Understanding Social Engineering
September 6, 2019
“Quiet desperation”? Nope, just surfing on psychological predispositions. Social engineering leads to a number of fascinating security lapses. For a useful analysis of how pushing buttons can trigger some interesting responses, navigate to “Do You Love Me? Psychological Characteristics of Romance Scam Victims.” The write up provides some useful insights. We noted this statement from the article:
a susceptibility to persuasion scale has been developed with the intention to predict likelihood of becoming scammed. This scale includes the following items: premeditation, consistency, sensation seeking, self-control, social influence, similarity, risk preferences, attitudes toward advertising, need for cognition, and uniqueness. The current work, therefore, suggests some merit in considering personal dispositions might predict likelihood of becoming scammed.
Cyberpsychology at work.
Stephen E Arnold, September 6, 2019
Palantir Technologies: Fund Raising Signal
September 6, 2019
Palantir Technologies offers products and services which serve analysts and investigators. The company was founded in 2003, and it gained some traction in a number of US government agencies. The last time I checked for Palantir’s total funding, my recollection is that the firm has ingested about $2 billion from a couple dozen funding rounds. If you subscribe to Crunchbase, you can view that service’s funding round up. An outfit known as Growjo reports that Palantir has 2,262 employees. That works out cash intake of $884,173 per employee. Palantir is a secretive outfit, so who knows about funding, the revenue, the profits or losses, and the number of full time equivalents, contractors, etc. But Palantir is one of the highest profile companies in the law enforcement, regulatory, and intelligence sectors.
I read “Palantir to Seek Funding on Private Market, Delay IPO” and noted this statement:
The company has never turned an annual profit.
Bloomberg points out that customization of the system is expensive. Automation is a priority. Sales cycles are lengthy. And some stakeholders and investors are critical of the company.
Understandable. After 16 years and allegedly zero profits, annoyance is likely to surface in the NYAC after an intense game of squash.
But I am not interested in Palantir. The information about Palantir strikes me as germane to the dozens upon dozens of Palantir competitors. Consider these questions:
- Intelligence, like enterprise search, requires software and services that meet the needs of users who have quite particular work processes. Why pay lots of money to customize something that will have to be changed when a surprise event tips over established procedures? Roll your own? Look for the lowest cost solution?
- With so many competitors, how will government agencies be able to invest in a wide range of solutions. Why not seek a single source solution and find ways to escape from the costs of procuring, acquiring, tuning, training, and changing systems? If Palantir was the home run, why haven’t Palantir customers convinced their peers and superiors to back one solution? That hasn’t happened, which makes an interesting statement in itself. Why isn’t Palantir the US government wide solution the way Oracle was a few years ago?
- Are the systems outputting useful, actionable information. Users of these systems who give talks at LE and intel conferences are generally quite positive. But the reality is that cyber problems remain and have not been inhibited by Palantir and similar tools or the raft of cyber intelligence innovations from companies in the UK, Germany, Israel, and China. What’s the problem? Staff turnover, complexity, training cost, reliability of outputs?
Net net: Palantir’s needing money is an interesting signal. Stealth, secrecy, good customer support, and impressive visuals of networks of bad actors — important. But maybe — just maybe — the systems are ultimately not working as advertised. Sustainable revenues, eager investors, and a home run product equivalent to Facebook or Netflix — nowhere to be found. Yellow lights are flashing in DarkCyber’s office for some intelware vendors.
Stephen E Arnold, September 6, 2019
Yale Image Search: Innovation and Practicality
September 5, 2019
Yale University, according to Open Culture, has made available 170,000 photographs which document the Depression. Well, not just the Depression. The review conducted by DarkCyber revealed photos into the 1940s.
What sets this image collection apart is its interface. Unlike the near impossible presentations of other august institutions, Yale has hit upon:
- A map based approach
- A “search by photographer”
- Useful basic photo information.
There’s even a functional, clear search component with old fashioned fields. (Google, why not check it out? Not all good ideas originate near Standford.)
Kudos to Yale. DarkCyber hopes that other online image archives learn from what Yale has rolled out. A little “me too” from Internet Archive, the American Memory project, and assorted museums would be welcomed here in Harrod’s Creek. (One river shore photo looked a great deal like Tibby the Dog’s favorite playground.)
Stephen E Arnold, September 5, 2019
Amazon and Its Dark Edge
September 5, 2019
Later this year, I will make available a free essay about Amazon. Those who want the document will have to provide an email address and some other information. The essay is titled “Dark Edge.”
I am mentioning this because Information Age published “Is the Cloud and AI Becoming Two Sides of the Same Coin?” Despite the wonky subject-verb in the title, I noted a couple of points in the write up which raise issues discussed in “Dark Edge.”
First, the basic idea is that if a company embraces the cloud, smart software comes as part of the deal. That’s a good point, but it does not go far enough. In fact, most of the cloud vendors don’t think beyond generating more revenue than they did the previous quarter and figuring out how to take advantage of the dazed and confused companies trying to “reinvent” themselves. We noted this statement:
perhaps it’s time we realized that the AI and cloud computing industries are not mutually exclusive.
Yes, time. Just past time.
Second, we circled these two statements:
“Cloud adoption is motivating enterprises to undertake more proofs of concept in their firms with AI because it’s easier than ever before to get started,” said David Schatsky, managing director at Deloitte LLP.
According to Schatsky, this path is also becoming more attractive to enterprises as cloud providers continue developing AI offerings to business functions, without big upfront costs.
Easy. Cheap.
Key points.
There are a number of questions which the write up sidesteps; for example:
- What constitutes a win for a cloud platform? More revenue? Market share? More developers?
- What are the downsides for a digital environment which reflects the “winner take all” trajectory of outfits like Facebook, Google, Netflix, etc.?
- How quickly will one the integration of the cloud and smart software become the norm for computing, apps, and enterprise solutions?
Dark Edge will address these. Watch for the essay later this year, which assumes I will have some time to assemble our research when I am tromp around a Neanderthal disco.
Stephen E Arnold, September 5, 2019
Brave Is Brave: Google Allegations
September 5, 2019
I read “Brave Uncovers Google’s GDPR Workaround.” The main point of the write up seems to be that Googlers have allegedly engineered a way to work around the GDPR privacy protections. The write up asserts:
New evidence gathered by Brave gives the Irish DPC concrete proof that Google’s ad system did broadcast personal data about Dr Ryan, which infringed the GDPR. In addition, Brave has uncovered what appears to be a GDPR workaround that circumvents Google’s own publicly stated GDPR data safeguards.
“Dr. Ryan” is Brave’s chief policy and industry relations officer. This individual allegedly stated:
“The evidence we have submitted to the Irish Data Protection Commission proves that Google leaked my protected data to an unknown number of companies. One cannot know what these companies then did with it, because Google loses control over my data once it was sent. Its policies are no protection.”
What did Google allegedly do?
First, Google allegedly used DoubleClick components. (Note: DoubleClick patents are quite interesting. You can get started on the path to grasping the nature of the systems and methods Google acquired in 2007 for about $3 billion at this link.)
We learned:
Google allowed not only one additional party, but many, to match with Google identifiers. The evidence further reveals that Google allowed multiple parties to match their identifiers for the data subject with each other.
We noted:
Google Push Pages are served from a Google domain (https://pagead2.googlesyndication.com) and all have the same name, “cookie_push.html”. Each Push Page is made distinctive by a code of almost two thousand characters, which Google adds at the end to uniquely identify the person that Google is sharing information about. This, combined with other cookies supplied by Google, allows companies to pseudonymously identify the person in circumstances where this would not otherwise be possible. All companies that Google invites to access a Push Page receive the same identifier for the person being profiled. This “google_push” identifier allows them to cross-reference their profiles of the person, and they can then trade profile data with each other.
The write up argues:
Brave’s evidence shows that Google’s Push Page mechanism undermines Google’s purported data protection measures. They are also vulnerable to abuse by other parties. We are aware that companies other than Google have used the Push Page mechanism to establish their own Push Pages to share data with their own business partners. This appears to happen without Google’s knowledge. The loss of control over personal data in Google’s RTB system is again evident, and it is clear that Google’s policies have provided no protection.
Let’s assume Brave’s data are accurate. Furthermore, let’s assume that the Irish Data Protection Commission integrates these data into its deliberations. What’s the outcome?
DarkCyber believes that Google’s credibility would take another hit. Fines are unlikely to apply friction to the alleged behavior. Understanding the nuances of what it means when Google operates in a way that is not easily understood by anyone other than specialists is a type of digital circumvallation. It worked for Caesar, and it seems to be working for Google. Of course, if Brave’s data are inaccurate, then Google is just another simple online outfit selling ads. Simple. Efficient. Business as usual.
Stephen E Arnold, September 5, 2019
Citizen Action within Facebook
September 5, 2019
Pedophiles flock anywhere kids are. Among these places are virtual hangouts, such as Facebook, Instagram, YouTube, Twitter, and more. One thing all criminals can agree on is that they hate pedophiles and in the big house they take justice into their own hands. Outside of prison, Facebook vigilantes take down pedophiles. Quartz reports on how in the article, “There’s A Global Movement Of Facebook Vigilantes Who Hunt Pedophiles.”
The Facebook vigilantes are regular people with families and jobs, who use their spare time to hunt pedophiles grooming children for sexual exploitation. Pedophile hunting became popular in the early 2000s when Chris Hansen hosted the show To Catch a Predator. It is not only popular in the United States, but countries around the world. A big part of the pedophile vigilantism is the public shaming:
“ “Pedophile hunting” or “creep catching” via Facebook is a contemporary version of a phenomenon as old as time: the humiliating act of public punishment. Criminologists even view it as a new expression of the town-square execution. But it’s also clearly a product of its era, a messy amalgam of influences such as reality TV and tabloid culture, all amplified by the internet.”
One might not think there is a problem with embarrassing pedophiles via live stream, but there are unintended consequences. Some of the “victims” commit suicide, vigilantes’ evident might not hold up in court, and they might not have all the facts and context:
“They have little regard for due process or expectations of privacy. The stings, live-streamed to an engaged audience, become a spectacle, a form of entertainment—a twisted consequence of Facebook’s mission to foster online communities.”
Facebook’s community driven algorithms make it easy to follow, support, and join these vigilante groups. The hunters intentions are often cathartic and keen on doling out street justice, but may operate outside the law.
Whitney Grace, September 5, 2019
Can a Well Worn Compass Help Enterprise Search Thrive?
September 4, 2019
In the early 1990s, Scotland Yard (which never existed although there is a New Scotland Yard) wanted a way to make sense of the data available to investigators in the law enforcement sector.
A start up in Cambridge, England, landed a contract. To cut a multi year story short, i2 Ltd. created Analyst’s Notebook. The product is now more than a quarter century old, and the Analyst’s Notebook is owned by IBM. In the span of five or six years, specialist vendors reacted to the Analyst’s Notebook functionalities. Even though the early versions were clunky, the software performed some functions that may be familiar to anyone who has tried to locate, analyze, and make sense of data within an organization. I am using “organization” in a broad sense, not just UK law enforcement, regulatory enforcement, and intelligence entities.
What were some of the key functions of Analyst’s Notebook, a product which most people in the search game know little about? Let me highly a handful, and then flash forward to what enterprise search vendors are trying to pull off in an environment which is very different from what the i2 experts tackled 25 years ago. Hint: Focus was the key to Analyst’s Notebook’s success and to the me-too products which are widely available to LE and intel professionals. Enterprise search lacks this singular advantage, and, as a result, is likely to flounder as it has for decades.
The Analyst’s Notebook delivered:
- Machine assistance to investigators implemented in software which generally followed established UK police procedures. Forget the AI stuff. The investigator or a team of investigators focused on a case provided most of the brain power.
- Software which could identify entities. An entity is a person, place, thing, phone number, credit card, event, or similar indexable item.
- Once identified, the software — influenced by the Cambridge curriculum in physics — could display a relationship “map” or what today looks like a social graph.
- Visual cues allowed investigators to see that a person who received lots of phone calls from another person were connected. To make the relationship explicit, a heavy dark line connected the two phone callers.
- Ability to print out on a big sheet of paper these relationship maps and other items of interest either identified by an investigator or an item surfaced using maths which could identify entities within a cluster or an anomaly and its date and time.
Over the years, other functions were added. Today’s version offers a range of advanced functions that make it easy to share data, collaborate, acquire and add to the investigative teams’ content store (on premises, hybrid, or in the cloud), automate some functions using IBM technology (no, I won’t use the Watson word), and workflow. Imagery is supported. Drill down makes it easy to see “where the data came from.” An auditor can retrace an investigator’s action in order to verify a process. If you want more about i2, just run a Bing, Google, or Yandex query.
Why am I writing about decades old software?
The reason is that is read an item from my files as my team was updating my comments about Amazon’s policeware for the October TechnoSecurity & Digital Forensics Conference. The item I viewed is titled “Thomson Reuters Partners with Squirro to Combine Artificial Intelligence Technology and Data to Unlock Customer Intelligence.” I had written about Squirro in “Will Cognitive Search (Whatever That Is) Change Because of Squirro?”
I took a look at the current Squirro Web site and learned that the company is the leader in “context intelligence.” That seemed similar to what i2 delivered in the 1990s version of Analyst’s Notebook. The software was designed to fit the context of a specific country’s principal police investigators. No marketing functions, no legal information, no engineering product data — just case related information like telephone records, credit card receipts, officer reports, arrest data, etc.
Squirro, founded in 2012 or 2013 (there are conflicting dates online) states that the software delivers
a personalized, real-time contextual stream from the sea of information directly to your workplace. It’s based on Squirro’s digital fingerprint technology connecting personal interests and workflows while learning and refining as user interactions increase.
I also noted this statement:
Squirro combines all the different tools you need to work with unstructured data and enables you to curate a self-learning 360° context radar natural to use in any enterprise system. ‘So What?’ Achieving this reduces searching time by 90%, significantly cutting costs and allows for better, more effective decision-making. The highly skilled Swiss team of search experts has been working together for over 10 years to create a precise context intelligence solution. Squirro: Your Data in Context.
Well, 2013 to the present is six years, seven if I accept the 2012 date.
The company states that it offers “A.I.-driven actionable Insights,” adding:
Squirro is a leading AI-platform – a self-learning system keeping you in the know and recommending what’s next.
I’m okay with marketing lingo. But to my way of thinking, Squirro is edging toward the i2 Analyst’s Notebook type of functionality. The difference is that Squirro wants to serve the enterprise. Yep, enterprise search with wrappers for smart software, reports, etc.
I don’t want to make a big deal of this similarity, but there is one important point to keep in mind. Delivering an enterprise solution to a commercial outfit means that different sectors of the business will have different needs. The different needs manifest themselves in workflows and data particular to their roles in the organization. Furthermore, most commercial employees are not trained like police and intelligence operatives; that is, employees looking for information have diverse backgrounds and different educational experiences. For better or worse, law enforcement intelligence professionals go to some type of training. In the US, the job is handled by numerous entities, but a touchstone is FLETC. Each country has its equivalent. Therefore, there is a shared base of information, a shared context if you will.
Modern companies are a bit like snowflakes. There’s a difference, however, the snowflakes may no longer work together in person. In fact, interactions are intermediated in numerous ways. This is not a negative, but it is somewhat different from how a team of investigators worked on a case in London in the 1990s.
What is the “search” inside the Squirro information retrieval system? The answer is open source search. The features are implemented via software add ons, wrappers, and micro services plus other 2019 methods.
This is neither good nor bad. Using open source reduces some costs. On the other hand, the resulting system will have a number of moving parts. As complexity grows with new features, some unexpected events will occur. These have to be chased down and fixed.
New features and functions can be snapped in. The trajectory of this modern approach is to create a system which offers many marketing hooks and opportunities to make a sale to an organization looking for a solution to the ever present “information problem.”
My hypothesis is that i2 Analyst’s Notebook succeeded an information access, analysis, and reporting system because it focused on solving a rather specific use case. A modern system such as a search and retrieval solution that tries to solve multiple problems is likely to hit a wall.
The digital wall is the same one that pushed Fast Search & Transfer and many other enterprise search systems to the sidelines or the scrap heap.
Net net: Focus, not jargon, may be valuable, not just for Squirro, but for other enterprise search vendors trying to attain sustainable revenues and a way to keep their sources of funding, their customers, their employees, and their stakeholders happy.
Stephen E Arnold, September 4, 2019
Quote to Note: Google HR on Exec-Staff Relationships
September 4, 2019
I read “#MeToo Is Going After Top Black Google Executive Over Alleged Work Affairs And ‘Little Google Baby’.” The write up reviews an interaction between a senior Google executive and a Google professional. DarkCyber has zero knowledge of the alleged incident, although it appears that a “baby” exists. Thus, there is some data suggesting that an interaction did take place. What struck DarkCyber as interesting was this statement from the article:
Stacy Sullivan, then-head of human resources and now chief culture officer, told Blakely that Google discouraged managers from having relationships with subordinates.
Interesting. I found the word “discouraged” quite revealing.
Stephen E Arnold, September 4, 2019
Amazon AWS: Almost Perfect Cloud Failover Engineering
September 4, 2019
DarkCyber noted a tweet from Andy Hunt. The tweet stated:
Amazon AWS had a power failure, their backup generators failed, which killed their EBS servers, which took all of our data with it. Then it took them four days to figure this out and tell us about it.
We also noted this write up: “Strangelove Redux: US Experts Propose Having AI Control Nuclear Weapons.” Assume Amazon continues to make headway in the US government. What happens if an Amazon glitch occurs at a critical time?
Just an idle question.
Stephen E Arnold, September 4, 2019
Factualities for September 4, 2019
September 4, 2019
Editor’s Note: Factualities will not appear on September 11, 18, and 25. International travel and conference commitments will interrupt our presentation of amazing outputs from individuals and organizations afflicted with the incurable disease Spreadsheet Fever.
Summer is nearing its end. Nevertheless, incredible numbers, statistics, and forecasts are thriving.
Our incredible number of the week is:
16. The number of students in a study reported by the BBC. The researchers determined that 25 percent (4 students) conducted an inner dialog when reading. Now the analysis: Either 3 percent of sample’s recorded thoughts involved an inner voice or there was 0.48 of a person talking to himself or herself. A sample of 16! Source: BBC
Other fascinating numbers include these statistical stunners:
53. The percentage of social media log in attempts which are fraudulent. Source: Naked Security
55. The percentage of consumers who use videos for purchase decisions. Source: Search Engine Journal
100. Number of active high tier criminal sites on the Dark Web. Source: Cyberscoop
200. The percentage increase in cyber crime attacks thus far in 2019. Source: ZDNet
210. Number of channels about the Hong Kong protests which have been “removed” by Google/YouTube. Source: MIT Technology Review
250. The number of sciences which account for half of the citations in a scientific online database of research results. Source: Nature (You may have to pay to read the original, presumably from scientists who do not cite themselves.)
400. Number of police agencies which work with Amazon for data from its Ring video door bell system. Source: GeekWire
613. Number of sites researchers found with click jacking scripts. Aren’t there more than 35 billion Web sites? Source: ZDNet
3,500. Number of donated kidneys the US discards each year. Source: CNN
$115,000. Amount of money an outfit called Crown Sterling to get a booth and a slot on the program at Black Hat. Source: The Register
360,000. Number of Huawei tablets which will get a Russian operating system called Aurora (based on Sailfish). Source: OSNews
29 million. Number of cyber attacks
80 million. Number of monthly users of the video game Fortnite. Source: Trofire
$150 million. The amount Google will pay to make the most recent YouTube privacy judgment go away. Source: Bloomberg
$700 million. The total of defense contracts signed by the US DoD on one day. Source: Bulgarian Military
5 billion. The number of DVDs Netflix has shipped to its members. Source: Slashdot
$12 billion. The amount Purdue Pharma has offered to pay to make its opioid problem become a fuzzy, less problematic dream. Source: USA Today
$5 trillion. Estimated business losses due to cyber crime by 2024. Source: IT Wire
Stephen E Arnold, September 4, 2019
-
- Subscribe to Beyond Search
Feature archive
News archive
-
