Cyber Saturday for February 16, 2018

February 16, 2019

Sifting through the information flowing into DarkCyber was less than thrilling. We did spot several items which may presage more cyber excitement in the new world of the Internet.

Security Lapse of the Week

The British newspaper Guardian (paywall) reported that a former US intelligence operative joined Team Iran. The flip exposed information and operatives. The high profile government contractor Booz Allen employed this individual for five months in 2008. Insider threats are a major threat to the security of organizations and individuals engaged in intelligence work. The fancy and expensive software available from numerous vendors may prevent some embarrassing and dangerous activities. Booz Allen was the employer of Edward Snowden, and that company may be a prospect for vendors of next generation insider threat identification systems.

Be Afraid

Deep Fakes is a phrase which is used to described spoofed videos. DarkCyber learned that researchers are allegedly afraid of their own advances in what is called “deep fakes for text.” The Generative Pre Trained Transformer 2 or GPT 2 can punch out content that

comes so close to mimicking human writing that it could potentially be used for “deep fake” content.

You can learn more about DFT and the GPT from Ars Technica.

Plus There Is a Scary Future Arriving

In our weekly DarkCyber video news programs we report about image recognition. In the January 19, 2019, program we explain how making sense of images can be used to pinpoint certain human trafficking hot spots. The Guardian (registration required for some users) explains that pop star Taylor Swift “showed us the scary future of facial recognition.” The focal point of the story is a vendor doing business at ISM. More information about the company is at this link.

Also There Creepy Face Generating AI

Many bad actors attach their images to some social media posts. Some Facebook users have some pride in their law breaking achievements. What happens when the bad actor creates a Facebook account and then posts images with faces automatically generated by smart software? Good question. You can check out the service at this url for “This Person Does Not Exist.”

A Content Treasure Trove for Investigators

That delete button may not work the way you think. Whether you are reselling your old Macbook or deleting Twitter messages, those data may still be around and available for certain types of investigations. Twitter has allegedly retained messages sent to and from deactivated or suspended accounts. Security problem for some; big plus for others. For the Verge’s take, navigate to “Twitter Has Been Storing Your Deleted DMs for Years.”

Online Auction Fraud Group

The US Secret Service took down a gang running an online auction scam. The angle was that ads said:

“I’m in the military and being deployed overseas and have to sell fast.”

To find marks (suckers), the operation unfolded in this way:

Alleged conspirators in Romania posted fake ads on popular online auction and sales websites, including Craigslist and eBay, for high-cost goods (typically vehicles) that ran on air because they were figments of the imagination. They’d con people in the US with, among other lies, stories of how they were in the military and needed to sell their car before being deployed.

Then, according to the Naked Security story:

After their targets fell for it and sent payment, the conspirators allegedly laundered the money by converting it to crypto currency and transferring it to their foreign-based buddies. According to the indictment, the alleged foreign-based money launderers include Vlad-C?lin Nistor, who owns Coinflux Services SRL, and Rossen Iossifov, who owns R G Coins.

And That Fish You Ate Last Night?

An interesting scam has been quantified in Canada by the CBC. Those in the seafood supply chain mislabel their products. Seafood fraud is selling an undesirable species of fish for a more desirable one. How widespread is the practice? I learned:

Oceana Canada, a Toronto-based conservation organization, said it found there was mislabeling with 44 per cent of the seafood samples it tested this year and last in five Canadian cities  — and in 75 per cent of cases, cheaper fish were mislabeled as something more expensive.

And, Of Course, Stolen User Data

DarkCyber noted that another 127 million user records have been offered for sale. The vendor previously posted the availability of 620 million records. More about this now routine event at ZDNet.

Stephen E Arnold, February 16, 2019

Weapons via the Hidden Web

February 15, 2019

Gun control continues to be a major issue for Americans. However, if ever there was to be a tightening of gun ownership laws in this country, it’s interesting to wonder what the result might look like. Chances are, it would be a lot like Europe—even the problems that come with it, as we discovered in a recent Gunpowder Magazine article, “European Gun Ownership is Surging, Concerned Citizens Resort to Dark Web.”

According to the story:

“High threats of terror attacks and surging crime have left Europeans increasingly uneasy about their personal safety. And because gun control laws are so strict in Europe, citizens are resorting to illicit means to obtain firearms, to the point that, The Wall Street Journal reports, “unregistered weapons outnumbered legal ones” in 2017.”

It’s not just guns that are posing a threat on the dark web. Recently, a hacker posted over 600 million people’s information up for sale there. This is the reason why intelligence agencies are paying closer attention to the dark web, working on ways to crack its mysterious codes. The issue becomes staying in step or even a step ahead of the dark web, which isn’t as easy as it may sound.

Patrick Roland, February 15, 2019

The Dark Web Small Yet Still Dark Place

February 15, 2019

The Dark Web is an easy scapegoat to blame for all of the Internet’s woes and perils. Even the name “Dark Web” elicits images of negative activity. The truth about the Dark Web is much more complicated than we are led to believe. The Dark Web is a tool to browse and publish information anonymously on the Internet. Yes, criminals do use it to sell stolen goods and for sex trafficking, but it is also a haven for journalists in oppressive regimes, freedom of the press, and freedom fighters around the world.

ZeroFOX shares more details about the Dark Web and its uses in the article, “Evolving Landscape And Emerging Threats On The Dark Web.” ZeroFOX’s article first explains some basic information about what the Dark Web is and how it started as a US Navy project. The project developed into the Onion Router or Tor browser that can access Web sites with the .onion extension.

As the Dark Web grows, its users are experimenting with ways to improve anonymity. Some of the methods are moving to deep web sites that are membership or invite only. These types of Web sites are breeding grounds for criminal activity. The threats increase as technology improves.

The Web sites that pose the greatest threat are the ones that are the hardest to access. Organizations often lack the ability and knowledge to monitor the Dark Web. The most common crimes on the Dark Web are:

“Physical threats, doxxing, and chatter against top executives, public servants/figures, and journalists

Consumer data for sale or exposed, often credit card dumps and credentials leaks

Distribution of copyrighted materials, movies, music and TV

Hacking techniques, vulnerabilities, and planned attacks on cyber forums

Sales of drugs, counterfeit/stolen goods, proprietary technology”

With increased pressure from law enforcement, bad actors are shifting from the “old” Dark Web to alternative ways to obfuscate, communicate, and sell their products and services, exchange information, and chip away at some social norms.

Whitney Grace, February 15, 2019

Dark Web Leads To Dark Deals For Children

February 14, 2019

Illegal drugs and arms trafficking are some of the worst crimes on the Dark Web, but the most abhorrent crime is sex trafficking. A large majority of sex trafficking victims are women, but children (boys and girls) are also in the victim pool. The New York Post reports how over “123 Missing Children Found In Michigan During Sex Trafficking Operation.” On September 26, 2018, Michigan law enforcement and Operation MISafeKid recovered over one hundred missing children.

Michigan law enforcement were investigating 301 open missing children cases of which 123 were found. All the recovered children were interviewed about if they were sexually abused or trafficked in any fashion. Of the 123 children, only three of them reported being possibly victimized. The sting also revealed leads to missing children in Texas and Minnesota. It is horrible that the most vulnerable humans are sold for sex, but authorities are all the more dedicated to saving them.

“ ‘The message to the missing children and their families that we wish to convey is that we will never stop looking for you,’ the US Marshals Service said. Several agencies were involved in the operation including the US Marshals Service, Michigan State Police, Detroit Police Department, Wayne County local law enforcement, as well as the National Center for Missing and Exploited Children and the Department of Housing and Urban Development’s Office of Inspector General.”

It takes many law enforcement agencies to track, investigate, and prosecute the sex trafficking ringleaders. It is hard to imagine how these ringleaders kept their victims in line, because children are loud by nature. How much intimidation did they use to maintain a low profile?

Whitney Grace, February 14, 2018

LA Times and Its Counterfeiting Thriller

February 5, 2019

I read “Glowing Reviews Tout Counterfeit Cash on the Dark Web.” The news story is more like a thriller, however. The Dark Web, fake money, online investigations, and a shoot out.

DarkCyber noted several interesting factoids in the write up:

  1. Reviews by customers of the Dark Web counterfeiting operation were important to the criminal’s business. The article refers to a “loyal fan base.”
  2. The agency taking the lead in the investigation was the US Secret Service. DarkCyber has heard that this entity is the most capable team of cyber sleuths in the US government.
  3. The “printing” was carried out on lasers and special paper.
  4. The bad actor had a long history of illegal activities. (This suggests that pattern analysis may be a useful adjunct to a traditional investigation.)
  5. The bad actor mailed counterfeit bills on several occasions from a traditional outdoor mail box across from a police station.
  6. After neutralizing the bad actor, agents discovered “about $300,000 in fake $100 bills, lined up and hanging to dry in neat rows.”

Investigators have not solved the problem of the location of the digital currency to which the bad actor had access. Also, computers seized in the raid were encrypted, and these, according to the write up, have not yet been decrypted by the USSS.

Stephen E Arnold, February 5, 2019

DarkCyber for February 5, 2019, Now Available

February 5, 2019

DarkCyber for February 5,2019, is now available at and on Vimeo at The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.

This week’s story line up includes: Alleged money laundering via the popular Fortnite game; and an excerpt from Stephen E Arnold’s “Dark Web, Version 2” lecture at the University of Louisville.

The first story explains how bad actors launder money via the online game Fortnite. The game allows players to purchase “digital assets” by purchasing via a credit card. The credit card funds allow the player to acquire V Bucks. These V Bucks can be converted to weapons, information, or other in-game benefits. But the digital assets can be sold, often on chat groups, Facebook, or other social media. In the process, the person buying the digital assets with a stolen credit card, for example, converts the digital assets to Bitcoin or another digital currency. Many people are unaware that online games can be used in this manner. Law enforcement will have to level up their game in order to keep pace with bad actors.

The second story is an excerpt from Stephen E Arnold’s invited lecture. He spoke on January 25, 2019 to an audience of 50 engineering students and faculty on the subject of “Dark Web, Version 2.” In his remarks, he emphasized that significant opportunities for innovation exist. Investigators need to analyze in a more robust way data from traditional telephone intercepts and the Internet, particularly social media.

Arnold said, “The structured data from telephone intercepts must be examined along with the unstructured data acquired from a range of Internet sources. Discovering relationships among entities and events is a difficult task. Fresh thinking is in demand in government agencies and commercial enterprises.” In the video, Mr. Arnold expands on the specific opportunities for engineers, programmers, and analysts with strong mathematics skills.

A new blog Dark Cyber Annex is now available at Cyber crime, Dark Web, and company profiles are now appearing on a daily basis.

Kenny Toth, February 5, 2019

Japan: A Security Clamp

February 4, 2019

We are used to Olympic athletes pushing the limit of human accomplishment, but authorities in Japan are going even further. In preparation for the 2020 Olympics, the National Institute of Information and Communication Technology has gained permission to hack into citizens’ IOT devices in order to prevent terror attacks. We learned more from a recent ZDnet story, “Japanese Government Plans to Hack into Citizens’ IOT Devices.”

According to the story:

“The plan is to compile a list of insecure devices that use default and easy-to-guess passwords and pass it on to authorities and the relevant internet service providers, so they can take measures to alert consumers and secure the devices…The survey is scheduled to kick off next month, when authorities plan to test the password security of over 200 million IoT devices, beginning with routers and web cameras.”

From home security systems, to coffee pots, to doorbell cameras—these IOT tools are very vulnerable. While it’s promising to see an intelligence agency getting out ahead of a potential issue, the path to safety is fraught with potential problems. Would such a leap in privacy be acceptable in the US? We find it impossible to believe, but it’ll be interesting to see how Japan juggles this issue.

Patrick Roland, February 4, 2019

Colorado Retail Fraud Team Brings Agencies Together

January 31, 2019

Law enforcement officers in Douglas County, Colorado, are on the offensive against retail fraud. The Denver Post reports, “Multi-Agency ‘Strike Team’ Puts Heat on Retail Thieves, Fraudsters in Douglas County.” The strike force is called the Financial Investigative Regional Strike Team (FIRST), and brings together investigators from local law enforcement, the U.S. Secret Service, and the U.S. Postal Inspection Service, for a total of five agencies involved. At the beginning of this year, the team had already arrested two alleged counterfeiters, stopped a nationwide identity theft involving iPhones, and busted a credit-card cloning and skimming operation, among other accomplishments. Reporter John Aguilar tells us:

“FIRST, which launched in mid-October and operates out of the Douglas County sheriff’s headquarters in Castle Rock, has the singular focus of chasing down the fraudsters and organized retail theft rings that cause misery for victims and cost stores millions of dollars a year. It is a unique example in Colorado of collaboration and information-sharing across jurisdictional boundaries and even state lines. ‘Retail theft and fraud is the No. 1 crime we deal with in Lone Tree, and frankly, in the state,’ said Lone Tree Police Chief Kirk Wilson. ‘This isn’t a new problem — it’s just becoming more prolific every year.’

We also noted:

“In 2018, Colorado was ranked as the second-riskiest state for identity theft, according to a report from ASecureLife. The security firm calculated that 385 victims in the state lost more than $1.7 million to identity theft in 2017.”

Aguilar notes that, nationally, 92% of companies fell victim to organized retail crimes that year, with losses averaging over $777,000 per $1 billion in sales, according to a report from the National Retail Federation. Naturally, the internet makes physical jurisdictions somewhat irrelevant in such schemes, which is why the Secret Service (the only federal agency, we’re reminded, that investigates counterfeiting operations) and the Postal Inspection Service are on board. As Douglas County’s Chief Deputy Steve Johnson observes, such cooperation lets each organization escape their local “silos” see the bigger picture.

Cynthia Murrell, January 31, 2019

Playing Games with Money Laundering

January 29, 2019

Mark this one down in your diaries: just when you thought you’ve heard all the strangest ways imaginable to launder money, the dark web strikes again. This time, the incredibly popular online game, Fortnite is being used. Specifically, the pseudo-currency players use to buy weapons and outfits—V-Bucks. We discovered how this strange scam works via a recent Digital Trends article, “Fortnite V-Bucks Used By Criminals for Money Laundering Schemes.”

According to the story:

Criminals are buying V-Bucks from the official Fortnite store using stolen credit card information. The V-Bucks are then sold in online black markets at discounted rates to “clean” the money, according to an investigation by The Independent and research by cybersecurity firm Sixgill.

From bizarre video game-related ways of washing dirty money, to Mexican drug cartels using Chinese crypto-brokers to do the same, one thing is abundantly clear to law enforcement. It pays to look under every rock and follow every lead on the dark web, because criminals are never going to stop looking for strange new avenues to make money.

Yep, games.

Patrick Roland, January 29, 2019

DarkCyber for January 29, 2019, Now Available

January 29, 2019

DarkCyber for January 29, 2019, is now available at and on Vimeo at The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.

This week’s story line up includes: Microsoft Bing and a child pornography allegation; Endace introduces facial recognition and a tie up with Darktrace; A report about drones and correctional institutions; and CIA report about hazardous compounds.

The first story discusses allegations of child pornography and other inappropriate content in the Microsoft Bing index. DarkCyber’s experts report that problematic content can be found within any free Web search system. The reasons range from bad actors use of code words to innocuous pages which contain links to objectionable content labeled as popular services. Filtering is one approach, but a cat and mouse game requires that Web search providers have to continue to enhance their content review procedures. Chatter about artificial intelligence is often hand waving, politically correct speech, or marketing.

Second, Endace is one of the leaders in lawful intercept hardware and software. However, Endace continues to innovate. The firm has added facial recognition to its service offering. Darktrace, one of the more innovative cyber security vendors, has announced a relationship with Endace. Darktrace’s three D visualization and analytics may spark new products and services for Endace. Verint, another cyber security firm, has also added support for Endace’s lawful intercept systems.

The third story calls attention to a free report about bad actors’ use of drones to deliver contraband into prisons. Correctional institutions in the US are adding anti drone technology. Drones have been used to deliver mobile phones and other contraband to inmates. DarkCyber provides a link so that viewers can request a copy of the Dedrone report.

The final story is a follow up to an earlier report about the chemicals and compounds frequently used for home made explosive devices. A viewer want to know where additional information could be found. DarkCyber provides a link to a CIA document which reviews chemical, biological, radiological, and nuclear substances.

A new blog Dark Cyber Annex is now available at Cyber crime, Dark Web, and company profiles are now appearing on a daily basis.

Kenny Toth, January 29, 2019

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta