• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

 Subscribe

DarkCyber for March 23, 2021, Now Available

DarkCyber for March 23, 2021, is now available at this link.

The March 23, 2021, program contains four stories.

The feature is an interview with the director of GovWizely, Erik Arnold. A former Lycos and Vivisimo executive, Mr. Arnold was a principal researcher on a study about the SolarWinds’ breach. The client for this report was an investment firm. The focus, therefore, was different from the obfuscation and marketing reports generated by cyber security firms and consultants.

Some of the report’s more interesting finding are discussed in the video. A more comprehensive review of the SolarWinds’ breach will be provided on March 25, 2021. Mr. Arnold will conduct an informational webinar on March 25, 2021, at 11 am Eastern time. Registration is required, but there is not charge for the one hour program. You can sign up at https://www.govwizely.com/contact/.

Other stories in the March 23, 2021, program are:

• A look at the management and credibility challenges the Microsoft Exchange Server security lapses create
• How anyone can implement an email tracking function. Three commercial services are mentioned and a GitHub repository is provided for those who want to reuse open source surveillance and monitoring code
• The Russian GROM. This is a weapons capable drone which has been upgraded to carry 10 mini-drones. Each mini-drone can perform kinetic (micro munition)  or reconnaissance functions. The 10 drones can function as a swarm, coordinated via artificial intelligence to adapt to changing battled conditions.

DarkCyber is a video news program published twice each month. The videos are available on YouTube. The video news program covers the Dark Web, cyber crime, and lesser known Internet services. The producer is Stephen E Arnold, publisher of Beyond Search which is available at www.arnoldit.com/wordpress.

Kenny Toth, March 23, 2021

DarkCyber for March 9, 2021, Now Available

This week’s DarkCyber is available on YouTube. The program includes two stories. The first is a summary of our SolarWinds’ research project. An investment firm commissioned a report to answer this question, “What are some companies that will benefit from the breach of SolarWinds’ Orion enterprise software?” The second story describes a loitering drone which has seen action in a recent hot fire skirmish.

The SolarWinds’ story comes at the breach of SolarWinds’ Orion product from a different angle. Most of the existing studies focus on what happened and what organizations are affected. Those reports fall into several broad categories: [1] Technobabble. These are explanations ignoring the obvious fact that non of the installed cyber security systems spotted the SolarWinds’ malware for more than six months, maybe more. [2] After action reports identifying issues with how SolarWinds and many other organizations software are assembled; for example, the use of open source libraries without making sure these libraries do not contain malware and managing basic security processes. [3] Academic / technical discussions of the specific types of malware used in the breach. (The reality is that the malware was based on existing exploits and used methods frequently discussed on hacker forums.)

In the course of our exploration of the hack, we learned that the existing, easily findable information provided a road map for the bad actors. Instead of lightning flashes of genius, the bad actors learned from a range of sources. We mention some of these in this video summary of portions of our research. Then we looked at SolarWinds itself. In this video summary, we provide a snapshot of the distraction factors at SolarWinds in the months leading up to the discovery of the breach. We identify the numerous balls SolarWinds’ executives were juggling. Obviously the firm’s security ball was fumbled by the juggler. The video summary identifies the types of commercial and open source software enabling the breach. One interesting finding is that Microsoft GitHub is the “home” for many useful tools. Some of these were likely to have facilitated certain functions added to existing malware. The final part of the video summary reveals the major findings of our research and analysis process.  A more comprehensive and detailed version of this summary will be presented to units of the US government in March. Some of the information will be provided to the attendees at the US 2021 National Cyber Crime Conference. The DarkCyber video summary, we believe, is useful.

There is no written report available to the public. However, if you want a comprehensive briefing about the report, please, write us at darkcyber333 at yandex dot com. There is a charge for the one hour Zoom briefing and a 30 minute question-and-answer session following the formal presentation.

The second story documents the steady advance of artificial intelligence deployed in autonomous kamikaze drones.

Kenny Toth, March 9, 2021

About TikTok and Privacy: $92 Million Catch Your Attention

I have commented about the superficial understanding shared among some “real” and big time journalists of data collection. What’s the big deal about TikTok? Who cares what kids are doing? Dismissive attitude flipped off these questions because “real” news knows what’s up?

“ByteDance Agrees to US$92 Million Privacy Settlement with US TikTok Users” suggests that ignoring the China-linked TikTok may warrant some scrutiny. The story reports:

The lawsuits claimed the TikTok app “infiltrates its users’ devices and extracts a broad array of private data including biometric data and content that defendants use to track and profile TikTok users for the purpose of, among other things, ad targeting and profit.” The settlement was reached after “an expert-led inside look at TikTok’s source code” and extensive mediation efforts, according to the motion seeking approval of the settlement.

My view is that tracking a user via a range of methods can create a digital fingerprint of a TikTok user. That fingerprint can be matched or cross correlated with other data available to a specialist; for example, information obtained from Oracle. The result is that a user could be identified and tracked across time.

Yep, today’s young person is tomorrow’s thumbtyper in one of the outfits compromised by the SolarWinds’ misstep. What if the TikTok data make it possible to put pressure on a user? What if the user releases access information or other high value data?

TikTok, TikTok, the clock may be ticketing quietly away.

Stephen E Arnold, March 4, 2021

Insights into Video Calls

I read a ZDNet write up. The word I would use to describe its approach is “breezy.” Maybe “fluffy?” “Microsoft Teams or Zoom? A Salesman Offers His Stunning Verdict” reveals quite a bit about the mental approach of the super duper professionals referenced in the article.

The security of Microsoft Teams and Zoom concern me. The SolarWinds’ misstep resulted in Microsoft’s losing control of some Azure and Outlook software. But we only know what Microsoft elects to reveal. Then there is the Zoom-China connection. That gives me pause.

What’s the write up reveal? Policy or personal preference dictates what system gets clicked. But the write up reveals some other factoids, which I think are quite illuminating.

First, the anonymous sales professional states:

“I’m on video calls eight hours a day. I just do what’s easiest…Some of my meetings are in the middle of the night. You want me to think then?”

Not a particularly crafty person I think. The path of least resistance is the lure for this professional. I like the idea that this professional’s thought processes shut down for the night. To answer the rhetorical question “You want me to think then?”, I would reply, “Yes, you are a professional. If you don’t want to think, go for the Walmart greeter work.” Lazy radiates from this professional’s comment.

Another person explains that answering a question about video conferencing features can be expressed this way:

“Zoom to Teams is like Sephora to Ulta. Or Lululemon to Athleta.”

I assume that this is a brilliant metaphor like one of Shakespeare’s tropes. To me I have zero idea about the four entities offered as points of reference. My hunch is that this individual’s marketing collateral is equally incisive.

A source focused on alcohol research (who knew this was a discipline?) This individual is convinced that Zoom’s “has more security protocols.” This individual does not know that most Zoom bombing is a consequence of individuals invited to a meeting.

Here are my takeaways from the write up:

1. The salesman cuts corners
2. The person who speaks in terms of product brand names is likely to confuse me when I ask, “What’s the weather?”
3. The alcohol researcher’s confidence in Zoom security is at odds with the Zoom bomb thing.

For my Zoom sessions, I use an alias, multiple bonded Internet services, and a specialized VPN. I certainly don’t trust Zoom security. And Microsoft? These pros develop security services which could not detect a multi month breach which resulted in the loss of some source code.

My verdict: Meet in person, wear a mask, and trust but verify.

Stephen E Arnold, February 24, 2021

Bitchute: Still Powering Those Ultra Bits

Republicans view Democrats with suspicion. Democrats stare back at Republicans. Both political parties have media outlets that support each of their political ideologies. The only problem for either party are the extremists (and conspiracy theorists) that haunt their ranks. That being said welcome to BitChute, a conservative video streaming platform that allows frisky speech, conspiracy theorists, and Web 3.0 thinkers.

Mashable deep dives into the platform in: “BitChute Welcomes The Dangerous Hate Speech That YouTube Bans.” BitChute has not received as much attention as other alternative social media Web sites. British citizen Ray Vahey, a Web developer, founded BitChute as a free speech platform when Google banned certain contentious speech and extremist content on YouTube. Vahey lives in Thailand and he actively supports conspiracy theories.

BitChute is funded by donations and will start playing ads from the advertising company Criteo. Most of BitChute’s content comes from YouTube and it is not owned by the uploads. Reuters, for example, has a channel, but Reuters does not own it. There have been takedown allegations, although they were copyright infringement and not community guidelines.

“As HOPE not hate’s report puts it: “BitChute exists to circumvent the moderation of mainstream platforms.”  BitChute really seems like the Wild West. The company lists basic community guidelines on the site, but users can easily find videos that violate them. And it’s not like there’s so much content that BitChute couldn’t moderate it all. “

There are fewer uploaders to BitChute than YouTube enjoys, but that does not limit the depth of unusual factoids shared in videos. BitChute’s guidelines state terrorism recruitment videos were not allowed, yet there are many available as well as mass shooting videos.

BitChute may be poised for growth.

Whitney Grace, January 28, 2020

DarkCyber for January 26, 2021, Now Available

DarkCyber is a twice-a-month video news program. The stories cover cyber crime, lesser known Internet services, and online. The feature in the January 26, 2021, program is a conversation between Ric Manning, a former Gannett technology columnist and author, and Stephen E Arnold, author of CyberOSINT: Next Generation Information Access. Arnold and Manning talk about the online implications of deplatforming users. Manning points out that protections extended to online platforms free the managers from the constraints in which other media are enmeshed. Arnold points out that government involvement is likely to take place and have significant unforeseen consequences.

Others stories in this program are the deanonymization of digital currency users, a book of algorithms selected for their usefulness in intelligence analysis, and our mini-feature about drones. This week, learn about the flying ginsu knife.

You can view the video at www.arnoldit.com/wordpress or at this url on YouTube.

Kenny Toth, January 26, 2021

Microsoft Teams: More, More, More

Last week I was on a Zoom video call. Zoom is pretty easy to use. What’s interesting is that the cyber security organizer of the meeting could not figure out how to allow a participant to share a screen. Now how easy is it to use Microsoft Teams compared to Zoom? In my opinion, Microsoft Teams is a baffler. The last thing Teams needs is another dose of featuritis. Teams and Zoom both need to deal with the craziness of the existing features and functions.

I have given up on Zoom improving its interface. The tiny gear icon, one of the most used components, is tough for some people to spot. Teams has a couple of donkeys laden with wackiness; for example, how about those access controls? Working great for new users, right? But Microsoft who is busy reinventing itself from Word and SharePoint wants to be the super Slack of our Rona-ized world. Sounds good? Yep, ads within Office 10 are truly an uplifting experience for individuals who use Windows 10 to sort of attempt work. Plus, Teams adds Channel calendars. Great! More calendars! Many Outlooks, many search systems, and now calendars! In Teams!

I noted this BBC write up: “Pupils in Scotland Struggle to Get Online Amid Microsoft Issue.” I thought teachers, parents were there to help. The Beeb states:

A number of schools, pupils and parents have reported the technology running slowly or not at all.

What’s Microsoft say? According to the Beeb:

A Microsoft spokesperson said: “Our engineers are working to resolve difficulties accessing Microsoft Teams that some customers are experiencing.” When pressed on whether demand as a result of home schooling was causing the issue, Microsoft declined to comment.

Just like the SolarWinds’ misstep? Nope, just working to make Teams more interesting. Navigate to “Microsoft Teams Is Getting a More Engaging Experience for Meetings Soon.” If the write up is accurate, that’s exactly what Microsoft has planned for its Zoom killer. The write up reports an item from the future:

Microsoft is working on making Teams meetings more engaging using AI and a “Dynamic View” to give more control over meeting presentations.

And what, pray tell, is a more engaging enhancement or two? I learned that in the future (not yet determined):

The Dynamic view is said to let you see what’s being shared and other people on the call at the same time. With the call being automatically optimized in a way that lets participants both see the important information that’s being shared and the people presenting it in a satisfying way.

News flash. The features appear to add controls (hooray, more controls) and the presentation seems just fine for those high-resolution displays measured in feet, not inches.

Bulletin. Just in. More people are using mobile devices than desktop computers. How is Teams on a mobile device with a screen measured in inches, not feet?

Oh, right. Featuritis and tiny displays. Winners. Maybe not for someone over the age of 45, but that’s an irrelevant demographic, right?

Stephen E Arnold, January 12, 2021

DarkCyber for January 12, 2021, Now Available

DarkCyber is a twice-a-month video news program about online, the Dark Web, and cyber crime. You can view the video on Beyond Search or at this YouTube link.

The program for January 12, 2021, includes a featured interview with Mark Massop, DataWalk’s vice president. DataWalk develops investigative software which leapfrogs such solutions as IBM’s i2 Analyst Notebook and Palantir Gotham. In the interview, Mr. Massop explains how DataWalk delivers analytic reports with two or three mouse clicks, federates or brings together information from multiple sources, and slashes training time from months to several days.

Other stories include DarkCyber’s report about the trickles of information about the SolarWinds’ “misstep.” US Federal agencies, large companies, and a wide range of other entities were compromised. DarkCyber points out that Microsoft’s revelation that bad actors were able to view the company’s source code underscores the ineffectiveness of existing cyber security solutions.

DarkCyber highlights remarkable advances in smart software’s ability to create highly accurate images from poor imagery. The focus of DarkCyber’s report is not on what AI can do to create faked images. DarkCyber provides information about how and where to determine if a fake image is indeed “real.”

The final story makes clear that flying drones can be an expensive hobby. One audacious drone pilot flew in restricted air zones in Philadelphia and posted the exploits on a social media platform. And the cost of this illegal activity. Not too much. Just $182,000. The good news is that the individual appears to have avoided one of the comfortable prisons available to authorities.

One quick point: DarkCyber accepts zero advertising and no sponsored content. Some have tried, but begging for dollars and getting involved in the questionable business of sponsored content is not for the DarkCyber team.

Finally, this program begins our third series of shows. We have removed DarkCyber from Vimeo because that company insisted that DarkCyber was a commercial enterprise. Stephen E Arnold retired in 2017, and he is now 77 years old and not too keen to rejoin the GenX and Millennials in endless Zoom meetings and what he calls “blatant MBA craziness.” (At least that’s what he told me.)

Kenny Toth, January 12, 2021

DarkCyber for December 29, 2020, Is Now Available

DarkCyber for December 29, 2020, is now available on YouTube at this link or on the Beyond Search blog at this link. This week’s program includes seven stories. These are:

A Chinese consulting firm publishes a report about the low profile companies indexing the Dark Web. The report is about 114 pages long and does not include Chinese companies engaged in this business.

A Dark Web site easily accessible with a standard Internet browser promises something that DarkCyber finds difficult to believe. The Web site contains what are called “always” links to Dark Web sites; that is, those with Dot Onion addresses.

Some pundits have criticized the FBI and Interpol for their alleged failure to take down Jokerstash. This Dark Web site sells access to “live” credit cards and other financial data. Among those suggesting that the two law enforcement organizations are falling short of the mark are four cyber security firms. DarkCyber explains one reason for this alleged failure.

NSO Group, a specialized services company, has been identified as the company providing technology to “operators” surveilling dozens of Al Jazeera journalists. DarkCyber points out that a commercial firm is not in a position to approve or disapprove the use of its technology by the countries which license the Pegasus platform.

Facebook has escalated its dispute with Apple regarding tracking. Now the social media company has alleged that contractors to the French military are using Facebook in Africa via false accounts. What’s interesting is that Russia is allegedly engaged in a disinformation campaign in Africa as well.

The drone news this week contaisn two DJI items. DJI is one of the world’s largest vendors of consumer and commercial drones. The US government has told DJI that it may no longer sell its drones in the US. DJI products remain available in the US. DJI drones have been equipped with flame throwers to destroy wasp nests. The flame throwing drones appear formidable.

DarkCyber is a twice a month video news program reporting on the Dark Web, lesser known Internet services, and cyber crime. The program is produced by Stephen E Arnold and does not accept advertising or sponsorships.

Kenny Toth, December 29, 2020

Another Xoogler Explains Algorithmic Manipulation

I don’t want to make a big deal about a former Google engineer talking about algorithmic manipulation. I know what happened to the Google AI expert who pointed out that training data can and does bias how numerical recipes make decisions.

I spotted this 2019 statement in an ancient write up called “‘YouTube Recommendations Are Toxic,’ Says Dev Who Worked on the Algorithm.” The speaker is a Xoogler (the semi official name for someone who worked at the Google) who allegedly worked on the YouTube recommendation algorithm. Now keep in mind that the Google is a pretty chaotic outfit, and it is possible for people to “work on” something and the outside world will have zero idea whether the contribution was a quality test or something substantive like fiddling thresholds to meet a harried superior’s goal. (Bonus time causes some interesting activities I have heard.)

Here’s the quote, and I have put in bold face the important statement which I found important and possibly accurate:

“It isn’t inherently awful that YouTube uses AI to recommend video for you, because if the AI is well tuned it can help you get what you want. This would be amazing,” Chaslot told TNW. “But the problem is that the AI isn’t built to help you get what you want — it’s built to get you addicted to YouTube. Recommendations were designed to waste your time.”

The write up does not dig into wasting time. I want to share my perception of the time wasting angle. In the good old days, Web sites wanted to be sticky. That’s why mere search engines became portals and eventually massive one stop shops with everything in one “experience.”

For YouTube, the more time a person invests in watching videos on YouTube, the more ads Google can slam into the video. If you think there are a lot of ads for a video now, just wait until the “game plan” is rolled out to the Googlers in the Spring of 2021.

Therefore, the purpose of the YouTube algorithm is to create opportunities to display ads. Are these relevant or irrelevant. I must say that I am quite adept at clicking past blandishments for Grammarly, Liberty Mutual, and many other hapless companies dumping cash into the coffers of the world’s most wonderfulest Web search system. Grammarly, isn’t “wonderfulest” a real word when used with “Google”? Maybe I should as DeepMind? Oh, right. DeepMind is busy doing healthy things and losing hundreds of millions of dollars every year.

Burn that ad inventory. Absolutely.

Stephen E Arnold, December 25, 2020

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Fogint
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month April 2025 March 2025 February 2025 January 2025 December 2024 November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • YouTube Click Count Floors Creators
  • Why Is Meta Experimenting With AI To Write Comments?
  • Google: Keep a Stiff Upper Lip and Bring Fiat Currency Other Than Dollars
  • Trust: Zuck, Meta, and Llama 4
  • Google AI Search: A Wrench in SEO Methods

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org