Category Archives: Uncategorized

Some major Australian websites that aren’t secure

RENOWNED cyber security expert Troy Hunt has shamed some of Australia’s most visited websites for not being secure.

Among those that don’t encrypt the data travels between users and the website include Australia’s Bureau of Meteorology website,, and the ABC website.

These websites are among a minority that do not use HTTPS – the secure version of the web’s underlying data transfer protocol. The ‘S’ part of the acronym is the important bit.

It stands for Hyper Text Transfer Protocol Secure and is the protocol over which data is sent between your browser and the website that you are connected to.

The ‘S’ on the end means that communication between your browser and the website is encrypted before it travels online.

Web browsers such as Internet Explorer, Firefox and Chrome display a padlock icon in the address bar in front of the web address to indicate that an HTTPS connection is in effect.

Alternatively, websites like the ABC and the BOM site rely on HTTP which doesn’t scramble the data passing between you and the site.

The information in the address bar warns users the website is not secure.


Nothing about the way these websites work has changed but from today Google’s new Chrome web browser is listing all unencrypted sites as explicitly “not secure” in front of the web address. The change is part of the tech giant’s release of Chrome 68.

Google first began warning people about sites that use HTTP in early 2017 by displaying the “not secure” warning for sites that collected passwords and credit card information. The company has also subtlety favoured HTTPS-enabled sites in its search results since 2014.

Despite the push for greater encryption on the web, Mr Hunt and his colleague wanted to compile a list of major websites that still didn’t use HTTPS.

“After all the advanced warnings combined with all we know to be bad about serving even static sites over HTTP, what sort of sites are left that are neglecting such a fundamental security and privacy basic?” he wrote in his latest blog post.

The most visited Australian sites that remain unsecured as identified by Troy Hunt.

Many other, less visited sites, including the Government’s Australian Bureau of Statistics website also rely on HTTP.

About 20 per cent of the world’s 500 most popular websites are still using the non-secure protocol.

If you’re not entering any password or sharing personal data on these websites, then you don’t really need to worry too much as the risk that your security could be compromised is fairly minuscule.

But because the data carried between your device and the web server can be accessed by someone else on the network, theoretically cyber-criminals can work to intercept that information and devise ways to steal useful data or insert their own code or malicious adverts.

Henry Sapiecha

Twitter abandons ‘Do Not Track’ privacy protection

Is this the end for ‘Do Not Track’, the web-tracking privacy service?

The most shocking internet privacy laws.

Twitter was one of the first companies to support Do Not Track (DNT), the website privacy policy. Now, Twitter is abandoning DNT and its mission to protect people from being tracked as they wander over the web

DNT seemed like a good idea. By setting DNT on in your web browser, websites that supported DNT could neither place nor read advertising cookies on your device. Well, that was the idea anyway.

Any web browser or application that supported DNT added a small snippet of code to its request for a web page: DNT=1. This meant websites and services that observed DNT shouldn’t track you on the internet.

This would protect your online privacy. You might think that meant “Don’t collect and store any information about me without my explicit permission.”


From day one in 2012, that isn’t how it worked. According to Sarah Downey, an attorney and privacy advocate, the Interactive Advertising Bureau and the Digital Advertising Alliance (DAA), which represent most online advertisers, have their own interpretation of Do Not Track: “They have said they will stop serving targeted ads but will still collect and store and monetize data.”

However, Twitter played fair by the spirit of DNT rather than the law. Unfortunately, they were one of the few companies that did. DAA, for example, publicly abandoned DNT in 2013. With the advertisers and privacy advocates unable to agree on basic principles, DNT increasingly offered users no privacy protection worth the name.

Twitter finally had enough of fighting an already lost battle. In a note to its revised privacy policy, the company stated: “Twitter has discontinued support of the Do Not Track browser preference. While we had hoped that our support for Do Not Track would spur industry adoption, an industry-standard approach to Do Not Track did not materialize. We now offer more granular privacy controls.”

Under its new privacy rules, Twitter is extending how long its tracking cookies are active, from 10 days to 30 days as of June 18. You can also switch off Twitter ad personalization. From the same page, you can also disable geolocation and data sharing with third parties.

It’s a pity DNT has come to this. As Jason Kint, CEO of Digital Content Next, pointed out in an email interview: “Do Not Track still remains an elegant and simple consumer signal to not be tracked across the broader web.”

Kint remains hopeful about DNT: “Twitter dropping its support is disappointing as they were a leader here, but the standard is written regardless of what Twitter says and will continue to move forward. In the desire to regain consumer trust and reduce ad blocking, the ad tech world would be wise to embrace Do Not Track rather than ignoring it. Ultimately consumers win. No business has ever succeeded long-term without meeting consumer demands.”

I’m not at all optimistic. DNT has been spinning its wheels for years now with little progress. Online privacy remains an issue that upsets people, but at day’s end, neither companies nor the Trump administration have any real interest in protecting privacy.

Henry Sapiecha


Hi, folks!

Lots of policy changes in the cyber realm lately. Net neutrality is back again as an issue, but that’s been overshadowed by another topic in recent days. Before we get into that, though…

Still working on the report on closing. I’m trying to get permission to include something from a while back, which would be a cool addition.

That’s the problem with being involved in other people’s projects over such a long period. You know a lot of great stories, but some of them aren’t yours to tell.

I’ll keep my eyes crossed. (I need my fingers to type.

Also, before we get into the main bit, there’s something you should do if you use iCloud: Change your password.

secret-file-password image

You’ve probably heard about the group that’s trying to blackmail Apple into paying them $75,000 in Bitcoin (or $100,000 in iTunes gift certificates) or they’ll delete everything in 300 million iCloud accounts on the 7th of this month.

While it appears to be a hoax, there is reason to believe they’ve acquired some legitimate passwords. Probably ones that are the same as those used on other services.

You know – like when your LinkedIn or Yahoo password is the same as the one you use for your iCloud or bank account?

No need to panic. Just change your password to be on the safe side. Use one you haven’t used for other services. And think about enabling 2-factor authentication, for added measure.


“ISPs Selling Your Data”

big-data-path image www.intelagencies.comooo

Yeah. Big noise in the press on this, and rightly so. Tuesday it became official: The President signed a bill into law that scraps regulations preventing ISPs from selling your personal data. Including your browsing history.

Here’s the thing most people don’t get: This isn’t new. The law doesn’t let them do anything they couldn’t already. It just stops a pending prohibition on it from coming into effect.

The rationale presented by the bill’s supporters in Congress is just stupid. “We want to protect privacy, but we want everyone subject to the same regulations. So we’re going to eliminate the protections that had been developed.”

Sure. And they’re really likely to develop new ones later.

Don’t count on it.

Trying to explain to these folks that free and optional services like Facebook and Google are different from infrastructure systems you have to pay to use is pointless.

It’s tempting to blame the willful ignorance on campaign contributions, but the folks who voted against the bill got roughly the same amount as the ones who voted for it. So, it ain’t that.

This is all about who gets to control your information. Every detail of your private activities online.

I think that should be you.

Comcast, Verizon, and AT&T have all said they don’t sell this data and have no plans to do so. Which one should always translate as “but maybe later.”

AT&T was typically snarky in their comments. Someone really needs to explain to them that talking down to their customers isn’t an ideal strategy.

I think they’re still sore about the breakup.

To their credit, though, they’re also the only ones with a clear and simple “We won’t sell your personal information to anyone, for any reason” statement in their privacy policy.

What they might consider “personal information” is less clear.

Here’s a very rough analogy.

If you use some basic, if uncommon, security measures, Facebook can be like a really, really big restaurant. They can know everything you do and say while you’re there, but not much else.

Google is like a huge mall, with lots of security cameras. They can see and track what you do on their properties, and others that carry their cameras, but there are limits.

Your ISP, especially if it’s a cable company, can know almost everything. It’s like they can walk right into your house, peer through your blinds, see what mail you get, where you bank, what shows you watch, how many kids you have and their ages (and what sites they visit), who you talk to on the phone and for how long, who your kids talk to, what apps you use and on what devices, where you have accounts, where you shop online, when you’re planning vacations, when you’re not home, and so much more.

That’s just from the logs. No snooping involved and no real effort to mine and correlate the data. And you don’t have much choice in the matter.

Your ISP might only consider your name, address, and social security number to be personal, along with maybe medical info and data about minor children. Even then, there’s nothing preventing them from legally selling any of it they like.

Here’s the real kicker: The just-signed law also prevents them from being required to take steps to protect all that information.

cybersecurity=image www.intelagencies.comooo

Really. Even if they don’t abuse you themselves, they don’t have to do anything to keep you safe from hackers. Or tell you when your data is compromised.

Just let that sink in for a minute.
Now, suppose they sell it to a data aggregator. If you’re a guy, that’s like having your ex-wife, your new girlfriend, your mother, your 5th grade teacher, your boss, your doctor, and your best friend from high school all trading stories about you.

I’m sure there’s a similarly horrifying female equivalent.

Keep this all in mind the next time you’re tempted to say “If you’re not doing anything wrong, you don’t have anything to hide.”

Maybe you don’t care about your privacy. That’s your business. But it doesn’t give you the right to go into someone else’s house and rip down their curtains.

Privacy isn’t about hiding. It’s about being allowed to mind your own business.
That’s what we’re going to talk about for the next few issues. How to increase your personal privacy online.

There are some things you ought to know before we get into that, though. The biggest being that the only certain way to avoid someone else getting private information is to keep it to yourself.

cyber-spy image

Anything can be hacked.  And anyone.

I’ll show you some tricks ranging from basic to mediocre, and I’ll give you the best advice or links I can, but there are risks with any of them. Things can change, and unknown exploits can be found. Previously benign companies can go over to the dark side.

As Pogo said, lo, these many years ago, “We have met the enemy, and he is us.” User error always poses the greatest risk.

I’ll give you pointers that will help cut down the data you leave around and decentralize what you can’t eliminate. But I make no guarantees.

Anyone who promises you 100% security is either a liar or a fool.
Another thing to keep in mind is that there are always trade-offs. You have to decide which data is worth what level of expense or inconvenience to keep private.

Encrypting your phone slows down boot-up and makes it take longer to open when you need it. On the plus side, that and a good password ensures that random people won’t be able to get in if you lose it or it gets stolen. Or you just leave it on the table while you have company.

Using a VPN may keep your ISP from getting a lot of that data, but it could just be shuffling it to another seller, or slowing down your surfing.

Encrypted texting apps might require jumping through some hoops to make sure you’re sending only to the person you want, and they could limit who you protect conversations with. It can be easy to forget which of your friends are on “secure lines” and which aren’t.

The same is true of using encrypted email.

Using something like Tor to browse the web has its own risks. It opens new areas online, but some of those can be dangerous in themselves. And there’s speculation that simply installing it could attract notice by law enforcement.

If you aren’t doing anything wrong, that can be a good thing. There are those who believe that the best way to protect all our rights is to make the cost of spying on everyone too heavy. To have so many people using encryption and other systems that agencies are forced to take a more targeted approach to doing their jobs.

Always trade-offs.

I should also point out that the things I’ll cover are about increasing privacy, not gaining anonymity. That’s a whole other level of obfuscation. And none of this is meant to help you hide anything illegal.

That’s not the goal. More privacy is the goal.

In the meantime, think about what info you want to keep to yourself. If you have specific ideas, it will help you get more out of this.

And, if you have any specific questions on this, go to my website below

Until next time…

US indicts Insidious Russian spies, hackers over massive Yahoo hack attack on US data


Washington: The US government on Wednesday unsealed charges against two Russian spies and two criminal hackers for allegedly pilfering 500 million Yahoo user accounts in 2014,

The indictments, announced at a news conference in Washington, represent the first time the US government has criminally charged Russian officials for cyber offences.

The content of at least 30 million accounts were accessed as part of a spam campaign and that at least 18 people who used other internet service providers, such as Google, were also victimised, the government charged.

The officers of the FSB, Russia’s Federal Security Service, which is a successor to the KGB, were identified as Dmitry Dokuchaev and his superior, Igor Sushchin, the government said.

yahoo-logo image

Alexsey Belan, who is on the list of most-wanted cyber criminals, and Karim Baratov, who was born in Kazakhstan but has Canadian citizenship, were also named in the indictment.

The Justice Department said Baratov was arrested in Canada on Tuesday and that his case is now pending with Canadian authorities.

Belan was arrested in an European country in June 2013 but escaped to Russia before he could be extradited to the United States, according to the Justice Department.

“The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cyber crime matters, is beyond the pale,” said Acting Assistant Attorney General Mary McCord.

Committee recommends budget relief for Australian intelligence agencies

oz-fed-gov-logo image

The Parliamentary Joint Committee on Intelligence and Security has today fulfilled one of its key statutory oversight responsibilities with the tabling of its review into the administration and expenditure of the Australian intelligence agencies for the 2014–2015 financial year.

The Committee concluded that the six agencies comprising the Australian Intelligence Community are overseeing their administration and expenditure appropriately. Matters addressed by the Committee included agencies’ strategic planning, staffing, security, budget and financial performance.

In relation to expenditure, the report recommends that the efficiency dividend be removed from all Australian Security Intelligence Organisation (ASIO), Australian Secret Intelligence Service (ASIS) and Australian Federal Police (AFP) operations.

Committee Chair, Mr Andrew Hastie MP, commented that “while the funding pressures faced by agencies were reduced somewhat during 2014–15 by the additional funding to support counter-terrorism capabilities and other initiatives, ASIO and ASIS continued to face pressure in other areas”.

“Our intelligence and security agencies need sufficient base funding to meet all of their obligations. This means that funding is required to not only to deal with the increased threat to the community from terrorism, but also other significant external threats such as foreign espionage and cyber-attacks.”

“We need to make sure our agencies are resourced adequately as they seek to detect, disrupt and defeat threats to the Australian people.”

During its review, the Committee received comprehensive submissions and conducted private hearings with each intelligence agency and the Inspector-General of Intelligence and Security. The Committee’s final hearing was conducted on 2 May 2016, shortly before prorogation of the 44th Parliament. The review lapsed on prorogation and was resumed early in the 45th Parliament.

Further information about the inquiry, including the Committee’s report, can be accessed via the Committee’s website at


Henry Sapiecha


FBI Tells Law Enforcement Police To Hide Phone Tracking of People

sweeping-under-the-carpet image

Your local police may use a controversial piece of technology—ominously dubbed a stingray—to track your phone. But, the FBI is taking pains to make sure you never find out. The agency encourages police to find additional evidence so that stingray technology never comes up in court, according to a new memo.

It’s no secret that law enforcement agencies scattered around the country use such devices—known as IMSCI catchers, or colloquially “stingrays”—which mimic cellphone towers and collect data, like phone numbers and location, from everyone in their vicinity. But that’s not because the FBI isn’t trying to hide that fact. The agency is so keen on keeping the devices from the public that it asks local police departments to sign nondisclosure agreements about their stingrays—leading to some cops trying withdrawing cases that rely on stingrays for evidence.

But thanks to an open records request from the investigative journalism nonprofit Oklahoma Watch, there’s finally evidence that’s the FBI’s specific plan. In a 2014 memo from FBI Special Agent in Charge James Finch to Oklahoma City Police Department Chief William Citty, the bureau issued very specific guidelines.

“Information obtained through use of this equipment is for LEAD PURPOSES ONLY, and may not be used as primary evidence in any affidavits, hearings or trials. This equipment provides general location information about a cellular device, and your agency understands it is required to use additional and independent investigative means and methods, such as historical cellular analysis, that would be admissible at trial to corroborate information concerning the location of the target obtained through use of this equipment.”

The memo reflects the controversial practice known as parallel construction, in which a law enforcement agency collects evidence on a suspect without first bothering with a warrant, as that evidence likely wouldn’t be admissible as evidence in court. Armed with that information, agents or officers build a strong enough case with legally admissible evidence that they don’t need to ever tell the court about that earlier information.

A 2013 Reuters report on the practice, for example, found that the U.S. Drug Enforcement Agency routinely receives intelligence from various intelligence services, including the NSA, about where to find a suspected criminal, and that the DEA would then be expected to work backward from there. “You’d be told only, ‘Be at a certain truck stop at a certain time and look for a certain vehicle.’ And so we’d alert the state police to find an excuse to stop that vehicle, and then have a drug dog search it,” one DEA agent said.

“This is the first time I have seen language this explicitly calling for parallel construction to conceal evidence derived from Stingray use,” Nate Wessler, a staff attorney at the ACLU who specializes in stingray use, told Vocativ.

“[T]his goes the outrageous extra step of ordering police to actually engage in evidence laundering,” he said. “As a result, defendants are denied their right to challenge potentially unconstitutional surveillance and courts are deprived of an opportunity to curb law enforcement abuses.”

Though stingray use in the U.S. has largely existed without much public knowledge, that scenario is quickly changing. In March, an appellate court ruled for the first time that it’s illegal for police to use stingrays without first getting a warrant.

The FBI didn’t respond to request for comment.


Henry Sapiecha

U.S. charges three in huge cyberfraud targeting JPMorgan, others

U.S. prosecutors on Tuesday unveiled criminal charges against three men accused of running a sprawling computer hacking and fraud scheme that included a huge attack against JPMorgan Chase & Co and generated hundreds of millions of dollars of illegal profit.

Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein, all from Israel, were charged in a 23-count indictment with alleged crimes targeting 12 companies, including nine financial services companies and media outlets including The Wall Street Journal.

Prosecutors said the enterprise dated from 2007, and caused the exposure of personal information belonging to more than 100 million people.

“By any measure, the data breaches at these firms were breathtaking in scope and in size,” and signal a “brave new world of hacking for profit,” U.S. Attorney Preet Bharara said at a press conference in Manhattan.

The alleged enterprise included pumping up stock prices, online casinos, payment processing for criminals, an illegal bitcoin exchange, and the laundering of money through at least 75 shell companies and accounts around the world.

Tuesday’s charges expand a case first announced in July, and according to U.S. Attorney General Loretta Lynch target “one of the largest thefts of financial-related data in history.”

The charges are also the first tied to the JPMorgan attack, which prosecutors said involved the stealing of records belonging to more than 83 million customers, the largest theft of customer data from a U.S. financial institution.

Authorities said Shalon and Aaron executed that hacking, using a computer server in Egypt that they had rented under an alias that Shalon often used.


A separate indictment unveiled in Atlanta against Shalon, Aaron and an unnamed defendant said the brokerages E*Trade Financial Corp and Scotttrade Inc were also targets, and personal information of more than 10 million customers was compromised.

TD Ameritrade Holding Corp and News Corp’s Dow Jones unit, which publishes The Wall Street Journal, said they were also targets. Fidelity Investments was also a target, a person familiar with the matter said.


Other targets could not be immediately verified.

Shalon, 31, of Savyon, Israel, and Orenstein, 40, of Bat Hefer, Israel, were arrested in July. Aaron, 31, a U.S. citizen who lives in Moscow and Tel Aviv, remains at large and is the subject of an FBI “wanted” poster.

Another defendant, Anthony Murgio, 31, of Tampa, Florida, was charged separately over the bitcoin exchange, He was originally charged in July, and faces an arraignment on Friday. A co-defendant in that case, Yuri Lebedev, is in “discussions” with prosecutors, Bharara said.

Lawyers for the defendants were not immediately available for comment.

JPMorgan on Tuesday confirmed that the latest charges relate to the 2014 attack, and said it continues to cooperate with law enforcement efforts to fight cybercrime.

It also said that only contact information such as names, addresses and emails was accessed, and that account information, passwords or Social Security numbers were not compromised.


Henry Sapiecha


A man types on a computer keyboard in Warsaw in this February 28, 2013 illustration file picture. REUTERS/Kacper Pempel/Files

Russian hackers had infiltrated Dow Jones & Co to steal information to trade on before it was made public, and the breach was “far more serious than a lower-grade intrusion” disclosed by the company, Bloomberg reported, citing sources.

The Federal Bureau of Investigation, Secret Service and the Securities and Exchange Commission are leading an investigation, which began at least a year ago, Bloomberg reported. (

“We have received no information from the authorities about any such alleged matter,” Dow Jones spokeswoman Colleen Schwartz said in an email, adding that the company was looking into the report.

Dow Jones, the publisher of the Wall Street Journal and a unit of Rupert Murdoch’s News Corp, disclosed last week a breach of its systems that put payment card and contact information of about 3,500 individuals at risk.

Dow Jones had said that there was unauthorized access to its systems at certain times between August 2012 and July 2015.

“We are aware of the Dow Jones intrusion and looking into it,” FBI spokeswoman Kelly Langmesser said via email.

Langmesser added that she could not confirm anything else in the Bloomberg report.

The hackers sought information including stories being prepared for publication, Bloomberg said on Friday, citing two people familiar with the investigation.

The Secret Service could not be immediately reached for comment on the Bloomberg report. The SEC declined to comment


Henry Sapiecha



data codes on screen image

If you’re a hacker, you gather as much data as you can on your targets, in search of something valuable.

If you’re researcher Hsinchun Chen, you gather as much data as you can on the hackers.

Chen, a professor of management information systems at the University of Arizona, works in a little-explored, but hugely important area of cybersecurity: Exploring the motivations of hackers and other cyberattackers, and trying to predict how they might act, based on their behaviors.

With support from the National Science Foundation’s (NSF) Social, Behavioral and Economic Sciences directorate and the Directorate for Computer and Information Science and Engineering under the Secure and Trustworthy Cyberspace (SaTC) program, Chen and his collaborators have generated findings that shed light on how hacker communities interact and share information—and even created actionable intelligence for criminal investigations by federal agencies.

But the research’s goal is even more ambitious. Chen wants to develop models that might be able to take information on how hackers behave and use it to predict their next targets, as well as their methods for attack.

“The most important part isn’t looking back and saying ‘what have they done?'” Chen says. “It’s looking forward and saying ‘What are the emerging threats?’ We’re really trying to understand the intent of the people planning attacks. Instead of looking at the bullets, you’re looking at the shooters.”

The research holds significant promise for the social sciences, as well as . The team aims to develop and test theories about hacker cultures, based on their online interactions. That involves modeling the social attributes of hacker networks and investigating how their groups are organized.

Chen is hardly a stranger to this kind of work. For the past decade, he’s worked on—and headed—NSF-funded research projects that examine other potentially threatening online communities, producing a long trail of papers and tools along the way.

He developed COPLINK, a software system used by more than 3,500 law enforcement networks nationwide to look for information on drug networks, border smuggling operations and other criminal activity. With an international group of terrorism research centers and security agencies, he helped create the Dark Web project, which has tapped into extremist communications and social networks to generate one of the world’s largest databases of terrorist information.

Still, he said, tapping into hacker behavior has proved even more of a challenge.

“This community,” he says, “is even more tightly knit.”

‘Honor Among Thieves’

How do you research hacker intent? By gathering all of the hacker community content possible.

Chen and his collaborators collect all of the “artifacts” they possibly can automatically—primarily from hacker forums and hundreds of text communication channels known as IRC chats, and millions of messages—from hackers around the world.

Through automated text mining that can search for everything from relevant terms and topics to “sentiment analysis,” Chen and his collaborators are able to distill that chatter down to a much smaller body of communications that deal with top-tier, likely threats. That slimmed-down pool of data constitutes roughly five percent of the total collected, Chen says.

By studying those data, they’ve found hackers build social structures just like any other kind of community.

For instance, he says, “honor among thieves” applies to hackers, and as a community they punish any transgressions. Communities begin to distrust hackers that lose money, steal from partners-in-crime or make mistakes that harm their associates, leaving them isolated.

And there’s more. Hackers work in groups and collaborate on projects, seeking counsel from trusted friends and leaning on one another’s expertise. They have underground economies and methods for sharing data and selling stolen goods. They analyze others’ work and post reviews. Top-tier cyberattackers each have some specialty and a preferred payment method whenever hacking-for-hire, Chen says.

By being proactive about capturing artifacts from communications, the researchers can even see things missed by studies that focus on the damage wrought by hacks and other attacks. Instead of just seeing that a large number of credit card numbers has been compromised, for example, the researchers can observe what cyberattackers are using those cards for—even the ones that have yet to be reported as stolen.

“It takes a very different approach from previous cybersecurity research,” Chen says. “You really want to understand the intent, the modus operandi of operators. Instead of just finding out about one operation at a time, you’re looking at an entire source of information about ongoing activities.”

New Tools

Chen estimates that about 20 to 30 percent of the research and analysis that his team generates can be transitioned into actionable intelligence for law enforcement agencies and the industry. The researchers have provided such information to agencies to help with ongoing investigations.

But, while he acknowledges that aspect of the job is “exciting,” he adds “I’m a computer scientist—not a law enforcement agent.”

There are other data analysis projects that look for pending threats. Chen says his research is focused on creating new tools that will allow scientists and their partners at federal agencies to analyze hacker chats and other data in ways that are faster, more efficient and better at making predictions about future threats based on hackers’ intentions.

“I’m not interested in the themselves,” he says. “I’m interested in developing the best science that will help advance cybersecurity big data research.”

Text mining, data mining, sentiment analysis and other automated analysis tools that incorporate artificial intelligence are very good at cutting down about 95 percent of the noise from massive sets of information gleaned from IRC chats and other sources, leaving researchers with the aforementioned 5 percent of top-tier threat information.

Chen wants to make those filters even better. Doing so requires following a cycle of research and development: building an analysis tool; using it on sets of information drawn from hacker communications; refining it; gathering more data; applying the tool to that larger set of information. Repeat.

It’s a process with no end point and one that will require researchers to adapt to new hacker communications methods, shifting intentions in the malicious hacker community and an ever-expanding pool of data. But keeping up with emerging cyberthreats—and perhaps even getting ahead of them—requires the process continue.

“There’s an overwhelming amount of data,” Chen says. “You need ways to analyze those data and distill them into actionable intelligence.”


Henry Sapiecha

Dangerously Rich Billionaire Security Video Report

Published on 17 May 2013

This video is just showing you the super wealthy security.Some people simply need it.

Kings and Queens need it. Oprah needs it so does Michael Jackson and the list goes on. respect it!!! Its not meant for you to feel small!

Henry Sapiecha