Be the CIA Librarian
May 3, 2016
Research is a vital tool for the US government, especially the Central Intelligence Agency which is why they employee librarians. The Central Intelligence Agency is one of the main forces of the US Intelligence Community, focused on gathering information for the President and the Cabinet. The CIA is also the topic of much fictionalized speculation in stories, mostly spy and law enforcement dramas. Having played an important part in the United States history, could you imagine the files in its archives?
If you have a penchant for information, the US government, and a library degree then maybe you should apply to the CIA’s current job opening: as a CIA librarian. CNN Money explains one of the perks of the job is its salary: “The CIA Is Hiring…A $100,000 Librarian.” Beyond the great salary, which CNN is quick to point out is more than the typical family income. Librarians server as more than people who recommend decent books to read, they serve as an entry point for research and bridge the gap between understanding knowledge and applying it in the actual field.
“In addition to the cachet of working at the CIA, ‘librarians also have opportunities to serve as embedded, or forward deployed, information experts in CIA offices and select Intelligence Community agencies.’ Translation: There may be some James Bond-like opportunities if you want them.”
Most of this librarian’s job duties will probably be assisting agents with tracking down information related to intelligence missions and interpreting it. It is just a guess, however. Who knows, maybe the standard CIA agent touts a gun to the stacks?
Whitney Grace, May 3, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The Most Dangerous Writing App Will Delete Your Work If You Stop Typing, for Free
May 2, 2016
The article on The Verge titled The Most Dangerous Writing App Lets You Delete All of Your Work For Free speculates on the difficulties and hubris of charging money for technology that someone can clone and offer for free. Manuel Ebert’s The Most Dangerous Writing App offers a self-detonating notebook that you trigger if you stop typing. The article explains,
“Ebert’s service appears to be a repackaging of Flowstate, a $15 Mac app released back in January that functions in a nearly identical way. He even calls it The Most Dangerous Writing App, which is a direct reference to the words displayed on Flowstate creator Overman’s website. The difference: Ebert’s app is free, which could help it take off among the admittedly niche community of writers looking for self-deleting online notebooks.”
One such community that comes to mind is that of the creative writers. Many writers, and poets in particular, rely on exercises akin to the philosophy of The Most Dangerous Writing App: don’t let your pen leave the page, even if you are just writing nonsense. Adding higher stakes to the process might be an interesting twist, especially for those writers who believe that just as the nonsense begins, truth and significance are unlocked.
Chelsea Kerwin, May 2, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
An Open Source Search Engine to Experiment With
May 1, 2016
Apache Lucene receives the most headlines when it comes to discussion about open source search software. My RSS feed pulled up another open source search engine that shows promise in being a decent piece of software. Open Semantic Search is free software that cane be uses for text mining, analytics, a search engine, data explorer, and other research tools. It is based on Elasticsearch/Apache Solrs’ open source enterprise search. It was designed with open standards and with a robust semantic search.
As with any open source search, it can be programmed with numerous features based on the user’s preference. These include, tagging, annotation, varying file format support, multiple data sources support, data visualization, newsfeeds, automatic text recognition, faceted search, interactive filters, and more. It has the benefit that it can be programmed for mobile platforms, metadata management, and file system monitoring.
Open Semantic Search is described as
“Research tools for easier searching, analytics, data enrichment & text mining of heterogeneous and large document sets with free software on your own computer or server.”
While its base code is derived from Apache Lucene, it takes the original product and builds something better. Proprietary software is an expense dubbed a necessary evil if you work in a large company. If, however, you are a programmer and have the time to develop your own search engine and analytics software, do it. It could be even turn out better than the proprietary stuff.
Whitney Grace, May 1, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Watson Joins the Hilton Family
April 30, 2016
It looks like Paris Hilton might have a new sibling, although the conversations at family gatherings will be lackluster. No, the hotel-chain family has not adopted Watson, instead a version of the artificial intelligence will work as a concierge. Ars Technica informs us that “IBM Watson Now Powers A Hilton Hotel Robot Concierge.”
The Hilton McLean hotel in Virginia now has a now concierge dubbed Connie, after Conrad Hilton the chain’s founder. Connie is housed in a Nao, a French-made android that is an affordable customer relations platform. Its brain is based on Watson’s program and answers verbal queries from a WayBlazer database. The little robot assists guests by explaining how to navigate the hotel, find restaurants, and tourist attractions. It is unable to check in guests yet, but when the concierge station is busy, you do not want to pull out your smartphone, or have any human interaction it is a good substitute.
” ‘This project with Hilton and WayBlazer represents an important shift in human-machine interaction, enabled by the embodiment of Watson’s cognitive computing,’ Rob High, chief technology officer of Watson said in a statement. ‘Watson helps Connie understand and respond naturally to the needs and interests of Hilton’s guests—which is an experience that’s particularly powerful in a hospitality setting, where it can lead to deeper guest engagement.’”
Asia already uses robots in service industries such as hotels and restaurants. It is worrying that Connie-like robots could replace people in these jobs. Robots are supposed to augment human life instead of taking jobs away from it. While Connie-like robots will have a major impact on the industry, there is something to be said for genuine human interaction, which usually is the preference over artificial intelligence. Maybe team the robots with humans in the service industries for the best all around care?
Whitney Grace, April 30, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Developing Nations Eager to Practice Cyber Surveillance
April 28, 2016
Is it any surprise that emerging nations want in on the ability to spy on their citizens? That’s what all the cool governments are doing, after all. Indian Strategic Studies reports, “Even Developing Nations Want Cyber Spying Capabilities.” Writer Emilio Iasiello sets the stage—he contrasts efforts by developed nations to establish restrictions versus developing countries’ increased interest in cyber espionage tools.
On one hand, we could take heart from statements like this letter and this summary from the UN, and the “cyber sanctions” authority the U.S. Department of Treasury can now wield against foreign cyber attackers. At the same time, we may uneasily observe the growing popularity of FinFisher, a site which sells spyware to governments and law enforcement agencies. A data breach against FinFisher’s parent company, Gamma International, revealed the site’s customer list. Notable client governments include Bangladesh, Kenya, Macedonia, and Paraguay. Iasiello writes:
“While these states may not use these capabilities in order to conduct cyber espionage, some of the governments exposed in the data breach are those that Reporters without Borders have identified as ‘Enemies of the Internet’ for their penchant for censorship, information control, surveillance, and enforcing draconian legislation to curb free speech. National security is the reason many of these governments provide in ratcheting up authoritarian practices, particularly against online activities. Indeed, even France, which is typically associated with liberalism, has implemented strict laws fringing on human rights. In December 2013, the Military Programming Law empowered authorities to surveil phone and Internet communications without having to obtain legal permission. After the recent terrorist attacks in Paris, French law enforcement wants to add addendums to a proposed law that blocks the use of the TOR anonymity network, as well as forbids the provision of free Wi-Fi during states of emergency. To put it in context, China, one of the more aggressive state actors monitoring Internet activity, blocks TOR as well for its own security interests.”
The article compares governments’ cyber spying and other bad online behavior to Pandora’s box. Are resolutions against such practices too little too late?
Cynthia Murrell, April 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Bold Hackers
April 27, 2016
It looks like some hackers are no longer afraid of the proverbial light, we learn from “Sony Hackers Still Active, ‘Darkhotel’ Checks Out of Hotel Hacking” at InformationWeek. Writer Kelly Jackson Higgins cites Kaspersky security researcher Juan Andres Guerrero-Saade, who observes that those behind the 2014 Sony hack, thought to be based in North Korea, did not vanish from the scene after that infamous attack. Higgins continues:
“There has been a noticeable shift in how some advanced threat groups such as this respond after being publicly outed by security researchers. Historically, cyber espionage gangs would go dark. ‘They would immediately shut down their infrastructure when they were reported on,’ said Kurt Baumgartner, principal security researcher with Kaspersky Lab. ‘You just didn’t see the return of an actor sometimes for years at a time.’
“But Baumgartner says he’s seen a dramatic shift in the past few years in how these groups react to publicity. Take Darkhotel, the Korean-speaking attack group known for hacking into WiFi networks at luxury hotels in order to target corporate and government executives. Darkhotel is no longer waging hotel-targeted attacks — but they aren’t hiding out, either.
“In July, Darkhotel was spotted employing a zero-day Adobe Flash exploit pilfered from the HackingTeam breach. ‘Within 48 hours, they took the Flash exploit down … They left a loosely configured server’ exposed, however, he told Dark Reading. ‘That’s unusual for an APT [advanced persistent threat] group.’”
Seeming to care little about public exposure, Darkhotel has moved on to other projects, like reportedly using Webmail to attack targets in Southeast Asia.
On the other hand, one group which experts had expected to see more of has remained dark for some time. We learn:
“Kaspersky Lab still hasn’t seen any sign of the so-called Equation Group, the nation-state threat actor operation that the security firm exposed early last year and that fell off its radar screen in January of 2014. The Equation Group, which has ties to Stuxnet and Flame as well as clues that point to a US connection, was found with advanced tools and techniques including the ability to hack air gapped computers, and to reprogram victims’ hard drives so its malware can’t be detected nor erased. While Kaspersky Lab stopped short of attributing the group to the National Security Agency (NSA), security experts say all signs indicate that the Equation Group equals the NSA.”
The Kaspersky team doesn’t think for a minute that this group has stopped operating, but believe they’ve changed up their communications. Whether a group continues to lurk in the shadows or walks boldly in the open may be cultural, they say; those in the Far East seem to care less about leaving tracks. Interesting.
Cynthia Murrell, April 27, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Research MapsThreat Actors of the Dark Web
April 25, 2016
Known as the Dark Web, a vast amount of sites exist requiring specialized software, Tor is most commonly used, to access them. Now, the first map of the Dark Web has launched, according to Peeling Back the Onion Part 1: Mapping the #DarkWeb from Zero Day Lab. A partner of Zero Day Lab, Intelliagg is a threat intelligence service, which launched this map. While analyzing over 30,000 top-level sites, their research found English as the most common language and file sharing and leaked data were the most common hidden marketplaces, followed by financial fraud. Hacking comprised only three percent of sites studied. The write-up describes the importance of this map,
“Until recently it had been difficult to understand the relationships between hidden services and more importantly the classification of these sites. As a security researcher, understanding hidden services such as private chat forums and closed sites, and how these are used to plan and discuss potential campaigns such as DDoS, ransom attacks, kidnapping, hacking, and trading of vulnerabilities and leaked data; is key to protecting our clients through proactive threat intelligence. Mapping these sites back to Threat Actors (groups), is even more crucial as this helps us build a database on the Capability, Infrastructure, and Motivations of the adversary.”
Quite an interesting study, both in topic and methods which consisted of a combination of human and machine learning information gathering. Additionally, this research produced an interactive map. Next, how about a map that shows the threat actors and their sites?
Megan Feil, April 25, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Webinjection Code a Key to Security
April 25, 2016
The heady days of open cybercrime discussions on the Dark Web are over, thanks to increasing investigation by law-enforcement. However, CaaS vendors still sell products like exploit kits, custom spam, and access to infected endpoints to those who know where to look. Security Intelligence discusses one of the most popular commodities, webinjection resources, in its article, “Dark Web Suppliers and Organized Cybercrime Gigs.” Reporter Limor Kessem explains:
“Webinjections are code snippets that financial malware can force into otherwise legitimate Web pages by hooking the Internet browser. Once a browser has been compromised by the malware, attackers can use these injections to modify what infected users see on their bank’s pages or insert additional data input fields into legitimate login pages in order to steal information or mislead unsuspecting users.
“Whether made up of HTML code or JavaScript, webinjections are probably the most powerful social engineering tool available to cybercriminals who operate banking Trojan botnets.
“To be considered both high-quality and effective, these webinjections have to seamlessly integrate with the malware’s injection mechanism, display social engineering that corresponds with the target bank’s authentication and transaction authorization schemes and have the perfect look and feel to fool even the keenest customer eye.”
Citing IBM X-Force research, Kessem says there seem to be only a few target-specific webinjection experts operating on the Dark Web. Even cybercriminals who develop their own malware are outsourcing the webinjection code to one of these specialists. This means, of course, that attacks from different groups often contain similar or identical webinjection code. IBM researchers have already used their findings about one such vendor to build specific “indicators of compromise,” which can be integrated into IBM Security products. The article concludes with a suggestion:
“Security professionals can further extend this knowledge to other platforms, like SIEM and intrusion prevention systems, by writing custom rules using information about injections shared on platforms like X-Force Exchange.”
Cynthia Murrell, April 25, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Watson Lacks Conversation Skills and He Is Not Evil
April 22, 2016
When I was in New York last year, I was walking on the west side when I noticed several other pedestrians moving out of the way of a man mumbling to himself. Doing as the natives do, I moved aside and heard the man rumble about how, “The robots are taking over and soon they will be ruling us. You all are idiots for not listening to me.” Fear of a robot apocalypse has been constant since computer technology gained precedence and we also can thank science-fiction for perpetuating it. Tech Insider says in “Watson Can’t Actually Talk To You Like In The Commercials” Elon Musk, Bill Gates, Stephen Hawking, and other tech leaders have voiced their concerns about creating artificial intelligence that is so advanced it can turn evil.
IBM wants people to believe otherwise, which explains their recent PR campaign with commercials that depict Watson carrying on conversations with people. The idea is that people will think AI are friendly, here to augment our jobs, and overall help us. There is some deception on IBM’s part, however. Watson cannot actually carry on a conversation with a person. People can communicate with, usually via an UI like a program via a desktop or tablet. Also there is more than one Watson, each is programmed for different functions like diagnosing diseases or cooking.
“So remember next time you see Watson carrying on a conversation on TV that it’s not as human-like as it seems…Humor is a great way to connect with a much broader audience and engage on a personal level to demystify the technology,’ Ann Rubin, Vice President IBM Content and Global Creative, wrote in an email about the commercials. ‘The reality is that these technologies are being used in our daily lives to help people.’”
If artificial intelligence does become advanced enough that it is capable of thought and reason comparable to a human, it is worrisome. It might require that certain laws be put into place to maintain control over the artificial “life.” That day is a long time off, however, until then embrace robots helping to improve life.
Whitney Grace, April 22, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Google Removes Pirate Links
April 21, 2016
A few weeks ago, YouTube was abuzz with discontent from some of its most popular YouTube stars. Their channels had been shut down die to copyright claims by third parties, even thought the content in question fell under the Fair Use defense. YouTube is not the only one who has to deal with copyright claims. TorrentFreak reports that “Google Asked To Remove 100,000 ‘Pirate Links’ Every Hour.”
Google handles on average two million DMCA takedown notices from copyright holders about pirated content. TorrentFreak discovered that the number has doubled since 2015 and quadrupled since 2014. The amount beats down to one hundred thousand per hour. If the rate continues it will deal with one billion DMCA notices this year, while it had previously taken a decade to reach this number.
“While not all takedown requests are accurate, the majority of the reported links are. As a result many popular pirate sites are now less visible in Google’s search results, since Google downranks sites for which it receives a high number of takedown requests. In a submission to the Intellectual Property Enforcement Coordinator a few months ago Google stated that the continued removal surge doesn’t influence its takedown speeds.”
Google does not take broad sweeping actions, such as removing entire domain names from search indexes, as it does not want to become a censorship board. The copyright holders, though, are angry and want Google to promote only legal services over the hundreds of thousands of Web sites that pop up with illegal content. The battle is compared to an endless whack-a-mole game.
Pirated content does harm the economy, but the numbers are far less than how the huge copyright holders claim. The smaller people who launch DMCA takedowns, they are hurt more. YouTube stars, on the other hand, are the butt of an unfunny joke and it would be wise for rules to be revised.
Whitney Grace, April 21, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
