• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

Cyber Crime and Crypto Currency: There Is a Link? Really?

I read a remarkable report from the diary of Captain Obvious. The entry was “Quick Take: How Cryptocurrency Turbocharged the Cybercrime Racket.” I was stunned to learn that paying for contraband, stolen videos, and Crime as a Service was helped out with allegedly anonymous digital payments “turbocharged the cybercrime racket.”

The write up reports:

Bitcoin and other cryptocurrencies, along with the exchanges where they can be traded anonymously, have emerged as key tools for the cyber extortionists.

The article then explains how to use cryptocurrency for cyber crime, explains why bad actors love money flows which sidestep traditional financial institutions, an estimate of the amount of money stolen using cryptocurrency, a comment about how bad actors obtained payment in the pre-bitcoin days, a comment about tracing digital currency transactions, some law enforcement successes, and what steps might address this issue.

Who knew? Maybe the more than 60 vendors engaged in cyber security, the dozens of vendors monitoring obfuscated forums, and savvy bad actors who jumped at the opportunity cryptocurrency created for mixers.

It is outstanding that the Seattle Times, home of the security giant Microsoft, has revealed this startling connection between obfuscated, instant monetary transactions designed to avoid regulatory requirements of outfits like major US banks.

Pulitzer time? Absolutely. Next the hard hitting news team will report on the sun rising each morning in Seattle.

Stephen E Arnold, July

DarkCyber for July 13, 2021, Now Available

DarkCyber is a twice-a-month video news program about the Dark Web, lesser known Internet services, and cyber crime. You can view the program at this link or use the viewer on the Beyond Search splash page. The DarkCyber for July 13, 2021, discusses the new US GAO report on facial recognition. Plus a 2019 report, with numerous FR vendors and accuracy tests, provides data not in the 2021 report. Also, in this program are stories about: [a] what cohort (age group) is most susceptible to online scams, [b] Amazon eCommerce vulnerabilities, and [c] a report about the US Navy’s autonomous mid-air refueling drone. DarkCyber is produced by Stephen E Arnold.

Kenny Toth, July 13, 2021

Tor Compromised?

I read “Tor Encryption Can Allegedly Be Accessed by the NSA, Says Security Expert.” I was stunned. I thought that the layers of encryption, the triple hop through relays, and the hope that everything worked as planned was bulletproof. And who funded Tor in the first place? What’s the status of the not-for-profit foundation today? Why were some European entities excited about cross correlating date and time stamps, IP addresses, and other bits of metadata? I don’t have answers to these questions, nor does the write up.

The article presents this information:

A security expert by the name of Robert Graham, however, has outlined his reasons for actually believing that the NSA might not even need tricks and paltry exploits in order for them to gain access to Tor, according to a blog post on Erratasec. Why? The security expert notes that this is because they might already have the keys to the kingdom. If they don’t, then they might be able to, according to arsTechnica.

Let me see if I can follow the source of this interesting assertion. TechTimes (the outfit publishing the “Tor Encryption Can” story cited above) quotes a security expert. There was a source called Erratasec. Then there was a story on ars Technica.

Now I think that Tor software and the onion method have security upsides and downsides. I also know that what humans create, other humans can figure out. I think the point of the write up is that anyone who uses Tor should embrace the current version.

Can NSA or any other intelligence entity figure out who is doing what, when, and why? My view is that deobfuscation methods are advancing. The fact that bad actors are shifting from old-school Dark Web sites to other channels speaks volumes. Bad actors have been shifting to messaging services which feature end-to-end encryption (E2EE) and do not require a particularly hard-to-complete registration process. But this shift from the “old” Dark Web to the “new” Dark Web began several years ago.  Bad actors have been aware that other secure communications options were Job One for years. My thought is that this story in interesting, just not focused on what is actually further consumerizing criminal behavior. The action has shifted, and the US may not be the leader in making sense of the new types of communications traffic.

Stephen E Arnold, July 9, 2021

DarkCyber for June 29, 2021, Now Available: Operation Trojan Shield Provides an Important Lesson

DarkCyber 13 discusses the Operation Trojan Shield sting. You can view the video at this link. The focus is on three facets of the interesting international takedowns not receiving much attention. The wrap up of the program is a lesson which should be applied to other interesting mobile device applications. If you are wondering how useful access to app data and its metadata are, you may find this 11 minute video thought provoking. DarkCyber is a production of Stephen E Arnold, a semi-retired consultant who dodges thumbtypers, marketers, and jargon lovers. Remember: No ads and no sponsors. (No, we don’t understand either but he pays our modest team like clockwork.)

Kenny Toth, June 29, 2021

Another Friday, More Microsoft Security Misstep Disclosures

I think Microsoft believes no one works on Friday. I learned in “Microsoft Warns of Continued Attacks by the Nobelium Hacking Group” that SolarWinds is the gift that keeps on giving. Microsoft appears to have mentioned that another group allegedly working for Mr. Putin has been exploiting Microsoft software and systems. Will a “new” Windows 11 and registering via a Microsoft email cure this slight issue? Sure it will, but I am anticipating Microsoft marketing jabber.

The write up states:

The Microsoft Threat Intelligence Center said it’s been tracking recent activity from Nobelium, a Russia-based hacking group best known for the SolarWinds cyber attack of December 2020, and that the group managed to use information gleaned from a Microsoft worker’s device in attacks. Microsoft said it “detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers” and that “the actor used this information in some cases to launch highly targeted attacks as part of their broader campaign.” The affected customers were notified of the breach.

The applause sign is illuminated.

I spotted this remarkable statement in the write up as well:

It’s possible that successful attacks went unnoticed, but for now it seems Nobelium’s efforts have been ineffective.

Wait, please. There is more. Navigate to “Microsoft Admits to Signing Rootkit Malware in Supply-Chain Fiasco.” This smoothly executed maneuver from the Windows 11 crowd prompted the write up to state:

Microsoft has now confirmed signing a malicious driver being distributed within gaming environments.

This driver, called “Netfilter,” is in fact a rootkit that was observed communicating with Chinese command-and-control (C2) IPs.

The write up concludes:

This particular incident, however, has exposed weaknesses in a legitimate code-signing process, exploited by threat actors to acquire Microsoft-signed code without compromising any certificates.

Amazing. The reason cyber crime is in gold rush mode is due to Microsoft in my opinion. The high tech wizards in Redmond can do rounded corners. Security? Good question.

Stephen E Arnold, June 28, 2021

Google: So Darned Useful to Good and Bad Actors

Never underestimate hackers’ adaptability and opportunism. E Hacking News reports, “Threat Actors Use Google Drives and Docs to Host Novel Phishing Attacks.” For the first time, security firm Avanan has found, attackers are able to bypass link scanners and other security protections and use Google’s standard document tools to deliver malicious, credential-stealing links. Previously, bad actors have had to lure their victims to a legitimate website in order to exploit its security flaws. Now they can do so right from users’ inboxes. The article cites a recent report from Trend Micro as well as the research from Avanan:

“According to researchers, once the hacker publishes the lure, ‘Google provides a link with embed tags that are meant to be used on forums to render custom content. The attacker does not need the iframe tags and only needs to copy the part with the Google Docs link. This link will now render the full HTML file as intended by the attacker and it will also contain the redirect hyperlink to the actual malicious website.’ The hackers then use the phishing lure to get the victim to ‘Click here to download the document.’ Once the victim clicks, the page redirects to the actual malicious phishing website through a web page designed to mimic the Google Login portal. Friedrich said Avanan researchers also spotted this same attack method used to spoof a DocuSign phishing email. In this case, the ‘View Document’ button was a published Google Docs link that actually was a fake DocuSign login page that would transmit the entered password to an attacker-controlled server via a ‘Log in’ button.”

Stolen login credentials are the most effective way to infiltrate any organization, and with a little social engineering hackers can attract many of them with this approach. It is a good reminder that educated users who do not fall for phishing schemes provide the best protection against such attackers. Alternatively, just download some interesting apps from the Google Play Store.

Cynthia Murrell, June 25, 2021

DarkCyber for June 15, 2021, Now Available

DarkCyber is a video news program issued every two weeks. The June 15, 2021, show includes five stories:

• Pentest tools you can download and use today for free
• A free report that explains Britain’s cyber weaknesses
• Additional information about the E2EE revolution
• Another tip for finding flexible developers and programmers who will do exactly what you want done
• The FireScout, a drone with a 100 mile range and the ability to drop sonobuoys and other devices, perform surveillance, and remain aloft for up to 10 hours.

The DarkCyber video news program contains information presented in Stephen E Arnold’s lectures to law enforcement and intelligence professionals. His most recent lecture was the New Dark Web. He presented his most recent research findings to a group of more than 100 cyber fraud investigators working in Connecticut for a variety of LE and related organizations. The

The June 15, 2021, DarkCyber video program is available from Mr. Arnold’s blog splash page and can be viewed on YouTube. One important note: The video program does not contain advertisements or sponsored content. We know that’s unusual today, but the DarkCyber team prefers to operate without an invisible hand on the controls or an invisible foot on the team’s neck.

Kenny Toth, June 15, 2021

Chronic Cyber Insecurity

NPR has shared the transcript of an All Things Considered interview with former NSA general counsel Glenn Gerstell in, “USAID Hack: Former NSA Official Calls U.S. Cyber Insecurity a ‘Chronic Disease.’” The exchange is not reassuring. Host Michel Martin begins with the recent news of another breach, announced by Microsoft late last month. Once again the perpetrators appear to be Russian operatives, probably the same ones that were behind the SolarWinds attack. Not that Putin will admit as much when he is confronted, as he will likely be, by President Biden at their upcoming meeting in Geneva. We note this exchange:

“MARTIN: Why do you think these attacks keep happening despite the sanctions that the Biden administration has already imposed, you know, on Russia? And do you think the government’s doing enough to protect itself against these threats and also us, the public?

“GERSTELL: Well, your question is really the key one. And I think the lesson we learn from this is that this in some ways, our cyber insecurity in this regard, is a chronic disease for which we don’t have a single cure. It’s not an illness for which there’s a particular drug that we could take to get rid of it. So unfortunately, however, we’re at the beginning end of this chronic condition. This is going to get worse before it gets better. It will ultimately get better. But in the meantime, we have sophisticated attackers, nation states and criminals who can co-opt legitimate servers and companies and computers and softwares. And this proves, unfortunately, that our current scheme of deterrents simply isn’t working.”

What will work is the multi-billion dollar question. Martin wonders whether there are any plans to regulate crypto currency. Gerstell allows that is a step that might be taken, but it would do little to disrupt either spying or the sowing of chaos generated by these types of attacks. It could, however, curtail the sort of ransomware attack that recently shut down a pipeline on the East Coast and had some fools pumping gasoline into plastic bags and other unwise receptacles. That would be something, we suppose.

Cynthia Murrell, June 11, 2021

SolarWinds: In the News

Here’s the good news in “SolarWinds Hackers Are Back with a New Mass Campaign, Microsoft Says.”  Microsoft and other firms are taking actions to cope with the SolarWinds’ misstep. That’s the gaffe which compromised who knows how many servers, caught the news cycle, and left the real time cyber security threat detection systems enjoying a McDo burger with crow.

I circled this positive statement:

Microsoft security researchers assess that the Nobelium’s spear-phishing operations are recurring and have increased in frequency and scope,” the MSTC post concluded. “It is anticipated that additional activity may be carried out by the group using an evolving set of tactics.

The good news is the word “evolving.” That means that whatever the cyber security wizards are doing is having some impact.

However, the bulk of the write up makes clear that the bad actors (Russian again) are recycling known methods and exploiting certain “characteristics” of what sure seem to be Microsoft-related engineering.

There are some clues about who at Microsoft are tracking this stubbed toe; for example, a vice president of cust0omer security and trust. (I like that word “trust.”)

Several observations:

1. Phishing
2. Surfing on Microsoft-like methods; for example, hidden DLLs, which are usually really fun
3. A reactive approach.

What’s my take away from the explanation of the security stubbed toe: No solution. Bad actors are on the offensive and vendors and users have to sit back and wait for the next really-no-big-deal breach. Minimization of an “issue” and explaining how someone else spilled the milk will be news again. I think the perpetual motion machine has been discovered in terms of security.

Stephen E Arnold, June 2, 2021

DarkCyber for June 1, 2021, Now Available

DarkCyber is a video news program about the Dark Web, cyber crime, and lesser known Internet services. This edition’s story line up includes a bad actor promoting on the regular Internet, a look at Europol’s business process analysis for industrialized cyber crime, a University of Washington research project for a do-it-yourself IMSI sniffer, two free reports about phishing, the go-to method for compromising users’ computer security, and a look at the Gaza, a new drone designed to strike at those who would wrongfully act toward certain groups. DarkCyber is produced by Stephen E Arnold with assistance from the DarkCyber research team. The programs appear twice each month. The videos are available on YouTube. You can view the video via the player on the Beyond Search blog or at https://youtu.be/f1ym19l2Y0I. No ads, no vendor supported posts, nothing but Mr. Arnold commenting on important news stories. How is this possible? No one who thumb typers knows.

Kenny Toth, June 1, 2021

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Fogint
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • Explaining Graykey: Helpful or Harmful for Law Enforcement?
  • Apple: Another Problem Becoming Evident
  • Early AI Adoption: Some Benefits
  • FOGINT: Security Tools Over Promise & Under Deliver
  • More Googley Human Resource Goodness

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org