Steele and Arnold: Cyber Security Hand Waving
December 15, 2020
On December 14, 2020, Robert David Steele, a former CIA professional, and I discussed security hand waving. You can view the short video at this link. My principal contribution was the identification of three types of organizations which have institutionalized security vulnerabilities. These are:
- Colleges and universities hiring instructors and other faculty without probing their backgrounds. No peer reviewed papers and a recommendation from a friend are not enough.
- University exchange programs in which students participate in multi-national research activities. Many of these programs include on campus visits, international travel, and significant information access. No significant vetting of these participants is conducted. Theses programs flourish near some interesting US government facilities; for example, Oak Ridge National Labs in Tennessee.
- Intern programs in the US government, although some state governments have similar set ups. These interns are pressed into duty for Web page maintenance, programming, and fixing broken software. Security checks do take place, but are these sufficiently rigorous when an intern is allegedly updating a Web page at the Railway Retirement Board or similar entity?
Bad actors can easily gain access to useful information. There’s more in the video. I do mention FireEye’s recent security issue, but my interpretation is quite different from the marketing and legal rah rah about the tiny little glitch. Take a peek because I continue to question the efficacy of the in-place security in many organizations. How easy is it to penetrate an organization? I provide three examples of methods which are popular despite the sharp increase in companies selling solutions to lock down unauthorized access.
Stephen E Arnold, December 15, 2020
Google Issues Apology To Timnit Gebru
December 15, 2020
Timnit Gebru is one of the world’s leading experts on AI ethics. She formerly worked at Google, where she assembled one of the most diverse Google Brain research teams. Google decided to fire her after she refused to rescind a paper she wrote concerning about risks deploying large language models. Venture Beat has details in the article: “Timnit Gebru: Google’s ‘Dehumanizing’ Memo Paints Me As An Angry Black Woman” and The Global Herald has an interview with Gebru: “Firing Backlash Led To Google CEO Apology: Timnit Gebru.”
Gebru states that the apology was not meant for her, but for the reactions Google received from the fallout of her firing. Gebru’s entire community of associates and friends stay behind her stance of not rescinding her research. She holds her firing up as an example of corporate censorship of unflattering research as well as sexism and racism.
Google painted Gebru as a stereotypical angry black woman and used her behavior as an excuse for her termination. I believe Gebru’s firing has little to do with racism and sexism. Google’s response has more to do with getting rid of an noncompliant cog in their machine, but in order to oust Gebru they relied on stereotypical means and gaslighting.
Google’s actions are disgusting. Organizations treat all types of women and men like this so they can save face and remove unsavory minions. Gaslighting is a typical way for organizations to downplay their bad actions and make the whistleblower the villain.
Gebru’s unfortunate is typical for many, but she offered this advice:
“What I want these women to know is that it’s not in your head. It’s not your fault. You are amazing, and do not let the gaslighting stop you. I think with gaslighting the hardest thing is there’s repercussions for speaking up, but there’s also shame. Like a lot of times people feel shame because they feel like they brought it upon themselves somehow.”
There are better options out there for Gebru and others in similar situations. Good luck to Gebru and others like her!
Whitney Grace, December 15, 2020
DarkCyber for December 15, 2020, Now Available
December 15, 2020
The DarkCyber video news program for December 15, 2020, is now available at this link. This week’s program includes:
- Fact or fiction: Work around iCloud security for an iPad
- Germany opens backdoor to one encrypted email system
- The Dark Web and Covid is a thing
- Smart weapons and surgical strikes: The future of war
- NSO Group in the spotlight again
- Current information about beam weapons.
You may also view the program via the embedded player on the Beyond Search Web site at this link. Plus, no begging for dollars and no advertising.
Kenny Toth, December 15, 2020
France: Know Your Anonymous Digital Currency Customers
December 14, 2020
I think this is a fine idea. France has many fine ideas. Do not say PC; say micro ordinature. Do not feed that chicken this; feed that chicken this. Do not confuse the right and left side of the Rhone.
“France Declares War on Crypto Anonymity, Cites ‘Terrorism’ in KYC Mandate” explains that the land of more than 200 cheese and a silky method of making friends in England wants crypto currency to be different. You know. Just not anonymous.
The write up states:
All virtual asset service providers must immediately begin checking their customers’ identities, verifying “beneficial owners” and prohibit anonymous crypto accounts, according to the press release from Finance Minister Bruno Le Maire. He called the action a necessary step in France’s fight against terrorism. The press release invoked a terrorist cell that apparently financed itself with crypto until its dismantling in September 2019. “We must drain the euro from all terrorist financing channels,” Le Maire declared in a tweet.
Yes, very French.
I must admit, however, that the French posture regarding crypto currency is one that seems okay with me. My research assistants remind me that more than half of anonymous Bitcoin transactions appear to be related to illegal activities.
The Dark Web would not have functioning markets for contraband without the now ubiquitous anonymous digital currency.
My hunch is that France’s announcement is a harbinger of similar actions from other nation states. The more quickly one of the lubricants of a range of illegal activities is linked to actual and verifiable identities certain types of crime will become closer to the long arm of the law.
Stephen E Arnold, December 14, 2020
Alleged CCP Database: 1.9 Million Entries
December 14, 2020
DarkCyber noted the availability of 1.9 million members of the Chinese Communist Party in 2016. We think we can here “The data are old,” “The data are a scam,” and “That was then, this is now” statements from those listed in the file. The information, which you will have to figure out for yourself, may be on the money or a bit of a spoof. Elaborate spoof, yes. It will help if you can read Chinese or have access to a system which can translate the ideographs into ASCII characters and normalized. Spellings can be variable depending on the translator or the machine translation system one uses. For now, the file is available on Go File at this link.\
Here’s a tiny snippet:
Are there uses of the data? Sure, how about:
- Filtering the list for those individuals in Canada, the UK, and the US and mapping the names against university faculty
- Filtering the list for graduate students in such countries as Australia, Canada, and France. While you are at it, why not do the same for graduate students in the US
- Filtering the list for individuals who are or have been part of a cultural or scientific exchange, particularly within driving or drone distance of a US national research laboratory; e.g., University of New Mexico or the University of Tennessee?
The data appear to be at least four years old and may turn out to be little more than a listing of individuals who purchased a SIM from a Chinese vendor in the last 48 months. On the other hand, some of the information may be a cyber confection. DarkCyber finds the circumstances of the data’s “availability,” its possible accuracy, and its available as open source information interesting.
Stephen E Arnold, December 14, 2020
Verint and Cognyte
December 14, 2020
This is a minor point. Verint has incorporated in Israel an entity named Cognyte. The trademark was filed in August 2020. Cognyte, according to this document, is:
Computer and software consulting services provided to governmental entities and enterprise organizations for use in the fields of cyber security, network intelligence, web and social intelligence, situational intelligence, video security, unifying and analyzing intelligence data, surveillance of computer, telecommunication and digital networks; Computer and software consulting services to help governments, critical infrastructure and enterprise organizations to neutralize and prevent terror, crime and cyber threats; Cybersecurity services in the nature of protecting data and information from unauthorized access, and restricting access to computer systems; Data security consultancy; Design and development of electronic data security systems; Computer security threat analysis for protecting data.
Some may confuse Verint’s Cognyte with this Cognyte:
Cognyte is a marketplace helping researchers connect with academic editors across the globe – especially between Western and non-Western countries. Our aspiration is to broadly elevate scientific communication in the academic community to achieve greater impact in society.
Some lawyers maybe. If an IPO for the Verint Cognyte becomes a reality and a success, the academic Cognyte may want to change its name unless these are the same entities in Melville, NY.
Stephen E Arnold, December 14, 2020
Checking Out Registered Foreign Agents
December 14, 2020
Navigate to https://datasette.io. The Web page explains a service which permits manipulation of structured data. The service seems quite useful. One of the demonstrations makes it possible to explore Datasette functionality by searching for registered foreign agents. This is an interesting demonstration and some of the information returned are quite useful. You can locate the FARA Department of Justice data at this link.
Stephen E Arnold, December 14, 2020
How Will MindGeek Get Paid? Umm, Encrypted and Anonymous Digital Currencies Maybe
December 11, 2020
I have followed the strong MasterCard and Visa response to revelations about MindGeek’s less-than-pristine content offerings. The Gray Lady wrote about MindGeek and then other “real” news sites picked up the story. A good example is “Visa, MasterCard Dump Pornhub Over Abuse Video Claims.” The write ups appear to have sidestepped one question which seems obvious to me:
How will MindGeek collect money?
There are some online ad outfits which have been able to place ads on Dark Web sites and on some other sites offering specialized content, not very different from MindGeek’s glittering content array. Amped up advertising seems one play.
But what about MindGeek’s paying customers?
Perhaps MindGeek, nestled in the Euro-centric confines of Montréal, will come up with the idea to use a digital currency. Invoices can be disseminated in secret messaging systems like those favored by the Russian based Edward Snowden. The payments can flow via encrypted digital currencies. Now many transactions can be tracked by government authorities in a number of countries. Nevertheless, making this type of shift is likely to increase the burden on investigators.
Just as killing off Backpage created additional work for some law enforcement professionals. The MasterCard and Visa termination may have a similar effect. Yes, the backlog can be resolved. But that is likely to add friction to some enforcement activities. A failure by regulatory agencies to get a handle of payments systems (encrypted and unencrypted) is now evident to some.
Stephen E Arnold, December 11, 2020
Technology and Sociology: Excitement Ahead
December 11, 2020
I read “Falling Out of Love with Apple, Part 3.” I also read “Tech Research Becomes Hazardous Ground.” As it turned out, I checked both these articles back to back. No plan, just part of the newsfeed output.
I am fascinated with the shift from technology writing in the late 1980s to today. In the late 1980s, I worked for Ziff Communications, a publisher of computer and software related magazines as well as operating a flotilla of other businesses. The content, as I recall, was product centric, how-tos, and opinion pieces about the speed of processors or the quirks of software. A big picture story about the cost or complexity of managing an enterprise system or network would add spice to the flood of innovations. Today, the focus of technology writing is more varied. One of the techniques in use by “real” journalists is what I call “turkey basting.” The idea is that the “bird” (in this case a technology hook) is daubed or immersed in socio-politico broth.
Crank up the heat and let that recipe loose.
The Apple story focuses on an interesting point. Here’s a passage I noted:
This is a massively slippery slope, and especially worries me as Apple operates in so many countries across the world. If oppressive governments are able to work with Apple to censor anti-government speech, Apple could end up playing a key role in suppressing democracy across the world. I believe Apple should simply refuse to cooperate with oppressive governments – but this is an unlikely scenario, as they have extremely close ties and dependence to China, a current perpetrator of genocide against the Uyghurs.
Here’s a passage from the Google Gebru article:
The bottom line: Cynthia Yeung, an industry veteran who spent five years at Google, put it bluntly: “Maybe the trade-off should be more clearly spelled out so researchers can make informed decisions before they accept a job offer: You get paid academic salaries in exchange for intellectual freedom, and you get paid Silicon Valley salaries in exchange for allowing your name/likeness to be used for brand/PR purposes and your research to be censored arbitrarily.”
What’s happened between the late 1980s and the quite remarkable 2020s is that technology has become more than how to connect a printer to a personal computer or ways to reduce the cost of adding a new user to the corporate network.
More than half a century after the digital shift began, individuals are looking at the world and finding it is a datasphere. Better late than never or a convenient way to criticize what social structures exist. A hippie movement on bits and bytes?
Stephen E Arnold, December 11, 2020
Snowden Speaks on Whistleblowers and the Criminalization of Journalism
December 11, 2020
Edward Snowden, somewhat of an expert on high-profile whistle blowing and its aftermath, recently shared his thoughts on the freedom of the press with journalist Glenn Greenwald. Citing the interview, Newsweek reports, “Edward Snowden Says ‘War on Whistleblowers’ Trend Shows a ‘Criminalization of Journalism.’” The trend described by the former CIA worker spans the political spectrum, beginning under President George W. Bush, expanding during President Obama’s two terms, and continuing (to put it mildly) under the current administration. Reporter Meghan Roos quotes Snowden:
“‘The threats against the press go far beyond physical violence,’ Snowden said, pointing to the spike in attacks on journalists catalogued by the U.S. Press Freedom Tracker. Snowden serves on the board of directors of the Freedom of the Press Foundation, which oversees the tracker. ‘What we see is an increasing tendency to silence journalists who say things that are in the minority,’ he said. ‘You see threats against journalism—particularly female journalists—online, social media, just because people don’t like what’s being reported. They don’t like the facts that are being brought to them,’ Snowden said.”
Greenwald asked whether Snowden is concerned that President Elect Biden, who of course was President Obama’s Vice President, will continue the persecution. He replies that, until there is a real policy shift, the freedom of the press will continue to erode. Snowden continues:
“Trying to silence the publication of facts—which are valuable and important to the public, to the continuation of democracy, but uncomfortable to government—when they understand that that is something that must be accepted, that is what defines a democracy, rather than going, ‘No, we need to shut these people up; we’re going to throw them in a hole, we’re going to ruin their life, whatever. We’re going to de-platform them,’ or whatever the new tactic is, this is going to continue to be a problem, and the freedom of our press is going to continue to decline.”
Newsweek requested comment from Biden’s team, but had not heard back by the article’s deadline. We are also curious to know the President Elect’s position on the issue.
Cynthia Murrell, December 11, 2020