Hackers Having Field Day with Mirai Botnet
November 7, 2016
The massive cyber-attack that crippled major website across the US on October 21 was executed using an extensive network of infected computers and smart devices. The same botnet is now on sale on Dark Web which will enable hackers to launch similar or even massive attacks in the future.
As reported by Cyberscoop in article titled You can now buy a Mirai-powered botnet on the dark web:
A botnet of this size could be used to launch DDoS attacks in addition to automated spam and ransomware campaigns. The price tag was $7,500, payable in bitcoin. The anonymous vendor claimed it could generate a massive 1 terabit per second worth of internet traffic.
The particular botnet used in the Dyn attack are all infected with Mirai malware. Though the source code of the malware is freely available across hacker forums, a vendor over Dark Net is offering ready to use Mirai-Powered botnet for $7,500. This enables any hacker to launch DDoS attack of any scale on any network across the globe.
As the article points out:
With the rise of Mirai, experts say the underground DDoS market is shifting as vendors now have the ability to supercharge all of their offerings; giving them an avenue to potentially find new profits and to sell more destructive DDoS cannons.
Though the botnet at present is for sale, soon the prices may drop or even become free enabling a teenager sitting at home to bring down any major network down with few clicks. Things already have been set in motion, it only needs to be seen, when and where the next attack occurs.
Vishal Ingole, November 7, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Is Your Company a Data Management Leader or Laggard?
November 4, 2016
The article titled Companies are Falling Short in Data Management on IT ProPortal describes the obstacles facing many businesses when it comes to data management optimization. Why does this matter? The article states that big data analytics and the internet of things will combine to form an over $300 billion industry by 2020. Companies that fail to build up their capabilities will lose out—big. The article explains,
More than two thirds of data management leaders believe they have an effective data management strategy. They also believe they are approaching data cleansing and analytics the right way…The [SAS] report also says that approximately 10 per cent of companies it calls ‘laggards’, believe the same thing. The problem is – there are as many ‘laggards’, as there are leaders in the majority of industries, which leads SAS to a conclusion that ‘many companies are falling short in data management’.
In order to avoid this trend, company leaders must identify the obstacles impeding their path. A better focus on staff training and development is only possible after recognizing that a lack of internal skills is one of the most common issues. Additionally, companies must clearly define their data strategy and disseminate the vision among all levels of personnel.
Chelsea Kerwin, November 4, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Worried about Risk? Now Think about Fear
November 3, 2016
I clicked through a remarkable listicle offered by CSO Magazine from my contract savvy pals at IDG. I don’t know much about risk, but I have encountered fear before. I recall an MBA Wall Street person who did not have enough cash to pay for lunch. I picked up the tab. That fellow had fear in his eyes because his firm had just gone out of business. Paying for a car service, nannies, country clubs, and a big house triggered the person’s fright.
You can be captured and tortured in an off the grid prison. Be afraid. Embrace IDG and be safe. Sort of. Maybe.
Well, CIO Magazine wants to use technology to make you, gentle reader, fearful. In case you are not nervous about your job, the London tabloids reports about a nuclear war, and the exploding mobile phone in your pocket.
Here are the “fears” revealed in “Frightening Technology Trends to Worry About.” Here we go:
- Overlooked internal threats. (Yes, someone in your organization is going to destroy you and your livelihood.)
- Finding and retaining top talent. (Of course, Facebook or Palantir will hire the one person who can actually make your firm’s software and systems work.)
- Multiple generations in the workforce. (Yes, what’s an old person going to do when dealing with those under 25. You are doomed. Doomed, I say.)
- Shifts in compliance. (Yes, the regulatory authorities will find violations and prevent your organization from finding new sources of revenue.)
- Migrating to the cloud. (Yes, the data are in the cloud. When you lose a file, that cherished document may be gone forever. Plus, the IT wizard at your firm now works at Palantir and is not answering your texts.)
- Getting buy in on hyper convergence. (Yes, you are pushing the mantra “everything is digital” and your colleagues wonder if you have lost your mind. Do you see hyper pink elephants?)
- Phishing and email attacks. (Yes, your emails are public. Did you use the company system to organize a Cub Scout bake sale, buy interesting products, or set up an alias and create a bogus Twitter account?)
- Hacktivism. (Yes, you worry about hackers and activism. Both seem bad and both are terrifying to you. Quick click on the link from Google telling you your account has been compromised and you need to change your password. Do it. Do it now.)
- The next zero day attack. (Yes, yes. You click on a video on an interesting Web site and your computing device is compromised. A hacker has your data and control of your mobile phone. And your contacts. My heavens, your contacts. Gone.)
- The advanced persistent threat. (Yes, yes, yes. Persistent threats. No matter what you do, your identify will be stolen and your assets sucked into a bank in Bulgaria. It may be happening now. Now I tell you. Now.)
- Mobile exploits. (Oh, goodness. Your progeny are using your old mobile phones. Predators will seek them out and strike them down with digital weapons. Kidnapping is a distinct possibility. Ransom. The news at 6 pm. Oh, oh, oh.)
- State sponsored attacks. (Not Russia, not China, not a Middle Eastern country. You visited one of these places and enjoyed the people. The people are wonderful. But the countries’ governments will get you. You are toast.)
How do you feel, gentle reader. Terrified. Well, that’s what CSO from IDG has in mind. Now sign up for the consulting services and pay to learn how to be less fearful. Yes, peace of mind is there for the taking. No Zen retreat in Peru. Just IDG, the reassuring real journalistic outfit. Now about those contracts, Dave Schubmehl?
Stephen E Arnold, October 3, 2016
Dark Web Is a Double Edged Sword
November 3, 2016
Apart from hackers and criminals of all kind, the Dark Web is also used by whistleblowers and oppressed citizens for communicating. The Dark Web thus is one of the most secure modes of communicating online; more than secure apps like WhatsApp.
The Newsweek in an article titled How the Dark Web Works and What It Looks Like says:
Dark web technologies are robustly built without central points of weakness, making it hard for authorities to infiltrate. Another issue for law enforcement is that—like most things—the dark web and its technologies can also be used for both good and evil.
Despite backdoors and exploits, law enforcement agencies find it difficult to track Dark Web participants. Few technology companies like Facebook, Microsoft, and Google through its messenger apps promise to provide end-to-end encryption to its users. However, the same companies now are harvesting data from these apps for commercial purposes. If that is the case, these apps can no longer be trusted. As pointed out by the article:
And yet some of these same communications companies have been harvesting user data for their own internal processes. Famously, Facebook enabled encryption on WhatsApp, protecting the communications from prying eyes, but could still look at data in the app itself.
Thus, for now, it seems Dark Web is the only form of secure communication online. It, however, needs to be seen how long the formless and headless entity called Dark Web remains invincible.
Vishal Ingole, November 3, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Facial Recognition Fraught with Inaccuracies
November 2, 2016
Images of more than 117 million adult Americans are with law enforcement agencies, yet the rate of accurately identifying people accurately is minuscule.
A news report by The Register titled Meanwhile, in America: Half of adults’ faces are in police databases says:
One in four American law enforcement agencies across federal, state, and local levels use facial recognition technology, the study estimates. And now some US police departments have begun deploying real-time facial recognition systems.
Though facial recognition software vendors claim accuracy rates anywhere between 60 to 95 percent, statistics tell an entirely different story:
Of the FBI’s 36,420 searches of state license photo and mug shot databases, only 210 (0.6 per cent) yielded likely candidates for further investigations,” the study says. “Overall, 8,590 (4 per cent) of the FBI’s 214,920 searches yielded likely matches.
Some of the impediments for accuracy include low light conditions in which the images are captured, lower procession power or numerous simultaneous search requests and slow search algorithms. The report also reveals that human involvement also reduces the overall accuracy by more than 50 percent.
The report also touches a very pertinent point – privacy. Police departments and other law enforcement agencies are increasingly deploying real-time facial recognition. It not only is an invasion of privacy but the vulnerable networks can also be tapped into by non-state actors. Facial recognition should be used only in case of serious crimes, using it blatantly is an absolute no-no. It can be used in many ways for tracking people, even though they may not be criminals. Thus, it remains to be answered, who will watch the watchmen?
Vishal Ingole, November 2, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Americans Are Complacent About Online Data Breaches
November 1, 2016
Users of email, social networks, and other online services are aware of possible dangers that data breaches cause, but surprisingly are less concerned about it in 2016, a survey reveals.
Observer recently published a report titled Fears of the Web’s Dark Side—Strangely—Are Not Growing, which reveals:
People’s fears about their email being hacked have receded somewhat since 2014, bizarrely. Across the 1,071 Americans surveyed, that particular worry receded from 69 to 71 percent.
The survey commissioned by Craigconnects also reveals that online users are no longer very concerned about their data getting leaked online that may be used for identity theft; despite large scale breaches like Ashley Madison. Users, as the survey points out have accepted it as a trade-off for the convenience of Internet.
The reason for the complacency setting in probably lies in the fact that people have realized:
The business of social media company is built upon gathering as much information as possible about users and using that information to sell ads,” Michael W. Wellman, CEO of Virgil Security wrote the Observer in an email. “If the service is free, it’s the user that’s being sold.
Nearly 7 percent Americans are victims of identity theft. This, however, has not dissuaded them from taking precautionary measures to protect their identity online. Most users are aware that identity theft can be used for stealing money from bank accounts, but there are other dangers as well. For instance, prescription medication can be obtained legally using details of an identity theft victim. And then there are uses of the stolen data that only Dark Web actors know where such data of millions of victims is available for few hundred dollars.
Vishal Ingole November 1, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Be Prepared for Foggy Computing
October 31, 2016
Cloud computing allows users to access their files or hard drive from multiple devices at multiple locations. Fog computing, on the other hand, is something else entirely. Fog computing is the latest buzzword in the tech world and pretty soon it will be in the lexicon. If you are unfamiliar with fog computing, read Forbes’s article, “What Is Fog Computing? And Why It Matters In Our Big Data And IoT World.”
According to the article, smartphones are “smart” because they receive and share information with the cloud. The biggest problem with cloud computing is bandwidth, slow Internet speeds. The United States is 35th in the world for bandwidth speed, which is contrary to the belief that it is the most advanced country in the world. Demand for faster speeds increases every day. Fog computing also known as edge computing seeks to resolve the problem by grounding data. How does one “ground” data?
What if the laptop could download software updates and then share them with the phones and tablets? Instead of using precious (and slow) bandwidth for each device to individually download the updates from the cloud, they could utilize the computing power all around us and communicate internally.
Fog computing makes accessing data faster, more efficient, and more reliably from a local area rather than routing to the cloud and back. IBM and Cisco Systems are developing projects that would push computing to more local areas, such as a router, devices, and sensors.
Considering that there are security issues with housing data on a third party’s digital storage unit, it would be better to locate a more local solution. Kind of like back in the old days, when people housed their data on CPUs.
Whitney Grace, October 31, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Big Brother Now in Corporate Avatar
October 31, 2016
Companies in the US are now tracking employee movements and interactions to determine how productive their assets are. Badges created by Humanyze; embedded in employee IDs track these key indicators and suggest appropriate measures to help improve employee productivity.
An article published on Business Insider titled Employees at a dozen Fortune 500 companies wear digital badges that watch and listen to their every move reveals:
Humanyze visualizes the data as webs of social interaction that reveal who’s talking to whom on a by-the-second basis. The goal: Revolutionize how companies think about how they organize themselves.
The badges though only track employees who have explicitly given permission to track their working hours, imagination is the only inhibiting factor that will determine how the meta-data can be used. For instance, as the badges are being embedded into employee IDs (that already have chips), it can also be used by someone with right tools to track the movement of an employee beyond working hours.
Social engineering in the past has been used in the past to breach IT security at large organizations. With Humanyze badges, hackers now will have one more weapon in their arsenal.
One worrisome aspect of these badges becomes apparent here:
But the badges are already around the necks of more than 10,000 employees in the US, Waber says. They’ve led to wild insights. One client moves the coffee machine around each night, so the next morning employees in nearby departments naturally talk more.
The ironic part is, companies are exposing themselves to this threat. Google, Facebook, Amazon are already tracking people online. With services like Humanyze, the Big Brother has also entered the corporate domain. The question is not how the data will be used by hacked; it’s just when?
Vishal Ingole October 31, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
NTechLab as David to the Google Goliath of Facial Recognition
October 27, 2016
The article titled A Russian Startup is Beating Google with Eerily Accurate Facial Recognition Technology on Business Insider positions NTechLab as the company leading the industry in facial recognition technology. In 2015, the startup beat Google to win the “MegaFace” competition. The article explains,
NTechLab sets itself apart from its competitors with its high level of accuracy and its ability to search an extensive database of photographs. At the MegaFace Championship, NTechLab achieved a 73 percent accuracy with a database of 1 million pictures. When the number dropped to 10,000 images, the system achieved a jaw-dropping accuracy of 95 percent. “We are the first to learn how to efficiently handle large picture databases,” said NTechLab founder Artem Kukharenko to Intel iQ.
The startup based its technology in deep learning and a neural network. The company has held several public demonstrations at festivals and amusement parks. Attendees share selfies with the system, then receive pictures of themselves when the system “found” them in the crowd. Kukharenko touts the “real-word” problem-solving capabilities of his system. While there isn’t a great deal of substantive backup to his claims, the company is certainly worth keeping an eye on.
Chelsea Kerwin, October 27, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Google Introduces Fact Checking Tool
October 26, 2016
If it works as advertised, a new Google feature will be welcomed by many users—World News Report tells us, “Google Introduced Fact Checking Feature Intended to Help Readers See Whether News Is Actually True—Just in Time for US Elections.” The move is part of a trend for websites, who seem to have recognized that savvy readers don’t just believe everything they read. Writer Peter Woodford reports:
Through an algorithmic process from schema.org known as ClaimReview, live stories will be linked to fact checking articles and websites. This will allow readers to quickly validate or debunk stories they read online. Related fact-checking stories will appear onscreen underneath the main headline. The example Google uses shows a headline over passport checks for pregnant women, with a link to Full Fact’s analysis of the issue. Readers will be able to see if stories are fake or if claims in the headline are false or being exaggerated. Fact check will initially be available in the UK and US through the Google News site as well as the News & Weather apps for both Android and iOS. Publishers who wish to become part of the new service can apply to have their sites included.
Woodford points to Facebook’s recent trouble with the truth within its Trending Topics feature and observes that many people are concerned about the lack of honesty on display this particular election cycle. Google, wisely, did not mention any candidates, but Woodford notes that Politifact rates 71% of Trump’s statements as false (and, I would add, 27% of Secretary Clinton’s statements as false. Everything is relative.) If the trend continues, it will be prudent for all citizens to rely on (unbiased) fact-checking tools on a regular basis.
Cynthia Murrell, October 26, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
