS) scripting, and cross-site request forgeries. Enterprise security developers can learn from SearchBlox’s vulnerabilities by being aware and repairing them before a hacker discovers the information leak.
The problem, however, might come from within an organization rather than out:
“Of all the possible threats, the ability for cybercriminals to conduct XSS attacks from within the product’s default search box is likely the most concerning, Threatpost reported. On the other hand, anyone trying to take advantage of such SearchBlox vulnerabilities would need to be an authenticated user, though there is no shortage of stories about insider threats within the enterprise.”
The article alludes that SearchBlox’s vulnerabilities came from day-to-day activities that keep an organization running. Using SearchBlox as an example, other organizations with enterprise systems will be able to learn where their own products need patches so the same issues don’t happen with them. So what do you take away: most hackers are probably insiders and look for holes in the ordinary, everyday routines.
Whitney Grace, April 1, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Gartner VP Claims Researching “Ethical Programming” Necessary for Future of Smart Machines
April 17, 2015
The article on TweakTown titled Gartner: Smart Machines Must Include Ethical Programming Protocols briefly delves into the necessity of developing ethical programming in order to avoid some sort of Terminator/ I,Robot situation that culminates in the rise of the machines and the end of humanity. Gartner is one of the world’s leading technology research and advisory companies, but it hardly sounds like the company stance. The article quotes Frank Buytendijk, a Gartner research VP,
“Clearly, people must trust smart machines if they are to accept and use them…The ability to earn trust must be part of any plan to implement artificial intelligence (AI) or smart machines, and will be an important selling point when marketing this technology.”
If you’re thinking, sounds like another mid-tier consultant is divining the future, you aren’t wrong. Researching ethical programming for the hypothetical self-aware machines that haven’t been built yet might just be someone’s idea of a good time. The article concludes with the statement that “experts are split on the topic, arguing whether or not humans truly have something to worry about.” While the experts figure out how we humans will cause the end of the human reign over earth, some of us are just waiting for the end of another in a line of increasingly violent winters.
Chelsea Kerwin, April 17, 2014
Stephen E Arnold, Publisher of CyberOSINT at www.xenky.com
Cyber Wizards Speak Publishes Exclusive BrightPlanet Interview with William Bushee
April 7, 2015
Cyber OSINT continues to reshape information access. Traditional keyword search has been supplanted by higher value functions. One of the keystones for systems that push “beyond search” is technology patented and commercialized by BrightPlanet.
A search on Google often returns irrelevant or stale results. How can an organization obtain access to current, in-depth information from Web sites and services not comprehensively indexed by Bing, Google, ISeek, or Yandex?
The answer to the question is to turn to the leader in content harvesting, BrightPlanet. The company was one of the first, if not the first, to develop systems and methods for indexing information ignored by Web indexes which follow links. Founded in 2001, BrightPlanet has emerged as a content processing firm able to make accessible structured and unstructured data ignored, skipped, or not indexed by Bing, Google, and Yandex.
In the BrightPlanet seminar open to law enforcement, intelligence, and security professionals, BrightPlanet said the phrase “Deep Web” is catchy but it does not explain what type of information is available to a person with a Web browser. A familiar example is querying a dynamic database, like an airline for its flight schedule. Other types of “Deep Web” content may require the user to register. Once logged into the system, users can query the content available to a registered user. A service like Bitpipe requires registration and a user name and password each time I want to pull a white paper from the Bitpipe system. BrightPlanet can handle both types of indexing tasks and many more. BrightPlanet’s technology is used by governmental agencies, businesses, and service firms to gather information pertinent to people, places, events, and other topics
In an exclusive interview, William Bushee, the chief executive officer at BrightPlanet, reveals the origins of the BrightPlanet approach. He told Cyber Wizards Speak:
I developed our initial harvest engine. At the time, little work was being done around harvesting. We filed for a number of US Patents applications for our unique systems and methods. We were awarded eight, primarily around the ability to conduct Deep Web harvesting, a term BrightPlanet coined.
The BrightPlanet system is available as a cloud service. Bushee noted:
We have migrated from an on-site license model to a SaaS [software as a service] model. However, the biggest change came after realizing we could not put our customers in charge of conducting their own harvests. We thought we could build the tools and train the customers, but it just didn’t work well at all. We now harvest content on our customers’ behalf for virtually all projects and it has made a huge difference in data quality. And, as I mentioned, we provide supporting engineering and technical services to our clients as required. Underneath, however, we are the same sharply focused, customer centric, technology operation.
The company also offers data as a service. Bushee explained:
We’ve seen many of our customers use our Data-as-a-Service model to increase revenue and customer share by adding new datasets to their current products and service offerings. These additional datasets develop new revenue streams for our customers and allow them to stay competitive maintaining existing customers and gaining new ones altogether. Our Data-as-a-Service offering saves time and money because our customers no longer have to invest development hours into maintaining data harvesting and collection projects internally. Instead, they can access our harvesting technology completely as a service.
The company has accelerated its growth through a partnering program. Bushee stated:
We have partnered with K2 Intelligence to offer a full end-to-end service to financial institutions, combining our harvest and enrichment services with additional analytic engines and K2’s existing team of analysts. Our product offering will be a service monitoring various Deep Web and Dark Web content enriched with other internal data to provide a complete early warning system for institutions.
BrightPlanet has emerged as an excellent resource to specialized content services. In addition to providing a client-defined collection of information, the firm can provide custom-tailored solutions to special content needs involving the Deep Web and specialized content services. The company has an excellent reputation among law enforcement, intelligence, and security professionals. The BrightPlanet technologies can generate a stream of real-time content to individuals, work groups, or other automated systems.
BrightPlanet has offices in Washington, DC, and can be contacted via the BrightPlanet Web site atwww.brightplanet.com.
The complete interview is available at the Cyber Wizards Speak web site at www.xenky.com/brightplanet.
Stephen E Arnold, April 7, 2015
Blog: www.arnoldit.com/wordpress Frozen site: www.arnoldit.com Current site: www.xenky.com
Tweets Reveal Patterns of Support or Opposition for ISIL
March 31, 2015
Once again, data analysis is being put to good use. MIT Technology Review describes how “Twitter Data Mining Reveals the Origins of Support for the Islamic State.” A research team lead by one WalidMagdy at the Qatar Computing Research Institute studied tweets regarding the “Islamic State” (also known as ISIS, ISIL, or just IS) to discern any patterns that tell us which people choose to join such an organization and why.
See the article for a detailed description of the researchers’ methodology. Interesting observations involve use of the group’s name and tweet timing. Supporters tended to use the whole, official name (the “Islamic State in Iraq and the Levant” is perhaps the most accurate translation), while most opposing tweets didn’t bother, using the abbreviation. They also found that tweets criticizing ISIS surge right after the group has done something terrible, while supporters tended to tweet after a propaganda video was released or the group achieved a major military victory. Other indicators of sentiment were identified, and an algorithm created. The article reveals:
“Magdy and co trained a machine learning algorithm to spot users of both types and said it was able to classify other users as likely to become pro- or anti-ISIS with high accuracy. ‘We train a classifier that can predict future support or opposition of ISIS with 87 percent accuracy,’ they say….
“That is interesting research that reveals the complexity of the forces at work in determining support or opposition to movements like ISIS—why people like [Egypt’s] Ahmed Al-Darawy end up dying on the battlefield. A better understanding of these forces is surely a step forward in finding solutions to the tangled web that exists in this part of the world.
“However, it is worth ending on a note of caution. The ability to classify people as potential supporters of ISIS raises the dangerous prospect of a kind of thought police, like that depicted in films like Minority Report. Clearly, much thought must be given to the way this kind of information should be used.”
Clearly. (Though the writer seems unaware that the term “thought police” originated with Orwell’s Nineteen Eighty-Four, the reference to Minority Report shows he or she understands the concept. But I digress.) Still, trying to understand why people turn to violence and helping to mitigate their circumstances before they get there seems worth a try. Better than bombs, in my humble opinion, and perhaps longer-lasting.
Cynthia Murrell, March 31, 2015
Stephen E Arnold, Publisher of CyberOSINT at www.xenky.com
-
- Subscribe to Beyond Search
Feature archive
News archive
-
