DarkCyber for May 21, 2019, Now Available

May 21, 2019

DarkCyber for May 21, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/337093968.

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: A new version of Tor; digital bits trigger bombs; highlights from the FBI’s 2018 Cyber Crime Report; more details about the Wall Street Market take down; DeepDotWeb seized; Telegram used to sell weapons; and the size of the Dark Web.

This week’s feature provides more details about the take down of the Dark Web contraband ecommerce site, Wall Street Market. DarkCyber reports that the operation involved law enforcement from several countries, including Germany and the US. One moderator of the site initiated a blackmail scheme as law enforcement prepared to seize the site’s servers and arrest its owners. As part of the takedown, providers of drugs were arrested in the US. The take down revealed millions in cash and digital currency accounts worth more than $14 million. Investigators also seized data and other information, including customer details.

Other stories covered in the May 21, 2019, DarkCyber video include:

First, information about the new release of the Tor software bundle. Firefox is used as the base for the Tor browser. Technical issues with Firefox required some scrambling to address technical issues. The new release is available on the Tor.org Web site. DarkCyber points out that in some countries, downloading Tor is interpreted as an indicator of possible ill intent.

Second, a cyber attack on Israel prompted a kinetic response. The incident marks the first time Israel has responded to an act it regarded as information warfare with a missile strike on the alleged perpetrators’ headquarters. DarkCyber points out that the US may have used force in response to an adversary’s leaking classified and sensitive information on a public Web site. The use of traditional weapons in response to a digital attack is a behavior to monitor.

Third, DarkCyber selects several highlights from the FBI’s report about cyber crime in 2018. Among the key points identified is the data about the most common types of online crime. Most attacks make use of email and use social engineering to obtain personal financial information or user name and password data. The FBI report verifies data from other sources about the risks associated with email, specifically enticing an email recipient into downloading a document with malware or clicking on a link that leads to a spoofed page; for example, a PayPal page operated by the attacker, not the legitimate company. DarkCyber provides information about how to obtain this government report.

Fourth, an international team of law enforcement professionals seized the Sheepdog, an online information service. This site was accessible using a standard browser, no Tor or i2p software was required. The site referred its visitors to Dark Web sites selling drugs and other contraband. The seizure is an indication that Europol, FBI, and other law enforcement agencies are expanding their activities to curtail illegal eCommerce.

Fifth, DarkCyber explains that a story about bad actors using Telegram, an encrypted messaging app, to sell weapons should be viewed with caution. The story originated with a report from MEMRI, the Middle East Media Research Institute. The organization was founded by a former Israeli intelligence offer and has been identified as an organization generating content which may have characteristics of disinformation. DarkCyber provides a link to the MEMRI organization to make it easy for viewers to follow its information stream.

The final story reports that another vendor has sized the scope of the Dark Web. The most recent size estimate comes from Recorded Future. The company reports that it was able to identify 55,000 Dark Web domains. Of that number, only about 8,400 are online. DarkCyber notes that of the active site, a relatively few sites dominate illegal eCommerce, sharing of sensitive information, and other questionable services.

DarkCyber appears each Tuesday and is available on YouTube, Vimeo, and directly from the DarkCyber news service.

Kenny Toth, May 21, 2019

DarkCyber Video News for May 7, 2019, Now Available

May 7, 2019

DarkCyber for May 7, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/334253067.

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: The use of Telegram for ecommerce; phishing with fake email undergoes a renaissance; Cisco Talos explains a serious attack on foundation servers; a review of weapons for sale on the Dark Web; and a look at advanced autonomous drone technology.

This week’s feature examines a new study about the sale of weapons on the Dark Web. The report explains that handguns are long rifles are for sale on some Dark Web sites. The majority of these weapons are handguns. Only a small percentage of the weapons are automatic rifles. The research comes from three academics involved in criminal justice. The data from the Dark Web were collection in 2016. Because information about the type of weapons offered for sale is limited, the report helps fill this data gap. DarkCyber points out that the Dark Web has undergone some significant changes in the last two years. As a result, the study provides information, but some of it may be outdated.

The May 7, 2019, program also reports on:

First, how Telegram, an encrypted messaging application, can be used to promote and sell certain types of contraband products, services, and data. Messaging technology may be “old school” but Telegram’s features create challenges for enforcement agencies.

Second, phishing and spear phishing are methods for stealing users’ credentials with a long history. Now these techniques are gaining more momentum. DarkCyber reports about a “smart” application which can automate phishing and spear phishing attacks. Unlike commercial specialist tools, the Dark Web phishing kit costs a few hundred dollars, and it features a “fill in the blanks” approach to these malicious attacks.

Third, Cisco’s cyber security unit Talos has published a detailed report about a denial of service attack on core Internet systems. There are 13 foundation or core servers which facilitate domain name services. One of these has been the focus of a digital assault by a bad actor, possible supported by a nation state. The denial of service method relies on a series of nested malware programs. The attack makes use of misdirection and several different methods designed to compromise a foundation server. If such an attack is successful, other types of malicious activity is simplified for the bad actors.

Finally, DarkCyber responds to a viewer’s request for an update on advanced autonomous drone technology. DarkCyber provides a look into the future of US drone capabilities.

Kenny Toth, May 7, 2019

Human Trafficking: Popular and Pervasive

April 18, 2019

Sex trafficking is one of the greatest crimes in the world. Sex trafficking is one of the crimes facilitated by digital environments, but the same technology the bad actors use for their crimes is always being used to catch them. USA Today shares how the technology is used to put an end to sex trafficking in the article, “Technological Tricks Can Help End Sex Trafficking: Former IBM Vice President.”

In January 2019, the US Institute Against Human Trafficking launched the Reach Out Campaign in Tampa, Florida. The program used web scraping technology to gather phone numbers of Web sites selling sex in Tampa. It was discovered that most of the numbers linked to cell phones of people sold for sex so they could communicate and book appointments with their “clients.” Reach Out gathered over 10,000 numbers and a mass text was sent out to the numbers with information to leave the sex industry.

The Reach Out Campaign received a 13 percent response. The program needs to be launched across the country in order to assist more sex trafficking victims, who deal with complicated psychological issues. AI bots called Intercept Bots are deployed to create fake sex ads on the Internet, then when someone responds it collects the user’s information. The bot will then share that it is a lure and that the user’s information will potentially be given to law enforcement. While it is important to assist the victims, it is also helpful to address the perpetrators, generally men, and prevent them from committing the crimes in the first place:

It is important, however, that we not just focus on punishing those engaged in buying sex. Many of these men suffer from sex addictions that can be treated. This is why the Intercept Bots program also sends potential sex buyers information on where to get this help. A study in the medical journal Neuro  psycho pharmacology estimates that between 3-6 percent of Americans suffer from compulsive sexual behavior. And studies estimate that the percentage of American men who have engaged in commercial sex at least once is 15 to 20 percent; compared to their peers, these men think about sex more often.

Thee are also ad campaigns targeted at people buying sex share the consequences of getting caught buying sex.

Combating trafficking is difficult, but spreading information and using technology to catch bad actors saves victims from further abuse.

Whitney Grace, April 18, 2019

Bad Actors Include Russian Crime Oligarchs: Wosar Speaks Out

April 12, 2019

Hollywood romanticizes computer hacking and other digital crimes. There is some truth to what happens on the screen, but the action is usually more downbeat and usually does not keep the bad actors at the edge of their seats. While the bad actors get a lot of screen time, the good guys, those who protect the average person, from cyber attacks rarely get praised. The BBC took the time to praise one digital hero’s actions in the article, “Hated And Hunted.”

Perhaps the most vicious type of malware is ransomware. Ransomware is a computer virus that once downloaded onto a computer, it scrambles all of the data and delivers a ransom note stating the user must pay a certain amount of money or all of their data will be deleted. Fabian Wosar is a good actor, because he understands the virus code and knows how to hack the hacker. In other words, he knows how to outsmart the hackers and beat them at their own game. The hackers are so upset with Wosar that they actually write mean notes to him in their virus code.

Wosar is an introverted individual, who loves to design anti-virus code for his cyber security company, Emsisoft. He spends hours working and often binges long hours at his job, often giving away his ant-ransomware away for free. Wosar compares writing code to writing a novel and how he can tell who wrote specific code based on individual styles. He also believes that he stopped over 100 different cyber gangs from their illegal activities.

Ransomware is one of the most profitable cyber crimes and its perpetrators can evade authorities for years, especially if they are smart about it. Ransomware victims often pay hundreds of thousands of dollars and pounds to the criminals, especially if they decide paying the ransom is considered cheaper than replacing a system. Cyber criminals are also quite intimidating:

The most successful cyber-crime gangs are run like mafia organizations with specific structures and divisions of labor.There are the virus coders, the money launderers, the protection heavies and the bosses who decide on targets and sometimes funnel the money into other, potentially more serious, criminal enterprises.Catching these gangs is extremely challenging. One of the most prolific recent ransomware gangs, responsible for two major ransomware families – CTB-Locker and Cerber – made an estimated $27m and eluded police for years.It took a global police operation involving the FBI, the UK’s National Crime Agency, and Romanian and Dutch investigators to bring them down. In December 2017, five arrests were made in Romania.

Wosar keeps his identity hidden and moves around to keep himself safe. While he does enjoy his work, he does suffer from health problems due to his sedentary lifestyle and might get a dog to force himself outside. Outside, however, may pose risks.

Whitney Grace, April 12, 2019

DarkCyber for April 9, 2019, Now Available

April 9, 2019

DarkCyber for April 9, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/328921981

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: Predictive Policing at the LAPD; How to spoof PDF signatures; How teens can hold secret chat sessions in front of parents and teachers; Tips for creating a credible online persona; and phishing lures that work.

This week’s feature examines the Los Angeles Police Department’s audit of its data-driven policing programs. In what will be a three part series about this report about advanced law enforcement technology, DarkCyber examines the evaluation of Predictive Policing’s system. This software analyzes data from field interviews and automated systems and produces maps of hot spots. Those with access to the system can plan patrol routes or take other preventive actions. DarkCyber explains the basics of the system and the challenges PredPol and similar systems face in a dynamic law enforcement environment. Sophisticated data analysis requires accurate, consistent data to generate high-value outputs.

The “cybershots” in this week’s program cover these four topics:

  • Digitally-signed Adobe Portable Document Formats are presumed to be authentic. DarkCyber explains that a student in Europe has found ways to compromise the security of these widely-used files.
  • Google Docs, used by middle school and high school students, can conduct chats within school work online. Teachers and parents may monitor this activity and be unaware that the school software makes it possible for users to exchange messages, set up drug deals, and disseminate the location of parties in a way that neither teachers nor parents are monitoring. The system allows these chat messages to be deleted with a single mouse click. DarkCyber explains how.
  • Predators and con artists create false personas or online identities. What is needed to craft a credible online identity. DarkCyber reveals the methods used by bad actors outside the US.
  • What are the five best subject lines to use in an email intended to steal a user’s password or other information? DarkCyber reveals the top five phishing lures. The research, conducted by Barracuda networks, was performed by analyzing 300,000 phishing emails.

A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cybercrime, Dark Web, and company profiles are now appearing on a daily basis.

Kenny Toth, April 9, 2019

DarkCyber for April 2, 2019, Now Available

April 2, 2019

DarkCyber for April 2, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/327544822.

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: Online censorship increases; Dark Web drug czar goes offline; Dark Web tech comes to the Firefox browser; and more evidence of change in the Dark Web; plus a look at Megaputer’s fraud detection technology.

This week’s feature reviews Megaputer’s fraud detection technology. The firm uses a number of advanced mathematical and linguistic methods to make sense of large flows of data. Based in Bloomington, Indiana, the company serves a wide range of clients from finance, government, pharmaceuticals, and consulting services. The firm was the first to put advanced text analytics on the desktop at a time when other firms required Unix workstations and client server computing resources. The firm’s PolyAnalyst H makes it possible to process large volumes of data at extremely high speed.

This week’s “Cybershots” cover four subjects:

There are more indications that online censorship is becoming more aggressive. Russia has implemented regulations governing what sites can be accessed and what type of content is permissible. Germany’s statement legislators have begun work on a bill to criminalize use of Tor and other hidden Internet tools.

The individual who created RAMP or the Russian Anonymous Marketplace asserted that his customized encrypted chat client was one reason his site had eluded government authorities. The site is now offline.

Letterboxing, a technology which prevents certain types of online tracking, will be introduced in an upcoming release of Firefox, a popular Web browser. This feature has been part of the Tor browser since 2016 and is one more indication of Dark Web technology seeping into the public Internet or “Clear Net”.

The program explains how to get a summary of software and tools to access hidden Internet sites and service. Written by Veracode, a cyber security firm, the video provides information necessary to obtain a copy of this useful report.

A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cybercrime, Dark Web, and company profiles are now appearing on a daily basis.

Kenny Toth, April 2, 2019

DarkCyber for March 19, 2019, Now Available

March 19, 2019

DarkCyber for March 19,2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/324801049.

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cyber crime, and lesser known Internet services.

This week’s story line up includes: Google search blockchain data; emojis puzzle lawyers; NATO soldiers fooled by social media come ons; big paydays for hackers; Dark Web search for marketers; and Iran’s hacker army

This week’s feature looks at the Beacon Dark Web search system. Developed by Echosec Systems in Canada, Beacon provides search and analytics for those interested in tracking brands, companies, and people in Dark Web content. The system’s developers enforce a code of behavior on licensees. If Echosec determines that a user violates its guidelines, access to Beacon will be cut off. Echosec offers a number of powerful features, including geofencing. With this function it is possible to locate images of military facilities and other locations.

The second feature in this week’s video focuses on Iran’s cyber warfare activities. One key individual—Behrooz Kamalian—has been maintaining a lower profile. Those whom he has trained have been suspected of participating in online gambling activities. Kamalian himself, despite his connections with the Iranian government, served a short stint in prison for this allegation. Iran has one of the large cyber warfare forces in the world, ranking fourth behind Russia, China, and the US.

The “Cybershots” for this week include:

  • Google has made available a search engine for blockchain data. Those skilled in blockchain and digital currency transactions may be able to deanonymize certain aspects of a transaction.
  • Emojis which carry meaning are creating issues for lawyers and eDiscovery systems. The colorful icons’ meaning are not easily understood.
  • A social media test for NATO soldiers’ resistance to online tricks was completed by central command. The result was that soldiers can be easily tricked into revealing secret information.
  • Organize hidden Web criminals are paying up to $1 million a year in salary and providing benefits to hackers.

A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cyber crime, Dark Web, and company profiles are now appearing on a daily basis.\

Kenny Toth, March 19, 2019

DarkCyber for March 12, 2019, Now Available

March 12, 2019

DarkCyber for March 12, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/322579803 ,

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cyber crime, and lesser known Internet services.

This week’s story line up includes: Cellebrite devices for sale on eBay; emojis can activate app functions; and sources selling bulk personal data.

The feature this week discusses speech analysis. Reports have surfaced which reveal that some US correctional facilities are building databases of inmates’ voice prints. The news appeared coincident with rumors that the US National Security Agency was curtailing its voice collection activities. Companies like Securus Technologies provide tools and services related to prison telephone and unauthorized mobile device use. The Securus Investigator Pro has been available and in use for almost a decade. Voice print technology which is analogous to a digital fingerprint system makes it possible to identify those on a call. Inclusion of behavioral tags promises to make voice print systems more useful. With a tag for the caller’s emotional state, investigators can perform cross correlation and other analytic functions to obtain useful information related to a person of interest.

Links are provided to explanations of Amazon’s policeware system which can be used to perform these types of analytic operations.
The final story provides a snapshot of a 100 page field manual about online deception. Published by the US Army, this document is a comprehensive review of systems and methods for military use of deception in an online environment. Checklists and procedural diagrams make clear why social media operations are successful in civilian and military contexts. The DarkCyber video includes a link so viewers can download this unclassified publication.

Kenny Toth, March 12, 2019

MSFT Harbors Crypto Mining in Third Party Apps

March 11, 2019

For those people not deep in the weeds, crypto currency mines are these shadowy pockets of servers that are out of our grasp, literally and figuratively. However, it was recently discovered this type of operation is a lot closer to home than most of us assume, and that’s a problem for security and intelligence professionals. We learned more from a recent TechRadar story, “Microsoft Store Apps Caught Illegally Mining Crypto Currency.”

According to the story:

“[U]nbeknownst to the users that download these apps, they secretly use the processors of the PC they are installed on to mine for crypto currency. According to Symantec, these apps come from three developers: DigiDream, 1clean and Findoo, and it is likely they were developed by the same person or group due to the malicious code Symantec found.”

A more meaningful review of apps in the Microsoft Store seems to be needed. Expensive? Yes. Likely to happen? Maybe.

Patrick Roland, March 11, 2019

DarkCyber for March 5, 2019, Now Available

March 5, 2019

Cyber for March 5, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/321045698 .

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.

This week’s story line-up includes: A new feature called Cybershots with information about authentic AI, Psy-Group, Microsoft malware, and VKontakte; our feature Facebook as a digital problem; and illegal video streaming.

DarkCyber’s feature reviews the UK government’s report which states that Facebook acted as a “digital gangster.” DarkCyber provides a link from which the document can be downloaded. Among the conclusions set forth in the report were re mediating actions which range from increased regulation of social media firms to fines for their behavior. The report included information that suggests that other countries will take enforcement and regulatory action directed at Facebook. Among the countries identified were Brazil and Singapore.

The second principal story focuses on illegal streaming video services. Google has blocked some of these services and legal actions are underway. Nevertheless, streaming video continues to thrive with thousands of first run movies and major US television programs available. Some of the services are operated from Russia or other Eastern European countries. These services make use of sophisticated content delivery services and rely on technology which allows the criminals to spin up a new service when authorities close one in operation. Services available from some illegal streaming services offer Netflix-like interfaces, sell advertising, and charge subscription fees. Legal hurdles and the cost of pursuing enforcement action in some countries increases the difficulty copyright holders face in closing these services.

This week, DarkCyber introduces a new feature called Cybershots. The items in this section of the video news program reveal that one of the companies associated with weaponized social media has gone out of business. Microsoft has unwittingly allowed malware to be distributed from its online store. A company providing policeware has found that one of its marketing phrases has been picked up by a Chinese company and used as the firm’s name. Plus, a customer of the Russian social media service VKontakte received an unusual Valentine greeting, a cyber attack from a disgruntled customer.

Kenny Toth, March 5, 2019

Next Page »

  • Archives

  • Recent Posts

  • Meta