Facebook and Digital Money
March 4, 2019
Digital currency like Bitcoin is often associated with cyber crime. Rightly or wrongly, Bitcoin evokes images of Dark Web markets selling drugs, an association reinforced by the Silk Road bust.
Facebook, on the other hand, evokes smiles from grandmothers, but a UK investigative body characterized Facebook is more negative terms. My recollection is that the British government sees Facebook as an example of Wild West capitalism which intentionally or unintentionally enables outfits like the now defunct Cambridge Analytica.
I thought about these associations when I worked my way through “Regarding Facebook’s Cryptocurerncy.” The write up asserted:
just because Facebook launches a stablecoin cryptocurrency for peer-to-peer payments doesn’t mean people will actually use it.
Facebook’s possible angle is getting money. The write up points out:
Remittances are the obvious target market here. And it would be huge, and important, and wonderful, if Facebook were to make remittances 10x cheaper and faster … but that would require much more than fast international stablecoin transfers, because, again, those stablecoins are not legal tender at their destination, and I don’t know if you’ve noticed but businesses tend to have this whole thing about receiving legal tender.
The fix is for Facebook to find ways to get organizations to accept Facecoins.
The other angle is:
for Facebook to establish relationships with cryptocurrency exchanges worldwide, or — even more dramatically — become or sponsor exchanges themselves.
The write up is interesting, but it left me with several questions zipping through my admittedly limited brain:
- How could bad actors make use of Facecoin?
- Will Facebook provide these digital currency data to government authorities?
- What third party services will Facebook enable through an existing or new API?
- What audit mechanisms are in place?
- What if Facebook’s presumed digital currency is used for illegal activities?
I would suggest that when digital currency becomes part of an organization which the British government views in a less than positive manner, regulatory authorities may be sitting on the sidelines.
Stephen E Arnold, March 4, 2019
Fortnite: A LE and Intel Gold Mine
January 21, 2019
Fortnite is not something that old folks like me spend much effort understanding. That might be a problem if you are over 35 and engaged in enforcement activities.
Next Friday (January 25, 2019), I will giving a lecture to computer science students at one of Kentucky’s more interesting universities. I won’t define “interesting.” There is a reception with yummy university snacks, and I do not want to be dis-invited.
I have to mention the new mechanisms bad actors use to evade surveillance. One of the handy dandy tools is a game. Yep, Fortnite. That’s the game you probably don’t think about.
Consider these data points from one of my go to, real news, frightened of acquisition sources, USA Today:
- One in five parents find it “moderately difficult” to get their progeny to stop playing
- 27 percent of teens play Fortnite when in school classes
- 50 percent of the teens in the survey use Fortnite to “keep up” with their friends
- 44 percent have made a “friend” online within the game
- 47 percent of teen girls play as well
- 61 percent of teens have played.
Ah, the digital cocktail: Chat, in game money which can be used for money laundering, audio, an opportunity for grooming, learning new dances like the one Athletic Madrid’s Antoine Griezmann does when he scores a goal.
Now this game has made news in a different way.
Newsweek reported that Fortnite data have been compromised. “Fortnite Hack Could Have Accessed Accounts, V-Buck Purchases, & Chat” states:
Fortnite boasts more than 200 million active players, and a recent exploit found by Check Point Software Technologies could have put all of them at risk. The vulnerability, first discovered in November and patched by developers at Epic Games, could have been devastating. If leveraged, it would give third-parties full access to user account details, payment information and even in-game chat audio.
What’s the big deal?
Wherever there are young people, chat, digital currency, and minimal parental understanding, the game may provide:
- A Petri dish for sexual predators looking for young people to groom
- A mechanism for exchanging messages about drugs, weapons, and terrorist plans in plain view if one knows how and where to look
- A conduit for money laundering. My hunch you, gentle reader, may not know how game currencies can be used to convert illegal gains into a hot property which can sell quickly to motivated buyers.
Net net: Fortnite may be more than a game, and it may be time to do more than say, “Put down that game. Come to dinner. Now.”
I will ask the audience on Friday, “Who plays Fortnite?” I will let you know if I learn anything or just get grumbles and blank stares from students and faculty alike.
Stephen E Arnold, January 21, 2019
Dedrone Study Analyzes Drone Activity at UK Airports
January 9, 2019
We wonder if would be bad actors are reading about drones?
A very brief write-up at OodaLoop calls our attention to an interesting study—“2018 Results: Dedrone UK Airport Counter-Drone Study.” By quietly installing monitoring devices at four UK airports,
Dedrone was able to track drone incursions, and deploy counter measures, at those locations. The company shares their results in a detailed blog post, complete with charts, conclusions, and a list of sources for further research. We suggest curious readers check it out. Meanwhile, the OodaLoop piece zeroes in on these takeaways:
“With 285 drones detected over a 148-day period (just under 2 per day), the study concluding with three key learnings and next steps: ‘1. the problem of unauthorized drones at airports is real, not anecdotal: Drones have appeared and disrupted UK airports in the past year, causing loss of revenue due to closed runways. Drone pilots fly a broad spectrum of technology from different drone manufacturers, and detection technology must be able to capture all drone activity: Drone detection systems must be able to detect all kinds of drones, regardless of the manufacturer. While DJI is the global market leader in drone technology by sales, they only represent 44% of the incursions at the airports studied. 3. UK drone pilots come out to fly at airports around the same time and days, and airports can strategically prepare for increased incursions during these period: The majority of the incursions occurred on weekend afternoons when drone hobbyists may be flying drones to capture footage for personal use.’ Finally, it is important to recognize that ‘all drones near airports are a threat, regardless of the pilot’s intentions.’”
Yes, I mentioned Dedrone deployed counter measures at its test airports when incursions were discovered. Though they may seem the most obvious, airports are not the only sites at risk from pesky drones. Dedrone has leapt upon on an emerging need—to secure organizations’ airspace from the increasing risk of drone intrusions. Founded in 2014, the company brought its first solution to market the next year. Based in San Francisco, they also happen to be hiring as of this writing.
Cynthia Murrell, January 9, 2019
Amazonia, January 7, 2019
January 7, 2019
The Bezos bulldozer keeps on pushing through the virgin forest. Crunch, crunch—That’s the sound of the power of the machine creating new revenue streets and highways. Consider these bits of Amazonia:
One of the Five Eyes Is Smiling
One branch of the British government has inked a deal with Amazon to build the “Crown Marketplace.” Think in terms of the British version of GSA/DSA running on Amazon’s AWS infrastructure, buying goodies from Amazon’s warehouses, and getting some of the stuff delivered in nifty Amazon trucks. When will GHCQ follow the CIA’s approach and use Amazon for plumbing? Source: The Telegraph which dearly wants your email address.
GovCloud West: EC2 High Memory Arrives
Most commercial outfits won’t care or understand the steady expansion of the breadth and depth of the GovCloud. Mark your calendar, while some folks were guzzling Champaign, Amazon Amazon EC2 High Memory instances with up to 12 TB of memory to the US GovCloud West region. Source: Amazon itself. Want to know more about “high memory”? Click this link.
FBI Uses Amazon Facial Recognition Service
The policeware landscape is being reshaped by the Bezos bulldozer. Navigate to “FBI Pilot Programme Uses Amazon’s Controversial Facial Recognition Software.” Keep in mind that this write up comes from the ever friendly, always objective Sputnik News. The write up reports:
Sputnik reported that the artificial intelligence behind Rekognition, which can identify, track, and analyze people and recognize up to 100 faces in a single image, was being marketed by Amazon to US police departments for as little as $6 a month. That tiny fee gave law enforcement agencies access to Amazon Web Services (AWS). In turn, Amazon requested that those agencies recommend the brand to their partners, including body camera manufacturers, according to documents obtained by the American Civil Liberties Union (ACLU).
That’s a compelling price point for many law enforcement entities. True or false. Well, the secret region is a thing.
Perception Health Embraces the AWS Marketplace
The Amazon watchers at ArnoldIT.com noted this statement:
Perception Health, a leading provider of healthcare market prediction software, announced today their inclusion on the new machine learning (ML) and artificial intelligence (AI) discovery page on AWS Marketplace.
Why? Bezos’ bulldozer is turning to health. Perception Health wants to dabble in the machine learning marketplace Amazon has built along side its streaming data marketplace. Perception likes the strokes Amazon doles out to its partners. Good partner, the Bezos bulldozer rumbles softly. Source: PRNewswire
Where’s That Blog Belong?
The answer is on AWS. WordPress is a popular blogging platform. WPEngine stated:
WP Engine leverages a modern technology stack to make sure our customers have the resources they need to scale their WordPress environments. It’s why we give our customers access to a suite of developer tools they can use to build great websites, and it’s why we utilize best-in-class technologies like Amazon Web Services (AWS) to add resiliency and speed to our digital experience platform.
Different cheer, same enthusiasm. Source: WPEngine
PHP and Amazon
You know PHP. You want zero hardware to drag down your nights and weekends. You will embrace AWS Lamda. Details are in “Severless PHP on AWS Lambda.” If you want to know more about AWS Lambda, click here. Source: PHPDeveloper
Microservices on Amazon
Screw up one part of a microservice based app and you can have an exciting time of it. But what if one wants to combine the goodness of microservices with the Bezos bulldozer? No problem. Details plus code appear in “How to Deploy a Microservice Application to AWS.” Now about those microservices which don’t “service”? Sparse info, gentle reader.
H2O Analytics Run Better on AWS
Hard to believe that an Amazon partner helps market itself and Amazon with such enthusiasm. Here’s an example of nerd cheerleading:
If you haven’t started migrating your analytics to the cloud, then hopefully this will convince you to start reconsidering. The opportunity to have access to a 64, 96 or even 128 core machines with 2TB of RAM rarely crosses the path of most Data Scientists. This can mostly be accredited to the fact that most of us don’t really need such a large machine for what we need to achieve, see Szilard’s twitter posts if you need convincing. Another reason that we don’t use these big machines are purely because we just don’t have access to such machines within our working environments. Luckily for us, access to cloud computing have become more accessible and well, lets be honest, cheap as chips.
Yep, rah rah. Source: Digital Age Economist (aren’t all economists now alive “digital age economists”?)
Facial Recognition: Not for LE and Intel Professionals? What? Hello, Reality Calling
July 30, 2018
I read “Facial Recognition Gives Police a Powerful New Tracking Tool. It’s Also Raising Alarms.” The write up is one of many pointing out that using technology to spot persons of interest is not a good idea. The Telegraph has a story which suggests that Amazon is having some doubts about its Rekognition facial recognition system. What? Hello, reality calling.
The “Raising Alarms” story makes this statement, obtained from an interview with an outfit called Kairos. I circled these statements:
“Time is winding down but it’s not too late for someone to take a stand and keep this from happening,” said Brian Brackeen, the CEO of the facial recognition firm Kairos, who wants tech firms to join him in keeping the technology out of law enforcement’s hands. Brackeen, who is black, said he has long been troubled by facial recognition algorithms’ struggle to distinguish faces of people with dark skin, and the implications of its use by the government and police. If they do get it, he recently wrote, “there’s simply no way that face recognition software will be not used to harm citizens.”
The write up points out:
Many law enforcement agencies — including the FBI, the Pinellas County Sheriff’s Office in Florida, the Ohio Bureau of Criminal Investigation and several departments in San Diego — have been using those databases for years, typically in static situations — comparing a photo or video still to a database of mug shots or licenses. Maryland’s system was used to identify the suspect who allegedly massacred journalists at the Capital Gazette newspaper last month in Annapolis and to monitor protesters following the 2015 death of Freddie Gray in Baltimore.
Yep, even the Hollywood gangster films have featured a victim flipping through a collection of mug shots. The idea is pretty simple. Bad actors who end up in a collection of mug shots are often involved in other crimes. Looking at images is one way for LE and intel professionals to figure out if there is a clue to be followed.
Now what’s the difference between having software look for matches? Software can locate similar fingerprints. Software can locate similar images, maybe even the image of the person who committed a crime. The idea of a 50 year old man robbed at an ATM flipping through images of bad actors in a Chicago police station is, from my point of view, a bridge too far. The 50 year old will either lose concentration or just point at some image and say, “Yeah, yeah, that looks like the guy.”
Let’s go with software because there are a lot of bad actors, there are some folks on Facebook who are bad actors, and there are bad actors wandering around in a crowd. Don’t believe me. Go to Rio, stay in a fancy hotel, and wander around on a Saturday night. How long before you are robbed? Maybe never, but maybe within 15 minutes. Give this test a try.
Software, like humans, makes errors. However, it seems to make sense to use available technology to take actions required by government rules and regulations. That means that big companies are going to chase government contracts. That means that stopping companies from providing facial recognition technology is pretty much impossible.
I would suggest that the barn is on fire, the horses have escaped, and Costco built a new superstore on the land. Well, maybe I will suggest that this has happened.
Facial recognition systems are tools which have been and will continue to be used. Today’s systems can be fooled. I showed a pair of glasses which can baffle most facial recognition systems in my DarkCyber video a couple of months ago.
The flaws in the algorithms will be improved slowly. The challenge of crowds, lousy lightning, disguises, hats, shadows, and the other impediments to higher accuracy will be reduced slowly and over time.
But let’s get down to basics: The facial recognition systems are here to stay. In the US, the UK, and most countries on the planet. Go to a small city in Ecuador. Guess what? There is a Chinese developed facial recognition system monitoring certain areas of most cities. Why? Flipping through a book with hundreds of thousands of images in an attempt to identify a suspect doesn’t work too well. Toss in Snapchat and YouTube. Software is the path forward. Period.
Facial recognition systems, despite their accuracy rates, provide a useful tool. Here’s the shocker. These systems have been around for decades. Remember the Rand Tablet. That was in the 1960s. Progress is being made.
Outrage is arriving a little late.
Stephen E Arnold, July 30, 2018
Amazon Rekognition: The View from Harrods Creek
July 29, 2018
I read the stories about Amazon’s facial recognition system. A representative example of this genre is “Amazon’s Facial Recognition Tool Misidentified 28 Members of Congress in ACLU Test.” The write up explains the sample. The confidence level was set at 80 percent. Amazon recommends 95 percent.
The result? Twenty eight individuals were misidentified.
At a breakfast meeting this morning (Sunday, July 29, 2018) one uninformed Kentucky resident asked:
What if these individuals are criminals?
Another person responded:
Just 28?
I jotted down the remarks on my mobile phone. Ah, the Bluegrass state.
Stephen E Arnold, July 29, 2018
DarkCyber for June 5, 2018: Amazon and Its LE and Intelligence Services
June 5, 2018
The DarkCyber for June 5, 2018, is now available at www.arnoldit.com/wordpress or on Vimeo at https://vimeo.com/273170550.
This week’s DarkCyber presents an extract from Stephen E Arnold’s lectures at the Prague Telestrategies ISS conference. The conference is designed for security, intelligence, and law enforcement professionals in Europe.
Stephen’s two lectures provided attendees with a snapshot of the services Amazon’s streaming data marketplace offer to customers, developers, and entrepreneurs.
Stephen said:
The Amazon platform is positioned to provide a robust, innovative way to anonymize digital currency transactions and perform the type of analyses needed to deal with bad actors and the activities.
The information was gleaned from Amazon conference lectures, Amazon’s Web logs and documentation, and open source documents.
For example, one public document stated:
“… A law enforcement agency may be a customer and may desire to receive global Bitcoin transactions, correlated by country, with USP data to determine source IP addresses and shipping addresses that correlate to Bitcoin addresses.”
Coupled with Amazon’s facial recognition service “Rekognition” and Amazon’s wide array of technical capabilities, Amazon is able to provide specialized content processing and data services.
Stephen stated:
Instead of learning how to use many different specialized systems, the Amazon approach offers a unified capability available with a Kindle-style interface. This is a potential game changer for LE, intel, and security service providers.
In this week’s DarkCyber video, Stephen provides an eight minute summary of his research, including the mechanisms by which new functions can be added to or integrated with the system.
A for fee lecture about what Stephen calls “Amazon’s intelligence services” is available on a for fee basis. For information, write darkcyber333 at yandex dot com.
Kenny Toth, June 5, 2018
DarkCyber for May 15, 2018, Now Available
May 15, 2018
DarkCyber for May 15, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/268758291
Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.
The stories in the May 15, 2018, program are another Dark Web murder-for-hire scam goes wrong, the “Terror in the Dark” report provides information about how bad actors use the hidden Internet, a run-down of manufacturers of cell site simulators, a new map of the Dark Web, and the New Zealand teen ran a drug dealing business from his parents’ home.
Please, note that Stephen will be lecturing the week of June 4, 2018, at the Telestrategies ISS conference. He will produce and release a special report about on of our team’s research findings on June 5, 2018. Due to time zones, the go live date for the program may be different. We will announce schedule shifts in Beyond Search.
Kenny Toth, May 15, 2018
Law Enforcement and Big Data
May 11, 2018
The job of being an officer of the law has never been harder, but many on the tech side are trying to make it easier. But, as with most innovations, this might make life harder. Confused? Join the club. A recent spate of big data law enforcement innovations are due to become a hot button issue for the foreseeable future. The latest one came from a recent Boing Boing piece, “Raleigh Cops are Investigating Crime by Getting Google to Reveal the Identity of Every Mobile User Within Acres of the Scene.”
According to the story:
“Public records requests have revealed that on at least four occasions, the Raleigh-Durham police obtained warrants forcing Google to reveal the identities of every mobile user within acres of a crime scene, sweeping up the personal information of thousands of people in a quest to locate a single perp.”
Such a double edged sword. On one hand we all want wrongdoers to be handled in a lawful way, but on the other this is all getting too close to science fiction. Couple that with the recent news that smart devices like Alexa are listening to every conversation and may some day be used as evidence in court.
In Stephen E Arnold’s “Making Sense of Chat” presentation for the Telestrategies ISS conference in Prague in June 2018, he will highlight three commercial systems which can process large flows of data. He said:
The efficiencies of the new systems means that needed information can be identified and displayed to an investigator. Smart software, not a team of analysts, scans digital information, identifies content with a probability of being germane to a case, and presenting that data in an easy-to-understand report. The result is that the hand waving about invasive analysis of information is often different from the actual functioning of a modern system. Today’s newest systems deliver benefits that were simply not possible with older, often manual methods.
He plans to offer webinars on the chat topic as well as his deanonymizing blockchain lecture. Watch for details in Beyond Search and in his weekly DarkCyber video.
Patrick Roland, May 11, 2018
Policeware Lights Up Venture World
May 8, 2018
Spy agencies have has recently begun taking on a different look, that of a Silicon Valley startup. That’s because some of the world’s most secretive organizations have started to publicly proclaim that they are investing in digital spying tools. The most recent example popped up in a Jerusalem Times story, “Start-Up Spies? Mossad Enters the World of Venture Capitalism.”
The story focuses on the Israeli spy agency, Mossad, publicly starting a VC fund.
“In June, the fund was made public for the first time and previous announcements have indicated that it would invest NIS 10 million per year in five companies following a similar model to the CIA in this arena.
“The CIA’s parallel outfit is called Q-Tel, which is defined as the ‘strategic investor for the US intelligence and defense communities that identifies and adapts cutting-edge technologies.’”
This combination of entities, spy agencies and tech companies, might seem like a dream combination on the surface, but it is highly flawed. As the New York Times pointed out, being investors is not exactly what an organization like the CIA or Mossad is known for. Perhaps they have bright people handing the money in these organizations, but we wouldn’t count on it.
Patrick Roland, May 8, 2018
-
- Subscribe to Beyond Search
Feature archive
News archive
-
