Thursday, 26 May 2016

CERT-UK identify massive increase in new releases of ransomware in last 8 months

Between January 2012 and October 2015 there were 33 new releases of ransomware.

In the last 8 month this figure has jumped to 70 showing the rapid rise of pre-packaged off the shelf tools for hackers.

Ransomware delivers a virus into a system (often via a phishing email) which locks the system up totally and destroys data unless a ransom is paid within an agreed period.

The only realistic defence against this is regular offline backups of material to a secure location.

Law enforcement agencies such as the Met Police and City of London Police strongly advise against the payment of ransoms.

Monday, 23 May 2016

DeepWeb and SurfaceWeb: What lies beneath ?

There is a popular misconception that Google and the other mainstream search engines index all the content that is out there on the web (if you are prepared to dig enough). In fact, Google / Bing etc only access the surface web in much the same way that a trawler with a drag net only picks up the fish fairly close to the surface.

Perhaps, like experienced fishermen, they don't want to go too deep for fear of what might end up in the net.

Estimates vary but a very popular statistic is that the DeepWeb is about 500 times larger than the SurfaceWeb. This might seem absurd but lots of government data is stored out there in a way that is not visible to the search engines.

A part of the DeepWeb that has attracted a fair bit of media attention is the DarkWeb which can only be viewed as part of the Tor network. The websites on this section of the web have a .onion title albeit that this is not a recognised domain like a .com.

SilkRoad was the most famous site on the Tor network / dark web and was involved in almost all the illegal activities that spring to mind. The FBI and Europol have closed down a number of versions of the site (proving that nothing is 100% anonymous) but tribute sites continue to spring up.

Both the DeepWeb and DarkWeb present big challenges to both Governments and Law Enforcement all over the world.

Both the Deep and DarkWeb's have proved invaluable to individuals fighting against oppressive regimes which stifle free speech. The value is precisely because these networks are free from censorship. Anne Frank would have been posting to the DeepWeb rather than scratching away at her diaries in Hitler's Germany.

On the other hand it seems pretty absurd that a specific search engine exists on the DeepWeb to search for and supply illegal drugs.

The statement that one man's terrorist is another man's freedom fighter neatly captures the problem here. The internet is global and the standards across the globe are not consistent. Large corporations have exploited these different standards in respect of tax and regulation and the criminal fraternity are doing so in respect of criminal and civil (or common) law.

The Budapest Convention on CyberCrime seeks to address this issue and start to enforce common standards but at this point it only has 50 signatories worldwide and Russia, China and India are notably absent.

A search engine now exists called Onion City which allow access to the Dark Web without using the Tor Network. This is probably a good thing as increased visibility should facilitate regulation.

Looking forward it will be interesting to see if if the first attempts at global regulation of the internet (which is obviously required) will go for the highest common factor in terms of standards or the lowest common denominator.

Thursday, 19 May 2016

Top obvious passwords in Linked In hack: 750,000 people used 123456

Recent information has been released relating to the 2012 Linked In hack. Hopefully, given that this relates back to 2012, this information is badly out of date but below is an indication of how common very easily hacked passwords are;


123456       : 753,305 people
1234567     : 49,652 people
12345678   : 63,769 people
123456789 : 94,314 people

Tuesday, 17 May 2016

Cert-UK publish data for 2015-16 - cyber incidents increase by 85% in 12 months

Cert-UK has released data recently which paints a picture of rapidly growing cyber crime combined with the increased popularity of easy to use "off the shelf" hacking tools.

As you can see malicious code makes up the lions share of reported incidents with a further breakdown below of the types of malware that are proving the most common.

Cyber data released recently shows variations and the NTT report released at the end of April 2016 showed a decrease in DDoS attacks while Cert-UK has seen that number increase.

Taking a helicopter view what is clear is that as hacking and cyber attack becomes de-skilled the volume of attacks is rapidly increasing.

Cert-UK saw the greatest increase in Phishing as a form of attack and predicted that in 2016 Ransomware would dominate. In addition there is a very high probability of a major cyber attack on national infrastructure.

IT departments often bamboozle their line managers in respect of the security or otherwise of their systems and processes - especially if the line managers are not digital natives.

In fairness to IT departments many of the core risks are entirely people related and have no technical aspect to them but either way the knowledge that most internet connected IT systems are extremely vulnerable in spite of the machine that goes "ping", is reaching a much broader audience.

Monday, 16 May 2016

SyntaxNet and ParseyMcParseface - what do you see ?

Last week Google supercharged the artificial intelligence and machine learning landscape by releasing, for free, an advanced natural language understanding system. The technical term for breaking down a sentence into chunks a computer can understand is parsing and hence ParseyMcParseface. Take that sports lover as an old friend of mine used to say. No chilling effects here but a red hot acetylene blowtorch.

Detailed information on this and the free software download can be found HERE

On one level this is an amazing advance which will allow developers and coders all over the world to benefit from capabilities they could never have developed themselves. This could lead to various challenges being solved in a much shorter time frame related to health, food supply etc etc and the greater good.

Perhaps the various commercial businesses who were developing similar technologies but cannot afford the "free model" will be less positive about this as a blowtorch is taken to all the revenue projections in their carefully polished business plans. Game over at a stroke probably (briefly delayed until the advisors have found a suitably padded exit of course).

A combination of Google's DeepMind artificial intelligence and the software identified above appears to put Google well ahead of any potential competitor or government. Let's hope benevolent dictatorship is the end game here and that there is not a less positive ghost in the machine lurking somewhere in the code.

What might DeepMind and all this software have to say on the concept of democracy, the EU referendum or even The Donald ?

Tuesday, 3 May 2016

10% of Amazons "workforce" are now robots

Amazon now employs about 230,000 people worldwide and has over 30,000 very cute Kiva robots whizzing about the distribution centres. Press reports suggest they are very keen to grow that number.

Take a look above at the robots in action.

If these Kiva Robots did not exist we can speculate that Amazon would perhaps hire another 30,000 people and pay the payroll taxes etc that would go with that. Perhaps some of the people replaced by the Kiva Robots are now entirely dependent on the government for support in their local jurisdiction.

As a purely theoretical exercise we could assume that these workers would have been paid an average of $25,000 per year which was taxed at an average of 20%. Over ten years this is a loss of $1,500,000,000. No account taken here if additional state support is needed.

From a perfectly reasonable Amazon perspective they are making the supply chain as efficient as possible and meeting the perceived needs of the consumer

With companies such as Rockwell Automation (global sales $7 billion) entirely focused on automating industrial processes it is safe to assume that we are at the start of a pretty rapid acceleration of the shift to automation and robotics operating with a degree of AI.

It must therefore be a very interesting debate with companies such as Amazon as to how much tax they pay in any jurisdiction given that they can massively reduce the tax bill by introducing more robots. No doubt companies such as Amazon will struggle over time with the fairly thin argument about being based in an offshore jurisdiction but they can counter that by stripping out the local workforce and replacing it with robots.

Politicians are in for a pretty tough time as it seems possible that automation on a mass scale will have an even greater impact on the average person than globalisation and the democratic process will start to come under massive pressure if all the wealth becomes too concentrated in the hands of a few global highly automated companies and their shareholders, directors and employees.

The free market philosophy is going to have to work very hard to defend itself if inequality starts to edge up further and the support of the middle class for Trump in the USA suggests tempers are already running pretty hot.