The Whole Of The Cyberthreat In A Single Tweet (Scribd.com)

According to ReadWriteWeb, Raffi Krikorian, a developer for Twitter, posted a complete version of a single "tweet", or 140 character Twitter message, this weekend on Scribd.com.

You can see the results for yourselves below:

map-of-a-tweet

In addition to the 140 (or less) characters in a tweet, this map shows all of the metadata thrown off by each and every post.

Some of this stuff is harmless but it is surprising how little metadata it takes to uniquely identify a particular computer. Don't believe me? Check out Panopticlick. Based on their fairly clever method, it only takes about 33 bits of data to uniquely ID a computer.

Note, I said ID the computer, not the user behind it. Likewise, knowing which 33 bits of data one needs to hide or dirty up helps the bad guys hide themselves and makes it difficult if not impossible to determine attribution by technical means alone.

More importantly, it leaves the rest of us, who do not know how much personal and identifying data we are providing, at the mercy if those who do. "Those who do" doesn't just include criminals either. It includes corporations and governments as well.

What to do about all of this is beyond me (though I think Jeff Carr at IntelFusion does some of the best thinking on the subject) but it is charts like this one that, for me, highlight the importance of this issue.

Must Read Report On Recent Cyberwar Attacks (GreyLogic.com)

Jeff Carr (who blogs at IntelFusion and runs GreyLogic) released his most recent report on the evolving state of cyberwar late last week and it is a good one.

Focused primarily on three recent attacks, the report contains well-written, clear, evidence-based findings. Jeff's report goes beyond just the technical findings, however, and pulls the strings together in a way that will be of high interest to the non-technical reader as well.

This is part 2 of the Grey Goose Project which uses an "open innovation intelligence model focusing on identifing and tracking Non-state hackers and the companies and governments that support them."

Non-governmental versions of both Part 1 and 2 of the Grey Goose Report are available online. The non-gvernmental versions focus on the findings and conclusions derived therefrom. The governmental versions contain much more of the concrete evidence on which those findings/conclusions are based. The Government version can be requested via e-mail from a government e-mail account. Jeff indicated that it will also be available on A-Space and Intellipedia.

(Full Disclosure: Jeff was kind enough to send an early copy of both reports for me to review prior to publication. I received no pay or compensation of any kind for providing feedback. I have no formal relationship with GreyLogic or Intelfusion other than Jeff's a friend and we both blog about the same kind of stuff.

Bottomline: The reports were good when I got them and Jeff has only made them better since.)

OSINT Product On Russian Hackers And The Georgia Crisis Out Tomorrow! (Intelfusion)

The Grey Goose is about to fly! Nope, this is not an obscure quote from a numbers station; its a real product.

About 2 months ago, Jeff Carr over at Intelfusion set out to put together an OSINT team to take a look at Russian hackers and how they supported (or not) the Russian war effort in Georgia. Specifically, they sought to conduct "analysis of Russian hacker blogs in an effort to uncover connections that may not be readily apparent."

Jeff releases his initial round of results tomorrow. If you are interested in a copy, check out his post here for the instructions.

IntelFusion Remixes Peterson's Table Of Analytic Confidence Assessment (IntelFusion)

Jeff Carr over at IntelFusion has added his own twist to Josh Peterson's recent work on analytic confidence. Jeff's remix is a good visualization (see below) of what Josh was getting at in his thesis. See the full post here and the IntelFusion main page here.

China In The Year 2020: Three Political Scenarios (Black Swan Forum)

Jeff Carr over at IntelFusion is sponsoring a web conference through his Black Swan Forum on the future of China featuring Cheng Li, Senior Fellow at the John L. Thornton China Center of the Brookings Institution on March 3 from 1300-1400 PST. You will have to drop Jeff a note at the Black Swan Forum (email address in the flyer below) to get a login but he is willing to open the conference up to anyone who meets the criteria he outlines.

(A note about the embed below: I am testing a new service name Issuu.com to embed pdfs into blogs. Obviously, it would be a better example if this pdf had multiple pages but the process of using Issuu.com to upload a pdf and make it immediately available to readers is very easy and, hopefully, compelling. If you have any comments on the user experience, don't hesitate to leave them)