AI in Policing, how technology is helping to keep us safe

Patrick Buckley    18 March, 2021

Artificial intelligence and IoT technologies continue to revolutionise the way in which we live around the world. In today’s post we take a brief look at how technologies enhance the capabilities of security forces globally and help keep us all a little bit safer.

Connected Cameras

For a few decades now police forces around the world have used advanced connected camera systems to monitor areas with a high prevalence of crime, prevent incidences and track criminals. Around the world, as a direct consequence of this, crime rates have fallen. Surveillance has become increasingly reliable, sophisticated and effective. 

Let’s take the case of Montevideo, the capital city of Uruguay. For many years, the city has experienced increasingly high incidences of both petty and violent offences.

In 2013, the local government launched a project with the aim of cutting down violent crime in the city. To achieve this, zones with the highest exposure to crime were isolated. This was done by analysing data on differential crime rates across the city zones and neighbourhoods. Connected IoT camera technology was installed strategically in each zone so as to maximise finite police resources.

Over the following few years, the project was proven to be a resounding success, cutting crime in the targeted areas by an average of 20%.

Machine Learning, the key to footage analysis

Connected camera systems alone are pretty useless without the tools to properly analyse the footage gathered. Typically officers would spend many hours a day ciphering through hundreds of hours of footage in search of a desired profile or event. In recent years, police forces have started to apply Machine Learning algorithms when filtering through footage to exponentially increase efficiency and maximise valuable officer time.

The New Orleans Police Department (NOPD) was the first law enforcement agency of its kind to adopt Machine Learning into their surveillance processes. In 2018, the department installed over 400 cameras across the city, as in Montevideo, these cameras are strategically located in crime hotspots around the city .

The NOPD has employed the BriefCam solution to efficiently identify specific characteristics within a footage sample, or indeed a set of tapes. For example, if we know that a crime has been committed in a specific area by a man wearing a bright green shirt , an officer can tell the system to filter the footage to present only the frames which show people wearing such a shirt. The profile can be then tracked easily and their movements identified in a very short period of time, allowing for quick police action.

Predictive Policing – The future? 

Thanks to Artificial Intelligence and Big Data forces can now even predict, with a fair degree of accuracy, the location of future crimes. Predpol is a revolutionary predictive policing model which was developed by a team of data scientists at UCLA. Law enforcement agencies can use this tool to understand the likely location of future criminal activity.

The system uses historical input data regarding three main variables; the type of crime, the time it was committed and the site location. Using this data, the algorithm can then predict, in a dynamic way, the next moves of gangs and well known criminals.

This technology goes way beyond the hot-spotting techniques described above. Its not about stationing officers where events have been, but where they are likely to be. Teams can be dynamically mobilised in an almost magical way. Every morning a new report is generated and every day teams mobilise in different locations. The company claims that this technology is currently being used to help protect one out of every 33 people in the United States, as this technology continues to be developed and utilised around the world, it will undoubtedly become a crucial tool for any law enforcement agency.

Conclusion

The application of IoT technology in policing is nothing new. However, by combining IoT with Artificial Intelligence and Machine Learning, powerful tools have been created which help to dramatically enhance surveillance footage analyse and even predict new events. This technology is set to redefine the way in which policing is done around the world.

How Artificial Intelligence is helping companies to improve their customer relationship: Vivo’s success story in Brazil

Kassandra Block    17 March, 2021

During the pandemic, the need for companies to use digital channels in order to provide a quality customer service has become evident. An example of this digitalisation in its customer relationship is Vivo in Brazil, whose slogan even before Covid-19 was “Digitalise to Bring Together”. They have seen how digital channels powered by Aura, Telefónica’s Artificial Intelligence, have experienced unprecedented growth during 2020.

If we compare the months of March and June 2020, Aura attendances via WhatsApp grew by 75%”, Fabricio Bindi, Director of Customers Insights and Artificial Intelligence at Vivo in Brazil, tells us. He has been in the communications industry for 15 years and today believes he has found his perfect fit as a professional “who can bridge the gap between business and technology, digitalise processes, think of a data architecture that enables effective AI and an excellent digital relationship with customers that will make all the difference.” During the pandemic they witnessed how “customers more used to traditional channels, such as stores and call centres, sought solutions that would solve their problems in a simple way, and the habit of using WhatsApp in their daily lives made it easy for them to adopt this channel.”

How Vivo Brasil launched its AI tool in Brazil

In 2018 Aura was implemented in Brazil with the purpose “to provide an increasingly excellent service to our customers, making their experience with Vivo even better.” With this, Vivo became the first operator in Brazil to launch an Artificial Intelligence tool. Since then, Aura has seen unstoppable growth in the country and has already accumulated about 580 million interactions, making it the most advanced and relevant channel of interaction with Vivo’s customers.

Digitalisation and Artificial Intelligence: two fundamental pillars of customer relationship care

Aura is already present in 20 digital channels of Vivo in Brazil, including Vivo’s own channels and those of its partners, such as the Meu Vivo app, the call centre, Facebook Messenger, WhatsApp and Google Assistant. Initially, interactions with the AI were mainly carried out through IVRs, where the customer would call and at some point, interact by voice with Aura.

According to Bindi “this channel was the most important until the end of 2019, when we had great growth in the use of messaging channels, especially WhatsApp and within our Meu Vivo app.” Today Aura “provides personalised solutions about services, data consumption, bills, recharges and other questions with over 90% accuracy.” This is how it accumulates more than 40 million queries per month, bringing value to customers by facilitating their day-to-day lives.

How Aura evolves thanks to the multidisciplinary team

For Fabricio Bindi, the success of Aura is closely linked to “the work of a multidisciplinary team, composed of software engineers, machine learning experts, linguists, User Experience professionals, data scientists and the staff of the Bot Training Centre (CT Bots, for its acronym in Portuguese), among others, who work to ensure that Aura is increasingly humanised and useful for our customers.”

It is a constantly evolving project, in which professionals learn with each new use case. For Fabricio Bindi, it is essential that the team works on “use cases that create a “WOW” effect on the customer, bringing real value to the user’s life.” They are convinced that AI empowers the human factor and creates new career opportunities because, after all, it is the experts who make Aura evolve. So, for example, Vivo’s top 20 call centre assistants form CT Bots, and listen to interactions between Aura and customers to identify possible inaccuracies, while working every day on improving its accuracy in understanding regionalisms or different accents.

How Vivo Brazil has helped to foster social support and sustainability

In the social field, Vivo supports groups at risk of social exclusion by bringing Internet to schools and hard-to-reach areas, as well as providing aid to hospitals and people in extreme poverty. It also has a strong commitment to the environment, focusing on recycling and sustainability. As Fabricio Bindi explains “Telefónica has a long-term commitment to Brazil.” Telefónica has not only invested around 400 billion Brazilian reals in the country to build the world’s most advanced telecommunications infrastructure, enabling the digital transformation that has allowed the economy and society to continue to function during the pandemic.

It also launched different actions during the pandemic in 2020 to help everyone get through it more peacefully. Fabricio Bindi here highlights “that the Fundação Telefônica Vivo has allocated, in an extraordinary way, about R$38 million to public hospitals in 12 Brazilian states, contributing to the purchase of consumables and equipment for ICUs and food for 60,000 families living in extreme poverty.” The foundation also offered during the closure of the public schools free courses on its online platform for teachers and pupils. In addition, 200 ventilators imported from China were purchased in collaboration with the banco Santander Brazil.

A commitment to sustainability

In terms of sustainability, Vivo Brazil is also a role model. We encourage recycling with the Recycle with Vivo programme, which offers the possibility of disposing of mobile phones, modems, chargers and batteries in the appropriate containers in all our shops, as Brazil is one of the largest producers of electronic waste in the world. With a new campaign, launched in 2020, they want to increase the collection and recycling of electronic devices by 20%, so that the public opts for responsible consumption.

Another initiative is Vivo Renova, where customers exchange their devices in good condition for newer models. Fabricio Bindi explains that at the company “we also offset 100% of direct greenhouse gas emissions. The use of renewable energy, combined with the purchase of carbon credits, allowed the company to anticipate the global target of the Telefónica group. In 2019 alone, Vivo cut CO2 emissions by 50% with the use of renewable energy.”

Next steps of Aura in Brazil

Thanks to Aura Vivo in Brazil has a very solid platform and is increasingly evolving towards a model that anticipates customer needs. To achieve this, they are implementing operations with Machine Learning. According to Fabricio Bindi “we want to make product and service recommendations, anticipate critical journeys, customise the experience each customer has and apply the best format for that customer.” These concepts are becoming more real everyday thanks to Aura and the digitalisation of the customer service.

Your MacOS System Is Also A Target for Cybercrime – Protect It!

Carlos Ávila    16 March, 2021

According to statcounter, Apple’s operating system, macOS (formerly OSX) in particular, has a market share of around 17%, making it the second most widely used desktop operating system. This makes for an attractive market where cybercriminals are constantly on the lookout for vulnerabilities that can be effectively exploited.

Likewise, today’s use of cross-platform malware through new programming languages facilitates much wider deployment and a broader scope of victims. This type of malicious code is designed to attack multiple operating systems, including macOS. This would provide potential “tools” for cybercrime to make the most of them, obviously in a malicious way.

For this reason it is important to be aware of certain considerations beyond the operating system so that, as an IT user or administrator, you can strengthen these types of systems. While there are recommendations and good practices that should be followed to keep the device and the information it manages as secure as possible, the focus of this article is to share some additional security tools that you can have at hand beyond the operating system.

Security Tools to Be More Protected

The following are some of the most important (open source and free) tools for protecting your operating system:

  • BlockBlock: monitors the most common locations used by malware to gain persistence and triggers alerts each time they are modified with a new file
  • FSMonitor: is an application that monitors and visualises, in a user-friendly graphical environment, all changes in the file system.
  • KnockKnock: you can identify illegitimate software installed on your computer and potential malware persistently installed on your system
  • LinkLiar: in particular cases, in order to protect your privacy, you may need to change your MAC Address and this programme will allow you to easily do so
  • Lynis: allows you to perform an exhaustive diagnosis of the system and measure the level of hardening of the system. It is a very complete tool
  • OverSight: monitors the system’s webcam and microphone, alerting whenever any process tries to access them
  • RansomWhere?: continuously monitors encrypted files for suspicious processes, can stop the process that is running the ransomware and attempts to minimise the consequences of infection within the system
  • ReiKey: identify malware by monitoring the user’s actions, mainly by looking for keyloggers on the system
  • Santa: developed by Google, consists of a macOS kernel extension that monitors application white/blacklisting.
  • Stronghold: simple program to easily configure macOS security settings from the terminal
  • TaskExplorer: allows you to see all the processes running on your computer, including any malware that may be present. In addition, it integrates with VirusTotal

As I mentioned at the beginning of this article, don’t forget that the operating system itself has several security and privacy controls that you should be aware of. In addition, tools change and the important thing is to remain updated from the various sources that exist today through repositories, initiative procedures, specialised technical articles, videos and much more that can add up to your devices, or your infrastructure if you are a company, being more protected from threats to macOS systems.

Apple devices in general are increasingly being targeted by cybercrime, so you should adopt each of these recommendations to avoid becoming a victim of online attackers.

Matching startups: virtual medical assistance and 5G-connected ambulance with Visionable

Matilde de Almeida    15 March, 2021

Innovating within a company is not an easy task, but it is necessary, and the business development team at Telefónica Open Innovation, takes care of just that. We attempt to bring innovation closer to the company and its clients by finding the perfect match, or as we call it ‘fit’, between their technological needs and the solutions offered by Wayra startups.

In January we shared the story of one of the most global fit cases of 2020, where we also explained how we support startups in their internationalization process. Apart from helping startups grow internationally, we also work with them to find ways in which Telefónica can provide value to their projects, helping them to scale. A great example of this is the “Smart Ambulance”, a project in which Visionable and O2 UK have worked together.

What is Visionable?

Visionable is the first video collaboration platform designed specifically to help medical teams with their advanced clinical needs. It has its own, proprietary software approved by the NHS (National Health Service).

In 2017, two years after its foundation, Visionable was invested by Wayra UK after applying to their ‘General Call London Programme’, a flagship program created to find companies that could be interesting for Telefónica. Finally, in 2019, this startup began its collaboration with O2.

Visionable was selected as one of Open Innovation’s 2020 Tech Bets – a list of companies, within our yearly Hall of Fame, which we believe have a clear potential for growth due to their innovative technology.

Virtualizing healthcare with Visionable

As stated by its founders Alan Lowe and Lord Victor Adebowale, Visionable aims to transform healthcare through its technology, helping to develop the “next generation of virtual hospitals”. Their objective is to quickly address patients’ needs and demands, which continue to grow, especially with the emergence of new diseases such as COVID-19.

Through Visionable’s software an unlimited number of medical experts, from different fields, are able to meet securely online, from any location and through any device. In these virtual meetings, high definition clinical-grade images, such as X-rays or MRI scans, can be exchanged in real time, enabling faster diagnosis and collaborative decision making. 

Additionally, clinicians can hold virtual consultations with their patients through this videoconferencing platform, with immediate access to their medical records and high quality imaging tests. This offers a greater adaptation to patients’ availability and helps avoid unnecessary trips to the doctors office or hospitals, something which is especially important during the pandemic.

Today, Visionable is working with more than 100 organizations and over 36 NHS trusts in the UK, as well as with the health insurance company Bupa and the government agency HM Prison & Probation Service. They also have an agreement with Verizon in the United States.

Saving lives with Visionable’s ‘Smart Ambulance’

Undoubtedly, the company’s most innovative case has been the development of the ‘Smart Ambulance’. A project aimed at assisting and helping treat stroke patients quicker and more effectively, and in which Visionable has worked together with O2 UK and other partners.

Around 6 million people pass away each year due to strokes, making it the second leading cause of death and the third leading cause of disability worldwide. During a stroke, hundreds of millions of cells die every minute, so intervention time is really important.

That is why Visionable wanted to transform traditional ambulances into connected vehicles that would help emergency medical technicians contact medical experts at the hospital faster, in order to accelerate the critical treatment of patients, prior to their arrival at the hospital. This way, patients could recover sooner and mortality rates would decrease.

The company gained funding from Innovate UK (UK Government) to deploy connected devices in ambulances with East of England Ambulance Trust. O2 is also providing East of England Ambulance Trust with 4,000 iPads to enable a more connected way of working. This concept was initially tested at a 5G testbed in Millbrook, Bedfordshire, with O2 providing connectivity and Samsung providing the devices.

Telefónica’s 5G Connectivity: a key element for the connected ambulance

For the execution of this project, Visionable – together with the NHS – reached out to O2 in search of a high-speed and low latency connectivity that, coupled with the company’s software, would allow for high-definition images and video conferencing to be transferred faster. This  actually presented an innovative use case for Telefónica’s 5G connectivity in the healthcare industry. It’s worth pointing out that other use cases and applications of this new generation of connectivity for telemedicine are already being developed, such as remote surgery or the use of wearable devices to monitor patients’ health.

This success story proves that innovation in traditional sectors is not only possible but also necessary. The digital transformation of the healthcare system will undoubtedly improve our quality of life, not to mention that it represents a 200 billion dollars market.

If you want to know more about the company you can visit their website or contact Open Innovation’s business development team.

Cyber Security Weekly Briefing March 6-12

ElevenPaths    12 March, 2021

FluBot botnet behind messaging company impersonation campaign

Last Friday, researchers at Threat Fabric named the threat behind the campaign to impersonate SMS messaging companies. Specifically, they talk about the Cabassous malware, a banking trojan discovered in December 2020 and which would be very much centred in Spain. ESET malware researcher Lukas Stefanko also confirmed the link between fraudulent SMS campaigns in Spain and Poland that impersonate messaging companies, and the FluBot malware (aka Cabassous). He also provided a link to a report by Prodaft (Proactive Defense Against Future Threats) analysing the activity linked to the FluBot botnet. The report includes some of the statistics linked to the botnet, with more than 60,000 infected devices, where 97% of the victims are located in Spain. The total number of phone numbers collected could exceed 11 million (at that moment). The objective of the trojan is the collection of users’ banking credentials. However, in addition to this main goal, and unlike other banking trojans, FluBot has the ability to steal its victims’ address books and send fraudulent SMS messages from compromised devices. It is this ability that has fuelled its rapid and effective spread. That same day, the Mossos d’Esquadra reported the dismantling of a criminal group specialized in smishing campaigns. Mossos’ announcement did not specify that the detainees were the operators of the FluBot botnet, known that same day in the morning thanks to a detailed report from the firm Prodaft. However, one of the Prodaft investigators confirmed, linking the Mossos announcement, that those arrested were FluBot operators and that the C&C had already been down since early in the morning. One of the articles in the press that echo the dismantling, El Periódico indicates that the investigation, which would still be open, would have started last October 2020 as a result of the complaint by a user of receiving an SMS fraudulent. This news could make it possible to suggest that the aggressive smishing campaign that we have been seeing in recent weeks could be finished. However, the reception of fraudulent sms continues to be reported on social networks after the moment of dismantling, so we cannot rule out that the dismantling was only of a part of the infrastructure.

Info: https://twitter.com/m3karadag/status/1367769424502136832

​Airline data leak due to cyber-attack on IT supplier SITA

On February 24, SITA, an international telecommunications company that provides technology services to companies in the aeronautical industry, was the victim of a security incident that affected certain passenger data stored on the SITA Passenger Service System (SITA PSS) servers. This platform manages ticketing, boarding and other user transactions for major airlines. As confirmed by a SITA representative to online media, the affected entities include Lufthansa, Air New Zealand, Singapore Airlines, SAS, Cathay Pacific, Jeju Air, Malaysia Airlines and Finnair. In total, it is estimated that more than two million end users could have been affected by this incident. In its own statement, SITA indicates that it is taking steps to contact all affected SITA PSS customers, in addition to initiating other specific containment measures. The investigation into the origin of the incident is still ongoing.

More: https://www.sita.aero/pressroom/news-releases/sita-statement-about-security-incident/

​​​​​Microsoft security newsletter

Microsoft has published its monthly security newsletter for March in which it has fixed 84 vulnerabilities, including two 0-day vulnerabilities, as well as ten other vulnerabilities of high criticality. The 0-day fixes are: CVE-2021-27077, privilege escalation in Windows Win32k; and CVE-2021-26411, memory corruption vulnerability in Internet Explorer. It is known that this last vulnerability, with high criticality, was exploited by the North Korean group Lazarus last January. Finally, Microsoft has released security updates for currently unsupported Microsoft Exchange servers that are vulnerable to ProxyLogon attacks (CVE-2021-26855), which are not compatible with the patches released in early March.  

More details: https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar

​​​​​​Fire in several OVH data centers

Octave Klava, OVH’s founder, announced at 3:42am via Twitter that a fire was detected in one of its data centers in Strasbourg. The fire started in SBG2 and affected part of SBG1 shortly after, with the firemen struggling to effectively isolate SBG3 and SBG4. Earlier in the morning, Klava announced that the fire was now under control but that there was no access to any of the four sites. A further update at 10.00 a.m. indicated the intention to restore at least the service provided from SBG3 and SBG4, and perhaps SBG1, during the course of today. In its initial announcement of the incident, Klava recommended its customers to make use of the firm’s disaster recovery plan, which was set up to avoid major problems when the service fails to function. As a result of the fire, there is currently severe disruption to a large number of OVH-hosted websites.

All the details: https://twitter.com/olesovhcom/status/1369478732247932929

News about ProxyLogon, vulnerabilities in Exchange

Since the active exploitation of 4 Microsoft Exchange 0-day vulnerabilities by the Chinese actor Hafniun came to light last week, news have been published in which it has been known that among the victims of these attacks would be the European Banking Authority (EBA). In addition, ESET researchers have learned of the exploitation of these vulnerabilities by other cybercriminal organizations, including the DearCry ransomware operators. Microsoft has also published updates to correct these vulnerabilities, warning about the need to follow the instructions correctly because they could be installed without repairing the vulnerabilities; it has also released security updates for unsupported servers that are vulnerable. In addition, Microsoft has launched a script to search for IoCs associated with these vulnerabilities in the system, and has updated its Microsoft Safety Scanner tool that detects and removes webshells. Additionally, the Latvian CERT has developed a script that detects webshells but does not remove infected files.

Nobody on The Internet Knows You Are A Dog, Even If You Use TLS Certificates

Gonzalo Álvarez Marañón    12 March, 2021

You may have noticed that most websites have a little padlock on them. If you click on it, a window will pop up stating that “the connection is secure”. Secure? What kind of secure? How secure?

In this article we will put digital certificates on the table and break them down thoroughly to get to the bottom of the issue: what security does TLS provide?

TLS, The Security Protocol Behind Secure HTTPS Websites

A website protected by Transport Layer Security (TLS), the protocol behind the little padlock, offers three security guarantees or services.

  • Confidentiality: the communication between your browser and the web server is encrypted, so that if an attacker intercepts the data, they will not be able to find out what it contains.
  • Integrity: if an unexpected error occurs in the transmission or an adversary attempts to interfere in the communication, the modification will be detected.
  • Authentication: a digital certificate will tell you who is the (supposed) owner of the website you are visiting.

In short, if a page is protected with TLS, you have the (almost) absolute guarantee that nobody except the target web server will be able to see the data you exchange with each other. In other words, confidentiality is guaranteed. The problem that remains unsolved is: who is really behind this server? In other words, who are you sending your encrypted data to?

Nobody on The Internet Knows You Are a Dog

Illustration by Peter Steiner. The New Yorker, issued on 5 July 1993 (Vol.69 (LXIX) no. 20), page 61.

This joke dates back to 1993 and it couldn’t be more relevant today because in 30 years we haven’t made much progress! If you are reading this article on the business.blogthinkbig.com website, how do you know it is the actual Telefónica blogthinkbig.com website and not a fake one? You only have one recourse left: click on the little padlock and open the certificate.

And what do you find? That the certificate has been issued by the company GlobalSign in the name of *.blogthinkbig.com. Are you now reassured about the identity of the owner of the website? Well, this doesn’t help much, does it?

But a certificate contains much more information than this initial summary. Select the Details tab and you will see a whole host of fields. In particular, the Subject field reveals that, in this example, the company behind *.blogthinkbig.com is Telefonica SA.

But do not think that all certificates provide this information: some provide less, they do not reveal the entity behind the website; others provide more. Let’s break them down so you understand what each field represents.

Breaking Down a TLS Certificate

Digital certificates are electronic documents that guarantee (to a certain extent) the identity of a natural or legal person and that this person possesses a certain public key. A trusted third party, called the Certification Authority (CA), is in charge of validating this identity and issuing the certificates linking identity and public key. A TLS certificate contains the following information:

  • Version of the X509 standard, version 3 is currently used.
  • Serial number used by the certification authority. Now required to be random, non-sequential, with a minimum entropy of 20 bits.
  • Algorithm identifier, which must be the same as the “Certificate Signing Algorithm”, described below. It is placed in this position to be protected by the signature.
  • Identification of the certification authority, through a unique Distinguished Name (DN):
    • CN – CommonName
    • L – LocalityName
    • ST – StateOrProvinceName
    • O – OrganizationName
    • OU – OrganizationalUnitName
    • C – CountryName
  • The period of validity of the certificate: from when until when it is valid.
  • The unique distinguished name of the certificate holder. This can be a natural or legal person. The authority verifies this identity more or less reliably, as will be shown below.
  • Holder’s public key information, specified by:
    • Algorithm
    • Ley size
    • Exponent
    • Module
  • Extensions (optional): These were introduced in version 3 to make the previous rigid structure more flexible. A CA can use extensions to issue a certificate only for a specific purpose, e.g., only for web servers. Extensions can be “critical” or “non-critical”. Non-critical extensions can be ignored, while critical extensions must be applied and a certificate will be rejected if the system does not recognise a critical extension.
  • Certificate signing algorithm. There are multitude of secure algorithms in use: RSA, DSA, ECC, etc.
  • Certificate signature: the value of the signature. For those experts in cryptography, this value corresponds to the result of encrypting the hash of the certificate’s information with the CA’s private key. This signature makes it possible to verify that the public key appearing in the certificate actually belongs to the certificate holder, because this is certified by the certification authority.

In short, a digital certificate is a guarantee from an authority that a public key belongs to a given person (natural or legal). How much can you trust their word? Let’s see.

Not All Certificates Were Created with The Same Level of Trust

The main task of a certificate authority is to validate the identity of the entity requesting a certificate. And not all certificates offer the same degree of trust in the identity of the certificate holder, because the validation process can vary greatly from one type of certificate to another.

There are three levels of validation for websites:

  • Domain Validation: Domain Validation (DV) certificates represent the lowest level of validation, as the CA only verifies that the certificate holder owns the domain for which the certificate is requested and that the domain is registered in Whois. Domain ownership is typically verified through a confirmation email sent to an address in that domain. If the recipient follows the link in the email, the certificate is issued. The issuance of DV certificates is fully automated and can be very fast. The duration depends mostly on how quickly the confirmation email is responded to. They do not include the name of the entity holding the domain, only the domain name. For example, Let’s Encrypt certificates belong to this category. What guarantees do they provide about the identity of the domain holder? None! A website with a DV certificate is secure in the sense of protecting confidentiality, but it does not guarantee the identity of the site at all. You know that your data is encrypted, but you have no idea who you are sending it to. They are ideal for websites for individuals, SMEs, blogs, forums, with no intention of offering paid services and without dealing with personal data.
  • Organisation validation: Validated organisation certificates (OV) require verification of the identity of the domain holder. The practices for validating the identity of the applicant vary drastically from one certification authority to another, with great inconsistency and diversity of guarantees, although all require the submission of some official document to verify the domain, VAT number, telephone number, physical address and some other requirement. The process can take from one to three working days. The name of the organisation is included in the content of the certificate. These certificates are suitable for institutions and companies that want a strong Internet presence, but do not offer transactional services via the web.
  • Extended Validation: Extended Validation (EV) certificates offer the highest degree of trust. They also require verification of identity and authenticity, but with very strict requirements. They were introduced to solve the inconsistency of OV certificates. They require even more documentation than OV certificates to reliably verify the applicant’s identity and business operations. They also include on the certificate the name of the organisation to which it has been issued and even the organisation is visible when clicking on the small padlock, without the need to dig into the details of the certificate, making it easier for visitors on your website to verify your identity. It is best suited for websites that offer services involving financial transactions. It is typically used by banks, large organisations and reputable online shops. Due to the controls in place, it usually takes 5 to 15 days to obtain an EV certificate.

It is important to note that they all offer the same cryptographic strength: 256 bits of symmetric encryption and 2,048 bits of public key encryption. The difference between them does not lie in the cryptography, which is identical for all of them, but in the validation processes, which are more or less strict and which offer more or less guarantees about the identity of the person (natural or legal) behind a website.

Cryptography Works Wonderfully, it is the Processes That Fail

In short, for a public key infrastructure (PKI) to work, certificate authorities must do a good job, among other critical tasks, verifying the identity of certificate applicants. If this validation is not executed correctly, cryptography only works to ensure confidentiality: the data communicated between the web server and your browser travels encrypted, yes, no attacker can get hold of it, but who are you sending it to, who are you receiving it from.

This question can only be answered by the information in the website’s certificate. And here, unfortunately, mathematics has little to add as it is the ACs’ mission. This is why incidents such as the recent one with Camerfirma occur: Google questioned the good practices of this certification authority. It is not cryptography that is being questioned, but identity validation processes.

In the end, cyber security is a balanced combination of technology, processes and people. In cryptography you can trust, but in the rest…

Was there life of Mars? How AI is helping us find the answer

Patrick Buckley    10 March, 2021

On July 30th 2020, the Atlas V-541 rocket, carrying the Perseverance rover launched from the Cape Canaveral Air Force Station, Florida. Six and a half months later, on February the 18th2021, the rover touched down on the surface of Mars. This marked the arrival of the most sophisticated exploration vehicle to ever land on the planet.

The rover is equipped with a variety of instruments designed to detect and monitor signs of life. In today’s post, we consider some of the applications of Artificial Intelligence (AI) in helping us to better understand insights generated by exploration strategies. This all brings us closer finally answering the question –was there ever life on mars?

AI driven advancements in sampling

One of the many technological upgrades on the Perseverance rover is the  Planetary Instrument for X-ray Lithochemistry, or PIXL device. This small device is equipped with X-ray technology which scans for interesting chemical matter embedded under the surface or within rocks on the planet. These chemicals may indicate evidence of fossilised ancient life.

Using this technology, the rover can better assess the chemical properties of potential samples in order to identify the best, most interesting matter before excavation takes place.  

The Perseverance Rover also features a robotic arm equipped with a drill which is deigned to excavate material from within rocks. Once this has taken place, samples are then deposited on the surface of Mars in metal tubes. Only the most ‘chemically interesting’ samples will then be sent to earth during a future mission for further analysis.

AI plays an important role in both the X-ray and drilling processes.  In order for the X-Ray take place, the rover must first navigate itself towards interesting rock or sediment types. Camera and laser technology works together in tandem with AI to locate and remember these spots. This allows the rover to return at night, when temperatures are more stable to undergo these X-ray examinations. Due to the high fluctuations in daily temperatures on Mars, only at night can the rover collect accurate data.

An established AI application

The prospect of there being Ancient life on mars is nothing new. Since 2005 satellites such as the Mars Reconnaissance Satellite have been sending back images of craters that seem to indicate life. For example, craters with an apparent inflow and outflow channel indicate the ancient presence of a body of water. 

Images from the Mars Reconnaissance Satellite

The issue that scientists are therefore presented with is locating images of such craters within an enormous data stock. The Reconnaissance Satellite has 3 cameras which have collected hundreds of thousands of images over the last 16 years.

Lately NASA has trained an algorithm to sort through this massive image bank. After having fed the algorithm samples of 7,000 crater and non-crater images , AI can now accurately detect the existence of craters which may one day have supported life. With this information, scientises can better identify specific geographic areas on the planet appropriate for further examination, whether that be by the Perseverance Rover or as part of a future mission.

Final thoughts

AI has become a fundamental part of Mars exploration. It allows research processes to be carried out far more efficiently than before, allowing for more accurate and frequent insights that bring us closer to understanding potential patterns of ancient life on the planet. This technology will therefore become more integrated and useful in the exploration of Mars in the coming years and decades. 

To keep up to date with LUCA visit our website, subscribe to LUCA Data Speaks or follow us on TwitterLinkedIn or YouTube 

The New Digital Workforce and The Risks Around Robotics Process Automation (RPA)

Martiniano Mallavibarrena    9 March, 2021

In recent years, many companies in different sectors have chosen to base their digital transformation on RPA – Robot Process Automation, which has facilitated the creation of hundreds of thousands of bots (software robots) in the technology environments of thousands of companies globally. This small army of automation routinely interacts with employees to form a new “digital workforce”.

These automations, known as bots, are usually a modern and agile version of complex, multi-system scripts and will therefore be able to process spreadsheets, download attachments from mailboxes, plan processes or balance accounting reports. People involved in business processes can now (with very light training and many utilities) program powerful bots outside the IT department or external providers. This is the so-called low code approach.

In recent years, the RPA sector has added various AI-related tools to its software suites. With this reinforcement, we will avoid writing complex computer programs and use approaches such as Machine Learning so that the system is trained (e.g., detecting fields in all types of invoices, in any language) and continues to learn over time. To this improvement, we would like to add some NLP (Neuro-Linguistic Programming) type function that allows us to have a first level of understanding of text information (e-mail messages or customer chats) in multiple languages.

All this firepower is a reality in thousands of companies where financial processes and insurance companies make up the majority of digital employees. Industrial, logistics or telecommunications companies have been using this technology intensively for several years now as well.

From a cyber security point of view, RPA scenarios can be a new focus of attacks of various kinds. The various manufacturers of these platforms provide bot creators with all possible functionalities in terms of data encryption, authentication, use of external business identity platforms, etc. This enables the creation of process robotics platforms that are truly robust in terms of security.

Types of Attacks Against RPAs

The most likely attacks to be attempted in an RPA deployment will typically involve authentication, especially when the environment is complex (federation, MFA, 2FA, etc.) and attacks on the central consoles (where the system log, authorisations, credential chests, etc. will be stored). We must remember that bots interacting with our business systems will need sets of credentials analogous to those used by human employees.

A second attack vector will be related to source code and the potential weaknesses of the usual ecosystem of in-house developers, service companies, subcontractors, etc. If we do not maximise secure development measures (a DevSecOps-type framework, for example) and maximise best practices (such as the use of credential chests, instead of clear passwords) or external authentication systems (for accounts with higher privileges), we will unintentionally create a large attack surface for our adversaries.

Training systems and other AI functions should be reviewed following these best practices to avoid allowing vulnerabilities in the final systems we put into production.

The major cyber security frameworks (such as the NIST framework in the United States) can be applied to review the entire collection of controls that we will need to take into consideration when developing our specific RPA solution.

In a company with a mixed workforce (human employees and software robots), the level of constant monitoring and cyber security governance cannot overlook these new “digital employees” and all the technology that keeps them active. They, like us, will be logging into systems, creating and using files with sensitive information and acting directly on our business platforms (ERP, CRM, etc.) possibly on a 24/7 basis. If these platforms are vulnerable and offer a large attack surface, a new generation of cyber security risks will start to appear on every CISO’s agenda.

Therefore, our current approach to cyber security must gradually prepare to include such platforms, processes and activity in its coverage. It will soon be part of our daily reality and we must be prepared for it.

#LadyHacker 2021, IT’S HERE!

ElevenPaths    8 March, 2021

If you’ve never heard of #LadyHacker you’re probably wondering what this hashtag is or what it means. Don’t get it wrong, #LadyHacker is not a hashtag, it’s an initiative that we at Telefónica want to take to every place on this planet to give women and technology the visibility and importance they really deserve. Welcome to #LadyHacker 2021.

This initiative aims to become an international project that will strengthen and enhance the potential of girls and women to study and train for whatever they want, and to climb to the top of their careers.

Leaving aside current social stereotypes, we are going to present, through a series of videos, real situations about women, hackers and technological professions, to show that anyone, women or men, can work in technical professions and more with the current demand that the digital transformation is generating.

Dreams and aspirations do not understand about gender and, therefore, promoting and betting on a greater presence of the female role in working environments and STEM careers focused on technology is the objective of this initiative that we promote from Telefónica Tech.

It has been four years since Telefónica decided to support this social reality through #LadyHacker. The initiative arose as a necessity when observing the conclusions of various studies which concluded that from the age of 15 onwards girls lost their interest in science and technology for no reason at all. And therefore, they decided to dedicate themselves to careers in health and education, or the ones centred on the arts.

In order to stop this loss #LadyHacker was born with the specific objective of promoting the community of women scientists in the company to create references for the youngest ones and make them not lose interest in these technological careers.  

In order to create technology, all you have to do is have the desire and the passion. Our differences are set aside when it comes to talent and potential.

This is the main reason that has led #LadyHacker 2021 to become a global initiative that seeks to bring together both genders in a common path: inclusion in the technological world.

A long-distance race that we will build together with our #LadyHacker members because there is room for everyone in the hacker world. More information on: https://mujereshacker.telefonica.com/

Cyber Security Weekly Briefing 27 February – 5 March

ElevenPaths    5 March, 2021

HAFNIUM attacks Microsoft Exchange servers with 0-day exploits

Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013, 2016 and 2019); Exchange Online is not affected by these vulnerabilities. In particular, the exploited vulnerabilities were the following: CVE-2021-26855 CVSS v3 9.1, CVE-2021-26857 / 26858 / 27065 CVSS v3 7.8. The flaws were fixed yesterday by Microsoft in an emergency security update. In the attacks observed by Microsoft and the security firm Volexity, the HAFNIUM group, believed to be supported by the Chinese state, exploited these vulnerabilities to gain access to Exchange servers, gaining access to mail accounts and allowing the installation of malware for persistence. After exploiting these vulnerabilities, HAFNIUM operators would have proceeded to deploy web shells on the compromised servers to steal data, upload or download files and execute commands.

More info: https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

Google fixes second 0-day in Chrome this year

Yesterday, 2nd March, Google released Chrome version 89.0.4389.72 for Windows, Mac and Linux, which will be progressively implemented to the user base over the next few days. This update includes fixes for 47 security flaws in total, one of which is a high-risk 0-day that affects the lifecycle of objects in an audio. The vulnerability was reported in mid-February by Microsoft team and has been designated with the CVE-2021-21166 identifier. Although the existence of an exploit for this vulnerability has been indicated, for the time being, and as it is usual for Google, no further details have been provided on its exploitation in order to ensure the security of the user base. The patching of this new vulnerability in Chrome comes after Google fixed another 0-day vulnerability in February that could be exploited by attackers to execute arbitrary code on systems running previous versions of Chrome. Such vulnerabilities have been exploited in a number of attacks, including the campaign against cybersecurity researchers in late January.

All the details: https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html

Supply chain compromise update: new artefacts

Microsoft has discovered new malware families on the systems of victims of the Solarwinds compromise and has named the sophisticated group behind the attack as Nobelium. GoldMax, Sibot and GoldFinder are the three new variants detected, which were used by Nobelium in the second phase of deployment after using Teardrop to move laterally. Despite being observed between August and September, they are believed to have been deployed on compromised Solarwinds customers’ systems as early as June 2020. Microsoft claims that these new variants were used to maintain persistence and perform very specific and targeted actions after the initial compromise, even evading detection during incident response. Additionally, FireEye has also published information about a new backdoor deployed in the second phase of an organisation compromised by the Solarwinds attackers. This new malware has been named Sunshuttle and is also reportedly associated with the UNC2452 group (Nobelium, SolarStorm, StellarPaarticle or Dark Halo). Although Microsoft and FireEye have not linked these families, it seems to be the same malware as they share functionalities and C2.

More info: https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/

Supermicro and Pulse Secure release TrickBoot updates

Supermicro and Pulse Secure have issued warnings about a vulnerability in their base plates against the UEFI firmware infection module of the TrickBot malware, known as “TrickBoot”. This firmware vulnerability was discovered last year by Advanced Intelligence and Eclypsium. A device is vulnerable when the UEFI firmware has write protection disabled or misconfigured, which gives the malware the ability to read, modify and even erase the firmware itself. This would expose the computer to malicious activities such as device locking, circumvention of operating system security controls or system reboots, even after a complete reinstallation. This malicious code implanted in the firmware (bootkits) is invisible to any security solution operating on the operating system as it is loaded early in the boot sequence of the device. Supermicro has announced that its X10 UP base plates are vulnerable to this attack, and has released the critical BIOS 3.4 update to enable write protection. Pulse Secure has also released a BIOS update for devices running Pulse Connect Secure or Pulse Policy Secure, for the same reason.

Learn more: https://www.bleepingcomputer.com/news/security/supermicro-pulse-secure-release-fixes-for-trickboot-attacks/