Shining a Flashlight in Space
November 9, 2016
A tired, yet thorough metaphor of explaining the dark web is shining a flashlight in space. If you shine a flashlight in space, your puny battery-powered beacon will not shed any light on the trillions of celestial objects that exist in the vacuum. While you wave the flashlight around trying to see something in the cosmos, you are too blind to see the grand galactic show hidden by the beam. The University of Michigan shared the article, “Shadow Of The Dark Web” about Computer Science and Engineering Professor Mike Cafarella and his work with DARPA.
Cafarella is working on Memex, a project that goes beyond the regular text-based search engine. Using more powerful search tools, Memex concentrates on discovering information related to human trafficking. Older dark web search tools skimmed over information and were imprecise. Cafarella’s work improved dark web search tools, supplying data sets with more accurate information on traffickers, their contact information, and their location.
Humans are still needed to interpret the data as the algorithms do not know how to interpret the black market economic worth of trafficked people. His dark web search tools can be used for more than just sex trafficking:
His work can help identify systems of terrorist recruitment; bust money-laundering operations; build fossil databases from a century’s worth of paleontology publications; identify the genetic basis of diseases by drawing from thousands of biomedical studies; and generally find hidden connections among people, places, and things.
I would never have thought a few years ago that database and data-mining research could have such an impact, and it’s really exciting,’ says Cafarella. ‘Our data has been shipped to law enforcement, and we hear that it’s been used to make real arrests. That feels great.
In order to see the dark web, you need more than a flashlight. To continue the space metaphor, you need a powerful telescope that scans the heavens and can search the darkness where no light ever passes.
Whitney Grace, November 9, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Google May Be Edging Out Its Competitors Surreptitiously
November 9, 2016
Leading secure email service provider ProtonMail mysteriously vanished from Google’s search results for 10 long months. Though the search engine giant denies any wrongdoing on its part, privacy advocates are crying foul.
ZDNet in an article titled ProtonMail strikes out at Google for crippling encrypted email service searches says:
ProtonMail has accused Google of hiding the company from search results in what may have been an attempt to suffocate the Gmail competitor. The free encrypted email service, which caters to nearly one million users worldwide, has enjoyed an increasing user base and popularity over the past few years as governments worldwide seek to increase their surveillance powers.
This is not the first time that Google has been accused of misusing its dominant position to edge out its competitors. The technology giant is also facing anti-trust lawsuit in Europe over the way it manipulates search results to retain its dominance.
Though ProtonMail tried to contact Google multiple time, all attempts elicited no response from the company. Just as the secure email service provider vanished from its organic search results, it mysteriously reappeared enabling the email service provider to get back on its feet financially.
As stated in the article:
Once Google issued a “fix,” ProtonMail’s search ranking immediately recovered. Now, the company is ranked at number one and number three for the search terms at the heart of the situation.
What caused the outage is still unknown. According to ProtonMail, it might be a bug in the search engine algorithm. Privacy advocates, however, are of the opinion that ProtonMail’s encrypted email might have been irking Google.
Vishal Ingole, November 9, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Good Old Sleuthing Can Still Beat Dark Web
November 8, 2016
Undercover investigative work of different agencies in Bergen County, New York resulted in arrest of an 18-year old man who was offering hitman services over the Dark Net.
As reported by Patch.com in news report titled Hitman Who Drove To Mahwah For Meeting Arrested: Prosecutor :
The Mahwah Police Department, Homeland Security Investigations, and the Bergen County Prosecutor’s Office Cyber Crimes Unit investigated Rowling, a Richmondville, New York resident. Rowling allegedly used the dark web to offer his services as a hitman.
Tracking Dark Web participants are extremely difficult, thus undercover agents posing as buyers were scouting hitmen in New York. Rowling without suspecting anything offered his services in return for some cash and a gun. The meeting was fixed at Mason Jar in Mahwah where he was subsequently arrested and remanded to Bergen County Jail.
As per the report, Rowling is being charged with:
In addition to conspiracy to murder, Rowling was charged with possession of a weapon for an unlawful purpose, unlawful possession of a weapon, and possession of silencer, Grewal said.
Drug traffickers, hackers, smugglers of contraband goods and narcotics are increasingly using the Dark Web for selling their goods and services. Authorities under such circumstances have no option but to use old techniques of investigation and put the criminals behind bars. However, most of the Dark Net and its participants are still out of reach of law enforcement agencies.
Vishal Ingole, November 8, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Hackers Having Field Day with Mirai Botnet
November 7, 2016
The massive cyber-attack that crippled major website across the US on October 21 was executed using an extensive network of infected computers and smart devices. The same botnet is now on sale on Dark Web which will enable hackers to launch similar or even massive attacks in the future.
As reported by Cyberscoop in article titled You can now buy a Mirai-powered botnet on the dark web:
A botnet of this size could be used to launch DDoS attacks in addition to automated spam and ransomware campaigns. The price tag was $7,500, payable in bitcoin. The anonymous vendor claimed it could generate a massive 1 terabit per second worth of internet traffic.
The particular botnet used in the Dyn attack are all infected with Mirai malware. Though the source code of the malware is freely available across hacker forums, a vendor over Dark Net is offering ready to use Mirai-Powered botnet for $7,500. This enables any hacker to launch DDoS attack of any scale on any network across the globe.
As the article points out:
With the rise of Mirai, experts say the underground DDoS market is shifting as vendors now have the ability to supercharge all of their offerings; giving them an avenue to potentially find new profits and to sell more destructive DDoS cannons.
Though the botnet at present is for sale, soon the prices may drop or even become free enabling a teenager sitting at home to bring down any major network down with few clicks. Things already have been set in motion, it only needs to be seen, when and where the next attack occurs.
Vishal Ingole, November 7, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Is Your Company a Data Management Leader or Laggard?
November 4, 2016
The article titled Companies are Falling Short in Data Management on IT ProPortal describes the obstacles facing many businesses when it comes to data management optimization. Why does this matter? The article states that big data analytics and the internet of things will combine to form an over $300 billion industry by 2020. Companies that fail to build up their capabilities will lose out—big. The article explains,
More than two thirds of data management leaders believe they have an effective data management strategy. They also believe they are approaching data cleansing and analytics the right way…The [SAS] report also says that approximately 10 per cent of companies it calls ‘laggards’, believe the same thing. The problem is – there are as many ‘laggards’, as there are leaders in the majority of industries, which leads SAS to a conclusion that ‘many companies are falling short in data management’.
In order to avoid this trend, company leaders must identify the obstacles impeding their path. A better focus on staff training and development is only possible after recognizing that a lack of internal skills is one of the most common issues. Additionally, companies must clearly define their data strategy and disseminate the vision among all levels of personnel.
Chelsea Kerwin, November 4, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Worried about Risk? Now Think about Fear
November 3, 2016
I clicked through a remarkable listicle offered by CSO Magazine from my contract savvy pals at IDG. I don’t know much about risk, but I have encountered fear before. I recall an MBA Wall Street person who did not have enough cash to pay for lunch. I picked up the tab. That fellow had fear in his eyes because his firm had just gone out of business. Paying for a car service, nannies, country clubs, and a big house triggered the person’s fright.
You can be captured and tortured in an off the grid prison. Be afraid. Embrace IDG and be safe. Sort of. Maybe.
Well, CIO Magazine wants to use technology to make you, gentle reader, fearful. In case you are not nervous about your job, the London tabloids reports about a nuclear war, and the exploding mobile phone in your pocket.
Here are the “fears” revealed in “Frightening Technology Trends to Worry About.” Here we go:
- Overlooked internal threats. (Yes, someone in your organization is going to destroy you and your livelihood.)
- Finding and retaining top talent. (Of course, Facebook or Palantir will hire the one person who can actually make your firm’s software and systems work.)
- Multiple generations in the workforce. (Yes, what’s an old person going to do when dealing with those under 25. You are doomed. Doomed, I say.)
- Shifts in compliance. (Yes, the regulatory authorities will find violations and prevent your organization from finding new sources of revenue.)
- Migrating to the cloud. (Yes, the data are in the cloud. When you lose a file, that cherished document may be gone forever. Plus, the IT wizard at your firm now works at Palantir and is not answering your texts.)
- Getting buy in on hyper convergence. (Yes, you are pushing the mantra “everything is digital” and your colleagues wonder if you have lost your mind. Do you see hyper pink elephants?)
- Phishing and email attacks. (Yes, your emails are public. Did you use the company system to organize a Cub Scout bake sale, buy interesting products, or set up an alias and create a bogus Twitter account?)
- Hacktivism. (Yes, you worry about hackers and activism. Both seem bad and both are terrifying to you. Quick click on the link from Google telling you your account has been compromised and you need to change your password. Do it. Do it now.)
- The next zero day attack. (Yes, yes. You click on a video on an interesting Web site and your computing device is compromised. A hacker has your data and control of your mobile phone. And your contacts. My heavens, your contacts. Gone.)
- The advanced persistent threat. (Yes, yes, yes. Persistent threats. No matter what you do, your identify will be stolen and your assets sucked into a bank in Bulgaria. It may be happening now. Now I tell you. Now.)
- Mobile exploits. (Oh, goodness. Your progeny are using your old mobile phones. Predators will seek them out and strike them down with digital weapons. Kidnapping is a distinct possibility. Ransom. The news at 6 pm. Oh, oh, oh.)
- State sponsored attacks. (Not Russia, not China, not a Middle Eastern country. You visited one of these places and enjoyed the people. The people are wonderful. But the countries’ governments will get you. You are toast.)
How do you feel, gentle reader. Terrified. Well, that’s what CSO from IDG has in mind. Now sign up for the consulting services and pay to learn how to be less fearful. Yes, peace of mind is there for the taking. No Zen retreat in Peru. Just IDG, the reassuring real journalistic outfit. Now about those contracts, Dave Schubmehl?
Stephen E Arnold, October 3, 2016
Dark Web Is a Double Edged Sword
November 3, 2016
Apart from hackers and criminals of all kind, the Dark Web is also used by whistleblowers and oppressed citizens for communicating. The Dark Web thus is one of the most secure modes of communicating online; more than secure apps like WhatsApp.
The Newsweek in an article titled How the Dark Web Works and What It Looks Like says:
Dark web technologies are robustly built without central points of weakness, making it hard for authorities to infiltrate. Another issue for law enforcement is that—like most things—the dark web and its technologies can also be used for both good and evil.
Despite backdoors and exploits, law enforcement agencies find it difficult to track Dark Web participants. Few technology companies like Facebook, Microsoft, and Google through its messenger apps promise to provide end-to-end encryption to its users. However, the same companies now are harvesting data from these apps for commercial purposes. If that is the case, these apps can no longer be trusted. As pointed out by the article:
And yet some of these same communications companies have been harvesting user data for their own internal processes. Famously, Facebook enabled encryption on WhatsApp, protecting the communications from prying eyes, but could still look at data in the app itself.
Thus, for now, it seems Dark Web is the only form of secure communication online. It, however, needs to be seen how long the formless and headless entity called Dark Web remains invincible.
Vishal Ingole, November 3, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Facial Recognition Fraught with Inaccuracies
November 2, 2016
Images of more than 117 million adult Americans are with law enforcement agencies, yet the rate of accurately identifying people accurately is minuscule.
A news report by The Register titled Meanwhile, in America: Half of adults’ faces are in police databases says:
One in four American law enforcement agencies across federal, state, and local levels use facial recognition technology, the study estimates. And now some US police departments have begun deploying real-time facial recognition systems.
Though facial recognition software vendors claim accuracy rates anywhere between 60 to 95 percent, statistics tell an entirely different story:
Of the FBI’s 36,420 searches of state license photo and mug shot databases, only 210 (0.6 per cent) yielded likely candidates for further investigations,” the study says. “Overall, 8,590 (4 per cent) of the FBI’s 214,920 searches yielded likely matches.
Some of the impediments for accuracy include low light conditions in which the images are captured, lower procession power or numerous simultaneous search requests and slow search algorithms. The report also reveals that human involvement also reduces the overall accuracy by more than 50 percent.
The report also touches a very pertinent point – privacy. Police departments and other law enforcement agencies are increasingly deploying real-time facial recognition. It not only is an invasion of privacy but the vulnerable networks can also be tapped into by non-state actors. Facial recognition should be used only in case of serious crimes, using it blatantly is an absolute no-no. It can be used in many ways for tracking people, even though they may not be criminals. Thus, it remains to be answered, who will watch the watchmen?
Vishal Ingole, November 2, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Americans Are Complacent About Online Data Breaches
November 1, 2016
Users of email, social networks, and other online services are aware of possible dangers that data breaches cause, but surprisingly are less concerned about it in 2016, a survey reveals.
Observer recently published a report titled Fears of the Web’s Dark Side—Strangely—Are Not Growing, which reveals:
People’s fears about their email being hacked have receded somewhat since 2014, bizarrely. Across the 1,071 Americans surveyed, that particular worry receded from 69 to 71 percent.
The survey commissioned by Craigconnects also reveals that online users are no longer very concerned about their data getting leaked online that may be used for identity theft; despite large scale breaches like Ashley Madison. Users, as the survey points out have accepted it as a trade-off for the convenience of Internet.
The reason for the complacency setting in probably lies in the fact that people have realized:
The business of social media company is built upon gathering as much information as possible about users and using that information to sell ads,” Michael W. Wellman, CEO of Virgil Security wrote the Observer in an email. “If the service is free, it’s the user that’s being sold.
Nearly 7 percent Americans are victims of identity theft. This, however, has not dissuaded them from taking precautionary measures to protect their identity online. Most users are aware that identity theft can be used for stealing money from bank accounts, but there are other dangers as well. For instance, prescription medication can be obtained legally using details of an identity theft victim. And then there are uses of the stolen data that only Dark Web actors know where such data of millions of victims is available for few hundred dollars.
Vishal Ingole November 1, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Be Prepared for Foggy Computing
October 31, 2016
Cloud computing allows users to access their files or hard drive from multiple devices at multiple locations. Fog computing, on the other hand, is something else entirely. Fog computing is the latest buzzword in the tech world and pretty soon it will be in the lexicon. If you are unfamiliar with fog computing, read Forbes’s article, “What Is Fog Computing? And Why It Matters In Our Big Data And IoT World.”
According to the article, smartphones are “smart” because they receive and share information with the cloud. The biggest problem with cloud computing is bandwidth, slow Internet speeds. The United States is 35th in the world for bandwidth speed, which is contrary to the belief that it is the most advanced country in the world. Demand for faster speeds increases every day. Fog computing also known as edge computing seeks to resolve the problem by grounding data. How does one “ground” data?
What if the laptop could download software updates and then share them with the phones and tablets? Instead of using precious (and slow) bandwidth for each device to individually download the updates from the cloud, they could utilize the computing power all around us and communicate internally.
Fog computing makes accessing data faster, more efficient, and more reliably from a local area rather than routing to the cloud and back. IBM and Cisco Systems are developing projects that would push computing to more local areas, such as a router, devices, and sensors.
Considering that there are security issues with housing data on a third party’s digital storage unit, it would be better to locate a more local solution. Kind of like back in the old days, when people housed their data on CPUs.
Whitney Grace, October 31, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
