Russian Hacker: Maybe a Tattoo and New Opportunities for Friendship?

June 29, 2020

In my Dark Web 2020 lecture in July for the “now virtual” US National Cyber Crime Conference, I will review some of the information my study team has gathered about Russian digital crime factories. Some of these are hidden in plain sight. Others are less visible. In this interesting world, surprises are not uncommon. “Russian Cybercrime Boss Burkov Gets 9 Years” describes how “a well connected Russian hacker once described as an asset of supreme importance” booked a one-way ticket to prison. The write up explains that:

Aleksei Burkov of St. Petersburg, Russia admitted to running CardPlanet, a site that sold more than 150,000 stolen credit card accounts, and to being a founder of DirectConnection — a closely guarded underground community that attracted some of the world’s most-wanted Russian hackers.

Mr. Burkov (kopa to his Dark Web and hacker colleagues) operated DirectConnection (now offline). If you are interested in the legal explanation of Mr. Burkov’s activities, the indictment was online as of June 29, 2020, at this link. Some documents return cheerful 404 errors, and DarkCyber understands your pain.

Will Mr. Burkov share some of his knowledge about Russian cyber crime, a type of wrong doing that has been ignored by some authorities in Mr. Putin’s government? DarkCyber surmises that he may become a chatty Kathie once he experiences the delights of a sojourn in America.

Stephen E Arnold, June 29, 2020


Criminals Want Cash? An Astounding Insight for Whom Exactly?

June 15, 2020

Why is it so hard for some people to understand a concept? Cyber criminals break laws not because it is fun (some might get a kick out of it), but to steal money. The old adage “money makes the world go around” is the goal for cyber criminals, because with money they can live their desired lifestyle. Security Brief delves into a report about cyber criminal activities in: “Cybercriminals After Money More Than Anything Else-Verizon Report.

Security Brief read the Verizon Business 2020 Data Breach Investigations Report, where there 32,000 breaches were analyzed. Of that 3950 were from eighty-one countries and 86% of the breaches were related money. When broken down by continents, 91% were in North America, 70% in Europe, Africa, and the Middle East, and 63% in Asia.

Most financially related organizations are taking precautions to protect their clients and fewer than one in twenty breaches exploit vulnerabilities. Other types of crumbier crime include:

“Other common cyber attacks include web application attacks, as threat actors go after cloud-based data. According to the report, more than 20% of attacks were against web application and used stolen credentials in some way. The report notes that the trend is worrying as more organizations shift business-critical workloads to the cloud.

Credential theft, phishing, business email compromise and other social engineering attacks caused more than 67% of breaches. Specifically, 37% of credential theft breaches used stolen or weak credentials, 25% involved phishing, and 22% involved human error.

Amongst malware incidents, ransomware was involved in 27% of cases, and 18% of organizations blocked at least one piece of ransomware in the last year.”

The article recommends businesses and users education themselves about common cyber crime attacks to prevent breaches. It is also a good idea to have a decent cyber security system that is regularly updated. Most breaches in North America involved stolen credentials, phishing/pretexting.

Money motivates cyber criminals? Why does that even need to be stated?

Whitney Grace, June 15, 2020

Brave Browsing Sniping

June 9, 2020

DarkCyber noted “The Brave Web Browser Is Hijacking Links, and Inserting Affiliate Codes.” The write up explains that the Brave browser is behaving in a way that is unseemly. The point is that a free Web browser is pitching privacy and at the same time performs some underhanded actions to generate revenue. The explanation of the digital sleight of hand is interesting and illustrates that those “gee, stuff is free” online users assume one thing and may find something different. The write up includes this list and suggestions for accessing Web sites in a non-Brave way. We quote:

There is no good reason to use Brave. Use Chromium — the open-source core of Chrome — with the uBlock Origin ad blocker. [Chromium download, uBO Chrome]

Or use Firefox with uBlock Origin — ‘cos it blocks more ads than the Chromium framework will let anything block. [uBO Firefox]

Or, if you want a really cleaned-out Chrome — ungoogled-chromium, with uBlock Origin. [GitHub]

If you’re on Android, use Firefox with uBlock Origin, or the new Firefox Focus browser. [Mozilla]

Brave is a browser for suckers who want to keep getting played — so it’s a 100% crypto enterprise. As Eich’s pinned tweet still tells us: “Who gets paid? If not you, then you’re ‘product’.” [Twitter]

DarkCyber is not sure if this comment is as ominous as it sounded to one DarkCyber researcher:

Brendan Eich has responded to this post by claiming “David lies about us all the time.” I have pointed out that this is a prima facie defamatory statement, and asked him to detail these claimed lies. [Twitter, archive]

Mr. Eich is the alleged perpetrator of the Brave misdeeds. Online marketing and advertising are fascinating disciplines.

Stephen E Arnold, June 8, 2020

Is Cyber Crime Boring? Maybe The Characterization Masks a Painful Consequence?

June 1, 2020

DarkCyber read “Career Choice Tip: Cybercrime is Mostly Boring.” The article is clear. The experts cited are thorough and thoughtful. Practicing cyber crime is similar to what engineers, developers, and programmers do in the course of their work for firms worldwide. Much of that work is boring, filled with management friction, and repetitive.

The article states:

the academics stress that the romantic notions of those involved in cybercrime ignore the often mundane, rote aspects of the work that needs to be done to support online illicit economies. The researchers concluded that for many people involved, cybercrime amounts to little more than a boring office job sustaining the infrastructure on which these global markets rely, work that is little different in character from the activity of legitimate system administrators.


The paper is quoted in the article as explaining:

We find that as cybercrime has developed into industrialized illicit economies, so too have a range of tedious supportive forms of labor proliferated, much as in mainstream industrialized economies. We argue that cybercrime economies in advanced states of growth have begun to create their own tedious, low-fulfillment jobs, becoming less about charismatic transgression and deviant identity, and more about stability and the management and diffusion of risk. Those who take part in them, the research literature suggests, may well be initially attracted by exciting media portrayals of hackers and technological deviance.”

The DarkCyber study team discussed the Cambridge research summary and formulated some observations:

  1. Boring means that cyber crime will be automated. Automated processes will be tuned to be more efficient. Greater efficiency translates to the benefit the cyber criminals seek. Thus, the forward momentum of boring cyber crime is an increase in the volume and velocity of attacks.
  2. Certain criminal elements are hiring out of work or disgruntled technologist from mainstream companies, including high-profile Silicon Valley companies. Our research identified one criminal organization paying 90,000 euros per month and offering benefits to contract workers with specialized skills. The economic pressures translates to a talent pool available to certain criminal orchestrators. More talent feeds the engineering resources available to cyber crime constructs. DarkCyber believes a “Google effect” is beginning, just in the cyber crime market space.
  3. Law enforcement, government agencies, and some providers of specialized services to law enforcement and intelligence entities will be unable to hire at the rate criminal constructs hire. Asymmetry will increase with bad actors having an opportunity to outpace enforcement and detection activities.

Net net: The task facing law enforcement, security, and intelligence professionals is becoming more difficult. Cyber crime may be boring, but boring tasks fuel innovation. With access to talent and cash, there is a widening chasm. Talking about boring does not make clear the internal forces pushing cyber crime forward.

Stephen E Arnold, June 1, 2020

DarkCyber for May 26, 2020 Now Available

May 26, 2020

DarkCyber for May 26, 2020, is an online video program focusing on cyber crime, intelligence, and lesser known Internet services. This week’s stories include NSO Group in the PR spotlight, Covid 19 phishing, Germany limits intel services scope of action, a source for bad actor hackers, as a job hunter’s game preserve, and four new drones for surveillance and kinetic action. (Kinetic means explosive munitions.)

The program is a production of Stephen E Arnold and the DarkCyber research team.

In addition to our news programs, we have begun adding special videos. You can view the most recent interview segments with a CIA professional is DarkCyber Exclusive: Litigation Likely for Short Selling.

More special video features are in the works. Remember. DarkCyber contains no demeaning “begging for dollars” pleas, no content marketing, and no subscription fees. As a result, DarkCyber videos and blog posts deliver information that may be difficult to locate and analysis that can cause consternation.

This week’s program is at

Kenny Toth, May 26, 2020

Content Free Advice: SEO Hits New Heights

May 19, 2020

I have just watched a value-free video about producing value-free content. Uselessness squared, if you will. Regular readers know we are no fans of quick and easy SEO techniques—slapping keywords onto a page just to boost a company’s Google search ranking. The “marketing” approach has had a negative impact on the Internet for years, and we have recently noted an uptick in SEO advice creeping across the web.

One fast talker in particular has garnered our attention, and you can read more of what we’ve learned about him here. He calls his YouTube channel The Hustle Show; at least he acknowledges his advice is designed for shady characters. The video I was tasked with reviewing, “How to Find Keywords for Plumbers—Best Keywords for a Plumbing Company” provides no redemption. Our host claims to have done a lot of plumbing. After checking out his purported bona fides on LinkedIn, we wonder where he found the time.

The video pushes a specific SEO platform with its “keyword magic” tool. Just plug and play—no beneficial content needed! Several times in this five-minute video, the speaker prompts viewers to follow a link to the platform’s free trial and to watch more videos where he explains the self-explanatory tools.

What’s the line between content free and duplicitous information? None. We have a new SEO centric service in the works. Gathering data about the questionable activities of SEO experts is long overdue. When money changes hand, the SEO game enters a new playground.

Cynthia Murrell, May 19, 2020

Content Marketing: The Faux Monte

May 8, 2020

I wrote about the SEO hustle email I received on April 30, 2020. That email became the subject of the conversation I had with the former CIA professional, Robert David Steele. He interviewed me and posted the video from his Web site You can view the video at this link. In this post, I want to call attention to the SEO expert’s example blog content, thoughtfully provided by an individual named Christian Arriola and using the alias of a person named Jeffrey Garay. The blog in question is part of a kitchen remodeling business doing work in Pearland near Houston and Allen near Dallas.

The blog post is “How to Get Your Dream Kitchen Remodel Without Breaking the Bank.” Here’s an example of the content which the outfit Woobound wanted to provide to Beyond Search / DarkCyber:

When you have an excellent suggestion of what you desire, take a seat and also write a great breakdown of jobs that you desire finished. You do not need to be technological and also you do not need to make use of building terms yet simply state all the important things you desire a service provider to do and also bid. It can be as easy as: eliminate all existing floor covering and also closets; mount brand-new floor covering, cupboards, kitchen counters, sink as well as home appliances per the strategy; paint; attach sink pipes; as well as mount brand-new lighting fixtures.

It appears that the connection between Beyond Search / DarkCyber is that the root “techno*” appears in the paragraph above and some of Beyond Search / DarkCyber’s more than 18,000 articles. I may be missing other, more sophisticated connections, but on the surface, the idea that kitchen remodeling and the topics in Beyond Search / DarkCyber are tenuously related. Oh, wait, I do cover cyber crime, perhaps that is the hook?

The blog features some broken image links, an 888 number to contact the firm, and a content pool exactly one post deep.

My concern about search engine optimization’s latest “trick” is that some people will accept this “link trade” or “backlink” pitch.

Meaningless links are not helpful to a user. We will be monitoring this ploy because deception is a precursor of cyber crime. Our objective is to take a close look at this faux monte. What we see so far is not appealing; in fact, one of the DarkCyber team used the term

Stephen E Arnold, May 8, 2020

Unusual Medical Marketing

May 6, 2020

One of the DarkCyber team alerted me to a blog post titled “Top 19 Ways to Attract More Patients to Your Medical Practice.” In the midst of the coronavirus pandemic, the evening news, online news reports, and podcasts are buzzing about Covid19. The idea that medical professionals need to escalate their marketing efforts is an interesting one.

What are the recommendations? Here’s a selection of seven ideas. Please, consult the original essay to learn the other 12. Our comments about the item appear in italics following the information from the expert in medical marketing.

  1. Create contests. The idea is unusual. Based on my experience with doctors, nurses, and intermediaries like “doc in the box” operations in Kroger, the free time available to think about a contest may be limited. What will the winner receive? A co-pay waiver? An appliance for a broken ankle? A coupon good for $20 percent off a lab test.
  2. Get active in Social Media. Most of the health care professionals with whom I have knowledge are not eager to post content on TikTok, Facebook, Instagram, or other social media sources. The likelihood of the information being used in the event of an insurance fraud, Medicare integrity issue, or malpractice exists. Perhaps some health care professionals post. There are images of nurses and physicians in coronavirus treatment facilities. These may be legal time bombs. Our suggestion is to ask an attorney first.
  3. Email your patients once in a while. In the city in which the DarkCyber team members live, communications from physicians are intermediated through a combine of health care providers or from a corporate entity. Emails move through specific channels in order to minimize issues with HIPPA, legal issues, and security. Again: Check with an attorney before spamming, using a proxy, or putting into the Internet’s memory a comment which may be problematic for regulatory authorities.
  4. Be Adaptable. The idea of adaptation is important. However, in a regulated sector, protocols must be followed. The physician or nurse who wanders off the reservation and is discovered as a protocol violator can face penalties. These range from losing a license to a fine or worse. Adaptation in quite specific frames of reference is important. Losing track of a particular frame of reference can be problematic.
  5. Get plenty of online reviews. What does “plenty” mean? Many physicians — particularly independent physicians providing plastic surgery type services to wealthy clients — may find patient reviews a double edged sword. A good review is, by definition, better than a damning review. A bad review may be evidence in another patient’s malpractice case. Corporate health care providers face internal and other restrictions on their posting about procedures. We are repeating, but checking with an attorney may be prudent.

The other 19 tips to get up to 30 new patients a week presents a problem on three fronts:

First, in today’s medical climate, generating business for a health problem may be perceived as unprofessional. In some cases, the virus is providing sufficient demand. There is no data in the write up to draw a direct link between search engine optimization and social media and new patients. Without data, the implication and overt statements are difficult to believe.

Second, health care professionals face numerous challenges. These range from regulation to burn out, from excessive paperwork to the challenge of keeping pace with medical information germane to their work. In today’s climate, convincing medical professionals to embrace marketing may be a difficult sale. The attention bandwidth of many medical professionals goes offline when computer centric double talk is the meat of the conversation.

Finally, the implication that the 19 recommendations will deliver new patients is a checklist easily applied to other business sectors. The ideas are not customized, not tuned to the regulatory climate, and not in touch with the new normal for medical treatment.

Net net: The ideas may create more problems, increase costs, and present a larger attack surface for patients pursuing malpractice claims against the advertising health care professional. The blog post may be a hustle, not a help.

Stephen E Arnold, May 6, 2020

Want  more SEO fancy dancing? Read this DarkCyber story


Search Engine Optimization: Content Misinformation Is the New Norm

May 5, 2020

Jacque Ellul wrote Propaganda: The Formation of Men’s Attitudes in the early 1960s. Ellul was a theologian and a close observer of social behavior. Propaganda remains an important book, and it is more important than ever in our era of fake news. I am not sure that the Global Disinformation Index will be sufficient to deal with today’s content realities.

Ellul did not live to experience the wonders of free Web search engines, funded by advertisers. However, his insights provide a number of useful touchstones for anyone trying to determine if there are ways to remediate the present situation in the era of technology monopolies.

He observed:

When there is propaganda, we are no longer able to evaluate certain questions or even to discuss them.

Today content engines generate massive amounts of information. The volume of Facebook posts, Tweets, live streams, and other digital emissions are so massive, that the numbers used to convey the scale of the content flows are meaningless. Are you able to convert the estimate for the the World Economic Forum explains the data in terms of zettabytes and 2020 will output 44 zettabytes of information. Here’s a zettabyte in plain old numbers:


Yottabytes are next.

The options for publishing and disseminating digital content continue to expand. Unhappy with Facebook, there’s Mastodon. Don’t like Google Blogger. There’s WordPress. Don’t like Twitch. There’s Periscope.

Not surprisingly search engine optimization experts have seized upon these rich, real time digital distribution systems to create “content marketing.”

The idea is simple. Write, podcast, or video a statement, fictional tale, or “news” program and distribute the information. The single story can be diffused with Tweets, Instagram posts, updates to a Facebook page, and maybe a 30 second TikTok video.

In the world of SEO, there are some individuals who operate with a moral compass aimed at verifiable information, facts, and what might be called “old fashioned ethical behavior.” With the tools plentiful and almost no editorial control, other individuals find a way to use content to deliver “shaped” information. This “shaping” has long been a part of public relations and marketing.

DarkCyber has been exploring the world of digital propaganda, and there are numerous examples. These range from Covid19 information to less high profile manipulations; for example, a member of Nextdoor, a local information service, pitching used dining room chairs; for example, “perfect, no scratches.” Of course, perfect.

One interesting explanation of content marketing appears in the YouTube video called “How to Generate Leads Through Content Marketing – How We Get 300+ Leads Every Month.” The video appeared as part of a YouTube channel called “Hustle.” Content was discontinued one year ago. The reasons are not clear, but it appears that the content marketing expert lost interest or the methods set forth in the programs failed.

Let’s take a look at the content marketing information conveyed by a person (Christian Arriola), a self-professed SEO expert (SEO is the acronym search engine optimization experts created for the propaganda mechanism.

The video begins with the question, “How does one get leads from content marketing?” The idea is that if one generates one’s own leads, the leads are not shared with anyone else. Control is a strong idea in sales. At about the 45 second mark, the “content” of the YouTube video is information about Mr. Arriola’s consulting business. Thus, the initial message is: “This is an infomercial.” After the commercial the video states, “I am not trying to get anything out of this video…. I am not looking to do anything in particular with you. I am just trying to help you.” At the 90 second mark, Mr. Arriola defines content as “all this information you create that provides value to someone.” The content captures attention and builds a relationship when someone needs the content. Content marketing means a person does not have to buy advertising. Content marketing can give you a strategy, asserts Mr. Arriloa. At the 2.42 mark, Mr. Arriola hopes his video has helped.

This is an example of content marketing, and I think it reveals several characteristics of content marketing:

  • It is propaganda. Talking about content marketing becomes difficult as Ellul pointed out decades ago.
  • The “content” of content marketing does not have to have substance. Writing something is what’s important and then writing more. Quantity equals quantity seems to be the message.
  • The free Web indexing systems ingest “content marketing” and match ads to key words. Clicks are what matter.

To sum up, content marketing is public relations, marketing, sales, and messages. Hustle is an excellent way to describe Mr. Arriola’s approach to faux information value.

SEO is a unregulated discipline. Fraud is highly likely. The quest for clicks is now essential to the survival of a business. Desperate times call for desperate measures. Content marketing is tailor made for today’s business climate. For more on this subject, see “SEO: Let Us Hustle Everyone.

Stephen E Arnold, May 5, 2020

DarkCyber for April 28, 2020: Free Cyber Warfare Book, Spy Insights, the Info Gap Map, and HaaS

April 28, 2020

The April 28, 2020, DarkCyber tackles four stories this week. This week’s program is available via the DarkCyber blog, Vimeo, or YouTube. This week’s stories include information that is otherwise difficult to locate.

You can download a comprehensive look at cyber warfare published by the Carnegie Endowment for International Peace. The book covers cyber intelligence and methods of cyber warfare. DarkCyber’s Stephen E Arnold and former CIA spy Robert David Steele discussed misinformation in a one hour interview which is available on the Phi Beta Iota Web site. DarkCyber includes an extract from the discussion about obtaining hyper local data about people, events, and places. The information gap map illustrates how little digital information is available in free Web search systems. The map makes clear that anyone relying on Bing, Google, Yandex, and other free Web search systems is likely to be drowned in misinformation. The program explains how to access a no cost honeypot as a service. HaaS makes it possible to explore malware and learn about exploits in a controlled environment. The link to the service is provided in the program.

Kenny Toth, April 28, 2020


Next Page »

  • Archives

  • Recent Posts

  • Meta