CIA Adapts to Cyber Reality
January 5, 2017
It would be quite the understatement to say the Internet had drastically changed the spy business. The evolution comes with its ups and downs, we learn from the article, “CIA Cyber Official Sees Data Flood as Both Godsend and Danger” at the Stars and Stripes. Reporter Nafeesa Syeed cites an interview with Sean Roche, the CIA’s associate deputy director for digital innovation. The article informs us:
A career CIA official, Roche joined the agency’s new Directorate for Digital Innovation, which opened in October, after serving as deputy director for science and technology.[…]
Roche’s division was the first directorate the CIA added in half a century. His responsibilities include updating the agency’s older systems, which aren’t compatible with current technology and in some cases can’t even accommodate encryption. The directorate also combined those handling the agency’s information technology and internet systems with the team that monitors global cyber threats. ‘We get very good insights into what the cyber actors are doing and we stop them before they get to our door,’ Roche said.
Apparently, finding tech talent has not been a problem for the high-profile agency. In fact, Syeed tells us, many agents who had moved on to the IT industry are returning, in senior positions, armed with their cyber experience. Much new talent is also attracted by the idea of CIA caché. Roche also asserts he is working to boost ethnic diversity in the CIA by working with organizations that encourage minorities to pursue work in technical fields. What a good, proactive idea! Perhaps Roche would consider also working with groups that promote gender equity in STEM fields.
In case you are curious, Roche’s list of the top nations threatening our cybersecurity includes Russia, China, Iran, and North Korea. No surprises there.
Cynthia Murrell, January 5, 2017
Linux Users Can Safely Test Alpha Stage Tor Browser
January 5, 2017
The Tor Project has released the Alpha version of Tor Browser exclusive to Linux that users can test and use in sandboxed mode.
As reported by Bleeping Computer in article titled First Version of Sandboxed Tor Browser Available:
Sandboxing is a security mechanism employed to separate running processes. In computer security, sandboxing an application means separating its process from the OS, so vulnerabilities in that app can’t be leveraged to extend access to the underlying operating system.
As the browser that’s still under development is open to vulnerabilities, these loopholes can be used by competent parties to track down individuals. Sandboxing eliminates this possibility completely. The article further states that:
In recent years, Tor exploits have been deployed in order to identify and catch crooks hiding their identity using Tor. The Tor Project knows that these types of exploits can be used for other actions besides catching pedophiles and drug dealers. An exploit that unmasks Tor users can be very easily used to identify political dissidents or journalists investigating cases of corrupt politicians.
The Tor Project has been trying earnestly to close these loopholes and this seems to be one of their efforts to help netizens stay safe from prying eyes. But again, no system is full-proof. As soon as the new version is released, another exploit might follow suit.
Vishal Ingole, January 5, 2017
Malicious Tor Relays on over a Hundred Computers
January 4, 2017
For all the effort enterprises go to in securing data through technological solutions, there are also other variables to consider: employees. Ars Technica released an article, Malicious computers caught snooping on Tor-anonymized Dark Web sites, which explained malicious relays were found on over 110 machines around the world. Computer scientists at Northeastern University tracked these computers using honeypot.onion addresses, calling them “honions.” The article continues,
The research is only the latest indication that Tor can’t automatically guarantee the anonymity of hidden services or the people visiting them. Last year, FBI agents cracked open a Tor-hidden child pornography website using a technique that remains undisclosed to this day. In 2014, researchers canceled a security conference talk demonstrating a low-cost way to de-anonymize Tor users following requests by attorneys from Carnegie Mellon, where the researchers were employed. Tor developers have since fixed the weakness that made the exploit possible. More than 70 percent of the snooping hidden services directories were hosted on cloud services, making it hard for most outsiders to identify the operators.
While some may wonder if the snooping is a result of a technical glitch or other error, the article suggests this is not the case. Researchers found that in order for a directory to misbehave in this way, an operator has to change the code from Tor and add logging capabilities. It appears the impact this will have is yet to be fully revealed.
Megan Feil, January 4, 2017
Norwegian Investigators Bust Child Pornography Racket over Dark Web
January 3, 2017
A yearlong investigation has busted a huge child pornography racket and resulted in a seizure of 150 Terabytes of pornographic material. Out of 51 accused, 20 so far have been arrested.
New Nationalist in a news piece titled – 150 Terabytes! Norway Busts Largest Dark Web, Child Porn Networks in History — US, UK Media Ignore Story says:
It’s one of the largest child sex abuse cases in history. A year-long special investigation called “Operation Darkroom” resulted in the seizure of 150 terabytes of data material in the form of photos, movies and chat logs containing atrocities against children as young as infancy, Norwegian police announced at a news conference in late November.
The investigation has opened a Pandora’s box of pedophiles. The accused list mostly comprises of educated individuals like politicians, lawyers, teachers, and a police officer too. Most accused are yet to be apprehended by the investigators.
Despite the bust happening in November followed by a press conference, US and UK based media has turned a blind eye towards this happening. The news report further states:
The Library of Congress holds about 600 terabytes of Web data. Its online archive grows at a rate of about 5 terabytes per month. Also note the horrifically sadistic nature of the material seized. And note that police are investigating the reach as worldwide, which means it involves a massive scale of evil filth. But nobody in the criminally compliant mainstream media thinks its newsworthy.
It might be possible that the world media was busy with US Presidential elections, thus its reporting was very low key. An interesting take away from this entire sad episode – the Dark Web is not a hideout of hackers, terrorists, drug dealers, and hitmen – seemingly upright citizens lurk on Dark Web too.
Vishal Ingole, January 3, 2017
Legal Clarity Recommended for Understanding Cyberthreat Offense and Defense
January 2, 2017
Recently a conference took place about cybersecurity in the enterprise world. In the Computer World article, Offensive hackers should be part of enterprise DNA, the keynote speaker’s address is quoted heavily. CEO of Endgame Nate Fick addressed the audience, which apparently included many offensive hackers, by speaking about his experience in the private sector and in the military. His perspective is shared,
“We need discontinuity in the adoption cure,” Fick said, “but you can’t hack back. Hacking back is stupid, for many reasons not just that it is illegal.” He argued that while it is illegal, laws change. “Remember it used to be illegal to drink a beer in this country, and it was legal for a kid to work in a coal mine,” he said. Beyond the issue of legality, hacking back is, what Fick described as, climbing up the escalatory ladder, which you can’t do successfully unless you have the right tools. The tools and the power or ability to use them legally has historically been granted to the government.
Perhaps looking toward a day where hacking back will not be illegal, Fick explains an alternative course of action. He advocates for stronger defense and clear government policies around cybersecurity that declare what constitutes as a cyberthreat offense. The strategy being that further action on behalf of the attacked would count as defense. We will be keeping our eyes on how long hacking back remains illegal in some jurisdictions.
Megan Feil, January 2, 2017
Austrian Ministers Wants to Look into Your Private Communications
January 2, 2017
Under the garb of curbing terrorist activities, an Austrian minister has proposed setting up of federal Trojan or an agency that can read encrypted messages over WhatsApp and Facebook.
DeepDotWeb in an article titled Austrian Government Wants a Federal Trojan to Patrol the Dark Web says:
Austrian Interior Minister Wolfgang Sobotka (ÖVP) is preparing to implement a “federal trojan” to patrol the dark net. With this state spying software, Austrian law enforcement authorities hope they can prevent cybercriminal activity on the dark web.
The minister is demanding that government should possess a Trojan or technology that will allow it to read what messages exchanged by people over WhatsApp and Facebook messenger. This ze feels is necessary to foil terrorist attacks in Austria.
The entire argument hinges on:
Multiple researches have proven that the Islamic State uses social media platforms and encrypted messaging for recruiting potential terrorists and for other communications. The German government is also working on a similar device by the Central Agency for Information Technology in the security area (Zitis). Currently, about 400 IT professionals are on the project.
This is the second attempt by the Interior Minister to get a Bill passed that allowed federal agencies to snoop on private citizens. The minister wants unfettered access to messages and other data of citizens; terrorists or not.
If the Bill is passed, it will have serious implications on privacy of citizens. However, what would be more interesting is to see how companies like Facebook, Google and Apple respond to it.
Vishal Ingole January 2, 2017
Google May Erase Line Between History and Real Time
December 30, 2016
Do you remember where you were or what you searched the first time you used Google? This investors.com author does and shares the story about that, in addition to the story about what may be the last time he used Google. The article entitled Google Makes An ‘Historic’ Mistake reports on the demise of a search feature on mobile. Users may no longer search published dates in a custom range. It was accessed by clicking “Search tools” followed by “Any time”. The article provides Google’s explanation for the elimination of this feature,
On a product forum page where it made this announcement, Google says:
After much thought and consideration, Google has decided to retire the Search Custom Date Range Tool on mobile. Today we are starting to gradually unlaunch this feature for all users, as we believe we can create a better experience by focusing on more highly-utilized search features that work seamlessly across both mobile and desktop. Please note that this will still be available on desktop, and all other date restriction tools (e.g., “Past hour,” “Past 24 hours,” “Past week,” “Past month,” “Past year”) will remain on mobile.
The author critiques Google, saying this move force users back to the dying desktop for this feature no longer prioritized on mobile. The point appears to be missed in this critique. The feature was not heavily utilized. With the influx of real-time data, who needs history — who needs time limits? Certainly not a Google mobile search user.
Megan Feil, December 30, 2016
Now Watson Wants to Be a Judge
December 27, 2016
IBM has deployed Watson in many fields, including the culinary arts, sports, and medicine. The big data supercomputer can be used in any field or industry that creates a lot of data. Watson, in turn, will digest the data, and depending on the algorithms spit out results. Now IBM wants Watson to take on the daunting task of judging, says The Drum in “Can Watson Pick A Cannes Lion Winner? IBM’s Cognitive System Tries Its Arm At Judging Awards.”
According to the article, judging is a cognitive process and requires special algorithms, not the mention the bias of certain judges. In other words, it should be right up Watson’s alley (perhaps the results will be less subjective as well). The Drum decided to put Watson to the ultimate creative test and fed Watson thousands of previous Cannes films. Then Watson predicted who would win the Cannes Film Festival in the Outdoor category this year.
This could change the way contests are judged:
The Drum’s magazine editor Thomas O’Neill added: “This is an experiment that could massively disrupt the awards industry. We have the potential here of AI being able to identify an award winning ad from a loser before you’ve even bothered splashing out on the entry fee. We’re looking forward to seeing whether it proves as accurate in reality as it did in training.
I would really like to see this applied to the Academy Awards that are often criticized for their lack of diversity and consisting of older, white men. It would be great to see if Watson would yield different results that what the Academy actually selects.
Whitney Grace, December 27, 2016
Shorter Content Means Death for Scientific Articles
December 26, 2016
The digital age is a culture that subsists on digesting quick bits of information before moving onto the next. Scientific journals are hardly the herald of popular trends, but in order to maintain relevancy with audiences the journals are pushing for shorter articles. The shorter articles, however, presents a problem for the authors says Ars Technica in the, “Scientific Publishers Are Killing Research Papers.”
Shorter articles are also pushed because scientific journals have limited pages to print. The journals are also pressured to include results and conclusions over methods to keep the articles short. The methods, in fact, are usually published in another publication labeled supplementary information:
Supplementary information doesn’t come in the print version of journals, so good luck understanding a paper if you like reading the hard copy. Neither is it attached to the paper if you download it for reading later—supplementary information is typically a separate download, sometimes much larger than the paper itself, and often paywalled. So if you want to download a study’s methods, you have to be on a campus with access to the journal, use your institutional proxy, or jump through whatever hoops are required.
The lack of methodical information can hurt researchers who rely on the extra facts to see if it is relevant to their own work. The shortened articles also reference the supplementary materials and without them it can be hard to understand the published results. The shorter scientific articles may be better for general interest, but if they lack significant information than how can general audiences understand them?
In short, the supplementary material should be included online and should be easily accessed.
Whitney Grace, December 26, 2016
Bank App Does Not Play Well with Tor Browser
December 22, 2016
Bank apps are a convenient way to access and keep track of your accounts. They are mainly used on mobile devices and are advertised for the user on the go. One UK bank app, however, refuses to play nice with devices that have the Tor browser, reports the Register in the article, “Tor Torpedoed! Tesco Bank App Won’t Run With Privacy Tool Installed.”
Tesco is a popular bank present in supermarkets, but if you want to protect your online privacy by using the Tor browser on your mobile device the Tesco app will not work on said device. Marcus Davage, the mainframe database administrator, alerted Tesco patrons that in order to use the Tesco app, they needed to delete the Tor browser. Why is this happening?
The issue appears to be related to security. Tesco’s help site notes that the Android app checks for malware and other possible security risks (such as the phone being rooted) upon launching and, in this case, the Tor software triggers an alert. The Tor Project makes two apps for Android, the aforementioned Orbot and the Orfox browser, both of which allow users to encrypt their data traffic using the Tor network. According to the Play Store, Orbot has been downloaded more than five million times by Android users.
App developers need to take into account that the Tor browser is not malware. Many users are concerned with their online privacy and protecting their personal information, so Tor needs to be recognized as a safe application.
Whitney Grace, December 22, 2016
-
- Subscribe to Beyond Search
Feature archive
News archive
-
