CyberOSINT banner

A Not-For-Profit Search Engine? That’s So Crazy It Just Might Work

May 4, 2016

The Common Search Project has a simple and straightforward mission statement. They want a nonprofit search engine, an alternative to the companies currently running the Internet (ahem, Google.) They are extremely polite in their venture, but also firmly invested in three qualities for the search engine that they intend to build and run: openness, transparency, and independence. The core values include,

“Radical transparency. Our search results must be explainable and reproducible. All our code is open source and results are generated only using publicly available data. Transparency also extends to our governance, finances and day-to-day operations. Independence. No single person, company or special interest must be able to influence the order of our search results to their benefit. … Public service. We want to build and operate a free service targeted at a large, mainstream audience.”

Common Search currently offers a Demo version for searching homepages only. They are an exciting development compared to the other David’s who have swung at Google’s Goliath. Common Search makes DuckDuckGo, the search engine focused on ensuring user privacy, look downright half-assed. They are calling for, and creating, a real alternative with a completely fresh perspective that isn’t solely about meeting user needs, but insisting on user standards related to privacy, control, and clarity of results.

 

Chelsea Kerwin, May 4, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Google Relies on Freebase Machine ID Numbers to Label Images in Knowledge Graph

May 3, 2016

The article on Seo by the Sea titled Image Search and Trends in Google Search Using FreeBase Entity Numbers explains the transformation occurring at Google around Freebase Machine ID numbers. Image searching is a complicated business when it comes to differentiating labels. Instead of text strings, Google’s Knowledge Graph is based in Freebase entities, which are able to uniquely evaluate images- without language. The article explains with a quote from Chuck Rosenberg,

An entity is a way to uniquely identify something in a language-independent way. In English when we encounter the word “jaguar”, it is hard to determine if it represents the animal or the car manufacturer. Entities assign a unique ID to each, removing that ambiguity, in this case “/m/0449p” for the former and “/m/012×34” for the latter.”

Metadata is wonderful stuff, isn’t it? The article concludes by crediting Barbara Starr, a co-administrator of the Lotico San Diego Semantic Web Meetup, with noticing that the Machine ID numbers assigned to Freebase entities now appear in Google Trend’s URLs. Google Trends is a public web facility that enables an exploration of the hive mind by showing what people are currently searching. The Wednesday that President Obama nominated a new Supreme Court Justice, for example, had the top search as Merrick Garland.

 

Chelsea Kerwin, May 3, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Be the CIA Librarian

May 3, 2016

Research is a vital tool for the US government, especially the Central Intelligence Agency which is why they employee librarians.  The Central Intelligence Agency is one of the main forces of the US Intelligence Community, focused on gathering information for the President and the Cabinet.  The CIA is also the topic of much fictionalized speculation in stories, mostly spy and law enforcement dramas.  Having played an important part in the United States history, could you imagine the files in its archives?

If you have a penchant for information, the US government, and a library degree then maybe you should apply to the CIA’s current job opening: as a CIA librarian.  CNN Money explains one of the perks of the job is its salary: “The CIA Is Hiring…A $100,000 Librarian.”  Beyond the great salary, which CNN is quick to point out is more than the typical family income.  Librarians server as more than people who recommend decent books to read, they serve as an entry point for research and bridge the gap between understanding knowledge and applying it in the actual field.

“In addition to the cachet of working at the CIA, ‘librarians also have opportunities to serve as embedded, or forward deployed, information experts in CIA offices and select Intelligence Community agencies.’  Translation: There may be some James Bond-like opportunities if you want them.”

Most of this librarian’s job duties will probably be assisting agents with tracking down information related to intelligence missions and interpreting it.  It is just a guess, however.  Who knows, maybe the standard CIA agent touts a gun to the stacks?

 

Whitney Grace, May 3, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

The Most Dangerous Writing App Will Delete Your Work If You Stop Typing, for Free

May 2, 2016

The article on The Verge titled The Most Dangerous Writing App Lets You Delete All of Your Work For Free speculates on the difficulties and hubris of charging money for technology that someone can clone and offer for free. Manuel Ebert’s The Most Dangerous Writing App offers a self-detonating notebook that you trigger if you stop typing. The article explains,

“Ebert’s service appears to be a repackaging of Flowstate, a $15 Mac app released back in January that functions in a nearly identical way. He even calls it The Most Dangerous Writing App, which is a direct reference to the words displayed on Flowstate creator Overman’s website. The difference: Ebert’s app is free, which could help it take off among the admittedly niche community of writers looking for self-deleting online notebooks.”

One such community that comes to mind is that of the creative writers. Many writers, and poets in particular, rely on exercises akin to the philosophy of The Most Dangerous Writing App: don’t let your pen leave the page, even if you are just writing nonsense. Adding higher stakes to the process might be an interesting twist, especially for those writers who believe that just as the nonsense begins, truth and significance are unlocked.

 

Chelsea Kerwin, May 2, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

An Open Source Search Engine to Experiment With

May 1, 2016

Apache Lucene receives the most headlines when it comes to discussion about open source search software.  My RSS feed pulled up another open source search engine that shows promise in being a decent piece of software.  Open Semantic Search is free software that cane be uses for text mining, analytics, a search engine, data explorer, and other research tools.  It is based on Elasticsearch/Apache Solrs’ open source enterprise search.  It was designed with open standards and with a robust semantic search.

As with any open source search, it can be programmed with numerous features based on the user’s preference.  These include, tagging, annotation, varying file format support, multiple data sources support, data visualization, newsfeeds, automatic text recognition, faceted search, interactive filters, and more.  It has the benefit that it can be programmed for mobile platforms, metadata management, and file system monitoring.

Open Semantic Search is described as

“Research tools for easier searching, analytics, data enrichment & text mining of heterogeneous and large document sets with free software on your own computer or server.”

While its base code is derived from Apache Lucene, it takes the original product and builds something better.  Proprietary software is an expense dubbed a necessary evil if you work in a large company.  If, however, you are a programmer and have the time to develop your own search engine and analytics software, do it.  It could be even turn out better than the proprietary stuff.

 

Whitney Grace, May 1, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Watson Joins the Hilton Family

April 30, 2016

It looks like Paris Hilton might have a new sibling, although the conversations at family gatherings will be lackluster.  No, the hotel-chain family has not adopted Watson, instead a version of the artificial intelligence will work as a concierge.  Ars Technica informs us that “IBM Watson Now Powers A Hilton Hotel Robot Concierge.”

The Hilton McLean hotel in Virginia now has a now concierge dubbed Connie, after Conrad Hilton the chain’s founder.  Connie is housed in a Nao, a French-made android that is an affordable customer relations platform.  Its brain is based on Watson’s program and answers verbal queries from a WayBlazer database.  The little robot assists guests by explaining how to navigate the hotel, find restaurants, and tourist attractions.  It is unable to check in guests yet, but when the concierge station is busy, you do not want to pull out your smartphone, or have any human interaction it is a good substitute.

” ‘This project with Hilton and WayBlazer represents an important shift in human-machine interaction, enabled by the embodiment of Watson’s cognitive computing,’ Rob High, chief technology officer of Watson said in a statement. ‘Watson helps Connie understand and respond naturally to the needs and interests of Hilton’s guests—which is an experience that’s particularly powerful in a hospitality setting, where it can lead to deeper guest engagement.’”

Asia already uses robots in service industries such as hotels and restaurants.  It is worrying that Connie-like robots could replace people in these jobs.  Robots are supposed to augment human life instead of taking jobs away from it.  While Connie-like robots will have a major impact on the industry, there is something to be said for genuine human interaction, which usually is the preference over artificial intelligence.  Maybe team the robots with humans in the service industries for the best all around care?

 

Whitney Grace, April 30, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Developing Nations Eager to Practice Cyber Surveillance

April 28, 2016

Is it any surprise that emerging nations want in on the ability to spy on their citizens? That’s what all the cool governments are doing, after all. Indian Strategic Studies reports, “Even Developing Nations Want Cyber Spying Capabilities.” Writer Emilio Iasiello sets the stage—he contrasts efforts by developed nations to establish restrictions versus developing countries’ increased interest in cyber espionage tools.

On one hand, we could take heart from statements like this letter and this summary from the UN, and the “cyber sanctions” authority the U.S. Department of Treasury can now wield against foreign cyber attackers. At the same time, we may uneasily observe the growing popularity of FinFisher, a site which sells spyware to governments and law enforcement agencies. A data breach against FinFisher’s parent company, Gamma International, revealed the site’s customer list. Notable client governments include Bangladesh, Kenya, Macedonia, and Paraguay. Iasiello writes:

“While these states may not use these capabilities in order to conduct cyber espionage, some of the governments exposed in the data breach are those that Reporters without Borders have identified as ‘Enemies of the Internet’ for their penchant for censorship, information control, surveillance, and enforcing draconian legislation to curb free speech. National security is the reason many of these governments provide in ratcheting up authoritarian practices, particularly against online activities. Indeed, even France, which is typically associated with liberalism, has implemented strict laws fringing on human rights. In December 2013, the Military Programming Law empowered authorities to surveil phone and Internet communications without having to obtain legal permission. After the recent terrorist attacks in Paris, French law enforcement wants to add addendums to a proposed law that blocks the use of the TOR anonymity network, as well as forbids the provision of free Wi-Fi during states of emergency. To put it in context, China, one of the more aggressive state actors monitoring Internet activity, blocks TOR as well for its own security interests.”

The article compares governments’ cyber spying and other bad online behavior to Pandora’s box. Are resolutions against such practices too little too late?

 

Cynthia Murrell, April 28, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Bold Hackers

April 27, 2016

It looks like some hackers are no longer afraid of the proverbial light, we learn from “Sony Hackers Still Active, ‘Darkhotel’ Checks Out of Hotel Hacking” at InformationWeek. Writer Kelly Jackson Higgins cites Kaspersky security researcher Juan Andres Guerrero-Saade, who observes that those behind the 2014 Sony hack, thought to be based in North Korea, did not vanish from the scene after that infamous attack. Higgins continues:

“There has been a noticeable shift in how some advanced threat groups such as this respond after being publicly outed by security researchers. Historically, cyber espionage gangs would go dark. ‘They would immediately shut down their infrastructure when they were reported on,’ said Kurt Baumgartner, principal security researcher with Kaspersky Lab. ‘You just didn’t see the return of an actor sometimes for years at a time.’

“But Baumgartner says he’s seen a dramatic shift in the past few years in how these groups react to publicity. Take Darkhotel, the Korean-speaking attack group known for hacking into WiFi networks at luxury hotels in order to target corporate and government executives. Darkhotel is no longer waging hotel-targeted attacks — but they aren’t hiding out, either.

“In July, Darkhotel was spotted employing a zero-day Adobe Flash exploit pilfered from the HackingTeam breach. ‘Within 48 hours, they took the Flash exploit down … They left a loosely configured server’ exposed, however, he told Dark Reading. ‘That’s unusual for an APT [advanced persistent threat] group.’”

Seeming to care little about public exposure, Darkhotel has moved on to other projects, like reportedly using Webmail to attack targets in Southeast Asia.

On the other hand, one group which experts had expected to see more of has remained dark for some time. We learn:

“Kaspersky Lab still hasn’t seen any sign of the so-called Equation Group, the nation-state threat actor operation that the security firm exposed early last year and that fell off its radar screen in January of 2014. The Equation Group, which has ties to Stuxnet and Flame as well as clues that point to a US connection, was found with advanced tools and techniques including the ability to hack air gapped computers, and to reprogram victims’ hard drives so its malware can’t be detected nor erased. While Kaspersky Lab stopped short of attributing the group to the National Security Agency (NSA), security experts say all signs indicate that the Equation Group equals the NSA.”

The Kaspersky team doesn’t think for a minute that this group has stopped operating, but believe they’ve changed up their communications. Whether a group continues to lurk in the shadows or walks boldly in the open may be cultural, they say; those in the Far East seem to care less about leaving tracks. Interesting.

 

Cynthia Murrell, April 27, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Research MapsThreat Actors of the Dark Web

April 25, 2016

Known as the Dark Web, a vast amount of sites exist requiring specialized software, Tor is most commonly used, to access them. Now, the first map of the Dark Web has launched, according to Peeling Back the Onion Part 1: Mapping the #DarkWeb from Zero Day Lab. A partner of Zero Day Lab, Intelliagg is a threat intelligence service, which launched this map. While analyzing over 30,000 top-level sites, their research found English as the most common language and file sharing and leaked data were the most common hidden marketplaces, followed by financial fraud. Hacking comprised only three percent of sites studied. The write-up describes the importance of this map,

“Until recently it had been difficult to understand the relationships between hidden services and more importantly the classification of these sites. As a security researcher, understanding hidden services such as private chat forums and closed sites,  and how these are used to plan and discuss potential campaigns such as DDoS, ransom attacks, kidnapping, hacking, and trading of vulnerabilities and leaked data; is key to protecting our clients through proactive threat intelligence. Mapping these sites back to Threat Actors (groups), is even more crucial as this helps us build a database on the Capability, Infrastructure, and Motivations of the adversary.”

Quite an interesting study, both in topic and methods which consisted of a combination of human and machine learning information gathering. Additionally, this research produced an interactive map. Next, how about a map that shows the threat actors and their sites?

 

Megan Feil, April 25, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Webinjection Code a Key to Security

April 25, 2016

The heady days of open cybercrime discussions on the Dark Web are over, thanks to increasing investigation by law-enforcement. However, CaaS vendors still sell products like exploit kits, custom spam, and access to infected endpoints to those who know where to look. Security Intelligence discusses one of the most popular commodities, webinjection resources, in its article, “Dark Web Suppliers and Organized Cybercrime Gigs.” Reporter Limor Kessem explains:

“Webinjections are code snippets that financial malware can force into otherwise legitimate Web pages by hooking the Internet browser. Once a browser has been compromised by the malware, attackers can use these injections to modify what infected users see on their bank’s pages or insert additional data input fields into legitimate login pages in order to steal information or mislead unsuspecting users.

“Whether made up of HTML code or JavaScript, webinjections are probably the most powerful social engineering tool available to cybercriminals who operate banking Trojan botnets.

“To be considered both high-quality and effective, these webinjections have to seamlessly integrate with the malware’s injection mechanism, display social engineering that corresponds with the target bank’s authentication and transaction authorization schemes and have the perfect look and feel to fool even the keenest customer eye.”

Citing IBM X-Force research, Kessem says there seem to be only a few target-specific webinjection experts operating on the Dark Web. Even cybercriminals who develop their own malware are outsourcing the webinjection code to one of these specialists. This means, of course, that attacks from different groups often contain similar or identical webinjection code. IBM researchers have already used their findings about one such vendor  to build specific “indicators of compromise,” which can be integrated into IBM Security products. The article concludes with a suggestion:

“Security professionals can further extend this knowledge to other platforms, like SIEM and intrusion prevention systems, by writing custom rules using information about injections shared on platforms like X-Force Exchange.”

 

Cynthia Murrell, April 25, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Next Page »