The Business World Is Not Prepared for a Cyber Attack

January 12, 2016

Cyber threats have been a concerning topics since computers became functional and daily tools for people.  The idea of a hacker brings up images of IT geeks sitting in a dark basement with their laptops and cracking top secret codes in a matter of keystrokes.  Hacking has turned from a limited crime to a huge international problem comparable to the mafia.  While hackers are interested in targeting individuals, the bolder thieves target big businesses.  News of Bahrain shares that “Biz Not Prepared For Cyber Threat,” translated from headline speech that means the business world would not withstand a cyber attack.

KPMG International released the 2015 KPMG CEO Outlook Study that found businesses are aware of risks associated with cyber attacks, but only forty-nine percent have prepared for one.  The study surveyed 1,200 CEOs and one out of five are concerned about cyber risks.  The concern has led many CEOs to take action with security measures and safety plans.

“ ‘The most innovative companies have recognized that cyber security is a customer experience, not just a risk that needs to be managed or a line item in the budget. In Bahrain, some firms are finding ways to turn cyber preparedness into a competitive advantage with customers, and they are using this as a differentiator.’ ”

Many companies that are attacked thought they were prepared for any threats, but they underestimated hackers’ intelligence, sophistication, and persistence.

Some of the companies with good cyber security are advertising their technical achievements to prevent attacks.  It is a desirable feature, especially as more information is housed on cloud storage and businesses need to be aware of potential threats.

Whitney Grace, January 12, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Authors Guild Loses Fair Use Argument, Petitions Supreme Court for Copyright Fee Payment from Google

January 12, 2016

The article on Fortune titled Authors Guild Asks Supreme Court to Hear Google Books Copyright Case continues the 10 year battle over Google’s massive book scanning project. Only recently in October of 2015 the Google project received  a ruling in their favor due to the “transformative” nature of the scanning from a unanimous appeals court. Now the Authors Guild, with increasing desperation to claim ownership over their work, takes the fight to the Supreme Court for consideration. The article explains,

“The Authors Guild may be hoping the high profile nature of the case, which at one time transfixed the tech and publishing communities, will tempt the Supreme Court to weigh in on the scope of fair use… “This case represents an unprecedented judicial expansion of the fair-use doctrine that threatens copyright protection in the digital age. The decision below authorizing mass copying, distribution, and display of unaltered content conflicts with this Court’s decisions and the Copyright Act itself.”

In the petition to the Supreme Court, the Authors Guild is now requesting payment of copyright fees rather than a stoppage of the scanning of 20 million books. Perhaps they should have asked for that first, since Google has all but already won this one.

 

 
Chelsea Kerwin, January 12, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Dark Web: How Big Is It?

January 11, 2016

I read “Big Data and the Deep, Dark Web.” The write up raises an important point. I question the data, however.

First, there is the unpleasant task of dealing with terminology. A number of different phrases appear in the write up; for example:

  • Dark Web
  • Deep Web
  • Surface Web
  • Web World Wide

Getting hard data about the “number” of Web pages or Web sites is an interesting problem. I know that popular content gets indexed frequently. That makes sense in an ad-driven business model. I know that less frequently indexed content often is an unhappy consequence of resource availability. It takes time and money to index every possible link on each index cycle. I know that network latency can cause an indexing system to move on to another, more responsive site. Then there is bad code, intentional obfuscation such as my posting content on Xenky.com for those who attend my LEA/Intelligence lectures sponsored by Telestrategies in information friendly Virginia.

Then what is the difference between the Surface Web, which I call the Clear Web which allows access to a Wall Street Journal article when I click a link from one site and not from another. The Wall Street Journal requires a user name and password—sometimes. So what is this? A Clear Web site or a visible, not accessible site?

The terminology is messy.

Bright Planet coined the Deep Web moniker decades ago. The usage was precise: These are sites which are not static; for example dynamically generated Web pages. An example would be the Southwest Airlines fare page. A user has to click in order to get the pricing options. Bright Planet also included password protected sites. Examples range from a company’s Web page for employees to sites which require the user to pay money to gain access.

Then we have the semi exciting Dark Web, which can also be referenced as the Hidden Web.

Most folks writing about the number of Web sites or Web pages available in one of these collections are pretty much making up data.

Here’s an example of fanciful numerics. Note the disclaimers which is a flashing yellow caution light for me:

Accurately determining the size of the deep web or the dark web is all but impossible. In 2001, it was estimated that the deep web contained 7,500 terabytes of information. The surface web, by comparison, contained only 19 terabytes of content at the time. What we do know is that the deep web has between 400 and 550 times more public information than the surface web. More than 200,000 deep web sites currently exist. Together, the 60 largest deep web sites contain around 750 terabytes of data, surpassing the size of the entire surface web by 40 times. Compared with the few billion individual documents on the surface web, 550 billion individual documents can be found on the deep web. A total of 95 percent of the deep web is publically accessible, meaning no fees or subscriptions.

Where do these numbers come from? How many sites require Tor to access their data. I am working on my January Webinar for Telestrategies. Sorry. Attendance is limited to those active in LEA/Intelligence/Security. I queried one of the firm’s actively monitoring and indexing Dark Web content. That company which you may want to pay attention to is Terbium Labs. Visit them at www.terbiumlabs.com. Like most of the outfits involved in Dark Web analytics, certain information is not available. I was able to get some ball park figures from one of the founders. (He is pretty good with counting since he is a sci-tech type with industrial strength credentials in the math oriented world of advanced physics.

Here’s the information I obtained which comes from Terbium Labs’s real time monitoring of the Dark Web:

We [Terbium Labs] probably have the most complete picture of it [the Dark Web] compared to most anyone out there.  While we don’t comment publicly on our specific coverage, in our estimation, the Dark Web, as we loosely define it, consists of a few tens of thousands or hundreds of thousands of domains, including light web paste sites and carding forums, Tor hidden services, i2p sites, and others.  While the Dark Web is large enough that it is impossible to comprehensively consume by human analysts, compared with the billion or so light web domains, it is relatively compact.

My take is that the Dark Web is easy to talk about. it is more difficult to obtained informed analysis of the Dark Web, what is available, which sites are operated by law enforcement and government agencies which sites are engaged actively is Dark Web commerce, information exchange, publishing, and other tasks.

One final point: The Dark Web uses Web protocols. In a sense, the Dark Web is little more than a suburb of the metropolis that Google indexes selectively. For more information about the Dark Web and its realities, check out my forthcoming Dark Web Notebook. If you want to reserve a copy, email benkent2020 at yahoo dot com. LEA, intel, and security professionals get a discount. Others pay $200 per copy.

Stephen E Arnold, January 11, 2016

Ad Blocking: A Real Publisher in Action

January 11, 2016

I read “You Say Advertising, I Say Block That Malware.” The write up reveals quite a bit about how one major publisher wields technology mastery. According to the write up, “Forbes asked readers to turn off ad blocker.”

Okay, we need money. I get that.

The write up then reveals:

On arrival, like a growing number of websites, Forbes asked readers to turn off ad blockers in order to view the article. After doing so, visitors were immediately served with pop-under malware, primed to infect their computers, and likely silently steal passwords, personal data and banking information. Or, as is popular worldwide with these malware “exploit kits,” lock up their hard drives in exchange for Bitcoin ransom. One researcher commented on Twitter that the situation was “ironic”…

I interpreted the situation differently. The publisher lacks the technical expertise to deal with its own online system. Let’s see. In Manhattan, one could stand on the corner and ask those passing on the sidewalk, “Can you help me deal with malware?”

Of course, one has to know what to ask. That is often difficult when one is so very confident that one knows what one needs to know about online systems.

My hunch is that after 15 minutes and some quick conversations, the requisite expertise would be located and en route to deal with a real publisher’s problem: Doing one thing, creating a problem, and becoming news reported in a Web log.

Ah, real publishers. A joy. Where is the motorcycle riding wizard when one needs him?

Stephen E Arnold, January 9, 2016

For Search Vendors Suddenly Transformed into Analytics Companies

January 11, 2016

I read “48 Questions to Ask to a Potential Data Scientist Hire.” The list is useful. I added two questions to make it easy to calculate one’s score. My additions are:

  1. What is Bayesian drift and how does one adjust to it?
  2. What is one use case for C* algebras when determining similarities?

Now, here’s what I propose to the vendors of keyword search systems using the phrases “analytics,” “metrics,” and for good measure “Big Data” in their marketing pitches.

Get the top three or four executives in the company together. Invite at least one of the people providing venture funding for the company.

Distribute the questions to everyone and then work through the 50 questions. Yep, you can collaborate and make phone calls to a junior in high school who is good in math.

Calculate your score. Use this scale to determine the probability of your new market positioning. Here’s the grading scale for your collective team:

90 to 100 percent: A. You are a top five percenter! You have a winner.

80 to 89 percent: B. Meh. Look for a company to buy and try another market positioning, maybe human resource management?

70 to 79 percent: C. Dull normal. Fire people, just like Yahoo and IBM.

60 to 69 percent: D. You are a disgrace to your ancestors. Start raising money. Include your relatives, the bank holding your mortgage, and a neighbor known to be losing touch with NCSI.

0 to 59 percent: F. Failure. Check out the openings at Wendy’s or KFC.

Stephen E Arnold, January 11, 2016

Google and Its Positioning of Search as an Important Technical Area

January 11, 2016

Google in 1999 when I met Larry Page at a search conference was all about search. Flash forward to 2016. Search, if the information in “2016 Google Tracker” is on the money, is almost a sideline at Google in 2016. Yet in terms of revenue, search related functions generate the bulk of Alphabet Google’s cash.

What’s this suggest?

The write up does the “I want a mouse pad” thing: Focusing on the smiley face approach to the Alphabet Google thing:

The company (and this series of articles) just seems to get bigger and bigger as time goes by.

Whether you know what Calico or DeepMind do is secondary to the “bigger and bigger” assertion.

Flip that around. Search is getting smaller and smaller. Yet the revenue dependence on search remains a constant. Steve Ballmer observed that Google was a one trick pony.

That is no longer true. Google is a one trick pony in terms of revenue. But Google’s interests are quite diverse. Some of the projects are interesting; for example, funding companies to bring much needed innovation to Google. Others are more bizarre like “solving death.”

The question I have is, “What will Alphabet Google do to generate new revenue?”

Science projects and beating an ageing horse may not be sustainable methods. We spend on ideas because we can is interesting, maybe entertaining. Amazon appears to be structuring a business based on multiple revenue streams and pursuing some far out projects. Google may have more in common with HP Enterprise, IBM and Microsoft than I once thought. Take away the advertising business which owes much to Yahoo’s Overture/GoTo model, and what is Alphabet Google.

Could one answer be a Yahoo-type outfit?

Stephen E Arnold, January 11, 2016

Tor-n Agenda? Good Question

January 11, 2016

I want to steer clear of the thrashing about the Tor Project. I do want to point you to the blurring of the lines between the Clear or Open Web (what you can see in Firefox or Chrome) and the Dark Web (what you can access via the Tor software bundle). My view is that the boundary between open and closed Webs is getting broader.

Navigate to “Two Months after FBI Debacle, Tor Project Still Can’t Get an Answer from CMU.” The write up is about understanding what academics can do and what they cannot talk about.

The write up also talks about “defensive” issues related to Tor. Among the most important are increasingly consumer-y apps; for example, Mumble. The issue of US government funding has some interesting implications.

I learned in the write up:

I would like to see Tor funded to the point where they’re not funded in the way they grow the network based on funding priorities. I would like to see Tor respected as a freedom-enhancing technology, and I’d like to see the world not throwing negative stuff in there along with it. I want them to get that this is really important.

The statement comes from Shari Steele, Executive Director of the Tor Project.

How will the concept of Tor usage mesh with that of those who fund the system? Worth watching.

Stephen E Arnold, January 11, 2016

There Is a Hole in the Cloud

January 11, 2016

Everyone is running to the cloud to reserve their own personal data spot.  Companies have migrated their services to the cloud to serve a growing mobile clientele.  If you are not on the cloud, it is like you’re still using an old flip phone.  The cloud is a viable and useful service that allows people to access their data anytime and anywhere.  Business Insider reveals that cloud usage is heavily concentrated in the US:  “Latest Data From The Valley’s Oldest VC Firm Shows One Big Flaw In The Hype Around The Cloud.”

Bessemer Venture Partners is the longest running venture capitalist company in Silicon Valley.  To celebrate its 100th cloud investment, it surveyed where the company’s cloud investments are located.  Seventy-six of the startups are in the US, eleven are in Israel, and four are in Canada.

“The fact that less than one-quarter of BVP’s cloud investments are in non-US startups shows the adoption of cloud technologies is lagging in the rest of the world. It’s also a reminder that, even after all these years of cloud hype, many countries are still concerned about some aspects of cloud technology.”

Cloud adoption around the world is slow due to the US invents a lot of new technology and the rest of the world must catch up.  Security is another big concern and companies are hesitant to store sensitive information on a system with issues.

The cloud has only been on the market for ten years and has only gained attention in the past five.  Cell phones, laptops, and using open source software took time to catch on as well.

Whitney Grace, January 11, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

IBMs CFO Reveals IBMs Innovation Strategy: Why Not Ask Watson

January 11, 2016

The article on TechTarget titled IBM CFO Schroeter on the Company’s Innovation Strategy delves into the mind of Martin Schroeter regarding IBM’s strategy for chasing innovation in healthcare and big data. This year alone IBM acquired three healthcare companies with data on roughly one hundred million people as well as massive amounts of data on medical conditions. Additionally, as the article relates,

“IBM’s purchase of The Weather Co.’s data processing and analytics operations brought the company a “massive ingestion machine,” which plays straight into its IoT strategy, Schroeter said. The ingestion system pulls in 4 GB of data per second, he said, and runs a lot of analytics as users generate weather forecasts for their geographies. The Weather Co. system will be the basis for the company’s Internet of Things platform, he said.”

One of many interesting tidbits from the mouth of Schroeter was this gem about companies being willing to “disrupt [themselves]” to ensure updated and long-term strategies that align technological advancement with business development. The hurtling pace of technology has even meant IBM coming up with a predictive system to speed up the due diligence process during acquisitions. What once took weeks to analyze and often lost IBM deals has now been streamlined to a single day’s work. Kaboom.

 

Chelsea Kerwin, January 11, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Open Source Data Management: It Is Now Easy to Understand

January 10, 2016

I read “16 for 16: What You Must Know about Hadoop and Spark Right Now.” I like the “right now.” Urgency. I am not sure I feel too much urgency at the moment. I will leave that wonderful feeling to the executives who have sucked in venture money and have to find a way to generate revenue in the next 11 months.

The article runs down the basic generalizations associated with each of these open source data management components:

  • Spark
  • Hive
  • Kerberos
  • Ranger/Sentry
  • HBase/Phoenix
  • Impala
  • Hadoop Distributed File System (HDFS)
  • Kafka
  • Storm/Apex
  • Ambari/Cloudera Manager
  • Pig
  • Yarn/Mesos
  • Nifi/Kettle
  • Knox
  • Scala/Python
  • Zeppelin/Databricks

What the list tells me is two things. First, the proliferation of open source data tools is thriving. Second, there will have to be quite a few committed developers to keep these projects afloat.

The write up is not content with this shopping list. The intrepid reader will have an opportunity to learn a bit about:

  • Kylin
  • Atlas/Navigator

As the write up swoops to its end point, I learned about some open source projects which are a bit of a disappointment; for example, Oozie and Tez.

The key point of the article is that Google’s MapReduce which is now pretty long in the tooth is now effectively marginalized.

The Balkanization of data management is evident. The challenge will be to use one or more of these technologies to make some substantial revenue flow.

What happens if a company jumps on the wrong bandwagon as it leaves the parade ground? I would suggest that it may be more like a Pig than an Atlas. The investors will change from Rangers looking for profits to Pythons ready to strike. A Spark can set fire to some hopes and dreams in the Hive. Poorly constructed walls of Databricks can come falling down. That will be an Oozie.

Dear old Oracle, DB2, and SQLServer will just watch.

Stephen E Arnold, January 10, 2016

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta