Facial Recognition: A Work in Progress
June 18, 2016
Years ago I read “The FBI’s Next Generation Identification Program: Helping Law Enforcement Track and Share Suspect Information across State Lines.” That write up identified, probably semi accurately, Lockheed Martin as the “lead contractor” for the NGI IPS (Next Generation Identification Interstate Photo System). I mention this because the write up “FBI Has 411 Million Photos in Its Facial Recognition System, and a Federal Watchdog Isn’t Happy” does not dig into the contractor or contractors involved in this nine zero project. (An older list of some FBI contractors appears at this link.)
The GAO report about the program also lacks some details. If you are interested in what a government report of the controversial system offers, you can download for now a copy of the document at this link.
I realize that the marketing of smart systems which can make sense of images suggests three functions:
- High speed matching
- High precision
- High recall.
The reality is a bit different. Please, keep in mind that the beliefs created by over inflated marketing claims and carefully staged demonstrations often are at odds with how the system actually performs in real life.
Government entities have to look to technology to help deal with the ever increasing and possibly unstoppable flood of digital information. The actual systems, whether the UK’s NHS systems or the US Army’s DCGS systems, are works in progress. In many cases, the progress is halting, and the work has unanticipated consequences.
I have pointed out that enterprise search, content management, and similar and smart software are not the slam dunks many managers think they are. Hope springs eternal, but that hope has to be gated with what happens in the real, disorganized, and time starved reality in which the magic is supposed to happen.
Stephen E Arnold, June 20, 2016
The Job Duties of a Security Analyst
June 15, 2016
The Dark Web is a mysterious void that the average user will never venture into, much less understand than the nefarious reputation the media crafts for it. For certain individuals, however, not only do they make a lively hood by surfing the Dark Web, but they also monitor potential threats to our personal safety. The New York Times had the luck to interview one Dark Web security analyst and shared some insights into her job with the article, “Scouring The Dark Web To Keep Tabs On Terrorists.”
Flashpoint security analyst Alex Kassirer was interviewed and she described that she spent her days tracking jihadists, terrorist group propaganda, and specific individuals. Kassirer said that terrorists are engaging more in cybercrimes and hacking in lieu/addition of their usual physical aggressions. Her educational background is very impressive with a bachelor’s from George Washington University with a focus on conflict and security, a minor in religious studies, and she also learned some Arabic. She earned her master’s in global affairs at New York University and interned at Interpol, the Afghan Embassy, and Flashpoint.
She handles a lot of information, but she provides:
“I supply information about threats as they develop, new tactics terrorists are planning and targets they’re discussing. We’ve also uncovered people’s personal information that terrorists may have stolen. If I believe that the information might mean that someone is in physical danger, we notify the client. If the information points to financial fraud, I work with the cybercrime unit here.”
While Kassirer does experience anxiety over the information she collects, she knows that she is equipped with the tools and works with a team of people who are capable of disrupting terroristic plots.
Whitney Grace, June 15, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Ransomware as a Service Deals in Bitcoins of Course
June 14, 2016
Countless “as-a-service” models exist online. A piece from SCMagazine, Dark web forums found offering Cerber ‘ransomware as a service’, reveals more information about one such service called ransomware-as-a-service (RaaS), which we’ve heard about now for quite some time. Ransomware injects a virus onto a machine that encrypts the user’s files where they remain inaccessible until the victim pays for a key. Apparently, an Eastern European ransomware, Cerber, has been offering RaaS on Russian Dark Web forums. According to a cyber intelligence firm Sensecy, this ransomware was setup to include “blacklisted” countries so the malware does not execute on computers in certain locations. The article shares,
“Malwarebytes Labs senior security researcher Jerome Segura said the blacklisted geographies – most of which are Eastern European countries – provide “an indication of where the malware originated.” However, he said Malwarebytes Labs has not seen an indication that the ransomware is connected to the famed APT28 group, which is widely believed to be tied to the Russian government. The recent attacks demonstrate a proliferation of ransomware attacks targeting institutions in the U.S. and Western nations, as recent reports have warned. Last week, the Institute for Critical Infrastructure Technology (ICIT) released a study that predicted previously exploited vulnerabilities will soon be utilized to extract ransom.”
Another interesting bit of information to note from this piece is the going ransom is one bitcoin. Segura mentions the value ransomers ask for may be changing as he has seen some cases where the ransomer works to identify whether the user may be able to pay more. Regardless of the location of a RaaS provider, these technological feats are nothing new. The interesting piece is the supposedly untraceable ransom medium supplanting cash.
Megan Feil, June 14, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
SLI Systems Hopeful as Losses Narrow and Revenue Grows
June 14, 2016
The article titled SLI Systems Narrows First-Half Loss on Scoop reports revenue growth and plans to mitigate losses. SLI Systems is a New Zealand-based software as a service (SaaS) business that provides cloud-based search resources to online retailers. Founded in 2001, SLI Systems has already weathered a great deal of storms in the form of the dot-com crash that threatened to stall the core technology (developed at GlobalBrain.) According to a statement from the company, last year’s loss of $502K was an improvement from the loss of $4.1M in 2014. The article states,
“SLI shares have dropped 18 percent in the past 12 months, to trade recently at 76 cents, about half the level of the 2013 initial public offering price of $1.50. The software developer missed its sales forecast for the second half of the 2015 year but is optimistic new chief executive Chris Brennan and Martin Onofrio as chief revenue officer, both Silicon Valley veterans, can drive growth in revenue and earnings.”
The SLI of SLI stands for Search, Learn and (appropriately) Improve. The company hopes to achieve sustainable growth without raising additional capital by continuing to focus on innovation and customer retention rates, which slipped from 90% to 87% recently. Major clients include Lenovo, David Jones, Harvey Norman, and Paul Smith.
Chelsea Kerwin, June 14, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The Unknown Future of Google Cloud Platform
June 10, 2016
While many may have the perception Google dominates in many business sectors, a recent graph published shows a different story when it comes to cloud computing. Datamation released a story, Why Google Will Dominate Cloud Computing, which shows Google’s position in fourth. Amazon, Microsoft and IBM are above the search giant in cloud infrastructure services when looking at the fourth quarter market share and revenue growth for 2015. The article explains why Google appears to be struggling,
“Yet as impressive as its tech prowess is, GCP’s ability to cater to the prosaic needs of enterprise cloud customers has been limited, even fumbling. Google has always focused more on selling its own services rather than hosting legacy applications, but these legacy apps are the engine that drives business. Remarkably, GCP customers don’t get support for Oracle software, as they do on Amazon Web Services. Alas, catering to the needs of enterprise clients isn’t about deep genius – it’s about working with others. GCP has been like the high school student with straight A’s and perfect SAT scores that somehow doesn’t have too many friends.”
Despite the current situation, the article hypothesizes Google Cloud Platform may have an edge in the long-term. This is quite a bold prediction. We wonder if Datamation may approach the goog to sell some ads. Probably not, as real journalists do not seek money, right?
Megan Feil, June 10, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
More Data to Fuel Debate About Malice on Tor
June 9, 2016
The debate about malicious content on Tor continues. Ars Technica published an article continuing the conversation about Tor and the claims made by a web security company that says 94 percent of the requests coming through the network are at least loosely malicious. The article CloudFlare: 94 percent of the Tor traffic we see is “per se malicious” reveals how CloudFlare is currently handling Tor traffic. The article states,
“Starting last month, CloudFlare began treating Tor users as their own “country” and now gives its customers four options of how to handle traffic coming from Tor. They can whitelist them, test Tor users using CAPTCHA or a JavaScript challenge, or blacklist Tor traffic. The blacklist option is only available for enterprise customers. As more websites react to the massive amount of harmful Web traffic coming through Tor, the challenge of balancing security with the needs of legitimate anonymous users will grow. The same network being used so effectively by those seeking to avoid censorship or repression has become a favorite of fraudsters and spammers.”
Even though the jury may still be out in regards to the statistics reported about the volume of malicious traffic, several companies appear to want action sooner rather than later. Amazon Web Services, Best Buy and Macy’s are among several sites blocking a majority of Tor exit nodes. While a lot seems unclear, we can’t expect organizations to delay action.
Megan Feil, June 9, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Palantir Technology Takes on Rogue Traders
June 9, 2016
Rogue trading has always been a problem for the stock market, but the more technology advances the easier it becomes for rogue traders to take advantage. The good news is that security and compliance officers can use the same tools that rogue traders use in their schemes to stop them. CNBC showed the story; “Tech Takes On Rogue Traders” that explains how technology is being used to stop the bad guys. The report is described as:
“Colleen Graham, Chief Supervisory Officer at Signac, discusses Palantir and Credit Suisse’s joint technology initiative to crack down on rogue traders.”
Palantir Technology is being used along with Credit Suisse to monitor trader behavior data trade data, risk data, and market data to monitor how a trader changes over time. They compare individual trader to others invested in similar stocks. Using a combination of all these data fields, unusual behavior is monitored to prevent rogue trading.
The biggest loss on Wall Street is rogue trading. The data Signac gathers helps figure out how rogue trading happens and what causes it. By using analytical software, compliance officers are able to learn from past crimes and teach the software to recognize similar patterns. In turn, this allows them to prevent future crimes. While some false positives are generated, all of the captured data is public. Supervisors and other people actually are supposed to read this data; Signac just does so at a more in-depth level.
Catching rogue traders helps keep Wall Street running smoother and even puts the stockbrokers and other financial force back to work.
Palantir scored a new deal from this venture. The same technology used to monitor the Dark Web is used to capture rogue traders.
Whitney Grace, June 9, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Enterprise Search Vendor Sinequa Partners with MapR
June 8, 2016
In the world of enterprise search and analytics, everyone wants in on the clients who have flocked to Hadoop for data storage. Virtual Strategy shared an article announcing Sinequa Collaborates With MapR to Power Real-Time Big Data Search and Analytics on Hadoop. A firm specializing in big data, Sinequa, has become certified with the MapR Converged Data Platform. The interoperation of Sinequa’s solutions with MapR will enable actionable information to be gleaned from data stored in Hadoop. We learned,
“By leveraging advanced natural language processing along with universal structured and unstructured data indexing, Sinequa’s platform enables customers to embark on ambitious Big Data projects, achieve critical in-depth content analytics and establish an extremely agile development environment for Search Based Applications (SBA). Global enterprises, including Airbus, AstraZeneca, Atos, Biogen, ENGIE, Total and Siemens have all trusted Sinequa for the guidance and collaboration to harness Big Data to find relevant insight to move business forward.”
Beyond all the enterprise search jargon in this article, the collaboration between Sinequa and MapR appears to offer an upgraded service to customers. As we all know at this point, unstructured data indexing is key to data intake. However, when it comes to output, technological solutions that can support informed business decisions will be unparalleled.
Megan Feil, June 8, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Websites Found to Be Blocking Tor Traffic
June 8, 2016
Discrimination or wise precaution? Perhaps both? MakeUseOf tells us, “This Is Why Tor Users Are Being Blocked by Major Websites.” A recent study (PDF) by the University of Cambridge; University of California, Berkeley; University College London; and International Computer Science Institute, Berkeley confirms that many sites are actively blocking users who approach through a known Tor exit node. Writer Philip Bates explains:
“Users are finding that they’re faced with a substandard service from some websites, CAPTCHAs and other such nuisances from others, and in further cases, are denied access completely. The researchers argue that this: ‘Degraded service [results in Tor users] effectively being relegated to the role of second-class citizens on the Internet.’ Two good examples of prejudice hosting and content delivery firms are CloudFlare and Akamai — the latter of which either blocks Tor users or, in the case of Macys.com, infinitely redirects. CloudFlare, meanwhile, presents CAPTCHA to prove the user isn’t a malicious bot. It identifies large amounts of traffic from an exit node, then assigns a score to an IP address that determines whether the server has a good or bad reputation. This means that innocent users are treated the same way as those with negative intentions, just because they happen to use the same exit node.”
The article goes on to discuss legitimate reasons users might want the privacy Tor provides, as well as reasons companies feel they must protect their Websites from anonymous users. Bates notes that there is not much one can do about such measures. He does point to Tor’s own Don’t Block Me project, which is working to convince sites to stop blocking people just for using Tor. It is also developing a list of best practices that concerned sites can follow, instead. One site, GameFAQs, has reportedly lifted its block, and CloudFlare may be considering a similar move. Will the momentum build, or must those who protect their online privacy resign themselves to being treated with suspicion?
Cynthia Murrell, June 8, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
A Possible Goodbye to the Dark Web
June 7, 2016
Should the Dark Web be eradicated? An article from Mic weighs in with an editorial entitled, Shutting Down the Dark Web Is a Plainly Absurd Idea From Start to Finish. Where is this idea coming from? Apparently 71 percent of internet users believe the Dark Web “should be shut down”. This statistic is according to a survey of over 24,000 people from Canadian think tank Centre for International Governance Innovation. The Mic article takes issue with the concept that the Dark Web could be “shut down”,
“The Dark Net, or Deep Web or a dozen other names, isn’t a single set of sites so much as a network of sites that you need special protocols or software in order to find. Shutting down the network would mean shutting down every site and relay. In the case of the private web browser Tor, this means simultaneously shutting down over 7,000 secret nodes worldwide. The combined governments of various countries have enough trouble keeping the Pirate Bay from operating right on the open web, never mind trying to shut down an entire network of sites with encrypted communications and hidden IP addresses hosted worldwide.”
The feasibility of shutting down the Dark Web is also complicated by the fact that there are multiple networks, such as Tor, Freenet or I2P, that allow Dark Web access. Of course, there is also the issue, as the article acknowledges, that many uses of the Dark Web are benign or even to further human rights causes. We appreciated a similar article from Softpedia, which pointed to the negative public perception stemming from media coverage of the takedown child pornography and drug sales site takedowns. It’s hard to know what isn’t reported in mainstream media.
Megan Feil, June 7, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
