DarkCyber for September 22, 2020, Now Available: Bogus Passports, Chinese Data and Apps, and the Dronut Drone

September 22, 2020

DarkCyber for September 22, 2020, is now available. This week’s program features an update on falsified documents, three stories about China, and a report about the Dronut. You can view the video on YouTube. The video is available via the Beyond Search blog.

Kenny Toth, September 22, 2020


VPN Usage: Just Slightly Unbelievable Data

September 15, 2020

How about virtual private networks? What about those free VPNs? How effective are specialized VPNs which bond two or more Internet connections?

Interesting questions.

VPN Usage Now Makes Up Almost All Enterprise Traffic” does not answer these questions, but the write up reports about a study which offers some interesting and, to DarkCyber, slightly unbelievable data; for example:

  • VPN usage has gone from 10 or 15% of enterprise traffic to maybe 95%
  • Bad actor attacks on VPNs have “increased dramatically,” although no data are offered
  • Three-quarters of desktop devices (77%) have adequate antivirus or cybersecurity software installed, falling some way short of total protection
  • 17% of laptops supplied by UK employers also lacked security software.

There is nothing like survey data without information about who, how, and data analysis methods.

Microsoft wants to make its “defender” system a service one cannot turn off or uninstall. If this occurs, how will the research data be affected?

Questions? Just more questions?

Stephen E Arnold, September 15, 020

Happy Saturday: Malicious PayPal Sites

September 14, 2020

DarkCyber spotted “10 Malicious PayPal Sites.” The write up consists of a list of sites, which the wise Web surfer may wish to avoid. Each of the sites contains the string “paypal” in its name. The domains are interesting as well; for example, “verifiedly” and “watch4dollar.” What’s interesting is that existing cyber security methods are not flagging or filtering these sites. Even more disturbing is the idea that a person would click on a site named “paypalsupport.” If anyone has tried to obtain support from PayPal, the idea that a legitimate PayPal site would offer useful information to a user with a question is a tip off that something is not in line with normal PayPal behaviors.

Stephen E Arnold, September 14, 2020

DarkCyber for September 8, 2020: Innovation, Black Hat SEO, Drovorub, Sparks Snuffed, and Killer Drones

September 8, 2020

DarkCyber Video News for September 8, 2020, is now available. You can view the video on YouTube, Facebook, and the DarkCyber blog.

The program covers five stories:

First, the Apple-Fortnite dispute has created some new opportunities for bad actors and their customers. The market for stolen Fortnite accounts is robust. Accounts are for sale on the Dark Web and the Regular Web. Some resellers are allegedly generating six figures per month by selling hapless gamers’ accounts.

Second, you can learn how to erode relevance and make a page jump higher in the Google search results lists. Pay $50 and you get information to set up an Amazon or eBay store with little or no investment. No inventory has to be purchased, stored, and shipped. Sound like magic?

Third, the FBI and NSA have published a free analysis of Drovorub malware. If you are responsible for a Linux server, requesting a free copy of the publication may save you time, money, and loss of important data.

Fourth, a team of international law enforcement professionals shut down the Sparks video piracy operation. The impact of the shut down hits pirate sites and torrents. Three of the alleged operators have been identified. Two are under arrest, and the third is fleeing Interpol.

Finally, in this program’s drone report, DarkCyber explains how drug lords are using consumer drones in a novel and deadly way. Consumer-grade drones are fitted with explosives and a detonator. Each drone comes with a radio control unit and a remote trigger for the explosive’s on drone detonator. The purpose is to fly the drone near a target and set off the explosive. To ensure a kill, each of the weaponized drones carries a container of steel ball bearings to ensure the mission is accomplished.

DarkCyber is a production of Stephen E Arnold and the DarkCyber research team.

Kenny Toth, September 8, 2020

Dark Patterns: Is the Future of Free Video Editing Software Duplicity, Carelessness, and Indifference?

August 31, 2020

One of the DarkCyber team suggested a run down of three free video editing software solutions. We had just finished a couple of our for-fee write ups about technology related to warfighting, and I concluded that the group wanted a break from million watt beam weapons.

I said, “Okay, just use a machine we don’t rely on for real work.” Stephanie was thrilled when Ben said he would help. The three “free” software solutions these two set about installing were:

DaVinci Resolve, allegedly “the standard for high end post production and finishing on more Hollywood feature films, television shows and commercials than any other software.” You can get a free copy at this link. (There is a $300 version too.)

HitFilm Express, allegedly “a free video editing software with professional-grade VFX tools and everything you need to make awesome content, films or gaming videos.” You can get a free copy at this link.

Shotcut, a free, open source, cross platform video editor. You can get a copy at this link.

We never got to the review. We were trapped in what sure looks like the FXHome / HitFilm Express dark pattern. It was a swamp populated by creatures dependent on auto reply email, bizarre instructions, and names like “Dibs” and “Joe.” So wholesome, yet so frustrating despite the friendly monikers.

This blog post is about dark patterns, not the video editing software. Sorry, Stephanie (the team member who cooked up the idea for the story.) Read on to find out why DarkCyber cares about a single firm and its enthusiastic pursuit of dark patterns.

The illustration below is a depiction of Dante’s Inferno. About eight layers down is the Dark Pattern of FXHome. That’s better than spending every day, all day with Beelzebub and the gang.

What’s a dark pattern?

The phrase means, according to the ever reliable Wikipedia, “A user interface that has been carefully crafted to trick users into doing things, such as buying insurance with their purchase or signing up for recurring bills.”

Stephanie tried to install the software and was greeted with a Web page presenting her with options to upgrade the free software by purchasing $25 to $50 dollar bundles of macros and pre-sets. Puzzled, she retrieved the details for the accounts we use to purchase software, pay for subscriptions, and buy crap from Amazon.

I ignored her grumbling, but I noticed when two of my engineers were standing behind her staring at the screen and getting that weird look in their eyes when something does not compute. I walked over to the group and said, “When will you finish your reviews of these three tools?”

Stephanie said, “I am running behind. I spent yesterday and today trying to get the software to work. Apparently someone installed a version of HitFilm Express last year, and now FXHome took the money, sent a series of steps, and nothing works.”

I said, “Okay, write the company. Explain what happened and get help to install the software.”

My two engineers nodded and walked away. This, in my experience, meant that the HitFilm Express software was something that presented numerous challenges. Researching and analyzing EMP technology was more appealing than not-so-free software.

I told Stephanie to give me the user name and password she used to buy the software. I happily logged in from a different machine, created a user name and password, saw the same difficult to evade plea to buy add-in packs, and I bought a $39 pack. The video editor came up but no add in software.

Now I was intrigued. Two installations. Almost $80US down a rat hole and no special add in packs. I told my engineers to log in, get the install information, and see if each could get the software to work.

Nope. FXHome has a system to take money. FXHome does not have a functional, reliable system to deliver what the customer purchased.

Now I am thinking cyber fraud. Call me silly, but I am a suspicious person, and when we write about next generation weapons, what type of customers do we have? Certainly not the Vatican or Green Peace.

I found a customer support email which is managed by “smart” software. The email to which I was directed is support@fxhome.com and along the line of a series of email exchanges over the span of nine days a human included his/her name. That individual identified himself/herself as Dibs McCallum.

The dark patterns we believe the user interface implements for the free software includes these elements:

  1. Blandishments to purchase upgrades before allowing downloads
  2. Instructions for installing software which do not install software
  3. Customer service interfaces intended to frustrate those seeking information; for example, the FXHome system strips attachments even though people or bots like Dibs McCallum request them and your truly attaches them. Even more dutifully I resend the attachments and receive zero acknowledgement or information about the failure.

Where am I? Well, definitely there is no review of FXHome. It is tough to write about software which does not function. The upside is that I have an anecdote for my next cyber crime lecture. As we were editing this story, PayPal reported a refund of $39. FXHome still has $39 and we have no functioning software.

When I step back and look at this series of events involving three of my team and the ever helpful Dibs McCallum, who insisted that attachments showing the unhelpful error messages HitFilm Express displayed, did not arrive.

Then there was this email:

Allow me to explain. You buy from us. If you want a refund within 14 days you get one.
That is why I have refunded both your order 0000000000000 for $39 that you made by credit card under the email seaky2000@yahoo.com and also your order 0000000000000 for $39 that you made via PayPal that you made under the email 00@arnoldit.com. Both amounts will appear in your prospective credit card and PayPal statements within the next 5-10 working days. Though most likely far sooner. This does mean your software packs will no longer work of course. Those effects will be deactivated and you are left with the free HitFilm Express without the extra content. It is always best to remember what email you use for purchases as it can be confusing if you habitually use more than one email. We are always dealing with this confusion with customers. Very common.
Best Regards, Joe Gould, Business Coordinator

Notice the phrase “We are always dealing with this confusion”.

Yeah, Joe said, “Always.” What’s that old saw about doing the same thing over and over? Was it ground hog day or one of Dante’s circles of Hell?

The dark pattern is apparently accidental. A situation exists which creates an “always” situation. Why not figure out changes to the system to eliminate an “always” problem. Why not think through making the interface work with a customer, not against the customer. Why not skip the “buy more add in packs”? Just charge people money.

What’s free mean? Upsells, confusing purchase options, and a “system” designed to make the craziness of Microsoft customer support for non-installable $0.99 HEVC codecs look like a paragon of lucidity.

One answer is that it earned this write up in Beyond Search and DarkCyber. It has converted sweet Stephanie into a termagant and HitFilm Express hater. (Good work that.)


  • Generating sustainable revenue is difficult. If a product is “good,” people will pay for it. If a product is not so good, carelessness, indifference, or laziness generates “buy this, then that” solutions. Helpful? Not so much. Suggestion for FXHome: Less weird orange color and more begging for dollar options like Indiegogo or Patreon, among others?
  • Competing against Adobe, Apple, Magix, and other for-fee video editing programs is difficult. Yes, DarkCyber understands that FXHome needs revenue. Suggestion: Why not sell a subscription to upgrades?
  • Relying on an interface and the people who conceived it may not be a winning tactic. Staff changes and additional inputs may provide the creative spark that moves beyond what sure look like dark patterns. Suggestion: Skip the hear, speak, and see no evil approach to your current upgrade interface. Listen and fix the problem. “Always”. Wow, that’s an endorsement of clear thinking.

Is DarkCyber suspicious? Yep. FXHome could be a YouTube video titled UXMoan.

Stephen E Arnold, August 31, 2020

Free As a Dark Pattern

August 27, 2020

A number of online services offer free products. DarkCyber has spotted a semi clever play used by a developer of “free” video editing software. Three-dimensional models were not on our radar. The “free” software constructs are now identified and monitored by our steam-powered intelligence system. (We operate from rural Kentucky. What did you expect? Reinforcement learning?)

3D Printering: The World of Non-Free 3D Models Is Buyer Beware” contains some information. Let’s take a quick look at a couple of revelations which caught the DarkCyber team’s attention:

First, a company has developed what appears to be a fresh approach to direct sales. The write up explains:

A standout success is a site like Hero Forge, which allows users to create custom tabletop gaming miniatures with a web-based interface. Users can pay to download the STL of their creation, or pay for a printed version. Hero Forge is a proprietary system, but a highly successful one judging by their recent Kickstarter campaign.

Second, you can acquire 3D models via “begging for dollars.” The article explains that these are requests for money paid via Patreon. I assume PayPal may work too.

Third is a kit. The customer gets a 3D model when buying some physical good. The write up points out electrical parts, fasteners, or a “kit,” which DarkCyber assumes is a plastic bag with stuff in it.

The problem?

According to the write up, the problems are:

  1. Vendors don’t offer “test drives, fitting rooms, or refunds”
  2. Models have lousy design for manufacture. (DarkCyber assumes this means whatever emerges from the 3D printer is not going to carry water. Nice 3D printed thermos you have there, Wally.)

These two problems boil down to “quality.”

After reading the article, DarkCyber thinks that one could interpret the word “quality” as a synonym for “fraud.”

Dark patterns are becoming increasingly common. Let’s blame it on an error, an oversight, or, best of all, the pandemic.

Stephen E Arnold, August 27, 2020

The Possibilities of GPT-3 from OpenAI Are Being Explored

August 27, 2020

Unsurprisingly, hackers have taken notice of the possibilities presented by OpenAI’s text-generating software. WibestBroker News reports, “Fake Blog Posts Land at the Top of Hacker News.” The post was generated by college student Liam Porr, who found it easy to generate content with OpenAI’s latest iteration, GPT-3, that could fool readers into thinking it had been crafted by a person. Writer John Marley describes the software:

“GPT-3, like all deep learning systems, looks for patterns in data. To simplify, the program has been trained on a huge corpus of text mined for statistical regularities. These regularities are unknown to humans. Between the different nodes in GPT-3’s neural network, they are stored as billions of weighted connections. There’s no human input involved in this process. Without any guidance, the program looks and finds patterns.”

Rather than being unleashed upon the public at large, the software has been released to select researchers in a private beta. Marley continues:

“Porr is a computer science student at the University of California, Berkeley. He was able to find a PhD student who already had access to the API. The student agreed to work with him on the experiment. Porr wrote a script that gave GPT-3 a headline and intro for the blog post. It generated some versions of the post, and Porr chose one for the blog. He copy-pasted from GPT-3’s version with very little editing. The post went viral in a matter of a few hours and had more than 26,000 visitors. Porr wrote that only one person reached out to ask if the post was AI-generated. Albeit, several commenters did guess GPT-3 was the author. But, the community down voted those comments, Porr says.”

Little did the down-voters know. Poor reports he applied for his own access to the tool, but it has yet to be granted. Perhaps OpenAI is not too pleased with his post, he suggests. We wonder whether this blogger received any backlash from the software’s creators.

Cynthia Murrell, August 27, 2020

KnowBe4: Leveraging Mitnick

August 21, 2020

Many hackers practice their “art,” because they want to beat the system, make easy money, and challenge themselves. White hat hackers are praised for their Batman vigilante tactics, but the black hat hackers like Kevin Mitnick cannot even be classified as a Robin Hood. Fast Company article, “I Hired An Infamous Hacker-And It Was The Best Decision I Ever Made” tells Stu Sjourverman’s story about hiring Kevin Mitnick.

Mitnick is a typical child hacker prodigy, who learned about easy money through pirated software. He went to prison for a year, violated his parole, and was viewed as an antihero by some and villain by others. Either way, his background was controversial and yet Sjourverman decided to hire him. Sjourverman was forming a new company centered on “social engineering” or “hacking the human,” terms used to describe tricking people into clicking harmful links or downloading malware invested attachments. For his new cybersecurity company, Sjourverman knew he needed a hacker:

“That was a turning point for my startup, KnowBe4. By recruiting Mitnick, we gained invaluable insights about where employees are most vulnerable. We were able to use those insights to develop a practical platform where companies can see where their own employees stumble and, most importantly, train them to recognize and avoid potential pitfalls. This is essential for any business because if all other security options fail, employees become a company’s last line of defense—one unintentional blunder can infect the entire network and bring down the whole company.”

Mitnick’s infamous reputation also gave the new startup a type of legitimacy. Other players in the cybersecurity industry knew about Mitnick’s talents and using them for white hat tactics gave KnowBe4 an advantage over rivals. Mitnick also became the center of KnowBe4’s marketing strategy, because he was a reformed criminal, understood the hacker community, and gave the startup an edgy yet authentic identity.

Hiring Mitnick proved to be the necessary step to make KnowBe4 a reputable and profitable business. It is also a story about redemption, because Mitnick donned the white hat and left his criminal past behind.

Will KnowBe4’s marketing maintain its momentum? Cyber security firms appear to be embracing Madison Avenue techniques. Watch next week’s DarkCyber for a different take on NSO Group’s “in the spotlight” approach to generating cyber intelligence sales.

Whitney Grace, August 21, 2020

Data Loss: An Interesting Number

August 19, 2020

Over 27 Billion Records Exposed in the First Half of 2020” contains some interesting assertions. One which caught my attention was:

Although reports of data breaches are down 52 percent in the first half of this year, the number of records exposed over the same period has soared to 27 billion.

The write up quotes an expert from Risk Based Security as saying:

“The striking differences between 2020 and prior years brings up many questions,” says Inga Goddijn, executive vice president at Risk Based Security. “Why is the breach count low compared to prior years? What is driving the growth in the number of records exposed? And perhaps most importantly, is this a permanent change in the data breach landscape?”

I am curious as well. Interpol’s August 2020 “Cybercrime: Covid-19 Impact” suggests that cybercrime is chugging along quite nicely.

DarkCyber’s question is:

With hundreds of cyber security firms offering everything from real time AI monitors to old fashioned and expensive humans, bad actors appear to be increasingly successful. How is that Garmin cyber security system working now? Any Amazon S3 buckets compromised recently? Is Self-Key’s statement that “the first quarter of 2020 has been one of the worst in data breach history with over 8 billion records exposed” accurate?

The numbers may be interesting but the question is, “Why are state-of-the-art, artificially intelligence cyber security systems performing in a way that suggests bad actors are experiencing a surfeit of target opportunities?

Stephen E Arnold, August 19, 2020

Synthetic Audio Scams a Growing Concern for Businesses

August 17, 2020

With evolving technology come evolving scams. In their White Papers section, managed-intelligence firm Nisos examines a growing trend in, “The Rise of Synthetic Audio Deepfakes.” During a recent investigation, the company analyzed the synthetic audio used in a fraud attempt. The bad actors had mimicked the voice of their client’s CEO, asking an employee to dial a number and “finalize an urgent business deal.” See the write-up for some technical details of that analysis. Fortunately, the worker did not fall for the trick and alerted their legal department instead. Some companies, however, are not so lucky. The article tells us:

“The most famous use of deep fake synthetic audio technology in criminal fraud was a September 2019 incident involving a British energy company. The criminals reportedly used voice-mimicking software to imitate the British executive’s speech and trick his subordinate into sending hundreds of thousands of dollars to a secret account. The managing director of this company, believing his boss was on the phone, followed orders to wire more than $240,000 to an account in Hungary.

“Symantec security researchers reported in February on three cases of audio deepfakes used against private companies by impersonating the voice of the business’s CEO. The criminals reportedly trained machine learning engines from audio obtained on conference calls, YouTube, social media updates and even TED talks, to copy the voice patterns of company bosses. They created audio deepfakes replicating the CEO’s voice and called senior members of the finance department to ask for funds to be sent urgently. There was no additional reporting on which companies these were, whether the techniques were successful, or whether Symantec was able to obtain recordings of the deepfakes themselves.”

As synthetic manipulation gets more sophisticated, these schemes will only get more difficult to recognize. However, they have a distinct weakness—they must manage to trick a subject into taking action. Businesses can protect themselves by adopting certain best practices. If a request seems suspicious, an employee should call the supposed source on a known number to confirm it was them; the technology is not (yet) able to mimic an entire phone call. Predetermined challenge questions, using information not known to the public, are also a good idea. A word to managers and executives—employees may hesitate to “challenge” what sounds like their boss. We advise you assure them you will not get irritated when they do so. (And follow through.)

Cynthia Murrell, August 17, 2020

Next Page »

  • Archives

  • Recent Posts

  • Meta