Rebecca Jenkins

Rebecca Jenkins

Google’s Chrome has almost 60% market share in browsers, and for good reason. For several years it was the fastest and most user-friendly browser on the market. Microsoft's Internet Explorer, the previous king, had become slow and outdated. Chrome earned its market share crown fair and square. Then, in July 2015, Microsoft launched Project Spartan, which became its new and improved web browser called Edge. This fall, it launched mobile phone apps on iOS and Android to create a better omnichannel experience.

Even though Edge has a mere 4% of the market, it does bring some advantages to the table. Here's why it might be worth taking for a spin:

1. Speed: In copious tests, Edge was found to be the fastest browser on the market today. With its latest update, Firefox Quantum has made significant strides in catching up with Edge; according to CNet, it has doubled its speed. Google Chrome updates in 2017 also focused primarily on speed. Despite these updates, Edge can hold its own.

2. Integration into native iOS and Android experiences: Microsoft's integration should feel seamless in terms of performance, in part because it will rely on WebKit on iOS and Blink on Android for its rendering. Also of note, Microsoft is now shipping its own version of the Blink engine inside its Android apps. It feels seamless, though, as it integrates smoothly with native Android apps like Gmail and Calendar. Microsoft’s version of the Google Feed is more user-friendly since it makes meeting information the prominent feature, instead of offering up general news like Google.

3. Integrated cross-device experience: With the “maintenance mode” death of the Windows 10 Mobile, Microsoft had to make a new play for Edge on mobile. This fall, Microsoft launched Edge on iOS and Android devices. What made the launch successfully was its browsing continuity. Favorites, reading list and passwords are synced across devices. According to Microsoft Corporate VP Joe Belfiore in a recent blog post, "What makes Microsoft Edge really stand out is the ability to continue on your PC, which enables you to immediately open the page you're looking at right on your PC — or save it to work on later."

4. Security integration: Another plus is that Edge does use Windows Defender SmartScreen to help check for malicious pages, so having an entire antivirus aiding it is a good feature. Using Application Guard, Microsoft has leveraged its virtualization technology to help defend against threats in Windows 10 Enterprise. When employees open up unauthorized websites in Edge, the webpage loads in a virtual machine, thus protecting the rest of the system and network. This is what my economics professor would call “economies of scale.” Microsoft’s greater ecosystem has given it an advantage that Firefox and Google can’t match, at least not until the Chromebook becomes more mainstream.

5. Design continuity: I will admit it, I am partial to the design team at Microsoft. I loved the tile concept on Windows Phone, especially Windows 8 Mobile, and I love that Edge feels relatively similar on my iPhone as it does on my Surface Book. The blue loading bar across the top and the "favorite" symbol have a homey feel to them on an otherwise very different device.

6. Microsoft rewards: If you're like me and have earned hundreds of dollars in gift cards at Amazon and Starbucks over the past several years by searching on Bing, you'll enjoy that these reward values are only higher when using Edge. If I were a product manager at Google, I would look at doing the same before Bing and Amazon take any more traffic. What better situation for a consumer than Bing, Amazon, and Google competing for your searches? Right now, the place to get paid is Bing on Edge.

Of course, using Edge is not a cure for world hunger. There are a couple of issues that Microsoft needs to address as their market share increases:

1. Quality assurance testing: If you are a company with limited resources, testing a browser that only has 4% of the market share doesn’t make good economic sense. As a result, compared with its competitors Edge is a little unstable. Developers report that it can’t handle moderate to heavy JavaScript and doesn’t work well with all websites. The ensuing bugs would likely be solved by more QA resources at companies testing on Edge. Market share growth is the best way to drive reallocation of industry resources. Microsoft also seems to be addressing this problem through updates.

2. Updates: Windows 10 historically only gets one or two feature updates a year, and Edge only gets new features during feature updates. It would be nice to see Microsoft release browser updates more frequently like Google does with Chrome.

While not yet perfect, Microsoft has made leaps and bounds of improvement with their Edge browser over Internet Explorer. Will it ever surpass Google’s Chrome as the premier browser? That's tough to know. But do not write Edge off just because the “e” looks eerily familiar — Edge is not your parents' web browser.

Source: This article was published forbes.com By Rob Versaw

Earlier this week, we wrote about how Google can highlight erroneous or unconfirmed reports in the immediate aftermath of breaking news. But these rapidly-shifting results are quickly lost in time as the search engine’s algorithms self-correct, making it difficult for outsiders — including journalists — to hold the search engine accountable for spreading potentially harmful information.

There is one group working on a concept for a system that would establish a record of search engine results. The idea is similar to the Internet Archive, which downloads periodic copies of websites, but more complicated since search engines display different results depending on the time as well as the location and history of the user. The solution for tracking such a complicated system is described in a prospectus for the Sunlight Society, founded by a group of 20 researchers under the banner of the American Institute for Behavioral Research and Technology (AIBRT), a nonprofit in Vista, California that conducts research in psychology and tech.

The concept is similar to Nielsen Media Research’s longstanding system that collects information about audience size and demographics of television viewers through meters installed in households around the country. But instead of monitoring TV habits of real people, the system would monitor their internet use. This would require a worldwide network of paid collaborators who would provide the Sunlight Society with access to their search results.

“This is about new methods of influence that have never existed before, and that are affecting the decisions of billions of people every day without their knowledge, and without leaving a paper trail,” said Robert Epstein, a 64-year-old researcher, book author, and former editor-in-chief of Psychology Today.

In one set of experiments published in the Proceedings of the National Academy of Sciences, Epstein and a collaborator had thousands of undecided voters in the United States and India, in person and over Mechanical Turk, use a mock search engine called Kadoodle. Kadoodle tested whether displaying results that the researchers determined to be biased in favor of a candidate higher up in the rankings could have an impact on stated voting intention. The researchers concluded that it would be “relatively easy” to boost a candidate by at least 20 percent and the duo coined a new term: the “search engine manipulation effect.”

In another project, which was published as a white paper on AIBRT’s website, Epstein recruited a network of anonymous confidants who provided access to their search histories during the runup to the 2016 presidential election, comprising more than 13,000 election-related searches. Overall, he says, results that were “biased in Mrs. Clinton’s favor” tended to float to the top of the list, a claim that picked up mainstream coverage (though the paper does not describe how the researchers decided a result was “positive”). Though he told me he doesn’t believe Silicon Valley executives are actively altering search results to influence elections, Epstein worries that they don’t appreciate the power their platforms hold over the electorate.

“We need to see, and capture, record, what the algorithms are showing people,” Epstein said. Even if Google and other gatekeepers published their code, he said, that wouldn’t be enough to demonstrate the different results that different users receive for the same query at different moments in time. “Looking at the actual code is useless. We need to see what people are seeing on their screens.”

The idea of a network of search engine monitors is compelling.

Epstein’s findings about the 2016 election have not been peer-reviewed, and Google called them“nothing more than a poorly constructed conspiracy theory.” Epstein also has a peculiar history with Google. In 2012, the search giant started displaying a warning that his website had been compromised by malware. Epstein couldn’t find a virus, and he fired off an angry email copied to Larry Page, a Google attorney, his congressman and journalists at the New York Times, The Washington Post, and Wired. It later turned out that this site had in fact been infected, though Epstein claimed the danger to users was minimal. He also sometimes drops hints of a conspiratorial worldview. He refuses to communicate over Gmail, since it’s owned by Google and alludes to black-hat marketers and cash payments that, he said, were involved in the formation of the Sunlight Society.

Despite these caveats, the idea of a network of search engine monitors is compelling. Search engines like Google and other big tech companies like Facebook control what information regular citizens receive and how it’s packaged. This information is ephemeral, highly personalized, and controlled in part by machine learning, all factors that make it harder to understand what impact these systems have on culture and democracy.

“We are looking at the power that these algorithms have to shift opinions, and there’s never been anything like this in human history,” Epstein told me. In the future, he hopes that a network of human monitors watching what unfolds on the web could “track manipulative online content (like fake news stories) as it is proliferating,” he said in an email. In an era when online hoaxes spread like gossip, taking in celebrities, politicians, and journalists, an independent watchdog doesn’t seem like a bad idea. We now know that the Russian government propagated fake news stories. What we don’t know is how widespread that effort was, or how much it affected people. Maybe an archive like Epstein’s could help.

In March, 12 researchers at institutions including Stanford University, the University of Maryland, and the University of Amsterdam pledged support for Epstein’s work. The Sunlight Society’s founding members include computer science, engineering, and law faculty at Stanford, Princeton, and King’s College. Epstein said the system was unlikely to deploy before the second half of 2018.

“What I’ve realized is that the deliberateness, the malice, is a small problem compared to the negligence,” Epstein said. “Even if you're handed off, your algorithms are going to be making decisions all the time about filtering and ordering. I actually find that more disturbing — the idea that elections around the world are being determined by algorithms.”

Clarification: This article has been updated to clarify the effect Epstein found in a study of undecided voters in the U.S. and India.

Source: This article was published theoutline.com By Jon Christian

In my work as a writer and career coach, I spend a great deal of time on LinkedIn. I review hundreds of profiles a month, including those of new colleagues, potential clients, podcast guests, speaking agents, journalists, thought leaders and more. I also train my clients and course members how to communicate more powerfully, and build stronger LinkedIn content that elicits interest and follow up.

This work allows me a window into “seeing” people’s real personalities, challenges, and blocks through their writing. What I’ve learned is this: How you do LinkedIn is how you do your professional life.   And if you're not careful, your LinkedIn profile shares aspects of your professional life and how you view yourself that you won’t want others to know.

Here are five things your LinkedIn profile reveals that you’re probably not aware of (and will want to change).

#1: You’re hiding

If you don’t have a photo up on your profile, you’re hiding, plain and simple. LinkedIn is the world's largest professional network with more than 530 million users in over 200 countries and territories. With that volume of activity, many users undoubtedly would be interested in what you stand for and care about in your work. But without a photo on your profile, you’re saying “Don’t see me. Just pass me over. I’m not important or worthy enough for you to see my face.”

Tip: This week, take a photo (or have someone take it of you) – face front, smiling – and upload it. Make it professional (no bathing suits, etc.). This is a professional platform, not a dating app. Also, upload a great cover image (a photo for the banner at the top of your page) that represents something that will tell us more about you, what you care about, and why we should care. Always keep in mind who you want to engage with, and make sure your content will connect with people you'll be excited to talk to.

#2: You’re not passionate about your work

It’s clear how you feel about your work by the words you use to explain it. If you choose words that are drab, boring, passive, unclear –without any indication of what lights you up from the inside – then the message is that you don’t like your work. People who have deep passion for their field and endeavors communicate that with a vitality and energy that speaks volumes about how much they’re connected to what they’re doing.

Tip: Go through your profile, and replace every single word that is boring, repetitive, overused and uninspired. Find a way to talk about what you do so that people can say “Wow! She loves what she does and is good at it!” (If you can’t do that no matter how hard you try, it’s indicative that you’re in the wrong career, job or employer.)

#3: You don’t know your value or what you’re great at

I can’t tell you how many professionals miss the boat in terms of failing to share exciting, juicy facts of who they are, what they’ve done and the “needles” they moved in their roles. You need to communicate on LinkedIn exactly what you do that brings about important outcomes that help the company thrive or grow. And you need to communicate how you do what you do in ways that are different from how anyone else on the planet would do it.

Tip: Spend this weekend sitting quietly without distractions, and write down everything that’s made you who you are (your ancestry, cultural training, achievements, traumas, pivotal moments, relationships that flattened you and those that enlivened you, your passions and talents, and unique perspectives, etc.) Then connect the dots. Answer the question “How has every one of these influences shaped me in a way that makes me a powerful, valuable contributor to the work I do?”

Write down the "20 facts of you" – what you’ve accomplished, achieved and made possible, and the scope of those achievements (with metrics that illustrate the impact) and why these outcomes mattered to the organization. Sharing these facts is not bragging. It's helping people understand what you're capable of and how that's of use in the world.

#4: You’re seeking employment but don’t know how or where to look

When you write your headline with the words “Looking for opportunities” or “Seeking employment” you’re shooting yourself in the foot. You’re focused on what you’re lacking (a job) whereas your profile should be written to highlight what you have to offer. Write it with the express intent of engaging the reader. Your headline is the place for you to tell the world WHY they should hire you, HOW you’re unique and valuable, and WHAT is vitally important about your career trajectory and experience that others should take heed of because it will be useful for them. And make sure you are crystal clear about what you can do going forward, not just recite your past history.

 Tip: Never use your headline to talk about looking for opportunities. That’s a given. We’re all looking for opportunities there. Use that precious real estate to share what you do, who you do it for, and the outcomes you’re passionate about bringing forward.

#5: You’re not sure why your work matters

Finally, if you list only the tasks that you’ve performed and not the “what happened” after these tasks were accomplished, you’re leaving us guessing about why your work matters. Make it clear that the work you do has an impact, and can continue to make a difference in other situations, opportunities, and employers. You’re more than just your current job (please recognize that), but if you don’t share how you can apply your talents and abilities in ways that move organizations forward, the reader can’t envision exciting future possibilities for you.

Tip: Make sure that everything you write is not task-oriented, but benefit-focused. And share most about what you love doing, not the boring, mundane work you never want to do again. Every word you write has the power to attract you more of same. So if 80% of your work makes you feel dead inside, then emphasize the 20% that makes you feel alive, important and valuable in the world.

Source: This article was published forbes.com By Kathy Caprino

In partnership with academics from the University of Oxford, a London start-up has condensed the power of cloud based visual search technology to the size of a book. The Pholio device, which can safely store or access your media all in one place, allows an incredible level of search and discovery across your photos and home videos. The software in Pholio automatically checks all images in your collections against 20,000 in-built search terms, from ‘birthday’ to ‘christmas’ and ‘house renovation’.  By keying a relevant search term into a browser on a connected TV screen, tablet, phone or laptop at home, families can search for all sorts of things in their own photo collections – from day trips to Bangor to bungee jumps in Niagara. What's more, the technology within the Pholio box will evolve for individuals based on their specific interests and collections - each box will end up understanding different things depending on its owner. The basic Pholio device can store up to 500 gigabytes of data, whilst Pholio Pro offers a storage capacity of 2TB. Prices start at £199.

Pholio Press Release

UK START-UP CHALLENGES GLOBAL CLOUD SERVICES WITH A.I. POWERED PRIVATE PHOTO AND VIDEO BOX

  •          London based start-up takes on the likes of Google Photos with Pholio, a book sized in-home personal photo and video processing box
  •          Pholio provides private control and AI-powered, content-based search across the tens of thousands of digital photos and videos we have scattered across mobile devices, social networks, computers, and cloud backups
  •          Pholio’s built-in deep-learning algorithms can spot and instantly retrieve images which match any of 20,000 built-in descriptions. New content-based descriptors can easily be trained by the user based on example images in their collection or on the Internet 

In partnership with academics from the University of Oxford, a London start-up has condensed the power of cloud based visual search technology to the size of a book.

The Pholio device, which can safely store or access your media all in one place, allows an incredible level of search and discovery across your photos and home videos.

Simon Randall, CEO of Pholio, said: “Thanks to smartphones and mobile devices, we are creating more content than ever before.  The problem is that for every upload to the cloud or (yet another) sub-folder created on the computer, you could well be adding hundreds of files.  The chances are that many of these images and videos will sit for years collecting digital dust.  Searching for special memories and discovering those you thought were lost, is now easier than ever before.”

The software in Pholio automatically checks all images in your collections against 20,000 in-built search terms, from ‘birthday’ to ‘christmas’ and ‘house renovation’.  By keying a relevant search term into a browser on a connected TV screen, tablet, phone or laptop at home, families can search for all sorts of things in their own photo collections – from day trips to Bangor to bungie jumps in Niagara.

Pholio was trained in the lab by showing it millions of images with a wide range of content.  A custom set of deep learning algorithms has learnt how to create a unique summary of the contents of images so Pholio can recognise and classify faces, objects and scenes that it has never seen before. Pholio has been trained to recognise 20,000 search terms which can be used fully offline.  If Pholio is connected to the internet, owners can search for anything (Pholio can learn new search terms on the fly based on what users search for).

The technology within the Pholio box will evolve for individuals based on their specific interests and collections - each box will end up understanding different things depending on its owner.  It will be a boon for collectors and hobbyists who can train their systems to recognise the things they care about.  From stamps to birds, cars, shoes or handbags, the device allows detailed exploration and sorting based on what it learns about the collections.

Pholio is now taking pre-orders.  The Pholio device, with built-in search capabilities, is available from £199 for early orders.

According to estimates, a staggering 1.2 trillion photographs will be taken this year, double the number taken four years ago.  With many photographers owning a myriad of devices, from tablets to phones to digital cameras, Pholio is a perfect way of condensing and exploring important family archives.  The basic Pholio device will manage collections of up to 140,000 images, the equivalent of 875 standard photo albums [1].

Simon Randall added: “With the growing volume of data coming from imaging and connected devices in the home there is a critical need for local processing and control.  This will save cloud streaming costs, increase response speeds, and provide choices that don't require handing over control of your data.  Pholio is step 1 in our drive to bring data control and ownership back into the home through harnessing developments in deep learning technology that everyone can make use of.”

A short history of our photography collections

1850s                     The earliest photo albums created.  Owners often put the albums on display and they featured ornate illustrations surrounding the images.

1920s                     35mm film invented

1948                       First Polaroid camera launched

1997                       Philippe Kahn instantly shared the first pictures from the maternity ward where his daughter Sophie was born. He wirelessly transmitted his cell phone pictures to more than 2,000 family, friends and associates around the world. Kahn's wireless sharing software and camera integrated into his cell phone signalled the birth of instant visual communications. Kahn's cell phone transmission is the first known publicly shared picture via a mobile phone.

2000                       The first dedicated camera phone sold in Japan

2004                       Launch of Flickr

2005                       Dixons ends 35mm film camera sales

2010                       Launch of Instagram

2017                       An estimated 1.2 trillion digital images taken, scattering our collections worldwide

2017                       Pholio launches, bringing the photo album home

[1] Pholio: 500GB Storage-140k photos | PholioPro: 2TB Storage –560k photos

Estimate assumes Pholio is setup to store optimised photo thumbnails only and is based on physical photo albums which hold 160 photos

Source: This article was published photographyblog.com By Zoltan Arva-Toth

Misplacing a cell phone or having one stolen is a horrible experience. We store a vast amount of personal data on our phones. From health or medical information, to photos, and payment details -- our phones hold intimate details of our lives.

In order to aide in finding a lost device, both Google and Apple include ways to track a missing phone right in their respective operating systems. While the feature may be built-in, you'll still need to do some setup and know how to access it should you ever lose a phone.

Finding a lost iPhone

Apple's solution is called Find My iPhone. This same service is capable of tracking any and all of your iOS devices (not to mention any Mac also associated with your Apple ID). To enable it on your iPhone, follow the steps below:

Find My iPhone requires a simple toggle of a switch.
The process for activating Find My iPhone on an iPhone
credit: Screenshot by Jason Cipriani
  1. Launch the Settings app on your iPhone
  2. Scroll down and tap on "iCloud."
  3. Near the bottom of the list, find and select "Find My iPhone."
  4. Slide the switch next to Find My iPhone to the On position.
  5. While you're there, it's a good idea to turn on Send Last Location as well (more on this in a minute).

With Find My iPhone enabled, you can track a lost or stolen device through the Find My iPhone app on another iOS device or by visiting iCloud.com and signing in to your iCloud account. When tracking a device from either the app or iCloud website, you can lock it with a new passcode, track where the device currently is as well as where it has been, and as a last resort, you can fully erase all contents of the device.

Keep in mind that your iPhone will need to be turned on and connected to the Internet -- either through a cellular connection or Wi-Fi -- in order for the service to work. So if a would-be thief picks up your device and immediately turns it off, you're out of luck until it's turned back on and able to connect to a network. If Send Last Location is enabled (mentioned back in step 5), your iPhone will report its last known location as the battery gets low. This won't help you pinpoint the exact spot of the device if it's been moved after the battery dies, but it will provide you with a good starting point to begin tracking down your device.

In order to disable Find My iPhone on a device, Apple requires the user to approve the change with his or her Apple ID password. In other words, should a thief pick up your device they will be unable to disable Find My iPhone altogether unless they also know your password.

Finding a lost Android phone

Google's Android Device Manager works more or less the same way as Apple's Find My iPhone. Instead of having the service pre-installed, however, you will need to download the app from the Play Store and set it up in order to use it. Here's how:

Android Device Manager on a Nexus 6p.
The process for installing, setting up Android Device Manager.
credit: Screenshot by Jason Cipriani
  1. Search the Play Store for "Android Device Manager," or click this link.
  2. Install the app, and then sign in with your Google account.
  3. Be sure to leave the checkbox "Never Ask Me Again" unchecked. If you leave that box checked, anyone with access to your device would have the ability to disable the feature or track your other devices.

If you ever lose your device, you can then use another Android device to track your phone using the app, or visit Google's Android Device Manager website. You'll need to log into the site using the same Google account you used to sign into the app on your phone.

Using the app, you can play a sound on the device, lock it, or completely erase it. As with the iPhone, if the device is powered off you will be unable to track it until it's turned back on and connected to a network.

Finding other types of cell phones

Android and iOS make up the bulk of cell phones currently used today, but not all. Windows Phone users can follow the instructions laid out by Microsoft here. BlackBerry 10 users can also track a lost device using BlackBerry Protect. If you're still clutching onto a flip phone, odds are you won't have the ability to track your phone in the event it goes missing. Sorry.

If you have a sort of phone we didn't describe here, visit the manufacturer's Web site or contact them to see if they have a method for tracking a lost device.

Source: This article was published techwalla.com By jason
 

Illustration by Chris Gash

One attorney says cleaning the internet of negative content for highly influential executives is a huge business.

Gawker may be gone, but Michael Lynton hasn’t forgotten about a story that ran on the now-bankrupt news site following the 2014 hack at Sony Pictures.

In fact, Sony's outgoing chairman has in recent weeks taken advantage of the troubles that have befallen Gawker in the wake of Hulk Hogan’s stunning $140 million judgment to have an unflattering story about his family quietly wiped from the site’s archives. Not only has the post vanished from the Gawker archive, its administrators have attempted to “de-index” it using special metacode to ensure it isn't cached by search engines nor captured by other digital preservationists.

The story in question was written by Sam Biddle and published on April 21, 2015. The article quoted heavily from Lynton's emails, which became public thanks to a massive intrusion that the Obama administration attributed to the North Koreans in advance of the release of the Seth Rogen film The Interview.

When the hack happened three years ago, Sony begged journalists to exercise care with leaked information and even threatened the media with legal action for exposing secrets, though the studio never did go to court to challenge what news outlets published. Had that happened, it would have surely invited a huge First Amendment battle. Nevertheless, after the Gawker Media Group declared bankruptcy and sold most of its assets to Univision’s Fusion Media Group for $135 million last August — with the notable exception of the Gawker.com trademark and archives — Lynton saw an opportunity. In order to clean up its legal liabilities in advance of the sale, Gawker reached several settlements in which it agreed to take down a few of its other controversial stories, including the one about Hogan’s sex tape that brought on its demise. These removals happened thanks to claims officially lodged in court against the debtor. It's unclear how Lynton effectuated a removal. Nothing publicly was filed, although it's possible there were claims filed under seal.

The story came down after the argument came that Biddle’s piece was defamatory and an invasion of privacy, though Andrew Celli, the Lynton family attorney, declines to discuss the particulars of who he contacted or how he succeeded in getting the story taken down. According to Gawker bankruptcy records, Celli did file proof of claims on behalf of two anonymous individuals under seal in September. (A lawyer for Gawker’s administrator didn’t respond to a request for comment.) Judging by what’s been captured at Archive.org, the removal seems to have occurred in April. Even though the story was based on communications between Lynton, now chairman at Snap, Inc. (which built its brand off of the appeal of messages that won't remain on the internet forever), and others, Lynton's family asserted the story carried the untrue assertion that he unduly influenced an elite academic institution. 

Celli made contact with The Hollywood Reporter's general counsel to express concern after I made inquiries about the vanished article with Gawker. He later suggested that to even repeat the gist of the original Gawker story would be damaging. He threatened a lawsuit and, referring to the Sony hack, told me, “There is a sin at the bottom of this. It’s wrong. The source for information is the result of a crime.”

The attorney has a point, but there are also some deeper issues at stake. Last month, UCLA Law professor Eugene Volokh wrote a column for The Washington Post about an actor who had been indicted on sex crime charges only to later be cleared. Volokh discovered how the actor (or someone working for him) had demanded Google de-index news coverage of his case. Volokh wrote, “What should our view be when someone tries to get the stories about them to vanish from search results this way? Should it matter that there is real evidence that he was innocent?”

Around this time, I was in communications with a reputation specialist who had been hired by an entertainment professional who had been sued a few years back in a case I had covered. The client was dismayed to see my article atop the results of a Google search for her name. This was causing her problems getting employment, the specialist said: Would I kindly remove the story?

This is altogether very common.

“Cleaning the internet of negative content by highly influential executives is a huge business,” says Bryan Freedman, a Hollywood attorney who represents talent agencies and many stars. “I spend a great portion of every day for high-level clients analyzing the approach to be taken and then creating a plan and executing it usually on various platforms. There are other tricks that are not commonly known but incredibly effective.”

As to Volokh’s questions, I see value to news archives and believe removing articles sets a dangerous precedent, but I can at least understand in certain situations the attempts to make information harder to find. Is manipulating search engines really so troubling?

In Europe, authorities have given private citizens a “right to be forgotten,” or more precisely, the ability to demand search engines like Google eradicate information that is no longer newsworthy. Here in America, there isn’t this right. Journalists don’t even have an onus to update — and unfortunately, many don’t.

As for the Lynton situation, I asked Volokh about it.

“Normally, I think that asking Gawker to take down material that’s allegedly defamatory and privacy-invading would be the right approach,” he responded. “The problem here is that it sounds like Lynton approached the [Gawker] administrator, which does raise the problem of material being squelched without the exercise of real editorial judgment. Yet I take it we wouldn’t want a rule that, once a media site goes bankrupt, people who have legit defamation/privacy claims about stories on the site would have no one to turn to. So maybe this comes down to the merits of his objection.”

Gawker founder Nick Denton didn’t respond to a request for comment, but last July, he spoke to The New York Times about how the Lynton article, along with one about Bill O’Reilly’s temper and Hillary Clinton’s secret kitchen cabinet, were ones he was proud of. “In all those examples, there was a point, and a public interest in the truth getting wider circulation," said Denton at the time.

Celli makes his own points how even painting the Gawker story in broad brush strokes creates a false portrait for Lynton’s family. I could have also written this story without detailing what exactly Gawker had reported. That’s something that Buzzfeed did when it rushed its own version of this story on Thursday.

But as Volokh said, it's important to understand the merits of Lynton's objection. And it could also be argued that writing about any defamation claim constitutes some echo of information damaging to someone’s reputation. Ultimately, I decided that moves made by public figures to take down information — including by way of robots.txt files — are, well, newsworthy regardless of the origins and that it was important enough to provide at least some detail.

Source: This article was published on hollywoodreporter.com by Eriq Gardner

Snapchat Stories kicked off a new trend for listing friends that have viewed your updates / Getty

LinkedIn is probably the most generous social network of them all for online lurkers

Lots of us would love to know which of our friends and connections are secretly looking at our social media updates without engaging with them but, more often than not, networks deliberately make this information either difficult or impossible to access.

Users can openly express interest with likes, comments and retweets, but we’ll always be curious about the unknown. 

Fortunately, there are a number of straightforward ways to dig up telltale “stalking” signs across the biggest social networks, with some providing a little more insight than others.

 

Facebook

The sheer number of dodgy-looking ‘Who Viewed My Profile?’ type apps that are available to download show just how desperate a lot of Facebook users are to identify potential secret admirers. 

While the site doesn’t allow you to find out who’s visited your profile, it keeps track of the friends who’ve checked out your ephemeral Facebook Stories updates, gathering their names in a list that only you can see.

Assuming that your privacy settings allow people to follow you, you can find a complete list of the people who don't want to be your friend but do want to know what you get up to by clicking the Friends tab on your profile and selecting Followers. 

Somewhat unnervingly, Facebook also allows users to create secret lists of friends. As of yet there’s no way to find out if you’re on somebody’s list, but if you are, its creator will get a notification each time you post something.  

Twitter

As a social network built more heavily around news and opinions rather than personal pictures and activities, Twitter-stalking doesn’t appear to be quite as much of a thing.   

There’s still a way to find out more information about who’s viewing your updates, but it’s not particularly precise. 

The microblogging site’s Analytics Dashboard offers up a number of useful insights, including tweet impressions, link clicks, detail expands and the gender, location, age and interests of the people interacting with your posts, but you’re ultimately unlikely to identify a stalker this way.   

Instagram

As is the case with Facebook, it’s Instagram’s Stories feature that gives the game away. It works in a similar manner, to Facebook Stories listing the names of the people who’ve viewed your 24-hour posts.

However, making your account public allows people who don’t follow you to watch your Instagram Stories posts too. Only in their case, you’ll know that they went out of their way to see what you've been getting up to. Just like your friends, their names will be included in a list that only you can see. 

Making your account private will cut off Stories access for non-followers, and you can also hide your Story from people who actually do follow you.

Snapchat

As most people are aware, both Facebook Stories and Instagram Stories are ripped from Snapchat, which has something of a reputation for being one of the raciest social networks.

Snapchat Stories kicked off the trend for displaying all of the friends that have viewed your pictures and videos, but it goes a step further by also notifying you when any of them screenshot your updates. 

LinkedIn

At the opposite end of the spectrum is LinkedIn, but the professional network is arguably the most generous of the bunch for online stalkers. ‘Who’s Viewed Your Profile’ is a core feature, with the site notifying you whenever a fellow user visits your page, and vice versa.

However, you can't view the names of members who've chosen to visit your profile in private mode, even if you’ve paid for a Premium account.

You can try to turn the tables on your stalkers – without coughing up for advanced features – by selecting Anonymous LinkedIn Member under Profile Viewing Options in the privacy menu, though this also hides the identity of every single person who visits your profile.

Source : This article was published independent.co.uk By AATIF SULLEYMAN

Apple fans still have a painfully long wait to endure before the company’s new iPhone 8 hits store shelves later this year, but the rumor mill is already hard at work. In fact, we’ve known for months what to expect from Apple’s next-generation iPhone, which will mark the tenth anniversary of the original iPhone’s release in 2007.

If all goes according to plan, Apple will release new iPhone 7s and iPhone 7s Plus models that feature the typical spec bumps we’ve come to expect from “S” updates, though they may also feature new glass backs to facilitate wireless charging. Then, alongside those new iPhones, a special premium model is expected to debut.

People have been calling it the iPhone 8, though it’ll likely carry a different name such as “iPhone Edition,” though “iPhone X” has also been tossed around. Whatever it’s called, it can’t get here soon enough if it looks anything at all like this.

The image above shows an iPhone 8 (or iPhone Edition, or iPhone X) as dreamt up by well-known graphic designer Martin Hajek. The images were published by a German blog called Computer Bild, and they show what may very well be the hottest imagining we’ve ever seen of Apple’s next-generation iPhone.

Here it is in a few other colors:

  
Hajek took design elements noted by reliable Apple insiders like KGI Securities analyst Ming-Chi Kuo, and he turned them into a stunning Apple smartphone. The glass face of the device is occupied almost entirely but the new OLED display Apple is expected to adopt, and the home button has been replaced by a virtual on-screen button. Rumors suggest the company’s new Touch ID fingerprint scanner will be embedded beneath the screen.The sides of the iPhone 8 are stainless steel, as we’ve heard a few times now, and the back is made of glass so that wireless charging can be added to the phone. The aluminum in Apple’s current iPhones is certainly more sturdy, but unfortunately wireless charging can’t yet be achieved with a metal housing.As an added bit of fun since this will be the tenth anniversary of the original iPhone, Hajek also imagine what it might look like if Apple modernized the first-generation model’s design. There’s probably no chance at all of Apple actually releasing a model that looks like this, but it’s pretty awesome:
 
Source : yahoo.com

What the Future of Mobile Technology Holds

Technology flies along at a breakneck pace, so much so that it almost defies belief. When you compare computers of ten years ago to the super computers of today it’s easy to see how, in the last decade, technological advancements have simply exploded.

Mobile phones are a perfect example of this, and apart from a number of other incredible features and functions, phones in 2017 have as much processing power and storage space as a dozen phones from 2000.

An interesting conundrum, however, has always been trying to predict what the future of technology holds. It is, after all, very difficult to try and imagine exactly what it is that will make something better than it is right now. Even so, let’s take a look at some of the professional predictions of how mobile phone technology will advance in the future.

Better Battery Life

By far the most complained about aspect of modern smartphones is their battery life. As phones have become more powerful, they have likewise become more demanding on their batteries.  A new model phone such as the iPhone 7 with its 128GB storage and all its features turned on can easily be dead within a few hours.

If looking at the history of batteries, there is an average of a 6% improvement per year. Although mobile companies have moved on from using the original NiCD batteries and on to more sophisticated options such as LiPoly batteries, battery life is still something that could improve in the future.

In an interview in the Enquirer, Dr Kevin Curran, a computer science expert at Ulster University, said that a 25% battery life increase in the near future could be imminent. However, although this battery life improvement may exist, the devices themselves might be so demanding that the improvements are hardly noticeable.

He added, however, that some promising work is being done in the areas of lithium-sulphur and hydrogen fuel cells, and this could make all the difference.

A Boost for Biometrics                                 

Going forward, biometric technology is set to advance in a big way. Imagine a phone that learns from you as you use it, gathering information over time.

The phone will not only be familiar with your face and fingerprints, but the very nature of the way you type, and interact with the device. Keystroke dynamics, as it is referred to, will soon become standard in smartphones, according to Dr Curran.

And this goes one step further. Paramedics could soon be using ultra-advanced biometric focused smartphones to help with medical diagnosis out in the field, massively improving the help given to patients. The device, with the help of an ever-growing database of cloud information, could literally save lives.

Mobile technology phone watch

Vast Visual Appeal

Predicting what smartphones will look like in the future is perhaps the most difficult aspect, since aesthetic design is enormously subjective. Much of the physical design of current smartphones, for example, is based around touchscreens, and how best to interact with them.

If touchscreens remain the norm, it seems likely that smartphones will move towards becoming more ergonomic, seen in such concepts like the EmoPulse Phone or the Philips Fluid. There may also be a shift towards the wearable dimension like Kambala’s earpiece phone, or the iPhone NextG projector.

As technology is advancing at such a rapid rate, it’s safe to say that future mobile developments are imminent, and there’s scope and potential for just about anything the imagination can dream up.

Author : hangthebankers.com

I. THE BACK DOOR

His name is not Opsec, but I will call him that to guard his privacy. In webspace he is known as a grand master of the dark art of hacking. He is one of a small elite—maybe a hundred, maybe fewer—all of whom are secretive and obsessed with security. They do not talk about their work with their families. They generally do not talk to the press. Nonetheless, through friends of friends, Opsec agreed to speak and to introduce me to his perspectives. In “meatspace,” as he and others like him call the real world, Opsec lives in a metropolitan area in a little wooden house by a railroad track. He is in his mid-30s, physically imposing, and not a geek. He hangs out in a local bar, where the regulars know vaguely that he works with computers.

He is a fast talker when he’s onto a subject. His mind seems to race most of the time. Currently he is designing an autonomous system for detecting network attacks and taking action in response. The system is based on machine learning and artificial intelligence. In a typical burst of words, he said, “But the automation itself might be hacked. Is the A.I. being gamed? Are you teaching the computer, or is it learning on its own? If it’s learning on its own, it can be gamed. If you are teaching it, then how clean is your data set? Are you pulling it off a network that has already been compromised? Because if I’m an attacker and I’m coming in against an A.I.-defended system, if I can get into the baseline and insert attacker traffic into the learning phase, then the computer begins to think that those things are normal and accepted. I’m teaching a robot that ‘It’s O.K.! I’m not really an attacker, even though I’m carrying an AK-47 and firing on the troops.’ And what happens when a machine becomes so smart it decides to betray you and switch sides?”

Opsec lives in a hall of mirrors. He understands that webspace and meatspace, though connected, remain largely distinct. Given sufficient motivation and time, Opsec can break into almost any secure network without setting off alarms. Breaking in used to thrill him, because once inside he could roam as he liked, but success comes too easily now: with such an attack, he has to find only a single way in. By contrast, defense presents the challenge of out-thinking every aggressor. This appeals to him, and he works now on the defending side. Usually this means protecting company networks from criminal attacks, or reacting to attacks after damage has been done. Opsec does not do the routine stuff. He is the man for the serious cases. He has seen some big ones. But even he was taken aback when, late last year, he stumbled upon a hack—a sliver of alien software on American shores—which suggested that preparations were being made for a cyber-attack of unprecedented scale.

I will call his client the Company. It is an Internet behemoth. It streams entertainment online and makes direct regular connections to more than 70 million personal computers worldwide. The Company does not charge for the connections but rather for the services it provides. It is very profitable. And it is under frequent attack from many parts of the world. Most of the attacks are drive-by shootings—spray-and-prays that succumb harmlessly to the defenses that Opsec has helped design. But some are carefully aimed and have threatened the Company’s existence.

He first intervened six years ago, after a data center had been hacked (as Opsec puts it) in a fucking major way. The intruders had gone after key systems, including the central payment processor and the C.E.O.’s computer, and had stolen credit-card and financial data as well as the Company’s proprietary source code—the secret formula upon which the business is built. Opsec worked for nearly six months to clean up the mess. By backtracking he discovered that the hackers were a group associated with the Chinese army. They operated out of a specific building near Shanghai, which he was able to locate, and specialized in targeting entertainment companies. Eventually he was able to identify some of the individuals involved, and even to obtain pictures of them. Nominally, that was the end of it. Opsec told me that because a government was involved, and legal recourse in China was unrealistic, no further action was taken.

What do you do when there is no law? Counter-hacking is a temptation, but can be dangerous. The Russian mob, for instance, has a poor sense of humor, and Colombian drug cartels are not much fun, either. Also, among independent hackers there is no small number of psychopaths. Over the years the Company has endured death threats, rape threats, and bomb scares. It gets personal. In a world without privacy, home addresses as well as the names of spouses and children are easily found. As the Democratic National Committee recently discovered, it is better not to get hacked in the first place.

hacking101

After the original breach by the Chinese, Opsec had urged the company’s management to establish a vigorous information-security program, which it did by building three NASA-like control rooms scattered in data centers around the world. Collectively, they are staffed around the clock. The sole purpose is to catch intruders, and to catch them as quickly as possible. The average industry delay in detecting a malicious hack is 188 days. For the Company, Opsec was hoping to reduce the delay to minutes or even seconds. But late last year, when the operations manager called him at home and urgently requested his presence at the Company’s high-tech campus, about 20 miles away, he knew that those defenses had failed. Almost as disturbing, the alarm had been raised not by the security team but by an ordinary technician, a system administrator doing the drudgery of a routine review.

When Opsec got to the campus, the details filled in. The system administrator—a friend of his—had been going through event logs of the previous week. Event logs are lines on a screen showing summaries of each new task given to a computer network, with a time stamp and a green or red dot indicating success or failure. Seeing a red dot, the administrator had zoomed in for more information. The failed task turned out to be an attempt from within the Company to deploy a piece of software companywide. Deployment of software throughout the entire network did sometimes occur—for instance, to install updates—but it was rare, and sufficiently important that the sender did not often make a mistake. In this case, the sender had omitted a single letter in the domain name to which the job was addressed—hence the failure. The associated software package was unlike anything the system administrator had seen before. He alerted the operations manager.

Opsec knew immediately that the package was suspicious. In lieu of a coherent naming scheme—for instance, a numbered update—there were random characters, followed by “.exe,” for an executable program. He ran the content through a piece of reverse-engineering software, called a disassembler, and quickly confirmed that his client had been hit with a malicious hack. Within an hour he understood that the purpose had been to permeate the Company’s networks, steal and encrypt all of its data, and demand payment for the data’s return. The numbers for an overseas bank account were included in the program. Opsec would not tell me where that bank account was, or how much had been demanded. He said only that it was an aggressive piece of ransomware, and that often in such cases the data is never returned. Ransom attacks have become an epidemic on the Internet. Most are widely dispersed. They lock down a victim’s computers and ask for relatively small amounts, payable in hard-to-trace Bitcoins, in exchange for returning the victim’s life to normal. The biggest attacks—against corporations—have netted millions of dollars. Little is known about them because the victims are tight-mouthed. The massive hack of Sony Pictures in 2014 was a ransom attack, though by whom is still in question. Presumably Sony did not pay, because its internal e-mails and other information were released onto the Internet. Last February, hackers seized medical records from the Hollywood Presbyterian Medical Center, in Los Angeles. The hospital paid to get the records back. Now, through sheer luck—a missing letter—the attempt to extort Opsec’s client had failed. But big concerns remained: the Company’s network was clearly compromised.

Here was the situation Opsec faced. The package no longer mattered, but the hack most certainly did. Someone had emerged from the Internet, slithered into the Company’s heart, and then disappeared. The specific vulnerability the attacker had exploited was still unknown, and was likely to be used again: he had established a back door, a way in. Some back doors are permanent, but most are short-lived. Possibly this one was already for sale on the black markets that exist for such information in obscure recesses of the Internet. Until Opsec could find and lock it, the back door constituted a serious threat. Opsec reviewed the basics with the Company’s managers. He said, Look, we’re in the Internet business. We know we’re going to get hacked. We have to assume, always, that our network is already owned. It is important to go slowly and stay calm. We will soon know how and when to lock the door. We will have to decide later if we should do more.

To me he said, “Also, relax. In the long run, the chance of survival always drops to zero anyway.” He did not say this to his client. It was not an insight the Company would have valued at the time. Even in the short run, as it turned out, the news would be alarming enough.

II. ANARCHIST AT HEART

Definitions. A vulnerability is a weakness in a network’s defenses. An exploit is a piece of software that takes advantage of a vulnerability. A zero-day exploit is a piece of software that takes advantage of a vulnerability that is known to a small group of aggressors and generally not to the defenders. “Back door” is another name for much the same. There are variations. Infinite invention is at play. Welcome to the Dark Net, a wilderness where wars are fought and hackers roam. More definitions. The Dark Net exists within the deep web, which lies beneath the surface net, which is familiar to everyone. The surface net can be roughly defined as “anything you can find through Google” or that is otherwise publicly indexed for all to see. The deep web is deep because it cannot be accessed through ordinary search engines. Its size is uncertain, but it is believed to be larger than the surface net above it. And it is mostly legitimate. It includes everything from I.R.S. and Social Security data to the internal communications of Sony and the content management system at The New York Times. It includes Hillary Clinton’s e-mails and text messages, along with everyone else’s. Almost all of it is utterly mundane.

The Dark Net occupies the basement. Its users employ anonymizing software and encryption to hide themselves as they move around. Such tools offer a measure of privacy. Whistle-blowers and political dissidents have good reason to resort to them. Criminals do, too. White fades quickly through gray and then to black in the Dark Net. Furtive sites there offer all manner of contraband for sale—narcotics, automatic weapons, contract killings, child pornography. The most famous of these sites was Silk Road—the brainchild of Ross Ulbricht, a libertarian entrepreneur who was arrested by the F.B.I. in San Francisco in 2013 and sentenced last year to life in prison without parole. New and even larger marketplaces have opened, including the current leader, AlphaBay, which is owned by a man who has been quoted as saying he resides in an “off-shore country where I am safe,” gives interviews to the press, and openly defies attempts by the authorities to shut him down. There are twists: illegal narcotics sold over the Dark Net tend to be purer, and therefore safer, than those sold on the street—this because of the importance to the sellers of online customer ratings. By comparison, it is hard to see the bright side of missile launchers or child pornography.

However noxious the illicit Web sites may be, they are merely the e-commerce versions of conventional black markets that exist in meatspace. The real action on the Dark Net is in the trade of information. Stolen credit cards and identities, industrial secrets, military secrets, and especially the fuel of the hacking trade: the zero days and back doors that give access to closed networks. A short-lived back door to the iPhone operating system may sell for a million dollars. In 2015 a black-market site called TheRealDeal, the first one to specialize exclusively in cyber-weaponry, opened for business. Several others have followed. There is something strangely circular about all this—the Dark Net chasing its tail through the Dark Net—but the stakes have turned out to be high.

HE CAN BREAK INTO ALMOST ANY SECURE NETWORK WITHOUT SETTING OFF ALARMS.

And the trade is new. So new that when Opsec looks back on recent history he can sound like an old man remembering the onset of World War II. He was born to a middle-class family in the orbit of Washington, D.C., and by the time he was in kindergarten it was obvious that he was a bright if stubborn child. This was toward the end of the 1980s, in the pre-dawn before the Internet as we know it. His mother owned an early personal computer—a big box with a keyboard, a black screen, and white letters. It had a dial-up modem for point-to-point connections to other computers. When Opsec was six, he discovered that he could play games on it. The first was a Japanese action game called Thexder, in which he could transform a robot into an airplane and bomb things on the ground. This was so gratifying that on weekends he would wake up his mother at five A.M. and get her to go through the necessary keyboard commands to access it. She grew so weary of this that she wrote out the commands for him to use. He then figured out how to write a simple program to automate the log-in.

That was the start of the path he remains on today. By the age of seven he had become a regular on electronic bulletin boards where gamers exchanged information and posted downloadable games. The bulletin boards were precursors of the Dark Net: you could not search for them on a computer; you had to have a specific phone number and reach it point-to-point with a dial-up modem. After you found the first one, you were in and could find others. The users had pseudonyms and remained largely anonymous. Age and location did not matter. Social awkwardness did not matter. Some of the information the bulletin boards contained included pirated property and advice on how to break the law.

Opsec was just a kid, and at first he was only after the games. His problem was that they were often locked and required payment. With hints from the bulletin boards, he began to reverse-engineer the games, identify the lines of code associated with security, and modify the programs to bypass the payment requirements. He then posted his solutions on bulletin boards so that others could do the same. Though he did not know it at the time, he was creating zero-day exploits.

 

By the sixth grade, Opsec had started hacking into universities and phone companies. His parents saw him sitting hour after hour at the keyboard, but were so unaware of his activities that they bought him a laptop for schoolwork because his handwriting was bad. The effect was to pour fuel on the fire. His grades plummeted from A’s to D’s. I asked him what the attraction of hacking was. He said, “The whole idea of being able to exert your will on systems that were designed to exert the will of others—the designers. It was a powerful and addictive feeling.”

When he was 12, Opsec began to attend the local chapter meetings of a notorious hackers’ group, named 2600 for the 2600-hertz tone that gave access to the analog phone systems of the time. The meetings were held in the food court of the Pentagon City shopping mall. He had a friend, a like-minded Persian kid who attended the meetings with him and was extraordinarily capable but a bit malicious: he later published papers on how to destroy hard disks remotely and how to cause computers to catch on fire by shutting down their fans. Although also an anarchist at heart, Opsec was more interested in expanding his skills than in wreaking havoc.

But the two friends had technical goals in common. They became regulars at the food-court gatherings and eventually met a man there who worked for an unnamed government agency but was willing to explain certain concepts clearly. Such exchanges are characteristic of the larger hacker gatherings that have followed, with natural adversaries such as F.B.I. agents and Eastern European cyber-criminals temporarily setting aside their differences to share information.

III. CHINESE NETWORKS

Opsec took what he learned and acted on it. In most cases, success was defined as access to the administrative console of an operating system. That position is sometimes known as a root shell. For Opsec it was the holy grail, because from within the root shell, as an illicit administrator, he could do as he pleased, including using one computer to attack another, and from there yet another, in daisy chains that spanned the globe. This was tricky stuff, and also risky, because much of Opsec’s hacking was in violation of increasingly vigorous federal law, and the F.B.I. was cracking down. The most famous case at the time was that of Kevin Mitnick, a young Californian who had been repeatedly jailed for hacking. After violating the terms of a supervised release, Mitnick went on the run for several years, earning a place on the F.B.I.’s most-wanted list before being caught in 1995 and hauled off to prison for five years. With several of his friends in detention, Opsec grew nervous about being identified.

It was 1996. The commercial Internet had barely arrived. Opsec was a scrawny adolescent. He was still using dial-up modems to break point-to-point directly into mainframes, particularly those that were part of the global telecommunications infrastructure. From an illicit bulletin board he obtained a master list of the default passwords used for many of the manufacturers, then went on a spray-and-pray hunt through the phone system, looking for vulnerable computers. To do this he wrote a program that would call every 1–800 number possible, for a total of roughly 7.9 million combinations. He chose 1–800 numbers because the calls were free. If computers answered, the program would distinguish between them, respond with factory-default passwords, and register the successful penetrations. Once the program had mapped the vulnerabilities, and Opsec had taken possession of some computers, he intended to use them to go after other computers, in order to hide his traces as he approached the final targets. The problem was how to make millions of automated phone calls, because even a 14-year-old has limits on his time.

 

Late one night, working alone, he threw a rubber mat over a barbed-wire fence protecting a phone-company yard, and climbed up and over. Once inside he broke into two vans and stole everything he could: technical manuals, linemen’s handsets, utility belts, uniforms, helmets, pay-phone keys, and, most important, a master key to neighborhood trunk boxes—the junctions through which hundreds of phone lines run. With parts from a RadioShack he built a small device that allowed him to seize every one of those lines simultaneously. He connected the device to a small laptop that he had stolen from a Staples, and set to work. Dressed in an oversize lineman’s uniform and hard hat, with a utility belt dangling equipment from his waist, he slipped away from his house and every night for several weeks probed the 1–800 network with thousands of computerized calls. On the final night of the endeavor, at two A.M., he had opened a trunk box situated on the front lawn of a church, when an old woman—a member of the congregation—spotted him from her window and, noticing that his uniform did not seem to fit him, called the police. Opsec still wonders what she was doing up so late. When he was arrested, the police had so little idea of what he was doing that they returned the laptop computer to his father without having it examined. The local prosecutors charged him with illicit wiretapping, as if he had been eavesdropping. His parents hired an expensive lawyer. Opsec copped a plea to a misdemeanor to avoid having to explain himself, and was sentenced to several weeks in a juvenile-detention center, to be followed by years of probation.

Then came the Internet, which for hackers was a dream come true. Suddenly they had access to millions of computers that until then they had needed to address one by one. Opsec invested in a high-speed DSL modem and set up a business in his Persian friend’s basement, renting out the connection to other hackers, who sent their computers to him because of the access he offered for relatively rapid downloads, often of stolen content, and the fast execution of complex attacks. He learned a lot by servicing those clients. As he gained experience he graduated from indiscriminate hunts for low-hanging fruit to more focused attacks, known as deep dives, against well-defended networks. The dives required careful planning. Opsec said, “You start with recon, studying the target network, but also doing research on employees, building psychological profiles, trying to assess the culture of security, and looking for the ‘social engineering’ possibilities—can you trick someone into divulging a password? You create a map of all the possible avenues you can use to get in.”

HIS CLIENT, AN INTERNET BEHEMOTH, IS UNDER CYBER-ATTACK FROM ALL OVER.

Opsec got into the Colombian government’s networks without setting off alarms, and spent six months there, undetected, moving around. Then he dived into Chinese-government sites and military networks, and into the domain of specific Chinese hacking teams. He was 16 now. In yet another lapse of understanding his parents allowed him to take a job in an electronics store, where his main purpose was to steal more “burner” laptops to discard after use, to avoid detection. A regular customer there learned of his unusual knowledge of Chinese networks and offered him some work on the side: the man handed him a list of about 20 Chinese servers and asked Opsec to look into them. This turned into a regular thing. The man sent a bank transfer to him every month. Opsec guessed that he worked for the N.S.A. or the C.I.A.

Opsec’s parents, meanwhile, kept shipping their son from one school to another, in the vain hope of getting him to return to conventional studies. They sent him off to a military school with the idea that boot camp might bring him to heel. He hacked into the school’s network, encrypted the data on a classmate’s personal computer, and taunted him with the loss. The school found out and gave Opsec the choice of helping to shore up its defenses or being expelled. He chose to be expelled. When he called his mother to give her the good news, she was livid. She said, “How did you manage to get kicked out of a bad-kid school?” She exiled him to live with his uncle in a faraway place. He kept hacking.

IV. “MAFIABOY”

Opsec describes the public’s awareness of the Dark Net as a slow awakening. It started at the dawn of the new millennium, around the year 2000. With Internet connections proliferating, e-commerce expanding, and the dot-com boom fully under way, the surface Web looked much as it looks today except for this: attacks were not pervasive and computer security was not a big concern. The problem with security is that it slows operations down, and the new and ambitious Internet entrepreneurs were locked into competitive races that allowed no room for interference. The interference came anyway. In February 2000 a 15-year-old French Canadian who went by the name Mafiaboy launched a series of denial-of-service attacks that took down a progression of important Web sites, starting with the then dominant search engine, Yahoo, and moving on to Amazon, eBay, Dell, and CNN, among others. Such denial-of-service attacks, which overwhelm Web sites by hitting them with massive traffic, are the most primitive form of hack. They require only the hijacking of undefended computers, not the penetration of the target networks, and they do not result in the loss of data. In Opsec’s view, Mafiaboy was a talentless “script kiddie” who used off-the-shelf components written by others, and needed little knowledge to pull off his stunt. He was so naïve that he bragged about his exploits in Internet chat rooms. He was arrested, and sentenced as a juvenile to eight months of house arrest and a year of probation. But Mafiaboy’s attacks surprised the industry, caused losses estimated at more than a billion dollars, and made international news. Internet companies realized that they were going to have to improve their resiliency. The magnitude of the cited losses also got the attention of the underground. Anarchists were attracted by the opportunities to cause disruption. Others were attracted by the opportunities to make money. Organized crime soon got involved. Identity theft, credit-card fraud, and electronic extortion expanded rapidly. The public remained largely unaware, but with monetization the evolution of the Dark Net suddenly accelerated. In the United States alone, nearly every company larger than small is getting hit on a regular basis, usually from abroad. The Pentagon has said it fends off several million attempts at cyber-intrusion every day.

Opsec had just turned 18 when Mafiaboy struck. Nominally he was a senior in high school. As an adult now, he arranged to have authority over his probation transferred from where he lived with his uncle back to the Washington area, and he returned from his exile soon afterward. That spring he fell in love with a beautiful Asian girl who was all about drugs and sex, and he moved in with her. During his next visit to his new probation officer, he reported the change of address, and she busted him for it because he was supposed to have informed her in advance. He was sent to jail for several months to contemplate the error. In prison he found a mentor who was a doctor convicted of selling the identities of dead babies on the Dark Net for use in providing criminals with new identities. Opsec was released in 2000, becoming a free man without restrictions for the first time in four years.

He swore off hacking, and went to work at an espresso bar on the ground floor of an office building. Through a chance encounter with a customer there, he found himself with a computer job upstairs. The company was in the data-transmission business, largely through fiber-optic cables laid long-distance along 19th-century railroad rights-of-way. Opsec was assigned to the company’s control center to give general assistance to customers, who were mainly Internet-service providers. Given his talents, he soon gravitated to the security side. To his surprise, Opsec found himself back in the underground from which he had just emerged.

Opsec moved on to a series of small jobs, then landed a position at a network-security company. That company was a surface reflection of the Dark Net. One division was straightforward: it mined the Dark Net for known vulnerabilities and compiled them into an encyclopedia for its clients. Another division was grayer in character. It offered bespoke intelligence gathering, often under cover of the Dark Net. Opsec once stumbled across one of its products—behind a door that should have been locked, in a large room, on a circular table 20 feet across on which al-Qaeda’s electronic connections were physically mapped out. And then there was the third division, a part of the company that was rarely mentioned. It was the moneymaker, an exploit broker for the U.S. government—much like those that exist for criminals on the black market—that did original zero-day research and sold the hacking opportunities to NATO allies.

V. HIRED GUN

We are now approaching the mid-2000s. Most of the attackers were not skilled hackers; they were incapable of examining software or a secured network and discovering vulnerabilities. They knew only how to acquire tools on the Dark Net and put them to use. Opsec was different, one of the few who could have made a living as a researcher whether by selling zero days to the target companies (who after years of reluctance had wised up and begun paying bounties for them), by peddling them to brokers, or by offering them for sale on the black market. But he did none of that. He went to work for a computer-security company as a “penetration tester,” and for the next five years traveled extensively, performing security audits and hacking into corporate networks to explore their weaknesses. Some of Opsec’s clients were serious about security. But many were just going through the motions. All too often Opsec would hack into a network, submit a report recommending fixes, and come back the next year only to find that nothing had been done. He said, “Mostly it was just check-box security. And a lot of the penetration testers are really bad. They don’t have the background or mind-set. They don’t have the skills. They have a scanner with a database of all the different vulnerabilities, and it checks the network for those things. There’s no creative process there. They’re not looking for things that are not in the knowledge base. They push some button, then come back and say, ‘You’re clean!’ ”

In 2007 he quit the job and set himself up as a hired gun, determined to be selective about which clients to accept. The first requirement was that they had to be serious about network security. The second requirement was that they had to be on the side of “right.” This turned out to be tricky, because the expertise he offers and the systems he puts in place are classic dual-use weapons that can be used to rob and oppress just as easily as to defend people’s lives and property. Furthermore, Opsec was politically naïve: he assumed that U.S. agencies and foreign allies were inherently on the side of right. He no longer suffers from the illusion. To me he said, “If you kick over enough rocks, you’re going to find shit, and if you piss off the military-industrial complex . . .” He hesitated. He said, “There are certain things they just don’t want you to know. And they kill people. They’ll kill you.” I asked him if paranoia is a professional hazard. He said it is, but if only for peace of mind he steers clear of those sorts of clients today.

As a gun for hire he made some mistakes early on. He would not describe them to me. He did say that he spent a month in Pakistan with U.S.-government approval, consulting with the Pakistanis on how to establish cyber-war capabilities. Clearly that was not his proudest moment. Several years later he made a similar mistake by subcontracting to an American team in an oppressive Gulf kingdom and ally of the United States. He assumed that the project was known to the U.S. government and only later discovered that it was not. Opsec moved to the kingdom for nine months. The job was to set up a national network-security operations center, an emergency-response group, and a hacking school to teach offensive and defensive cyber-warfare techniques. The school was equipped with cyber-warfare “firing ranges”—rooms of computers where simulated attacks could be run—and had a curriculum that included intelligence gathering and the writing of malware. Additionally the team ran penetration tests and discovered vulnerabilities in the country’s radar and missile-defense systems as well as in its international telecommunications. But Opsec discovered that under the table the team was selling cell-phone interception and tracking equipment to the authorities for all the wrong reasons. The capabilities he was providing for national defense would in practice be turned against the citizenry. He left the project and returned to the United States. He settled down with a few good clients, the best of which was the Company, 20 miles from home.

VI. ALL-OUT WAR

The ransomware attack on the Company late last year was not just an incident. It was a serious breach. Opsec urged stealth in response. The attacker would have known that he had failed to steal the Company’s data; there could have been various reasons for that. It was important to keep him wondering whether the hack itself had been discovered. The ransomware was a generic off-the-shelf module of no great interest or complexity. It had arrived only two or three days before being identified. The question was how it had arrived. To his shock, Opsec soon determined that it had come in by piggybacking on a major intrusion, until now unknown, that had occurred fully a year before. This was the hack that really mattered. The extent of it was still unclear, but the Company’s network had been secretly “owned” ever since. There was more. Embedded in the system was strong evidence that the attackers were the same Chinese- government team that had hit the Company four years earlier. And the Chinese team’s capabilities had vastly improved.

Here is what occurred. The Chinese first went into a subcontractor, a global offshore payment processor that handled credit-card transactions, and then, having gained possession of that network, quietly entered the Company through a legitimate back door that had been installed on the Company’s network to administer consumer accounts. The initial breach was a work of art. The Chinese wrote a piece of customized software purely for that job. It was a one-of-a-kind “callback dropper,” a Trojan horse that could be loaded with any of many malware modules, but otherwise stood empty, and regularly checked in with its masters to ask for instructions. Once inside the network, the Chinese were able to move laterally because the Company, for the sake of operational efficiency, had not compartmentalized its network, despite Opsec’s advice to do so.

They knew exactly where they were going. First, using “bounce points” within the network to further obscure their presence, they went after the central domain controller, where they acquired their own administrative account, effectively compromising 100 million user names and passwords and gaining the ability to push software packages throughout the network. Second, and more important, the Chinese headed into the network’s “build” system, a part of the network where software changes are compiled and then uploaded to a content-distribution network for the downloading of updates to customers. In that position they acquired the ability to bundle their own software packages and insert them into the regular flow, potentially reaching 70 million personal computers or more. But, for the moment, they did none of that. Instead they installed three empty callback Trojans on three separate network computers and left them standing there to await future instructions. Opsec and his team concluded that the purpose was to lay the groundwork for the rapid construction of a giant botnet.

The “bot” in “botnet” is derived from “robot.” Botnets are illicit networks of infected computers, known as zombies or nodes, that appear to function normally but are secretly controlled by hackers and can be used in combination to produce enormous computing power. The largest of them have consisted of several million computers. They have been around for a long time. No one knows how many are active, but the numbers are large. A few are self-propagating, but most require active (if unintentional) downloading. Either way, they are the force multipliers of the Dark Net. Some of them are commercial, and offer services on the black market. Others are privately held. On the most simple level, hackers use them to mount denial-of-service attacks, overwhelming Web sites with the sheer volume of traffic. Beyond that, their purposes are almost limitless—identity theft, credit-card fraud, bank fraud, intelligence gathering, high-speed code cracking, corporate espionage, commercial sabotage, and attacks on national infrastructure, including industrial control networks, phone systems, and the Internet itself. Cyber-attacks that cause physical damage are extremely rare—Iranian centrifuges destroyed by Stuxnet in 2010; a steel mill hit in Germany in 2014; blackouts caused by a hack of the power grid in Ukraine in 2015—but whatever damage a single computer can do, a botnet can do it better. Botnets are so valuable—and potentially so short-lived—that their creators normally rush to use them as soon as they are built. That was the odd part about the attack on the Company. The Chinese had gone to all the effort to insert their Trojan, yet had stopped without taking further action. Why?

The botnet it could have created would have been huge. If the Chinese had breached other large Internet companies via the same payment-center route—and it seemed likely they had—the combined effect would have been the creation of by far the largest botnet ever seen, an Internet robot consisting of perhaps 200 million computers, all controlled by one small Chinese hacking team. Opsec had stumbled onto a very big thing. And its lack of use was the key. The only possible purpose, Opsec concluded, was that of a sleeper cell, lying in wait as a pre-positioned asset to be used as a last resort, like a nuclear weapon, in the event of an all-out cyber-war. The world certainly seems to be moving in that direction. Already cyber-attacks constitute an active component of nearly every conventional military battle. They are used by the U.S. in conjunction with the air and ground war against ISIS. Some say that a global cyber-war is already under way, because everyone is getting hacked. But many states—China, Russia, Germany, France, Pakistan, Israel, and the United States—are actively preparing for something much larger to come.

The sleeper cell would never have been discovered had it not been for the ransomware that failed to deploy. According to Opsec, a member of the Chinese government team had apparently decided to freelance and make a little money for himself, sending his extortion demand along the pathway secretly blazed by the government team a year before and inadvertently exposing the entire operation. When identified, if he has not been already, the renegade team member in China will face a very unhappy future.

As for the future of the sleeper cell itself, Opsec could only speculate. The U.S. government had of course been informed. “Yeah, and they wouldn’t take it down. They’d surveil it, do reconnaissance and monitoring, just so they could keep tabs, and they would probably spend some time developing the capability to disrupt or hijack the botnet if they needed to. Right?,” he said. “Let the Chinese build their cyber-weapon and think they’ve got it, and when we need it, we’ll just block it or take it over.”

I said, “What branch?”

“Meade. The Fort.”

How Opsec himself responds is another matter. He is not the U.S. government. He once told me he is his own mini-N.S.A. Referring to a friend of equal reputation, he said, “We write highly invasive software.” As a product of the Dark Net, he has the power to invade China, and has done so before. I asked him what an invasion would look like. He said, “We’d find their command-and-control structure, the control brain for the malware they use. Ultimately, what you’d like to do is find a way to hack into their C2 servers and (a) figure out what information they acquired from you, and (b) insert a command into their infrastructure that tells all the malware out there to delete itself. A botnet takedown, that’s what I’d like to see. We’re at least crippling their network.” And maybe, he went on, as a present, you could give them the identity of the guy whose ransomware brought the hack down.

So is that what you’re doing?, I asked.

Of course not, he said. It would be against Company policy.

Source: http://www.vanityfair.com/news/2016/09/welcome-to-the-dark-net

 

Page 1 of 3

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.
Please wait

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Newsletter Subscription

Receive Great tips via email, enter your email to Subscribe.
Please wait

Follow Us on Social Media

Book Your Seat for Webinar GET FREE REGISTRATION FOR MEMBERS ONLY      Register Now