The Darknet: a Dangerous Place
October 6, 2021
Criminal activity on the Darknet is growing and evolving. One person who has taken it on themselves to study the shadow realm shares some of their experiences and observations with reporter Vilius Petkauskas in, “Darknet Researcher: They Said They’ll Come and Kill Me—Interview” at CyberNews. The anonymous interviewee, who works with research firm DarkOwl, describes a threat to their life, one serious enough to prompt them to physically move their family to a new home. They state:
“There was one specific criminal actor I was going after, trying to figure out where they were operating, who they were involved with, what groups they were affiliated with. I became a target. They turned on me and said, we will find whoever wrote this and come kill them. We will destroy them.”
Yes, poking around the Darknet can be dangerous business. What sorts of insights has our brave explorer found? Recently, there has been a substantial uptick in ransomware, and for good reason. The researcher explains:
“Look at ransomware as a service (RaaS). First and second-generation ransomware lockers were developed by incredibly smart malware developers, cryptologists, and encryption specialists. Those who designed and employed such software were some of the most sophisticated malware developers or ‘elite’ hackers around if you want to label them that. But with the RaaS affiliate model, they’re giving others the chance to ‘rent’ ransomware for as little as a few hundred bucks a year, depending on which strain they’re using. Anyone interested in getting into the business of ransomware can enter the market without necessarily having any prior or expert knowledge of how to conduct an enterprise-level attack against a network. Some of the gangs, like Lockbit 2.0 are nearly entirely automated, and their affiliates don’t need to have the slightest clue what they’re doing. You just push, plug, and play. Identify the victim, drop it onto the network, and the rest is taken care of.”
How convenient. Getting into the target’s network, though, is another matter. For that criminals turn to
initial access brokers (IABs), also located on the Darknet, who help breach networks through vulnerabilities, leaked credentials, and other weaknesses. See the write-up for more of the researchers hard-won observations. They close with this warning—there is more going on here than opportunists looking to make a buck. Espionage and cyber terrorism are also likely involved, they say. We cannot say we are surprised.
Cynthia Murrell, October 6, 2021
Bad Apps: Will There Be a YouTube Video?
September 30, 2021
I read “Fraudulent Mobile Apps Growing in Numbers.” This is another “Who knew?” write up. After app removals, malware app, and apps that phone home, suddenly “real” news. The write up states:
A new report from payment fraud protection specialists Outseer claims that out of all fraudulent attacks that happened in Q2 2021 (of which there were more than 49,000), rogue mobile apps accounted for almost a third (30%).
I like that: Outseer. Very similar to Outsell. I don’t understand that name either.
How does mobile app fraud work? Here’s the explanation:
The process is relatively simple. Fraudsters would create an app that looks almost identical to a genuine mobile app belonging to a bank, and have it placed on a mobile app store (or distribute it via its website, email, or any other means).
Interested in crating a mobile app? There are a number of sites which allow a person to create a mobile app with no coding required. To make it “mal,” more work is required. Microsoft Github has examples to help you on your quest.
News? Nope.
Stephen E Arnold, September 30, 2021
How Much Growth in Ransomware in 12 Weeks? A Lot
September 30, 2021
I read “Security Experts Witnessed a 55,239% Increase in Ransomware Activity in Q2.” Now that’s a nifty percentage. Not even the Google nails 12 week figures like that one. I learned:
In Q2 2021, Nuspire security experts witnessed a 55,239% increase in ransomware activity just a few weeks prior to the Colonial Pipeline Ransomware attack conducted by DarkSide Ransomware group. The reason for the increase is not known and it may not be related to Colonial Pipeline, but one can speculate that the increase could be from the same campaign with Colonial Pipeline.
Hmmm.
Other items of note are:
- Malware up
- Microsoft software involved
- Botnets less popular due to enforcement activity.
Stephen E Arnold, September 28, 2021
DarkCyber for September 21, 2021 Now Available
September 21, 2021
DarkCyber for September 21, 2021, reports about the Dark Web, cyber crime, and lesser known Internet services. The program is produced every two weeks. This is the 19th show of 2021. There are no sponsored stories nor advertisements. The program provides basic information about subjects which may not have been given attention in other forums. The program is available at this link.
This week’s program includes five stories.
First, we provide information about two online services which offer content related to nuclear weapons. Neither source has been updated for a number of months. If you have an interest in this subject, you may want to examine the information in the event it is disappeared.
Second, you will learn about Spyfone. DarkCyber’s approach is to raise the question, “What happens when specialized software once considered “secret” by some nation states becomes available to consumers.
Third, China has demonstrated its control of certain online companies; for example, Apple. The country can cause certain applications to be removed from online stores. The argument is that large US companies, like a French bulldog, must be trained in order stay in the Middle Kingdom.
Fourth, we offer two short items about malware delivered in interesting ways. The first technique is put malicious code in a video card’s graphics processing unit. The second summarizes how “free” games have become a vector for compromising network security.
The final story reports that a Russian manufacturer of drones is taking advantage of a relaxed policy toward weapons export. The Russian firm will produce Predator-like drones in countries which purchase the unmanned aerial vehicles. The technology includes 3D printing, specialized software, and other advanced manufacturing techniques. The program includes information about they type of kinetic weapons these drones can launch.
DarkCyber is produced by Stephen E Arnold and his DarkCyber research team. You can download the program from the Beyond Search blog or from YouTube.
Kenny Toth, September 21, 2021
DarkCyber for September 7, 2021 Now Available
September 7, 2021
DarkCyber is a twice-a-month video news program about the Dark Web, cyber crime, and lesser known Internet services. Program 18 includes stories about China’s information war fighting. The program explains three services which allow anyone to find the individual to which a US license plate has been registered. Crypto currency for criminal activities is playing a larger and larger role in illegal activities. How can you determine the level of risk associated with a particular digital currency transaction. DarkCyber points to a service which provides extremely useful information. The US government has released yet another report about facial recognition. Learn the three systems which are relied upon by several US government entities. There’s a great deal of chatter about nation stations which are sponsoring cyber attacks on the US. These stories often overlook the ease with which an insider can be instrumental in providing access to an allegedly secure network. And, finally, we explain how the Hellfire missile equipped with fragmenting blades has sliced and diced its way into Afghani history. DarkCyber is a production of Stephen E Arnold. The program appears every two weeks. This week’s program is available on the Beyond Search blog and on YouTube.
Kenny Toth, September 7, 2021
Tips for Phishers
August 31, 2021
I spotted “AI Analysis Unveils the Most Effective Email Subject Lines for the Holidays.” My hunch is that a “real” news professionals wanted to provide helpful tips to those who engage in email marketing. The write up includes “tips” from professional email marketers. Here’s one example:
email subject lines that are direct or evoke curiosity or friendliness are the most likely to get opened
Gee, I wonder what other group of email marketers might benefit from such advice?
What about phishers? These are the bad actors who seek to compromise a user’s or an organization’s security via malicious email. With some cyber security solutions relying on rules, database look up, or the human recipient for blocking phishing attempts, the write up is likely to be quite useful. Just in time for the holidays: AI-derived tips for getting someone to open an email. Super thinking!
What bad actor can resist taking this advice?
Including empathy in your messages for your customers helps you make them feel that you are on their side.
Helpful, right?
Stephen E Arnold, August 31, 2021
Why Big Tech Is Winning: The UK Admission
August 31, 2021
I read “UK’s FCA Say It Is Not Capable of Supervising Crypto Exchange Binance.” This is a paywalled story, and I am not sure how much attention it will get. As Spotify is learning from locking up the estimable Joe Rogan, paywalls make sense to a tiny slice of one’s potential audience.
The story is an explanation about government helplessness when it comes to fintech or financial technology. The FCA acronym means Financial Conduct Authority. Think about London. Think about the wizards who cooked up some nifty digital currency methods at assorted UK universities less than one hour from the Pickle. Think about the idea that a government agency with near instant access to the wonks at the National Crime Agency, the quiet ones at Canary Wharf, and the interesting folks in Cheltenham. Now consider this passage from the write up:
… the Financial Conduct Authority said that Binance’s UK affiliate had “failed to” respond to some of its basic queries, making it impossible to oversee the sprawling group, which has no fixed headquarters and offers services around the world. The admission underscores the scale of the challenge facing authorities in tackling potential risks to consumers buying frequently unregulated products through nimble crypto currency businesses, which can often circumvent national bans by giving users access to facilities based overseas.
Hello? Rural Kentucky calling, is anyone at work?
Let’s step back. I need to make one assumption; that is, government entities’ have authority and power. What this write up makes clear is that when it comes to technology, the tech outfits have the authority and the power.
Not good in my opinion for the “consumer” and maybe for some competitors. Definitely not good for enforcement authorities.
Who finds sun shining through the clouds after reading this Financial Times’s story? I would wager that tech centric outfits are thinking about a day or more at the beach. No worries. And look. Here comes Snoop Dog handing out free beer. What a day!
Stephen E Arnold, August 31, 2021
Big Tech Vows, Warrants, Commits, Guarantees, and Assures to Make Security Way Way Way Better
August 26, 2021
I had to laugh. I read some of the write ups explaining the pledges of big tech to the White House about security. The US is at or near the bottom when it comes to security. America plays offense. The defense thing is not what George Washington would do.
Here’s a representative write up: “Google, Microsoft Plan to Spend Billions on Cybersecurity after Meeting with Biden.” This triggered a chuckle and a snort:
IBM CEO Arvind Krishna told CNBC ahead of the meeting and outside the White House on Wednesday that cybersecurity is “the issue of the decade.” He said he hoped to see more coordination between the public and private sectors coming out of the meeting and said IBM would do its part to help skill workers in the space.
Why are adversaries of the US running exfiltration, ransomware, and intellectual property theft operations?
Let me count the ways:
- Systems from outfits like Apple and Microsoft can be compromised because security is an add on, an afterthought, or a function implemented to protect revenues
- Senior managers in many US firms are clueless about security and assume that our employees won’t create problems by selling access, clicking on scammer emails, or working from home on projects funded by bad actors
- Customers pay little or no attention to security, often ignoring or working around security safeguards when they exist. Hey, security distracts those folks from scrolling through Facebook or clicking on TikTok videos.
There are other reasons as well; for example, how about the steady flow of one off security gaps discovered by independent researchers. Where are the high end threat intelligence services. If a single person can find a big, gaping security hole, why are the hundreds of smart cyber security systems NOT finding this type of flaw? Oh, right. Well, gee. A zero day by 1,000 evil techies in China or Moldova is the answer. Sorry, not a good answer.
There is a cyber security crisis in America. Yes, Windows may be the giant piece of cheese for the digital rats. Why hack US systems? That’s where there are lots of tasty cheese.
Is there a fix which billions “invested” over five years can fix?
Nope.
Pipe dreams, empty words, and sheepish acquiescence to a fact that bad actors around the world find enervating.
More stringent action is needed from this day. That’s not happening in my opinion. Who created the cyber security problem? Oh, right the outfits promising do not do it again. Quick action after decades of hand waving. And government regulations, certification, and verification that cyber security systems actually work? Wow, that’s real work. Let’s have a meeting to discuss a statement of work and get some trusted consulting firm on this pronto.
I have tears in my eyes and not from laughing. Nothing funny here.
Stephen E Arnold, August 26, 2021
DarkCyber for August 24, 2021, Now Available
August 24, 2021
The program for August 24, 2021, is now available at this link. This program, number 17 in the 2021 series, contains five stories. These are:
The NSO Group matter has produced some interesting knock on effects.
The consequence of NSO Group’s activities include criticism from the United Nations and Edward Snowden, a whistle blower and resident of Moscow. The Taliban’s takeover of Afghanistan was remarkable.
The core technology for the antagonists is discussed. You will learn about the musician Tankz and his method for making illegal credit card fraud accessible to young people in the UK and elsewhere. In addition to alleged financial crime, Tankz sings about Pyrex whipping. Ask your children what this is and then decide if you need to take action.
The program includes another reminder than one can find anti-security actors on the Regular Web and the Dark Web. The challenge is to make sure you do not become the victim of a scam.
The US government created an interesting report about nuclear war. It is not clear how lo9ng this document will remain available from a public Web server. You can check the link in the DarkCyber video for yourself. Tip: The document explains how the US may select a target for a nuclear strike.
The final story reports that the drone called Avenger has a new capability: Autonomous decision capability enabled by track and follow electronics. No human operator needed when a target is identified.
DarkCyber is produced by Stephen E Arnold and the DarkCyber research team. New programs appear every two weeks unless one of the video distribution services decides to remove the content derived from open sources of information. Tankz and a fellow traveler named DankDex, purveyor of the Fraud Bible, appear to post without pushback.
Kenny Toth, August 24, 2021
Apple: Change Is a Constant in the Digital Orchard
August 18, 2021
Do you remember how plans would come together at the last minute when you were in high school. Once the gaggle met up, plans would change again. I do. Who knew what was going on? When my parents asked me, “Where are you going?” I answered directly: “I don’t know yet.”
Apple sparked a moment of déjà vu for me when I read “Apple Alters Planned New System for Detecting Child Sex Abuse Images over Privacy Concerns.” The write up explained that the high school science club member have allowed events to shape their plans.
Even more interesting is what the new course of action will be; to wit:
The tech giant has said the system will now only hunt for images that have been flagged by clearinghouses in multiple countries.
How’s this going to work? Mode, median, mean, row vector value smoothing, other? The write up states:
Apple had declined to say how many matched images on a phone or a computer it would take before the operating system notifies them for a human review and possible reporting to authorities.
Being infused with the teen aged high school science club approach to decision making, some give the impression of being confused or disassociated from the less intelligent herd.
I have some questions about how these “clearinghouses in multiple countries” will become part of the Apple method. But as interested as I am in who gets to provide inputs, I am more interested in those thresholds and algorithms.
I don’t have to worry, one of the Apple science club managers apparently believes that the core of the system will return 99 percent or greater accuracy.
That’s pretty accurate because that’s six sigma territory for digital content in digital content land. Amazing.
But that’s the teen spirit which made high school science club decisions about what to do to prank the administrators so much fun. What happens if one chows down on too many digital apples? Oh, oh.
Stephen E Arnold, August 18, 2021
-
- Subscribe to Beyond Search
Feature archive
News archive
-
