Dark Web and Identity
July 24, 2018
Many in the media are making the Dark Web out to be a boogie man who will steal your identity and ruin your life. While that is possible, a greater threat lurks out there on the regular everyday Web that we all use. A fascinating recent study discovered that we are extremely vulnerable to anyone looking for our personal data. We learned just how vulnerable in a recent Which? story, “How The Internet Reveals Your Personal Data Secrets.”
According to the story, when 14 hackers were paid to do a test run and look for dirt on everyday citizens:
“None of the personal data sources we found were on the ‘dark web’ – a phrase that describes websites accessible only by a specialist browser geared up for anonymity. We were able to discover passwords and password hints, email and postal addresses, dates of birth, phone numbers, middle names and even signatures. There was also a wealth of ‘softer’ information revealing people’s interests, hobbies, religion and political preferences.”
If that isn’t enough to scare you, consider that the place where we are supposed to feel the most safe, is actually a hotbed of identity theft. According to US News and World Report, your doctor’s medical files on you is an ID thief’s dream come true.
Patrick Roland, July 24, 2018
DarkCyber, May 29, 2018, Now Available
May 29, 2018
Stephen E Arnold’s DarkCyber video news program for Tuesday, May 29, 2018, is now available.
This week’s story line up is:
- The “personality” of a good Web hacker
- Why lists are replacing free Dark Web search services
- Where to find a directory of OSINT software
- A new Dark Web index from a commercial vendor.
You can find this week’s program at either www.arnoldit.com/wordpress or on Vimeo at https://vimeo.com/272088088.
On June 5, 2018, Stephen will be giving two lectures at the Telestrategies ISS conference in Prague. The audiences will consist of intelligence, law enforcement, and security professionals from Europe. A handful of attendees from other countries will be among the attendees.
On Tuesday, June 5, 2018, Stephen will reveal one finding from our analysis of Amazon’s law enforcement, war fighting, and intelligence services initiative.
Because his books have been reused (in several cases without permission) by other analysts, the information about Amazon is available via online or in person presentations.
The DarkCyber team has prepared short video highlighting one research finding. He will include some of the DarkCyber research information in his Prague lectures.
The Amazon-centric video will be available on Tuesday, June 5, 2018. After viewing the video, if you want the details of his for fee lecture, write him at darkcyber333@yandex dot com. Please, put “Amazon” in the subject line.
Several on the DarkCyber team believe that most people will dismiss Stephen’s analysis of Amazon. The reason is that people buy T shirts, books, and videos from the company. However, the DarkCyber research team has identified facts which suggest a major new revenue play from the one time bookseller.
Just as Stephen’s analyses of Google in 2006 altered how some Wall Street professionals viewed Google, his work on Amazon is equally significant. Remember those rumors about Alexa recording what it “hears”? Now think of Amazon’s services/products as pieces in a mosaic.
The picture is fascinating and it has significant financial implications as well.
Enjoy today’s program at this link.
Kenny Toth, May 29, 2018
DarkCyber for May 1, 2018, Now Available
May 1, 2018
DarkCyber is a weekly video news program which covers important Dark Web stories and information about less well known Internet services. Produced by Stephen E Arnold, publisher of the Beyond Search blog, DarkCyber is available at www.arnoldit.com/wordpress and streaming on Vimeo at https://vimeo.com/267103171 .
Russia has blocked Telegram, the popular messaging app which had an estimated nine million users in Russia. DarkCyber explains that Russian government officials must now use decades old technology for their text messages. One consequence of the Russian blocking of Telegram is that service to Amazon and Google was interrupted. DarkCyber provides a workaround that Russian users may want to consider adopting to respond to the stepped up censorship in Russia.
A new report from a unit of the GHCQ (Britain’s equivalent of the US National Security Agency) provides a thorough run down of cyber crime activity in England. DarkCyber highlights how a person can download a free copy of this important report. Plus, DarkCyber describes a case example of Crime as a Service highlighted in the study. The particular CaaS involves an individual providing malware programmers a way to verify that their code could elude some detection systems. Plus, DarkCyber reveals how the bad actor provided his paying customers with free customer support.
DarkCyber provides basic information explaining how a person can set up a Dark Web server. The procedure is straightforward but may be too complex or cumbersome for some users who want to take advantage of Tor’s anonymity features. DarkCyber provides an easy solution which can get a Dark Web site online in a matter of minutes and costs pennies a day.
The final story reiterates a theme based on a person’s assumption that the Dark Web is anonymous. For an individual who believed that Ecstasy purchases with payment via Bitcoin were invisible to law enforcement, the Dark Web is not as Dark as she assumed. Australian and UK authorities arrested the person who assumed incorrectly that Tor was 100 percent anonymous.
We have also updated Stephen’s brief biography. We have reproduced it below:
Stephen E Arnold is the author of “Dark Web Notebook” and “CyberOSINT: Next Generation Information Access.” This book describes some of the technologies used by GSR and Cambridge Analytica to acquire and analyze Facebook user data. He has been named as a technology adviser to the UK based Judicial Commission of Inquiry into Human Trafficking and Child Sex Abuse.” Mr. Arnold also lectures to law enforcement and intelligence professionals attending the Telestrategies ISS conferences in Prague, At that conference, he will describe a major vendor’s virtually-unknown digital currency deanonymizing service. In addition, Mr. Arnold will appear at the Washington, DC, and Panama City, Panama, Telestrategies ISS events. In recent months, he has shared his research with law enforcement and intelligence professionals in the US and Europe. His most recent lectures focus on deanonymizing chat and digital currency transactions. One hour and full day programs are available via webinars and on-site presentations. He publishes the free Web log “Beyond Search,” which is available at www.arnoldit.com/wordpress .
DarkCyber is available at this link. (The splash page for the video contains a nod to May Day celebrations in a certain country.) We are working on a special DarkCyber about Amazon’s “intel play” which will be released coincident with his lectures at the Telestrategies ISS conference in Prague during the first week of June.
Kenny Toth, May 1, 2018
Amazon: Why Support Blockchain? To Chase IBM? Wrong.
April 30, 2018
In June 2018, I will describe Amazon’s lynch pin approach to intelligence analysis. The “play” has been ignored or overlooked by those who monitor the next generation information access market. At the Telestrategies ISS conference, I will report the DarkCyber and Beyond Search analysts’ assessment of this important Amazon service. The audience for the Telestrategies ISS programs are law enforcement and intelligence professionals. We have developed a for fee webinar which provides details of the Amazon “swing for the fences” approach to a number of intelligence-related services. Personally I was surprised by the audaciousness of the Amazon approach.
In this context, I noted a report in “Amazon’s New Blockchain Service Could Hurt IBM” which misses the main point of the Amazon “invention.” Yes, there is a patent as well as publicly accessible data about this data management play.
The write up explains that Amazon is offering BaaS or Blockchain as a Service. The spin in the write up is the threat which Amazon poses to IBM. From my analysts’ viewpoint, this is just a tiny piece of a much larger story.
What if Amazon is interested in a far larger market than one envisioned by IBM with its arm waving?
Assessing Amazon’s “invention” on the basis of this type of data might be misleading:
Amazon’s decision to launch both the Ethereum and Hyperledger Fabric services means that it wants to straddle the public and private cloud markets with its blockchain services. IBM has a firm grasp of the private on-premise cloud market, but AWS has been gaining ground with Virtual Private Cloud (VPC) services, which isolate sections of AWS’ public cloud for private use. The CIA, for example, already uses a “secret region” of AWS to host its classified data. Therefore, deploying Fabric on AWS’ VPCs could counter IBM’s deployment of Fabric on its on-premise private clouds.
Hmm. Quite a mishmash of assertions and services.
For a different point of view, catch my sessions at the Prague Telestrategies ISS program in Prague. If you want the information now, write benkent2020 at yahoo.com and request information about our online webinar. Coincident with my presentation, my team will release a story in Beyond Search, and we will post a brief video highlighting some of the main points of my presentation.
Oh, with regard to IBM, that company hired an Amazon executive to help IBM catch up. That’s more than worry. That’s reaction to a system which has been under construction since 2011. With a seven year head start, big time vendors involved, and contracts in negotiation, IBM has to do more than poach a manager.
Amazon sells books, right?
Stephen E Arnold, April 30, 2018
Scrubbing Terrorists: No Magic Mr. Clean
April 30, 2018
Removing terror suspects from Facebook and other social media outlets seems like it should be a cut and dry job, from the outside. However, doing so while not infringing on others’ rights gets very tricky. We learned just how tricky from a recent Telegraph article, “Facebook Reinstated Account for Terror Suspect Nine Times After He Complained They Were Stifling His Free Speech.”
According to the story:
“The social media giant suspended Abdulrahman Alcharbati’s account on nine occasions after he posted sickening Isil propaganda videos, but reinstated it each time when he complained….“Emails between the 31-year-old and Facebook’s moderators were read out to the jury at Newcastle Crown Court, where? he ?is standing trial accused of terror offences.”
This is a difficult position, since social media outlets claim they want to respect free speech on one hand, but not encourage violent and hurtful speech on the other. Even Mark Zuckerberg has addressed the issue of removing terrorists from his site. This speaks to how prevalent the issue is and how difficult it is, as well. Don’t expect the elimination of dangerous actors from social media any time soon. There are just too many loopholes.
Patrick Roland, April 30, 2018
Picking and Poking Palantir Technologies: A New Blood Sport?
April 25, 2018
My reaction to “Palantir Has Figured Out How to Make Money by Using Algorithms to Ascribe Guilt to People, Now They’re Looking for New Customers” is a a sign and a groan.
I don’t work for Palantir Technologies, although I have been a consultant to one of its major competitors. I do lecture about next generation information systems at law enforcement and intelligence centric conferences in the US and elsewhere. I also wrote a book called “CyberOSINT: Next Generation Information Access.” That study has spawned a number of “experts” who are recycling some of my views and research. A couple of government agencies have shortened by word “cyberosint” into the “cyint.” In a manner of speaking, I have an information base which can be used to put the actions of companies which offer services similar to those available from Palantir in perspective.
The article in Boing Boing falls into the category of “yikes” analysis. Suddenly, it seems, the idea that cook book mathematical procedures can be used to make sense of a wide range of data. Let me assure you that this is not a new development, and Palantir is definitely not the first of the companies developing applications for law enforcement and intelligence professionals to land customers in financial and law firms.
A Palantir bubble gum card shows details about a person of interest and links to underlying data from which the key facts have been selected. Note that this is from an older version of Palantir Gotham. Source: Google Images, 2015
Decades ago, a friend of mine (Ev Brenner, now deceased) was one of the pioneers using technology and cook book math to make sense of oil and gas exploration data. How long ago? Think 50 years.
The focus of “Palantir Has Figured Out…” is that:
Palantir seems to be the kind of company that is always willing to sell magic beans to anyone who puts out an RFP for them. They have promised that with enough surveillance and enough secret, unaccountable parsing of surveillance data, they can find “bad guys” and stop them before they even commit a bad action.
Okay, that sounds good in the context of the article, but Palantir is just one vendor responding to the need for next generation information access tools from many commercial sectors.
DarkCyber for April 24, 2018, Now Available
April 24, 2018
DarkCyber for April 124, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/266003727 .
Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.
This week’s lead story focuses on universities as unwitting accomplices for student cyber criminals. Five students at Manchester University began selling drugs via SilkRoad. The students “graduated” to their own brand and branched out. Before UK law enforcement shut down the students’ operation, more than 6,000 drug sales were completed. Plus, university computer systems have become targets for malicious crypto currency mining operations. A student can take classes in computer science and be up and scamming quickly.
Stephen E Arnold, producer of DarkCyber and author of “CyberOSINT: Next Generation Information Access” said: “The combination of easy access to high-value information about programming and computer systems plus the lure of easy money can turn a good student into a good criminal. Universities, despite their effort to implement more robust security, are targets for bad actors. Students can operate Dark Web businesses from their campus residence. Outsiders can exploit the institution’s computer system in order to install crypto currency mining software. At this time, colleges and universities are in a cat and mouse game with high stakes and stiff penalties for students, administrators, and school security professionals.”
DarkCyber revisits the security of virtual private networks. This week’s program answers a viewer’s question about improving the security of a VPN. In addition to changing the ports the VPN uses, DarkCyber points out that a tech savvy individual can operate his or her own VPN or use additional specialized software to shore up the often leaky security many VPN services provide.
Vendors of “policeware” are generally unknown to most tech professionals. DarkCyber highlights a new, UK based company doing business as Grey Heron. The company offers a range of cyber security services. The firm’s staff appears to include individuals once affiliated with the Hacking Team, another policeware vendor which found itself the victim of a cyber attack two years ago. If Gray Heron taps the Hacking Team’s technical talent, the firm may make an impact in this little known sector of the software market.
The final story in DarkCyber for April 24, 2018, highlights several findings from a study sponsored by Bromium, a cyber security company. The researchers at a UK university gathered data which provide some surprising and interesting information about the Dark Web. For example, the new report asserts that more than $200 billion is laundered on the Dark Web in a single year. If true, these newly revealed research data provide hard metrics about the role of digital currency in today’s online economy.
Beginning in May 2018, coverage of the Dark Web and related subjects will be increased within Beyond Search.
Kenny Toth, April 24, 2018
Blockchain as a CP Delivery System
April 18, 2018
With the rise of Bitcoin’s profile the encryption platform, Blockchain, used to keep things so secret has also seen a rise in its profile. But just like Bitcoin’s scrutiny under the spotlight, Blockchain’s less savory side is being exposed. We learned more from a recent CoinCenter story, defending the encryption, called “Addressing The Concerns of Illicit Images on Public Blockchains.”
According to the well thought out editorial,
“Bitcoin transactions allow one to add to them a short text memo. What some have done is to include encoded text in transaction memo fields and these are recorded in the Blockchain. Some of these encoded surprises on the blockchain include wedding vows, Bible verses, the Bitcoin logo and white paper, and quotes from Nelson Mandela. Unfortunately, some sick individuals have also added encoded images of child abuse.”
This is, however, not a new problem for the dark web. In fact, three years ago Forbes pointed out that Blockchain was a potential safe haven for malware and child abuse. That doesn’t erase the problems, though. The CoinCenter piece points out that a majority of interactions through Blockchain are on the up-and-up and that many legitimate businesses are investigating its uses. So, it’s safe to say this encryption tool is not going anywhere. We just wonder how it can ethically be policed.
Patrick Roland, April 18, 2018
Cryptocurrency: A New Tool for Factions?
April 18, 2018
Cryptocurrency like BitCoin have been gaining a foothold as legitimate forms of financial transaction over the last several years. However, one of the richest areas in the world, The Middle East, has been reluctant to jump on the bandwagon. Religious beliefs have prohibited many Islamic investors from using crypto currency, though that may change according to a recent Economic Times story, “Cryptocurrency Traders Use Old Gold to Lure Islamic Investors.”
According to the story, “OneGram, is issuing a gold-backed cryptocurrency — part of efforts to convince Muslims that investing in crypto currencies complies with their faith.
“But because they are products of financial engineering and objects of speculation, crypto currencies sit uneasily with Islam. Sharia principles, in addition to banning interest payments, emphasize real economic activity based on physical assets and frown on pure monetary speculation.”
The Islamic world may not have to wait long. Just today a 22-page research paper was released that declared Bitcoin is compliant with Sharia Law and therefore acceptable in the Islamic religion. We are not ready to fully buy into this, since the story appeared on Bitcoin’s own Web site. However, if this is true, it could mean another massive surge in investors as the cryptocurrency gains more and more momentum.
For more information, learn more about the Dark Web, check out Dark Web Notebook.
Patrick Roland, April 18, 2018
Online Tracking of Weapons Can Be a Challenge
April 17, 2018
Gun sales online are prompting a lot of governmental concern, but not just in America. Australia, a nation with one of the lowest gun violence rates in the world, recently began cracking down on dark web sales of firearms with the help of US authorities. The results were promising, but still a little concerning. We learned more from a recent Daily Mail article, “Gun Trafficking Groups Selling to Australia Have Been Sentenced.”
According to the story, a seller of guns that were sent to Australia recently got three years in prison for the illegal transactions. We learned:
“The Atlanta-based group advertised guns for sale on the underground website BlackMarketReloaded that operated on The Onion Router, which masks the identity of its users, according to prosecutors.”
However, finding them through the murky waters of covert internet sites was nearly as tough as physically locating the guns. The story also pointed out, “In an attempt to avoid detection in the US Post or overseas the group hid the firearms in electronic equipment before placing them in packages.”
The Herculean effort needed to capture this dark web gun lord sounds similar to the recent arrest of one of Europe’s biggest online arms dealers, who was tracked down in Spain. This was the result of multiple countries and multiple agencies working for months to find this single person.
Clearly, the task of wiping the Dark Web clean of guns is difficult, but thankfully not impossible. We hope to hear about more success stories like this in the future. For more information, learn more about CyberOSINT (the Dark Web) here.
Patrick Roland, April 17, 2018