• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

Insider Threats: Still a Useful Mechanism for Bad Actors

I read “Ransomware Gangs Increase Efforts to Enlist Insiders for Attacks.” I am not down with the notion of “increase efforts.” Identifying individuals who will provide user names, passwords, or facile fingers to slip a malware loaded USB key into a computer connected to an organization’s network has been a go-to method for a long, long time.

The write up states:

The survey was conducted by Hitachi ID, which performed a similar study in November 2021. Compared to the previous survey, there has been a 17% rise in the number of employees offered money to aid in ransomware attacks against their employer. Most specifically, 65% of the survey respondents say that they or their employees were approached between December 7, 2021, and January 4, 2022, to help hackers establish initial access.

The factoid in the magic-with-statistics write up is that a lot of individuals report brushes with the insider ploy. What’s important to remember, an insider can come from several different pools of people:

1. There are disaffected employees who can be identified and then interviewed for a bogus news service or for a consulting job. A skilled contact working with an annoyed employee  can often extract what might be termed a mother lode of useful information, including details about security, access, and other disaffected employees who want to put it to the “man” or “woman” who ruined a perfectly good morning of reading online news.
2. Clueless former employees who respond to a LinkedIn-type job posting or an engaging individual in what sure looks like a chance encounter. Some individuals need or love money, and the engaging individual can buy or solicit security information from the CFE (clueless former employee).
3. Happy current employees who find themselves confronted with a person who has information about a past indiscretion memorialized on Instagram, Meta, or TikTok. Maybe the current happy employee has forgotten text and images sent to an individual with some interesting preferences or behaviors. Blackmail? Well, more like leveraging TikTok-type data to identify and screen potential targets.
4. Contractors — those faceless, often nameless — individuals who have to eat in their cube, not the two-star real employee cafeteria. Contractors can be hired and one can interact with these professionals. It is possible that these individuals can provide the keys to the kingdom so to speak without knowing the treasures unlocked with what seems to be casual conversation.
5. Children of employees can be asked to give mom or dad a USB. The unwitting employee slams the key into the slot unaware that it has been weaponized. Who asks kids? A skilled operative can present herself as a colleague at the front door, explain this was your mom or dad’s memory stick, and ask the young person to hand it over to the parent. (If this method works, bingo. If it fails, another approach can be made. Wearing Covid masks and dressing in normcore gray with a worn ball cap can help too.)

Why am I identifying pools of insiders? Most of the cyber security firms do not have systems which cover these points of insider vulnerability. Do some of the firms purport to have these bases covered?

Of course.

That’s the point. The customer won’t know until it is too late. Predictive analytics and cyber threat intelligence struggle in certain situations. Insiders is one such example.

Stephen E Arnold, January 27, 2022

PR Dominance: NSO Group Vs Peloton

If you have followed the PR contrail behind the NSO Group, you probably know that the Israeli specialized software and services firm has become a household name at least among the policeware and intelware community. A recent example is reported in “Israel’s Attorney General Orders Probe of NSO Spyware Claims.” The write up explains:

Israel’s attorney general says he is launching an investigation into the police’s use of phone surveillance technology following reports that investigators tracked targets without proper authorization

Not good.

But there is a bright cloud on the horizon.

“Second TV Show Emerges With Peloton Twist As A Plot Point” asserts:

Already reeling from its announcement last week that it is halting production of its connected fitness products as demand wanes, Peloton must now face another tv show that seems to indicate its devices may cause issues for a certain segment of the population.

Translating the muffy-wuffy writing, the idea is that a character in a US tv show rides a Peloton, suffers a heart attack, and dies. The alleged panini-zation of small creatures under one model’s walking belt was a definite negative. But not even NSO Group is depicted knocking off the talent in a program. Keep in mind that two shows use the Peloton as an artistic device a twist on the deus ex machina from high school English class required reading of Greek tragedies.

Will Peloton continue its climb to the top of the PR leader board? My hunch is that NSO Group hope that it does.

Stephen E Arnold, January 27, 2022

Smooth Persuasion and Smoothie Excitement

I have seen the allegedly non deep fake video. I have scanned social media comments. And I read the definitive write up “A Top Merrill Lynch Financial Advisor Faces Charges after Hurling a Drink at a Smoothie-Store Employee and Making a Racist Remark, Police Say.” The write up reports:

A top financial advisor at Merrill Lynch was arrested and charged after he threw a drink at a worker at a smoothie store and made a racist remark during an altercation that appeared to arise from his son’s peanut allergy, the police said.

My hunch is that the “top financial advisor” assumed that the Smoothie professional knew his son’s medical history. The Smoothie professional prepared a Smoothie, including a compound known to trigger a response which can produce cardiac arrest or anaphylaxis, among other responses.

From my experience, “top financial advisors” can assume that anyone in their galaxy tunes into the music of the financial spheres. One tuned in, Smoothie orders and compliance with Wall Street type requests know what do do — now.

A failure to interact means that the ineffective employee will receive a harsh review when an annual people resources assessment takes place.

Several observations:

1. The Smoothie professional failed to respond to the “top financial advisor’s” messaging outputs; therefore, that Smoothie professional is unlikely to be hired by a top New York money shop like a Merrill Lynch type of operation
2. The “top financial advisor” appears to have the interpersonal skills suitable for a senior management role at a Silicon Valley-type of organization
3. The verbal mastery of the alleged Smoothie critic uses crisp, no nonsense language; for example, according to the write up cited, “stupid, #$%#! ignorant high school kids” and “#$%#! immigrant loser.” Opportunities to join an online advertising copywriting team or possibly the outbound communications team at an artificial intelligence start up are likely to be plentiful.

To sum up: Another example of what I call the high school science club management method for interpersonal communications. Outstanding example indeed.

Stephen E Arnold, January 27, 2022

2022 Adds More Banished Words To The Lexicon

Every year since 1976 the Lake Superior State University located in Michigan compiles a list of banished words to protect and uphold standards in language. The New Zealand Herald examines the list in the article, “Banished Word List For 2022 Takes Aim At Some Kiwi Favorites.” New Zealanders should be upset, because their favorite phases “No worries” made the list.

Many of the words that made the list were due to overuse. In 2020, COVID related terms were high on the list. For 2021, colloquial phrases were criticized. Banned word nominations came from the US, Australia, Canada, Scotland, England, Belgium, and Norway.

“ ‘Most people speak through informal discourse. Most people shouldn’t misspeak through informal discourse. That’s the distinction nominators far and wide made, and our judges agreed with them,’ the university’s executive director of marketing and communications Peter Szatmary said.

LSSU president Dr Rodney Hanley said every year submitters suggested what words and terms to banish by paying close attention to what humanity utters and writes. ‘Taking a deep dive at the end of the day and then circling back make perfect sense. Wait, what?’ he joked.”

Words that made the list were: supply chain, you’re on mute, new normal, deep dive, circle back, asking for a friend, that being said, at the end of the day, no worries, and wait, what?

Whitney Grace January 27, 2022

Google CEO Named in Copyright Violation Suit: Travel Plans to India This Week, Mr. Pichai?

YouTube, Google, and copyright are a long-term threesome. Reports like “Suneel Darshan Files Complaint, Mumbai Police Books Google CEO Sundar Pichai and Others for Copyright Act Violation” are not likely to be a tweeter meme in the US. However, for the Indian film maker Suneel Darshan, it’s a big deal. Mr. Darshan appears to be unhappy with Google’s smart YouTube copyright violation system powered by Google’s deep diving, snorkel equipped machine learning systems for artificial intelligence.

Mr. Darshan — either for public relations or a desire to amp up his viewpoint — has filed what’s called in India a FIR or First Information Report. Named in the alleged copyright violation is Sundar Pichai and a handful of other Googlers.

So what? Several thoughts from my hollow in rural Kentucky:

1. Lawyers will descend on the government offices and the zippy Indian legal system will move forward. In time, something will happen. In the meantime, it’s business as usual for the Google.
2. Mr. Darshan captures the attention of television news hawks and tweeters and generates more interest in the allegedly pirate film “Ek Haseena Thi Ek Deewana Tha”.
3. Indian authorities put Mr. Pichai and the other Googlers named in the copyright violation matter on a watch list.

Business trips to India could create some unexpected customs and immigration activity for Mr. Pichai and the Googlers identified by the aggrieved Mr. Darshan.

Does Mr. Pichai have upcoming travel plans to India? Compared to the Dark Patterns matter, spending a few extra minutes in the Mumbai International Airport may not make much difference unless the Googlers are hauled off to the Mumbai police headquarters. Take some tchotchkes maybe?

Stephen E Arnold, January 26, 2022

Facebook: Reluctant But Why?

The write up concerns Facebook in Australia. Australia has good relationships with the US. The bonds between Australia and the United Kingdom seem to be in reasonable shape as well. Australia, it seems to me, has been an origin point for some interesting ideas related to online.

“Meta Most Reluctant to Work with Government: Home Affairs” points out that Meta (originally just plain old super community minded Facebook) is less enthusiastic about working with Australia’s government than some of its very large, possibly monopolistic fellow travelers.

The write up reports:

In a submission to the House Select Committee Inquiry into Social Media and Online Safety, Home Affairs criticized Meta for not doing enough to protect its users and for not adequately engaging with the government on these issues. In its own submission, Meta said it has “responded constructively” to Australian government inquiries and is “highly responsive” to local regulators.

I think this means that Meta is doing a better job at foot dragging than some other big technology firms. Like Meta’s recognition as the worst company in the United States, the highly responsive outfit has tallied points in the “less enthusiastic” competition.

The Australian government and Meta have other issues which have caused the US company to arm wrestle with Australian officials; for example, encryption of Facebook Messenger content, dealing with Australian media’s interest in compensation for its content, and ideas about privacy.

The write up does not answer the question “But why?”

To fill the void, may I suggest a cou8ple of reasons:

1. Keep people in the dark. Disclosures about Meta technology, business practices, or data systems might inform the Australian government. With the information, the Australian government could formulate some new ideas about fining or controlling the community focused US outfit. In short, Meta information may lead to meta prosecution perhaps?
2. Take steps to prevent data moving around the Five Eyes. Information disclosed in Australia might find its way to the US and the UK. Despite these countries’ security methods, some of that disclosed data could seep into the efficient machinery of the European Union. It is conceivable that the risk of becoming even more responsive to Australia increases the risk of EU action with regard to the community oriented social media company.
3. Circle the wagons to prevent user defections. Cooperating in any way that become public could cause some Meta users to delete their accounts and prevent others in their span of control from using Meta services. This means a loss of revenue, and a loss of revenue has downside consequences; namely, encouragement for other high technology companies to nose into Meta territory.

I want to emphasize none of these ideas appear in the write up cited above. Furthermore, these are views which I developed talking with my colleagues about Meta.

Net net: Meta does not want information about its systems, methods, research, and policies. Frances Haugen, it seems, did not get that email.

Stephen E Arnold, January 26, 2022

Information Allegations Directed at Some Law Enforcement Entities

Before the advent of modern technology, police states were limited in the amount of surveillance they could conduct. As technology advances, the amount of information police can extract from people’s devices is as scary as science fiction. El Poder Deportivo explains a frightening surveillance tool US police are now using: “AI-Driven People Surveillance: US Cops Reportedly Utilizing Invasive Tool To Grab Candidates’ Social Media Marketing, Pornhub and Tinder.”

Police in Michigan are using a tool called SocialNet that captures data from social media and other pertinent Web sites. ShadowDragon is responsible for inventing SocialNet. Unfortunately or fortunately, depending on your political stance, Michigan is not the only state that is ShadowDragon’s customers. Massachusetts and the US Department of Immigration are on that list.

Law enforcement officials are not broadcasting they are using SocialNet, but the information it is in use is available after a little detective work. Michigan nor ShadowDragon admit what agencies are using SocialNet, but documents show that it was purchased through a third party called Kaseware.

Local and state governments spent a lot of money on the SocialNet application. Authorities are also whitewashing their justification for purchasing and using SocialNet.

It is not surprising that US police are using advances tools to collect people’s personal information. Law enforcement and governments have been doing that for centuries. The bigger question to ask if the US police are collecting the information lawfully or illegally?

“Likening ‘predictive policing’ to ‘AI-driven racial profiling and society surveillance,’ the United states Civil Liberties Union (ACLU) Michigan workplace observed that ShadowDragon tools broken the “basic right to confidentiality.” In a number of tweets, the ACLU required the usage of such hardware https://datingmentor.org/escort/pomona/ to finish.”

SocialNet will probably be used in both positive and negative ways. It will capture plenty of evidence to put bad actors behind bars as well as hinder individuals who the governments do not like. In the wake of the NSO Group’s publicity tsunami, more specialized software vendors are likely to be subject to scrutiny.

Whitney Grace, January 26, 2022

What Does Go Bro Suggest for Software?

Traditionally IT workers and sports fans are traditionally represented by the stereotypical portrayals of nerds and jocks. The jocks are very buff, popular individuals while nerd are smart, socially awkward people. Since the advancement of computer science, the Internet, and videogames, the stereotypes have eroded. ReadWrite explains how the jock and nerd chasm is smaller in, “Why Software Product Development Is The Ultimate Team Sport.”

Teamwork is essential to a successful IT department and/or company. It is extremely important for software product development. Contrary to popular conceptions, programmers and their teams do not isolate themselves. Instead Programmers are part of a dynamic team effort comparable to how professional sports teams are managed.

Software product development teams should be carefully built and be allowed to discover their own work rapport:

“To a large extent, these teams should be able to work free of bureaucracy and politics, focusing entirely on the product at hand. To do that, the other stakeholders need to collaborate to ensure teams have the guidance, resources, and time they need to work with a high degree of independence.

Just as important as assembling the constituent parts and letting them operate autonomously is finding the right fit between them. Teams obviously need to have the right combination of skills to turn the software product development process into a functional, finished product. But they also need the right mix of personalities, clear roles for everyone involved, a cohesive leadership structure, and effective communication channels.”

Similar to sports teams, software development groups need to adapt to uncut, overcome persistent obstacles, create meaningful innovation, overcoming persistent obstacles, being able to repeat success. These are all situations that not only sports and software teams handle, but also all teams in all industries.

Whitney Grace, January 26, 2022

Meta Zuck: AIR SC Sort of Sketched Out

I read Facebook’s (Meta’s) blog post called “Introducing the AI Research SuperCluster — Meta’s Cutting-Edge AI Supercomputer for AI Research.” The AIR SC states:

Today, Meta is announcing that we’ve designed and built the AI Research SuperCluster (RSC) — which we believe is among the fastest AI supercomputers running today and will be the fastest AI supercomputer in the world when it’s fully built out in mid-2022.

Then this statement:

Ultimately, the work done with RSC will pave the way toward building technologies for the next major computing platform — the metaverse, where AI-driven applications and products will play an important role.

So the AIR SC is sort of real. The applications for the AIR SC are sort of metaverse. That’s not here either in my opinion.

So what’s going on? Here are my thoughts:

1. Facebook wants to stake out conceptual territory claims as AT&T did with its non 5G announcements about the under construction 5G capabilities.
2. Facebook wants to show that its AIR SC is bigger, better, faster, and more super than anything from the Amazon, Google, or other quasi-monopolies who want systems that will dominate the super computer league table for now and possibly forever unless government regulators or user behavior changes the game plan.
3. Facebook believes the Silicon Valley marketing mantra, “Fake it until you make it” with a possible change. I interpret the announcement to say, “Over promise and under deliver.” I admit I have become jaded with the antics of these corporate giants who have been able to operate without meaningful oversight or what some might call ethical guidelines for a couple of decades.

In the old days, companies in the Silicon Valley mode did vaporware. The tradition continues? Sure, why not? There’s even a TikTok style video to get the AIR SC message across.

Stephen E Arnold, January 25, 2022

Excited about Microsoft and Games? What about Other Issues? Like, Uh, Security?

We learn of a recent complaint against SolarWinds from GitHub contributor jaybobo, who helpfully shares both the full filing and key highlights. The case was filed in Delaware’s Court of Chancery by shareholders, including the Construction Industry Laborers Pension Fund and the Central Laborers’ Pension Fund. In light of the Sunburst hack, the plaintiffs assert the company failed to appropriately secure their investments against cybersecurity risks. The complaint alleges:

“SolarWinds: (i) used weak passwords for its software download webpages such as ‘solarwinds123;’ (ii) did not properly segment its IT network; (iii) directed its clients to disable antivirus scanning and firewall protection on its Orion software; (iv) cut investments in cybersecurity; and (v) listed its sensitive and high-value clients on its webpage for anyone to see.”

Oof—these are indeed the opposite of security best practices. The parties insist this alleged negligence allowed the Sunburst attack to succeed, tanking their investments. The filing describes the impact:

“In the days following the Company’s initial public disclosure of SUNBURST in December 2020, SolarWinds’ stock lost nearly 40% of its value. As of today, the stock trades at more than a 30% discount to its pre-revelation trading price. For the six months ended June 30, 2021, the Company incurred $34 million in direct expenses related to SUNBURST, stemming from, inter alia, costs to investigate and remediate the cyber attack; legal, consulting, and other professional service expenses; and public relations costs. In the first six months ended June 30, 2021, the Company also experienced a 27% decline in its license revenue relative to the previous year. SolarWinds explained that this decline was ‘primarily due to decreased sales of our licensed products as a result of the Cyber Incident [i.e., SUNBURST]’ (among other factors). The Company’s net increase in cash and cash equivalents for the same period was down over 74% relative to the previous year, which the Company also attributed, in part, to SUNBURST.”

The plaintiffs go on to note several ongoing investigations and lawsuits now facing SolarWinds as a result of the debacle. Then there are the related insurance rate hikes, finance charges, and compliance activities. They estimate these factors add another $20 million a year in expenses that will also diminish their investments. The filing requests several measures from the court, like requiring the company to implement better security and, of course, awarding damages.

We want to point out the information in “Microsoft Discovers Undisclosed Bug in SolarWinds Server.” That write up which we spotted on January 22, 2022 (a Saturday by the way) states:

During the sustained monitoring of threats taking advantage of the ‘Log4j2’ vulnerabilities, the Microsoft Threat Intelligence Centre (MSTIC) team observed activity related to attacks being propagated via a previously undisclosed vulnerability in the SolarWinds ‘Serv-U’ software. “We discovered that the vulnerability is an input validation vulnerability that could allow attackers to build a query given some input and send that query over the network without sanitation,” Microsoft said in its security update. SolarWinds said the Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized.

Worth monitoring security, but the metaverse more zippy.

Cynthia Murrell, January 25, 2021

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • Which Came First? Cliffs Notes or Info Short Cuts
  • Google Trial: An Interesting Comment Amid the Yada Yada
  • A Look at Several Cyber Busts of 2023
  • Google Stomps into the Threat Intelligence Sector: AI and More
  • Buffeting AI: A Dinobaby Is Nervous

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org