ID Agent Alerts Government Contractors to Cyber Risk
April 12, 2016
All kinds of information shows up on the Dark Web, including thousands of emails of federal contractors. A recent article from Fierce Government IT, Report: Thousands of contractor emails found on Dark Web, shares several findings from a study conducted by ID Agent, a firm promoting its Dark Web security intelligence product. The study, “Federal Supply Chain Analysis: Cyber Threats from the Dark Web” relied on historical data loss information regarding numbers of email accounts stolen to analyze contracting areas based on their cyber risk.
The write-up expands on where ID Agent sees opportunity,
“Having cyber criminals with access to these accounts is scary enough, but malicious actors operating on the Dark Web have also taken many more forms in recent years. “While stolen personal information is concerning, national and corporate espionage continues to play a major role in the activities conducted via the Dark Web,” the report noted. ID Agent is by no means a disinterested party in disclosing the risk of these email accounts, as it hopes to market its Dark Web ID product that regularly provides this sort of threat intelligence to customers. Still, the study’s findings are a wake-up call to government contractors and the agencies employing them.”
ID Agent uses a proprietary algorithm for situating the risk of various companies and organizations. While this is a new market space, they are certainly not the only game in town when it comes to security and intelligence solutions which take the Dark Web into account. This appears to be an expanding ecosystem.
Megan Feil, April 12, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
What Is the Potential of Social Media?
April 11, 2016
Short honk. I read “How to Hack an Election.” The write up reports that a person was able to rig elections. According to the story:
For $12,000 a month, a customer hired a crew that could hack smartphones, spoof and clone Web pages, and send mass e-mails and texts. The premium package, at $20,000 a month, also included a full range of digital interception, attack, decryption, and defense. The jobs were carefully laundered through layers of middlemen and consultants.
Worth reading and then considering this question:
What are the implications of weaponized information?
Are pundits, mavens, self appointed experts, and real journalists on the job and helping to ensure that information online is “accurate”?
Stephen E Arnold, April 11, 2016
Newly Launched Terbium Software to Monitor Dark Web for Enterprise
April 11, 2016
Impacting groups like Target to JP Morgan Chase, data breaches are increasingly common and security firms are popping up to address the issue. The article Dark Web data hunter Terbium Labs secures $6.4m in fresh funding from ZDNet reports Terbium Labs received $6.4 million in Series A funding. Terbium Labs released software called Matchlight which provides real-time surveillance of the Dark Web and alerts enterprises when their organization’s data surfaces. Consumer data, sensitive company records, and trade secrets are among the types of data for which enterprises are seeking protection. We learned,
“Earlier this month, cloud security firm Bitglass revealed the results of an experiment focused on how quickly stolen data spreads through the Dark Web. The company found that within days, financial credentials leaked to the underground spread to 30 countries across six continents with thousands of users accessing the information.”
While Terbium appears to offer value for stopping a breach once it’s started, what about preventing such breaches in the first place? Perhaps there are opportunities for partnerships with Terbium and players in the prevention arena. Or, then again, maybe companies will buy piecemeal services from individual vendors.
Megan Feil, April 11, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Technology and Stuff Like Epistemology
April 9, 2016
I read with amusement “Technology Slaves Missing Out on the Real Experience.” I thought I was going to learn about the travails of a traditional newspaper which is now in the hands of new owners. Nope. I discovered that the write up is about a dinosaur waking up with snow on its feathers. [Gentle reader, you will have to pay money to access the source article. I know. That is a downshift. Take it up with the Financial Times, not me.]
The write up states with confidence:
Mobile device addiction is essentially about communication.
Ah, ha. Addiction. That’s an objective statement. Where’s the evidence? Well, in newspaper land, the proof is an anecdote from a quite talkative 30-something.
Another point.
In Plato’s Phaedrus, writing was portrayed as a disruptive, undesirable technology. Conversation and debate were the proper way to understand things.
Now we are cooking with gas. I would ask, gentle reader, what are the “things” one is to understand.
What must a person do when the notions of reality and things underpin an article about technology. In fact, what is technology? The newspaper which had to sell itself leaves that area murky or unconsidered.
Someone, methinks, needed a column and did not have time to check Facebook or tweet. The dinosaur with snow on its feathers is someone who is uncomfortable with change. Ah, where are the good old days of dead tree papers sold on corners by paupers?
Stephen E Arnold, April 9, 2016
Cybercriminal Talent Recruitment Moves Swiftly on the Dark Web
April 8, 2016
No matter the industry, it’s tough to recruit and keep talent. As the Skills shortage hits hackers published by Infosecurity Magazine reports, cybercriminals are no exception. Research conducted by Digital Shadows shows an application process exists not entirely dissimilar from that of tradition careers. The jobs include malware writers, exploit developers, and botnet operators. The article explains how Dark Web talent is recruited,
“This includes job ads on forums or boards, and weeding out people with no legitimate technical skills. The research found that the recruitment process often requires strong due diligence to ensure that the proper candidates come through the process. Speaking to Infosecurity, Digital
Shadows’ Vice President of Strategy Rick Holland said that in the untrusted environment of the attacker, reputation is as significant as in the online world and if someone does a bad job, then script kiddies and those who have inflated their abilities will be called out.”
One key difference cited is the hiring timeline; the Dark Web moves quickly. As you might imagine, apparently only a short window of opportunity to cash in stolen credit cards. The sense of urgency related to many Dark Web activities suggests speedier cybersecurity solutions are on the scene. As cybercrime-as-a-service expands, criminals’ efforts and attacks will only be swifter.
Megan Feil, April 8, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
UK Cybersecurity Director Outlines Agencys Failures in Ongoing Cyberwar
April 8, 2016
The article titled GCHQ: Spy Chief Admits UK Agency Losing Cyberwar Despite £860M Funding Boost on International Business Times examines the surprisingly frank confession made by Alex Dewdney, a director at the Government Communications Headquarters (GCHQ). He stated that in spite of the £860M funneled into cybersecurity over the past five years, the UK is unequivocally losing the fight. The article details,
“To fight the growing threat from cybercriminals chancellor George Osborne recently confirmed that, in the next funding round, spending will rocket to more than £3.2bn. To highlight the scale of the problem now faced by GCHQ, Osborne claimed the agency was now actively monitoring “cyber threats from high-end adversaries” against 450 companies across the UK aerospace, defence, energy, water, finance, transport and telecoms sectors.”
The article makes it clear that search and other tools are not getting the job done. But a major part of the problem is resource allocation and petty bureaucratic behavior. The money being poured into cybersecurity is not going towards updating the “legacy” computer systems still in place within GCHQ, although those outdated systems represent major vulnerabilities. Dewdney argues that without basic steps like migrating to an improved, current software, the agency has no hope of successfully mitigating the security risks.
Chelsea Kerwin, April 8, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Watson in the Lab: Quoth the Stakeholder Forevermore
April 7, 2016
I read “Lawrence Livermore and IBM Collaborate to Build New Brain-Inspired Supercomputer.” The article reports that one of the US national labs and Big Blue are going to work together to do something with IBM’s neurosynaptic computer chip. I know. I know. IBM is not really into making chips anymore. I think it paid another company lots of money to take the fab business off IBM’s big blue hands.
Never mind, quoth the stakeholder.
The write up reports that the True North “platform”
will process the equivalent of 16 million neurons and 4 billion synapses and consume the energy equivalent of a hearing aid battery – a mere 2.5 watts of power.
I like the reference to nuclear weapons in the article. I used to work at Halliburton Nuclear in my salad days, and there are lots of calculations to perform when doing the nuclear stuff. Calculations are, in my experience, a lot better than doing lab experiments the Marie Curie muddled forward. Big computer capability is a useful capability.
According to the write up:
The [neuromorphic] technology represents a fundamental departure from computer design that has been prevalent for the past 70 years, and could be a powerful complement in the development of next-generation supercomputers able to perform at exascale speeds, 50 times (or two orders of magnitude) faster than today’s most advanced petaflop (quadrillion floating point operations per second) systems. Like the human brain, neurosynaptic systems require significantly less electrical power and volume.
This is not exactly a free ride. The write up points out:
Under terms of the $1 million contract, LLNL will receive a 16-chip TrueNorth system representing a total of 16 million neurons and 4 billion synapses. LLNL also will receive an end-to-end ecosystem to create and program energy-efficient machines that mimic the brain’s abilities for perception, action and cognition. The ecosystem consists of a simulator; a programming language; an integrated programming environment; a library of algorithms as well as applications; firmware; tools for composing neural networks for deep learning; a teaching curriculum; and cloud enablement.
One question: Who is paying whom? Is Livermore ponying up $1 million to get its informed hands on the “platform” or is IBM paying Livermore to take the chip and do a demonstration project.
The ambiguity in the write up is delicious. Another minor point is the cost of the support environment for the new platform. I understand the modest power draw, but perhaps there are other bits and pieces which gobble the Watts.
I recall a visit to Bell Labs.* During that visit, I saw a demo of what was then called holographic memory. The idea was that gizmos allowed data to be written to a holographic structure. The memory device was in a temperature controlled room and sat in a glass protected container. The room was mostly empty. After the demo, I asked one of the Bell wizards about the tidiness of the demo. He laughed and took me to a side door. Behind that door was a room filled with massive amounts of equipment. The point was that the demo looked sleek and lean. The gear required to pull off the demo was huge.
I recall that the scientist said, “The holographic part was easy. Making the system small is the challenge.”
Perhaps the neuromorphic chip has similar support equipment requirements.
I will let you know if I find out who is paying for the collaboration. I just love IBM. Watson, do you know who is paying for the collaboration?
——
* Bell Labs was one of the companies behind my ASIS Eagleton Award in the 1980s.
Stephen E Arnold, April 7, 2016
The Missing Twitter Manual Located
April 7, 2016
Once more we turn to the Fuzzy Notepad’s advice and their Pokémon mascot, Evee. This time we visited the fuzz pad for tips on Twitter. The 140-character social media platform has a slew of hidden features that do not have a button on the user interface. Check out “Twitter’s Missing Manual” to read more about these tricks.
It is inconceivable for every feature to have a shortcut on the user interface. Twitter relies on its users to understand basic features, while the experienced user will have picked up tricks that only come with experience or reading tips on the Internet. The problem is:
“The hard part is striking a balance. On one end of the spectrum you have tools like Notepad, where the only easter egg is that pressing F5 inserts the current time. On the other end you have tools like vim, which consist exclusively of easter eggs.
One of Twitter’s problems is that it’s tilted a little too far towards the vim end of the scale. It looks like a dead-simple service, but those humble 140 characters have been crammed full of features over the years, and the ways they interact aren’t always obvious. There are rules, and the rules generally make sense once you know them, but it’s also really easy to overlook them.”
Twitter is a great social media platform, but a headache to use because it never came with an owner’s manual. Fuzzy notepad has lined up hint for every conceivable problem, including the elusive advanced search page.
Whitney Grace, April 7, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Potential Corporate Monitoring Concerns Tor Users
April 7, 2016
The Dark Web has been seen as a haven by anyone interested in untraceable internet activity. However, a recent article from Beta News, Tor Project says Google, CloudFlare and others are involved in dark web surveillance and disruption, brings to light the potential issue of Tor traffic being monitored. A CDN and DDoS protection service called CloudFlare has introduced CAPTCHAs and cookies to Tor for monitoring purpose and accusations about Google and Yahoo have also been made. The author writes,
“There are no denials that the Tor network — thanks largely to the anonymity it offers — is used as a platform for launching attacks, hence the need for tools such as CloudFlare. As well as the privacy concerns associated with CloudFlare’s traffic interception, Tor fans and administrators are also disappointed that this fact is being used as a reason for introducing measures that affect all users. Ideas are currently being bounced around about how best to deal with what is happening, and one of the simpler suggestions that has been put forward is adding a warning that reads “Warning this site is under surveillance by CloudFlare” to sites that could compromise privacy.”
Will a simple communications solution appease Tor users? Likely not, as such a move would essentially market Tor as providing the opposite service of what users expect. This will be a fascinating story to see unfold as it could be the beginning of the end of the Dark Web as it is known, or perhaps the concerns over loss of anonymity will fuel further innovation.
Megan Feil, April 7, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Nasdaq Joins the Party for Investing in Intelligence
April 6, 2016
The financial sector is hungry for intelligence to help curb abuses in capital markets, judging by recent actions of Goldman Sachs and Credit Suisse. Nasdaq invests in ‘cognitive’ technology, from BA wire, announces their investment in Digital Reasoning. Nasdaq plans to connect Digital Reasoning algorithms with Nasdaq’s technology which surveils trade data. The article explains the benefits of joining these two products,
“The two companies want to pair Digital Reasoning software of unstructured data such as voicemail, email, chats and social media, with Nasdaq’s Smarts business, which is one of the foremost software for monitoring trading on global markets. It is used by more than 40 markets and 12 regulators. Combining the two products is designed to assess the context, content and relationships behind trading and spot signals that could indicate insider trading, market manipulation or even expenses rules violations.”
We have followed Digital Reasoning, and other intel vendors like them, for quite some time as they target sectors ranging from healthcare to law to military. This is just a case of another software intelligence vendor making the shift to the financial sector. Following the money appears to be the name of the game.
Megan Feil, April 6, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
