DarkCyber for September 18, 2018 Now Available

September 18, 2018

DarkCyber for September 18, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/290147202 . 

This week’s DarkCyber video news program covers … Bitfury’s deanonymization service and its unusual sales approach… the loss of UK law enforcement laptops… facial recognition for law enforcement challenged by tech company employees… and X1 and its eDiscovery system with Dark Web content support.

The first story explains that Bitfury, a UK company with an interesting staff line up, offers digital currency deanonymization services. The company’s approach to sales, however, is unusual. Specifically, the company refused to explain its services at a recent law enforcement conference. DarkCyber continues to recommend that agencies interested in digital currency deanonymization look at services available from Chainalysis and Elliptic, two companies which do explain their services to security and enforcement officials.

The second story reports that UK media pointed out that in one year, UK law enforcement lost 60 laptops. With tens of thousands of officers and operators, DarkCyber states that the alleged problem is blown out of proportion. Bad actors attempt to obtain laptops, mobiles, and other computing devices in order to compromise investigations. DarkCyber asserts that the loss of 60 laptops illustrates the good job UK authorities do with regard to preventing loss of laptops.

The third story describes the Amazon DeepLens system. In addition to explaining how this Amazon camera integrates with Amazon’s machine learning and analytics subsystems, DarkCyber reports that neither Amazon, IBM, or any other US company was able to sell their technology to Ecuador. That country purchased a state-of-the-art Chinese developed system. With employee pushback against their employers’ work for the US government, US facial recognition technology may find itself at a disadvantage with regard to technical development and system innovation.

The final story covers the X1 eDiscovery system for social content. The X1 technology can now acquire and process social media information as well as some Dark Web content. Instead of directly scraping Dark Web sites, the X1 method relies on the Tor2Web.org service. The new product costs about $2,000 per year. DarkCyber explains where to download a 14-day free trial.

Kenny Toth, September 18, 2018

Blockchain Bridges the Crypto Gap of Legality

September 4, 2018

Cryptocurrency like Bitcoin has long been the Dark Web’s favorite way of doing illegal business transactions. However, the technology that it is built upon is opening up and providing law enforcement with an interesting weapon, as we discovered in a recent CoinPick story, “Use of BitCoin Over Dark Web Has Dropped, but DEA Wants Criminals to Keep Using Cryptocurrencies.”

According to the piece:

“This is where blockchain plays a very important part. Even though Bitcoin does not carry IDs, the transactions being available on a distributive ledger are accessible to the public. The investigators can track the funds and apprehend Individuals related to criminal activity this way. Infante further stated: The blockchain actually gives us a lot of tools to be able to identify people.”

By exploiting the platform’s weaknesses, law enforcement is zeroing in on illegal activity. We expect this to become more and more common thanks to the fact that police are beginning to familiarize themselves with it for run-of-the-mill internal programs as well as high level crimefighting. This gap is being bridged and one of two things will happen: Either cryptocurrency crime will be wiped out, or the bad guys will have to find a new way to stay hidden.

In Stephen E Arnold’s upcoming lecture in Washington, DC, attendees will learn that bad actors need to be aware of a new intelligence service. The provider? Amazon. More details will be shared in a DarkCyber video after Stephen returns.

Patrick Roland, September 4, 2018


DarkCyber for September 4, 2018, Now Available

September 4, 2018

DarkCyber for September 4, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/287783314.

Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.

This week’s program covers three Dark Web and security related stories.

The first story addresses Gephi, an open graph visualization platform. Unlike Excel, Gephi is a platform. The software system can be a useful complement to blockchain deanonymization tasks. An analyst can perform link analysis; that is, what hyperlink or item leads to another. The Gephi One feature allows the user to turn a graphical representation and explore it in three dimensions. A user can interact with the data, drilling down into a cluster or popping up one or more levels to see how a particular item relates to a broader grouping of data. The system can manipulate up to one million nodes and edges. Some commercial tools struggle to deal with more than a handful of nodes and edges. The video includes a link at which Gephi can be downloaded.

The second story describes a vehicle tracking and surveillance innovation called Zoomed. Developed by Cameroonia computer whiz Zuo Bruno, the system does not require the Internet. Instead, Zuo Bruno devised a system which operates via SMS. Once the device is placed in a vehicle, the location of the vehicle can be determined by placing a mobile call to the Zoomed device. The device drops the call and messages the location and other data of the vehicle. The Zoomed technology can perform other functions as well; for example, the audio in the vehicle can be recorded and the vehicle can be disabled.

The third story describes a free account takeover alerting service or ATO from Truthfinder. The idea is that after a person registers for the service, Truthfinder will notify that individual when his personal information is discovered by the monitoring service. DarkCyber explains how to sign up for the service and how to disable the notifications if they become a burden.

Kenny Toth, September 4, 2018

EU Not Taking Terror Lying Down

September 3, 2018

Applause are due to the European Union, who have instituted a unique plan for battling online extremism. We learned more about this tactic and were able to think about its potential stress points from reading an interesting Inquirer article, “EU Wants Tech Firms to Remove Terror Content Within an Hour of Facetimes.”

According to the story:

“In March, legislation passed that presented the hour-long purge window, but it was only marked under voluntary guidelines. But it looks like tech firms aren’t volunteering to work to these guidelines so the EU wants to force them to do so by imposing fines on firms that are blasé about terrorism-related materials on their services, networks and platforms.”

This is a very exciting prospect in the war on disinformation and violence planned online. However, it’s not time to celebrate quite yet. As reported recently, the EU is a complex machine itself and several countries failed to step in line with the cybersecurity deadline that loomed this summer. Beyond that, we are very curious to see how the various nations and governing bodies work together to oversee this new security measure. We hope it makes some headway, but will be watching from afar.

Patrick Roland, September 3, 2018

WhatsApp Veering Closer to Traditional Social Media

August 29, 2018

Next week, the publisher of Beyond Search and producer of DarkCyber (Stephen E Arnold) will be delivering a lecture in Washington, DC. The subject? The “new” Dark Web. Encrypted chat is becoming the go to system for certain types of information and product / service transactions.

What’s the angle?

The meteoric rise of group text and chatting tool, WhatsApp, has been well documented. In a world of tangled social media webs, this seemed like a smaller, more concentrated way to get updates from friends and family. However, the app has made some recent additions that may take it more toward the Facebooks and Twitters of the world. We learned more in a recent Make Use Of story, “The Best New WhatsApp Features You Might Have Missed.”

Among the new tools:

“Catch-up: A new @ button appears at the bottom right corner of the chat when you’ve been mentioned by someone, or if someone has quoted you, while you were away. It’s easier to catch up on something you might have missed.

“Protection From Re-Adding: WhatsApp groups don’t need your consent to add you to a group. Now, if you leave that group, an admin can’t just add you back immediately.”

In addition, there are search features and tools for deleting messages. It should come as no surprise that the program’s co-founder is a former (technically current) Facebook employee. Is this a step toward becoming a more direct competitor of the social giant? But encrypted chat has larger implications. If you are in DC, write Stephen at darkcyber333 at yandex dot com. You might be able to set  up a short meet up at a physical coffee shop. No chat required.

Patrick Roland, August 29, 2018

DarkCyber for August 14, 2018, Now Available

August 14, 2018

DarkCyber for July 24, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/284579347 .

Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.

This week’s program covers four Dark Web and security related stories.

The first story presents data about online drug sellers. The estimated number of vendors is in the 30,000 to 50,000 range. DarkCyber points out that such data are likely to be uncertain. Estimates of online sources for controlled substances are based on difficult-to-verify data. DarkCyber reports that as many as one half of the prescription drugs sold online may be fakes.

The second story reports that the Dark Web is changing. The shift from Tor-centric Web sites to encrypted chat and messaging systems is underway. Encrypted chat complicates the work of law enforcement and intelligence professionals. Plus, encrypted chat sessions can trigger mob actions which can spiral out of control and without warning. A lynching in India may be the direct result of forwarded encrypted chat messages.

The third story provides a snapshot of the NC4 policeware system Street Smart. A popular US magazine referenced the company without providing details about the system and its functions. DarkCyber explains that information about the software system are available on the NC4 Web site and in videos publicly available on YouTube.

The final story explains how 3D printing makes it comparatively easy for an individual to create what is called a “ghost gun.” The 3D printed weapon does not have an identification number, so tracing the gun is difficult. DarkCyber points out that copyright issues and regulations concerning the manufacture of weapons will consume time, money, and human resources.

Kenny Toth, August 14, 2018

Europe Creates a Potential Target for Bad Actors

August 9, 2018

The goal, most agree, is to keep sensitive information out of the hands of hackers and crooks, right? European officials might be planning to fly directly in the face of that logic, after we read a recent article in The Register, “Think Tank Calls for Post-Brexit National ID Cards: The Kids Have Phones, So What’s The Difference?”

Things got dicey here:

“The government intends to assign EU citizens unique numbers based on either a passport or national ID card number…he system will be accessed via GOV.UK or a smartphone app, and the report praised the security and privacy credentials promised for the database of citizen numbers…The data will be kept on Home Office servers in a tier 3 data centre, with individual pieces of information stored and encrypted separately.”

So, let’s get this straight? All of Europe will have its personal information on file in one location and they are just publicly telling the bad guys where to find it? What could go wrong? Google seems to be rolling out a program to warn governments when they are being hacked, which makes Google more “useful” to certain authorities.

But bad actors gravitate to data collections which have significant value. The ID card repository may become a high profile target.

Patrick Roland, August 9, 2018

Dark Web and Identity

July 24, 2018

Many in the media are making the Dark Web out to be a boogie man who will steal your identity and ruin your life. While that is possible, a greater threat lurks out there on the regular everyday Web that we all use. A fascinating recent study discovered that we are extremely vulnerable to anyone looking for our personal data. We learned just how vulnerable in a recent Which? story, “How The Internet Reveals Your Personal Data Secrets.”

According to the story, when 14 hackers were paid to do a test run and look for dirt on everyday citizens:

“None of the personal data sources we found were on the ‘dark web’ – a phrase that describes websites accessible only by a specialist browser geared up for anonymity. We were able to discover passwords and password hints, email and postal addresses, dates of birth, phone numbers, middle names and even signatures. There was also a wealth of ‘softer’ information revealing people’s interests, hobbies, religion and political preferences.”

If that isn’t enough to scare you, consider that the place where we are supposed to feel the most safe, is actually a hotbed of identity theft. According to US News and World Report, your doctor’s medical files on you is an ID thief’s dream come true.

Patrick Roland, July 24, 2018

DarkCyber, June 12, 2018, Now Available

June 12, 2018

DarkCyber for June 12, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/274326974 .

Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.

The first story focuses on torrents. ThePirateBay has long been associated with making it easy to access copyrighted content. With ThePirateBay offline, those in search of free copyrighted content have created a proxy list. The idea is that a bad actor can located copyrighted materials and sidestep paying for access. Although these torrent finder sites come and go, a list is easily available for anyone looking for what ThePirateBay made findable.

Next, Stephen reports that the Dutch police, in cooperation with other nation’s law enforcement agencies, have shuttered MaxiDed. The site, allegedly operated by citizens of Moldova, provided hosting and online services. MaxiDed allowed individuals and organizations wanting to distribute malware, host Dark Web sites, and engage in other online activities a safe harbor. The MaxiDed marketing explained that the service was “bulletproof.” DarkCyber reveals that MaxiDed was not.

The third story continues DarkCyber’s explanation of Amazon’s “policeware” initiative. The Amazon Rekognition service makes it possible for law enforcement to identify individuals in images and video. Unlike some other systems, Amazon’s approach allows real time facial recognition. Also, the system can identify up to 100 individuals in a group photo. This service complements Amazon’s streaming data service revealed in the June 5, 2018, DarkCyber video. Stephen E Arnold said: “Amazon’s push into services which seem tailor made for law enforcement, regulatory entities, and intelligence professionals continues. Its facial recognition service called ”Rekognition“ could revolutionize how authorities identify possible bad actors. The use of Amazon’s cross correlation method could significantly rework the law enforcement landscape in a very short period of time.”

The final story makes the economics of selling synthetic opioids clear. According to data compiled by Bloomberg, a kilogram of fentanyl or an analogue can generate orders of magnitude more money when sold on the street. Also, obtaining bulk quantities of fentanyl analogues is possible. China, for example, does not regulate analogues as closely as it does fentanyl itself.

Kenny Toth, June 12, 2018

Doxxing Explained

June 7, 2018

For those unfamiliar with the practice of “doxxing,” Stuff has shared a clear introduction on the topic peppered with links to more information—“What is Doxxing, and Why Is It So Scary?” Reporter Jasmine McNealy describes the technique of discovering personal information available online and using it against one’s target. She also emphasizes how dangerous these attacks can be. McNealy writes:

“It’s not surprising that information has value – particularly information related to people’s identities, interests and habits. This is, after all, the age of big data, social media and targeted advertising. The Facebook-Cambridge Analytica scandal is just one of many events in which regular people found out just how much personal information is available out on the internet. People also found out how little power they had over their information. Generally, people want, and think they have, control over who knows what about them. Individual identity is in part performance: People decide and change who they are and how they act in different places, around different groups. This is particularly true online, where many sites and services allow users to be anonymous or pseudonymous or to hide their information from other users’ searches. Often, of course, each site itself has some private information about users, like an email address, for delivering service-related notices. But online platforms seem to offer users a measure of control over their identity and personal information.”

That control, however, is less absolute than these platforms would have their users believe. The write-up describes why this is so, and concludes by emphasizing McNealy’s central point—doxxing turns online information into a dangerous weapon.

Cynthia Murrell, June 7, 2018

Next Page »

  • Archives

  • Recent Posts

  • Meta