The Internet Is Once Again Anonymous

January 19, 2017

Let us reminiscence for a moment (and if you like you can visit the Internet archive) about the Internet’s early days, circa late 1990s.  It was a magic time, because there were chatrooms, instant messaging, and forums.  The Internet has not changed these forms of communication much, although chatrooms are pretty dead, but one great thing about the early days is that the Internet was mostly anonymous.  With the increase in tracking software, IP awareness, and social media, Internet anonymity is reserved for the few who are vigilant and never post anything online.    Sometimes, however, you want to interact online without repercussions and TechCrunch shares that “Secret Founder Returns To Anonymous Publishing With Launch Of IO.”

David Byttow, Secret co-founder, started the anonymous publishing app IO that is similar to Postcard Confessions.  IO’s purpose is to:

IO is a pseudo-resurrection of Secret that Byttow told us in November came into being partly because “the downsides of current social media products MUST be addressed,” an imperative he felt was especially urgent following the results of the last U.S. election. IO’s stated mission is to achieve “authentic publishing,” by which Byttow means that he’s hoping users having an option to publishing either anonymously, using a pseudonym or as their actual selves will allow for easier sharing of true thoughts and feelings.

IO really does not do much.  You can type something up, hit publish, but it is only shared with other people if you attach social media links.  You can remain anonymous and IO does include writing assistance tools.  I really do not get why IO is useful, but it does allow a person to create a shareable link without joining a forum, owning a Web site, etc.  Reddit seems more practical, though.

Whitney Grace, January 19, 2016

 

Are You Really Beefing up Your Search Skills?

January 18, 2017

Everyone’s New Year’s resolution is usually to lose weight.  When January swings around again, that resolution went out the door with the spring-cleaning.  Exercise can be a challenge, but you can always exercise your search skills by reading Medium’s article, “Google Search Tricks To Become A Search Power User.”  Or at least the article promises to improve your search skills.

Let’s face it, searching on the Web might seem simple, but it requires a little more brainpower than dumping keywords into a search box.  Google makes searching easier and is even the Swiss army knife of answering basic questions.   The Medium article does go a step further by drawing old school search tips, such as the asterisk, quotes, parentheses, and others.  These explanations, however, need to be read more than once to understand how the tools work:

My favorite of all, single word followed by a ‘*’ will do wonders. But yeah this will not narrow your results; still it keeps a wider range of search results. You’ll need to fine tune to find exactly what you want. This way is useful in case when you don’t remember more than a word or two but you still you want to search fully of it.

Having used some of these tips myself, they actually make searching more complicated than taking a little extra time to read the search results.  I am surprised that they did not include the traditional Boolean operators that usually work, more or less.  Sometimes search tips cause more trouble than they are worth.

Whitney Grace, January 18, 2016

Dark Web Offers Tools for Vengeance to Disgruntled Workers

January 10, 2017

It seems the dark web is now making it easier for disgruntled employees to take their revenge to the next level, we learn from the KrebsOnSecurity article, “Rise of Darknet Stokes Fear of the Insider.” The article cites Gartner analyst Avivah Litan; she reports a steep increase in calls from clients concerned about vindictive employees, current or former, who might expose sensitive information on the dark web.  Not surprisingly, companies with a lot of intellectual property at stake are already working with law-enforcement or private security firms to guard against the threat.

How, exactly, is the dark web making worker retaliation easier than ever before? Writer Brian Krebs explains:

Noam Jolles, a senior intelligence expert at Diskin Advanced Technologies, studies darknet communities. I interviewed her last year in ‘Bidding for Breaches,’ a story about a secretive darknet forum called Enigma where members could be hired to launch targeted phishing attacks at companies. Some Enigma members routinely solicited bids regarding names of people at targeted corporations that could serve as insiders, as well as lists of people who might be susceptible to being recruited or extorted.

Jolles said the proliferation of darkweb communities like Enigma has lowered the barriers to entry for insiders, and provided even the least sophisticated would-be insiders with ample opportunities to betray their employer’s trust.

I’m not sure everyone is aware of how simple and practical this phenomena looks from adversary eyes and how far it is from the notion of an insider as a sophisticated disgruntled employee,’ Jolles said. ‘The damage from the insider is not necessarily due to his position, but rather to the sophistication of the threat actors that put their hands on him.

According to research by Verizon, few vengeful employees turn out to have been in management positions. Most are workers lower on the totem pole who had to be given access to sensitive information to perform their jobs. The Verizon report cheerfully advises, “At the end of the day, keep up a healthy level of suspicion toward all employees.” What fun.

See the article for more about this threat, and how organizations might go about protecting themselves.

Cynthia Murrell, January 10, 2017

Cybersecurity Technologies Fueled by Artificial Intelligence

December 28, 2016

With terms like virus being staples in the cybersecurity realm, it is no surprise the human immune system is the inspiration for the technology fueling one relatively new digital threat defense startup. In the Tech Republic article, Darktrace bolsters machine learning-based security tools to automatically attack threats, more details and context about Darktrace’s technology and positioning was revealed. Founded in 2013, Darktrace recently announced they raised $65 million to help fund their expansion globally. Four products, including their basic cyber threat defense solution called Darktrace, comprise their product suite. The article expands on their offerings:

Darktrace also offers its Darktrace Threat Visualizer, which provides analysts and CXOs with a high-level, global view of their enterprise. Darktrace Antigena complements the core Darktrace product by automatically defends against potential threats that have been detected, acting as digital “antibodies.” Finally, the Industrial Immune System is a version of Darktrace designed for Industrial Control Systems (ICS). The key value provided by Darktrace is the fact that it relies on unsupervised machine learning, and it is able to detect threats on its own without much human interaction.

We echo this article’s takeaway that machine learning and other artificial intelligence technologies continue to grow in the cybersecurity sector. The attention on AI is only building in this industry and others. Perhaps the lack of AI is particularly well-suited to cybersecurity as it’s behind-the-scenes nature that of Dark Web related crimes.

Megan Feil, December 28, 2016

In Pursuit of Better News Online

December 20, 2016

Since the death of what we used to call “newspapers,” Facebook and Twitter have been gradually encroaching on the news business. In fact, Facebook recently faced criticism for the ways it has managed its Trending news stories. Now, the two social media firms seem to be taking responsibility for their roles, having joined an alliance of organizations committed to more competent news delivery. The write-up, “Facebook, Twitter Join Coalition to Improve Online News” at Yahoo News informs us about the initiative:

First Draft News, which is backed by Google [specifically Google News Lab], announced Tuesday that some 20 news organizations will be part of its partner network to share information on best practices for journalism in the online age. Jenni Sargent, managing director of First Draft, said the partner network will help advance the organization’s goal of improving news online and on social networks.

Filtering out false information can be hard. Even if news organizations only share fact-checked and verified stories, everyone is a publisher and a potential source,’ she said in a blog post. ‘We are not going to solve these problems overnight, but we’re certainly not going to solve them as individual organizations.

Sargent said the coalition will develop training programs and ‘a collaborative verification platform,’ as well as a voluntary code of practice for online news.

We’re told First Draft has been pursuing several projects since it was launched last year, like working with YouTube to verify user-generated videos. The article shares their list of participants; it includes news organizations from the New York Times to BuzzFeed, as well as other interested parties, like Amnesty International and the International Fact-Checking Network. Will this coalition succeed in restoring the public’s trust in our news sources? We can hope.

Cynthia Murrell, December 20, 2016

UN Addresses Dark Web Drug Trade

December 16, 2016

Because individual nations are having spotty success fighting dark-web-based crime, the United Nations is stepping up. DeepDotWeb reports, “UN Trying to Find Methods to Stop the Dark Web Drug Trade.” The brief write-up cites the United Nation’s Office on Drugs and Crime’s (UNODC’s) latest annual report, which reveals new approaches to tackling drugs on the dark web. The article explains why law-enforcement agencies around the world have been having trouble fighting the hidden trade. Though part of the problem is technical, another is one of politics and jurisdiction. We learn:

Since most of the users use Tor and encryption technologies to remain hidden while accessing dark net marketplaces and forums, law enforcement authorities have trouble to identify and locate their IP addresses. …

Police often finds itself trapped within legal boundaries. The most common legal issues authorities are facing in these cases are which jurisdiction should they use, especially when the suspect’s location is unknown. There are problems regarding national sovereignties too. When agencies are hacking a dark net user’s account, they do not really know which country the malware will land to. For this reason, the UNODC sees a major issue when sharing intelligence when it’s not clear where in the world that intelligence would be best used.

The write-up notes that the FBI has been using tricks like hacking Dark Net users and tapping into DOD research. That agency is also calling for laws that would force suspects to decrypt their devices upon being charged. In the meantime, the UNODC supports the development of tools that will enhance each member state’s ability to “collect and exploit digital evidence.” To see the report itself, navigate here, where you will find an overview and a link to the PDF.

Cynthia Murrell, December 16, 2016

On the Hunt for Thesauri

December 15, 2016

How do you create a taxonomy? These curated lists do not just write themselves, although they seem to do that these days.  Companies that specialize in file management and organization develop taxonomies.  Usually they offer customers an out-of-the-box option that can be individualized with additional words, categories, etc.  Taxonomies can be generalized lists, think of a one size fits all deal.  Certain industries, however, need specialized taxonomies that include words, phrases, and other jargon particular to that field.  Similar to the generalized taxonomies, there are canned industry specific taxonomies, except the more specialized the industry the less likely there is a canned list.

This is where the taxonomy lists needed to be created from scratch.  Where do the taxonomy writers get the content for their lists?  They turn to the tried, true resources that have aided researchers for generations: dictionaries, encyclopedias, technical manuals, and thesauri are perhaps one of the most important tools for taxonomy writers, because they include not only words and their meanings, but also synonyms and antonyms words within a field.

If you need to write a taxonomy and are at a lost, check out MultiTes.  It is a Web site that includes tools and other resources to get your taxonomy job done.  Multisystems built MultiTes and they:

…developed our first computer program for Thesaurus Management on PC’s in 1983, using dBase II under CPM, predecessor of the DOS operating system.  Today, more than three decades later, our products are as easy to install and use. In addition, with MultiTes Online all that is needed is a web connected device with a modern web browser.

In other words, they have experience and know their taxonomies.

Whitney Grace, December 15, 2016

Yahoo Freedom of Information Case Punted Back to Lower German Courts

December 9, 2016

The article on DW titled Germany’s Highest Court Rejects Yahoo Content Payment Case reports that Yahoo’s fight against paying publishers for publishing their content has been sent back to the lower courts. Yahoo claims that the new copyright laws limit access to information. The article explains,

The court, in the western city of Karlsruhe, said on Wednesday that Yahoo hadn’t exhausted its legal possibilities in lower courts and should turn to them first. The decision suggests Yahoo could now take its case to the civil law courts. The judges didn’t rule on the issue itself, which also affects rival search engine companies…. Germany revised its copyright laws in August 2013 allowing media companies to request payment from search engines that use more than snippets of their content.

The article points out that the new law fails to define “snippet.” Does it mean a few sentences or a few paragraphs? The article doesn’t go into much detail on how this major oversight was possible. The outcome of the case will certainly affect Google as well as Yahoo. Since its summer sale of the principal online asset to Verizon, a new direction has emerged. Verizon aims to forge a Yahoo brand that can compete in online advertising with the likes of Google and Facebook.

Chelsea Kerwin, December 9, 2016

Bug-Free, Efficient Tor Network Inching Towards Completion

November 30, 2016

The development team behind the Tor Project recently announced the release of Tor 0.2.9.5 that is almost bug-free, stable and secure.

Softpedia in a release titled New Tor “The Onion Router” Anonymity Network Stable Branch Getting Closer says:

Tor 0.2.9.5 Alpha comes three weeks after the release of the 0.2.9.4 Alpha build to add a large number of improvements and bug fixes that have been reported by users since then or discovered by the Tor Project’s hard working development team. Also, this release gets us closer to the new major update of The Onion Router anonymity network.

Numerous bugs and loopholes were being reported in Tor Network that facilitated backdoor entry to snooping parties on Tor users. With this release, it seems those security loopholes have been plugged.

The development team is also encouraging users to test the network further to make it completely bug-free:

If you want to help the Tor Project devs polish the final release of the Tor 0.2.9 series, you can download Tor 0.2.9.5 Alpha right now from our website and install it on your GNU/Linux distribution, or just fetch it from the repositories of the respective OS. Please try to keep in mind, though, that this is a pre-release version, not to be used in production environments.

Though it will always be a cat and mouse game between privacy advocates and those who want to know what goes on behind the veiled network, it would be interesting to see who will stay ahead of the race.

Vishal Ingole, November 30, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Iran-Russia Ink Pact for Search Engine Services

November 28, 2016

Owing to geopolitical differences, countries like Iran are turning towards like-minded nations like Russia for technological developments. Russian Diplomat posted in Iran recently announced that home-grown search engine service provider Yandex will offer its services to the people of Iran.

Financial Tribune in a news report Yandex to Arrive Soon said that:

Last October, Russian and Iranian communications ministers Nikolay Nikiforov and Mahmoud Vaezi respectively signed a deal to expand bilateral technological collaborations. During the meeting, Russian Ambassador Vaezi said, We are familiar with the powerful Russian search engine Yandex. We agreed that Yandex would open an office in Iran. The system will be adapted for the Iranian people and will be in Persian.

Iran traditionally has been an extremist nation and at the center of numerous international controversies that indirectly bans American corporations from conducting business in this hostile territory. On the other hand, Russia which is seen as a foe to the US stands to gain from these sour relations.

As of now, .com and .com.tr domains owned by Yandex are banned in Iran, but with the MoU signed, that will change soon. There is another interesting point to be observed in this news piece:

Looking at Yandex.ir, an official reportedly working for IRIB purchased the website, according to a domain registration search.  DomainTools, a portal that lists the owners of websites, says Mohammad Taqi Mozouni registered the domain address back in July.

Technically, and internationally accepted, no individual or organization can own a domain name of a company with any extension (without necessary permissions) that has already carved out a niche for itself online. It is thus worth pondering what prompted a Russian search engine giant to let a foreign governmental agency acquire its domain name.

Vishal Ingole November 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Next Page »