Blockchain may be tamperproof, but are your people?

With the ever-evolving world of technology, the way people conduct & operate their businesses is changing. Blockchain for some, has been nothing but a buzz-word, but for many it is shifting the way in which we record transactions and how we share them. Blockchain is seen as a much safer way to record transactions because of the way the information is store and shared. Instead of being centrally hosted on one network (as typical data systems are) the data is simultaneously replicated on several networks. This is more secure because it would be nearly impossible to attack the, what could be unlimited, amount of networks hosting the information. This makes the sharing of information more secure, and with minimal risk of theft or fraud.


Blockchain may be “tamperproof” but, like any technology,  it’s only as secure as its users. And like any company, people are the most vulnerable component of security programs. Those trusted with the data input are often targets of social engineering, insider threats, and scam attacks. Users are a crucial component to the success of the technology and the information shared within it, companies looking to implement new technology should examine the security program as a whole before proceeding.


As technology evolves, our security programs need to as well. In today’s era, social engineering, theft, & fraud all threaten the integrity of information sharing. Protecting people and assets now requires both physical & digital intelligence; with right technologies and people in place to ensure success.


The LifeRaft team will be in Santa Clara California for the Blochain Expo, IoT Tech Expo, Al & Big Data Expo and Cyber Security & Cloud Expo November 27-29th!

Among Tech Giants: Consumer Trust and Privacy


Facebook has put their hat in the digital assistant ring with the announcement of the Portal, a video-chatting device for the home. While many consumers have welcomed assistants from Google, Amazon, and Apple into their home, there may be a hesitancy with Facebook. Consumers have started to learn more about how much data companies have on us, who is using and selling it, and have pressured for legislation to protect data and privacy. Companies self-regulating hasn’t worked in the way we have hoped, and while some sort of regulation is necessary only within the last couple years have we examined in detail what that would look like.

General Data Protection Regulation (GDPR) was created for the ‘digital future’ of Europe, to help consumers gain back some control of their personal data. Companies will be responsible for ensuring the data they collect and manage is protected from malicious intent, and be fined if they fail to comply. GDPR covers any organizations in the EU, as well as any non-European companies that offer services to consumers inside the EU.

Being fairly new, there hasn’t really been an opportunity to see if it works, including what parts of it can or should be implemented elsewhere. Facebook was fined £500,000 through pre-GDPR rules as a result of the Cambridge Analytical data scandal; their recent security breach that exposed account information for over 50 million users may be the opportunity to see what teeth GDPR has.

Apple CEO Tim Cook called for a privacy law in the United States, mirroring the policies outlined in GDPR. We are living in a world built on massive amounts of data, creating what Cook can best describe as a “data-industrial complex.” Cook has been a significant advocate of privacy rights and regulation, which has been exemplified by Apple’s consistent commitment and fundamental philosophy of privacy for its users. In Brussels, Cook highlighted that future legislation should give the right to users to know what data is collected on them, to access that data and have it minimized, and for it to be kept securely. At the core of Apple’s business model is this call for regulation to reinforce users’ privacy and protection, which critics say would limit technological innovation. Cook further warns that “we will never achieve technology’s true potential without the full faith and confidence of the people who use it.”


There is a disagreement among tech companies on the best way to handle regulation going forward. After the Cambridge Analytical scandal, Mark Zuckerberg said, “It’s not a question of if regulation, it’s a question of what type;”


Facebook COO Sheryl Sandberg said that Facebook was open to legislation and willing to work with lawmakers. Facebook even went as far as saying that the company would enforce GDPR policies on the entire platform, and created new ways for users to have a better idea of their data is collected and used. However, confusion has arisen since countries have different standards surrounding privacy, timelines to communicate breaches to the public, and enforcement issues outside of the EU.

Google and Microsoft have approaches similar to Apple’s, using GDPR as a baseline for creating US regulations. In September 2018, Google provided recommendations for a privacy regulation bill covering basic requirements, scope, and accountability. The framework called for company transparency on the data they collect, why it is collected, and how they use it; practical avenues for individuals to access and control their data; and the inclusion of baseline precautions to protect personal information, including ways to keep companies accountable for this process.

Google also recommended applying similar regulations to any and all organizations that process personal data, and actively updating and re-evaluating data and privacy policies to adapt with changes in technology, norms, and interconnectedness. Earlier in May, Microsoft CEO Satya Nadella called privacy a human right and believes that GDPR is “a sound, good regulation.” Like Apple, Microsoft has longed positioned itself as a supporter of privacy, and both companies have been involved in cases against the Department of Justice to protect user data.

These differing company approaches to privacy, data, and handling of security breaches may contribute to why 51% of Americans don’t trust Facebook. Ranking the most distrustful among the tech giants was Amazon at 66%, according to a poll from Reuters. Even Google, who provides a free service similar to Facebook, is trusted by 62% of the polled population. Google collects a significant amount of data on users, but the return on investment and what is provided as a service is far greater.

When Facebook launched in the early 2000s, it was a social networking platform providing users a new and exciting way to connect, prevailing over the ever popular MySpace. It has since found itself as one among many ways for individuals to connect, is seen as having a negative impact on society, and has been caught up in scandals and politics, which have led to a drop in user accounts and interactions. Perhaps Google’s success is most evident by the fact its name has become a part of modern society’s lexicon – ‘Google it’ – which means to search for information on the Internet even if we may not be using Google as a search engine (although it does account for 72% of searches worldwide).

As consumers become more aware about their data and privacy, they are changing how they use technology and demanding companies to adapt to their needs, requiring tech companies to make changes.  While it may seem counterintuitive for technology companies to call for stronger regulations, governmental organizations and consumers are already advancing in that direction, and companies should fall in line in order for them to have a seat at the table.


Megan Penn
Security Research Consultant
M.A. Security Policy Studies

Security Platform Pushes New Artificial Intelligence Capabilities to Prioritize Threats

LifeRaft’s latest software release includes AI that learns language to identify threatening content faster

HALIFAX – November 9, 2018 – LifeRaft introduces Relevance Filtering as the next phase of Artificial Intelligence (AI) for their open source monitoring platform, Navigator. The platform is used globally by corporate organizations to monitor the internet for threats to their people and assets.

The new artificial intelligence capability learns subject matter identified by the user, enabling analysts to better qualify and validate threats to a company’s security or operations. The platform uses a scoring system that understands context and recognizes repeated content, quality of author, and frequency of publishing to identify relevancy; prioritizing most relevant content to the top.

“The Relevance Filtering helps us find the information that matters, faster,” says Sam Ward, Vice President at TorchStone, regarding Navigator’s new artificial intelligence capabilities. “In the security industry, time matters, so the quicker we can get relevant information, the safer we can keep our clients.”

Navigator automates the process of gathering and filtering publicly available sources for high risk posts online, pertinent to an organization. The Artificial Intelligence algorithm learns the essence of these risks and can alert companies when critical intelligence has been identified.

“By applying a natural language model trained on a vast amount of data, the relevance algorithm is able to identify and surface content that is related by meaning and context, getting a step closer to a more human approach to data intelligence,” says Eduardo Capouya, Co-Founder and CTO at LifeRaft. “This is an area that we will continue to expand on in upcoming releases.”

The LifeRaft team will be attending the AI & Big Data, Blockchain, and IoT Conference and Exhibitions in Santa Clara, California, November 28-29 to share Open Source Intelligence best practices and use case applications.


Melissa Cooper
Communications Manager, LifeRaft

Online Crimes Are Not New, They’ve Just Evolved

Approximately 4 billion people around the world have access to the Internet, compared to 3.2 billion in 2015, providing connectivity and communication to the majority of the globe’s population. The dramatic increase in internet access provides criminals with more to exploit – namely, a large pool of individuals and information, as well as the ability to target anyone around the world with an internet connection.

With this ever-increasing influx of online communication, shared data, regular use of social media, and an entire generation who cannot recall a time before the Internet, it is no wonder that information security breaches are consistently appearing in the headlines. However, what most people don’t realize is that these online crimes are not new – they are just evolving.

While software and online communication has created some new crimes, such as malware and ransomware, a significant number of ‘traditional’ physical crimes have adapted to the online sphere. Law enforcement agencies and policy have not adapted as quickly, leaving a noticeable gap and demand for security protection. As a result, private companies and individuals have emerged to find ways to detect security vulnerabilities and find solutions.

Prior to the Internet, there were a number of crimes that typically required physical interaction and used significant resources and time to accomplish. Now many of these can be done off the street and without physical contact. While today we hear of identity theft happening at a more frequent rate, it did not start with the birth of the Internet.

Previously, individuals would go through your trash – dumpster diving – or use scam phone calls to gather important pieces of biographical information from their victims. Now with the advent of online banking, retail, and social media, the amount of information available has not only vastly increased but also has become more readily accessible.

The deluge of information and ease of access provided in today’s society has provided criminals a lower barrier of entry into the online space to exploit. This isn’t to say all criminals are engaging in low-level operations – many are extremely sophisticated in their ability to exploit systems and individuals to gather information – but a lower barrier to entry has provided a spectrum from novice to expert for which individuals can work along regarding their skills, resources, access, and targets.

For example, criminal groups engaging in cyber espionage typically have resources and skills rivaling a nation-state and are much more inline with a criminal enterprise or organization. Meanwhile criminals have more opportunities to make money through blackmail since selling ‘valuable data’ obtained through simpler operations is no longer the only means of profit.  This is exemplified through criminals’ deployment of ransomware, which coerces their victims to pay for their data without having to create an actual attack.

With the widespread use of social media and its accompanying features like location tracking, the information available online isn’t exclusively used to conduct cyber attacks. It also allows criminals access to a slew of information to orchestrate other crimes, such as a physical attack, kidnapping, or theft. Our vulnerability is perhaps most evident through our willingness to share our information on Facebook, which has an estimated 2.23 billion users. The recent breach that allowed attackers to take over user’s accounts and see all their information, including private messages, impacted over 50 million of Facebook’s users. It can be assumed that similar breaches will continue to happen, as we share information with a few large very centralized companies and locations.

As users and possible victims, we have to thoughtfully make decisions on what, where, and with whom we share information online. We should also operate with the understanding that someone at some point will likely have access to a piece of information that could be used against us. With this underlying assumption we are able to take steps to prevent unauthorized breaches, mitigate damage, and identify possible future physical and online threats.


Megan Penn
Security Research Consultant
M.A. Security Policy Studies

SaaS Risk & Security Firms Announce Cross-Border Partnership

The integration will produce a holistic actionable intelligence & situational awareness solution

HALIFAX – MARCH 20, 2018 – LifeRaft, a leading open source intelligence provider for the corporate security industry, is pleased to announce its technology will be integrated into CSX, the leading situational awareness product from global risk solution provider, PlanetRisk.

This integration will provide open source intelligence coverage to enhance existing global security operations, offering a single solution to meet the needs of Corporate Security Teams for global risk and threat monitoring intelligence and analytics.

PlanetRisk’s Corporate Security Risk (CSX) platform is designed to help security professionals protect physical assets, offices, products, and people when attacks are imminent domestically and globally. With LifeRaft’s comprehensive data sets and advanced link analysis, the integrated CSX product will enable teams to take several data points and understand the context surrounding critical events or threats.

“Our technology has always been designed to deliver a single source of easily accessible and accurate information,” says Matt Tirman, Chief Commercial Officer at PlanetRisk. “With this integration, we’re providing more intelligence to do just that – giving you immediate insight into threats and risks specific to your organization’s requirements.”

As a part of this partnership, LifeRaft will endorse and support PlanetRisk as a trusted managed service provider for companies needing situational awareness but lacking the internal resources to monitor for security intelligence themselves.

“We always align ourselves with the most forward thinking, experienced, and well-respected companies,” says LifeRaft CEO, John Gallinaugh. “This integration demonstrates our commitment to only the best partnerships for our customers and for our company.”

LifeRaft has been working closely with the Canadian Trade Commissioners office in the US as an alumni of the Canadian Technology Accelerator (CTA) in New York City, and the current Boston cohort. The CTA program helps companies bolster market penetration in the United States.



Melissa Cooper
Communications Manager, LifeRaft


Halifax SaaS Company Closes $1.45M in Non-Dilutive Series A Funding Round

The raise was led by established NS-native banking executive to fuel the start-up’s growth

HALIFAX – October 5th, 2017 – LifeRaft, a leading open source intelligence provider for the corporate security industry, is pleased to announce the addition of former Group Head and Chief Executive Officer of Global Banking & Markets at The Bank of Nova Scotia, Mike Durland, as a major investor and strategic advisor to the company.
Continue Reading

5 Tips to Find Corporate Data Leaks Online

What to search and where to search when you suspect a data leak

Every day there seems to be another article shared about a data leak or breach of private or public organizations; from email addresses, passwords, login credentials, to employee IDs going viral. Whether it’s a disgruntled employee leaking sensitive data or competitors who have hacked and posted product specs – it’s bad news for everyone at the company.
Continue Reading

Social Engineering and You

What your employees do online can make them a target for social engineering.

Let’s talk about social engineering. In the context of information security, it is defined as “the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.” – Google Dictionary
Continue Reading

Security Game Changer

Digital media has changed the game for fans, artists, athletes, and now security personnel. In a world where tens of thousands of fans gather each week to see their favorite teams or bands play in major venues around the world, threats to security and patron safety have never been higher.
Continue Reading

The War on Counterfeit Pharmaceutical Drugs

Widespread access to internet chat boards, paste sites, and classifieds has impacted the distribution of counterfeit pharmaceuticals. According to the World Health Organization (WHO) article, “Medicines: counterfeit medicines,” falsified medical products are manufactured in regions and countries all over the world. This fact is supported by the abundance of content advertising counterfeit pharmaceuticals on the web.
Continue Reading

Ready to learn more?

Schedule a demoRequest More Info