DarkCyber for January 14, 2020, Now Available

January 14, 2020

The DarkCyber for January 14, 2020, is now available. The program includes stories about ToTok, cyber trends in 2020, and information about the new Amazon Blockchain Policeware report. You can view the video on Vimeo at this link: https://vimeo.com/384343454.

We want to thank the people who commented on our interview with Robert David Steele. We posted this video on December 31, 2019. If you missed that program, you can view it at this link: https://vimeo.com/382165736.

Kenny Toth, January 14, 2020

From the Home of Evil Corp.: Streaming Demons Stir the Pot

December 17, 2019

DarkCyber spotted this write up: “Russia’s 3rd-Largest Internet Company Is Suing Twitch for $3 Billion, Wants It Banned in the Country.” The story asserts that Rambler Group, which figures in other interesting activities, is:

planning to sue the Amazon-owned streaming site for 180 billion rubles ($2.82 billion) in a Russian court. It claims that Twitch breached its exclusive broadcast rights to Premier League games more than 36,000 times between August and November. The company also seeks a permanent ban on Twitch in Russia.

DarkCyber recalls stories about Evil Corp.; for example, this one: “‘Evil Corp’: Feds Charge Russians in Massive $100 million Bank Hacking Scheme.” That write up reported:

“Evil Corp.,” a name reminiscent of the nickname for the key malevolent corporation in the popular television drama “Mr. Robot,” is “run by a group of individuals based in Moscow, Russia, who have years of experience and well-developed, trusted relationships with each other,” according to a Treasury Department press release. The criminal group used a type of malware known as “Dridex,” which worked to evade common anti-virus software and spread through emailed phishing campaigns.

Bookends, peanut butter and jelly, or ham and eggs?

These two alleged legal actions raise a number of questions:

  1. Which is more evil? Stealing soccer broadcasts or individual’s money?
  2. Why aren’t certain content types just blocked? China seems to be reasonably adept at filtering?
  3. Will soccer fans stop looking for low cost pirate streams or will gamers give up on Amazon Twitch because of a legal action?
  4. Who is behind pirated content? (Some of the key players may be a surprise, DarkCyber believes.)

Worth monitoring these symmetrical legal actions? Yep.

Stephen E Arnold, December 17, 2019

Arnold Interviewed about Amazon Blockchain Inventions

December 5, 2019

Robert David Steele, former CIA professional and open source intelligence expert, interviewed Stephen E Arnold about Amazon’s blockchain inventions. Arnold recently completed a chapter for a forthcoming academic press book about blockchain. That chapter and its information prompted journalists from the US and France to interview Arnold about his findings. Arnold’s information was included in news stories appearing in the New York Times, MIT Technology Review, and Le Monde.


Steele obtained an exclusive video interview with Arnold about his Amazon blockchain research. Among the topics discussed in the 30 minute program are:

  • The “trigger” for the research
  • Sources of data and research methods
  • The major findings from the 18 month research project
  • The likely trajectory of Amazon’s products and services incorporating the company’s more than 12 blockchain inventions.
  • How to obtain a summary of Arnold’s research findings.

You can view the video at this link. Steele has compiled links to other Amazon information obtained from Arnold at this link.

Kenny Toth, December 5, 2019

Russia and Iran: Beards (in the Medieval Sense) Are Back

November 6, 2019

Here is a terrific example of how Russian cyber attackers skillfully sow confusion. The Financial Times reveals, “Russian Cyber attack Unit ‘Masqueraded’ as Iranian Hackers, UK Says.” A joint investigation by the UK’s National Cyber Security Centre and the US’s National Security Agency reveals the espionage group first hacked an Iranian hacking group, then attacked over 35 other countries posing as that group. The Russian group, known as Turla, has been linked to Russian intelligence. Reporters Helen Warrell and Henry Foy write:

“The Iranian group is most likely unaware that its hacking methods have been hacked and deployed by another cyber espionage team, security officials involved in the investigation said. Victims include military establishments, government departments, scientific organizations and universities across the world, mainly in the Middle East. Paul Chichester, NCSC director of operations, said Turla’s activity represented ‘a real change in the modus operandi of cyber actors’ which he said ‘added to the sense of confusion’ over which state-backed cyber groups had been responsible for successful attacks. ‘The reason we are [publicizing] this is because of the different tradecraft we are seeing Turla use,’ he told reporters. ‘We want others to be able to understand this activity.’ Mr Chichester described how Turla began ‘piggybacking’ on Oilrig’s attacks by monitoring an Iranian hack closely enough to use the same backdoor route into an organization or to gain access to the resulting intelligence. … But the Russian group then progressed to initiating their own attacks using Oilrig’s command-and-control infrastructure and software.”

We’re told the group successfully hacked about 20 countries using this tactic. It let them tap into Oilrig’s operational output to gain access to victims faster and easier. Not surprisingly, the Kremlin refused to comment; Russia consistently denies it hacks other states, describing such allegations as “mythical.”

Cynthia Murrell, November 6, 2019

Another Cyber Firm Reports about Impending Doom

October 29, 2019

Identity intelligence firm 4iQ summarizes the results of recent research in the write-up, “Identity Protection & Data Breach Survey.” They polled 2,300 participants regarding data breaches and identity protection issues. You can see a slide show of the results here that presents the results in graph-form.

Researchers found that fewer than half the respondents had been notified they were victims of a breach. Most of them were offered identity protections services as a result, but about half of those felt that fell short of adequately addressing the problem. We also learn:

“*Nearly 40% of respondents believe they have already suffered identity theft and more than half of respondents, 55%, believe that it’s likely their personally identifiable information (PII) is already in the hands of criminals. As a result, 62% of respondents are concerned that their PII could be used by someone to commit fraud.

*More than half, 52%, of respondents said they would expect their own online security error to negatively or very negatively affect their standing with their employer—an additional stress for working Americans—so it’s not surprising then, that 60% of respondents believe there’s a ‘blame-the-victim’ problem with cybercrime.

*A strong majority, 63%, are concerned that prior breaches could lead to future identity fraud, and 37% believe they have already been a victim of fraud as a result of a cybercrime incident.”

As for protecting personal identifiable information, 75% feel their employers are doing a fair to excellent job, but only 42% feel the government is do so effectively. They feel even less confident about their personal efforts, however, with only 15% calling themselves “very effective” (23% rated their employers as “very effective”).

On that last point, 4iQ states it demonstrates that “everyday consumers may feel unprepared to contend with the threats presented by cybercrime,” which is not surprising from a company that sells solutions to that problem. We know there are free and low-cost measures individuals can take to boost their own security, but some will be willing to pay for extra reassurance on top of those precautions. Based in Los Altos, California, 4iQ was founded in 2016.

Cynthia Murrell, October 29, 2019

Clear Web Black Hat Forum

October 22, 2019

DarkCyber noted that Black Hat Forum is online. This is a site which offers information and educational information. The focus is on activities which appear to be skewed to illegalities.


Here’s the splash page (October 15, 2019):


Among the topics listed for users/members are:

  • Anonymity for fake IDs and passports
  • Carders Home
  • Crackers Crew
  • Hackers Crew
  • Programming information
  • VIP Black Hats (a special section which requires qualifying as a VIP on the site)
  • XXX and Other Off topic Discuss [sic]

There is also a marketplace with a section for buyers and sellers.

DarkCyber’s review of the site reveals that it contains information that is often difficult to find on the Clear or Regular.

The DNS information is sketchy:


How long will the site remain online? Good question.

Stephen E Arnold, October 22, 2019

Amazon Twitch: Some Thinking and Work to Do

October 10, 2019

I assume that this Verge story is accurate: “An Anti-Semitic Shooting in Germany Was Live-Streamed on Twitch.” Twitch allegedly said:

We are shocked and saddened by the tragedy.

Okay, but it is time for:

  • Time delays in Twitch streams
  • More aggressive content takedowns for soft porn, transmission of commercial television shows, and interesting online gambling sessions, among others
  • Elimination of a banned user under one name (SweetSaltyPeach) now streaming as RachelKay.

The Verge reports:

Today’s attack echoed the March mass shooting of Muslims in Christchurch, New Zealand — which was streamed on Facebook Live. In today’s roughly 35-minute video, a man is seen shooting two people and attempting unsuccessfully to break into the synagogue. He also gives a brief speech into the camera, railing against Jews and denying that the Holocaust happened. Two people have been confirmed dead in today’s attack, and German law enforcement has raised the possibility that multiple attackers were involved. Only one perpetrator appears in this video.

Were young kids and young adults watching murder in real time? The Verge dances around the point:

It’s unclear how many people watched the initial stream or how many copies may have been archived at Twitch — which is owned by Amazon — or on other sites. Extremism researcher Megan Squire reported that the video was also spread through the encrypted platform Telegram, with clips being viewed by around 15,600 accounts. The Christchurch shooting was viewed live by only a few people, but reuploaded roughly 1.5 million times after the attack — so dealing with the aftermath will be a real concern. Complicating this is the fact that video of the attack — from people besides the perpetrator — is newsworthy footage. But as all social networks continue to fight hate content, live videos of shootings are a uniquely sensitive issue for live-streaming platforms.

Amazon wants to be a player in the policeware market. Amazon Twitch streaming crime is one thing. I might even believe it if the driver of the Bezos bulldozer opined, “Well, that’s a lot of video to screen.”

I think streaming murder just may be more important because what advertiser wants a pre-roll before a series of killings?

Does a live stream encourage illegal activity?

DarkCyber opines that the answer is, “Yes.”

The good old days are dead just like those who were killed on the Twitch stream.

Responsibility, not arrogance may be useful.

Stephen E Arnold, October 10, 2019

Phishing: Intriguing Approach

October 10, 2019

I don’t want to work through what’s on target and what’s wonky about this “Credible Phishing Attempt.” Note that the approach makes use of voice and a reasonably coherent script. You will want to take a look at the comments in the thread. There are some interesting points along with a few comments which help explain why phishing is one of the go-to methods for bad actors.

Stephen E Arnold, October 10, 2019

DarkCyber for August 27, 2019, Now Available

August 27, 2019

DarkCyber for August 20, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/.

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: Amazon AWS as an attack launch pad for bad actors; obtaining fake paper and passports; cyber warriors have side gigs; adversarial fashions are for sale; and information about the new DarkCyber series about policeware starting in November 2019.

The feature story this week is reports that some bad actors are integrating Amazon Web Services into their phishing and malware activities. The reason is that the platform is widely available, easy to use, and has an excellent reputation. Many phishing attacks use multiples services, and AWS is becoming a resource that is gaining acceptance among bad actors.

Other stories in this week’s program are:

Jeffrey Epstein, accused of human trafficking activity, had several passports in his home at the time of his arrest. Passports and other documents like a driver’s license can be purchased on the Dark Web and via other channels. Valid passports are available from a number of countries, including Greece. The valid passport from St. Kitts and Nevis cost between $150,000 and $400,000 and up. The lower charge is for a donation to the country’s sustainable growth fund. The $400,000 is the minimum required for a real estate purchase on the island. Crossing a border with fake paper or multiple passports can invite the question, “Why do you have these documents?” Unsatisfactory answers can result in denied entry, fines, or incarceration.

DarkCyber reports that Chinese cyber warriors have discovered how to operate side gigs. The idea is that these individuals use their hacking skills to compromise financial accounts. Another approach is to obtain digital products which can be sold to online game enthusiasts. Gamers will pay for game cheats and special powers to obtain an in game advantage.

For individuals who are concerned about facial recognition, a new fashion trend may be building up steam. Adversarial Fashion has developed clothing which uses designs and colors that can confuse facial recognition systems and license plate optical character recognition readers. DarkCyber provides information about where to order these T shirts, jackets, and other items. Plus, DarkCyber gives the viewer instructions for downloading a report about the technological weaknesses in surveillance systems.

DarkCyber is a weekly production of Stephen E Arnold. The currency series of videos ends with the August 27, 2019, program. The new series of DarkCyber videos begins on November 5, 2019. The new series will focus on policeware with an emphasis on Amazon’s products and services for law enforcement, intelligence professionals, and regulatory authorities in the US, Canada, Australia, New Zealand, and the United Kingdom.

DarkCyber programs are available on Vimeo.com and YouTube.com.

Kenny Toth, August 27, 2019

DarkCyber for August 20, 2019, Now Available

August 20, 2019

DarkCyber for August 20, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/354476523 .
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

The story line up this week includes a feature about Anduril Technologies’ surveillance system for border monitoring. The show also includes a critique of a public report about robocalling and a comment about the increasingly loud calls for backdoors to mobile phones and encrypted messages by law enforcement in the US and other countries.

The feature story this week is about Anduril Industries, the company which is developing systems for the Department of Defense’s Project Maven. The company was founded in 2017 by Palmer Luckey. After creating the virtual reality product Oculus Rift, Luckey sold the company to Facebook. He then founded Anduril to develop next generation surveillance products and systems. His clients include US government agencies like the Department of Homeland Security. Anduril’s innovations allow software to monitor, analyze, and make decisions. These decisions can be taken without human involved, take place automatically, or employ human-machine interactions. The system can process data from digital cameras and specialized devices. These data are then federated and analyzed by the firm’s proprietary algorithms. The system can, for example, identify a herd of cattle as well as a group of people approaching a border. Anduril, however, is able to differentiate between the animals and the humans. If detection occurs at an Anduril monitoring tower, Anduril drones can also scan the area. If multiple Anduril drones are deployed in the area in which the anomaly was detected, the resolution of the system increases. In effect, Anduril has developed a way for surveillance to deliver detection, analysis, and increased resolution. An operator can immerse himself or herself in a virtual reality presentation of what the drones and the monitoring devices “see”. Anduril’s approach to US government work stands in direct contrast to that of Google. Google refused to work on Project Maven yet funded an educational artificial intelligence center in mainland China. Anduril welcomes US government work. One of the investors in Anduril suggested that Google’s attitude toward the US government could be interpreted as treasonous.

Two other stories round out this week’s episode.

Law enforcement agencies in the US and other Five Eyes member countries continue their call for a way for government agencies to access devices and messages by persons of interest. The “growing dark” problem in the US made headlines. Law enforcement investigating the Dayton, Ohio, killings have been unable to access the alleged shooter’s mobile phone data. DarkCyber anticipates increasingly loud calls for legislation to make it mandatory for technology companies to cooperate with law enforcement when courts permit access to mobile devices.

DarkCyber calls attention to an article which provides a road map for an individual who wants to run a robocall operation. The details of the method are reviewed. Plus, DarkCyber names two services which allow a robocall spammer to set up an operation with a few clicks online. One of these services includes a “press one feature” which allows the robocaller to charge the individual who happens to answer the telephone. DarkCyber finds these types of “how to” articles somewhat troubling. The information may encourage some individuals to launch a robocall business and runs scams anonymously.

A new multi part series about Amazon policeware initiative begins on November 5, 2019. DarkCyber programs are available on Vimeo.com and YouTube.com.

Note that DarkCyber will begin a new series of programs on November 5, 2019. The current series or “season” ends on August 27, 2019. We are developing the new series now. It’s about everyone favorite online bookstore with an emphasis on policeware and intelware.

Kenny Toth, August 20, 2019

Next Page »

  • Archives

  • Recent Posts

  • Meta