The Job Requirements Of A Dark Web Hunter
February 5, 2019
Batman is one of the best superheroes ever created. Batman’s gimmick is that he is a master of criminal activity, except he does not use his powers for evil, but for good. If Batman wanted to he could be the kingpin of crime, but he would rather save Gotham and innocent lives. Batman is a fictional superhero, but there are real world equivalents. One type of real world Batman are ethical hackers, i.e. IT experts who use their powers for good. What does it take to be an IT Batman, though? We picked up a Verizon job posting that lists the requirements for a: “Dark Web-OSINT Investigative Research Consultant.”
Verizon is a leading North American mobile phone and Internet provider and they have a team dedicated to tracking and preventing threats to their network, customers, and sensitive data. The job posting is for an opening on the Verizon Threat Response Advisory Center Intelligence Team, specifically for an expert in the surface, deep, and Dark Web. The Dark Web consultant will support Verizon’s Threat Intelligence Platform Service, the Rapid Response Retainer, and will provide threat intelligence for the company at large.
Moving further into the posting it reads like a “superhero want ad”:
“In order to proactively detect and identify such activity or investigate on-going attacks from foreign adversaries and cyber criminals, VTRAC requires a seasoned Surface, Deep, and Dark Web Investigative Research Consultant (Darkweb Hunter) that can conduct in-depth and investigative research, identification, and detection of adversarial attempts to degrade and disrupt their landscape, supply chains, physical infrastructure, personnel, and ecosystem.
In order to identify and detect such activity, VTRAC requires a seasoned Surface, Deep, and Dark Web Investigative Research Consultant who has in-depth physical and cyber tradecraft methodology and Tactics, Technics and Procedures (TTP) knowledge of foreign intelligence services, state-sponsors of terrorism, U.S. and international criminal organizations, and hacktivists.”
The job tasks include open source intelligence (OSINT) investigative research, intelligence that protects the company’s infrastructure, security intelligence, report analysis, and consultation. Interested personnel need at least a bachelor’s degree or four or more years of experience, OSINT experience, knowledgeable in cyber threats and deep and Dark Web. Applicants will rise to the top of the pile if they have a master’s degree, counterintelligence experience, are an ethical hacker, and are familiar with CISSP.
With all this knowledge, the Dark Web consultant could probably become Batman with the right technology, tools, and a giant robot to take over the physical tasks. As for the bottomless fortune part, maybe the Dark Web consultant could be a Robin Hood-steal the money from the bad guys and use it for good.
Whitney Grace, February 5, 2019
DarkCyber for February 5, 2019, Now Available
February 5, 2019
DarkCyber for February 5,2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/315073592. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.
This week’s story line up includes: Alleged money laundering via the popular Fortnite game; and an excerpt from Stephen E Arnold’s “Dark Web, Version 2” lecture at the University of Louisville.
The first story explains how bad actors launder money via the online game Fortnite. The game allows players to purchase “digital assets” by purchasing via a credit card. The credit card funds allow the player to acquire V Bucks. These V Bucks can be converted to weapons, information, or other in-game benefits. But the digital assets can be sold, often on chat groups, Facebook, or other social media. In the process, the person buying the digital assets with a stolen credit card, for example, converts the digital assets to Bitcoin or another digital currency. Many people are unaware that online games can be used in this manner. Law enforcement will have to level up their game in order to keep pace with bad actors.
The second story is an excerpt from Stephen E Arnold’s invited lecture. He spoke on January 25, 2019 to an audience of 50 engineering students and faculty on the subject of “Dark Web, Version 2.” In his remarks, he emphasized that significant opportunities for innovation exist. Investigators need to analyze in a more robust way data from traditional telephone intercepts and the Internet, particularly social media.
Arnold said, “The structured data from telephone intercepts must be examined along with the unstructured data acquired from a range of Internet sources. Discovering relationships among entities and events is a difficult task. Fresh thinking is in demand in government agencies and commercial enterprises.” In the video, Mr. Arnold expands on the specific opportunities for engineers, programmers, and analysts with strong mathematics skills.
A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cyber crime, Dark Web, and company profiles are now appearing on a daily basis.
Kenny Toth, February 5, 2019
Japan: A Security Clamp
February 4, 2019
We are used to Olympic athletes pushing the limit of human accomplishment, but authorities in Japan are going even further. In preparation for the 2020 Olympics, the National Institute of Information and Communication Technology has gained permission to hack into citizens’ IOT devices in order to prevent terror attacks. We learned more from a recent ZDnet story, “Japanese Government Plans to Hack into Citizens’ IOT Devices.”
According to the story:
“The plan is to compile a list of insecure devices that use default and easy-to-guess passwords and pass it on to authorities and the relevant internet service providers, so they can take measures to alert consumers and secure the devices…The survey is scheduled to kick off next month, when authorities plan to test the password security of over 200 million IoT devices, beginning with routers and web cameras.”
From home security systems, to coffee pots, to doorbell cameras—these IOT tools are very vulnerable. While it’s promising to see an intelligence agency getting out ahead of a potential issue, the path to safety is fraught with potential problems. Would such a leap in privacy be acceptable in the US? We find it impossible to believe, but it’ll be interesting to see how Japan juggles this issue.
Patrick Roland, February 4, 2019
MBA Fancy Dancing: Three Horizons
February 4, 2019
In a world of bits and bytes, MBAs have to do some fancy dancing. A good example is the essay “McKinsey’s Three Horizons Model Defined Innovation for Years. Here’s Why It No Longer Applies.” The write up assumes that the reader knows about consultant speak, the value of simplicity to most CEOs, and the need to sell time. Ka-ching.
You can read the essay for an explanation of what a company has to do to grow. Three tips:
The basic idea is to do things better (reduce costs, put more seats in a commercial aircraft. Make breakfast bars smaller but keep the larger packaging. Efficiency. Firing workers, reduce quality, and trim customer support humans.
The second task is to make more money; for example, puts ads everywhere and make it tough for an advertiser to figure out what actually happened as a result of the ad spend, bill parents for a child’s in game “purchases”, and generate shelves of different types of spaghetti sauce for a person who wants “regular” spaghetti sauce, and so on.
The third job is to do something new; for example, put health monitors in shoes, solve the problem of death, push the idea that people in cities with lots of rain and snow will ride electric scooters, and similar “outside the box” innovations.
But the three ways to grow — called horizons in consultant-speak — are no longer bounded by time. This means that in today’s go go world, a CEO has no time. Every activity is like the two minute warning in American football. Game tied. Win it or sell used cars for a living.
Consequently businesses have to rethink everything — again. Then implement more new things to deal with the problem the new view of time demands. I can hear the cheers from the consulting firms now.
Here’s what the pressured, desperate, and insecure CEO must do:
- Outsource (yep, an old idea needs to be amped up)
- Hire consultants or buy hot start ups
- Do the “me too” and duplicate what’s working for another outfit
- Innovate, either think up something new (very risky) or buy a start up and stock up on scapegoats (less risky).
I don’t want to rain on this recycled parade of MBA chopped liver, but I would suggest that one big idea be kept front and center.
The assumption of the MBA world is that growth is darned near infinite. Competition will produce winners, and to be a winner, one has to do the stuff that wins. The old methods work when there are plenty of resources, barriers to entry, and not too many other desperate people looking for a winner.
The problem is that infinity, while a good idea, does not work when cash is tight, competition is a mouse click away, and execution is often complex.
The signs of a change in the business climate are easy to spot. No MBA needed. Monopolies characterize the present US business landscape. Who will fund a company to knock off Google or Alphabet? Er, still waiting for a hand to go up.
Governmental entities worldwide are not exactly humming along. Whether it is the on going chaos of certain Middle East countries or the slow motion disintegration in South America or the weekly drama of French protesters wearing “colors”— wind downs on display.
Concomitant with the is a bit of that Einstein magic. The amount of time available to accomplish a task is shrinking. CEOs command star ships, but the time required to build a business is getting longer.
Check out the meeting monsters fueled by digital calendars. People work anywhere but find time chopped into nanoseconds. I assert it is tough to do certain types of thinking and work in tiny perturbations in a quantum clock.
One interesting characteristic of reduced time and reduced resources I would suggest is an surge in pragmatic amorality. Example: The Facebook professional allegedly remarked, “The heck with ethics. I want my bonus.”
Therefore, for the MBA in the foreseeable future, here are the trigger points:
- Expediency
- Abandonment of social responsibility
- Clever and cute tricks designed to deceive
- Obfuscation, prevarication, and denial.
There’s nothing like a horizon. But what if it is an event horizon or a recycling of management bromides. Timely.
Stephen E Arnold, February 4, 2019
Amazonia for February 4, 2019
February 4, 2019
The Bezos retail bulldozer could be slowing. Nevertheless, the AWS jungle continues to flourish with hefty growth. Eweek remains a cheerlead stating confidently that “Amazon’s AWS cloud business will continue to grow.” Other jungle news includes:
Yahoo Reports about Amazon Disappointing Outlook
Yahoo. I thought that was Oath. The purple financial service reported that Amazon’s outlook [is] disappointing. The story asserted:
AWS’s revenue continued to grow at a breakneck pace. Its revenue growth isn’t accelerating anymore, as it was for several quarters through to Q2 2018, but it’s also not decelerating, as it did last quarter. In constant currency, the cloud computing service’s revenue has increased year over year as follows: 46% in Q4 2018, 46% in Q3 2018, 49% in Q2 2018, 48% in Q1 2018, 44% in Q4 2017, and 42% in Q3 2017.
Rekognition Denied Respekt
Gizmodo reports that it knows of only one law enforcement client for Amazon’s Rekognition facial recognition policeware. The issue is the accuracy of FAR as these systems have been described by some observers. According to “Defense of Amazon’s Face Recognition Tool Undermined by Its Only Known Police Client”:
the only law enforcement agency Amazon has acknowledged as a client says it also does not use Rekognition in the way Amazon claims it recommends, Gizmodo has learned. In doing so, the law enforcement agency undermines the very argument Amazon uses to discredit critical research about Rekognition.
How accurate are FAR systems? The Gizmodo article reports:
…researchers from the MIT Media Lab published a study indicating that Rekognition’s facial analysis function showed it struggled to correctly identify women of color. Once again, Amazon suggested the results stemmed not from bias in the software itself, but from incorrect threshold settings….
Amazon is likely to face more scrutiny for its FAR than other, lower profile firms. This is likely to be a contentious issue for Amazon as it ramps up its sales efforts to the LE and intel community. Competitors may find it an attractive issue to discuss in their sales presentations.
Amazon and Banking
Bank Innovation reports that Amazon may move Alexa into voice and cloud based banking. You can read the analysis at this link. The story points out that
E-commerce giant Amazon mentioned its cloud computing platform Amazon Web Services, or AWS, 58 times, its virtual assistant Alexa 25 times, and retail just once in its earnings release for the fourth quarter of 2018.
Is there a connection among Amazon’s law enforcement services and the financial sector? The write up does not explore that angle.
MongoDB: An Analyst’s View
“Amazon’s Move Against MongoDB Does Not Worry Me” explains:
Amazon is effectively pitching customers on using AWS to get the best of MongoDB when there’s already a more functional version of the database available on not only AWS but also on Google Cloud and Microsoft‘s (NASDAQ: MSFT) Azure. It’s called Atlas, and last quarter this cloud version of MongoDB accounted for 22% of MongoDB’s revenue. Total cloud revenue from Atlas soared 300% year over year in the third quarter. The following chart shows what Amazon is after with DocumentDB — replacing or enhancing the majority of Mongo deployments hosted on-site or co-located in a data center.
No problem. Amazon is using an older version of MongoDB. No worries, says the expert.
Amazon and Facebook
First, Apple showed Facebook that it is not able to control its destiny. Killing the Facebook calendar and other in house functions was a bit of a wake up call for the move fast, break things outfit.
Now Facebook perceives Amazon as a threat as well. According to “Facebook Thinks Amazon’s Ad Business Has Officially Become a Threat,” Facebook is nervous. Facebook mentions Amazon in its annual report.
One interesting Amazon data point, if it is accurate, is:
Amazon’s share of the online digital ad market is expected to grow to 2.8% in 2019, up from 2.1% last year, according to eMarketer.
There may be some headroom for Amazon to expand.
Amazon Plays Rugby AI
Who knew Amazon was athletically able to imitate IBM’s marketing of AI in sports?
According to Investor Ideas, Amazon Web services has been chosen for the Guinness Six Nations Rugby Championship. If you are into the use of smart software and brutal sports, you can find more information at this link.
Stephen E Arnold, January 4, 2019
Whoa, Facebook
February 3, 2019
We know that Facebook has been facing criticism for playing fast and loose with user privacy. Now Fortune examines the issue in its piece, “Forcing Facebook to Behave: Why Consent Decrees Are Not Enough.” Writer Jeff John Roberts observes that the FTC may levy a significant fine on the company for violating a consent decree. (Facebook, of course, asserts it did no such thing.) This is a step in the right direction, perhaps, but will it do any good? We’re told:
“Facebook executives appear to have calculated long ago that a fine, even one for $1 billion, was the price of rapid growth and one that it could well afford. The calculation has paid off: Not only has Facebook turned user data into an advertising gold mine, it has also used it to squelch competitors and maintain a monopoly. Why should it have acted any differently? or companies to take privacy seriously, the U.S. requires a different legal regime. Right now, regulators must rely on the consent decree system, which gives companies a pass on their first major privacy violation, and then lets them quibble about subsequent violations. Vladeck points out consent decrees are a relatively new policy tool to oversee privacy, and the FTC is still navigating how to use them. This may be the case but the law that underlies them—known as Section 5, which forbids ‘unfair or deceptive acts’— still feels like a clumsy tool to police data regulation.”
On the other hand, Roberts notes, other countries deal more directly with the issue—with very specific privacy laws and significant consequences for those that break them. There is hope for common sense at home, too: a national privacy law has been proposed by an alliance of retail, finance, and tech companies. We shall see what becomes of it.
Cynthia Murrell, February 3, 2019
A Google Moonshot: Shoes
February 2, 2019
I read “Alphabet’s Verily Has Been Working on Health-tracking Shoes to Measure Movement, Weight and Falls.” The news that Apple cut off Google from the app store is trivial next to this announcement. The problems with France and other EU government authorities are inconsequential.
Google is innovating in — wait for it — shoes.
I learned:
Alphabet’s life sciences arm, Verily, has been looking for partners to co-develop shoes with sensors embedded to monitor the wearer’s movement and weight, as well as to measure falls, CNBC has learned.
Potential partners include the designers who created Rosa Klebb’s knife shoes for “From Russia with Love,” innovators who have implemented tootsie wear described by Richard Freiherr von Krafft–Ebing, and the manufacturer of shoes tailored to those skilled in the art of the shuffle dance.
The write up explained:
If Verily progresses with the project, the shoes could have a wide range of health-related uses. For instance, sudden weight gain can be a sign that the body is retaining fluid, which is a symptom of congestive heart failure. Another area of interest is fall detection, two of the people said, which could be useful for seniors in particular.
Product enhancements range from providing dagger shoes to those engaged in military operations, unusual shoes able to make digital recordings of interesting people have interactions, and YouTube shuffle dancers who put their health in peril performing moon walk moves.
With miniaturization, Google could encapsulate a variant of the Loon balloon, deploying the mechanism when signal boosting is required.
Now word on how the new initiative relates to solving death, another of Google-targeted problems.
Stephen E Arnold, February 2, 2019
Bloomberg Continues to Needle Palantir Technologies
February 1, 2019
Buzzfeed once was a good source of anti-Palantir Technologies’ information. But change is constant. Now Bloomberg finds news in the company that tries to keep a low profile.
Palantir Technologies, as you may know, is a firm which is a search and retrieval system on steroids. One can use the system to find an entity amidst the process content. If search doesn’t work, the firm has bundled a range of software modules to identify those elusive facts an investigator, a financial analyst, or a drug researcher seeks.
Bloomberg’s “Palantir Slashes Its Own Stock Price to Boost Morale” reports that employees are a bit unhappy. The company is 15 years old, and not really a start up. The firm’s technology is a bit long in the tooth as well. Big systems are difficult to reengineer to keep up with the waves of newcomers. For example, I am not sure a comprehensive list of Palantir-like start ups in Israel exists. I have lists, but these are far from complete. Ever hear of Narrative Science?
The write up points out that Palantir’s high valuation has begun to slump, like the eyesight of a teen who has played video games for a decade every night for five hours in his or her bedroom.
The main point of the write up strikes at the soul of the Silicon Valley capitalist: “The stock adjustment raises an important question: What is Palantir worth?”
The answer is that search centric companies, regardless of how they are packaged, lack the ability to generate cash in the manner of Facebook, Google, or, praise the Austrian economists, Amazon.
This Bloomberg statement casts a shadow over Palantir and its management team:
Because Palantir typically offers lower salaries than many nearby tech companies, equity is a big part of the sell. But the stock options were overpriced, according to Palantir shareholders and prospective investors. All seven mutual funds that own Palantir shares have slashed the value of their holdings since their 2015 high of $11.38. SP Investments Management values Palantir at $7.87 a share as of September, the most recent data available. Morgan Stanley’s mutual funds have decreased prices seven times in three years, to $2.49.
Employee unrest, poaching of staff, and financial fancy dancing are routine in Silicon Valley. Why target Palantir? That’s a question which I find more interesting than why the company is trying to keep employees happy?
The answer, “Real news.”
Stephen E Arnold, February 1, 2019
Hate Speech Detection
February 1, 2019
Hate speech runs rampant on the Internet, especially on social media and Web sites. Trying to contain hate speech is like trying to drain the ocean with a garden hose. Several tech companies are trying to reign in the hate speech, but their attempts stink. Digital Trends focuses on how hate speech AI technology is in the pits in the article, “Current Tech For Detecting Hate Speech Is Woefully Inadequate, Researchers Find.”
The problem is not the tech companies, but their technology. Researchers from the Aalto University in Finland analyzed hate detection tools. They discovered that none of the tools could agree on what qualifies as hate speech and that they are stupid. The hate detection tools were easily fooled with typos and letter substitution. Humans are still needed to interpret the true meaning of words and their context. For example:
“The researchers next demonstrated how all seven systems could be easily fooled by simple automatic text transformation attacks — such as making small changes to words, introducing or removing spaces, or adding unrelated words. For example, adding the word “love” into an otherwise hate-filled message confuses detection systems. These tricks were capable of fooling both straightforward keyword filters and more complex A.I. systems, based on deep-learning neural network architectures.”
Computers still cannot compete with humans when it comes to understanding and interpreting human emotions. Hate speech detection will improve as more developers research and experiment with the AI.
Whitney Grace, February 1, 2019
Facebook: Quite a Slippery Fish
February 1, 2019
Apple nuked Facebook. Finally, a company took action, which seems to have been overdue because of the endless, “Gee, we’re sorry” statements.
I noted an article in TNW called “A Handy List of Ways Facebook Has Tried to Sneakily Gather Data about You.” Most people know about young kids who spend money via their parents’ credit card and carrying the moniker “whales.” But there is a useful list to remind me why our Tess the Dog Facebook page receives so many friend requests. Tess died in 2016, but people still want her to be their pal.
Perhaps someone in a US regulatory agency will print out a copy of the TNW article and, maybe, think about its information.
Stephen E Arnold, February 1, 2019
-
- Subscribe to Beyond Search
Feature archive
News archive
-
