DarkCyber for July 2, 2019, Is Now Available
July 2, 2019
DarkCyber for July 2, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/345294527. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: Tor survives another court battle related to a child who overdosed on Dark Web drugs; a newspaper unwittingly provides a road map for undertaking credit card fraud; a profile of DataWalk, a next-generation intelligence platform with a secret sauce; and Recorded Future’s threat intelligence service runs from Amazon’s platform.
This week’s lead story is the revelation that Recorded Future relies on Amazon AWS to serve its new threat intelligence service. Recorded Future was founded in 2009 with initial investors Google and In-Q-Tel, the investment arm of the US Central Intelligence Agency. In May 2019, the predictive analytics company was acquired by Insight Partners, a leading global capital and private equity firm. The purchase price was about $700 million. Recorded Future’s threat intelligence service is in the same product category as FireEye’s information service. Providing threat information in a browser provides easier access to this information. Stephen E Arnold, author of CyberOSINT: Next Generation Information Access, said: “The use of the Amazon AWS platform, not the competing Google service, is significant. Recorded Future joins BAE, Palantir Technology, and a handful of other firms leveraging the AWS infrastructure. Amazon is emerging as the plumbing for law enforcement and intelligence software.”
Other stories for the July 2, 2019, program are:
First, a Utah court decided that Tor, the software bundle required to access the Dark Web, was not liable for a death. The parents of a young person who overdosed on drugs ordered from a online contraband vendor via Tor sued the foundation involved with the anonymizing technology. Other cases have been filed against Tor. The deciding factor in this most recent decision and other cases is the US law which treats online platforms differently from traditional publishers. The court uncovered information that there are about 4,000 people in Utah who use Tor and presumably the Dark Web each day.
Second, a British newspaper published an informational article about online credit card fraud. DarkCyber interpreted the information in the report as a road map for a person who wanted to commit an online crime. The news story provided sufficient information about where to locate “how to” materials to guide an interested individual. Tips for locating sources of stolen credit card data were embedded “between the lines” in the report. The newspaper did omit one important fact. Organized crime syndicates are hiring individuals to commit credit card fraud and other financial crimes.
Finally, DarkCyber profiles a start up called DataWalk. This company provides a next-generation intelligence analysis and investigation platform. Competitors include IBM Analyst’s Notebook and Palantir Technologies Gotham / Titan products. DataWalk, however, has patented its technology which implements the firm’s method of delivering query results from disparate sources of structured an unstructured content. Plus the company can provide an analyst with content from third-party content products such as Thomson Reuters and the specialist publisher Whooster. The service also scales to accommodate data analysis, regardless of the volume of information available to the system. DataWalk’s analytic system operates in near-real time. DataWalk allows a user to perform sophisticated investigative and analytic procedures via a mouse-centric graphical interface. A user can click on an icon and the system automatically generates a “workflow ribbon.” The ribbon can be saved and reused or provided to another member of the investigative team. More information about this firm is available at www.datawalk.com .
Kenny Toth, July 2, 2019
Google: Hunting for Not Us
June 26, 2019
There was a dust up about song lyrics. As I recall, the responsibility did not fall upon the impossibly magnificent Google shoulders. A supplier may have acted in a manner which some “genius” thinks is a third party’s problem. Yep, a supplier.
I just read “Tracing the Supply Chain Attack on Android.” The write up explained that malware with impossible to remember and spell names like Yehuo found its way on to Android phones via the “supply chain.” I don’t know much about supply chains, but I think these are third parties who do work for a company. The idea is that someone at one firm contracts with the third party to perform work. When I worked as a “third party,” I recall people who were paying me taking actions; for example, texting, visiting, emailing, requiring me or my colleagues to attend meetings in which some of the people in charge fiddled with their mobile devices, and fidgeted.
The write up digs through quite a bit of data and reports many interesting details.
However, there is one point which is not included in the write up: Google appears to find itself looking at a third party as a bad actor. What unites the “genius” affair and the pre installed malware.
Google management processes?
Yes, that’s one possible answer. Who said something along the lines that if one creates chaos, that entity must address the problems created by chaos?
But if a third party did it, whose problem is it anyway?
Stephen E Arnold, June 26, 2019
DarkCyber for June 18, 2019, Now Available
June 18, 2019
DarkCyber for June 18, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/342544814.
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up covers: A next-generation content processing system funded by In-Q-Tel; Dark Web scans for personal information; a new spin on Crime as a Service tuned to steal financial data; Canada’s prisons get a drone detection systems; and the FBI Vault adds additional Clinton email data.
This week’s feature is a review of Forge.ai’s content processing system for law enforcement and intelligence applications. The system converts open source and other data into “structured intelligent event event feeds.” Unlike many commercial content processing and intelligence systems, Forge.ai is designed to handle data flows of virtually any size and perform processing in real time. The company recently received the support of In-Q-Tel, the CIA’s investment unit. Lt. General John Mulholland is accepted a position on Forge.ai’s board of advisers. General Mulholland was the deputy commander of Special Operations command and also served at the CIA.
Other stories in this week’s DarkCyber video news program are:
First, Dark Web scans to find personal information are advertised on television. DarkCyber looks at some of the methods used by vendors who offer free or low-cost scans of the Dark Web for PII or personal identification information. DarkCyber reports that many services do not deliver comprehensive results. There are specialized services available to law enforcement and intelligence professionals, but most of these are not available for public use.
Second, crime-as-a-service or CaaS continues to improve. Malware from two different sources have evolved into a symbiotic relationship. The Gazorp tool makes it easy to customize malware known as Azorult. Despite the odd names, the one-two punch facilitates the use of these tools by an individual or group of individuals without deep technical expertise. Gazorp is offered without charge, but the value of the software opens the door to monetization. Other bad actors are likely to build on the CaaS approach of Gazorp’s and Azorult’s developers and users.
Third, in this week’s drone news, DarkCyber reports that Version 2, a Canadian company, will deploy a drone detection system as six of Corrections Canada’s prisons. Drones have been sued to drop contraband into correctional facilities. Some drone have delivered drugs, mobile phones, and McChicken sandwiches to inmates. Donnacona, one of Canada’s most secure facilities, will be among the first group of institutions to receive the new technology in early 2020.
Finally, DarkCyber provides information so that a viewer can download more than 400 pages of information related to Hillary Clinton’s email. The collection of documents is available in the Federal Bureau of Investigation’s Vault service. Manual review of the documents is recommended. Some media reports have not presented a comprehensive picture of the information in this most recent release of information.
DarkCyber video news is a weekly program. It contains no advertising, and it is designed for law enforcement, security, and intelligence professionals interested in software, new developments, and investigative innovations. New programs become available on Tuesday of each week. Programs are available via YouTube and Vimeo.
Kenny Toth, June 17, 2019
Hackers Steal Millions in Cryptocurrency from Cryptopia
June 15, 2019
As the use of cryptocurrency continues to grow, more hackers are inspired to rob the digital vaults.
Medium reveals, “Hackers Allegedly Steal Millions from Cryptopia, a Cryptocurrency Exchange in New Zealand.” Naturally, local authorities and New Zealand’s high-tech crimes unit are on the case, but have not named a suspect. Writer Asgardia.space tells us:
“On January 13th, 19,391 ETH (Ethereum) worth around $2.5 million and 48,029,306 CENNZ tokens (Centrality) worth about $1.18 million were transferred from Cryptopia exchange to unknown wallets. As of now, the owner of the wallet is not yet confirmed. It could be the exchange itself or the hackers. The growing number of exchange hackings has caused a negative reputation to spread with cryptocurrencies. In 2018, CoinCheck, a Japanese cryptocurrency exchange, was hacked, and approximately $500 million of funds were stolen. If these crimes continue to happen then newcomers in the crypto space will lose trust in cryptocurrencies and in turn, the whole cryptocurrency market will suffer.”
Gee, who could have foreseen that digital currency would be vulnerable to cyber criminals? Industry leaders now advise that anyone brave enough to continue using cryptocurrency choose decentralized exchanges, which are considered safer than centralized exchanges. For its part, Cryptopia remains shuttered until the problem is resolved.
Cynthia Murrell, June 15, 2019
DarkCyber for June 4, 2019, Now Available
June 4, 2019
DarkCyber for June 4, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/339717881 .
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: A look at SafeSkyHacks; cyber crime data from the Global Drug Survey; bad actors shift to closed chat service; the real threat of GozNym malware; LookingGlass and GoldmanSachs announce cyber intelligence deal.,
This week’s feature is a look at the broader implications of the GozNym malware. This series of attacks netted the bad actors more than $100 million from 41,000 businesses and financial institutions. The malware was a combination of code, operating by deploying numerous exploits. As damaging as GozNym was, it signals a phase change in how modern digital attacks operate. DarkCyber identifies three key characteristics of GozNym. First, it was a multi-national force. Second, the hackers met and communicated via social media and chat. Third, the hackers operated like Amazon the AWS cloud, offering Crime as a Service. Attackers needed little or no technical expertise.
Stephen E Arnold, producer of DarkCyber and author of “The Dark Web Notebook,” said in his lecture on June 4, 2019, at the TechnoSecurity & Digital Forensics Conference: “The law enforcement crackdown on the Dark Web has been effective. The unanticipated consequence has been a shift to decentralized operations delivering Crime as a Service.” Point-and-click is now point-and-attack.”
Other stories covered in the June 4, 2019, DarkCyber video include:
First, a review of the software and services available on a hacker forum available to anyone with a standard browser. SafeSkyHacks provides free information about hacking, stolen data sets, and information about exploits. A members-only section of the Web site makes it possible to locate hackers with specific skills, services, software, and data. The DarkCyber video segment takes a close look at the profile posted by one of SafeSkyHack’s’ members. Hackers offer a number of services which may cross the boundary between general information and illegal activity.
Second, the Global drug survey for 2019 contains a wealth of information about the illegal use of narcotics available from the Dark Web and other sources. DarkCyber extracts items which reveal the countries which are now experiencing sharp increases in the use of controlled substances. The United States, for example, is at the top of the list of countries for opioid abuse. Another significant finding in the 2019 report links drug abuse with sexual assault. Assaults often happen when other people are nearby and reports of these attacks are rarely, if ever, reported to the police.
Third, DarkCyber reports about Stephen E Arnold’s remarks about the technology being adopted by bad actors. With information about distributed system widely available and the willingness of criminal elements to pay as much as $1 million for technical talent, law enforcement faces a new challenge. Services like illegal online gambling and video streaming services are becoming difficult to stop. When authorities seize one server, the bad actors deploy a replacement system at a different hosting location with a different Internet address. The new location for the illegal service is disseminated via closed chat and online forums. Often the access information is available on public content hosting sites like Pastebin.com. In some countries, the technical resources needed to disable an illegal online service structured like Netflix is a new challenge.
The final story is a report about the transfer of GoldmanSachs’ Sentinel cyber security software to LookingGlass, a cyber intelligence firm. Terms of the deal were not disclosed. LookingGlass is likely to integrate the Sentinel system into the LookingGlass services for financial institutions. Sentinel was recognized for excellence by the US Department of Homeland Security.
Kenny Toth, June 4, 2019
DarkCyber for May 28, 2019, Now Available
May 28, 2019
DarkCyber for May 28, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/338518927. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: The Offensive Community hacking Web site; malware requires no user action to seize mobile phone data; Dutch police deal with prisoner monitoring failure; a snapshot of Cobwebs Technologies’ investigative software; and China’s Great Firewall burns Wikipedia.
This week’s feature provides information about hackers for hire on the regular Internet, no Dark Web surfing required. The Offensive Community Web sites offers a classified advertising service. Hackers can post their capabilities in order to attract customers. The information on the site references a range of exploits which can be used for positive as well as illegal activities. Forums provide information and sources for botnets, keyloggers, remote access controls, specialized scripts, and related functions.
Other stories covered in the May 21, 2019, DarkCyber video include:
First, malware, allegedly developed by a specialist vendor supporting government customers, can compromise a mobile phone. What makes this alleged exploit notable is that the standard way of placing malware on a user’s device is to require that the user click a link or take some other action. That action allows the attacker to place the exploit on the user’s phone. The new approach requires only that the target has Facebook’s WhatsApp installed. The attacker places an in app voice call to the target. The exploit automatically uses a programming error in WhatsApp to compromise the target’s phone. The method was allegedly used to track the journalist Jamal Khashoggi. The fact that this method is no longer secret provides sufficient information to ensure that other bad actors will seek to emulate this technique.
Second, a botched software update in the Netherlands disabled prisoner ankle bracelets. These devices are used to monitor prisoners under house confinement. When these devices go offline, the monitored individual can flee the country or return to his or her pre-arrest activities. The Dutch police experienced a similar outage in 2018 when the mobile phone system used to transmit data went down. The modern ankle bracelet includes the tracking technology, but can also include two-way communications, alcohol level monitoring, and anti-removal technology. There are videos allegedly showing how one removes these devices, but tampering with the devices typically leads to additional charges.
Third, DarkCyber provides a profile of the basic functions available in the investigative software developed by Cobwebs Technologies. This is an Israeli startup which allows a user to extract actionable information from open source content. The tools available include a search and retrieval system and analytics. Data can be displayed in a visual format, including maps. DarkCyber’s overview includes examples of the interface and analytic reports.
Finally, China’s Great Firewall has blocked Wikipedia, the online encyclopedia. The online information service publishes content in numerous languages, and China has blocked every version of the digital encyclopedia. China’s approach to information control is part of a larger effort to maintain order and ensure government control of citizen activity. The process is called “Chinafication,” and the censorship method is influencing other governments’ approach to ensuring civil order.
DarkCyber appears each Tuesday and is available on YouTube, Vimeo, and directly from the DarkCyber news service.
Kenny Toth, May 28, 2019
DarkCyber for May 21, 2019, Now Available
May 21, 2019
DarkCyber for May 21, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/337093968.
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: A new version of Tor; digital bits trigger bombs; highlights from the FBI’s 2018 Cyber Crime Report; more details about the Wall Street Market take down; DeepDotWeb seized; Telegram used to sell weapons; and the size of the Dark Web.
This week’s feature provides more details about the take down of the Dark Web contraband ecommerce site, Wall Street Market. DarkCyber reports that the operation involved law enforcement from several countries, including Germany and the US. One moderator of the site initiated a blackmail scheme as law enforcement prepared to seize the site’s servers and arrest its owners. As part of the takedown, providers of drugs were arrested in the US. The take down revealed millions in cash and digital currency accounts worth more than $14 million. Investigators also seized data and other information, including customer details.
Other stories covered in the May 21, 2019, DarkCyber video include:
First, information about the new release of the Tor software bundle. Firefox is used as the base for the Tor browser. Technical issues with Firefox required some scrambling to address technical issues. The new release is available on the Tor.org Web site. DarkCyber points out that in some countries, downloading Tor is interpreted as an indicator of possible ill intent.
Second, a cyber attack on Israel prompted a kinetic response. The incident marks the first time Israel has responded to an act it regarded as information warfare with a missile strike on the alleged perpetrators’ headquarters. DarkCyber points out that the US may have used force in response to an adversary’s leaking classified and sensitive information on a public Web site. The use of traditional weapons in response to a digital attack is a behavior to monitor.
Third, DarkCyber selects several highlights from the FBI’s report about cyber crime in 2018. Among the key points identified is the data about the most common types of online crime. Most attacks make use of email and use social engineering to obtain personal financial information or user name and password data. The FBI report verifies data from other sources about the risks associated with email, specifically enticing an email recipient into downloading a document with malware or clicking on a link that leads to a spoofed page; for example, a PayPal page operated by the attacker, not the legitimate company. DarkCyber provides information about how to obtain this government report.
Fourth, an international team of law enforcement professionals seized the Sheepdog, an online information service. This site was accessible using a standard browser, no Tor or i2p software was required. The site referred its visitors to Dark Web sites selling drugs and other contraband. The seizure is an indication that Europol, FBI, and other law enforcement agencies are expanding their activities to curtail illegal eCommerce.
Fifth, DarkCyber explains that a story about bad actors using Telegram, an encrypted messaging app, to sell weapons should be viewed with caution. The story originated with a report from MEMRI, the Middle East Media Research Institute. The organization was founded by a former Israeli intelligence offer and has been identified as an organization generating content which may have characteristics of disinformation. DarkCyber provides a link to the MEMRI organization to make it easy for viewers to follow its information stream.
The final story reports that another vendor has sized the scope of the Dark Web. The most recent size estimate comes from Recorded Future. The company reports that it was able to identify 55,000 Dark Web domains. Of that number, only about 8,400 are online. DarkCyber notes that of the active site, a relatively few sites dominate illegal eCommerce, sharing of sensitive information, and other questionable services.
DarkCyber appears each Tuesday and is available on YouTube, Vimeo, and directly from the DarkCyber news service.
Kenny Toth, May 21, 2019
DarkCyber Video News for May 7, 2019, Now Available
May 7, 2019
DarkCyber for May 7, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/334253067.
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: The use of Telegram for ecommerce; phishing with fake email undergoes a renaissance; Cisco Talos explains a serious attack on foundation servers; a review of weapons for sale on the Dark Web; and a look at advanced autonomous drone technology.
This week’s feature examines a new study about the sale of weapons on the Dark Web. The report explains that handguns are long rifles are for sale on some Dark Web sites. The majority of these weapons are handguns. Only a small percentage of the weapons are automatic rifles. The research comes from three academics involved in criminal justice. The data from the Dark Web were collection in 2016. Because information about the type of weapons offered for sale is limited, the report helps fill this data gap. DarkCyber points out that the Dark Web has undergone some significant changes in the last two years. As a result, the study provides information, but some of it may be outdated.
The May 7, 2019, program also reports on:
First, how Telegram, an encrypted messaging application, can be used to promote and sell certain types of contraband products, services, and data. Messaging technology may be “old school” but Telegram’s features create challenges for enforcement agencies.
Second, phishing and spear phishing are methods for stealing users’ credentials with a long history. Now these techniques are gaining more momentum. DarkCyber reports about a “smart” application which can automate phishing and spear phishing attacks. Unlike commercial specialist tools, the Dark Web phishing kit costs a few hundred dollars, and it features a “fill in the blanks” approach to these malicious attacks.
Third, Cisco’s cyber security unit Talos has published a detailed report about a denial of service attack on core Internet systems. There are 13 foundation or core servers which facilitate domain name services. One of these has been the focus of a digital assault by a bad actor, possible supported by a nation state. The denial of service method relies on a series of nested malware programs. The attack makes use of misdirection and several different methods designed to compromise a foundation server. If such an attack is successful, other types of malicious activity is simplified for the bad actors.
Finally, DarkCyber responds to a viewer’s request for an update on advanced autonomous drone technology. DarkCyber provides a look into the future of US drone capabilities.
Kenny Toth, May 7, 2019
Human Trafficking: Popular and Pervasive
April 18, 2019
Sex trafficking is one of the greatest crimes in the world. Sex trafficking is one of the crimes facilitated by digital environments, but the same technology the bad actors use for their crimes is always being used to catch them. USA Today shares how the technology is used to put an end to sex trafficking in the article, “Technological Tricks Can Help End Sex Trafficking: Former IBM Vice President.”
In January 2019, the US Institute Against Human Trafficking launched the Reach Out Campaign in Tampa, Florida. The program used web scraping technology to gather phone numbers of Web sites selling sex in Tampa. It was discovered that most of the numbers linked to cell phones of people sold for sex so they could communicate and book appointments with their “clients.” Reach Out gathered over 10,000 numbers and a mass text was sent out to the numbers with information to leave the sex industry.
The Reach Out Campaign received a 13 percent response. The program needs to be launched across the country in order to assist more sex trafficking victims, who deal with complicated psychological issues. AI bots called Intercept Bots are deployed to create fake sex ads on the Internet, then when someone responds it collects the user’s information. The bot will then share that it is a lure and that the user’s information will potentially be given to law enforcement. While it is important to assist the victims, it is also helpful to address the perpetrators, generally men, and prevent them from committing the crimes in the first place:
It is important, however, that we not just focus on punishing those engaged in buying sex. Many of these men suffer from sex addictions that can be treated. This is why the Intercept Bots program also sends potential sex buyers information on where to get this help. A study in the medical journal Neuro psycho pharmacology estimates that between 3-6 percent of Americans suffer from compulsive sexual behavior. And studies estimate that the percentage of American men who have engaged in commercial sex at least once is 15 to 20 percent; compared to their peers, these men think about sex more often.
Thee are also ad campaigns targeted at people buying sex share the consequences of getting caught buying sex.
Combating trafficking is difficult, but spreading information and using technology to catch bad actors saves victims from further abuse.
Whitney Grace, April 18, 2019
Bad Actors Include Russian Crime Oligarchs: Wosar Speaks Out
April 12, 2019
Hollywood romanticizes computer hacking and other digital crimes. There is some truth to what happens on the screen, but the action is usually more downbeat and usually does not keep the bad actors at the edge of their seats. While the bad actors get a lot of screen time, the good guys, those who protect the average person, from cyber attacks rarely get praised. The BBC took the time to praise one digital hero’s actions in the article, “Hated And Hunted.”
Perhaps the most vicious type of malware is ransomware. Ransomware is a computer virus that once downloaded onto a computer, it scrambles all of the data and delivers a ransom note stating the user must pay a certain amount of money or all of their data will be deleted. Fabian Wosar is a good actor, because he understands the virus code and knows how to hack the hacker. In other words, he knows how to outsmart the hackers and beat them at their own game. The hackers are so upset with Wosar that they actually write mean notes to him in their virus code.
Wosar is an introverted individual, who loves to design anti-virus code for his cyber security company, Emsisoft. He spends hours working and often binges long hours at his job, often giving away his ant-ransomware away for free. Wosar compares writing code to writing a novel and how he can tell who wrote specific code based on individual styles. He also believes that he stopped over 100 different cyber gangs from their illegal activities.
Ransomware is one of the most profitable cyber crimes and its perpetrators can evade authorities for years, especially if they are smart about it. Ransomware victims often pay hundreds of thousands of dollars and pounds to the criminals, especially if they decide paying the ransom is considered cheaper than replacing a system. Cyber criminals are also quite intimidating:
The most successful cyber-crime gangs are run like mafia organizations with specific structures and divisions of labor.There are the virus coders, the money launderers, the protection heavies and the bosses who decide on targets and sometimes funnel the money into other, potentially more serious, criminal enterprises.Catching these gangs is extremely challenging. One of the most prolific recent ransomware gangs, responsible for two major ransomware families – CTB-Locker and Cerber – made an estimated $27m and eluded police for years.It took a global police operation involving the FBI, the UK’s National Crime Agency, and Romanian and Dutch investigators to bring them down. In December 2017, five arrests were made in Romania.
Wosar keeps his identity hidden and moves around to keep himself safe. While he does enjoy his work, he does suffer from health problems due to his sedentary lifestyle and might get a dog to force himself outside. Outside, however, may pose risks.
Whitney Grace, April 12, 2019
-
- Subscribe to Beyond Search
Feature archive
News archive
-
