Guess What? Most Conferences Leak High Value Information
September 24, 2024
This essay is the work of a dumb dinobaby. No smart software required.
I read the Wired “real news” article titled “Did a Chinese University Hacking Competition Target a Real Victim?” The main idea of the article is that a conference attracted security professionals. To spice up the person talking approach to conferences, “games” were organized. The article makes clear that the conference and the activities could have and maybe were a way for some people involved with and at the conference to obtain high-value information.
News flash! A typical conference setting. Everyone is listening for hot info. Thanks, MSFT Copilot. Good enough.
I have a “real news” flash for the folks at Wired. Any conference — including those with restricted attendance or special security checks — can be vectors for exfiltration of high-value information. After one lecture I delivered at a flashy public conference, a person who identified himself as a business professional wanted to invite me to give lectures in a country not in the EU. I listened. I asked questions. I received only fuzzy wuzzy answers. I did hear all expenses paid and an honorarium. I explained that I was a dinobaby. I wanted more details before I could say yes or no. I told the gentleman I had a meeting and had to get to that commitment. How often has that happened to me? At one conference I attended for six or seven years, a similar conversation took place with me and a business professional every time I gave a lecture.
Within the last 12 months, one of my talks was converted into an email from someone in the audience and a “real” journalist. Some of my team’s findings appeared without attribution in one of few remaining big name online publications. Based on my experience alone, I think attending conferences related to any “hot” technical subject is going to be like a freshly grilled Trader Joe’s veggie burger to a young-at-heart member of the Diptera clan (that’s a house fly, but you probably know that).
Let me offer several observations which may be use to people speaking at public, semi-public, or restricted events:
- Make darned sure you are not providing high-value actionable information. If one is not self aware, speakers get excited and do a core dump. The people seeking information for a purpose the speaker has not intended just writes it down and snaps mobile phone pix of the visuals. If a speakers says something of utility, that information is gone and can make its way into the hands of competitors, bad actors, or enemies of one nation state or another. The burden is on the attendee. Period.
- If handouts are provided, make certain these do not contain the complete information payload. If I prepare what I call a feuilles détachées, these are sanitized by omitting specific details. The general idea is expressed, but the good stuff is omitted. In short, neuter what is publicly available.
- Research the conference. Know before you go. If the conference is “secure,” you will have to chase down one of the disorganized and harried organizers and ask them to read you the names of the companies or agencies which sent representatives.
- Find out who the exhibitors are. Often some names appear on the conference Web site, but others — often some interesting outfits — don’t want any publicity. The conference is a way to learn what competitors are doing, identify prospects, pick up high value information, and recruit people to do work that can get them in some interesting conversations. Who knows? Maybe that consulting job dangled in front of a clueless attendee is a way to penetrate an organization?
- Leveraging conferences for intelligence is standard operating procedure.
Net net: Answer the question, “What’s the difference between high-value information and marketing baloney?” Here’s my response: “A failure to know or anticipate what the other person knows and needs. This is not news. It is common sense.
Stephen E Arnold, September 24, 2024
When Dumping an Employee Yields a Conference: Unexpected Consequence? Yep
February 20, 2023
The saga of Google’s management of smart people has taken a surprising twist. On Friday, March 17, 2023, Dr. Timnit Gebru and some colleagues have declared “Stochastic Parrots Day.” The conference is named after the journal article/research paper about some of the risks certain approaches to smart software generates.
Stochastic parrots created by the smart software Craiyon.com. I assume that Craiyon is the owner of these images and that image rights trolls will be on the prowl for violations of the software’s intellectual property. But I enhanced these stochastic parrots, and I wrote this essay. No smart software writing aids for this dinobaby.
You can download the paper “On the Dangers of Stochastic Parrots: Can Language Models Be Too Big? The paywalled ACM version is at this link. The authors of the paper that allowed Dr. Gebru to find her future elsewhere are Emily Bender, Angelina McMillan-Major, and another Xoogler purged from the online ad outfit Margaret Mitchell. from this link, which raises a paywall. However, there is a useful summary prepared by Tushar Chandra at this link. According to the conference announcement, the co-authors and “various guests” will “reflect on what has happened in the last two years, what the large language model landscape currently looks like, and where we are headed versus where we should be headed.”
In my experience, employees who have the opportunity to find their future elsewhere start poking around for work. A few start companies or non-profits. Very few set up a new conference named after the paper which [a] blew the whistle on some of the AI craziness reported endlessly in TechMeme and other online information services and [b] put US Army De Oppresso Liber laser on Google’s personnel management methods.
Yep, a conference. A free conference, although a registrant can donate to the organizers.
What’s the unexpected consequence or, I should say, consequences? Let me do a little speculation:
- Google amps up the Sundar and Prabhakar routine about how Google wants to be careful, to earn trust, and, of course, demonstrate that Microsoft’s brilliant marketing play is just stupid. (Who is hallucinating? Microsoft’s OpenAI demonstrations or the Google?)
- The conference attracts the attention of a major conference organizer. I am not sure the ACM will have the moxie to create a conference that appeals to those who are not members. Imagine a two per year Stochastic Parrot program held twice a year. I think it might work.
- This event strikes me as similar to a one of those quantum moments. Is the parrot dead or alive? Predicting how the conference will interact with the real world and what systems and methods find themselves under the parrot’s confocal-type differential interference contrast microscope. What will emerge? Recursive methods fed synthetic data? Higher level abstractions shaped by engineers’ biases? Misinformation ingested so that results don’t match other sources and findings? Carelessness infused with cost cutting in the content training process? Sail and Snorkel perhaps?
Net net: What happens if a stochastic parrot conference gets too big? Answer: Perhaps Jeff Dean will become a speaker and set the record straight? Yikes! Code Super Red?
Stephen E Arnold
MINDS Conference: Truly Baffling
May 6, 2022
I received a link to a conference in Finland, which is just around the corner from Harrod’s Creek, Kentucky. The outfit’s flier perched on a Google Drive, and I learned that the MINDS program is into talking about news, collaboration, and diversity. The sponsors of the conference in Helsinki are
- Ifragasätt, another consulting firm “supplies its customers with solutions for live-blogging/reporting and readers comments.
- Namia, apparently a consulting firm responsible for STT Spy Tool, STT Little Bird, STT Vault News Robotics and Data Platform and STT’s Crime Database, among others. (Although my research team follows intelware, the STT Crime Database was interesting because it seems to be a resource owned by the Finnish New Agency or “STT.”
- PicRights, a copyright enforcement entity which “Using state-of-the-art technology to identify infringements and a team of experienced staff to qualify them as enforceable, PicRights delivers actionable cases to the appropriate regional enforcement unit for settlement and collection of fees for the unlicensed uses.” (There are offices in many countries, just not in the US. What does that suggest, Mr. Higbee?)
If there are other sponsors, I did not spot them in the program.
My reaction to the line up of speakers is that considerable attention will be directed to the news opportunities created by the actions a certain nation state.
What’s interesting is that outputs about the dust up East of Helsinki does not talk about improper reuse of TikTok videos, tweets, and YouTube posts. In my lecture at the 2022 National Cyber Crime Conference, I commented about how a former CIA operator surfed open source information. The former CIA professional writes novels but discovered information about the yachts allegedly owned by Russians who have been sanctioned. The information comes in part from the YouTube videos of eSysman and other open sources. But the former CIA professional did not identify these sources in a Lawfare podcast featuring the information.
My thought is that the MINDS Conference agenda has hip-hopped over the recycling of information related to the misunderstanding roiling Europe and allowing real news organizations to reuse content.
I will never know. The flier which I referenced includes this statement:
PLEASE NOTE THAT ALL INFORMATION GIVEN DURING THE CONFERENCE IS CONFIDENTIAL AND MUST NOT LEAVE THE MINDS NETWORK
The shouting caps appear in the original flier. What’s the penalty if the graduate student speaking at the conference puts her / them ideas in a journal article.
My hunch is that with a crime database and a legal network among the sponsors, something really bad will happen.
Will that punishment be worse than ignoring improper use of individuals posting information as OSINT and hearing crickets from “real news” outfits about fair use?
Of course not. Leveraging OSINT for commercial gain is part of the “real news” game for some publishers. Secrecy is good for some geese. Let’s hope the graduate student does not miss the ALL CAPS message.
Stephen E Arnold, May 6, 2022
SXSW Festival: The Future of Meme Rich Techno Conferences?
March 20, 2022
I read PitchBook’s “SXSW State Is a Collision of Weed, Metaverse, NFTs, Acid and Saving the Planet.” Now that’s insight into the techno hip meme scape. The article states:
the event has secured its place as a vital part of the venture capital ecosystem and its ever-optimistic quest to create the future of everything. And this year’s installment has been no exception, featuring experts delving into some of Silicon Valley’s biggest passion projects, from crypto and climate science to the metaverse and psychedelic drugs. The return of SXSW following a pandemic hiatus also comes at a time when the city of Austin—thanks in part to the festival itself—stars in another drama that hits home for the VC ecosystem: The rise of hot new metropolises winning over tech and other corporate leaders seeking locales that are more accommodating of their business and personal ambitions.
As one observer labels locations like Texas, that’s flyover country, dude.
The highlight of the event, if the information I have is accurate, may have included shootings. “Gunman Opens Fire at SXSW Festival in Austin, 4 Injured: Officials” reports:
A suspected gunman who shot four people Saturday at the South By Southwest festival in Austin is in police custody, officials said Sunday morning. The shooter opened fire at the intersection of East 6th and Neches streets, officials said.
I have attended conferences at which the tchotchkes were substandard. People grumbled but no one demonstrated the response which allegedly took place at the meme fest with NFTs and weed. I prefer more subdued events offered via Zoom. Violent behavior is a click on the “Leave meeting” icon.
Stephen E Arnold, March 20, 2022
Conference Presentation Peril
August 29, 2019
No wonder giving a talk at a conference is a terrifying experience for some people. DarkCyber noted “Cryptography Startup Sues Black Hat Conference after Getting Booed and Heckled.” The write up explains:
Crown Sterling, was heckled during its presentation of the paper titled “Discovery of Quasi-Prime Numbers: What Does this Mean for Encryption”
The procedure described in the talk has some value to those engaged in horoscope generation.
A lousy and stupid talk at a conference – so what?
The answer to this question is a lawsuit charging Black Hat “for not upholding its standards of conduct for attendees and for violating their terms of Crown Sterling’s sponsorship package.”
The “sponsorship” angle is very popular at some technology conference venues. Here’s the basic idea:
- Pick a sponsorship package like hosting a luncheon, leasing a booth or “stand” in an exhibit hall, providing a mostly useless bag or carry all for marketing collateral, or some other activity. (The conference organizers call these deals by such names as “platinum sponsor” or “open bar courtesy of XYZ Corp.”
- Get one or more speaking slots. You can spot the lack of objectivity in the programs of sponsor supported conferences. Just look for the companies which have two or more presentations; for example, one keynote (big bucks), one thought piece presentation with minimal sales spin, and/or one product presentation (a pure sales pitch).
- A list of names of people who stopped by the booth courtesy of a bar code scanner which sucks in a person’s conference ID code and the handful of people who stop by the conference organizer office and ask, “Could you give my card to XYZ Corp’s rep. She was not available when I stopped by the booth.”
- Watch for conferences at which the “organizer” gives lengthy presentations. These conferences often have an agenda, and it may not be the attendees’ or reflect significant issues of interest to those who have an annual migration to an event.
The problem with this approach to conferences is that when one pays money, maybe as much as $150,000, the company buying a package wants results. Getting heckled is not what the sponsor expects. Therefore, the lawsuit sallies forth.
Attendees, check out who is speaking and how these people get on the program. Conference organizers, why not put on better events so the “sponsorship” lawsuit becomes impossible?
Note: I do attend a few conferences each year. I still get invited to give a talk. This is semi gratifying, but I will be 76 this year, and I have watched the decline in presentation quality and program value. Like many aspects of the tech world, deterioration and Las Vegas razzle dazzle are now the norm.
Stephen E Arnold, August 29, 2019
TechnoSecurity & Digital Forensics Reminder
August 10, 2017
I wanted to let the world know that the TechnoSecurity & Digital Forensics Conference is about one month in the future, September 18 to 20, 2017. The conference has emerged as one of the most important resources for corporate network security professionals, federal, state and local law enforcement digital forensic specialists, and cybersecurity industry leaders from around the world. The purpose is to raise international awareness of developments, teaching, training, responsibilities, and ethics in the field of IT security and digital forensics. The event will feature more than 70 speakers, 60 sessions, 20 new product demonstrations, and 25 sponsors and exhibits. exhibits. For full details and to register, please visit www.TechnoSecurity.us.
Two of the Beyond Search team will be at the event. Check the program for our Dark Web lectures. If you spot one of the Kentucky crowd, ask about our pizza meet up on Tuesday, September 19, or our LE and intel special: A clean identity for Dark Web surfing and a bootable to Tails 3.0 USB. Proof of affiliation required for both show specials.
Stephen E Arnold, August 10, 2017
TechnoSecurity & Digital Forensics Conference Info
July 20, 2017
I am giving two talks about the Dark Web at the September 2017 TechnoSecurity & Digital Forensics Conference. With the take down of AlphaBay and the attentions Dark Web sources of synthetic drugs are getting in the main stream media, the sessions will be of particular relevance to law enforcement, security, and intelligence professionals. My first talk is a quick start basics lecture. My second presentation focuses on free an and source tools and the commercial services which can flip on the lights in the Dark Web.
The conference has emerged as one of the most important resources for corporate network security professionals, federal, state and local law enforcement digital forensic specialists, and cybersecurity industry leaders from around the world. The purpose is to raise international awareness of developments, teaching, training, responsibilities, and ethics in the field of IT security and digital forensics. The event will feature more than 70 speakers, 60 sessions, 20 new product demonstrations, and 25 sponsors and exhibits. exhibits. For full details and to register, please visit www.TechnoSecurity.us.
As a reader of Beyond Search, you qualify for a 30 percent discount. Just use the promotional code DKWB17 when you sign up online.
Stephen E Arnold, July 20, 2017
Dark Web? Likely to Gain Traction
June 14, 2017
I completed a series of presentations at the TechnoSecurity & Digital Forensics Conference, June 5, 6, and 7. After my two presentations, two attendees spoke with me as I was preparing for my three hour invitation only tutorial on June 7. The two individuals told me that the most surprising point I made was that the Dark Web will become more important.
As we talked about their comment, I learned that after my talks a number of people were discussing the “knowledge gap” I identified in the existing cyber training programs. Specifically, the how to aspect of obtaining information about the Dark Web was a topic of considerable interest.
Stephen E Arnold fields a question about the impact of censorship, filtering, and surveillance on the Dark Web.
However, I learned from these professionals that the stepped up efforts to require Internet companies to perform filtering for hate speech and other information was moving forward in parallel with Theresa May’s call for more stringent content filtering in the UK. Egypt is following suit. Are the actions of Nokia Symbian and the BlackBerry OS smartphones an example of greater controls on WhatsApp?
The conclusion I offered was that activities possible on Surface Web services would force some activities to the Dark Web. As a result, as law enforcement, intelligence, and government efforts increased on Surface Web traffic, services, Web sites, and apps, the importance of the Dark Web would go up.
In my talks I offered this information in the context of squeezing a sponge or tube of toothpaste. The substance has to go elsewhere.
To sum up, the Dark Web is poised to become of more interest to those engaged in law enforcement, security, and intelligence activities.
For more information about the Dark Web, you can navigate to www.xenky.com/darkwebnotebook to get information about my handbook designed for professionals working in the LE and intel field. My earlier book about CyberOSINT is described at www.xenky.com/cyberosint.
Watch for information about my participation in the TechnoSecurity conference in San Antonio, Texas, in September 2017. We are considering an advanced Dark Web session as well as an invitation only training session about creating a legend for a false identity. These sessions are available only to those currently working in US or its allies’ law enforcement and intelligence entities.
Stephen E Arnold, June 14, 2017
HonkinNews for April 11, 2017, Now Available
April 11, 2017
This week’s HonkinNews video program leads with information about Bitext, a company providing breakthrough deep linguistic analysis solutions. In order to put the comments of Dr. Antonio Valderrabanos in perspective, HonkinNews takes a look at the “promo” article discussing IBM’s cognitive computing activities. There is one key difference highlighted in HonkinNews: IBM talks jargon in recycled marketing language and Bitext’s CEO talks about the company’s rapid growth and licensing deals with companies like Audi, Renault, and one of the largest players in the mobile device and mobile services market. The program also looks at the remarkable 9,000 word Fortune Magazine article about Palantir Technologies’ interaction with US government procurement agencies. The very long article does not describe Palantir’s technical innovations nor does the Fortune analysis explain why using commercial off-the-shelf software for intelligence work makes sense. News about the Dark Web Notebook teams three presentations at the prestigious TechnoSecurity & Digital Forensics Conference in June 2017 complements a special offer for the only handbook to Dark Web investigations available. For discount information, check out the links displayed in the video. The video also takes a look at the new Yahoo. Once the transformation of Yahoo into Oath with a punctuation mark no less takes place, the Yahoo yodel will become a faint auditory memory. Does the HonkinNews item trigger an auditory memory. Watch this week’s video to find out. You can watch the video at this link.
Kenny Toth, April 11, 2017
Wow Revelation: AI and the Proletariat
October 29, 2016
IBM’s week long Watson conference WOW marks the starting gun for end of year marketing. I read “IBM Says New Watson Data Platform Will Bring Machine Learning to the Masses.” I like the headline. It reminded me of a part time lecturer at the one horse college I attended 50 years ago. Wild eyed, the fellow was a fan of “ism”, almost any flavor was okay with him. I read the books on the reading list and dutifully took the tests. To be candid, I was delighted when the course ended.
Watson, if the headline is to be believed, may be drifting into the lingo of that now ignored adjunct lecturer. I learned:
IBM unveiled a cloud-based AI engine to help businesses harness machine learning. It aims to give everyone, from CEOs to developers, a simple platform to interpret and collaborate on data.
There we have it: An “everyone.” Really?
The write up, which I assume to be spot on, told me:
“Insight is the new currency for success,” said Bob Picciano, senior vice president at IBM Analytics. “And Watson is the supercharger for the insight economy.” Picciano, speaking at the World of Watson conference in Las Vegas on Tuesday, unveiled IBM’s Watson Data Platform, touted as the “world’s fastest data ingestion engine and machine learning as a service.” The cloud-based Watson Data Platform, will “illuminate dark data,” said Picciano, and will “change everything—absolutely everything—for everyone.”
Interesting. “Insight” is the “currency of success.” The idea is that if someone understands an issue, that mental perception is money.
I like the superlatives too. I found this statement amusing: …Watson will illuminate Dark Data” and “will change everything.”
There we have it: An “everything.” Really?
Now Watson is no longer Lucene, home brew code, and acquired technology. Watson is an enabler. The write up told me that “I haven’t made it a reality yet.” The “it” is the potential of Watson. I liked the concept that I am going to have to do more with Watson.
Okay, but we sort of like the Facebook and Google tools. The IBM approach was important when I worked in my university’s computing center as a JCL go-fer. I even embraced IBM servers for projects at outfits like Bell Communications Research. Ah, the joys of MVS/TSO.
But now the Watson categorical superlatives are noise.
I highlighted this statement attributed to an IBM wizard:
“The number of people in today’s business who have to be able to leverage data as part of their everyday lives, to make sense of it, to drive intelligent decision-making, has grown rapidly,” she said. Gunnar pointed to the need for businesses to collaborate with data across departments to make decisions. The simple interface, she said, helps give everyone, from those who are data savvy to “citizen analysts,” a chance to work with data. “The notion of being able to work on data together, to share across the business, is a huge opportunity to accelerate insights and uncover things that weren’t able to because of the silos within the organization that prevented working on common information,” she [Ritika Gunnar, VP of offering management] said.
There we have it: “everyone.” Really?
The sheer overstatement and superlative density underscore that IBM is trying hard to make Watson a success. I am reasonably certain that Watson’s all-embracing range of functions will generate revenue for Big Blue.
But compare the coverage of the IBM Wow conference with the hooting and hollering for the Apple event which took place during the Wow event.
And remember the proletariat. Yep, wow.
Stephen E Arnold, October 29, 2016