The internet decides it’s own existance

The Internet is a busy place. Every second, approximately 6,000 tweets are tweeted; more than 40,000 Google queries are searched; and more than 2 million emails are sent, according to Internet Live Stats, a website of the international Real Time Statistics Project.

But these statistics only hint at the size of the Web. As of September 2014, there were 1 billion websites on the Internet, a number that fluctuates by the minute as sites go defunct and others are born. And beneath this constantly changing (but sort of quantifiable) Internet that’s familiar to most people lies the “Deep Web,” which includes things Google and other search engines don’t index. Deep Web content can be as innocuous as the results of a search of an online database or as secretive as black-market forums accessible only to those with special Tor software. (Though Tor isn’t only for illegal activity, it’s used wherever people might have reason to go anonymous online.)

Combine the constant change in the “surface” Web with the unquantifiability of the Deep Web, and it’s easy to see why estimating the size of the Internet is a difficult task. However, analysts say the Web is big and getting bigger.

Data-driven

With about 1 billion websites, the Web is home to many more individual Web pages. One of these pages, www.worldwidewebsize.com, seeks to quantify the number using research by Internet consultant Maurice de Kunder. De Kunder and his colleagues published their methodology in February 2016 in the journal Scientometrics. To come to an estimate, the researchers sent a batch of 50 common words to be searched by Google and Bing. The researchers knew how frequently these words have appeared in print in general, allowing them to extrapolate the total number of pages out there based on how many contain the reference words. Search engines overlap in the pages they index, so the method also requires estimating and subtracting the likely overlap.

According to these calculations, there were at least 4.66 billion Web pages online as of mid-March 2016. This calculation covers only the searchable Web, however, not the Deep Web.

So how much information does the Internet hold? There are three ways to look at that question, said Martin Hilbert, a professor of communications at the University of California, Davis.

“The Internet stores information, the Internet communicates information and the Internet computes information,” Hilbert told Live Science. The communication capacity of the Internet can be measured by how much information it can transfer, or how much information it does transfer at any given time, he said.

In 2014, researchers published a study in the journal Supercomputing Frontiers and Innovations estimating the storage capacity of the Internet at 10^24 bytes, or 1 million exabytes. A byte is a data unit comprising 8 bits, and is equal to a single character in one of the words you’re reading now. An exabyte is 1 billion billion bytes.

One way to estimate the communication capacity of the Internet is to measure the traffic moving through it. According to Cisco’s Visual Networking Index initiative, the Internet is now in the “zettabyte era.” A zettabyte equals 1 sextillion bytes, or 1,000 exabytes. By the end of 2016, global Internet traffic will reach 1.1 zettabytes per year, according to Cisco, and by 2019, global traffic is expected to hit 2 zettabytes per year.

One zettabyte is the equivalent of 36,000 years of high-definition video, which, in turn, is the equivalent of streaming Netflix’s entire catalog 3,177 times, Thomas Barnett Jr., Cisco’s director of thought leadership, wrote in a 2011 blog post about the company’s findings.

In 2011, Hilbert and his colleagues published a paper in the journal Science estimating the communication capacity of the Internet at 3 x 10^12 kilobits per second, a measure of bandwidth. This was based on hardware capacity, and not on how much information was actually being transferred at any moment.

In one particularly offbeat study, an anonymous hacker measured the size of the Internet by counting how many IPs (Internet Protocols) were in use. IPs are the wayposts of the Internet through which data travels, and each device online has at least one IP address. According to the hacker’s estimate, there were 1.3 billion IP addresses used online in 2012.

The Internet has vastly altered the data landscape. In 2000, before Internet use became ubiquitous, telecommunications capacity was 2.2 optimally compressed exabytes, Hilbert and his colleagues found. In 2007, the number was 65. This capacity includes phone networks and voice calls as well as access to the enormous information reservoir that is the Internet. However, data traffic over mobile networks was already outpacing voice traffic in 2007, the researchers found.

 

Editor’s note: Original Source: ‘Live Science’


Stephanie Pappas. “How big is the Internet, Really?”

Live Science. N.p., Web. 21 July. 2016.

Technology over-powering human behavior – Pokemon Go

Since the game’s US launch last week, I have personally seen plenty of people on the streets playing Pokémon Go and from what I’ve heard, many can say the same. Based on some initial data, it seems that pretty much no technology comes close to the rate of adoption that this single app has seen in the past few days. It’s been a wild ride to say the least.

The app is still the top download on both app stores, and there have already been dozens of articles across the web telling the stories of many aspiring Pokémon trainers — everything from robberies to sore legs. Pokémon Go has already become a (mostly) global phenomenon and from what we’ve seen so far, it’s technology at its very best.

For the uninitiated, trainers in the Pokémon universe — and, with Pokémon Go, in the real universe as well — roam around capturing Pokémon, battling others, and visiting gyms to level up.

However, this game is a childhood dream come true for many. Pokémon Go is the opportunity to actually become a “Pokémon Master” as it is called and roam the world to capture, collect, and battle. Technology has long made things once deemed science fiction a reality, but, apparently, no dream of personal computers, video calls, or virtual reality, comes close to the feeling of just pure nostalgia.

It’s For Everybody

You can’t help but feel wonder at how far technology has come. Pokémon was created in 1995, with the first Game Boy game coming a year later and the first anime series popping up in 1997. With globalization in full force, the Japanese invention quickly spread around the world.

With 279 million games sold as of February 2016, Pokémon is the second best-selling video game franchise — only behind the Mario series from Nintendo proper. It’s a global franchise and its many iconic characters — including, perhaps most notably, Pikachu — have left a significant mark on pop culture.

Many growing up in the late 90s and early 2000s distinctly remember watching Pokémon as part of early Saturday cartoons. It’s been almost 20 years since, and those early watchers are now in early adulthood, thus making the nostalgia factor super-potent for those who are now some of the most active on social media. It’s not a mystery why the game has spread like wild fire.

Over the past few days, there have been countless examples of people from all backgrounds and ages coming together to play Pokémon Go in the real world. From major metropolitan cities to smaller towns, people on the hunt for Pokémon will recognize those who are also playing the game and end up exchanging a few words. I can attest to this even in my relatively small neighborhood.

It’s remarkable really, helping people do so much as lose weight and get out of their houses — many are even claiming that the game is already helping their mental health.

Encouraging People to be Social

But since the Pokémon universe is innately social, a number of activities can be done as a group in Pokémon Go. As Pokémon are not in limited supply, a bunch of people can go out together and capture the same creature from the exact same location. It limits competition in some regard, but causes the game to be much less confrontational and makes people more willing to share tips.

Half a dozen people playing at a local mall and struck up a conversation. Half of them were carrying battery packs to extend their game play, and one pair said they traveled quite a distance together to come to this mall as it had a number of PokéStops and gyms to claim. As I was riding an escalator, tapping and swiping away on Pokémon Go, a stranger asked what team I was on and we ended up having a quick conversation. Being a normally shy person, I felt surprisingly comfortable to ask other people the same question when I came across them in the park.

There are just so many stories of people telling total strangers tips about where to find Pokémon and striking up conversations — many that extend beyond the Pokémon game as well. In one particularlyfunny example, a player was (assuming the story is true) convinced to join a particular team for purposes of dominating the neighborhood, and a cop joined in as well.

Introducing AR to the Real World

It’s rare for an emerging technology to have an example product that can so perfectly showcase its potential to a wide swath of everyday people. The most obvious use of augmented reality in Pokémon Go is the ability to capture Pokémon against a live camera feed. This has resulted in both funny and rather jarring pictures of Pokémon ending up at the dinner table, at weddings, and even in the midst of protest.

While not as useful as a true heads-up display, this is still augmented reality — and it’s being introduced to a world still mostly unfamiliar with the tech in the most friendly way possible.  When a consumer, compromise-free gadget like HoloLens or the much touted Magic Leap headset is introduced, people will remember Pokémon Go, and games like it could end up being at least one killer use case for the tech.

A Platform for Good

People work, play, and spend a majority of their time in a connected virtual realm through the use of VR headsets. And these virtual- to real-world connections could potentially become very real with games like Pokémon Go.

In addition to in-app purchases imagine Niantic partnering with stores to show advertisements in Pokémon Go. Imagine stores — such as GameStop or Walmart — paying Niantic for a spot on the map to get players in their doors. Assuming the game doesn’t go as fast as it came, there will be many opportunities for the game to evolve into more than just a game over time.

And while outright in-universe advertising might ruin the game, there are some physical real world partnerships that could be struck (again, assuming the game is even still popular once the summer is over and kids everywhere go back to school). What if Niantic partnered with parks, libraries and other safe, open spaces to establish larger gyms or PokéStops? Theoretically, Pokémon Go could have dedicated physical hubs in the real world.

Approximately 20 years after its creation, Pokémon Go gives us a peek at an augmented reality future, but it’s also just a dream come true for many, many fans. Niantic Labs and The Pokémon Company managed to create a smartphone game that, in true Pokémon fashion, incorporates real-world social interaction — dating back to the days of connecting Game Boys together with link cables. And that’s undoubtedly one of the key reasons Pokémon Go has become such a hit.

Yesterday people used to watch at their clock so that they could reach  home and today, all they do is wander at random streets with no time-constraints. Is this game changing the human behavior?  Is technology over-powering human behavior?

Editor’s note: Article inspired from ‘9TO5Google’


Abner Li. “Opinion: Pokémon Go is technology at its absolute best”

9TO5Google. N.p., Web. 14 July. 2016.

Artificial, Artifical Intelligence

COMPUTERS still do some things very poorly. Even when they pool their memory and processors in powerful networks, they remain unevenly intelligent. Things that humans do with little conscious thought, such as recognizing patterns or meanings in images, language or concepts, only baffle the machines.

These lacunae in computers’ abilities would be of interest only to computer scientists, except that many individuals and companies are finding it harder to locate and organize the swelling mass of information that our digital civilization creates.

The problem has prompted a spooky, but elegant, business idea: why not use the Web to create marketplaces of willing human beings who will perform the tasks that computers cannot? Jeff Bezos, the chief executive of Amazon.com, has created Amazon Mechanical Turk, an online service involving human workers, and he has also personally invested in a human-assisted search company called ChaCha. Mr. Bezos describes the phenomenon very prettily, calling it “artificial artificial intelligence.”

Amazon Mechanical Turk (MTurk) is a crowdsourcing Internet marketplace enabling individuals and businesses (known as Requesters) to coordinate the use of human intelligence to perform tasks that computers are currently unable to do. Employers are able to post jobs known as Human Intelligence Tasks (HITs), such as choosing the best among several photographs of a storefront, writing product descriptions, or identifying performers on music CDs. Workers (called Providers in Mechanical Turk’s Terms of Service, or, more colloquially, Turkers) can then browse among existing jobs and complete them in exchange for a monetary payment set by the employer. To place jobs, the requesting programs use an open application programming interface(API), or the more limited MTurk Requester site.

“Normally, a human makes a request of a computer, and the computer does the computation of the task,” he said. “But artificial artificial intelligences like Mechanical Turk invert all that. The computer has a task that is easy for a human but extraordinarily hard for the computer. So instead of calling a computer service to perform the function, it calls a human.”

Mechanical Turk began life as a service that Amazon itself needed. (The name recalls a famous 18th-century hoax, where what seemed to be a chess-playing automaton really concealed a human chess master.) Amazon had millions of Web pages that described individual products, but it wanted to weed out the duplicate pages. Software could help, but algorithmically eliminating all the duplicates was impossible, according to Mr. Bezos. So the company began to develop a Web site where people would look at product pages and be paid a few cents for every duplicate page they correctly identified.

Mr. Bezos figured that what had been useful to Amazon would be valuable to other businesses, too. The company opened Mechanical Turk as a public site in November 2005. Today, there are more than 100,000 “Turk Workers” in more than 100 countries who earn micropayments in exchange for completing a wide range of quick tasks called HITs, for human intelligence tasks, for various companies.

Mechanical Turk’s customers are corporations. By contrast, ChaCha.com, a start-up in Carmel, Ind., uses artificial artificial intelligence — sometimes also called crowdsourcing — to help individual computer users find better results when they search the Web. ChaCha, which began last year, pays 30,000 flesh-and-blood “guides” working from home or the local coffee shop as much as $10 an hour to direct Web surfers to the most relevant resources.

Amazon makes money from Mechanical Turk by charging companies 10 percent of the price of a successfully completed HIT. For simple HITs that cost less than 1 cent, Amazon charges half a cent. ChaCha intends to make money the way most other search companies do: by charging advertisers for contextually relevant links and advertisements.

Harnessing the collective wisdom of crowds isn’t new. It is employed by many of the “Web 2.0” social networks like Digg and Del.icio.us, which rely on human readers to select the most worthwhile items on the Web to read. But creating marketplaces of mercenary intelligences is genuinely novel.

What is it like to be an individual component of these digital, collective minds?

THERE have been two common objections to artificial artificial intelligence. The first, searching on ChaCha, is that the networks are no more intelligent than their smartest members. Katharine Mieszkowski, writing last year on Salon.com, raised the second, more serious criticism. She saw Mechanical Turk as a kind of virtual sweatshop. “There is something a little disturbing about a billionaire like Bezos dreaming up new ways to get ordinary folk to do work for him for pennies,” she wrote.

The ever-genial Mr. Bezos dismisses the criticism. “MTurk is a marketplace where folks who have work meet up with folks who want to do work,” he said.

Why do people become Turk Workers and ChaCha Guides? In poor countries, the money earned could offer a significant contribution to a family’s wealth. But even Mr. Bezos concedes that Turk Workers from rich countries probably can’t live on the small sums involved. “The people I’ve seen commenting on blogs seem mostly to be using MTurk as a supplemental form of income,” he said.

We probably have at least another 25 years before computers are more powerful than human brains, according to the most optimistic artificial intelligence experts. Until then, people will be able to sell their idle brains to the companies and people who need the special processing power that they alone possess through marketplaces like Mechanical Turk and ChaCha.

Editor’s note: Article inspired from ‘NY Times’


Jason Pontin. “Artificial intelligence, with help from humans”

NY Times. N.p., Web. 07 July. 2016.

Drone Data Sparks a New Industrial Revolution

From farming to mining to building, the increasing availability of drones and the information they can map is changing how companies do business.

Businesses are learning that sometimes the best way to boost the bottom line is by reaching for the sky.

Commercial drone usage across a wide variety of industries is exploding as businesses take advantage of rapidly advancing technology and falling hardware prices to incorporate the technology into their work flow.

“Incorporation of commercial drones is going to continue to grow exponentially,” says Darr Gerscovich, senior vice president of marketing at DroneDeploy.

To date, the aerial data consulting company’s clients have used DroneDeploy drone software to map more than 2 million acres across 100 countries. It helps dozens of industries collect and interpret drone data. “We’re seeing a tipping point now, but it’s the first of many tipping points,” he said.

“Businesses are finding a tremendous amount of value in having aerial intelligence,” Gerscovich continued. “Getting data, and making sense of the data.”

In a little more than a year, DroneDeploy clients mapped an area larger than the state of Delaware, and they’re adding aerial data four times faster this year. Drone-captured data, it seems, is in high demand.

More than Google Earth

It’s tempting to think of commercial drone usage as a more detailed version of Google Earth, but the information is far more dynamic.

“Who are the primary users of Google Earth?” Gerscovich asked. “You and me—people with a goal of getting from point A to point B. Roads may change over time, but they typically don’t change that often.”

For Gerscovich’s clients, however, the surveyed areas change constantly.

“We’ve had plenty of examples where Google Earth or another satellite image provider just shows a bunch of trees or a wooded area, and after the drone flight, we see that there’s a full solar power plant there,” he said. “Static imagery is not sufficient.”

(Looking) Down on the Farm

One of the first, and heaviest, users of commercial drones is the agriculture industry.

“Farms have hundreds or thousands of acres,” Gerscovich explained. “They largely use drones for crop scouting. It saves the time of someone going out and driving around the fields, which is one of the ways it’s been done until now.”

Instead, a drone can fly over the entire area and spot which fields farmers need to pay attention to, rather than relying on what can be seen from the nearest driving path. Growers can then upload the images to the cloud and knit them together to make a map showing the condition of an entire crop.

“You can see the entire field and identify the areas where there’s an issue,” Gerscovich said. “During growing season, they’re trying to catch issues while there’s still time to address them.”

The condition of a crop can change with a few days of rain or dry weather, so multiple drone passes are necessary to provide a constant stream of data.

Data Mining and Construction Site Insights

The mining and construction industries have also been early and avid adopters of drone technology. While farms need quick maps of large areas, building and digging sites typically are smaller, but the need for detail is much higher.

“Generally, they want to understand site progress,” Gerscovich said. “In order to get daily or monthly status updates on the stage a project is in, for a large site, it used to take a half a day to walk the entire site. Now, they can do it in 15 minutes with a drone.”

Job sites also tend to make heavy use of 3D modeling, something that can be built from detailed drone data.

“If you’re building a tower, and you’re six months into the project, you can verify the structure is being developed according to plan,” Gerscovich said, explaining that the 3D image can then be loaded into the construction company’s autoCAD system to compare the progress to the building plans.

“It helps people on site, and it also helps people back in the corporate offices to understand what’s happening,” he said.

Aerial data can also measure volume. At construction and mining sites where there are often stockpiles of moved dirt mounds or cement materials, Gerscovich said, drones can give accurate measures of just how large the mound is. Compared to other methods, such as having people climb to the top of the mound with lasers to attempt to measure it, drone technology has its advantages.

“Drones are safer, faster and about half the cost as compared to traditional ground-based volumetrics,” said Dallas VanZanten, owner of aerial mapping company Skymedia Northwest.

Inspection Gadget

An emerging market for drone technology is the inspection industry.

A DroneDeploy client in Mexico was contracted by the government to inspect 600 miles of road. Instead of employing aircraft or spending weeks driving and manually capturing data across the countryside, the company used a handful of drones and quickly produced more than eight terabytes of data.

How much is that? If the Mexican company used 16 GB smartphones, the highway data would have filled 512 of them.

Building inspectors are using drones to get a better look at the roof. Insurance companies, Gerscovich added, can use the resulting 3D images to assess damages.

“Say a tornado comes through an area,” he continued. “Instead of waiting for the claims inspector to arrive, they could fly over the area with a drone and quickly do a 3D model.”

Emergency response teams also incorporate aerial data. Drones can quickly create high-resolution maps of large areas, in, say, a wooded area, for search and rescue operations. Drones can even assist forensic specialists who need to inspect large plane or train crash sites.

“Before the inspectors arrive with cameras to start taking still images, they can create a 3D model, and then everything about the area is preserved,” Gerscovich said. “They can use it to measure distances and angles between things.”

Growth Continues to Skyrocket

In the early days of commercial drone usage, only the largest companies could afford to collect aerial data. Technology has helped lower the price of entry.

Engineering consultant Iain Butler, better known as The UAV Guy, raves that drones are, “a disruptive technology. Literally anyone can crop scout with a drone and get actionable data within minutes.”

Just a couple years ago, most of the drones used commercially were custom-made, with a price tag of $10,000 to $20,000. DroneDeploy said today companies can pay far less.

“The hardware has gotten so good, so quickly, that today a majority of drones used commercially are bought off the shelf—high-end consumer drones,” Gerscovich said.

Today, an $800 to $1,500 investment is enough to get a business airborne and collecting data.

The biggest hurdle to using consumer drones is that the batteries typically last about 30 minutes. That’s long enough to map between 60 and 80 acres before running out of power.

“Having said that, we’re seeing agricultural companies doing very large maps with off-the-shelf quad copters,” Gerscovich says. “We had one client map 4,300 acres with a quad copter. That’s 3,500 football fields—a massive effort.”

It would also take more than 35 hours and 70 battery changes. “Obviously, they’re doing this because they’re seeing substantial value. Otherwise, no one would be out there doing it for that long,” he said.

Still, companies in various industries are beginning to understand the value in the sky, and they’re finding innovative ways to use drones and help their businesses soar.

 

Editor’s note: Article reposted from ‘Drone Blog’


Shawn Krest. “Drone Data Sparks a New Industrial Revolution”

Drone Blog. N.p., Web. 30 June. 2016.

Why the fear over ubiquitous data encryption is overblown

Mike McConnell is a former director of the National Security Agency and director of national intelligence. Michael Chertoff is a former homeland security secretary and is executive chairman of the Chertoff Group, a security and risk management advisory firm with clients in the technology sector. William Lynn is a former deputy defense secretary and is chief executive of Finmeccanica North America and DRS Technologies.

More than three years ago, the former national security officials penned an op-ed to raise awareness among the public, the business community and Congress of the serious threat to the nation’s well-being posed by the massive theft of intellectual property, technology and business information by the Chinese government through cyber-exploitation.

In the wake of global controversy over government surveillance, a number of U.S. technology companies have developed and are offering their users what we call ubiquitous encryption — that is, end-to-end encryption of data with only the sender and intended recipient possessing decryption keys. With this technology, the plain text of messages is inaccessible to the companies offering the products or services as well as to the government, even with lawfully authorized access for public safety or law enforcement purposes.

The FBI director and the Justice Department have raised serious and legitimate concerns that ubiquitous encryption without a second decryption key in the hands of a third party would allow criminals to keep their communications secret, even when law enforcement officials have court-approved authorization to access those communications. There also are concerns about such encryption providing secure communications to national security intelligence targets such as terrorist organizations and nations operating counter to U.S. national security interests.

Several other nations are pursuing access to encrypted communications. In Britain, Parliament is considering requiring technology companies to build decryption capabilities for authorized government access into products and services offered in that country. The Chinese have proposed similar approaches to ensure that the government can monitor the content and activities of their citizens.

We recognize the importance our officials attach to being able to decrypt a coded communication under a warrant or similar legal authority. But the issue that has not been addressed is the competing priorities that support the companies’ resistance to building in a back door or duplicated key for decryption. We believe that the greater public good is a secure communications infrastructure protected by ubiquitous encryption at the device, server and enterprise level without building in means for government monitoring.

First, such an encryption system would protect individual privacy and business information from exploitation at a much higher level than exists today. As a recent MIT paper explains, requiring duplicate keys introduces vulnerabilities in encryption that raise the risk of compromise and theft by bad actors. If third-party key holders have less than perfect security, they may be hacked and the duplicate key exposed. This is no theoretical possibility, as evidenced by major cyberintrusions into supposedly secure government databases and the successful compromise of security tokensheld by a major information security firm. Furthermore, requiring a duplicate key rules out security techniques, such as one-time-only private keys.

Second, a requirement that U.S. technology providers create a duplicate key will not prevent malicious actors from finding other technology providers who will furnish ubiquitous encryption. The smart bad guys will find ways and technologies to avoid access, and we can be sure that the “dark Web” marketplace will offer myriad such capabilities. This could lead to a perverse outcome in which law-abiding organizations and individuals lack protected communications but malicious actors have them.

Finally, and most significantly, if the United States can demand that companies make available a duplicate key, other nations such as China will insist on the same. There will be no principled basis to resist that legal demand. The result will be to expose business, political and personal communications to a wide spectrum of governmental access regimes with varying degrees of due process.

Strategically, the interests of U.S. businesses are essential to protecting U.S. national security interests. After all, political power and military power are derived from economic strength. If the United States is to maintain its global role and influence, protecting business interests from massive economic espionage is essential. And that imperative may outweigh the tactical benefit of making encrypted communications more easily accessible to Western authorities.

History teaches that the fear that ubiquitous encryption will cause our security to go dark is overblown. There was a great debate about encryption in the early ’90s. When the mathematics of “public key” encryption were discovered as a way to provide encryption protection broadly and cheaply to all users, some national security officials were convinced that if the technology were not restricted, law enforcement and intelligence organizations would go dark or deaf.

As a result, the idea of “escrowed key,” known as Clipper Chip, was introduced. The concept was that unbreakable encryption would be provided to individuals and businesses, but the keys could be obtained from escrow by the government under court authorization for legitimate law enforcement or intelligence purposes.

The Clinton administration and Congress rejected the Clipper Chip based on the reaction from business and the public. In addition, restrictions were relaxed on the export of encryption technology. But the sky did not fall, and we did not go dark and deaf. Law enforcement and intelligence officials simply had to face a new future. As witnesses to that new future, we can attest that our security agencies were able to protect national security interests to an even greater extent in the ’90s and into the new century.

Today, with almost everyone carrying a networked device on his or her person, ubiquitous encryption provides essential security. If law enforcement and intelligence organizations face a future without assured access to encrypted communications, they will develop technologies and techniques to meet their legitimate mission goals.

 

Editor’s note: Article reposted from ‘The Washington Post’


Mike McConnell, Michael Chertoff, William Lynn. “Why the fear over ubiquitous data encryption is overblown”

The Washing Post. N.p., Web. 23 June. 2016.

Analytics could be the key to cyber defense

With Defense Department networks under constant attack, officials have been at pains to develop necessary defensive measures. One approach: big data tools and analytic capabilities that have played a big role in the past and will continue to be vitally important in defending against a vast array of attacks.

Many have called for more automation in responding to cyber incidents given the rapid pace cyber attacks occur. DOD Terry Halvorsen, however, is taking this a step further. “I want autonomous basic security tools – not automated, I want autonomous basic security tools that I can just let go that will look at my network, sensor it, and say, ‘You know what, there’s an attack happening here, we’re immediately going to quarantine this part of the network, we’re going to add some security protection,” he said at the Brocade Federal Forum on June 15, while requesting industry help in this area. “I can’t have people in that loop…it’s too fast.”

Analytic tools can help monitor network traffic and the threats coming across. These tools include the Cybersecurity Situational Awareness Analytic Cloud, or CSAAC, which aggregates and fuses data from various sensors and endpoints to analyze potential threats across the network, David Mihelcic, Defense Information Systems Agency CTO, said at an AFCEA sponsored breakfast June 15.

According to DISA, CSAAC allows for more informed decision-making based upon broader information sets driven from open source and classified components in addition to leveraging community tech transfers from other DOD entities. CSAAC also supports the Joint Information Environment – a unified command and control IT architecture shared across all the services – and the Joint Regional Security Stacks, enabling greater cross-DOD collaboration and stronger defense of the DOD Information Network.

Mihelcic announced plans to upgrade CSAAC’s underlying technology in August. This update to DISA’s big data platform will enable data in the cloud to be copied and have custom mission focused analytics run on top that don’t interact with the rest of the platform. The benefit here is “we’ll be able to take either commercially developed analytics or analytics…operated out in the field and run those against some or all of that data without necessarily having it interact with the purpose-build and certified core analytics,” Mihelcic said. This capability will really accelerate the development and deployment of analytics at the tip of the spear, he added, noting that it will enable analytics to be built on the fly.

Other analytic tools include indicators, which include reports of malicious activity. “What happened prior to our analytics is that we received these reports and by hand we would have to go and translate these reports into figuring out, OK, here’s the various countermeasures, so here’s the blocks where we’re going to put different tools to be able to defend ourselves against whatever these threats are,” Jack Wilmer, vice director for the development business center at DISA, said at the same breakfast. “So we were able to automate a lot of that and I think there’s 500 percent increase in the amount of countermeasure that each analyst could implement, basically, per day, which yielded pick your number of thousands of additional countermeasures that we could deploy every month, year, etc.”

Wilmer added that there are significant investments being made in this area. “There seems to be an endless stream of desire for, ‘Hey, maybe we could take various sources of data and come up with this metric or this analytic or all kinds of other areas,’” he said. In line with Halvorsen’s plea to industry, Wilmer said there is the desire for “more of a near real-time ability to do some of these defenses, so not necessarily having to have the people in the loop to implement things.”

Mihelcic also noted there are several opportunities for industry in hunt tools, something he said he expects to see more of in the future. The Cyber Protection Teams – which will number 68 of the eventual 133 cyber teams under Cyber Command and focus specifically on DOD’s number one mission, defense of the network – use tools to find adversaries on the network. These tools could be used “on a persistent basis to look across the information that’s available in the network to look for adversaries,” he said.

Mihelcic told Defense Systems following the panel that there are at least three commercial companies he knows of working on hunt tools, though he declined to name them. He added that these tools could and should be used by everyday administrators in addition to CPTs. “I think we’re going to need these hunt tools for our day to day systems and cyber administrators so essentially they can on a regular basis try to use the data out of the network to identify adversaries and then pass that along to the CPTs to actively eject them from the network,” he said.

The hunt mission is somewhat of a change in procedure for DOD and DISA. “The biggest change both in DOD and the commercial world … is we’re going out and hunting for the enemy on a daily basis,” John Hickey, DISA’s cyber security authorizing official, said in January. “We don’t really talk about where we’re hunting, obviously, we don’t even tell the people on the inside where we’re necessarily hunting things and we’re certainly not going to tell the folks on the outside, right?”

Officials also discussed the need for vigilance. “In almost every attack that we see … bad guys exploit the same old preventable vulnerabilities that we’ve been saying we need to prevent for 20-25 years,” DOD’s Deputy CIO for Cybersecurity Richard Hale, said.

“We’ve got to be vigilant about patching those systems. We’ve got to be vigilant about operating the systems – not just talking about the cybersecurity professionals, for the system administrators, monitoring logs, etc,” Mihelcic added.

Editor’s note:


Mark Pomerleau. “Analytics could be the key to cyber defense– DefenseSystems”

DefenceSystems. N.p., Web. 16 June. 2016.

 

Unscrambling the future of encryption

As the more subtle attempts at undermining security become impossible, spies will have to find alternative routes to access their targets. Earlier this year the UK government published the legal framework under which GCHQ and other British spies can hack, use bugging devices (or even steal and replace) computers, servers, routers, laptops, and mobile phones to either obtain information or conduct surveillance.

The guidelines create a legal framework for such behaviour under UK law, and even okays potential intelligence gathering activities which involved hacking attempts against people who are themselves not targets of intelligence agencies.

This gives some credence to Snowden’s recent claim that intelligence agencies are targeting IT staff because they have access to systems and databases.

It’s also worth noting that, despite the anguished howls from law enforcement, spy agencies and others still have plenty of data left to sift.

Firstly, encryption is really, really hard to get right: as projects like Bullrun and others have proved, the intelligence agencies and law enforcement still have plenty of ways around it. There are legal tools, for example: the UK has legislation in place which makes it an offence to not hand over encryption keys when requested by law enforcement, punishable by up to five years in prison.

And while many tech companies may well encrypt customers’ data when it is on the move — such as between datacentres — many will not secure it entirely using end-to-end encryption.

Why? Simply because they need to look at that your email or web browsing themselves in order to sell advertising against the subject matter of the email.

The advertising-driven business models of Silicon Valley rule out the pervasive use of strong end-to-end encryption, and that means intelligence agencies and police can continue to gain access to vast amounts of information.

Police and intelligence agencies still have plenty of other data sources — the metadata on communications, including who you have called, when, and for how long, CCTV, and more.

“Law enforcement agencies have access to more data now than they have had in the history of time. Pre-Facebook, how hard would it be for any law enforcement agency on the planet to find out all your known associates? They’d have to question dozens of people to find out who it is you know. They are able to get access to vast amounts of information just by asking,” said Privacy International’s Hosein.

“They complain that they’re not getting enough information but they’ve had more than they’ve ever had before,” he added.

Edinburgh Napier University’s Buchanan echoes the sentiment: “There are now so many ways that investigators can actually investigate someone who is suspected of committing a crime there isn’t really a problem. This isn’t going to shut the door.” Good old-fashioned policing and follow-the-money are still the most effective ways of catching the bad guys.

And widespread usage of strong encryption is not the worst scenario for the spies: harder to crack and harder to detect technologies are already either in existence or in development.

One such technology is steganography — hiding communications within digital images — and it’s incredibly hard to spot. Equally, quantum encryption could do away with the inherent weakness of the public key infrastructure systems used today and make messages impossible to intercept.

Still, even the experts don’t really know how the future of encryption is going to play out: there is apparently no way of accommodating both the desire of the intelligence agencies to be able to access the data they want with the safe and secure working of the web as we know it.

They are mutually exclusive, and mutually antagonistic. Like the best encryption, the problem of making national security and privacy work together seems uncrackable.

“Many of us agree with the sentiment — I am one of them — that from a security perspective you don’t want people who would do you harm being able to talk in secret. But at the same time if your answer to that is to ban encryption, that is a very bad way; the technology is not good or evil, it is the people using it,” said the University of Surrey’s Woodward.

“If we can’t secure these things, then people will die.”

Technology is unlikely to offer a way out of this impasse. As the power of supercomputers (or more likely giant cloud arrays) continues to grow, it’s easy enough to increase the size of the key — from 516, to 1024, to 2048 and onwards.

Even quantum computers, long touted as a way of cracking all encryption almost immediately, become widespread the reality is that, although they would undermine encryption in one way, they will also boost it again (thanks to something called quantum key distribution). And as Woodward notes “we’ve been talking about viable quantum computers since the 80s and they’re always 10 years away.”

But the stakes may continue to rise, as least from a certain point of view.

“The security of our common computing infrastructure is even more important now than it was back then. Back in the 1990s, the reason we won was because every economy wanted to be the best marketplace for ecommerce on the planet so they knew they could not put constraints on security technology if they wanted to enable all that ecommerce,” said Privacy International’s Hosein.

And soon those issues of privacy and security will become as concrete as the buildings we live in. With the advent of smart grids, the internet of things and smart cities, we will be using the web to monitor and control real-world systems. “If we can’t secure these things, then people will die,” he warns.

This also raises another issue: as our houses and even clothes are filled with sensors, what sort of privacy is appropriate? Is it right that we should be snooped on through our smart TV or networked baby monitor, or our webcams or smartwatches? Can we draw a line anywhere?

When President Obama was asked about the issue of encryption his response was nuanced. While he said he supported strong encryption he also noted: “The first time an attack takes place and it turns out that we had a lead and we couldn’t follow up on it, the public is going to demand answers, and so this is a public conversation that we should end up having.”

It’s entirely possible to argue that we don’t need another public debate about encryption: that we had one back in the 1990s. And that privacy had trumped national security when it came to the use of strong encryption. It’s just that the intelligence services didn’t like the answer.

But there are plenty of good reasons why we do need to go over the arguments about encryption again.

“This is a public conversation that we should end up having.”

Back in the 1990s and 2000s, encryption was a complicated, minority interest. Now it is becoming easy and mainstream, not just for authenticating transactions but for encrypting data and communications.

Back then, it was also mostly a US debate because that was where most strong encryption was developed. But that’s no longer the case: encryption software can be written anywhere and by anyone, which means no one country cannot dictate global policy anymore.

Consider this: the right to privacy has long been considered a qualified rather than an absolute right — one that can be infringed, for example, on the grounds of public safety, or to prevent a crime, or in the interests of national security. Few would agree that criminals or terrorists have the right to plot in secret.

What the widespread use of strong, well-implemented encryption does is promotes privacy to an absolute right. If you have encrypted a hard drive or a smartphone correctly, it cannot be unscrambled (or at least not for a few hundred thousand years).

At a keystroke, it makes absolute privacy a reality, and thus rewrites one of the fundamental rules by which societies have been organised. No wonder the intelligence services have been scrambling to tackle our deliberately scrambled communications.

And our fear of crime — terrorism in particular — has created another issue. We have demanded that the intelligence services and law enforcement try to reduce the risk of attack, and have accepted that they will gradually chip away at privacy in order to do that.

However, what we haven’t managed as a society is to decide what is an acceptable level of risk that such terrible acts might occur. Without that understanding of what constitutes an acceptable level of risk, any reduction in our privacy or civil liberties — whether breaking encryption or mass surveillance — becomes palatable.

The point is often made that cars kill people and yet we still drive. We need to have a better discussion about what is an acceptable level of safety that we as a society require, and what is the impact on our privacy as a result.

As the University of Surrey’s Woodward notes: “Some of these things one might have to accept. Unfortunately there might not be any easy way around it, without the horrible unintended consequences. You make your enemies less safe but you also make your friends less safe by [attacking] encryption — and that is not a sensible thing to do.”

Working at the White House, we don’t get easy problems, easy problems get solved someplace else.

And while the US can no longer dictate policy on encryption, it could be the one to take a lead which others can follow.

White House cybersecurity coordinator Michael Daniel recently argued that, as governments and societies are still wrestling with the issue of encryption, the US should come up with the policies and processes and “the philosophical underpinnings of what we want to do as a society with this so we can make the argument for that around the planet… to say, this is how free societies should come at this.”

But he doesn’t underestimate the scale of the problem, either. Speaking at an event organised by the Information Technology and Innovation Foundation, he said: “Working at the White House, we don’t get easy problems, easy problems get solved someplace else, they don’t come to us. This is one of the hardest problems I know about, certainly that’s anywhere close to my job. And I think it’s clearly not one that’s going to be resolved easily, simply or quickly.”

Which brings us back to those civil war codenames, Bullrun and Edgehill, which may serve as an inadvertent, gloomy prophecy about the future effectiveness of the intelligence agencies, unless we have a better discussion about how security and privacy can work together online.

If not, it’s worth remembering the Cavaliers and the Confederates both won the first battles of the English and American civil wars, just as both would finally lose their bloody and divisive civil war. Perhaps, after a few early victories in the new crypto war, the intelligence agencies may face a similar defeat, outpaced by encryption in the long term.

It may be that in a few decades, the spies look back at the tribulations of the first and second crypto wars with something approaching nostalgia.

Editor’s note:


Steve Ranger. “The undercover war on your internet secrets: How online surveillance cracked our trust in the web– TechRepublic”

TechRepublic. N.p., Web. 10 June. 2016.

 

The Encryption Backlash

Of course, it’s often argued that all of this activity is simply the NSA (National Security Agency) doing their job: they break codes and have done so for decades, to make sure that criminals, terrorists, and others cannot plot in secret. If this means exploiting weaknesses in software in order to eavesdrop on those who are plotting crime, then so be it.

As GCHQ (Government Communications Headquarters) told a government enquiry set up after the Snowden revelations: “Our goal is to be able to read or find the communications of intelligence targets.”

From that perspective, they’re doing nothing more than the code-breakers of Bletchley Park did back in WWII — cracking codes in secret to fight the country’s enemies.

But many argue that the analogy doesn’t hold: Bletchley worked on cracking codes used by, and only by, the Nazis. What the NSA and GCHQ have been doing is breaking the codes used by everyone, good and bad, both outside of the US and inside it. By doing so, they risk undermining the security of all communications and transactions.

Those weaknesses and backdoors created or discovered by the NSA and its colleagues elsewhere can be used by hackers and hostile states as easily as they can by our own intelligence agencies. Access for them to spy on the few automatically means insecurity for the rest of us.

As Snowden told the recent CeBIT conference in Germany: “When we talk about security and surveillance, there is no golden key that allows only good guys to read the communications of only terrorists.

Some privacy advocates also argue that no government should ever have such a capability to trawl through the lives of individuals. “It produces an inescapable prison. We can’t let this happen. We have to, as a matter of civic hygiene, prevent it from happening,” Phil Zimmermann, the creator of the PGP encryption algorithm, said recently.

And if the Snowden revelations themselves were an embarrassment for the intelligence agencies, the consequences for their intelligence gathering capabilities have been far worse.

In response the big internet companies such as Yahoo and Google rapidly starting encrypting this traffic to shut out the watchers. As one cryptography expert, Matthew Green from Johns Hopkins University, noted at the time: “Good job NSA. You turned Yahoo into an encryption powerhouse.”

Encrypting data links between datacentres was only the beginning. As the revelations continued to tumble out, more companies decided it was time to increase the privacy of their services, which meant even more encryption.

“If those of us in positions of responsibility fail to do everything in our power to protect the right of privacy we risk something far more valuable than money. We risk our way of life.”

“Encryption has only really become a big issue again because Snowden showed the world how insecure the infrastructure was and how it was being abused by intelligence agencies and so companies started reacting,” said Gus Hosein, the executive director of campaigning group Privacy International.

Perhaps surprisingly, given the decade-long assault on encryption, it seems the fundamentals of it remain strong, so long as it has been well implemented. As Snowden said: “Encryption works. Properly implemented, strong crypto systems are one of the few things that you can rely on,” before adding the caveat: “Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.”

Consumer applications are jumping on the encryption bandwagon. In November 2014, the popular WhatsApp messaging service also switched on end-to-end encryption for hundreds of millions of users who post billions of messages each day.

Using end-to-end encryption like this means law enforcement cannot access the messages sent at all. Previously they have been able to access communications at the datacentre with a warrant, because it would be stored there unencrypted. But end-to end encryption means that from the point it leaves one phone to the point it arrives at the other, the message is scrambled.

Apple’s iOS 8 operating system now encrypts iMessage conversations and FaceTime video chats end-to-end.

“Apple has no way to decrypt iMessage and FaceTime data when it’s in transit between devices. So unlike other companies’ messaging services, Apple doesn’t scan your communications, and we wouldn’t be able to comply with a wiretap order even if we wanted to,” the company says.

Speaking at a cybersecurity summit hosted by the White House at Stanford University, Apple CEO Tim Cook made his position clear, that providing privacy was a moral stance: “History has shown us that sacrificing our right to privacy can have dire consequences. We still live in a world where all people are not treated equally. Too many people do not feel free to practice their religion or express their opinion or love who they choose, a world in which that information can make the difference between life and death.”

“If those of us in positions of responsibility fail to do everything in our power to protect the right of privacy we risk something far more valuable than money. We risk our way of life,” said Cook.

Apple isn’t alone in this. The Electronic Frontier Foundation lists a variety of applications that to a greater or lesser extent now encrypt communications in transit or end-to-end.

The backlash had begun to gather pace.

This unexpected shift towards greater privacy caught the intelligence services and law enforcement off guard. They suddenly found that easy sources of data had gone dark. Senior officials on both sides of the Atlantic began to warn that criminals and terrorists would be able to slip through their fingers. As GCHQ’s new director Robert Hannigan said:

“Techniques for encrypting messages or making them anonymous which were once the preserve of the most sophisticated criminals or nation states now come as standard. These are supplemented by freely available programs and apps adding extra layers of security, many of them proudly advertising that they are ‘Snowden approved’.”

He wasn’t alone in voicing such fears. Late last year, one of his predecessors, Sir David Omand, gave a similar warning to a government privacy and security inquiry.

“Post-Snowden, the companies are now making their devices technically inaccessible even to themselves.”

Another unexpected consequence of the revelations about Western intelligence agencies’ behaviour is that, unsurprisingly, other nations have also demanded access to encryption keys. That’s the problem with putting backdoors into secure systems: once one nation, law enforcement agency, or legal system has them — officially or unofficially — then everybody wants one.

For example, a new anti-terrorism law in China, which could be adopted into law in 2015, would require US technology firms that want to do business in the country to turn over their encryption keys and communications records to the government.

President Obama has complained about the proposed legislation, demonstrating neatly that one country’s dangerous backdoor security vulnerability is another country’s essential tool.

Sabre88 considers encryption as a BOON and not BANE. Lets live a life with security, and the right way to do this is by encrypting every other sensitive data.

 

Editor’s note:


Steve Ranger. “The undercover war on your internet secrets: How online surveillance cracked our trust in the web– TechRepublic”

TechRepublic. N.p., Web. 02 June. 2016.

 

The undercover war on your internet secrets

A black shrouded figure appears on the screen, looming over the rapt audience, talking about surveillance. But this is no Big Brother figure seeking obedience though, rather the opposite.Perhaps even his nemesis.

NSA contractor-turned-whistleblower Edward Snowden is explaining how his former employer and other intelligence agencies have worked to undermine privacy on the internet and beyond.

“We’re seeing systemic attacks on the fabrics of our systems, the fabric of our communications… by undermining the security of our communications, they enable surveillance,” he warns.

He is speaking at the conference via a video link from Russia, where he has taken refuge after leaking the documents detailing some of the NSA’s surveillance projects. The room behind him is in darkness, giving away nothing about his exact location.

“Surveillance is not possible when our movements and communications are safe and protected — a satellite cannot see you when you are inside your home — but an unprotected computer with an open webcam can,” he adds.

Edward Snowden speaking at the CeBIT tech show
Image: Deutsche Messe, Hannover

One of the most significant technologies being targeted by the intelligence services is encryption.

Online, encryption surrounds us, binds us, identifies us. It protects things like our credit card transactions and medical records, encoding them so that — unless you have the key — the data appears to be meaningless nonsense.

Encryption is one of the elemental forces of the web, even though it goes unnoticed and unremarked by the billions of people that use it every day.

But that doesn’t mean that the growth in the use of encryption isn’t controversial.

For some, strong encryption is the cornerstone of security and privacy in any digital communications, whether that’s for your selfies or for campaigners against an autocratic regime.

Others, mostly police and intelligence agencies, have become increasingly worried that the absolute secrecy that encryption provides could make it easier for criminals and terrorists to use the internet to plot without fear of discovery.

As such, the outcome of this war over privacy will have huge implications for the future of the web itself.

The code wars

Codes have been used to protect data in transit for thousands of years, and have long been a key tool in warfare: the Caesar cipher was named after the Roman emperor who used it to protect his military secrets from prying eyes.

These ciphers were extremely basic, of course: the Caesar cipher turned a message into code simply by replacing each letter with the one three down in the alphabet, so that ‘a’ became ‘d’.

Ciphers became more sophisticated, and harder to break, over the centuries, but it was the Second World War that demonstrated the real importance of encryption — and cracking it. The work done at Bletchley Park to crack German codes including Enigma had a famous impact on the course of the war.

As a result, once the war was over, encryption technology was put on the US Munitions List alongside tanks and guns as an ‘auxiliary military technology’, which put restrictions on its export.

The real fundamental problem is the internet and the protocol it’s all based on was never intended to be secure.” - ALAN WOODWARD, SURREY UNIVERSITY

In practice, these government controls didn’t make much difference to ordinary people, as there were few uses for code-making — that is, encryption — outside the military.

But all that changed with the arrival of the personal computer. It became an even bigger issue as the huge economic potential of the web became apparent.

“The internet and the protocol it’s all based on was never intended to be secure, so if we are going to rely on the internet as part of our critical national [and] international infrastructure, which we do, you’ve got to be able to secure it, and the only way to do that is to layer encryption over the top,” explains Professor Alan Woodward, a computer security expert at the University of Surrey.

Few would be willing to use online shopping if their credit card details, address, and what they were buying was being sent across the internet for any to see.

Encryption provides privacy by encoding data onto what appears to be meaningless junk, and it also creates trust by allowing us to prove who we are online — another essential element of doing business over the internet.

“A lot of cryptography isn’t just about keeping things secret, a lot of it is about proving identity,” says Bill Buchanan, professor of computing at Edinburgh Napier University. “There’s a lot of naïveté about cryptography as to thinking it’s just about keeping something safe on your disk.”

But the rise of the internet suddenly meant that access to cryptography became an issue of privacy and economics as well as one of national security, immediately sparking the clash that came to be known as ‘the crypto wars’.

Governments fought to control the use of encryption, while privacy advocates insisted its use was essential — not just for individual freedom, but also to protect the commercial development of the nascent internet.

What followed was a series of skirmishes, as the US government and others made increasingly desperate — and unsuccessful — efforts to reassert control over encryption technologies. One example in the mid-90s involved the NSA designing the Clipper chip, which was a way to give the agency access to the communications on any devices on which the chip was installed.

Another attempt at government control during this period came with the introduction of key escrow. Under the scheme, the US government would agree to license encryption providers, if they gave the state access to the keys used to decode communications.

On top of this were rules which only allowed products that used weak and easily-cracked encryption to be exported from the US.

Remarkably there was an unwelcome reminder of those days of watered-down encryption with the appearance of the recent FREAK flaw in the SSL security standard. The vulnerability could be used to force web browsers to default to the weaker “export-strength” encryption, which can be easily broken.

Few experts even knew that the option to use the weaker encryption still existed in the browsers commonly used today — a good example of the dangerous and unexpected consequences of attempts to control privacy technologies, long after the political decisions affecting it had been reversed and forgotten.

But by the early 2000s, it appeared that the privacy advocates had effectively won the crypto wars. The Clipper chip was abandoned, strong encryption software exports were allowed, key escrow failed, and governments realised it was all but impossible for them to control the use of encryption. It was understood that if they tried, the damage they would do to the internet economy would be too great.

Individual freedoms, and simple economics, had overwhelmed national security. In 2005, one campaigning group even cheerfully announced “The crypto wars are finally over and we won!”

They were wrong.

We now know that the crypto wars were never over. While privacy campaigners celebrated their victory, intelligence agencies were already at work breaking and undermining encryption. The second stage of the crypto wars — the spies’ secret war — had begun.

Editor’s note:


Steve Ranger. “The undercover war on your internet secrets: How online surveillance cracked our trust in the web– TechRepublic”

TechRepublic. N.p., Web. 26 May. 2016.

Are we safe?

Hack the Pentagon Program

Hackers found about 90 vulnerabilities in the Defense Department’s public websites as part of a highly touted bug bounty program, officials say. Those vulnerabilities included the ability to manipulate website content, “but nothing that was… earth-shattering” and worth shuttering the program over, according to Corey Harrison, a member of the department’s Defense Digital Service.

The two-week bounty program, which Defense Secretary Ash Carter announced in Silicon Valley in March, wrapped up last week and could be a springboard for similar programs across federal government.

DDS is made up of about 15 entrepreneurs and tech hands who are trying to get the defense bureaucracy to apply a startup mentality to specific projects. A sign hanging in their office reads: “Get shit done,” Harrison said. He described an informal atmosphere in which the team is free to experiment with new tools such as the messaging application Slack. But his team’s tinkering is in some respects a world apart from DOD programming. If the broader department were to use Slack, for example, lawyers would have to make sure the application complies with Freedom of Information Act regulations.

Even the name of the bug bounty program, Hack the Pentagon, was initially controversial. “They told us the name was a non-starter, which is awesome,” Harrison said. “That’s a great place to start.”

Harrison described overwhelming interest in the program — organizers expected a couple hundred hackers to register, but ultimately there were 1,400.

Corporate bug bounty programs can be lucrative for hackers. Yahoo for example, has paid security researchers $1.6 million since 2013 for bugs, including up to $15,000 per discovery, Christian Science Monitor’s Passcode reported.

That will be the maximum possible bug bounty in the Pentagon’s pilot project, too.  An estimated $75,000 total is available to pay hackers participating in the DOD program, he said, and officials are still parsing the program data to determine allotted payments. Yet some IT security experts have been critical of the DOD program. Robert Graham, a cybersecurity inventor and blogger, has asserted that DOD’s overtures to hackers have been undercut by the department’s discouragement of researchers from conducting their own scans of DOD assets.

“More than 250 million email accounts breached” – but how bad is it really?

Reuters just broke a story about a password breach said to affect more than 250 million webmail accounts around the world. The claims come from an American cyberinvestigation company that has reported on giant data breaches before: Hold Security.

The company’s founder, Alex Holden, reportedly told Reuters that: “The discovery of 272.3 million stolen accounts included a majority of users of Mail.ru, Russia’s most popular email service, and smaller fractions of Google, Yahoo and Microsoft email users.”

The database supposedly contained “credentials,” or what Reuters referred to as “usernames and passwords,” implying that the breached data might very well let crooks right into the affected accounts without further hacking or cracking.

Stolen email accounts are extremely useful to cyber-criminals. For example, they can read your messages before you do, putting them in a powerful position to scam your friends, family, debtors or creditors out of money by giving believable instructions to redirect payments to bogus bank accounts. They can learn a raft of important personal details about your life, making it much easier for them to defraud you by taking out loans in your name. Worst of all, they may be able to trigger password resets on your other online accounts, intercept the emails that come back, and take over those accounts as well.

How bad is it?

Unfortunately, we can’t yet tell you how serious this alleged breach really is. The good news, straight off the bat, is that the figure of “272.3 million stolen accounts” is some three or four times bigger than reality. Many of the accounts were repeated several times in the database, with Holden admitting that, after de-duplication, only 57,000,000 Mail.ru accounts remained, plus “tens of millions of credentials” for Google, Yahoo and Microsoft accounts.

More good news is that if the stolen data really does include the actual passwords used by the account holders, it’s highly unlikely – in fact, it’s as good as impossible – that the database came from security breaches at any of the webmail providers listed. Properly-run web services never store your actual password, because they don’t need to; instead, they store a cryptographic value known as a hash that can be computed from your password.

The idea is that if even if crooks manage to steal the whole password database, they can’t just read the passwords out of it.Instead, they have to guess repeatedly at each password, and compute the hash of each guess in turn, until they get a match.

Poorly chosen passwords can still be cracked, because the crooks try the most likely guesses first. But a reasonably complex password (something along the lines of IByoU/nvr/GE55, short for I bet you never guess) will take so long to turn up in the criminals’ “guess list” that it becomes as good as uncrackable, especially if you change your password soon after hearing about a breach. If the passwords in this case are real, it seems likely that they were stolen directly from users as they typed them in, for example by means of malware known as a keylogger that covertly keeps track of your keystrokes.

The Linkedin Chaos

Millions of LinkedIn passwords up for sale on the dark web.

Did you change your LinkedIn password after that massive 2012 leak of millions of passwords, which were subsequently posted online and cracked within hours? If not, you better hop to it, most particularly if you reuse passwords on other sites (and please tell us you don’t)

The news isn’t good: first off, what was initially thought to be a “massive” breach turns out to have been more like a massive breach that’s mainlining steroids. At the time of the breach 4 years ago, “only” 6.5 million encrypted (but not salted!) passwords had been posted online. But now, there are a way-more-whopping 117 million LinkedIn account emails and passwords up for sale.

As Motherboard reports, somebody going by the name of “Peace” says the data was stolen during the 2012 breach. LinkedIn never did spell out exactly how many users were affected by that breach. In fact, LinkedIn spokesperson Hani Durzy told Motherboard that the company doesn’t actually know how many accounts were involved. Regardless, it appears that it’s far worse than anybody thought. Motherboard said that the stolen data’s up for sale on one site and in the possession of another.

The first is a dark web marketplace called The Real Deal that’s said to sell not only drugs and digital goods such as credit cards, but also hacking tools such as zero days and other exploits. Peace has listed some 167 million LinkedIn accounts on that marketplace with an asking price of 5 bitcoin, or around $2,200. The second place that apparently has the data is LeakedSource, a subscription-based search tool that lets people search for their leaked data. LeakedSource says it has 167,370,910 LinkedIn emails and passwords. Out of those 167 million accounts, 117 million have both emails and encrypted passwords, according to Motherboard.
Cialis from pharmtechi.com pharmacy is a great med! 5 years ago I had a girlfriend that I had to work to get her to the top )) The drug helped, it really works for 36 hours .. I was stunned!
A LeakedSource operator told Motherboard’s Lorenzo Franceschi-Bicchierai that so far, they’d cracked “90% of the passwords in 72 hours.” As far as verification goes, LinkedIn confirmed that the data’s legitimate.

On Wednesday, LinkedIn’s chief information security officer Cory Scott posted this blog post about the logins now up for sale:

“Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach.”