DarkCyber for April 30, 2019, Now Available
April 30, 2019
DarkCyber for April 30, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/332933089 .
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: The British government’s online harms report; work methods of hackers; Qintar, a Sharia compliant crypto currency; a new Dark Web index; and a close look at Haystax Constellation cyber software.
This week’s feature examines Haystax Technologies’ Constellation system. The platform can perform a range of cyber functions, including analyzing and protecting facilities and events like the US Super Bowl. The system can also identify and monitor employees which are likely to present a high probability of risk to their employers. The insider threat capability reduces risk and helps reduce the loss of sensitive data. Constellation uses a range of patented systems and methods. The company relies, in part, on the mathematics of Sir Thomas Bayes. Like Autonomy plc, Haystax processes existing data and then integrates real time information in order to generate its predictive outputs.
Other stories in the April 30, 2019, DarkCyber video include brief “cybershots” about:
- The British government released a report about the activities of social media firms. The document is a harsh critique of the management and business tactics of a number of high profile firms. The facts uncovered by the government analysts, the examples presented, and the recommendations set forth in the document are likely to have considerable weight. Britain is contemplating new regulations to control the behaviors of US social media firms.
- DarkCyber provides basic information about how hackers (white hat and black hat varieties) perform their work. Not surprisingly, trial and error play a sign cant part. However, there are specific methods, and these have been disclosed by the WikiLeaks-type site edited by a persona which appears to be a former CIA agent. A way to download the report and access the site are included in the video.
- A new Dark Web indexing service called Darkmention. The viewer learns where a detailed technical description of the system can be obtained. Although there are numerous Dark Web indexing systems, the Darkmention approach is to process more than 350 different content platforms, not just Tor accessible sites.
- DarkCyber explains that a new Sharia compliant crypto currency is now available. Qintar is based on the Islamic blockchain technology. The crypto tokens may be purchased from the Qintar bank based in Geneva, Switzerland.
The video is available at www.arnoldit.com/wordpress.
Kenny Toth, April 30, 2019
The Google: Just One Example of a Misfire
April 30, 2019
Forget the financial reports for the online ad giant. Sure, the negative reaction may be indicative of Red Bull-fueled MBAs, but the GOOG isn’t going anywhere different or fast. There are signs of trouble in Sillycon Valley in general and at Google in particular. You don’t need me to remind you that the moon shots are still on the launch pads. The management methods are not humming smoothly. The warm and fuzzy love seems to be dissipating, replaced with talk of regulations, fines, and maybe, just maybe jail time for certain behaviors.
I want to highlight one example of the internal processes at the GOOG which may be beep beep beeps of a sensor designed to send a warning to some 23 year old manager. Navigate to “Google Teases a Cheaper Pixel Phone Launch and Confirms Pricey Pixels Still Don’t Sell Very Well.” Here’s the passage I found thought provoking:
We have Google confirming that it’s been having a tough time selling expensive Pixel 3 handsets in the past quarter.
The faithful, it seems, aren’t particularly faithful. The behavior mimics the actions of a certain senior Googler and a marketing professional. The result was difficult for the marketing professional. Now the casual approach of the high school science club is producing mobile phones which deliver unappetizing consequences.
I noted this statement:
Thanks to Google’s just-released earnings report for the first quarter of the year, we now know that Pixel sales during the March 2019 quarter were even weaker than the same period last year.
Then this:
Google CEO Sundar Pichai was “hammered” during a different part of the call about the company’s poor Pixel performance.
That’s enough. You get the idea.
I want to point out that the Google is misfiring. Just try to look at older email on the Gmail system. Nifty interface, eh. What about the YouTube function that does not allow a new video to be uploaded because it is already on the system. That’s a clever trick because the video is not yet on the system. And possible ad fraud? Maybe 30 percent of clicks come from bots? And those employees alleging that the company has taken steps to punish them for speaking out about certain company policies?
The numbers add to the woes of the phone unit, the staff management challenge, and the regulatory hammer being lifted over the head of the Googlers.
Yep, the phones are not selling as hoped and, of course, the Android OS is not fragmented.
Stephen E Arnold, April 30, 2019
So Much Protection, So Little Security
April 30, 2019
I receive emails from cyber security firms. The messages flow from Carbon Black, Recorded Future, DarkOwl, FireEye, IntSights, and others. an outfit named BrightTalk besieges me with announcements about cyber security webinars. The flood of information explains that cyber security tools are available, work, and are easy to use. I am not sure I have much confidence in these assurances.
In the midst of this wealth of security options, I find that article like “Unknown US Security Breach Exposes Data of 80 Million Households” suggest a problem exists. The write up states:
The breach was discovered by ‘hacktivists’ Noam Rotem and Ran Locar and highlighted by specialists at vpnMentor. They claim it is part of a 24GB trove of information that had been stored on an unprotected Microsoft Azure cloud server.
My thought for the day:
Marketing may exceed capabilities…at least for administrators of the Microsoft Azure cloud service.
And here’s a question:
Maybe security is a flight of fancy?
Stephen E Arnold, April 30, 2019
Amazonia for April 29, 2019
April 29, 2019
Amazon has shifted gears. According to a publication with which I am not familiar, a law student has evidence that Amazon has violated anti-trust laws. You can get the student’s views in “Is Amazon Violating US Antitrust Laws?” and if you prefer an analysis from someone other than a student, navigate to Amazon Has Gone from Neutral Platform to Cutthroat Competitor, Say Open Source Developers.”
And in other Amazon bulldozer new, DarkCyber cataloged these items:
Amazon’s Big Quarter
Lots of big numbers for Q1 2019. Example: 12 week revenue of about $8 billion. Example: AWS revenue growth of about 40 percent. Here’s one factoid to which one may want to pay attention:
AWS is Amazon’s fastest growing division and produces the largest margins. This segment has been growing at an annual rate ranging from 43% to 55% for the last 3 years and grew 41% in Q1 YoY. AWS offers the business 39% operating margin compared to the 4.2% margin that the rest of Amazon’s operations are providing. This segment already makes up about 50% of AMZN’s income and will likely continue to grow.
The downside? Growth may be slowing, hence Amazon’s new initiatives. The Register’s comment that Amazon was a cloud business with a gift shop may be correct.
Source: Yahoo
Digital Freight Brokerage
Amazon is a logistics company. Using its internal system, Amazon is positioned to reduce the time for deliveries on some items. How does same day delivery sound to those too busy or uninterested in going to a retail store? Sounds good to DarkCyber.
“Amazon’s Digital Freight Brokerage Platform Goes Live” brings logistics goodness to anyone looking for efficiency. What may be more important than Amazon’s technical acumen is its ability to engage in friendly competition. In this context, “friendly competition” means prices that are about 30 percent lower than what incumbents charge for similar freight forward brokering.
The write up reports:
The entry of Amazon into freight brokerage is the ‘disintermediate to survive’ phase of the flywheel. AMZN is under pressure to re-accelerate its top line revenue, which has slowed from upward of 30 percent annually three years ago to less than 15 percent projected for this year. Amazon cannot allow trucking capacity to constrain its growth and is entering freight brokerage to lock that capacity up.
Remember those statements by some industry observers who suggested that Amazon benefited outfits like FedEx and UPS (love the color its trucks).
Want to ship something at a peak time of year? Amazon is ready to serve as it pressures the companies against which it is competing — in a friendly way. DarkCyber believes that unlike vendors of policeware, the freight forwarding and brokering sector may be reading what the electronic bookstore has written in its AWS terms and conditions.
Amazon: Responding to the Sound of Music
The bulldozer’s music story this week, in DarkCyber’s opinion, was the information about Amazon’s possible music streaming play. (Amazon has been doing the music thing for years, of course.) “Amazon could Launch Hi-Def Music Streaming by End of 2019” reported:
Amazon’s music streaming service has been around for a while now, but more recently the company seems to be stepping up their efforts to try and grab a larger slice of the pie. For example, it was just last week that Amazon announced a free ad-supported listening tier that would allow non-Prime members to enjoy their streaming services.
Higher quality files may be less important than free or low cost music. Maybe Amazon will add high fidelity podcasts to the mix. What’s the podcast count? A half million or so, including our generally ignored DarkCyber weekly video.
A useful factoid may be that CNBC reported that Amazon will spend $7 billion on music content in 2019.
Open Source Inside a Closed Amazon: The Rent-a-Car Approach
Chatter about Amazon’s tactical plan to attack open source developers seems to be working. The approach is controversial. Medium published the essay “Amazon Has Gone From Neutral Platform to Cutthroat Competitor, Say Open Source Developers.” The main idea seems to be encapsulated in this statement by a commentator on open source software:
called Amazon’s move a “hostile takeover” of Elastic’s business. Steven O’Grady, co-founder of the software industry analyst firm RedMonk, cited it as an example of the “existential threat” that open source companies like Elastic believe a handful of cloud computing giants could pose. Shay Banon, founder and CEO of Elastic, carefully defended Elastic’s new licensing practices, while at the same time making his unhappiness with Amazon crystal clear.
Now what did my grandfather used to say about the barn burned down and the horses ran off? Yes, I recall his statement: “Yep, a bulldozer company is building a factory on that spot.”
What do you think Confluent, Datastax, Neo4j, MongoDB, and InfluxData think about Amazon’s tactical play? DarkCyber sees believes that renting access to another’s work is logical— for Amazon. The open source coder? DarkCyber has no fixed viewpoint.
Enter the Lawyers Arrive
Engadget has reported that “Amazon Tries Bringing in Lawyers for Sellers Claiming Patent Infringement.” The angle is that Amazon has had a problem with knock offs. Without plowing through the legal ramifications of selling a look alike as the real deal, Amazon is trying to gin up “a cheaper, faster alternative to traditional patent lawsuits, which can cost hundreds of thousands of dollars and take years to settle.”
Alexa, Who Fired Me?
The Verge reported that Amazon warehouse workers can be terminated for productivity lapses. Who does the firing of the inefficient humanoid? Smart software. The news service reported:
The documents also show a deeply automated tracking and termination process. “Amazon’s system tracks the rates of each individual associate’s productivity,” according to the letter, “and automatically generates any warnings or terminations regarding quality or productivity without input from supervisors.” (Amazon says supervisors are able to override the process.)
Amazon gets a word in. The Verge reports Amazon said:
Amazon consistently terminates fulfillment center associates for failing to repeatedly meet the standardized productivity rates,” the company’s attorney wrote in the letter. Amazon terminated the employee, the attorney wrote, “for the same reason it has terminated hundreds of other employees without regard to any alleged protected concerted activity.” The former employee’s charge was ultimately withdrawn.
The Verge story includes images of documents and other details.
Actual Unemployed Real Journalist Opportunity
Amazon may have a job for you. Navigate to this link and check out how Amazon is approaching local news. Why didn’t Tim Andrews (Patch and AOL) think of this? Oh, right. He was a Googler. Quick question: Identify three ways this type of information complements the AWS policeware service. Give up. Sigh.
Amazon’s Jungle Drums
Some items to tuck away in an Amazon notebook:
- Slack’s new deal with Amazon translates to about $250 million through 2023 to AWS. (This may be less than Lyft or Pinterest will pay.) Source: Geekwire
- Ford Motor Company has decided that the Bezos bulldozer’s electronics and software are interesting. Source: Yahoo
- Apple spends $30 million a month for AWS. Apple may be taking steps to trim this monthly bill. Source: CNBC
- AWS has opened a Hong Kong data center region. Alibaba and TenCent may face hear the grinding of the Bezos bulldozer which might be silenced by government regulations. Source: SDXCentral
- AWS ahs announced general availability of concurrency scaling for Redshift, a data warehouse service. Source: Market Watch
- AWS announced general availability of Amazon S3 Deep Glacier Archive, which is the lowest cost storage option available from AWS at this time. Source: Yahoo
Servicers of the Bezos Bulldozer
Vendors with which are generally not familiar are embracing the Amazon AWS environment.
- Corvil becomes an advanced technical partner for AWS. Source: Bakersfield
- Immuta has become an advanced technical partner for AWS. Source: Business Wire
- Instana Automatic Application Monitoring is now available on AWS. Source: Virtual Strategy
- Perspectium provides integration services for AWS. Source: Odessa American
- TigerGraph is available as a pay as you go analytics service on AWS. Source: Globe Newswire
- Vapor IO and Crown Castle have developed to connect these firms services to AWS. Source: LightReading
Stephen E Arnold, April 29, 2019
Yahoo News: So Why Was This Facebook Story Ignored?
April 29, 2019
Short honk: I read in Yahoo Finance this story: “Facebook’s Chris Cox Was More Than Just the World’s Most Powerful Chief Product Officer.” Here’s the statement which caught my attention:
Despite Cox’s crucial importance to this crucially important company—he has been the most important chief product officer in the world—Cox is relatively little known outside the company. And while widely hailed for his personability, he’s also “difficult to deeply get to know,” according to one long-time friend. In this article we offer the most in-depth profile to date of a gifted and still very young man, who has played a seminal role in molding a now feared and polemicized behemoth.
Okay, here’s a pat on the back. Now the question this story and the comment above sparked in my mind:
What took so long for real news people to focus on this influential person?
Yahoooo. And what is “personability,” a Yahoo-ism?
Stephen E Arnold, April 29, 2019
Google: History? Backfiles Do Not Sell Ads
April 29, 2019
We spotted a very interesting article in Tablix: “Google Index Coverage”. We weren’t looking for the article, but it turned up in a list of search results and one of the DarkCyber researchers called it to my attention.
Background: Years ago we did a bit of work for a company engaged in data analysis related to the health and medical sectors. We had to track down the names of the companies who were hired by the US government to do some outsourced fraud investigation. We were able to locate the government statements of work and even some of the documents related to investigations. We noticed a couple of years ago that our bookmarks to some government documents did not resolve. With USA.gov dependent on Bing, we checked that index. We tried US government Web sites related to the agencies involved. Nope. The information had disappeared, but in one case we did locate documents on a US government agency’s Web site. The data were “there” but the data were not in Bing, Exalead, Google, or Yandex. We also checked the recyclers of search results: Startpage, the DuckDuck thing, and MillionShort.
We had other information about content disappearing from sites like the Wayback Machine too. From our work for assorted search companies and our own work years ago on ThePoint.com, which we sold to Lycos, we had considerable insight into the realities of paying for indexing that did not generate traffic or revenue. The conclusion we had reached and we assumed that other vendors would reach was:
Online search is not a “free public library.”
A library is/was/should be an archiving entity; that is, someone has to keep track and store physical copies of books and magazines.
Online services are not libraries. Online services sell ads as we did to Zima who wanted their drink in front of our users. This means one thing:
Web indexes dump costs.
The Tablix article makes clear that some data are expendable. Delete them.
Our view is:
Get used to it.
There are some knock on effects from the simple logic of reducing costs and increasing the efficiency of the free Web search systems. I have written about many of these, and you can search the 12,000 posts on this blog or pay to search commercial indexes for information in my more than 100 published articles related to search. You may even have a copy of one of my more than a dozen monographs; for example, the original Enterprise Search Reports or The Google Legacy.
- Content is disappearing from indexes on commercial and government Web sites. Examples range from the Tablix experience to the loss of the MIC contracts which detail exclusives for outfits like Xerox.
- Once the content is not findable, it may cease to exist for those dependent on free search and retrieval services. Sorry, Library of Congress, you don’t have the content, nor does the National Archives. The situation is worse in countries in Asia and Eastern Europe.
- Individuals — particularly the annoying millennials who want me to provide information for free — do not have the tools at hand to locate high value information. There are services which provide some useful mechanisms, but these are often affordable only by certain commercial enterprises, some academic research organizations, and law enforcement and intelligence agencies. This means that most people are clueless about the “accuracy”, “completeness,” and “provenance” of certain information.
Net net: If data generate revenue, it may be available online and findable. If the data do not, hasta la vista. The situation is one that gives me and my research team considerable discomfort.
Imagine how smart software trained on available data will behave? Probably in a pretty stupid way? Information is not what people believe it to be. Now we have a generation or two of people who think research is looking something up on a mobile device. Quite a combo: Ill informed humans and software trained on incomplete data.
Yeah, that’s just great.
Stephen E Arnold, April 28, 2019
An Artist Captures the Zuck and the Amazon Bulldozer Driver in Revealing Sculptures
April 28, 2019
I don’t pay much attention to art. I did read “See Mark Zuckerberg, Elon Musk, and Jeff Bezos As Classical Sculptures.” The creations are the work of 3D printing and Sebastian Errazuriz, who works in New York. He’s a graduate of the Pontifical Catholic University of Chile, and he grew up in London.
The angle is to take classical sculpture as a guide, drop out the Roman emperor or Greek hero, and insert a representation of Mark Zuckerberg, Jeff Bezos, and other digital luminaries. Elon Musk represents the ideal of truth and single minded focus Silicon Valley style: Cars and rockets, anyone?
This, I believe, is one of the Silicon Valley luminaries leading his smart professionals in a campaign to conquer lesser folk:
Here’s the passage from the write up I noted:
The works should be funny. And they are, through a certain lens. They look straight out of a plot from Silicon Valley, as if they were commissioned to stand in the front hall of Amazon or Google. But they also make an eerie commentary on how, in an unchecked regulatory environment, the United States’s tech barons have become modern day emperors. They have so much power over what we see and do that they almost feel born of another time, and another place, where we believed some people really were anointed by the gods to stand above us all, and so we just listened.
My thought is that the statue of the conqueror of privacy and the master of the online bookstore might want these creations for their gardens or maybe in their offices entry halls. Togas are optional. The sculptures do not seem to be monumental, but they are quite clever, and I believe that the artist could make these statues into David-sized crystallizations that match the subjects’ bank accounts.
Stephen E Arnold, April 27, 2019
Alphabet Spells Management Challenge
April 27, 2019
The Bloomberg outfit published allegedly accurate information about Google’s interesting approach to management. “Google Staffers Share Stories of ‘Systemic’ Retaliation” reports that there is a disagreement about how to run the online advertising railroad.
Was management responsible for this train wreck? Perhaps the employees were at fault. Were the staff on the train punished?
Whoo, whoo, whoo. That’s the laboring engine sound one can hear in train stations in places like Patna Station or Bayshore when one stands near the tracks.
The sounds from the Google, according to Bloomberg:
On Monday [April 22, 2019], two of those organizers, Meredith Whittaker and Claire Stapleton, wrote an email saying Google had punished them because of their activism. The two asked staffers to join them on Friday to discuss the company’s alleged actions, and during the meeting they shared more than a dozen other stories of internal retribution that they had collected over the past week. Like many meetings at Google, participants could watch via a video live-stream and submit questions and comments.
Chug, chug, chug. The Guardian newspaper sounds its whistle too.
The little engine that could continues to pull the freight for Alphabet Google senior managers. Bloomberg pointed out:
Google management publicly endorsed the employee walkout in the fall, giving the blessing for staff to vent frustration. But as dissent continued to rise inside Google, the company’s lawyers urged the U.S. government to give companies more leeway to reign in rebellious employees from organizing over workplace email. Google made that filing in a case pending before the National Labor Relations Board involving alleged retaliatory discipline against an employee. Another complaint involving alleged retaliation against staff was filed with the agency this week.
I think I hear the Alphabet Google Express announcement: “Unhappy passengers may debark at the next stop. Termination Junction. Next stop, Termination Junction.”
On one hand, a person who takes money to get a job, benefits, access to Foosball tables, and a Google mouse pad has an obligation to perform work. The idea is that the employer employs, and the employee does what he or she is told to do.
On the other hand, a person who does not like the work should do what? Quit? Protest? Talk with reporters from Bloomberg? Look for another job? Undermine software that sort of works?
What’s interesting to me is that the Alphabet Google train itself may come off the rails due to management missteps. I term the approach of some Silicon Valley high technology companies as the HSSCMM or High School Science Club Management Method. Sometimes its works and sometimes it appears to not work as the club members expect. What’s up with that?
Train wrecks just happen. Often with little warning. But in this case it looks to me as if one or two cracks in the drive train have appeared.
Stephen E Arnold, April 27, 2019
New Department of Defense Web Site
April 26, 2019
DarkCyber noted a number of articles about the new Department of Defense Web site. The Executive Gov Web site ran a short item. If you view the article, you will notice one omission: The url for the site. Here it is: https://www.cto.mil/ .
If you poke around on the Web site, you will find that it provides some information which was either difficult to locate, not indexed on USA.gov, or simply unavailable. Be alert, however. Some of the headings can disappoint. A click on “Marketplace” explains an event which will be on either April 25th or April 26th. The Marketplace features some tweets which may be of interest to some site visitors. The news section contains news about the new Web site and six events which took place earlier this year. A click on the AFA event reveals that the next one will be held in 2020, but there is no information about how to learn about the upcoming event.
US government Web sites often start strong and then fade. With a continuous flow of content, this could become a useful source of information.
Stephen E Arnold, April 26, 2019
VPNs: You Have to Love These Outfits
April 26, 2019
What does a virtual private network do to protect one’s privacy? Who are the friends of a particular VPN? Who owns the VPN? Is that individual or group of owners friends with some interesting people? Why charge a person and not provide the advertised service? (This happened to the Beyond Search goose when we were researching “Dark Web Notebook.)
These questions are difficult to answer.
One slice of light appears in the article “There’s NordVPN Odd about This, Right? Infosec types Concerned over Strange App Traffic.” I am not thrilled with the headline, but some of the information in the article — assuming that the accuracy is on the money — is thought provoking.
I noted this statement attributed to a NordVPN expert:
NordVPN spokeswoman Laura Tyrell first told us: “I would like to assure you that we have not observed any irregular behavior that could in any way support the theory of our applications being compromised by a malicious actor.” She added: “Such domains are used as an important part of our workaround in environments and countries with heavy internet restrictions. To prevent such requests from contacting the domains which aren’t owned by us, we have modified our URI scheme. All URLs are being validated, so the problem as such will never occur. It is also important to note that no sensitive data is being sent or received through these addresses.”
The author may not be a stellar headline writer, but I was able to understand this statement:
This was obviously bunkum and we said so.
If one works through the technical snippets, two things become evident:
- The NordVPN is a busy little beaver in the sending and receiving department. Busy, busy.
- The information security wizards contributing to the article are suspicious.
Net net: Maybe it is time to answer some questions about both the technical plumbing and the owners’ connections with other entities. We can maybe rule out Mr. Putin because NordVPN made the list of VPN services to be blocked in Russia. But there are other interesting friends some VPN providers may have.
Oh, those free VPN services? Yeah, not a good idea.
Stephen E Arnold, April 26, 2019