DarkCyber for April 14, 2020, Now Available
April 14, 2020
This week’s DarkCyber program contains three news stories and one feature. The program is available via Vimeo and YouTube.
Geospark Analytics is the subject of a DarkCyber profile. The company has a new president, a new partner, and a public podcast. What makes these announcements interesting is that most firms engaged in geolocation analysis maintain a low profile. DarkCyber points out the downside of attracting too much attention. Geospark Analytics, a start up, is likely to become a disruptor in what is a little known sector of the law enforcement and intelligence markets. The technology is directly germane to recent announcements about tracking individuals of interest.
DarkCyber reports that bad actors are going to great lengths to make credit card theft easy. The story explains the principal features of a new point-and-click way to obtain names, credit card data, and the codes printed on each card. Also, this type of “skimming crime” is going to be further automated. After paying a fee, the developer of the skimming system will automate the theft for the customer. How much does the service cost? About $1000 but if a customer does not have the cash a revenue split is available.
A 2014 report produced by the US Department of Justice suggests that predictive analytics may not be as reliable as some experts assert The original document was not available to the public, but it was obtained via a Freedom of Information request by a watch dog group this year. The 2014 report reveals information about the somewhat dismal performance of predictive analytics systems. The outputs of these systems from well-known vendors were not helpful to enforcement and legal officials. The DarkCyber story includes a link to the full report as well as a link to a recent analysis of predictive analytics systems efficacy in identifying life outcomes for young people. The results of both studies appear to call into question the reliability of some predictive software.
DarkCyber’s program concludes with a reminder that virtual private networks may not be private. An online news service identified a number of comparatively high-profile VPNs that are not particularly secure. A link to the source document and the name of three suspect services are provided.
DarkCyber is a production of Stephen E Arnold. Programs are released twice a month and provide news, analysis, interviews, and commentary about the Dark Web, cyber crime, and lesser known Internet services.
Programs are available on Vimeo and YouTube. For the current program, you are welcome to navigate to www.arnoldit.com/wordpress.
Kenny Toth, April 14, 2020
DarkCyber for March 24, 2020, Now Available
March 24, 2020
DarkCyber for March 24, 2020, covers four stories. You can view the video on YouTube or on Vimeo.
The first story explains that phishing is a contentious issue in many organizations. Managers see phishing one way; information and security professionals often have a different view. The divide can create more vulnerabilities for organizations ignoring the escalating risk from weaponized email.
The second story provides some information about Banjo (a US firm engaged in providing specialized services to law enforcement) and BlueDot (a Canadian company applying advanced analysis to open source and limited access medical information). The story makes clear that the methods of these firms provide excellent insight into how some specialized software systems deliver high value intelligence to law enforcement and intelligence professionals worldwide.
The third story provides information about a Department of Justice report aimed at Dark Web researchers. The document is available without charge from the url provided in the program. Failure to follow the guidelines in the document can convert a researcher into a bad actor.
The final story reviews recent steps taken by the Russian government to exert tighter control over Internet applications. The affected software includes Tor and the Telegram Open Network. Mr. Putin has become Russia’s first digital tsar.
Kenny Toth, March 24, 2020
DarkCyber for August 20, 2019, Now Available
August 20, 2019
DarkCyber for August 20, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/354476523 .
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
The story line up this week includes a feature about Anduril Technologies’ surveillance system for border monitoring. The show also includes a critique of a public report about robocalling and a comment about the increasingly loud calls for backdoors to mobile phones and encrypted messages by law enforcement in the US and other countries.
The feature story this week is about Anduril Industries, the company which is developing systems for the Department of Defense’s Project Maven. The company was founded in 2017 by Palmer Luckey. After creating the virtual reality product Oculus Rift, Luckey sold the company to Facebook. He then founded Anduril to develop next generation surveillance products and systems. His clients include US government agencies like the Department of Homeland Security. Anduril’s innovations allow software to monitor, analyze, and make decisions. These decisions can be taken without human involved, take place automatically, or employ human-machine interactions. The system can process data from digital cameras and specialized devices. These data are then federated and analyzed by the firm’s proprietary algorithms. The system can, for example, identify a herd of cattle as well as a group of people approaching a border. Anduril, however, is able to differentiate between the animals and the humans. If detection occurs at an Anduril monitoring tower, Anduril drones can also scan the area. If multiple Anduril drones are deployed in the area in which the anomaly was detected, the resolution of the system increases. In effect, Anduril has developed a way for surveillance to deliver detection, analysis, and increased resolution. An operator can immerse himself or herself in a virtual reality presentation of what the drones and the monitoring devices “see”. Anduril’s approach to US government work stands in direct contrast to that of Google. Google refused to work on Project Maven yet funded an educational artificial intelligence center in mainland China. Anduril welcomes US government work. One of the investors in Anduril suggested that Google’s attitude toward the US government could be interpreted as treasonous.
Two other stories round out this week’s episode.
Law enforcement agencies in the US and other Five Eyes member countries continue their call for a way for government agencies to access devices and messages by persons of interest. The “growing dark” problem in the US made headlines. Law enforcement investigating the Dayton, Ohio, killings have been unable to access the alleged shooter’s mobile phone data. DarkCyber anticipates increasingly loud calls for legislation to make it mandatory for technology companies to cooperate with law enforcement when courts permit access to mobile devices.
DarkCyber calls attention to an article which provides a road map for an individual who wants to run a robocall operation. The details of the method are reviewed. Plus, DarkCyber names two services which allow a robocall spammer to set up an operation with a few clicks online. One of these services includes a “press one feature” which allows the robocaller to charge the individual who happens to answer the telephone. DarkCyber finds these types of “how to” articles somewhat troubling. The information may encourage some individuals to launch a robocall business and runs scams anonymously.
A new multi part series about Amazon policeware initiative begins on November 5, 2019. DarkCyber programs are available on Vimeo.com and YouTube.com.
Note that DarkCyber will begin a new series of programs on November 5, 2019. The current series or “season” ends on August 27, 2019. We are developing the new series now. It’s about everyone favorite online bookstore with an emphasis on policeware and intelware.
Kenny Toth, August 20, 2019
NSO: More PR Excitement, Facts, or Bloomberg Style Reporting?
July 20, 2019
I read the Financial Times’ write up about NSO Group. The title is a show stopper: “Israeli Group’s Spyware Offers Keys to Big Tech’s Cloud.” (Note: You may have to pay money to view the orange newspaper’s online “real” news write up.
There’s a diagram:
There’s a reminder that NSO is owned by an outfit called “Q Cyber.” There’s information contained in a “pitch document.” There’s a quote from Citizen Lab, a watchdog outfit on cyber intelligence firms and other interesting topics.
What’s missing?
- Information from a Q Cyber or NSO professional. A quote or two would be good.
- Statements from an entity which has used the method and obtained the desired results; for example, high value intel, a person of interest neutralized, the interruption of an industrialized crime operation, or something similar
- Scanned images of documents similar to the Palantir Gotham how to recently exposed by Vice, a zippy new news outfit.
Think about the PR problem the revelations create: NSO gets another whack on the nose.
Think about the upside: Visibility and in the Financial Times no less. (Does NSO need more visibility and semantic connections to Amazon, Apple, or any other “in the barrel” high tech outfit?)
Outfits engaged in cyber intelligence follow some unwritten rules of the road:
First, these outfits are not chatty people. Even at a classified conference where almost everyone knows everyone else, there’s not much in the way of sales tactics associated with used car dealers.
Second, documentation, particularly PowerPoints or PDFs of presentations, are not handed out like chocolate drops for booth attendees who looked semi alert during a run through of a feature or service. Why not whip out a mobile device with a camera and snap some of the slides from the presentation materials or marketing collateral? The graphic is redrawn and quite unlike the diagrams used by NSO type cyber intel outfits. Most trained intelligence professionals are not into “nifty graphics.”
Third, cyber intel companies are not into the media. There are conference organizers who snap at people who once worked as a journalist and made the mistake of telling someone that “before I joined company X, I worked at the ABC newspaper.” Hot stuff New York Times’ stringers are stopped by security guards or police before getting near the actual conference venue. Don’t believe me. Well, try to gate crash the upcoming geo spatial conference in Washington, DC, and let me know how this works out for you.
Fourth, why is NSO acting in a manner so different from the other Israel-influenced cyber intelligence firms? Is Voyager Labs leaking details of its analytic and workflow technology? What about Sixgill’s system for Dark Web content analysis? What’s Webhose.io doing with its content and expanding software suite? What’s Verint, a public company, rolling out next quarter? NSO is behaving differently, and that is an item of interest, worthy of some research, investigation, and analysis.
For the established cyber intel firms like NSO, assertions are not exactly what sells licenses or make BAE Systems, IBM, or Raytheon fear that their licensees will terminate their contracts. How many “customers” for NSO type systems are there? (If you said a couple of hundred, you are getting close to the bull’s eye.) Does publicity sell law enforcement, security, and intelligence systems? Search engine optimization specialists are loco if they think cyber intel firms want to be on the first page of a Google results page.
Consider this series of bound phrases:
Cat’s paw. Bloomberg methods. Buzzfeed and Vice envy. A desire to sell papers. Loss of experienced editors. Journalists who confuse marketing with functioning software?
These are the ideas the DarkCyber team suggested as topics an investigator could explore. Will anyone do this? Unlikely. Too arcane. Too different from what problems multiple systems operating on a global scale present for one method to work. Five Eyes’ partners struggle with WhatsApp and Telegram messages. “Everything” in Amazon or Apple? Really?
Net net: Great assertion. How about something more?
Stephen E Arnold, July 20, 2019
Intelware: A Tricky Business
March 25, 2019
Short honk: I read “A New Age of Warfare”. The write up names specific companies like the NSO Group and DarkMatter. People are identified as well. Most coverage of intelligence software and systems is conducted in trade publications and at specialized conferences. The NYT may be sending a not-so-subtle alert that it wants to dig into software, systems, and business practices of highly specialized products and services. My hunch is that some companies and people will be eager to assist the NYT. Others may take a different approach. Worth monitoring how the Gray Lady moves forward. Unforeseen consequences ahead? Absolutely.
Stephen E Arnold, March 25, 2019
DarkCyber for January 1, 2019, Now Available
January 1, 2019
DarkCyber for January 1, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/308764040. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.
This week’s story line up includes… novelty currency and email collection services… Primer, a next-generation investigative tool with NLG… and homemade explosive device constituents become a regulators’ focal point.
First, there is confusion between novelty currency (a banknote worth one million dollars) and counterfeit currency. BuyBillsOnline.com seems to offer counterfeit bills one can use as a legal banknote. DarkCyber points out that the Surface Web service is an odd combination of useful information about how government’s protect their banknotes and a too-good-to-be-true offer of counterfeit currency. DarkCyber urges cautions. The Web site may be an online service designed to gather the email addresses and other information of unsuspecting, online users.
Second, DarkCyber profiles a company which has deployed smart software which uses NLG or natural language generation. Primer’s technology processes large volumes of information collected in an investigation, identifies the key entities in the content, and produces a report automatically. The company has clients in law enforcement, intelligence, and financial services. DarkCyber highlights the important innovations the company has revealed in its patents for its intellectual property.
The final story reports that homemade explosive devices can be created with easy-to-get chemicals and compounds. In 2019, more stringent controls may be placed on certain materials; for example, concentratged forms of hydrogen peroxide and sulfuric acid. An individual with some training in chemistry can assemble explosive devices, some of which can generate about 80 percent of the force of commercial TNT.
Kenny Toth, January 1, 2019
Thomson Reuters on a Privacy International Beat
November 26, 2018
I know that commercial database publishers can be profitable operations. But in order to keep pace with erosion of some traditional revenue streams, some professional publishers have been working to generate new databases which can be licensed to certain government agencies. In most cases, a researcher or librarian will not have these electronic files in their toolkit.
Privacy International published “Who Supplies the Data, Analysis, and Tech Infrastructure to US Immigration Authorities?” The report is available without charge, but I suggest that you download it promptly. Certain reports about some topics can go offline without notice.
I don’t want to dig through the references to references to Palantir. The information about that company is not particularly fresh. However, Privacy International has gathered some useful examples of Thomson Reuters’ products and services to law enforcement and other government agencies.
Privacy International seems unaware that many LE and intel entities routinely outsource work to third part, license a wide range of numeric and factual data, and tap into the talent pools at third party firms.
The Privacy International report does not provide much information about Thomson Reuters’ use of the Palantir technology. That might be an interesting topic for some young researcher to explore. We will do a short item about some of the Privacy International information in the DarkCyber for December 11, 2018.
Stephen E Arnold, November 26, 2018
Applique Logic: Alex Jones and Turbo Charging Magnetism
August 9, 2018
I am not sure I have read an Alex Jones’ essay or watched an Alex Jones’ video. In fact, he was one of the individuals of whom I was aware, but he was not on my knowledge radar. Now he is difficult to ignore.
Today’s New York Times corrected my knowledge gap. I noted in my dead tree edition today (August 9, 2018) these stories:
- Facebook’s Worst Demons Have Come Home to Roost, page B1
- Infowars App Is Trending As Platforms Ban Content, B6
- The Internet Trolls Have Won. Get Used to It, B7
I want to mention “Rules Won’t Save Twitter. Values Will” at this online location.
From my vantage point in rural Kentucky, each of the writes up contributes to the logic quilt for censoring the real Alex Jones.
Taken together, the information in the write ups provide a helpful example of what I call “appliqué logic.”
Applique means, according to Google which helpfully points to Wikipedia, another information source which may be questionable to some, is:
Appliqué is ornamental needlework in which pieces of fabric in different shapes and patterns are sewn or stuck onto a larger piece to form a picture or pattern. It it commonly used as decoration, especially on garments. The technique is accomplished either by hand or machine. Appliqué is commonly practiced with textiles, but the term may be applied to similar techniques used on different materials.
Applique logic is reasoning stuck on to something else. In this case, the “something else” are the online monopolies which control access to certain types of information.
The logic is that the monopolies are technology, which is assumed to be neutral. I won’t drag you through my Eagleton Award lecture from a quarter century ago to remind you that the assumption may not be correct.
The way to fix challenges like “Alex Jones” is to stick a solution on the monopoly. This is similar to customizing a vehicle like this one:
Notice how the school bus (a mundane vehicle) has been enhanced with what are appliqués. The result does not change the functioning of the school bus, but it now has some sizzle. I suppose the appliqué logician could write a paper and submit the essay to an open access publisher to explain the needed improvements the horns add.
With the oddly synchronized actions against the Alex Jones content, we have the equivalent of a group of automobile customizers finding ways to “enhance” their system.
The result is to convert what no one notices into something that would make a Silicon Valley PR person delighted to promote. I assume that a presentation at a zippy new conference would be easy for the appliqué team to book.
The apparent censorship of Alex Jones is now drawing a crowd. Here I am in Harrods Creek writing about a person to whom I previously directed zero attention. The New York Times coverage is doing a better job than I could with a single write up in a personal blog. In the land of “free speech” the Alex Jones affair may become an Amazon Prime or Netflix original program. Maybe a movie is in the works?
Back to appliqué logic. When it comes to digital content, sticking on a solution may not have the desired outcome. The sticker wants one thing. The stickee is motivated to solve the problem; for example, the earthquake watcher Dutch Sinse has jumped from YouTube to Twitch to avoid censorship. He offered an explanation about this action and referenced the Washington Post. I don’t follow Dutch Sinse so I don’t know what he is referencing, and I don’t care to be honest.
But the more interesting outcome of these Alex Jones related actions is that the appliqué logic has to embrace the “stickoids.” These are the people who now have a rallying point. My hunch is that whatever information Alex Jones provides, he is in a position to ride a pretty frisky pony at least for a a moment in Internet time.
Why won’t appliqué logic work when trying to address the challenges companies like Facebook, Google, et al face?
- Stick ons increase complexity. Complexity creates security issues which, until it is too late, remain unknown
- Alex Jones type actions rally the troops. I am not a troop, but here I am writing about this individual. Imagine the motivation for those who care about Mr. Jones’ messages
- Opportunities for misinformation, disinformation, and reformation multiply. In short, the filtering and other appliqué solutions will increase computational cost, legal costs, and administrative costs. Facebook and Google type companies are not keen on increased costs in my opinion.
- Alex Jones type actions attack legal eagles.
What’s the fix? There is a spectrum of options available. On one end, believe that the experts running the monopolies will do the right thing. Hope is useful, maybe even in this case. At the other end, the Putin approach may be needed. Censorship, fines, jail time, and more extreme measures if the online systems don’t snap a crisp salute.
Applique solutions are what’s available. I await the final creation. I assume there will be something more eye catching than green paint, white flame decoration, and (I don’t want to forget) the big green horns.
For Alex Jones, censorship may have turbocharged his messaging capability. What can one stick on him now? What will the stickoids do? Protest marches, Dark Web collections of his content, encrypted chat among fans?
I know one thing: Pundits and real journalists will come up with more appliqué fixes. Easy, fast, and cheap. Reasoning from the aisles of Hobby Lobby or Michael’s is better than other types of analytic thought.
Stephen E Arnold, August 9, 2018
DarkCyber for August 7, 2018, Now Available
August 7, 2018
This week’s DarkCyber video news program is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/user77362226/ .
DarkCyber covers news related to the Dark Web and lesser known Internet services. The program is produced and hosted by Stephen E Arnold, author of CyberOSINT and the Dark Web Notebook.
This week’s program includes four stories.
The first story reviews how hardware devices can be used by an individual to compromise an organization’s computers, servers, and network. The video illustrates how a normally appearing wristwatch can transfer malware to a computer or server. The video also explains how cufflinks which are housing for men’s cufflinks can evade a physical security inspection. The object is to make clear that an insider with physical access to computing devices can compromise those devices in a matter of minutes. Stephen E Arnold said: “Anyone with access to a computer within an organization can easily create havoc on existing systems. Security guards usually overlook watches and jewelry which contain storage devices, programs, and capabilities which can penetrate cyber barriers. These direct access attacks like the Evil Maid method are a threat because interns, temporary workers, and compromised employees have the opportunity and means to perform malicious actions.”
The second report summarizes findings about successful email phishing attacks. These are seemingly innocuous and legitimate emails which are conduits for malware. The most effective phishing scams reference Amazon deliveries and requests for information from what appear to be legitimate sources like Facebook.
The third story provides an overview of the Zotero research assistant software. The software keeps track of information discovered on the Internet and performs a number of functions for a researcher, an analyst, or an investigator. The Zotero tool allows the user to maintain an archive of data and generate reports which can be submitted to a colleague or a legal team. The software is available without charge, and DarkCyber provides a link for downloading the program.
The final story revisits the mythical idea that a person can hire an assassin on the Dark Web. A physician in England tried to arrange the death of his financial adviser. The doctor suffered cold feet, but police arrested him for malicious email. The Chechen mob did not get the doctor’s bitcoin nor the opportunity to terminate a financial wizard.
Kenny Toth, August 7, 2018
Fake News: Maybe Deadly
July 25, 2018
Politics aside for a moment, a disturbing new trend is becoming more obvious thanks to social media and fake news. Human lives are being lost thanks to false news stories being circulated and it might just be the one arena in which everyone can agree there is a problem. This first came to our attention via an NBC News story, “Social Media Rumors Trigger Violence in India; 3 Killed by Mobs.”
According to the story:
“Mobs of villagers killed at least three people and attacked several others after social media messages warned that gangs of kidnappers were roaming southern India in search of children, police said ….Authorities said there was no indication that such gangs actually existed.”
This scourge of fake news leading to real world consequences has led to the government stepping in and perhaps becoming an incubator for other nations going forward. The Indian Government has reached out to WhatsApp and demanded that they begin filtering out fake news stories. Google and Facebook have already begun attempting to police themselves. If the Indian government’s move to take control over fake news proves successful, censorship dominoes are falling in many different nation states. In the July 31, 2018, DarkCyber video we report about recent developments and Kazakhstan. The video will be available on the 31st at www.arnoldit.com/wordpress.
Patrick Roland, July 25, 2018