Data Analysis Shortcomings

    The increasing amounts of data available on the Internet for analysis are presenting challenges for analysts.  Government agencies collect enormous amounts of data daily.  There are consistently new methods presented to store and manage all of the data until it can be analyzed.  Unfortunately, it is impossible for analysts to review all of this data.  This is where data tools become necessary. 

     Data analysis tools have limitations.  One of the biggest limitations is not with the tools themselves, but rather the user.  This becomes clear if users do not know how to get the most out of a tool or are not using them as they were designed simply because they do not know any better.   Analysts may not want to use these tools to assist them with their data analysis because they may focus only on the tools limitations, view them as them as threats to their jobs or they do not have the necessary skills to use the tools.  The marketing hype of analysis tools can also lead organizations to choose the wrong tools. 

    In the article Shiny, Shiny Data: The Thrill of the Chase, the author Leetaru points out that many are distracted by the shiny new object syndrome.  They believe the hype that the new data tools will change how they analyze their data and blindly use the new tools simply because they are easy to use.  The fault with only using tools because they are easy is that they are most likely using the wrong tools and this is evident specifically by their desire for an easy tool, not an accurate one.  Leetaru gives an eye opening example of this fault after he sat in on a presentation about the Syrian regime.  The presentation did not offer any sources for their data, but that it was based on billions of observations.  Leetrau asked how could it be possible to obtain that much open source, street level data on the rebels.  They disclosed that the information was obtained from Twitter.  They had scanned Twitter for English language tweets that originated in Syria, even though they knew that the software used to codify the tweets warned that the results may be invalid.  The better option would have been to monitor Facebook posts in Arabic language because that is how the rebels were communicating.  Twitter was used simply because the data was easier to access, easier to use and no one on the team spoke Arabic. 

     While there are many good tools available for analysts there seems to be a failure for Silicon Valley to develop applications specific to Washington's needs and Washington fails to recognize which tools would be most beneficial for their needs.  Leetaru recommends that Washington needs to increase their data literacy and Silicon Valley needs to increase their application literacy.  This is necessary to bring the two together to pursue data driven intelligence and policy making.  In order for organizations to be choosing the appropriate tools for their data analysis they need to be working more closely with those that are developing the software.  


Reference:

Leetaru, K. (2014, May 14). Shiny, Shiny Data: The Thrill of the Chase. Retrieved July 22, 2014, from Foreign Policy: http://www.foreignpolicy.com/articles/2014/05/14/nsa_intelligence_big_data_tradecraft_silicon_valley

      

Project Zero

     Google just announced their new project that will help combat cybercrime.  It is called Project Zero and is comprised of a highly skilled researchers.  The scale of this project is setting the stage for the rest of the cybercommunity.  This of course is no small feat as there is a seemingly endless amount of vulnerabilities and cyberthreats on the Internet.  Instead of waiting for cyberthreats to takeover the Internet, Google is trying to find and stop them before they become massive attacks. 
     
     The goal for Google is to make the Internet safe for everyone to use.  The secondary goal behind Project Zero is to drive best practices and to create a greater awareness of security vulnerabilities.  All software will be scoured by the team for potential threat, not just those that are found within Google's software.  After they discover any threats or vulnerabilities they will notify the vendor and then file a bug report in the public database.  Hopefully this large initiative by Google will cause others to follow their lead and work on seeking out and fixing threats promptly.  Currently there are venders who are aware of security vulnerabilities and do not fix them in a timely manner.  These vendors will often take months or even years to fix the vulnerabilities in their software.  

     The research team is not complete yet, but already contains some very impressive talent.  George Hotz discovered how to crack a locked iPhone in 2007, reversed engineered the PlayStation 3, and exposed the weaknesses in Google Chrome.  Unlike the other companies who ignored him or made a deal for him to never hack their products again, Google paid him $150,000 to help fix the security flaw he uncovered in Google Chrome.  He was then offered a job to join Project Zero.  Chris Evans was also chosen to be a part of the team after his work on the Google Chrome project.  Ben Hawkes has found dozens of software bugs.  Another reputable bug hunter to join the team is Tavis Ormaandy.  He proved that zero day vulnerabilities are possible in antivirus software.  With this type of talent and even more to be added, it appears that Google will be successful in uncovering cyberthreats and help vendors to be more proactive in correcting the threats.

Adhikari, R. (2014, July 15). Google's Project Zero Cybersecurity Watch: No Excuses. Retrieved July 19, 2014, from TechNewsWorld: http://www.technewsworld.com/story/80738.html

Greenberg, A. (2014, July 15). Meet 'Project Zero,' Google's Bug0Hunting Hackers. Retrieved July 19, 2014, from WIRED: http://www.wired.com/2014/07/google-project-zero/

Wi-Fi Security Flaws

     Wireless Internet use has helped to make accessing the Internet easier.  The trend of WiFi based products has been steadily increasing.  The ease of WiFi use has carried in to everyday products designed to make people's lives easier.  Smart homes are becoming more common and the majority of the home can be controlled remotely through WiFi based products.  This of course can leave the person's network vulnerable to new wireless attacks.

     LIFX Smart LED light bulbs can be controlled remotely by mobile devices.  This convenience means a person can turn on or off all of the lights or selected lights in their home from their mobile device.  There was discovered to be a security flaw in the light bulbs WiFi that allowed an attacker to steal WiFi passwords.  The attacker could begin the hack once they discovered which bulb was the master bulb.  From there they were able to expose the user's network configuration.  LIFX utilizes a meshed network and researchers were able to inject packets into the network without any authentication.  Being able to accomplish this without authentication enables them to capture WiFi details and decrypt the credentials.  All of this occurs without ever being detected.  The researchers did conclude that a widespread attack would not be possible because the attacker would have to be located within 30 meters of wireless range.  While this is the case with LIFX, there are other wireless products on the market that have no range restrictions. 

     When companies are developing new products that can be used with WiFi they need to consider security vulnerabilities such as the ones that occurred with the LIFX light bulbs.  As Smart homes are dubbed with being more energy efficient and this technology trend will likely continue.  By doing so companies may be putting consumers at risk with such vulnerabilities. 


 

Paganini, P. (2014, July 9). Hacking LIFX Smart LED Light Bulbs to Steal WiFi Passwords. Retrieved July 10, 2014, from Security Affairs: http://securityaffairs.co/wordpress/26475/hacking/hacking-lifx-smart-led-light-bulbs-steal-wifi-passwords.html

Threat Intelligence Sharing - Week 5

     There are numerous threats that businesses face everyday.  After the Target security breach occurred there has been greater discussion about threat intelligence sharing between organizations.  It also encouraged retailers to create a formal response to manage threat intelligence information.  This process also paved the way as a means for businesses to share the threats as well as the actions they took.

     Threat information sharing is beneficial to businesses for several reasons.  It makes retailers aware of emerging security threats.  Becoming aware of threats other businesses have encountered allows them to better prepare themselves against the same type of threats.  By working together companies are helping to eliminate these threats from becoming more widespread.  This unity prevents attackers from achieving the goal they set out to reach.

     To create a trusted communication point for retailers to share threat information, collaboration was needed.  In June 2014, the National Retail Federation established "a Retail Information Sharing and Analysis Center (ISAC), which includes participants from the Department of Homeland Security and the Secret Service, which investigates large-scale credit and debit card breaches" (Westervelt, 2014).  This will be a good platform for threat information sharing, but initially it will take time for trust to be established amongst the retailers.

     In order for retailers to be better prepared to respond to threats they must establish better incident response plans as well as regularly testing them.  This will not only help retailers with their threat mitigation and response, but it will also help other retails to develop better response plans as well.  Some retailers may not have the correct tools to properly identify the threats that are occurring.  The ISAC may also provide a good resource for retailers to relay the correct and necessary tools that others should be using to properly detect threats.  This is because those involved in ISAC will have built a relationship of trust amongst one another.

     While this is a step in the right direction, it does not eliminate all of the potential problems that currently exist with threat information sharing between public and private sectors.  Often private sectors are at an advantage because they are more financially secure and can afford the necessary tools to detect the threats.  To provide better threat information sharing automation is needed.  MITRE Corporation is a nonprofit organization that is working on Structure Threat Information eXpression (STIX).  STIX is a standardized language that represents structured cyberthreat information, which allows security incidents to be properly described in a formal manner that creates a better resource for threat sharing.  It does seem that with enough cooperation threat information sharing will become extremely beneficial to those involved.

 

Westervelt, R. (2014, July 3). The Rise of Threat Intelligence Sharing. Retrieved July 4, 2014, from CRN: http://www.crn.com/news/security/300073317/the-rise-of-threat-intelligence-sharing.htm