• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

Tactical AI: Research for the 21st Century

The company is Tactical Analysis Intelligence. The acronym is Tactical AI. The url is tactical-ai.com. Clever. Indexing systems will glom on the “ai” and the name suggests advanced technologies. The company’s business is, according to its Web site:

a premier boutique information search provider of numerous public and non-public internet sources. Our proprietary deep search system and monitoring service has a proven track record of providing businesses with the data they need to make informed, critical business decisions.

The company performs “deep Web search.” The idea is that when you search via Bing, Google, or Swisscow, you are doing shallow search. The company also delivers Dark Web breach monitoring. The idea is that the increasingly small Dark Web requires specialized skills.

I learned about this company via a link to its “white paper” or article called “Going Undercover for Your Company on the Dark Web? Read This First.” The article provides some information which leads some readers to the conclusion that Dark Web research requires an expert. That’s where Tactical Analysis Intelligence enters. The company’s article by the same name is a link to a Department of Justice document. That’s okay, just a surprise.

After scanning the company’s Web site, some librarians before the Great Disintermediation decimated their ranks should have had Tactical’s marketing know how.

Keep in mind that:

• Forums, discussion groups, and digital watering holes are no longer confined to the Dark Web
• The “regular” Web houses a surprising amount of information, including facts about companies which do classified work and do their level best to remain invisible; for example, ATA in Albuquerque, NM.
• Chat tools like WhatsApp, Telegram, and others have become alternatives now that the Dark Web is getting tinier.

What services provide access to threat intelligence from these sources? That’s a good question.

The experts in cyber open source intelligence might be able to help. Is it possible the author of CyberOSINT could offer some guidance? No, doubtful.

Stephen E Arnold, October 23, 2020

DarkCyber for October 20, 2020, Now Available

The October 20, 2020 DarkCyber video news program covers five stories. First, secure messaging apps have some vulnerabilities. These can be exploited, according to researchers in Europe. Second, QuinetiQ’s most recent cyber report provides some eye-opening information about exploit techniques and methods. Third, a free phishing tool is available on GitHub. With it, a bad actor can automate phishing attacks. Fourth, mobile phones can be remotely activated to work like spy cameras and audio transmitters. The final story explains that swarms of drones can be controlled from a mobile phone and a new crawling drone can deliver bio-weapons in a stealthy manner. DarkCyber is produced by Stephen E Arnold, author of CyberOSINT and the Dark Web Notebook. You can view the 11 minute program at this link. (The miniature centipede-like drone is a marvel.)

Kenny Toth, October 20, 2020

AI the New Battlefield in Cyberattack and Defense

It was inevitable—in the struggle between cybercrime and security, each side constantly strives to be a step ahead of the other. Now, both bad actors and protectors are turning to AI tools. Darktrace’s Max Heinemeyer describes the escalation in, “War of the Algorithms: The Next Evolution of Cyber Attacks” posted at Information/Age. He explains:

“In recent years, thousands of organizations have embraced AI to understand what is ‘normal’ for their digital environment and identify behavior that is anomalous and potentially threatening. Many have even entrusted machine algorithms to autonomously interrupt fast-moving attacks. This active, defensive use of AI has changed the role of security teams fundamentally, freeing up humans to focus on higher level tasks. … In what is the attack landscape’s next evolution, hackers are taking advantage of machine learning themselves to deploy malicious algorithms that can adapt, learn, and continuously improve in order to evade detection, signaling the next paradigm shift in the cyber security landscape: AI-powered attacks. We can expect Offensive AI to be used throughout the attack life cycle – be it to use natural language processing to understand written language and to craft contextualized spear-phishing emails at scale or image classification to speed up the exfiltration of sensitive documents once an environment is compromised and the attackers are on the hunt for material they can profit from.”

Forrester recently found (pdf) nearly 90% of security pros they surveyed expect AI attacks to become common within the year. Tools already exist that can, for example, assess an organizations juiciest targets based on their social media presence and then tailor phishing expeditions for the highest chance of success. On the other hand, defensive AI tools track what is normal activity for its organization’s network and works to block suspicious activity as soon as it begins. As each side in this digital arms race works to pull ahead of the other, the battles continue.

Cynthia Murrell, October 19, 2020

DarkCyber for October 6, 2020, Now Available

The October 6, 2020, DarkCyber covers one security-related story and offers a special feature about the differences between Web search and enterprise search. The loss of 250 million user accounts in December 2019 illustrated the flaws in the Microsoft approach to online security. What was the company’s response? The firm researched the event and prepared an after-action report. The document makes clear that Microsoft’s approach to security allowed bad actors to obtain access to proprietary data. Furthermore, the report provides one more example that high-visibility cyber security systems may not work as advertised. What’s the difference between Web search and enterprise search? Dr. Stavros Macrakis and Stephen E Arnold explore this subject. Dr. Macrakis worked at Lycos, Google, and other high-profile search firms. Arnold is the author of Successful Enterprise Search Management and The New Landscape of Search. The extracts from their discussion provide fresh insights into the challenges of information retrieval in today’s mobile-centric world. You can view the program on YouTube.

Kenny Toth, October 6, 2020

Watch Out for Trojans

Here is an interesting little write-up on a specific type of malware. Predict gives us, “What You Need to Know About Trojan Horse?” Writer Rakesh Elamaran begins by defining the term—a trojan is an app that appears desirable but, once downloaded, turns malicious. Naturally, he observes, simply banning downloads is an impractical solution. Instead, we’re told:

“Because Trojan horses don’t reproduce after they have been installed on a computer, they are much easier to isolate and remove than some other cyber threats. To do this, you should use a Trojan remover, which usually comes bundled with the best antivirus software. If you suspect your computer may be infected, use your antivirus program to check your hard drive for any suspicious files. Some Trojans are not as dangerous as others, which is why your client may suggest quarantining an infected file rather than deleting it. Your antivirus software will then monitor the file closely and inform you if it detects any unusual and/or malicious activity. To ensure optimal safety, you should schedule full weekly scans of your computer and set up automatic definition updates in your antivirus program. Of course, in addition to using the best antivirus software you can prevent Trojan infections by avoiding any suspicious emails, attachments, and links sent to you from unknown addresses. Before typing your data into online forms, look for a padlock symbol in the address bar to make sure that your connection is secure and that all the data you enter is encrypted.”

The post lists some symptoms to watch out for. One is hardware, like a CD tray, that performs a function unprompted. The rest are changes settings not initiated by the user: browser home pages; passwords, usernames, or other login information; and screen savers, backgrounds, or mouse settings. It also specifies the most common actions trojans tend to take, from erasing files to installing a back door, and names a few famous versions that have caused havoc in the past.

Cynthia Murrell, October 3, 2020

Drones: In the Sky for Sure

The US Federal Aviation Authority has decided the concept of drone deliveries is safe enough to grant Amazon Prime Air permission to fly beyond visual line of sight. But did the agency consider everything? Diginomica discusses some concerns in the article, “More Drones in the Sky in One Day than Planes in a Year—Amazonian Number-Crunching.”

The drones in question will carry small packages, up to 5 lbs. Reporter Chris Middleton estimates drone deliveries would mean about 4,500 drones in each city, constantly buzzing and swooping about our streets just to deliver things one could get by going down to the corner store (if such a thing continues to exist.) Sure, the project makes sense for the disabled or folks out in the country, but not for everyone else, Middleton maintains.

Any environmental boons from fewer delivery vehicles on the road must be weighed against the impact of building and disposing of drones and drone batteries. Then there are safety concerns—there are many creatures and things drones could crash into out there. Also, humans being what they are, drones will inevitably be targets for theft and sabotage. Furthermore, current aviation rules are designed for traditional air traffic; fleets of cloud-connected drones and, down the line, flying taxies will complicate matters in ways we have yet to imagine. The author summarizes:

“Small, lightweight drones are a harbinger of larger ones that will carry more items, heavier goods, or people – pilotless air taxis are being tested in several parts of the world. So it’s common sense to ask whether most people would tolerate the skies over their towns and cities being full of even small rotorcraft, each carrying a bottle of soda or some bananas…. “Is this a world that we really want to live in? Isn’t the idea itself just a bunch of bananas, lacking in any semblance of common sense? At this point it’s worth remembering that Amazon – like Google, UPS, and FedEx – is a US company designing things for a world that looks like America: a huge land mass, open spaces, grid-like cities with hundreds of miles between them, long straight roads, and thousands of rural communities. In that world, drone deliveries make perfect sense, and the same applies to China. But in densely-populated European countries, with their ageing cities and creaking infrastructures, the concept is a less easy fit. Taken together, the constant risk, noise nuisance, and intrusion into people’s lives seem extreme – all to deliver items that you could pick up from a local shop.”

Middleton concludes with a hope—that it does not take a disaster before regulatory agencies carefully consider the potential ramifications of giving the likes of Amazon, UPS, FedEx free rein throughout our skies.

Cynthia Murrell, October 1, 2020

Palantir Technologies: Minor Questions Remain

DarkCyber noted “Techie Software Soldier Spy: Palantir, Big Data’s Scariest, Most Secretive Unicorn, Is Going Public. But Is Its Crystal Ball Just Smoke and Mirrors?” The write up joins the caravan of publications digging into the ins and outs of the intelware business.

There are precedents for a vendor of specialized services becoming a public company. One example is Verint, and there are others. Sometimes the lineage of an intelware company can be difficult to figure out. There are start ups in Cypress; there are partnerships in Herzliya; and there are Byzantine limited liability operations in midtown Manhattan.

What’s striking about Palantir is that the coverage has been content with the jazzy bits. DarkCyber understands the need to create buzz and capture eyeballs. The write up uses an interesting quotation from Admiral Poindexter, an interesting person who may be qualified to explain intelware:

“When I talked to Peter Thiel early on, I was impressed with the design and the ideas they had for the user interface,” Poindexter told me recently. “But I could see they didn’t have — well, as you call it, the back end, to automatically sort through the data and eliminate that tedious task for the users. And my feedback from the people who used it at the time, they were not happy with it at all. It was just much too manual.”

DarkCyber wondered:

1. Why the write up did not explore the i2 Analyst’s Notebook vs.. Palantir legal matter. That activity suggested that Palantir may have had some interest in a proprietary file format and allegedly worked in interesting ways to obtain closely guarded information. A related question is, “Why would bright start up engineers resort to allegedly questionable methods to figure out a file format?” Too bad the write up ignores a legal matter which illuminates Palantir’s methods.
2. Why is Palantir running into the revenue ceiling which other vendors of search and content processing systems for government entities hit? Are there too few customers? Did Autonomy, another search and content processing company, bumped into the revenue ceiling too? Is there a elephant standing in a pool of red ink in the accounting departments of some search and content processing companies?
3. Why are intelware vendors offering their products and services under generous free trials programs to the known customers with allocated funds for such systems? And in parallel, the vendors are working overtime to find someone with deep pockets to buy these start ups?
4. How similar are the products and services of intelware vendors? Why is innovation confined to graphics and innovation confined to recycling ideas in circulation for decades? One of the DarkCyber team observed, “Isn’t Palantir Gotham Titan the old Analyst’s Notebook with a pop up wheel on the right mouse button?” (I hire skeptical and maybe slightly cynical engineers I think.)
5. Could it be that in the “real world” of fast-moving events the intelware vendors’ products don’t work all that well? Is it time for deeper analysis of comparable products and services? How does Palantir stack up against Voyager Labs’ offerings or the the LookingGlass system.
6. Why doesn’t smart software do a better job of importing data? What has Datawalk figured out that eludes the Palantirians?
7. Why do some Palantir Gotham installations remain idle? Is it because even the simpler interface is too quirky to use when real-time events generate pressure? Is it difficult for some licensees to allocate staff to use the system in order to become masters of the dataverse?
8. Why haven’t Wall Street pushes generated more revenue? What happened to the Thomson Reuters’ deal?
9. How long did it take Palantir to stand up its first version of its system after the core team decided the move forward with Gotham? (If you know the answer, write benkent2020 @ yahoo dot com. We know the answer and the winner will receive a copy of CyberOSINT: Next Generation Information Access. Free too. Almost like a trial of the products and services from an intelware start up.)

There are other questions the DarkCyber team considers important as well. Perhaps a “real news” outfit will dig into the intelware market, track the technologies, the inter-company tie ups, and the use cases or in some cases the dis-use cases for these products and services?

DarkCyber, however, finds the idea of Palantir’s going public interesting. Was the point of the exercise financial escape for increasingly concerned investors and grousing employees? Too many questions and too few answers still I think.

Stephen E Arnold, October 1, 2020

Thinking about Security: Before and Earlier, Not After and Later

Many factors stand in the way of trustworthy AI, not the least of which is the involvement of those for whom a raise, a bonus, or a promotion is involved. Then there is the thorny issue of bias built into machine learning. InformationWeek, however, looks at a few more straightforward threats in its article, “Dark Side of AI: How to Make Artificial Intelligence Trustworthy.”

Gartner VP and analyst Avivah Litan notes that, though AI is becoming more mainstream, security and privacy considerations still keep many companies away. They are right to be concerned—according to Garnter’s research, consumers believe responsibility lies with organizations that adopt AI technology, not the developers or vendors behind it. Litan describes two common ways bad actors attack AI systems: malicious inputs and query attacks. She writes:

“Malicious inputs to AI models can come in the form of adversarial AI, manipulated digital inputs or malicious physical inputs. Adversarial AI may come in the form of socially engineering humans using an AI-generated voice, which can be used for any type of crime and considered a ‘new’ form of phishing. For example, in March of last year, criminals used AI synthetic voice to impersonate a CEO’s voice and demand a fraudulent transfer of $243,000 to their own accounts….“Query attacks involve criminals sending queries to organizations’ AI models to figure out how it’s working and may come in the form of a black box or white box. Specifically, a black box query attack determines the uncommon, perturbated inputs to use for a desired output, such as financial gain or avoiding detection. Some academics have been able to fool leading translation models by manipulating the output, resulting in an incorrect translation. A white box query attack regenerates a training dataset to reproduce a similar model, which might result in valuable data being stolen. An example of such was when a voice recognition vendor fell victim to a new, foreign vendor counterfeiting their technology and then selling it, which resulted in the foreign vendor being able to capture market share based on stolen IP.”

Litan emphasizes it is important organizations get ahead of security concerns. Not only will building in security measures at the outset thwart costly and embarrassing attacks, it is also less expensive than trying to tack them on later. She recommends three specific measures: conduct a threat assessment and carefully control access to and monitoring of training data/ models; add AI-specific aspects to the standard software development life cycle (SDLC) controls; and protect and maintain data repositories to prevent data poisoning. See the article for elaboration of each of these points.

Cynthia Murrell, September 30, 2020

Hacking a Mere Drone? Up Your Ante

So many technology headlines are the stuff that science fiction is made of. The newest headline is a threat is something not only out of science fiction but also from the suspense genre says Los Angeles Air Force Base: “SMC Team Supports First Satellite Hacking Exercise.”

For a over the year, the Space and Missile Systems Center (SMC) experts in ground and satellite technology led a satellite hacking exercise. The event culminated in the Space Security Challenge 2020: Hack-A-Sat. The Special Programs Directorate and the Enterprise Corps Cross Mission Ground and Communications cyber operations team combined their forces for the exercise:

“This challenge asked security researchers, commonly known as hackers, from across the country and around the world to focus their skills and creativity in solving cybersecurity challenges on space systems. These white-hat ethical hackers are members of the research and security communities focused on legally and safely finding vulnerabilities for many different types of systems. This challenge focused on bridging the gap between space, cyber and security communities and growing these ecosystems.”

DEF CON controlled the exercise environment so the teams could practice their skills safely and securely. The competitors explored the satellite system, including the radio frequency communications, ground segments, and satellite bus. The Hack-A-Sat was basically war games with code. The purpose was to expose the experts to new systems they otherwise might not have access to.

The teams want to practice their skills in simulations and Hack-A-Sat events in preparation for real life events. The more real life scenarios the experts experience the more prepared they are to troubleshoot system errors and emergencies.

The Hack-A-Sat event is part of the future mission to the moon and defending the

United States from enemy threats. However, if the United States can undertake these exercises, bad acting countries can as well. It would be horrible if authoritarian governments discovered how to hack US satellites. The metaphor is scary but apt: could the equivalent of a 9/11 terror attack happen by satellite hacks?

Whitney Grace, September 29, 2020

DarkCyber for September 22, 2020, Now Available: Bogus Passports, Chinese Data and Apps, and the Dronut Drone

DarkCyber for September 22, 2020, is now available. This week’s program features an update on falsified documents, three stories about China, and a report about the Dronut. You can view the video on YouTube. The video is available via the Beyond Search blog.

Kenny Toth, September 22, 2020

https://youtu.be/AOTJhU4VC9s

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • A Less Crazy View of AI: From Kathmandu via Tufts University
  • Google Cracks Infinity Which Overshadows Quantum Supremacy Maybe?
  • Another Cultural Milestone for Social Media
  • An Interesting Prediction about Mobile Phones
  • Taming AI Requires a Combo of AskJeeves and Watson Methods

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org