Browse > Home / Archive by category 'cybercrime'

Is Digital Piracy Is Similar to the US Anti-Drug Campaign

September 9, 2022

From the 1980s-2000s. American kids were subjugated to the DARE. The DARE program was a federal drug prevention program that was supposed to educate kids about the dangers of drugs and alcohol. It failed miserably. Instead, kids were exposed to more knowledge about drugs and alcohol. The same thing happened with anti-piracy ads: “Why Piracy PSAs Often Fail Spectacularly” says The Hustle.

Ever since the Internet allowed people to pirate everything from music to movies to software, screens were flooded with anti-piracy PSAs. The anti-piracy ads compared digital theft to stealing a car, bike, etc. The PSAs did more harm than good, like DARE, but they are entertaining as eye-rolling memes. Why did they fail?

“Many don’t see it as theft. It’s called file sharing.

Messaging is too extreme. It’s reasonable to compare downloading a movie to stealing a DVD — not to grand theft auto.

They’re not relatable. People might be deterred by malware warnings, but an Indian PSA featuring Bollywood stars — who are worth up to 200k times the nation’s annual per capita income — failed to garner sympathy.

Declaring piracy a widespread issue implies everyone’s doing it. So, why not you?”

In the United States, pirates aka file sharers are not bothered by the idea of stealing a few bucks from Hollywood. Piracy is also a white-collar crime. While there are fines and stiff penalties, the risks are minor compared to hacking, identity theft, murder, sex trafficking, and the list goes on.

No one cares unless it allows law enforcement to issue a warrant to prevent worse crimes or the moguls lose a lot of money, then they get the talking political heads involved.

Digital piracy is not new and we can thank the 1990s for the legendary rap, “Don’t Copy That Floppy.”

Whitney Grace, September 9, 2022

Written by Stephen E. Arnold · Filed Under cybercrime, News | Comments Off on Is Digital Piracy Is Similar to the US Anti-Drug Campaign 

Open Source: Everyone Uses It. Now Bad Actors Know Where to Aim

September 2, 2022

Peace of mind is a valuable thing, a commodity one might think worth allocating some funds to ensure, particularly when one is engaged in permanent cyber warfare. Yet, according to BetaNews, “80 Percent of Enterprises Use Open Source Software and Nearly All Worry About Security.” A recent report from Synopsys and based on research by Enterprise Strategy Group found 80% of enterprises use open source software (OSS), and 99% of those are concerned about related security issues. Apparently one percent is not paying attention—such worry is justified because few in the IT department know what’s in the open source libraries or know how to find manipulated or rogue instructions. Reporter Ian Barker tells us:

“In response to high profile supply chain attacks 73 percent of respondents say they have increased their efforts significantly to secure their organizations’ software supply chain. Steps taken include the adoption of some form of multi-factor authentication technology (33 percent), investment in application security testing controls (32 percent), and improved asset discovery to update their organization’s attack surface inventory (30 percent). Despite those efforts, 34 percent of organizations report that their applications have been exploited due to a known vulnerability in open source software within the last 12 months, with 28 percent having suffered a previously unknown zero-day exploit found in open source software.

Pressure to improve software supply chain risk management has shone a spotlight on software Bills of Materials (SBOMs). But exploding OSS usage and lackluster OSS management has made the compilation of SBOMs complex — the ESG research shows that 39 percent of survey respondents marked this task as a challenge of using OSS. … [The study also found] 97 percent of organizations have experienced a security incident involving their cloud-native applications within the last 12 months.”

All this, and the use of open source software is expected to jump to 99% next year. It seems those who hold organizational purse strings care more about saving a few bucks than about their cybersecurity teams’ sleepless nights. If they suffer a breach, however, they may find that metaphoric purse has acquired a large hole. Just a thought, but an ounce of prevention may be warranted here.

Cheap and easy? Yep.

Cynthia Murrell, September 2, 2022

Written by Stephen E. Arnold · Filed Under cybercrime, cybersecurity, News | Comments Off on Open Source: Everyone Uses It. Now Bad Actors Know Where to Aim 

Star Power and Crypto: Fading Magnetism

September 2, 2022

Cryptocurrencies are a mystery to most people. One would think they would have gone by the wayside, however, faithful followers are still chugging along mining coins. Unfortunately social media influencers who are experts in digital currencies were paid to promote them and they lied to their views. The guilt has now set in says NBC News in “Some Social Media Influencers Are Being Paid Thousands To Enforce Cryptocurrency Projects.”

Ben Armstrong of the BitBoy Crypto YouTube channel was paid to promote DistX as his “coin of choice.” DistX turned out to be a scam and investors were left high and dry. The currency is now worth less than a penny. Armstrong and other influencers are paid tens of thousands of dollars to promote cryptocurrencies.

Armstrong stated he was upfront about products he was paid to promote. Unfortunately many YouTubers are not as honest as him. He also refunded investors of DistX with his promotion fees. Years ago YouTubers did not have to disclose they were paid to promote products, but now they are supposed to state when content is sponsored. Some bad-acting YouTubers fail to follow guidelines.

Politicians are even getting involved:

“But state regulators warn that there are still influencers who lack transparency. Joe Rotunda, the director of the enforcement division of the Texas State Securities Board, said he’s seen paid promotions that are not only undisclosed but are pushing fraudulent ventures.

Rotunda and a team of regulators recently filed enforcement actions against two casinos in the metaverse, the new digital frontier where users can attend virtual concerts, purchase digital assets or even gamble at a casino.”

Cryptocurrencies are predicted to fail even more in the coming years. Why not stick to better forms of investment than risking it all on “get rich quick schemes?” Will the endorsers find their actions a future legal issue?

Whitney Grace, August September 2, 2022

Written by Stephen E. Arnold · Filed Under cybercrime, News | Comments Off on Star Power and Crypto: Fading Magnetism 

Australia: Harbinger for Tech Giants and Their Exposed Quite Weak Spot?

August 31, 2022

The US technology giants color many discussions. Facebook seems to want everyone to live and work in a computer graphics generated world. Google allegedly wants to improve search. Yada yada yada.

The weak spot for most of these outfits is the perception that online provides a haven for bad actors. Among bad actors, one of the least salubrious niches is CSAM, jargon for child sexual abuse material. For some bad actors, the last couple of decades have been the digital equivalent of a Burning Man devoted to the heavy metal life of shadows.

True or false?

It depends on whom one asks. If you ask me and my team, the big technology outfits as well as the feeder modules like shadow Internet Service Providers have not taken enough positive steps to address the CSAM issue.

Australia Orders Tech Giants Apple, Microsoft, Snap and Meta to Step up Actions against Child Abuse Material” may be a harbinger of what’s coming from other countries in 2023. The article from the estimable Epoch Times reports:

Australian authorities have ordered global tech giants to report on the actions they have taken to stop the spread of child sexual exploitation materials on their platforms and will impose penalties on non-compliant companies.

What happens if New Zealand, the UK, Canada, the US, and other like minded companies follow in Australia’s footsteps?

CSAM is a problematic and troublesome issue. Why is Australia taking this action? The Wild West, “I apologize, senator” approach has worn thin.

CSAM is a weak spot, and big tech and its fellow travelers will have to do some fancy dancing in 2023 in my opinion. It’s time for the night club to close.

Stephen E Arnold, August 31, 2022

Written by Stephen E. Arnold · Filed Under cybercrime, Government, News | Comments Off on Australia: Harbinger for Tech Giants and Their Exposed Quite Weak Spot? 

Favorite Phishing Holes of 2022

August 16, 2022

Cybercriminals can always rely on user gullibility, which is why the phishing tactic is not going away any time soon. Cybersecurity firm AtlasVPN presents us with what their researchers found to be the “Top 5 Phishing Statistics of 2022.” Think of it as a how-to for phishers, if you will, but we can also consider it a list of things to watch out for. The first item, for example, is easy to spot right there in the subject line:

“If there is a tell-tale sign that the email one received is a phishing attempt is an empty subject line. Research finds that 67% of cybercriminals leave the subject line blank when sending malicious emails. Other subject lines attackers use, although less frequently, include ‘Fax Delivery Report’ (9%), ‘Business Proposal Request’ (6%), ‘Request’ (4%), ‘Meeting’ (4%), ‘You have (1*) New Voice Message’ (3.5%), ‘Re: Request’ (2%), ‘Urgent request’ (2%), and ‘Order Confirmation’ (2%).”

It is also good to know which companies are most often spoofed and exercise extra caution when something supposedly from them hits the inbox. This year LinkedIn was impersonated in just over half of all attacks, giving it the dubious honor of being the first social media platform to surpass Apple, Google, and Microsoft. Crypto currencies are also a hot scam right now, with Blockchain, Luno, and Cardano the most-spoofed projects. Then there is Amazon, especially targeted on the much-hyped Prime Day. We learn:

“Amazon’s Prime Day is a long-awaited sales event for shoppers. However, while consumers enjoy great deals, criminals are working hard to lure them into fake websites. Amazon was the most frequently impersonated of all the retail brands, with over 1,633 suspicious sites detected in the last 90 days (till July 12, 2022). While the websites are being continuously taken down, as of July 12, the Amazon Prime Day, as many as 897 websites were still live.”

The write-up reports that 54% of phishing attacks that manage to hook a victim result in a data breach while a staggering 83% of organizations have suffered successful attacks so far in 2022. Stay vigilant, dear reader.

Cynthia Murrell, August 16, 2022

Written by Stephen E. Arnold · Filed Under cybercrime, News | Comments Off on Favorite Phishing Holes of 2022 

TikTok: Is It a Helpful Service for Bad Actors?

August 9, 2022

Do you remember the Silicon Valley cheerleaders who said, “TikTok is no big deal. Not to worry.” Well, worry.

TikTok: Suspected Gangs Tout English Channel Migrant Crossings on Platform” states:

The Home Office [TikTok] said posts which “promote lethal crossings” were unacceptable, but there are calls for more to be done to stop people-smuggling being advertised online.

TikTok is allegedly taking the position that such criminal promotions “have no place” on the China-linked service. The BBC report includes this statement:

A spokesman for TikTok said: “This content has no place on TikTok. We do not allow content that depicts or promotes people smuggling…and have permanently banned these accounts. “We work closely with UK law enforcement and industry partners to find and remove content of this nature, and participate in the joint action plan with the National Crime Agency to help combat organized immigration crime online.”

I am skeptical about TikTok for these reasons:

  1. Data collection
  2. Analyses which permit psychological profiling so that potential “insiders” can be identified
  3. Injection of content which undermines certain social concepts; that is, weaponized information.

Net net: Delete the app and restrict access to the system. Harsh? Maybe too little too late, cheerleaders.

Stephen E Arnold, August 9, 2022

Written by Stephen E. Arnold · Filed Under cybercrime, Government, News | Comments Off on TikTok: Is It a Helpful Service for Bad Actors? 

Commercializing Cyber Crime with Search and Retrieval

July 14, 2022

I read “Ransomware Gangs Offer Ability to Search Stolen Data.” The write up reports:

Bleeping Computer reported today that the ALPHV/BlackCat ransomware gang was the first to offer the feature, announcing that they have created a searchable database with leaks from nonpaying victims. The hackers said that their stolen data had been fully indexed and that the search feature included support for finding information by filename or by content available in documents and images. The BlackCat ransomware gang claims it is offering the search service to make it easier for cybercriminals to find passwords or other confidential information.

Other alleged bad actors are offering a search function as well. These are Lockbit and Karakurt.

Several observations:

  1. Commercialization of cyber crime has been a characteristic of some of the more forward-leaning bad actors
  2. The availability of open source search makes it easy to add functionality
  3. More productization is inevitable; for example, subscriptions to Crime as a Service.

Net net: The focus of crime analysts and investigators may have to embrace enablers like Internet Service Providers, cloud services, and open source code repositories.

Stephen E Arnold, July 14, 2022

Written by Stephen E. Arnold · Filed Under cybercrime, News, Search | Comments Off on Commercializing Cyber Crime with Search and Retrieval 

Indonesia: Good Actors and Bad Actors May Be Interested

June 30, 2022

I am not sure how the “new” visa described in “Indonesia Is Offering A Special Visa To Remote Workers, Allowing Them To Stay There For 5 Years Tax-Free, Including The Dream Destination, Bali.” The write up reports:

Freelancers and remote workers will soon be able to work tax-free in Indonesia, including the island of Bali, as the country’s tourism minister Sandiaga Uno announced the five-year ‘digital nomad visa’…

I did not know that Indonesia had a slogan; namely, “sun, sea and sand.” The proposed visa will shift the emphasis about 180 degrees to “serenity, spirituality and sustainability.” Got it? Sure.

The write up notes:

Living tax-free isn’t always a guarantee if you’re granted a digital nomad visa. For example, Americans will still have to file taxes if they’re granted one, because the US taxes citizens based on citizenship itself, rather than their residence.

The write up points out “there are snakes in Indonesia. If the visa plan becomes a reality, a few digital snakes may enliven daily life. Bad actors with a laptop may appear to be Silicon Valley wizards eager to avoid the rigors of work elsewhere. No Zooms when the surfs up.

Stephen E Arnold, June 30, 2022

Written by Stephen E. Arnold · Filed Under cybercrime, Government, News | Comments Off on Indonesia: Good Actors and Bad Actors May Be Interested 

Amazon and Counterfeit Products: Are They Really Are Here to Stay?

June 9, 2022

Counterfeit products once took some effort to locate. A quick trip to Orchard Street in lower Manhattan might yield some interesting finds. How about a $10 Rolex. A jaunt through a side street in Wuhan? A visit to a certain store in a shopping center in Bangkok? A journey to a jeweler located in a suburb of San Antonio?

But the Disneyland of counterfeits is the wonderful, clickable world of ecommerce. And who is the ageing Big Daddy of ecommerce?

Yep, Amazon, it seems to me, adopts the policy of Big Daddy Pollitt in Cat on a Hot Tin Roof: “I don’t want to talk about that.”

However, “Amazon Sees Dip in Sellers Signing Up to Sell Counterfeits” makes it clear that Amazon is talking or possibly PR’ing.

The article states:

Amazon said it ramped up investments in 2021 to keep counterfeit products off its retail site and saw signs its efforts are working, according to an annual brand protection report it released Wednesday [June 8, 2022].  The company spent more than $900 million on its anti-counterfeit programs and employed over 12,000 people focused on the problem in 2021. That’s up from $700 million and 10,000 people in the prior year.

But the important point in my opinion appears in this statement:

The increasing investment of money and manpower from Amazon is necessary, said Mary Beth Westmoreland, vice president of technology at Amazon.  “That unfortunately speaks to the fact the problem of counterfeit isn’t going away,” Westmoreland said, adding, “it’s an industry-wide problem.”

The PR-ish write up explains that Amazon is using smart software and lines of communication so bad actors can be … what? … Well, Amazon sues and it relies on Chinese authorities to raid a warehouse with fraudulent good.

Does Amazon’s posture indicate that persistent crime is now part of the Amazon experience. I recall the fascinating process of explaining to Amazon that one of its “merchants” shipped me a pair of big red panties instead of an AMD 5900x cpu. Yep, lines of communication. Fraud.

Perhaps Amazon should step away from its third party merchants with made up words, vendors identified by customers as shipping interesting but mostly faux products, and deals with aggregating merchants working from apartments in Hong Kong, Shanghai, and other exotic locations?

Just a thought because the PR’ing seems to be similar to certain big tech companies’ thanking senators for a question.

Stephen E Arnold, June 9, 2022

Written by Stephen E. Arnold · Filed Under Amazon, cybercrime, News | Comments Off on Amazon and Counterfeit Products: Are They Really Are Here to Stay? 

NFT Fakery? No! Impossible!

June 2, 2022

It is smart to never believe everything you watch or read on the Internet, especially when it comes to non-fungible tokens (NFTs). If you were not aware, NFTS are digital pieces of property with a value determined by their scarcity and creator. Weird ape portrait NFTs went viral when they made their creator a billionaire. We believed the ape NFTs had drifted into meme history, when a news story about an ever weirder dating app surfaced. Buzzfeed explains the details in, “The Bored Ape Dating That Shut Down Because No Women Signed Up Was Just a Prank, Folks.”

The Twitter user @y4kxyz tweeted that the dating app for owners of Bored Ape Yacht Club NFTs was shut down because of the disproportional amount of men to women who signed up. It perpetuated the idea that NFTs are only valued by stereotypical lonely males and it was funny. The entire dating app was a joke, but it appeared real enough that some news outlets ran the story:

“Sadly, it isn’t true. It was all a joke. The app never existed in the first place, so it couldn’t have been shut down because there were no women. It was a funny prank — a good joke, a great one, even. The confirmation bias that NFTs are for sad men is strong enough that this tricked a few news outlets into reporting it as if it were real.”

The Buzzfeed article author believed the NFT dating app was a fake and contacted the creator for information. A few months passed, then the joke story about the app shutting down went viral. The dating app creator and the author spoke with the former more or less confirming the entire thing was a prank.

NFT fans were not the only targets. The others were people with a “right-clicker mentality,” referring to how Windows users can simply right click on an image to save a copy.

The Bored Ape Yacht Club dating app was not a bad prank. No one was hurt. It did not start a social justice warrior war. It did not break the Internet and one rioted in the street.

Whitney Grace, June 2, 2022

Written by Stephen E. Arnold · Filed Under cybercrime, News | Comments Off on NFT Fakery? No! Impossible! 

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta