All Posts By

avery@greymarketlabs.com

The New Battlefront 101: Introduction

By | Cyber Warfare, Risk and Liability | No Comments

Battles and wars were previously fought head-on, on a physical battlefield, but now we are seeing a transition in how and where battles are fought. These battles are now fought in the digital and physical worlds. This way of fighting will become the new normal, especially when developed countries are at the forefront. In this article, we will cover what cyber attacks are, how they happen, and what you can do to protect information.  We will also cover information warfare and how information can be used to change public perspective.

More cyber attacks are being announced and everyday sensitive, proprietary, and vulnerable information is at risk. Recently, Microsoft had partial source code pertaining to Bing and Cortana stolen as part of a cyber attack. The White House also just warned about possible plans by the Russian government to target critical American infrastructure and released a best practices fact sheet for institutions and individuals to refer to in order to protect themselves.

Cyber attacks aren’t the only type of digital warfare that people need to be concerned about. Information warfare has profoundly and permanently changed how wars are fought. People are using the internet during almost every waking moment of their lives. Every time they actively access the internet (to check the weather, access Instagram, transfer money, etc.), they are being bombarded by information. Additionally, people are having their information collected whenever they access the internet, including passively by their installed apps collecting data from phones at all times. That information is then distributed to data actors who sell or act on the collected personal information.

Cyber Attacks

Anyone can be a victim of cyber attacks, and they are common as ever now. Personal information, account information, and anything posted online is at risk for a cyber attack. These cyber attacks aim to disable, disrupt, destroy, or control computer systems or to alter, block, delete, manipulate or steal the data held within systems and accounts. Every major company or government in the world has had some sort of cyber attack. Those attacks can result in breaches of information or systems being shut down. Below are some of the most common types[2]:

  • Malwareis malicious software, including spyware, ransomware, viruses, and worms. Malware breaches a network through a vulnerability, typically when a user clicks a dangerous link or email attachment that then installs risky software.
  • Phishingis a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message and providing personal or sensitive information.
  • Man-in-the-middle(MitM) attacks, also known as eavesdropping attacks, occur when attackers insert themselves into a two-party transaction.  The goal of an attack is to steal personal information, such as login credentials, account details and credit card numbers.
  • denial-of-serviceattack floods systems, servers, or networks with traffic to exhaust resources and bandwidth. As a result, the system is unable to fulfill legitimate requests.
  • Structured Query Language (SQL)injection occurs when an attacker inserts malicious code into a database that uses SQL and forces the server to reveal information it usually would not.
  • zero-day exploitis an unknown exploit that exposes a vulnerability in software or hardware and can create complicated problems well before anyone realizes something is wrong.
  • DNS tunnelingis a method of cyber attack that encodes the data of other programs or protocols in DNS queries and responses. DNS tunneling often includes data payloads that can be added to an attacked DNS server and used to control a remote server and applications.

Since cyber attacks are inevitable, people, institutions, and governments must decide how they want to respond to these attacks’ risks. The different risk mitigation strategies for cyber threats are Mitigate, Avoid, Transfer, Accept, and Escalate a Risk. To mitigate risk is to do something to reduce the impact or the probability of a threat. Organizations can avoid risk by choosing different products, adding additional security to their information, can hire additional resources, adopting different technical solutions, or changing project scope. Transferring risk puts the risk on another party, typically by outsourcing that operation to another organization. So, the new organization is responsible for the risks. When organizations decide to accept the risk, they decide that risk is an acceptable risk and will not take any actions to mitigate the risk.

Cyber attacks can threaten someone’s way of life. Still, the risks and chance of attacks decrease dramatically through proper education and preparation. The government, private companies, and nonprofits all share ways to protect yourself, such as Cybersecurity & Infrastructure Security Agency, FireEye, and “No More Ransom”.

Information Warfare

Information has been the maker and breaker of wars, as generals relied heavily on information gathering about opposing forces when making their battle plans. George Washington credits his spies and information gathering as a key reason for defeating the British. It’s no different today on the cyber battlefield. The advent of the internet in the mid-1980s has restructured the landscape of information sharing, availability, gathering, and dissemination. However, just because all this information is out there doesn’t mean that this information is good. The saying that “a lie can travel around the world and back again while the truth is lacing up its boots” was true when Mark Twain said it and still is today.

Misinformation (Fake news, fabricated images, and clickbait articles) are spread faster and further than researched-backed information. Facebook has been fighting a losing battle with falsified information, and everyone has seen that information on their feed. For example, 49% of adults in the United States shared information online, which they later found was made up[1]. People often don’t even know that they shared information was incorrect until after the fact. Still, by the time they realize the information has already been circulated to their connections. However, in the same survey, 10% of those adults admitted to sharing information online that they knew was false which introduces a new problem of disinformation – the practice of knowingly spreading false information.

False information creates worlds of problems, but just the ability to access information and the promotion of information is another tactic used in information operations or information warfare (aka IW). GAO.gov defines Information Warfare as the use of information-related capabilities during military operations to influence, disrupt, corrupt, or usurp the decision making of adversaries and potential adversaries while protecting our own. Propaganda is one example and has been used for centuries to spread information to different groups that may not have access to that information. While propaganda itself has a bad connotation, it can be beneficial and involves many different ways of sharing information. Propaganda can be written, musical, or visual and plays upon and channels complex human emotions towards a desired goal. The Uncle Sam poster is the symbol of American patriotism starting in World War I and We can do it! poster became a symbol for female workers’ morale in World War II.

Misinformation, disinformation, and propaganda all have their place on the cyber battlefield. They all rely on the spreading of information to influence public opinions and alter outcomes of diplomacy, negotiations, and all out conflict.

 

***The next article in The New Battlefront 101 series will  discuss how cyber attacks on governments effect everyone.

___________________________________________________________________________________

Grey Market Labs® is a Certified B-Corp founded with the mission to protect life online. Our Replica™ platform orchestrates, automates, and secures Environments-as-a-Service, making organizations more protected with our patented privacy and Zero Trust architecture and more productive by increasing access to critical data, tools, and workflows simply, on-demand, anywhere. Replica™ support of dozens of use cases that span industries: from disrupting fraud on the dark web, to supporting military operations, combatting human trafficking, and enabling trusted data sharing in healthcare. 

Grey Market Labs® is the first cybersecurity product company recognized as a Certified B-Corp organization.

Contact us to see how we can work together.

Zero-Trust Principles: Best Practices Refined

By | Data Privacy, Data Protection, Risk and Liability | No Comments

The Office of Management and Budget released a memo outlining the Federal Government’s strategy for implementing a zero-trust architecture (ZTA) across their technology footprint. This memo is part of a broader effort to modernize US cybersecurity in the wake of a string of high-profile attacks on the US and US companies.

While some of the requirements in the memo are already commonplace security policies, there are a few guidelines in the memo that might be a dramatic change from the strategy some organizations are currently employing. Here’s our summary of some of the new guidelines we think you shouldn’t miss:

  1. Authenticate users to applications, not to networks. It’s no longer good enough to lean on perimeter security to trust that traffic on your network is trustworthy. Single-sign-on solutions are mature and widely supported – use them for every application!
  2. Use multi-factor authentication (MFA), but don’t use one-time passcodes, SMS passcodes, or push notification prompts. These are susceptible to phishing attacks. Use a solution that is resistant to phishing, like FIDO2, WebAuthn, or PIV.
  3. Stop requiring that users regularly change passwords or use special characters. While this once was considered best practice, it is now known to decrease security because it leads to password reuse (and credential-stuffing attacks) or unsafe storage practices.
  4. Consider eliminating passwords entirely! It is possible to have multi-factor authentication without one of the factors being a password. It’s more convenient for your users, and a password isn’t adding much security if your users are reusing it across multiple sites and it ends up in a password breach.
  5. Encrypt all HTTP, DNS, and email traffic, even on internal networks. It’s not uncommon to see these unencrypted on many networks, but these all carry sensitive information, and leaving them in plaintext leads to an increased attack surface.
  6. Isolate environments and assign access with granular attribute-based access control, rather than giving role-based access to users or enhanced visibility by default.
  7. Have a process in place to take security vulnerability reports from the general public, and respond to them promptly.

___________________________________________________________________________________

Grey Market Labs is a Certified B-Corp founded with the mission to protect digital life. We build revolutionary software including Replica and hardware products, and partner with like-minded industry leaders, to create a future with “secure-environments-as-a-service”.

Contact us to see how we can work together.

Grey Market Labs Earns B Corp Certification

By | Company News | No Comments

Furthering its Mission as a Public Benefit Corp. to Enhance Security and Privacy for All

Arlington, VA, January 18, 2022 – Grey Market Labs, a leading cybersecurity research and development and product company, is excited to announce that it has officially become a Certified B Corporation. Grey Market Labs is the first cybersecurity product company to receive a B Corp Certification. This is the latest recognition as Grey Market Labs continues to change the landscape of privacy, security, and virtual computing to enable enterprise customers with automation, observability, and patented activity privacy protections. 

“We are thrilled to be recognized as a Certified B Corp,” said Grey Market Labs’ CEO Kristopher Schroeder. “Grey Market Labs launched as a Public Benefit Corporation for just this purpose – to create a fundamentally different cyber company; one with the ability to protect customer privacy while still being a commercial success. B Corp status is a great recognition that we are accomplishing the goals we set out to achieve.” 

To be certified as a B Corp (B stands for “Benefit”), a company must undergo a rigorous assessment of its business practices and meet the highest standards of social and environmental performance in addition to expanding its corporate responsibilities to include the interests of various stakeholders. The certification process is conducted by B Lab, a nonprofit organization that measures how a company treats workers, suppliers, environment, and the community.

For more than four years, Grey Market Labs has successfully delivered elite automation and cyber products to Fortune 500 and public organizations, providing SaaS (Software as a Service) automation for secure environments, and enabling important work such as fraud investigations, combatting disinformation, offensive and defensive cyber operations, real-time trusted data sharing and more. 

Grey Market Labs is widely recognized by government agencies and large-scale corporations as a partner that delivers proven and effective solutions to complex challenges surrounding privacy, cloud, and data protection. This recognition is the result of experience gained in intelligence operations and corporate cybersecurity. This unique background enables a deeper understanding of the challenges that modern agencies and enterprises face in staying protected and private as they work.

Grey Market Labs has recently launched Replica, a patented Secure Environments-as-a-Service (SEaaS) solution. Replica enables digital privacy, Zero Trust and secure two-way collaboration from the office, to the edge and beyond. This on-demand, scalable SEaaS product is the latest advancement in the public benefit mission to “protect digital privacy” and engineered to fundamentally change how work is done and how data stays private.

Now as a certified B Corporation, we will continue to make work more productive and protected for everyone. 

We are thrilled to be joining a global community of leaders who are using business as a force for good in the world. We hope to inspire and work with other leaders to do the same.

For more information about Grey Market Labs visit ReplicaCyber.com.

___________________________________________________________________________________

Grey Market Labs is a Certified B-Corp founded with the mission to protect digital life. We build revolutionary software including Replica and hardware products, and partner with like-minded industry leaders, to create a future with “secure-environments-as-a-service”.

Contact us to see how we can work together.

Multi-cloud by Design, or You Fail

By | Information Security, Risk and Liability | No Comments

A scaling issue took out huge swaths of AWS last week. In the same week, the Log4j exploit required 84 updates from Amazon across dozens of their major AWS services. Every major software company has issued emergency patches and will be cleaning up the aftermath from this pervasive vulnerability for months, if not years. That is a problem, and the blame is only slightly on the Apache developers having a flaw in their software. Flaws and errors are going to happen, forever, even when DevSecOps is fully adopted. People make mistakes.

The problem here is the oversized impact of these flaws on companies that rely on AWS for critical and core aspects of their business. The weakness in most cloud strategies has been in the adoption of a single cloud platform or provider. Even when an organization uses multiple providers, their cloud hosted data and applications are not designed to fail over to another cloud, they just fail. Redundancy within a cloud system is great but a single point of failure, no matter how large or backed up, is still a single point of failure.

First, adopt new technology with a mandate to be multi- or hybrid-cloud. Demand failovers, at least for critical users and processes. If you can afford it, make sure data availability is part of that multi-cloud strategy.

Second, leadership needs to get on board and stop putting irrational constraints or mandates on the use of cloud resources and Zero Trust architecture. Yes, demand transparency, observability, and the data to support it but stop forcing your organization to use Azure because, “the CEO signed a memorandum.” Agreements like that put corporate privacy and security in jeopardy.

Third, get educated on the topics and know your options. Seek out companies that give you multi-cloud, reduce your IT costs, and at the same time, increase your Privacy and Security. Ask for responsiveness and partnership from your software vendors to understand their deployment strategy, dependencies and Software Bill of Materials.

And finally, get every last log4j instance patched across your organization. Reach out if you need us, we are here to help. https://www.replicacyber.com

___________________________________________________________________________________

Grey Market Labs is a Certified B-Corp founded with the mission to protect digital life. We build revolutionary software including Replica and hardware products, and partner with like-minded industry leaders, to create a future with “secure-environments-as-a-service”.

Contact us to see how we can work together.

Christmas Cookies

By | Data Privacy, Information Security | No Comments

Ho! Ho! Ho! It’s that time of year again, and old Saint Nick is back to deliver toys and sample tasty cookies left for him on his travels across the globe. With so many homes to visit, there are a lot of cookies waiting for him of all shapes, sizes, and flavors. Fortunately, Nicholas is impervious to viruses like Covid-19, so he has no qualms gobbling down the many treats he finds along his journey. It’s no secret to him that there have been lively debates in online forums for many years now discussing how in the world he could possibly make the journey to so many homes in just one night (and eat so many cookies). However, neither the jolly, old Saint nor his most technically savvy elves know that there have been plans brewing on the dark web to gather data to determine when and where Santa makes his deliveries.

A lively debate begins to brew in one online forum of #NorthPoleTruthSeekers.

ElfSlayer1225: NORAD’s Santa Tracker is a hoax perpetrated by the Big Toy Industry

FrostyFanatic: How can you be sure? Surely if NORAD can detect ballistic missiles, it has the capability to track flying reindeer pulling a sleigh through the skies!

AnonymousThere has to be a way to figure this out

FrostyFanatic: Well, how could we possibly even find this so-called Santa if he could be anywhere in the world at any time on Christmas Eve? It’s like Heisenberg’s uncertainty principle; the moment you try to determine where he is, you don’t know when he is, or vice-versa. I dunno, the whole thing makes my head spin.

ElfOnShelf 🧝🏽: I’ve been following this forum for a while now but never felt a need to contribute given all the half-baked conspiracy theories folks like ElfSlayer1225 love to espouse

ElfSlayer1225: 😠 Great, we’ve got a troll on here. The truth is out there, you’ll see! Say that again and I’ll rip you off that shelf 🗡️ elfie!!

ElfOnShelf: 🧝🏽: Look, no offense, I’ve actually got an idea and I need everyone’s help.

Dasher16: Ohh, not a reindeer trap, I hope

ElfOnShelf 🧝🏽: No of course not… no animals will be injured in this experiment

ElfOnShelf 🧝🏽: Here’s what I propose. I’ve actually been tinkering with this for a whileYou know how Santa loves those cookies sitting out for him every year. He scarfs them all down at every house he delivers presents. How he does it, I have no idea. And somehow he deactivates any cameras or recording equipment so we never see it happen nor can we pinpoint the time of his arrival. Trust me, I’ve tried. I’m not called ElfOnShelf for nothing!

FrostyFanatic: Haha, so how can we help?

ElfOnShelf 🧝🏽: Ok, so do you know how tracking cookies work in a web browser because my idea kind of goes something like that? When you go to visit a website, it will store information on your computer called cookies which allow it to basically identify you on subsequent visits and monitor your behavior over time. There are many other advanced methods of attribution as well but I digress. Now only the site you’re visiting can see that cookie data when you go to it, but sometimes these sites also use 3rd party services like Google and Facebook to track your behavior on their site. And since most sites use these trackers, those 3rd party services can then see the flow of your traffic across many pages on the web and begin to build a map of where you’ve been and when…

Dasher16: I think I see where you’re going here, we’re going to follow the reindeer droppings so to speak 💩

FrostyFanatic: Or the cookie crumbs, hehe

ElfOnShelf 🧝🏽: errr, yeah something like that…. Anyway, imagine now that instead of browser cookies we put real trackers in the cookies left for Santa! I’ve found a programmable nanochip that can be exposed to liquids and extreme temperatures. Perfect for baking into your favorite cookie recipe. Before you know it, Santa will be loaded with them. They’re super cheap and all you have to do is order them from this site and then download my open-source code to program them with you’re unique location data. Once swallowed the nanochips will record the time and voila, we have the information we need!

ElfSlayer1225: Alright, maybe you’re on to something here but you’re missing something too. How are you going to actually get the data off the chips?

ElfOnShelf 🧝🏽: good question, so unlike when a person visits a website, we can’t just record the visit on our server. We need a way to read the chips. Fortunately, the chips work on a short-range Bluetooth connection. And since we know that Santa will visit every home to deliver presents, then each time he visits a home and he has some trackers in his belly, we can scan the chips and get a status on each place he visited and when. Plus! We’ll get the data of when the scan took place to cross-reference it against the other data. So, each one of you will also need to turn on Bluetooth on your mobile or computer and run my other open-source software that will scan and aggregate that data to this forum in real-time so we can see the results. With this we can compare to NORAD’s data and see if NORAD really is a hoax!

ElfSlayer1225: NORAD is a hoax! Send me one of those chips ASAP, can’t wait to prove it! So, what are you going to do with the data once you have it?

ElfOnShelf 🧝🏽: Sell it to BIG Toy! Cha-ching! 💰

And thus, the commercialization of Christmas was finally complete thanks to the always watching eye of an elf on a shelf and a little help from the North Pole Truth Seekers. For the price of accepting a few “harmless” cookies Santa had unwittingly sold himself out. ElfOnShelf sold Santa’s secrets to the highest paying data brokers and lived happily ever after with a private island in the Caribbean.

___________________________________________________________________________________

Grey Market Labs is a Certified B-Corp founded with the mission to protect digital life. We build revolutionary software including Replica and hardware products, and partner with like-minded industry leaders, to create a future with “secure-environments-as-a-service”.

Contact us to see how we can work together.

Grey Market Labs Launches Replica, Secure Environments-as-a-Service that Fully Enable Digital Privacy for the Enterprise

By | Company News | No Comments

The Replica Platform enables secure access, privacy and productivity from anywhere for cyber investigations, executive protection, secure enclaves  and isolated collaboration.

 

Grey Market Labs, a leading cybersecurity company announced the launch of its Replica platform. Replica delivers Secure Environments-as-a-Service that fully enable digital privacy, reduce risk and fundamentally change how work gets done online. 

Replica fuses patented technology, intelligence tradecraft and Zero Trust architecture to create realistic profiles consisting of virtual hardware, operating systems, applications, networks, activity and data layers. Replica goes beyond what a VPN, browser isolation, or Desktops-as-a-Service can do, to create another version – a replica – that feeds trackers and adversaries authentic data, while obscuring and protecting the user’s privacy.

“Replica is the result of more than 20 years of experience in embedded tradecraft and intelligence operations. All of us on the Grey Market engineering team spent decades in offensive and defensive cyber warfare. We built a product that enables the kind of protection, efficiency and secure collaboration we needed then, but designed for the enterprise user of today.” Stated Kristopher Schroeder, Grey Market Labs / Replica CEO. “We’ve made it available as a SaaS product or hosted service so users can connect securely from anywhere, to work freely and confidently knowing their activity remains private.”

Replica’s virtual environments integrate with existing enterprise services like single-sign-on, proxies, data analysis and dashboarding tools. The software’s flexible architecture enables rapid deployments, continuous patching and updates, cloud management, sandboxing and more. In addition, Replica provides a comprehensive data set to allow rich audit and reporting functions and satisfy regulatory, compliance and risk analytics. Obscured from the outside world, while transparent and observable inside your organization.

The Replica product line includes three offerings: Replica Platform is the comprehensive solution for digital privacy for the enterprise. Replica Workspace creates authentic virtual environments for industry-specific uses. Replica Edge enables access and privacy from any device, in any location. ​​Use cases for Replica include threat hunting, investigations and digital forensics, executive protection, secure connectivity in remote or austere environments, protecting employees against malware and phishing, secure collaboration, and more.  

For more information visit ReplicaCyber.com

___________________________________________________________________________________

Grey Market Labs is a Certified B-Corp founded with the social mission to protect life online. We build revolutionary software and hardware products, and partner with like-minded industry leaders, to create a future with “secure-envirnoments-as-a-service”.

Simply: we prevent data from being compromised and protect our customers’ work, online.

Contact us to see how we can work together.

Consumer’s Trust in Data Protection

By | Social Networking | No Comments

The practice of buying Americans’ data has become routine, effectively hollowing out both Carpenter v. United States and privacy safeguards enacted by Congress.  Any company or government can go out and purchase customers’ data that the company has collected.  Just last year, Avast was caught selling their customers’ data for the second time1.  Their customers use their service to protect their information and prevent it from being sold, but Avast decided it was more profitable to sell that data rather than protect it.

Businesses have determined that it is more profitable to sell their customer’s data rather than protect it.  Laws like GDPR and CCPA provide the legal framework for consumer protection but more needs to be done for the business community. We need to expect more from our Technology Providers.  Customer data should be protected and should be at the core of any cybersecurity product.  The monetary value gained from selling customer’s data isn’t worth the trust that is lost once that data has been sold.  As a Public Benefit Corporation, Grey Market Labs believes protecting individual activity and organizational data is the foundation of trustworthy companies. As organizations look for companies to protect them, Public Benefit Corporations should be the first to consider, ensuring your information is kept private.

___________________________________________________________________________________

Grey Market Labs is a Public Benefit Corporation founded with the social mission to protect life online. We build revolutionary software and hardware products, and partner with like-minded industry leaders, to create a future with “privacy-as-a-service”.

Simply: we prevent data from being compromised and protect our customers’ work, online.

Contact us to see how we can work together.

Ransomware Attacks from Critical Infrastructure to Police Departments

By | Data Protection, Information Security, Risk and Liability | No Comments

Ransomware attacks have been growing over the past three years and in just the past 2 weeks have shown how public these attacks have become.  The first attack on Washington DC (Metropolitan) Police resulted in a massive leak of internal information because they did not meet the blackmail demands1.  The second major attack was on the Colonial Pipeline, which shut down the pipeline, resulting in fuel shortages up and down the East Coast.  The Colonial Pipeline operators decided to pay the ransom of 75 Bitcoin or nearly $5 million USD2.  Government organizations can’t pay ransom per longstanding practices, but commercial groups decide to pay or not based almost purely on cost and impact to their bottom line. The latter could encourage more ransomware attacks since they are so lucrative, but there is very little to guarantee that systems or data are completely “released” once ransom payments are made. We need a better way.

Ransomware can infiltrate an organization through hacking or in the ways that a computer virus might spread. Once executed, the ransomware essentially holds your data and systems hostage. It’s rather effective because rather than attempting to steal all your data, it typically will encrypt all your data and make your systems unusable and unreadable until a ransom is paid for the decryption key.

Ransomware with the release of the Executive Order on Improving the Nation’s Cybersecurity has become a top priority of the White House. Previous attacks against police departments have resulted in cases being dropped due to the offices being locked out of their computers3.  Police departments need to protect sensitive data such as background check files by keeping them separate and ensuring that they can recover the data if they are locked out.

It’s impossible to prevent all forms of hacking. Therefore, one must also develop a strategy to mitigate the effects of an attack. As referenced in the recent Executive Order, Zero Trust is a framework that assumes you and your organization has or will be compromised is a tremendous step forward in changing how computing systems are built and how truly resilient they can be. This involves the same strategies one would implement for a disaster recovery plan, which includes taking regular backups of all the data and rebuilding the infrastructure supporting that data in a short amount of time. Isolated Secure Enclaves, provided by Grey Market Labs, are one possible solution to the problem that police departments face when trying to keep information protected, allowing sensitive forensics (e.g., exploitation reviews) to take place on modern technology and providing increased access for officers while increasing the security of all their digital work.

___________________________________________________________________________________

Grey Market Labs is a Public Benefit Corporation founded with the social mission to protect life online. We build revolutionary software and hardware products, and partner with like-minded industry leaders, to create a future with “privacy-as-a-service”.

Simply: we prevent data from being compromised and protect our customers work, online.

Contact us to see how we can work together.

Pattern-of-Life through Electricity Monitoring

By | Data Privacy, Information Security, Risk and Liability | No Comments

Household electricity monitoring provides insight into the usage of electronics in the home. Monitoring can be accomplished through commercial products (e.g. those described here https://www.bobvila.com/articles/best-home-energy-monitor) or through a utility provider’s service (such as the Duke Home Energy Report). These insights can help pinpoint which devices are wasting energy to help the homeowner save money. The analysis of electricity by these products or providers is so in-depth that they extract exact brand information on individual devices based on how much electricity that device is using and the unique electrical signature it produces

This information can also be used for Pattern-of-life analysis to expose the daily activities inside the home – which could be used for anything from targeted advertising to exploiting security weaknesses. It is important for homeowners to be aware of how this data is being used and what rights they have over it in order to make informed decisions when managing risk and participating in politics.

#GREYdient Score: 3/10

___________________________________________________________________________________

Grey Market Labs is a Public Benefit Corporation founded with the social mission to protect life online. We build revolutionary software and hardware products, and partner with like-minded industry leaders, to create a future with “privacy-as-a-service”.

Simply: we prevent data from being compromised and protect our customers work, online.

Contact us to see how we can work together.

Protecting Investigators

By | Data Privacy, Data Protection | No Comments

Private, federal, and state investigators are increasing their online presence because more of their work is going online.  For the most part, investigators are not trained in cybersecurity practices.  So, when they are online looking for criminals, there is a high chance that those same criminals are looking back at them.  This puts their organization, investigation, friends, and family at risk.  Most investigators try to separate their work life from their personal life, but the internet blurs the line between personal and work.

For example, in 2018, investigators were researching sex traffickers, specifically massage parlors in Manhattan, using VPNs; however, real estate agents were still able to track down their information and call those investigators on their personal cellphones.  These investigators suddenly became aware that their online presence was able to be tied to their personal lives even with cybersecurity practices.

The separation of work and personal is key, but investigators still need to access the tools and data needed for their job.  The undercover tradecraft needs to be applied to this field to protect legal and legitimate investigations.  So how do we protect investigators?

1st: Investigators need the tradecraft and training in cybersecurity to ensure they can protect themselves.  They also need to understand what will expose them to the digital world.

2nd: They need comprehensive tools to ensure they are not exposed at the seams.  Investigators are currently using multiple tools that are not designed to work cohesively together (VPNs, burner phones, anonymous browsers).  These individual products have a marginal benefit that leaves open cracks which criminals can exploit.  There needs to be a comprehensive solution/product that can combine these disparate tools in a seamless manner and seal the current gaps.

To work towards eliminating these gaps, check out opaque.ai for more information.