DarkCyber for May 26, 2020 Now Available

May 26, 2020

DarkCyber for May 26, 2020, is an online video program focusing on cyber crime, intelligence, and lesser known Internet services. This week’s stories include NSO Group in the PR spotlight, Covid 19 phishing, Germany limits intel services scope of action, a source for bad actor hackers, ETSI.org as a job hunter’s game preserve, and four new drones for surveillance and kinetic action. (Kinetic means explosive munitions.)

The program is a production of Stephen E Arnold and the DarkCyber research team.

In addition to our news programs, we have begun adding special videos. You can view the most recent interview segments with a CIA professional is DarkCyber Exclusive: Litigation Likely for Short Selling.

More special video features are in the works. Remember. DarkCyber contains no demeaning “begging for dollars” pleas, no content marketing, and no subscription fees. As a result, DarkCyber videos and blog posts deliver information that may be difficult to locate and analysis that can cause consternation.

This week’s program is at https://vimeo.com/422426350.

Kenny Toth, May 26, 2020

DarkCyber for May 12, 2020: Web Tracking, Free Malware Appliance, Banjo Trouble, New Drones, and Mobile Location Spoofing

May 12, 2020

DarkCyber for May 12, 2020, is now available. You can view this program on YouTube or Vimeo. This week’s program covers the Banjo founder – KKK connection. SoftBank invested $100 million in the company. There has been a potential feature film project called Banjo Policeware: The Wrath of Khan. Two stories focus on surveillance of persons of interest. The first references allegations that the US Federal Bureau of Investigation uses faked Web pages or seized pages to obtain useful information about actors. Another story describes an open source malware analysis appliance. Unlike commercial solutions which cost thousands of dollars, the Phoenix appliance is available without charge. The appliance, which is a software wrapper around a number of tools, allows analysis and visualization of malware behavior. The program also includes a report about two new drones which can perform surveillance and data collection. The first is an autonomous system developed by AeroVironment. The second is DJI’s drone equipped with a 48 megapixel camera.

We are now producing two DarkCyber videos each month. We plan to release a short “special focus program” between our regular shows. Watch DarkCyber for details about this special report. Topics on the production schedule include the failure of cyber security solutions to protect Work From Home employees and contractors, search engine optimization fraud, and policeware marketing.

DarkCyber is produced by Stephen E Arnold and the DarkCyber research team. Tony S. has rejoined the group after a hiatus due to family responsibilities. Join me in saying, “Yo, Tony, get to work.” He is now our principal researcher for a new project related to the European Community’s investigation of Google search result manipulation. (I know that most people are unaware of this most recent thrust at Google, but it is happening.)

One final but important point: The DarkCyber video programs contain no sponsored content, no advertisements, and no embarrassing “begging for dollars” messages. The approach allows the DarkCyber team to discuss a range of topics, even those which can be uncomfortable for search engine marketers, consultants, and sketchy service providers.

Kenny Toth, May 12, 2020

Content Marketing: The Faux Monte

May 8, 2020

I wrote about the SEO hustle email I received on April 30, 2020. That email became the subject of the conversation I had with the former CIA professional, Robert David Steele. He interviewed me and posted the video from his Web site PhiBetaIota.net. You can view the video at this link. In this post, I want to call attention to the SEO expert’s example blog content, thoughtfully provided by an individual named Christian Arriola and using the alias of a person named Jeffrey Garay. The blog in question is part of a kitchen remodeling business doing work in Pearland near Houston and Allen near Dallas.

The blog post is “How to Get Your Dream Kitchen Remodel Without Breaking the Bank.” Here’s an example of the content which the outfit Woobound wanted to provide to Beyond Search / DarkCyber:

When you have an excellent suggestion of what you desire, take a seat and also write a great breakdown of jobs that you desire finished. You do not need to be technological and also you do not need to make use of building terms yet simply state all the important things you desire a service provider to do and also bid. It can be as easy as: eliminate all existing floor covering and also closets; mount brand-new floor covering, cupboards, kitchen counters, sink as well as home appliances per the strategy; paint; attach sink pipes; as well as mount brand-new lighting fixtures.

It appears that the connection between Beyond Search / DarkCyber is that the root “techno*” appears in the paragraph above and some of Beyond Search / DarkCyber’s more than 18,000 articles. I may be missing other, more sophisticated connections, but on the surface, the idea that kitchen remodeling and the topics in Beyond Search / DarkCyber are tenuously related. Oh, wait, I do cover cyber crime, perhaps that is the hook?

The blog features some broken image links, an 888 number to contact the firm, and a content pool exactly one post deep.

My concern about search engine optimization’s latest “trick” is that some people will accept this “link trade” or “backlink” pitch.

Meaningless links are not helpful to a user. We will be monitoring this ploy because deception is a precursor of cyber crime. Our objective is to take a close look at this faux monte. What we see so far is not appealing; in fact, one of the DarkCyber team used the term

Stephen E Arnold, May 8, 2020

DarkCyber for April 28, 2020: Free Cyber Warfare Book, Spy Insights, the Info Gap Map, and HaaS

April 28, 2020

The April 28, 2020, DarkCyber tackles four stories this week. This week’s program is available via the DarkCyber blog, Vimeo, or YouTube. This week’s stories include information that is otherwise difficult to locate.

You can download a comprehensive look at cyber warfare published by the Carnegie Endowment for International Peace. The book covers cyber intelligence and methods of cyber warfare. DarkCyber’s Stephen E Arnold and former CIA spy Robert David Steele discussed misinformation in a one hour interview which is available on the Phi Beta Iota Web site. DarkCyber includes an extract from the discussion about obtaining hyper local data about people, events, and places. The information gap map illustrates how little digital information is available in free Web search systems. The map makes clear that anyone relying on Bing, Google, Yandex, and other free Web search systems is likely to be drowned in misinformation. The program explains how to access a no cost honeypot as a service. HaaS makes it possible to explore malware and learn about exploits in a controlled environment. The link to the service is provided in the program.

Kenny Toth, April 28, 2020

 

DarkCyber for April 14, 2020, Now Available

April 14, 2020

This week’s DarkCyber program contains three news stories and one feature. The program is available via Vimeo and YouTube.

Geospark Analytics is the subject of a DarkCyber profile. The company has a new president, a new partner, and a public podcast. What makes these announcements interesting is that most firms engaged in geolocation analysis maintain a low profile. DarkCyber points out the downside of attracting too much attention. Geospark Analytics, a start up, is likely to become a disruptor in what is a little known sector of the law enforcement and intelligence markets. The technology is directly germane to recent announcements about tracking individuals of interest.

DarkCyber reports that bad actors are going to great lengths to make credit card theft easy. The story explains the principal features of a new point-and-click way to obtain names, credit card data, and the codes printed on each card. Also, this type of “skimming crime” is going to be further automated. After paying a fee, the developer of the skimming system will automate the theft for the customer. How much does the service cost? About $1000 but if a customer does not have the cash a revenue split is available.

A 2014 report produced by the US Department of Justice suggests that predictive analytics may not be as reliable as some experts assert The original document was not available to the public, but it was obtained via a Freedom of Information request by a watch dog group this year. The 2014 report reveals information about the somewhat dismal performance of predictive analytics systems. The outputs of these systems from well-known vendors were not helpful to enforcement and legal officials. The DarkCyber story includes a link to the full report as well as a link to a recent analysis of predictive analytics systems efficacy in identifying life outcomes for young people. The results of both studies appear to call into question the reliability of some predictive software.

DarkCyber’s program concludes with a reminder that virtual private networks may not be private. An online news service identified a number of comparatively high-profile VPNs that are not particularly secure. A link to the source document and the name of three suspect services are provided.

DarkCyber is a production of Stephen E Arnold. Programs are released twice a month and provide news, analysis, interviews, and commentary about the Dark Web, cyber crime, and lesser known Internet services.

Programs are available on Vimeo and YouTube. For the current program, you are welcome to navigate to www.arnoldit.com/wordpress.

Kenny Toth, April 14, 2020

DarkCyber for March 24, 2020, Now Available

March 24, 2020

DarkCyber for March 24, 2020, covers four stories. You can view the video on YouTube or on Vimeo.

The first story explains that phishing is a contentious issue in many organizations. Managers see phishing one way; information and security professionals often have a different view. The divide can create more vulnerabilities for organizations ignoring the escalating risk from weaponized email.

The second story provides some information about Banjo (a US firm engaged in providing specialized services to law enforcement) and BlueDot (a Canadian company applying advanced analysis to open source and limited access medical information). The story makes clear that the methods of these firms provide excellent insight into how some specialized software systems deliver high value intelligence to law enforcement and intelligence professionals worldwide.

The third story provides information about a Department of Justice report aimed at Dark Web researchers. The document is available without charge from the url provided in the program. Failure to follow the guidelines in the document can convert a researcher into a bad actor.

The final story reviews recent steps taken by the Russian government to exert tighter control over Internet applications. The affected software includes Tor and the Telegram Open Network. Mr. Putin has become Russia’s first digital tsar.

Kenny Toth, March 24, 2020

DarkCyber for August 20, 2019, Now Available

August 20, 2019

DarkCyber for August 20, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/354476523 .
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

The story line up this week includes a feature about Anduril Technologies’ surveillance system for border monitoring. The show also includes a critique of a public report about robocalling and a comment about the increasingly loud calls for backdoors to mobile phones and encrypted messages by law enforcement in the US and other countries.

The feature story this week is about Anduril Industries, the company which is developing systems for the Department of Defense’s Project Maven. The company was founded in 2017 by Palmer Luckey. After creating the virtual reality product Oculus Rift, Luckey sold the company to Facebook. He then founded Anduril to develop next generation surveillance products and systems. His clients include US government agencies like the Department of Homeland Security. Anduril’s innovations allow software to monitor, analyze, and make decisions. These decisions can be taken without human involved, take place automatically, or employ human-machine interactions. The system can process data from digital cameras and specialized devices. These data are then federated and analyzed by the firm’s proprietary algorithms. The system can, for example, identify a herd of cattle as well as a group of people approaching a border. Anduril, however, is able to differentiate between the animals and the humans. If detection occurs at an Anduril monitoring tower, Anduril drones can also scan the area. If multiple Anduril drones are deployed in the area in which the anomaly was detected, the resolution of the system increases. In effect, Anduril has developed a way for surveillance to deliver detection, analysis, and increased resolution. An operator can immerse himself or herself in a virtual reality presentation of what the drones and the monitoring devices “see”. Anduril’s approach to US government work stands in direct contrast to that of Google. Google refused to work on Project Maven yet funded an educational artificial intelligence center in mainland China. Anduril welcomes US government work. One of the investors in Anduril suggested that Google’s attitude toward the US government could be interpreted as treasonous.

Two other stories round out this week’s episode.

Law enforcement agencies in the US and other Five Eyes member countries continue their call for a way for government agencies to access devices and messages by persons of interest. The “growing dark” problem in the US made headlines. Law enforcement investigating the Dayton, Ohio, killings have been unable to access the alleged shooter’s mobile phone data. DarkCyber anticipates increasingly loud calls for legislation to make it mandatory for technology companies to cooperate with law enforcement when courts permit access to mobile devices.

DarkCyber calls attention to an article which provides a road map for an individual who wants to run a robocall operation. The details of the method are reviewed. Plus, DarkCyber names two services which allow a robocall spammer to set up an operation with a few clicks online. One of these services includes a “press one feature” which allows the robocaller to charge the individual who happens to answer the telephone. DarkCyber finds these types of “how to” articles somewhat troubling. The information may encourage some individuals to launch a robocall business and runs scams anonymously.

A new multi part series about Amazon policeware initiative begins on November 5, 2019. DarkCyber programs are available on Vimeo.com and YouTube.com.

Note that DarkCyber will begin a new series of programs on November 5, 2019. The current series or “season” ends on August 27, 2019. We are developing the new series now. It’s about everyone favorite online bookstore with an emphasis on policeware and intelware.

Kenny Toth, August 20, 2019

NSO: More PR Excitement, Facts, or Bloomberg Style Reporting?

July 20, 2019

I read the Financial Times’ write up about NSO Group. The title is a show stopper: “Israeli Group’s Spyware Offers Keys to Big Tech’s Cloud.” (Note: You may have to pay money to view the orange newspaper’s online “real” news write up.

There’s a diagram:

image

There’s a reminder that NSO is owned by an outfit called “Q Cyber.” There’s information contained in a “pitch document.” There’s a quote from Citizen Lab, a watchdog outfit on cyber intelligence firms and other interesting topics.

What’s missing?

  1. Information from a Q Cyber or NSO professional. A quote or two would be good.
  2. Statements from an entity which has used the method and obtained the desired results; for example, high value intel, a person of interest neutralized, the interruption of an industrialized crime operation, or something similar
  3. Scanned images of documents similar to the Palantir Gotham how to recently exposed by Vice, a zippy new news outfit.

Think about the PR problem the revelations create: NSO gets another whack on the nose.

Think about the upside: Visibility and in the Financial Times no less. (Does NSO need more visibility and semantic connections to Amazon, Apple, or any other “in the barrel” high tech outfit?)

Outfits engaged in cyber intelligence follow some unwritten rules of the road:

First, these outfits are not chatty people. Even at a classified conference where almost everyone knows everyone else, there’s not much in the way of sales tactics associated with used car dealers.

Second, documentation, particularly PowerPoints or PDFs of presentations, are not handed out like chocolate drops for booth attendees who looked semi alert during a run through of a feature or service. Why not whip out a mobile device with a camera and snap some of the slides from the presentation materials or marketing collateral? The graphic is redrawn and quite unlike the diagrams used by NSO type cyber intel outfits. Most trained intelligence professionals are not into “nifty graphics.”

Third, cyber intel companies are not into the media. There are conference organizers who snap at people who once worked as a journalist and made the mistake of telling someone that “before I joined company X, I worked at the ABC newspaper.” Hot stuff New York Times’ stringers are stopped by security guards or police before getting near the actual conference venue. Don’t believe me. Well, try to gate crash the upcoming geo spatial conference in Washington, DC, and let me know how this works out for you.

Fourth, why is NSO acting in a manner so different from the other Israel-influenced cyber intelligence firms? Is Voyager Labs leaking details of its analytic and workflow technology? What about Sixgill’s system for Dark Web content analysis? What’s Webhose.io doing with its content and expanding software suite? What’s Verint, a public company, rolling out next quarter? NSO is behaving differently, and that is an item of interest, worthy of some research, investigation, and analysis.

For the established cyber intel firms like NSO, assertions are not exactly what sells licenses or make BAE Systems, IBM, or Raytheon fear that their licensees will terminate their contracts. How many “customers” for NSO type systems are there? (If you said a couple of hundred, you are getting close to the bull’s eye.) Does publicity sell law enforcement, security, and intelligence systems? Search engine optimization specialists are loco if they think cyber intel firms want to be on the first page of a Google results page.

Consider this series of bound phrases:

Cat’s paw. Bloomberg methods. Buzzfeed and Vice envy. A desire to sell papers. Loss of experienced editors. Journalists who confuse marketing with functioning software?

These are the ideas the DarkCyber team suggested as topics an investigator could explore. Will anyone do this? Unlikely. Too arcane. Too different from what problems multiple systems operating on a global scale present for one method to work. Five Eyes’ partners struggle with WhatsApp and Telegram messages. “Everything” in Amazon or Apple? Really?

Net net: Great assertion. How about something more?

Stephen E Arnold, July 20, 2019

Intelware: A Tricky Business

March 25, 2019

Short honk: I read “A New Age of Warfare”. The write up names specific companies like the NSO Group and DarkMatter. People are identified as well. Most coverage of intelligence software and systems is conducted in trade publications and at specialized conferences. The NYT may be sending a not-so-subtle alert that it wants to dig into software, systems, and business practices of highly specialized products and services. My hunch is that some companies and people will be eager to assist the NYT. Others may take a  different approach. Worth monitoring how the Gray Lady moves forward. Unforeseen consequences ahead? Absolutely.

Stephen E Arnold, March 25, 2019

DarkCyber for January 1, 2019, Now Available

January 1, 2019

DarkCyber for January 1, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/308764040. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.

This week’s story line up includes… novelty currency and email collection services… Primer, a next-generation investigative tool with NLG… and homemade explosive device constituents become a regulators’ focal point.

First, there is confusion between novelty currency (a banknote worth one million dollars) and counterfeit currency. BuyBillsOnline.com seems to offer counterfeit bills one can use as a legal banknote. DarkCyber points out that the Surface Web service is an odd combination of useful information about how government’s protect their banknotes and a too-good-to-be-true offer of counterfeit currency. DarkCyber urges cautions. The Web site may be an online service designed to gather the email addresses and other information of unsuspecting, online users.

Second, DarkCyber profiles a company which has deployed smart software which uses NLG or natural language generation. Primer’s technology processes large volumes of information collected in an investigation, identifies the key entities in the content, and produces a report automatically. The company has clients in law enforcement, intelligence, and financial services. DarkCyber highlights the important innovations the company has revealed in its patents for its intellectual property.

The final story reports that homemade explosive devices can be created with easy-to-get chemicals and compounds. In 2019, more stringent controls may be placed on certain materials; for example, concentratged forms of hydrogen peroxide and sulfuric acid. An individual with some training in chemistry can assemble explosive devices, some of which can generate about 80 percent of the force of commercial TNT.

Kenny Toth, January 1, 2019

Next Page »

  • Archives

  • Recent Posts

  • Meta