DarkCyber for August 14, 2018, Now Available

August 14, 2018

DarkCyber for July 24, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/284579347 .

Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.

This week’s program covers four Dark Web and security related stories.

The first story presents data about online drug sellers. The estimated number of vendors is in the 30,000 to 50,000 range. DarkCyber points out that such data are likely to be uncertain. Estimates of online sources for controlled substances are based on difficult-to-verify data. DarkCyber reports that as many as one half of the prescription drugs sold online may be fakes.

The second story reports that the Dark Web is changing. The shift from Tor-centric Web sites to encrypted chat and messaging systems is underway. Encrypted chat complicates the work of law enforcement and intelligence professionals. Plus, encrypted chat sessions can trigger mob actions which can spiral out of control and without warning. A lynching in India may be the direct result of forwarded encrypted chat messages.

The third story provides a snapshot of the NC4 policeware system Street Smart. A popular US magazine referenced the company without providing details about the system and its functions. DarkCyber explains that information about the software system are available on the NC4 Web site and in videos publicly available on YouTube.

The final story explains how 3D printing makes it comparatively easy for an individual to create what is called a “ghost gun.” The 3D printed weapon does not have an identification number, so tracing the gun is difficult. DarkCyber points out that copyright issues and regulations concerning the manufacture of weapons will consume time, money, and human resources.

Kenny Toth, August 14, 2018

Europe Creates a Potential Target for Bad Actors

August 9, 2018

The goal, most agree, is to keep sensitive information out of the hands of hackers and crooks, right? European officials might be planning to fly directly in the face of that logic, after we read a recent article in The Register, “Think Tank Calls for Post-Brexit National ID Cards: The Kids Have Phones, So What’s The Difference?”

Things got dicey here:

“The government intends to assign EU citizens unique numbers based on either a passport or national ID card number…he system will be accessed via GOV.UK or a smartphone app, and the report praised the security and privacy credentials promised for the database of citizen numbers…The data will be kept on Home Office servers in a tier 3 data centre, with individual pieces of information stored and encrypted separately.”

So, let’s get this straight? All of Europe will have its personal information on file in one location and they are just publicly telling the bad guys where to find it? What could go wrong? Google seems to be rolling out a program to warn governments when they are being hacked, which makes Google more “useful” to certain authorities.

But bad actors gravitate to data collections which have significant value. The ID card repository may become a high profile target.

Patrick Roland, August 9, 2018

Dark Web and Identity

July 24, 2018

Many in the media are making the Dark Web out to be a boogie man who will steal your identity and ruin your life. While that is possible, a greater threat lurks out there on the regular everyday Web that we all use. A fascinating recent study discovered that we are extremely vulnerable to anyone looking for our personal data. We learned just how vulnerable in a recent Which? story, “How The Internet Reveals Your Personal Data Secrets.”

According to the story, when 14 hackers were paid to do a test run and look for dirt on everyday citizens:

“None of the personal data sources we found were on the ‘dark web’ – a phrase that describes websites accessible only by a specialist browser geared up for anonymity. We were able to discover passwords and password hints, email and postal addresses, dates of birth, phone numbers, middle names and even signatures. There was also a wealth of ‘softer’ information revealing people’s interests, hobbies, religion and political preferences.”

If that isn’t enough to scare you, consider that the place where we are supposed to feel the most safe, is actually a hotbed of identity theft. According to US News and World Report, your doctor’s medical files on you is an ID thief’s dream come true.

Patrick Roland, July 24, 2018

DarkCyber, June 12, 2018, Now Available

June 12, 2018

DarkCyber for June 12, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/274326974 .

Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.

The first story focuses on torrents. ThePirateBay has long been associated with making it easy to access copyrighted content. With ThePirateBay offline, those in search of free copyrighted content have created a proxy list. The idea is that a bad actor can located copyrighted materials and sidestep paying for access. Although these torrent finder sites come and go, a list is easily available for anyone looking for what ThePirateBay made findable.

Next, Stephen reports that the Dutch police, in cooperation with other nation’s law enforcement agencies, have shuttered MaxiDed. The site, allegedly operated by citizens of Moldova, provided hosting and online services. MaxiDed allowed individuals and organizations wanting to distribute malware, host Dark Web sites, and engage in other online activities a safe harbor. The MaxiDed marketing explained that the service was “bulletproof.” DarkCyber reveals that MaxiDed was not.

The third story continues DarkCyber’s explanation of Amazon’s “policeware” initiative. The Amazon Rekognition service makes it possible for law enforcement to identify individuals in images and video. Unlike some other systems, Amazon’s approach allows real time facial recognition. Also, the system can identify up to 100 individuals in a group photo. This service complements Amazon’s streaming data service revealed in the June 5, 2018, DarkCyber video. Stephen E Arnold said: “Amazon’s push into services which seem tailor made for law enforcement, regulatory entities, and intelligence professionals continues. Its facial recognition service called ”Rekognition“ could revolutionize how authorities identify possible bad actors. The use of Amazon’s cross correlation method could significantly rework the law enforcement landscape in a very short period of time.”

The final story makes the economics of selling synthetic opioids clear. According to data compiled by Bloomberg, a kilogram of fentanyl or an analogue can generate orders of magnitude more money when sold on the street. Also, obtaining bulk quantities of fentanyl analogues is possible. China, for example, does not regulate analogues as closely as it does fentanyl itself.

Kenny Toth, June 12, 2018

Doxxing Explained

June 7, 2018

For those unfamiliar with the practice of “doxxing,” Stuff has shared a clear introduction on the topic peppered with links to more information—“What is Doxxing, and Why Is It So Scary?” Reporter Jasmine McNealy describes the technique of discovering personal information available online and using it against one’s target. She also emphasizes how dangerous these attacks can be. McNealy writes:

“It’s not surprising that information has value – particularly information related to people’s identities, interests and habits. This is, after all, the age of big data, social media and targeted advertising. The Facebook-Cambridge Analytica scandal is just one of many events in which regular people found out just how much personal information is available out on the internet. People also found out how little power they had over their information. Generally, people want, and think they have, control over who knows what about them. Individual identity is in part performance: People decide and change who they are and how they act in different places, around different groups. This is particularly true online, where many sites and services allow users to be anonymous or pseudonymous or to hide their information from other users’ searches. Often, of course, each site itself has some private information about users, like an email address, for delivering service-related notices. But online platforms seem to offer users a measure of control over their identity and personal information.”

That control, however, is less absolute than these platforms would have their users believe. The write-up describes why this is so, and concludes by emphasizing McNealy’s central point—doxxing turns online information into a dangerous weapon.

Cynthia Murrell, June 7, 2018

DarkCyber, May 29, 2018, Now Available

May 29, 2018

Stephen E Arnold’s DarkCyber video news program for Tuesday, May 29, 2018, is now available.

This week’s story line up is:

  • The “personality” of a good Web hacker
  • Why lists are replacing free Dark Web search services
  • Where to find a directory of OSINT software
  • A new Dark Web index from a commercial vendor.

You can find this week’s program at either www.arnoldit.com/wordpress or on Vimeo at https://vimeo.com/272088088.

On June 5, 2018, Stephen will be giving two lectures at the Telestrategies ISS conference in Prague. The audiences will consist of intelligence, law enforcement, and security professionals from Europe. A handful of attendees from other countries will be among the attendees.

On Tuesday, June 5, 2018, Stephen will reveal one finding from our analysis of Amazon’s law enforcement, war fighting, and intelligence services initiative.

Because his books have been reused (in several cases without permission) by other analysts, the information about Amazon is available via online or in person presentations.

The DarkCyber team has prepared short video highlighting one research finding. He will include some of the DarkCyber research information in his Prague lectures.

The Amazon-centric video will be available on Tuesday, June 5, 2018. After viewing the video, if you want the details of his for fee lecture, write him at darkcyber333@yandex dot com. Please, put “Amazon” in the subject line.

Several on the DarkCyber team believe that most people will dismiss Stephen’s analysis of Amazon. The reason is that people buy T shirts, books, and videos from the company. However, the DarkCyber research team has identified facts which suggest a major new revenue play from the one time bookseller.

Just as Stephen’s analyses of Google in 2006 altered how some Wall Street professionals viewed Google, his work on Amazon is equally significant. Remember those rumors about Alexa recording what it “hears”? Now think of Amazon’s services/products as pieces in a mosaic.

The picture is fascinating and it has significant financial implications as well.

Enjoy today’s program at this link.

Kenny Toth, May 29, 2018

Plan a Hike or an Attack: Piece of Cake Now

May 26, 2018

Forget the utility of the procedure for outdoor hikers described in “Plot a Hike on Google Earth.” My first thought was, “What a Mother’s Little Helper” for those involved in military orienteering. I particularly liked the use of Strava, an application with data of some value to those eager to locate certain types of behavior patterns inadvertently created by joggers. I also liked the bouncing between a desktop / laptop computer and mobile devices. No problem for personnel operating from a semi fixed base station. Finally, the “fly around” functionality is helpful. My problem with these capabilities is that they are available to anyone. My personal view is that certain types of technology applications can be put to what I would describe as questionable uses. Why go through the hassle of joining the military or law enforcement, cope with the rigors of FLETC and other training program, and sharpen one’s skills in the field. Take a short cut and put the capabilities in whatever context one wants. Sorry. Too much information.

Stephen E Arnold, May 26, 2018

DarkCyber for May 1, 2018, Now Available

May 1, 2018

DarkCyber is a weekly video news program which covers important Dark Web stories and information about less well known Internet services. Produced by Stephen E Arnold, publisher of the Beyond Search blog, DarkCyber is available at www.arnoldit.com/wordpress and streaming on Vimeo at https://vimeo.com/267103171  .

Russia has blocked Telegram, the popular messaging app which had an estimated nine million users in Russia. DarkCyber explains that Russian government officials must now use decades old technology for their text messages. One consequence of the Russian blocking of Telegram is that service to Amazon and Google was interrupted. DarkCyber provides a workaround that Russian users may want to consider adopting to respond to the stepped up censorship in Russia.

A new report from a unit of the GHCQ (Britain’s equivalent of the US National Security Agency) provides a thorough run down of cyber crime activity in England. DarkCyber highlights how a person can download a free copy of this important report. Plus, DarkCyber describes a case example of Crime as a Service highlighted in the study. The particular CaaS involves an individual providing malware programmers a way to verify that their code could elude some detection systems. Plus, DarkCyber reveals how the bad actor provided his paying customers with free customer support.

DarkCyber provides basic information explaining how a person can set up a Dark Web server. The procedure is straightforward but may be too complex or cumbersome for some users who want to take advantage of Tor’s anonymity features. DarkCyber provides an easy solution which can get a Dark Web site online in a matter of minutes and costs pennies a day.

The final story reiterates a theme based on a person’s assumption that the Dark Web is anonymous. For an individual who believed that Ecstasy purchases with payment via Bitcoin were invisible to law enforcement, the Dark Web is not as Dark as she assumed. Australian and UK authorities arrested the person who assumed incorrectly that Tor was 100 percent anonymous.

We have also updated Stephen’s brief biography. We have reproduced it below:

Stephen E Arnold is the author of “Dark Web Notebook” and “CyberOSINT: Next Generation Information Access.” This book describes some of the technologies used by GSR and Cambridge Analytica to acquire and analyze Facebook user data. He has been named as a technology adviser to the UK based Judicial Commission of Inquiry into Human Trafficking and Child Sex Abuse.” Mr. Arnold also lectures to law enforcement and intelligence professionals attending the Telestrategies ISS conferences in Prague, At that conference, he will describe a major vendor’s virtually-unknown digital currency deanonymizing service. In addition, Mr. Arnold will appear at the Washington, DC, and Panama City, Panama, Telestrategies ISS events. In recent months, he has shared his research with law enforcement and intelligence professionals in the US and Europe. His most recent lectures focus on deanonymizing chat and digital currency transactions. One hour and full day programs are available via webinars and on-site presentations. He publishes the free Web log “Beyond Search,” which is available at www.arnoldit.com/wordpress .

DarkCyber is available at this link. (The splash page for the video contains a nod to May Day celebrations in a certain country.) We are working on a special DarkCyber about Amazon’s “intel play” which will be released coincident with his lectures at the Telestrategies ISS conference in Prague during the first week of June.

Kenny Toth, May 1, 2018

Amazon: Why Support Blockchain? To Chase IBM? Wrong.

April 30, 2018

In June 2018, I will describe Amazon’s lynch pin approach to intelligence analysis. The “play” has been ignored or overlooked by those who monitor the next generation information access market. At the Telestrategies ISS conference, I will report the DarkCyber and Beyond Search analysts’ assessment of this important Amazon service. The audience for the Telestrategies ISS programs are law enforcement and intelligence professionals. We have developed a for fee webinar which provides details of the Amazon “swing for the fences” approach to a number of intelligence-related services. Personally I was surprised by the audaciousness of the Amazon approach.

In this context, I noted a report in “Amazon’s New Blockchain Service Could Hurt IBM” which misses the main point of the Amazon “invention.” Yes, there is a patent as well as publicly accessible data about this data management play.

The write up explains that Amazon is offering BaaS or Blockchain as a Service. The spin in the write up is the threat which Amazon poses to IBM. From my analysts’ viewpoint, this is just a tiny piece of a much larger story.

What if Amazon is interested in a far larger market than one envisioned by IBM with its arm waving?

Assessing Amazon’s “invention” on the basis of this type of data might be misleading:

Amazon’s decision to launch both the Ethereum and Hyperledger Fabric services means that it wants to straddle the public and private cloud markets with its blockchain services. IBM has a firm grasp of the private on-premise cloud market, but AWS has been gaining ground with Virtual Private Cloud (VPC) services, which isolate sections of AWS’ public cloud for private use. The CIA, for example, already uses a “secret region” of AWS to host its classified data. Therefore, deploying Fabric on AWS’ VPCs could counter IBM’s deployment of Fabric on its on-premise private clouds.

Hmm. Quite a mishmash of assertions and services.

For a different point of view, catch my sessions at the Prague Telestrategies ISS program in Prague. If you want the information now, write benkent2020 at yahoo.com and request information about our online webinar. Coincident with my presentation, my team will release a story in Beyond Search, and we will post a brief video highlighting some of the main points of my presentation.

Oh, with regard to IBM, that company hired an Amazon executive to help IBM catch up. That’s more than worry. That’s reaction to a system which has been under construction since 2011. With a seven year head start, big time vendors involved, and contracts in negotiation, IBM has to do more than poach a manager.

Amazon sells books, right?

Stephen E Arnold, April 30, 2018

Scrubbing Terrorists: No Magic Mr. Clean

April 30, 2018

Removing terror suspects from Facebook and other social media outlets seems like it should be a cut and dry job, from the outside. However, doing so while not infringing on others’ rights gets very tricky. We learned just how tricky from a recent Telegraph article, “Facebook Reinstated Account for Terror Suspect Nine Times After He Complained They Were Stifling His Free Speech.”

According to the story:

“The social media giant suspended Abdulrahman Alcharbati’s account on nine occasions after he posted sickening Isil propaganda videos, but reinstated it each time when he complained….“Emails between the 31-year-old and Facebook’s moderators were read out to the  jury at Newcastle Crown Court, where? he ?is standing trial accused of terror offences.”

This is a difficult position, since social media outlets claim they want to respect free speech on one hand, but not encourage violent and hurtful speech on the other. Even Mark Zuckerberg has addressed the issue of removing terrorists from his site. This speaks to how prevalent the issue is and how difficult it is, as well. Don’t expect the elimination of dangerous actors from social media any time soon. There are just too many loopholes.

Patrick Roland, April 30, 2018

Next Page »

  • Archives

  • Recent Posts

  • Meta