CyberOSINT banner

Leaky Web Pages a Call To Criminals

February 6, 2016

The Dark Web relies on the Tor network’s complex, multi-layered encryption technology to hide Web URLs and traffic sources. As we learned in “Basic Error Can Reveal Hidden Dark Web sites, however, not all hidden searches are actually hidden. Apache, the most widely used Web server software, includes a module that could make it easy for criminals to watch what Dark Web users are doing.  A Facebook wizard points out that Apache’s “out-of-the-box” configuration, which is used to hide server-status page information, could inadvertently help hackers follow users as they meander through the Deep Web.

In 2012, Popular Web Sites Were Leaking System Status Information, Private Data and Passwords”  confirmed what many had long suspected. Then, in 2015, a researcger discovered a Dark Web search engine not only showed what people were searching for. This begs the question:

What if a malicious actor had found that page instead of Muffet. They could have used it to assemble a trove of search data and, as we learned from the 2006 AOL search data leak, that can be enough Big Data to start unmasking people.  And it gets worse. Exposed server status pages are a potential threat to users, but under some circumstances, they can completely unravel the protection that Tor provides to hidden websites.

In a perfect world, only localhost would have access to the mod-status feature. But Tor daemon also runs on localhost. All hackers have to do to access sensitive data is to exploit this weakness and anyone can see what people are looking at in the Deep Web.

Locard’s Principle tells us that criminal not only bring something of themselves to a crime scene, bad actors leave something behind, too. This clues, no matter how small, may help analysts and investigators shine a light on Dark Web criminals.

Martin A. Matisoff, MSc, February 6, 2016.

Sponsored by, publishers of the CyberSINT monograph.

Its Official: Facebook and the Dark Web

February 5, 2016

A piece from Nextgov suggests just how ubiquitous the Dark Web could become. Published as Facebook is giving users a new way to access it on the ‘Dark Web’, this article tells us “a sizeable community” of its users are also Dark Web users; Facebook has not released exact figures. Why are people using the Dark Web for everyday internet browsing purposes? The article states:

“Facebook’s Tor site is one way for people to access their accounts when the regular Facebook site is blocked by governments—such as when Bangladesh cut off access to Facebook, its Messenger and Whatsapp chat platforms, and messaging app Viber for about three weeks in November 2015. As the ban took effect, the overall number of Tor users in Bangladesh spiked by about 10 times, to more than 20,000 a day. When the ban was lifted, the number dropped back to its previous level.”

Public perception of the darknet is changing. If there was any metric to lend credibility to the Dark Web being increasingly used for mainstream purposes, it is Facebook adding a .onion address. Individual’s desire for security, uninterrupted and expansive internet access will only contribute to the Dark Web’s user base. While the Silk Road-type element is sure to remain as well, it will be interesting to see how things evolve.


Megan Feil, February 5, 2016

Sponsored by, publisher of the CyberOSINT monograph

IBM Sells Technology Platform with a Throwback to Big Datas Mysteries

February 2, 2016

The infographic on the IBM Big Data & Analytics Hub titled Extracting Business Value From the 4 V’s of Big Data involves quantifying Volume (scale of data), Velocity (speed of data), Veracity (certainty of data), and Variety (diversity of data). In a time when big data may have been largely demystified, IBM makes an argument for its current relevance and import, not to mention its mystique, with reminders of the tremendous amounts of data being created and consumed on a daily basis. Ultimately the graphic is an ad for the IBM Analytics Technology Platform. The infographic also references a “fifth “V”,

“Big data = the ability to achieve greater Value through insights from superior analytics. Case Study: A US-based aircraft engine manufacturer now uses analytics to predict engine events that lead to costly airline disruptions, with 97% accuracy. If this prediction capability had ben available in the previous year, it would have saved $63 million.”
IBM struggles for revenue. But, obviously from this infographic, IBM knows how to create Value with a capital “V”, if not revenue. The IBM Analytics Technology Platform promises speedier insights and actionable information from trustworthy sources. The infographic reminds us that poor quality in data leads to sad executives, and that data is growing exponentially, with 90% of all data forged in only the last two years.


Chelsea Kerwin, February 2, 2016

Sponsored by, publisher of the CyberOSINT monograph

Big Data Is so Last Year, Data Analysts Inform Us

February 1, 2016

The article on Fortune titled Has Big Data Gone Mainstream? asks whether big data is now an expected part of data analysis. The “merger” as Deloitte advisor Tom Davenport puts it, makes big data an indistinguishable aspect of data crunching. Only a few years ago, it was a scary buzzword that executives scrambled to understand and few experts specialized in. The article shows what has changed lately,

“Now, however, universities offer specialized master’s degrees for advanced data analytics and companies are creating their own in-house programs to train talent in data science. The Deloitte report cites networking giant Cisco  CSCO -4.22%  as an example of a company that created an internal data science training program that over 200 employees have gone through. Because of media reports, consulting services, and analysts talking up “big data,” people now generally understand what big data means…”

Davenport sums up the trend nicely with the statement that people are tired of reading about big data and ready to “do it.” So what will replace big data as the current mysterious buzzword that irks laypeople and the C-suite simultaneously? The article suggests “cognitive computing” or computer systems using artificial intelligence for speech recognition, object identification, and machine learning. Buzz, buzz!

Chelsea Kerwin, February 1, 2016

Sponsored by, publisher of the CyberOSINT monograph

Trust and Security Lessons Offered by the Dark Web

January 27, 2016

Spreading lessons about trust is not what most people think when they think of the drug dealers, hackers and cyber criminals of the Dark Web, but an article from Medium begs to differ. Let’s hear it for the bad guys: What the Dark Web can teach us about trust focuses on the idea that these “bad guys” are successfully and efficiently making transactions, ultimately based on trust. The article states:

“Crucially, they offer the same kind of reliability of experience rather than ripping people off, thus creating a sustainable business model. Transactions are made using digital currency Bitcoin and are recorded and verified through a distributed public ledger called the block chain. In this way, such sites build trust by offering a straightforward transaction built on transparency, albeit achieved with complete anonymity.”

This trust may be seen as missing from many internet sites where collection of personal data is the price of admission; the Dark Web offers an alternative with the promise of information not being tracked. Ironically, the issue of information being collected, albeit through other means, and sold through channels in the Dark Web means the problem of security is not eradicated.


Megan Feil, January 27, 2016

Sponsored by, publisher of the CyberOSINT monograph


Beware: Spyware Disguised as Search

January 27, 2016

Do you know how when you type an incorrect Web address into the search bar and you are redirected to a search page saying it could not find the address?  According to PCRisk one of these redirected pages could mean you serious harm, “ Redirect.”  If you have ever heard of, you should get off the page as quickly as possible.

Snjsearch masquerades as a legitimate Internet search engine with more relevant results than Google.  However, this is a false claim!  The developers include spyware within an installation packet to track browsing history and other sensitive information.

The biggest question you are probably asking is how gets installed on your computer?

“This deceptive website is promoted as a ‘bundle’ with other software. The developers know that many users do not pay enough attention when downloading and installing software. Therefore, bundled applications (or in this case, modification of browser settings) are usually concealed within the ‘Custom/Advanced’ settings. Many users rush these processes and skip virtually all steps, leading to inadvertent installation of potentially unwanted programs. This exposes their systems to risk of further infection and compromises their privacy.”

The easiest way to avoid downloading is to monitor all downloads, making sure that is not included in an installation bundle.  Another preventive measure would be to know where you download an item.  Remember the saying, “don’t take candy from strangers”?  Well, do not take free downloads from strange Web sites.

If you believe you have on your computer, the article contains steps to remove it.  If you are a curious person, do not experiment with unless appropriate precautions are taken; namely, using a separate, non-work computing device not connected to an office or work related network.


Whitney Grace, January 27, 2016
Sponsored by, publisher of the CyberOSINT monograph

Myanmar in Mobile: A Reminder of How Easy It Is to Make Assumptions

January 25, 2016

I suggest you read the write up “The Facebook Loving Farmers of Myanmar.” Useful information. You can work through the article and get a sense of the importance of connectivity to farmers in a region which is quite a bit different from Silicon Valley and Route 128.

I want to highlight two points which I noted. My hunch is that these will be different from many other folks’ reaction to the article.

The first point is a reference to the failure of the “one laptop per child” thing cooked up by someone in the US of A’s right coast. Here’s the quote I highlighted:

But the more we probe, the less justifiable the Samsung premium becomes. The Chinese phones are cheap but capable. I wonder if this makes Negroponte happy. His one laptop-per-child dream was never fully realized but one smartphone-per-human—far more capable and sensible than a laptop, in many ways—has most certainly arrived. I take notes.

The point is that traditional desktops and laptops are not what has captured the attention of the farmers of Myanmar. The shift to phones, Chinese phones in particular, can be described as a miss, a big miss for the “one laptop per child” idea. How many other high tech beliefs are going to be shown to be just wrong enough? This, for me, is a reminder that what seems obvious to those on the left and right coasts in the United States are pitching the equivalent of snowshoes to people who live where it does not snow.

The second point I circled was:

I realize then that smartphone tech crossed the Good Enough threshold years ago.

What if the money pumped into improving smartphones by making them bigger, smaller, in different colors, etc. is a living, breathing example of diminishing returns. No mater what the phone designers and manufacturers cook up, the pay back will keep getting smaller. Apple is becoming mobile dependent. Google is becoming mobile dependent. What if these investments creep toward lower and lower returns. In a lousy economic environment, could there be financial trouble ahead for these and allied companies?

My hunch is that there are more farmers in Myanmar type folks than there are those who can get hired at the likes of the sparkling tech citadels on the left and right coast of the US, the silicon fen, and the other confections of techno-wizardry.

The one laptop per child play was not just wrong by a little; it was wrong by a mile unless Google knows something the folks in Myanmar do not. See “Google Donates More Than $5 Million to Give Chromebooks to Refugees.”

Stephen E Arnold, January 25, 2016

Alphabet Google Justifies Its R&D Science Club Methods

January 23, 2016

In the midst of the snowmageddon craziness in rural Kentucky, I noted a couple of Alphabet Google write ups. Unlike the sale of shares, the article tackle the conceptual value of the Alphabet Google’s approach to research and development. I view most of Google’s post 2006 research as an advanced version of my high school science club projects.

Our tasks in 1960 included doing a moon measurement from central Illinois. Don’t laugh, Don and Bernard Jackson published their follow on to the science club musing in 1962. In Don’s first University of Illinois astronomy class, the paper was mentioned by the professor. The prof raised a question about the method. Don raised his hand and explained how the data were gathered. The prof was not impressed. Like many mavens, the notion that a college freshman and his brother wrote a paper, got it published, and then explained the method in front of a class of indifferent freshman was too much for the expert. I think the prof shifted to social science or economics, both less rigorous disciplines in my view.


Google’s research interests.

The point is that youth can get some things right. As folks age, the view of what’s right and what’s a little off the beam differ.

Let’s look at the first write up called “How Larry Page’s Obsessions Became Google’s Business.” Note that if the link is dead, you may have to subscribe to the newspaper or hit the library in search of a dead tree copy. The New York Times have an on again and off again approach to the Google. It’s not that the reporters don’t ask the right questions. I think that the “real” journalists get distracted with the free mouse pads and folks like Tony Bennett crooning in the cafeteria to think about what the Google was, is, and has become.

The article points out:

Mr. Page is hardly the first Silicon Valley chief with a case of intellectual wanderlust, but unlike most of his peers, he has invested far beyond his company’s core business and in many ways has made it a reflection of his personal fascinations.

I then learned:

Another question he likes to ask: “Why can’t this be bigger?”

The suggestion that bigger is better is interesting. Stakeholders assume the “bigger” means more revenue and profit. Let’s hope.

Then this insight:

When Mr. Page does talk in public, he tends to focus on optimistic pronouncements about the future and Google’s desire to help humanity.

Optimism is good.

I then worked through “Google Alphabet and Four times the Research Budget of Darpa and Larger Moonshot Ambitions than Darpa.”

The bigger, I thought, may not be revenue. The bigger may be the budget of the science club. If Don and Bernie Jackson could build on the moon data, Google can too. Right?

Read more

Microsoft Cortana Update Draws Users to Bing

January 22, 2016

The article titled Microsoft Updates Windows 10 Cortana With New Search Tools for Better Results on IB Times heralds the first good news for Bing in ages. The updates Microsoft implemented provide tremendous search power to users and focused search through a selection of filters. Previously, Cortana would search in every direction, but the filters enable a more targeted search for, say, applications instead of web results. The article explains,

“It’s a small change, but one that shows Microsoft’s dedication to making the assistant as useful as possible. Cortana is powered by Bing, so any improvements to the Windows 10 assistant will encourage more consumers to use Microsoft’s search engine. Microsoft made a big bet when it chose to deeply integrate Bing into Windows 10, and there is signs that it’s paying off. After the June 2015 Windows 10 launch, Bing attained profitability for the first time in October 2015.”

That positive note for Bing is deeply hedged on the company’s ability to improve mobile search, which has continued to grow as a major search platform while desktop search actually peaked, according to research. Microsoft launched Cortana on Android and iOS, but it is yet to be seen whether this was sufficient action to keep up the Bing momentum.

Chelsea Kerwin, January 22, 2016

Sponsored by, publisher of the CyberOSINT monograph


Eel Catcher Presages Future of Doctors and Lawyers

January 21, 2016

I read a poignant article called “The Last Eel Catcher: 3,000-Yo UK Tradition Comes to an End.” The write up points out:

Britain’s last traditional eel catcher announced his decision to stop the ancient practice because he “can’t live on empty pockets.”

Yep, McDo’s chicken nuggets or a vegan smoothie are raking in the dough.

I thought of the last eel catcher when I read “Davos: Doctors and Lawyers Could Be Replaced by Robots.” The business and governmental elite are thinking big thoughts about technology. I learned:

Andrew Moore, Dean of the school of computer science at Carnegie Mellon University, said machines were already performing many “boring tasks of white collar work”, with computers able to sift through millions of legal documents to help lawyers prepare for cases. “One by one you are going to see that things we thought would require our own personal ingenuity can be automated,” he told a panel at the World Economic Forum in Davos, Switzerland.

I assume that’s why Goldman Sachs is jumping on the smart software bandwagon.

What will these displaced, highly paid, quite confident individuals do for a living. Eel catching is out. KFC is a possibility. I know that a few will light their entrepreneurial fires or drive an Uber car until autonomous vehicles make it big. The future could become more interesting for the docs and the legal eagles.

Stephen E Arnold, January 21, 2016

Next Page »