Cellebrite: Low Profile Outfit Shares Some High Value Information
March 27, 2020
Cellebrite, now owned by Japanese interests, is not a household word. That’s good from DarkCyber’s point of view. If you want to know more about this company, navigate to the company’s Web site.
“Cellebrite Unveils the Top Global Digital Intelligence Trends for 2020” provides observations / finds in its Annual Digital Intelligence Industry Benchmark Report for 2020. Our video program will consider some of these findings in the context of cyber intelligence. However, there are four items of interest which DarkCyber wants to highlight in this short article.
Intelligence and other enforcement agencies are slow to adapt. This finding is in line with DarkCyber’s experience. We reported on March 24, 2020, in our DarkCyber video that the Canadian medical intelligence firm Bluedot identified the threat of the corona virus in November 2019. How quickly did the governments of major countries react? How is the US reacting now? The “slowness” is bureaucratic friction. Who wants to be identified as the person who was wrong? In terms of cyber crime, Cellebrite’s data suggest “43 percent of agencies report either a poor or mediocre strategy or no digital intelligence strategy at all.” [emphasis added].
Government agency managers want modernization to help attract new officers. The Cellebrite study reports, “Most agency managers believe police forces that embrace mobile tech to collect digital evidence in the field will help reduce turnover and be significantly more prepared to meet the digital evidence challenges of 2020.” DarkCyber wants to point out that skilled cyber professionals do not grow on trees. Incentives, salaries, and work magnetism are more important than “hopes.”
Budgets are an issue. This is a “duh” finding. DarkCyber is not being critical of Cellebrite. Anyone involved directly or indirectly in enforcement or intelligence knows that bad actors seem to have infinite scalability. Government entities do not. The report says, “With the deluge of digital devices and cloud data sources, examiners face an average 3-month backlog and an average backlog of 89 devices per station. The push for backdoors is not designed to compromise user privacy; it is a pragmatic response to the urgent need to obtain information as close to real time as possible. Cellebrite’s tools have responded to the need for speed, but for many governments’ enforcement and intelligence agencies, a 90 day period of standing around means that bad actors have an advantage.
DarkCyber will consider more findings from this report in an upcoming video news program. Watch this blog for the release date for the program.
Stephen E Arnold, March 27, 2020
DarkCyber for March 24, 2020, Now Available
March 24, 2020
DarkCyber for March 24, 2020, covers four stories. You can view the video on YouTube or on Vimeo.
The first story explains that phishing is a contentious issue in many organizations. Managers see phishing one way; information and security professionals often have a different view. The divide can create more vulnerabilities for organizations ignoring the escalating risk from weaponized email.
The second story provides some information about Banjo (a US firm engaged in providing specialized services to law enforcement) and BlueDot (a Canadian company applying advanced analysis to open source and limited access medical information). The story makes clear that the methods of these firms provide excellent insight into how some specialized software systems deliver high value intelligence to law enforcement and intelligence professionals worldwide.
The third story provides information about a Department of Justice report aimed at Dark Web researchers. The document is available without charge from the url provided in the program. Failure to follow the guidelines in the document can convert a researcher into a bad actor.
The final story reviews recent steps taken by the Russian government to exert tighter control over Internet applications. The affected software includes Tor and the Telegram Open Network. Mr. Putin has become Russia’s first digital tsar.
Kenny Toth, March 24, 2020
DOJ Suggestions for Threat Research and Cyber Intelligence Gathering
March 13, 2020
DarkCyber spotted “Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources.” The Department of Justice has assembled what a mini best practices for those who are gathering certain types of cyber security information; for example, Dark Web fora.
The document states:
The application of federal criminal law to activities occurring online can be complicated.
That should be a yellow warning signal to those who embark on digital journeys into certain parts of the datasphere. The document provides some information about different ways to gather information from online discussion groups.
Online storefronts can appear to provide a way to purchase products or services which, in some jurisdictions, are problematic.
The document is informative and, in DarkCyber’s opinion, a useful contribution to the literature related to obtaining threat intelligence.
Net net: Don’t intentionally or unintentionally become what some authorities would consider a criminal. Plus, any spelunking in certain areas of the datasphere can change a curious eager beaver into a target for bad actors.
Stephen E Arnold, March 13, 2020
Phishing Faces a Tough Competitor
March 13, 2020
DarkCyber spotted a factoid which could be marketing dressed up in factual finery or a datum which is accurate. You will have to figure out which.
Navigate to “Adware Accounts for 72% of Mobile Malware: Avast.” The write up states:
Adware or software that hijacks a device in order to spam the user with unwanted ads now accounts for 72 per cent of all mobile malware, says a new report from cybersecurity firm Avast.
But what about the other 28 percent of digital legerdemain?
The remaining 28 per cent consist of banking Trojans, fake apps, lockers, and downloaders, according to statistics gathered by Avast’s Threat Lab experts.
The write up points out:
Adware often disguises itself in the form of gaming and entertainment apps, or other app types that are trending and therefore are interesting targets with a high potential to spread far. These apps may appear harmless, but once they have infected a device they will surreptitiously click on ads in the background. Sometimes, adware also serves ads with malicious content.
Phishing may lose its pride of place among bad actors.
By the way, the data in the write up, if on the money, does not explain how malware on a mobile phone can perform a number of other useful services for the developer. These services can be helpful to certain types of professionals working in field other than Madison Avenue pursuits.
Stephen E Arnold, March 13, 2020
DarkCyber for March 10, 2020, Now Available
March 10, 2020
DarkCyber for March 10, 2020, includes four stories. The first is a look at how BriefCam’s smart software generates video synopses of surveillance viden. The second presents information about the geotracking capabilities enabled by aggregated data from vendors like Venntel and Oracle, among others. The third story dips bnack into phishing-rich data flows. There’s is a reason why bogus email exploits are increasing. Watch to find out the reason. The final story discloses the Amflyfi and Deep Web Technologies mergers. Is a new intelware giant taking shape. Check out this week’s video to learn what DarkCyber thinks.
Kenny Toth, March 10, 2020
DarkCyber for January 14, 2020, Now Available
January 14, 2020
The DarkCyber for January 14, 2020, is now available. The program includes stories about ToTok, cyber trends in 2020, and information about the new Amazon Blockchain Policeware report. You can view the video on Vimeo at this link: https://vimeo.com/384343454.
We want to thank the people who commented on our interview with Robert David Steele. We posted this video on December 31, 2019. If you missed that program, you can view it at this link: https://vimeo.com/382165736.
Kenny Toth, January 14, 2020
From the Home of Evil Corp.: Streaming Demons Stir the Pot
December 17, 2019
DarkCyber spotted this write up: “Russia’s 3rd-Largest Internet Company Is Suing Twitch for $3 Billion, Wants It Banned in the Country.” The story asserts that Rambler Group, which figures in other interesting activities, is:
planning to sue the Amazon-owned streaming site for 180 billion rubles ($2.82 billion) in a Russian court. It claims that Twitch breached its exclusive broadcast rights to Premier League games more than 36,000 times between August and November. The company also seeks a permanent ban on Twitch in Russia.
DarkCyber recalls stories about Evil Corp.; for example, this one: “‘Evil Corp’: Feds Charge Russians in Massive $100 million Bank Hacking Scheme.” That write up reported:
“Evil Corp.,” a name reminiscent of the nickname for the key malevolent corporation in the popular television drama “Mr. Robot,” is “run by a group of individuals based in Moscow, Russia, who have years of experience and well-developed, trusted relationships with each other,” according to a Treasury Department press release. The criminal group used a type of malware known as “Dridex,” which worked to evade common anti-virus software and spread through emailed phishing campaigns.
Bookends, peanut butter and jelly, or ham and eggs?
These two alleged legal actions raise a number of questions:
- Which is more evil? Stealing soccer broadcasts or individual’s money?
- Why aren’t certain content types just blocked? China seems to be reasonably adept at filtering?
- Will soccer fans stop looking for low cost pirate streams or will gamers give up on Amazon Twitch because of a legal action?
- Who is behind pirated content? (Some of the key players may be a surprise, DarkCyber believes.)
Worth monitoring these symmetrical legal actions? Yep.
Stephen E Arnold, December 17, 2019
Arnold Interviewed about Amazon Blockchain Inventions
December 5, 2019
Robert David Steele, former CIA professional and open source intelligence expert, interviewed Stephen E Arnold about Amazon’s blockchain inventions. Arnold recently completed a chapter for a forthcoming academic press book about blockchain. That chapter and its information prompted journalists from the US and France to interview Arnold about his findings. Arnold’s information was included in news stories appearing in the New York Times, MIT Technology Review, and Le Monde.
Steele obtained an exclusive video interview with Arnold about his Amazon blockchain research. Among the topics discussed in the 30 minute program are:
- The “trigger” for the research
- Sources of data and research methods
- The major findings from the 18 month research project
- The likely trajectory of Amazon’s products and services incorporating the company’s more than 12 blockchain inventions.
- How to obtain a summary of Arnold’s research findings.
You can view the video at this link. Steele has compiled links to other Amazon information obtained from Arnold at this link.
Kenny Toth, December 5, 2019
Russia and Iran: Beards (in the Medieval Sense) Are Back
November 6, 2019
Here is a terrific example of how Russian cyber attackers skillfully sow confusion. The Financial Times reveals, “Russian Cyber attack Unit ‘Masqueraded’ as Iranian Hackers, UK Says.” A joint investigation by the UK’s National Cyber Security Centre and the US’s National Security Agency reveals the espionage group first hacked an Iranian hacking group, then attacked over 35 other countries posing as that group. The Russian group, known as Turla, has been linked to Russian intelligence. Reporters Helen Warrell and Henry Foy write:
“The Iranian group is most likely unaware that its hacking methods have been hacked and deployed by another cyber espionage team, security officials involved in the investigation said. Victims include military establishments, government departments, scientific organizations and universities across the world, mainly in the Middle East. Paul Chichester, NCSC director of operations, said Turla’s activity represented ‘a real change in the modus operandi of cyber actors’ which he said ‘added to the sense of confusion’ over which state-backed cyber groups had been responsible for successful attacks. ‘The reason we are [publicizing] this is because of the different tradecraft we are seeing Turla use,’ he told reporters. ‘We want others to be able to understand this activity.’ Mr Chichester described how Turla began ‘piggybacking’ on Oilrig’s attacks by monitoring an Iranian hack closely enough to use the same backdoor route into an organization or to gain access to the resulting intelligence. … But the Russian group then progressed to initiating their own attacks using Oilrig’s command-and-control infrastructure and software.”
We’re told the group successfully hacked about 20 countries using this tactic. It let them tap into Oilrig’s operational output to gain access to victims faster and easier. Not surprisingly, the Kremlin refused to comment; Russia consistently denies it hacks other states, describing such allegations as “mythical.”
Cynthia Murrell, November 6, 2019
Another Cyber Firm Reports about Impending Doom
October 29, 2019
Identity intelligence firm 4iQ summarizes the results of recent research in the write-up, “Identity Protection & Data Breach Survey.” They polled 2,300 participants regarding data breaches and identity protection issues. You can see a slide show of the results here that presents the results in graph-form.
Researchers found that fewer than half the respondents had been notified they were victims of a breach. Most of them were offered identity protections services as a result, but about half of those felt that fell short of adequately addressing the problem. We also learn:
“*Nearly 40% of respondents believe they have already suffered identity theft and more than half of respondents, 55%, believe that it’s likely their personally identifiable information (PII) is already in the hands of criminals. As a result, 62% of respondents are concerned that their PII could be used by someone to commit fraud.
*More than half, 52%, of respondents said they would expect their own online security error to negatively or very negatively affect their standing with their employer—an additional stress for working Americans—so it’s not surprising then, that 60% of respondents believe there’s a ‘blame-the-victim’ problem with cybercrime.
*A strong majority, 63%, are concerned that prior breaches could lead to future identity fraud, and 37% believe they have already been a victim of fraud as a result of a cybercrime incident.”
As for protecting personal identifiable information, 75% feel their employers are doing a fair to excellent job, but only 42% feel the government is do so effectively. They feel even less confident about their personal efforts, however, with only 15% calling themselves “very effective” (23% rated their employers as “very effective”).
On that last point, 4iQ states it demonstrates that “everyday consumers may feel unprepared to contend with the threats presented by cybercrime,” which is not surprising from a company that sells solutions to that problem. We know there are free and low-cost measures individuals can take to boost their own security, but some will be willing to pay for extra reassurance on top of those precautions. Based in Los Altos, California, 4iQ was founded in 2016.
Cynthia Murrell, October 29, 2019
-
- Subscribe to Beyond Search
Feature archive
News archive
-
