Tactical AI: Research for the 21st Century
October 23, 2020
The company is Tactical Analysis Intelligence. The acronym is Tactical AI. The url is tactical-ai.com. Clever. Indexing systems will glom on the “ai” and the name suggests advanced technologies. The company’s business is, according to its Web site:
a premier boutique information search provider of numerous public and non-public internet sources. Our proprietary deep search system and monitoring service has a proven track record of providing businesses with the data they need to make informed, critical business decisions.
The company performs “deep Web search.” The idea is that when you search via Bing, Google, or Swisscow, you are doing shallow search. The company also delivers Dark Web breach monitoring. The idea is that the increasingly small Dark Web requires specialized skills.
I learned about this company via a link to its “white paper” or article called “Going Undercover for Your Company on the Dark Web? Read This First.” The article provides some information which leads some readers to the conclusion that Dark Web research requires an expert. That’s where Tactical Analysis Intelligence enters. The company’s article by the same name is a link to a Department of Justice document. That’s okay, just a surprise.
After scanning the company’s Web site, some librarians before the Great Disintermediation decimated their ranks should have had Tactical’s marketing know how.
Keep in mind that:
- Forums, discussion groups, and digital watering holes are no longer confined to the Dark Web
- The “regular” Web houses a surprising amount of information, including facts about companies which do classified work and do their level best to remain invisible; for example, ATA in Albuquerque, NM.
- Chat tools like WhatsApp, Telegram, and others have become alternatives now that the Dark Web is getting tinier.
What services provide access to threat intelligence from these sources? That’s a good question.
The experts in cyber open source intelligence might be able to help. Is it possible the author of CyberOSINT could offer some guidance? No, doubtful.
Stephen E Arnold, October 23, 2020
DarkCyber for October 20, 2020, Now Available
October 20, 2020
The October 20, 2020 DarkCyber video news program covers five stories. First, secure messaging apps have some vulnerabilities. These can be exploited, according to researchers in Europe. Second, QuinetiQ’s most recent cyber report provides some eye-opening information about exploit techniques and methods. Third, a free phishing tool is available on GitHub. With it, a bad actor can automate phishing attacks. Fourth, mobile phones can be remotely activated to work like spy cameras and audio transmitters. The final story explains that swarms of drones can be controlled from a mobile phone and a new crawling drone can deliver bio-weapons in a stealthy manner. DarkCyber is produced by Stephen E Arnold, author of CyberOSINT and the Dark Web Notebook. You can view the 11 minute program at this link. (The miniature centipede-like drone is a marvel.)
Kenny Toth, October 20, 2020
AI the New Battlefield in Cyberattack and Defense
October 19, 2020
It was inevitable—in the struggle between cybercrime and security, each side constantly strives to be a step ahead of the other. Now, both bad actors and protectors are turning to AI tools. Darktrace’s Max Heinemeyer describes the escalation in, “War of the Algorithms: The Next Evolution of Cyber Attacks” posted at Information/Age. He explains:
“In recent years, thousands of organizations have embraced AI to understand what is ‘normal’ for their digital environment and identify behavior that is anomalous and potentially threatening. Many have even entrusted machine algorithms to autonomously interrupt fast-moving attacks. This active, defensive use of AI has changed the role of security teams fundamentally, freeing up humans to focus on higher level tasks. … In what is the attack landscape’s next evolution, hackers are taking advantage of machine learning themselves to deploy malicious algorithms that can adapt, learn, and continuously improve in order to evade detection, signaling the next paradigm shift in the cyber security landscape: AI-powered attacks. We can expect Offensive AI to be used throughout the attack life cycle – be it to use natural language processing to understand written language and to craft contextualized spear-phishing emails at scale or image classification to speed up the exfiltration of sensitive documents once an environment is compromised and the attackers are on the hunt for material they can profit from.”
Forrester recently found (pdf) nearly 90% of security pros they surveyed expect AI attacks to become common within the year. Tools already exist that can, for example, assess an organizations juiciest targets based on their social media presence and then tailor phishing expeditions for the highest chance of success. On the other hand, defensive AI tools track what is normal activity for its organization’s network and works to block suspicious activity as soon as it begins. As each side in this digital arms race works to pull ahead of the other, the battles continue.
Cynthia Murrell, October 19, 2020
DarkCyber for October 6, 2020, Now Available
October 6, 2020
The October 6, 2020, DarkCyber covers one security-related story and offers a special feature about the differences between Web search and enterprise search. The loss of 250 million user accounts in December 2019 illustrated the flaws in the Microsoft approach to online security. What was the company’s response? The firm researched the event and prepared an after-action report. The document makes clear that Microsoft’s approach to security allowed bad actors to obtain access to proprietary data. Furthermore, the report provides one more example that high-visibility cyber security systems may not work as advertised. What’s the difference between Web search and enterprise search? Dr. Stavros Macrakis and Stephen E Arnold explore this subject. Dr. Macrakis worked at Lycos, Google, and other high-profile search firms. Arnold is the author of Successful Enterprise Search Management and The New Landscape of Search. The extracts from their discussion provide fresh insights into the challenges of information retrieval in today’s mobile-centric world. You can view the program on YouTube.
Kenny Toth, October 6, 2020
Watch Out for Trojans
October 3, 2020
Here is an interesting little write-up on a specific type of malware. Predict gives us, “What You Need to Know About Trojan Horse?” Writer Rakesh Elamaran begins by defining the term—a trojan is an app that appears desirable but, once downloaded, turns malicious. Naturally, he observes, simply banning downloads is an impractical solution. Instead, we’re told:
“Because Trojan horses don’t reproduce after they have been installed on a computer, they are much easier to isolate and remove than some other cyber threats. To do this, you should use a Trojan remover, which usually comes bundled with the best antivirus software. If you suspect your computer may be infected, use your antivirus program to check your hard drive for any suspicious files. Some Trojans are not as dangerous as others, which is why your client may suggest quarantining an infected file rather than deleting it. Your antivirus software will then monitor the file closely and inform you if it detects any unusual and/or malicious activity. To ensure optimal safety, you should schedule full weekly scans of your computer and set up automatic definition updates in your antivirus program. Of course, in addition to using the best antivirus software you can prevent Trojan infections by avoiding any suspicious emails, attachments, and links sent to you from unknown addresses. Before typing your data into online forms, look for a padlock symbol in the address bar to make sure that your connection is secure and that all the data you enter is encrypted.”
The post lists some symptoms to watch out for. One is hardware, like a CD tray, that performs a function unprompted. The rest are changes settings not initiated by the user: browser home pages; passwords, usernames, or other login information; and screen savers, backgrounds, or mouse settings. It also specifies the most common actions trojans tend to take, from erasing files to installing a back door, and names a few famous versions that have caused havoc in the past.
Cynthia Murrell, October 3, 2020
Drones: In the Sky for Sure
October 2, 2020
The US Federal Aviation Authority has decided the concept of drone deliveries is safe enough to grant Amazon Prime Air permission to fly beyond visual line of sight. But did the agency consider everything? Diginomica discusses some concerns in the article, “More Drones in the Sky in One Day than Planes in a Year—Amazonian Number-Crunching.”
The drones in question will carry small packages, up to 5 lbs. Reporter Chris Middleton estimates drone deliveries would mean about 4,500 drones in each city, constantly buzzing and swooping about our streets just to deliver things one could get by going down to the corner store (if such a thing continues to exist.) Sure, the project makes sense for the disabled or folks out in the country, but not for everyone else, Middleton maintains.
Any environmental boons from fewer delivery vehicles on the road must be weighed against the impact of building and disposing of drones and drone batteries. Then there are safety concerns—there are many creatures and things drones could crash into out there. Also, humans being what they are, drones will inevitably be targets for theft and sabotage. Furthermore, current aviation rules are designed for traditional air traffic; fleets of cloud-connected drones and, down the line, flying taxies will complicate matters in ways we have yet to imagine. The author summarizes:
“Small, lightweight drones are a harbinger of larger ones that will carry more items, heavier goods, or people – pilotless air taxis are being tested in several parts of the world. So it’s common sense to ask whether most people would tolerate the skies over their towns and cities being full of even small rotorcraft, each carrying a bottle of soda or some bananas…. “Is this a world that we really want to live in? Isn’t the idea itself just a bunch of bananas, lacking in any semblance of common sense? At this point it’s worth remembering that Amazon – like Google, UPS, and FedEx – is a US company designing things for a world that looks like America: a huge land mass, open spaces, grid-like cities with hundreds of miles between them, long straight roads, and thousands of rural communities. In that world, drone deliveries make perfect sense, and the same applies to China. But in densely-populated European countries, with their ageing cities and creaking infrastructures, the concept is a less easy fit. Taken together, the constant risk, noise nuisance, and intrusion into people’s lives seem extreme – all to deliver items that you could pick up from a local shop.”
Middleton concludes with a hope—that it does not take a disaster before regulatory agencies carefully consider the potential ramifications of giving the likes of Amazon, UPS, FedEx free rein throughout our skies.
Cynthia Murrell, October 1, 2020
Palantir Technologies: Minor Questions Remain
October 1, 2020
DarkCyber noted “Techie Software Soldier Spy: Palantir, Big Data’s Scariest, Most Secretive Unicorn, Is Going Public. But Is Its Crystal Ball Just Smoke and Mirrors?” The write up joins the caravan of publications digging into the ins and outs of the intelware business.
There are precedents for a vendor of specialized services becoming a public company. One example is Verint, and there are others. Sometimes the lineage of an intelware company can be difficult to figure out. There are start ups in Cypress; there are partnerships in Herzliya; and there are Byzantine limited liability operations in midtown Manhattan.
What’s striking about Palantir is that the coverage has been content with the jazzy bits. DarkCyber understands the need to create buzz and capture eyeballs. The write up uses an interesting quotation from Admiral Poindexter, an interesting person who may be qualified to explain intelware:
“When I talked to Peter Thiel early on, I was impressed with the design and the ideas they had for the user interface,” Poindexter told me recently. “But I could see they didn’t have — well, as you call it, the back end, to automatically sort through the data and eliminate that tedious task for the users. And my feedback from the people who used it at the time, they were not happy with it at all. It was just much too manual.”
DarkCyber wondered:
- Why the write up did not explore the i2 Analyst’s Notebook vs.. Palantir legal matter. That activity suggested that Palantir may have had some interest in a proprietary file format and allegedly worked in interesting ways to obtain closely guarded information. A related question is, “Why would bright start up engineers resort to allegedly questionable methods to figure out a file format?” Too bad the write up ignores a legal matter which illuminates Palantir’s methods.
- Why is Palantir running into the revenue ceiling which other vendors of search and content processing systems for government entities hit? Are there too few customers? Did Autonomy, another search and content processing company, bumped into the revenue ceiling too? Is there a elephant standing in a pool of red ink in the accounting departments of some search and content processing companies?
- Why are intelware vendors offering their products and services under generous free trials programs to the known customers with allocated funds for such systems? And in parallel, the vendors are working overtime to find someone with deep pockets to buy these start ups?
- How similar are the products and services of intelware vendors? Why is innovation confined to graphics and innovation confined to recycling ideas in circulation for decades? One of the DarkCyber team observed, “Isn’t Palantir Gotham Titan the old Analyst’s Notebook with a pop up wheel on the right mouse button?” (I hire skeptical and maybe slightly cynical engineers I think.)
- Could it be that in the “real world” of fast-moving events the intelware vendors’ products don’t work all that well? Is it time for deeper analysis of comparable products and services? How does Palantir stack up against Voyager Labs’ offerings or the the LookingGlass system.
- Why doesn’t smart software do a better job of importing data? What has Datawalk figured out that eludes the Palantirians?
- Why do some Palantir Gotham installations remain idle? Is it because even the simpler interface is too quirky to use when real-time events generate pressure? Is it difficult for some licensees to allocate staff to use the system in order to become masters of the dataverse?
- Why haven’t Wall Street pushes generated more revenue? What happened to the Thomson Reuters’ deal?
- How long did it take Palantir to stand up its first version of its system after the core team decided the move forward with Gotham? (If you know the answer, write benkent2020 @ yahoo dot com. We know the answer and the winner will receive a copy of CyberOSINT: Next Generation Information Access. Free too. Almost like a trial of the products and services from an intelware start up.)
There are other questions the DarkCyber team considers important as well. Perhaps a “real news” outfit will dig into the intelware market, track the technologies, the inter-company tie ups, and the use cases or in some cases the dis-use cases for these products and services?
DarkCyber, however, finds the idea of Palantir’s going public interesting. Was the point of the exercise financial escape for increasingly concerned investors and grousing employees? Too many questions and too few answers still I think.
Stephen E Arnold, October 1, 2020
Thinking about Security: Before and Earlier, Not After and Later
September 30, 2020
Many factors stand in the way of trustworthy AI, not the least of which is the involvement of those for whom a raise, a bonus, or a promotion is involved. Then there is the thorny issue of bias built into machine learning. InformationWeek, however, looks at a few more straightforward threats in its article, “Dark Side of AI: How to Make Artificial Intelligence Trustworthy.”
Gartner VP and analyst Avivah Litan notes that, though AI is becoming more mainstream, security and privacy considerations still keep many companies away. They are right to be concerned—according to Garnter’s research, consumers believe responsibility lies with organizations that adopt AI technology, not the developers or vendors behind it. Litan describes two common ways bad actors attack AI systems: malicious inputs and query attacks. She writes:
“Malicious inputs to AI models can come in the form of adversarial AI, manipulated digital inputs or malicious physical inputs. Adversarial AI may come in the form of socially engineering humans using an AI-generated voice, which can be used for any type of crime and considered a ‘new’ form of phishing. For example, in March of last year, criminals used AI synthetic voice to impersonate a CEO’s voice and demand a fraudulent transfer of $243,000 to their own accounts….“Query attacks involve criminals sending queries to organizations’ AI models to figure out how it’s working and may come in the form of a black box or white box. Specifically, a black box query attack determines the uncommon, perturbated inputs to use for a desired output, such as financial gain or avoiding detection. Some academics have been able to fool leading translation models by manipulating the output, resulting in an incorrect translation. A white box query attack regenerates a training dataset to reproduce a similar model, which might result in valuable data being stolen. An example of such was when a voice recognition vendor fell victim to a new, foreign vendor counterfeiting their technology and then selling it, which resulted in the foreign vendor being able to capture market share based on stolen IP.”
Litan emphasizes it is important organizations get ahead of security concerns. Not only will building in security measures at the outset thwart costly and embarrassing attacks, it is also less expensive than trying to tack them on later. She recommends three specific measures: conduct a threat assessment and carefully control access to and monitoring of training data/ models; add AI-specific aspects to the standard software development life cycle (SDLC) controls; and protect and maintain data repositories to prevent data poisoning. See the article for elaboration of each of these points.
Cynthia Murrell, September 30, 2020
Hacking a Mere Drone? Up Your Ante
September 29, 2020
So many technology headlines are the stuff that science fiction is made of. The newest headline is a threat is something not only out of science fiction but also from the suspense genre says Los Angeles Air Force Base: “SMC Team Supports First Satellite Hacking Exercise.”
For a over the year, the Space and Missile Systems Center (SMC) experts in ground and satellite technology led a satellite hacking exercise. The event culminated in the Space Security Challenge 2020: Hack-A-Sat. The Special Programs Directorate and the Enterprise Corps Cross Mission Ground and Communications cyber operations team combined their forces for the exercise:
“This challenge asked security researchers, commonly known as hackers, from across the country and around the world to focus their skills and creativity in solving cybersecurity challenges on space systems. These white-hat ethical hackers are members of the research and security communities focused on legally and safely finding vulnerabilities for many different types of systems. This challenge focused on bridging the gap between space, cyber and security communities and growing these ecosystems.”
DEF CON controlled the exercise environment so the teams could practice their skills safely and securely. The competitors explored the satellite system, including the radio frequency communications, ground segments, and satellite bus. The Hack-A-Sat was basically war games with code. The purpose was to expose the experts to new systems they otherwise might not have access to.
The teams want to practice their skills in simulations and Hack-A-Sat events in preparation for real life events. The more real life scenarios the experts experience the more prepared they are to troubleshoot system errors and emergencies.
The Hack-A-Sat event is part of the future mission to the moon and defending the
United States from enemy threats. However, if the United States can undertake these exercises, bad acting countries can as well. It would be horrible if authoritarian governments discovered how to hack US satellites. The metaphor is scary but apt: could the equivalent of a 9/11 terror attack happen by satellite hacks?
Whitney Grace, September 29, 2020
DarkCyber for September 22, 2020, Now Available: Bogus Passports, Chinese Data and Apps, and the Dronut Drone
September 22, 2020
DarkCyber for September 22, 2020, is now available. This week’s program features an update on falsified documents, three stories about China, and a report about the Dronut. You can view the video on YouTube. The video is available via the Beyond Search blog.
Kenny Toth, September 22, 2020