2020: Reactive, Semi-Proactive, and Missing the Next Big Thing
July 27, 2020
I wanted to wrap up my July 28, 2020, DarkCyber this morning. Producing my one hour pre recorded lecture for the US National Cyber Crime Conference sucked up my time.
But I scanned two quite different write ups AFTER I read “Public Asked To Report Receipt of any Unsolicited Packages of Seeds.” Call me suspicious, but I noted this passage in the news release from the Virginia Department of Agriculture and Consumer Services:
The Virginia Department of Agriculture and Consumer Services (VDACS) has been notified that several Virginia residents have received unsolicited packages containing seeds that appear to have originated from China. The types of seeds in the packages are unknown at this time and may be invasive plant species. The packages were sent by mail and may have Chinese writing on them. Please do not plant these seeds.
And why, pray tell. What’s the big deal with seeds possibly from China, America’s favorite place to sell soy beans? Here’s the key passage:
Invasive species wreak havoc on the environment, displace or destroy native plants and insects and severely damage crops. Taking steps to prevent their introduction is the most effective method of reducing both the risk of invasive species infestations and the cost to control and mitigate those infestations.
Call me suspicious, but the US is struggling with the Rona or what I call WuFlu, is it not? Now seeds. My mind suggested from parts unknown that perhaps, just perhaps, the soy bean buyers are testing another bio-vector.
As the other 49 states realize that they too may want to put some “real” scientists to work examining the freebie seeds, I noted two other articles.
I am less concerned with the intricate arguments, the charts, and the factoids and more about how I view each write up in the context of serious thinking about some individuals’ ability to perceive risk.
The first write up is by a former Andreessen Horowitz partner. The title of the essay is “Regulating Technology.” The article explains that technology is now a big deal, particularly online technology. The starting point is 1994, which is about 20 years after the early RECON initiatives. The key point is that regulators have had plenty of time to come to grips with unregulated digital information flows. (I want to point out that those in Mr. Evans’ circle tossed accelerants into the cyberfires which were containable decades ago.) My point is that current analysis makes what is happening so logical, just a half century too late.
The second write up is about TikTok, the Chinese centric app banned in India and accursed of the phone home tricks popular among the Huawai and Xiaomi crowd. “TikTok, the Facebook competitor?’s” point seems to be that TikTok has bought its way into the American market. The same big tech companies that continue to befuddle analysts and regulators took TikTok’s cash and said, “Come on down.” The TikTok prize may be a stream of free flowing data particularized to tasty demographics. My point is that this is a real time, happening event. There’s nothing like a “certain blindness” to ensure a supercharged online service will smash through data collection barriers.
News flash. The online vulnerabilities (lack of regulation, thumb typing clueless users, and lack of meaningful regulatory action) are the old threat vector.
The new threat vector? Seeds. Bio-attacks. Bio-probes. Bio-ignorance. Big, fancy thoughts are great. Charts are wonderful. Reformed Facebookers’ observations are interesting. But the now problem is the bio thing.
Just missing what in front of their faces maybe? Rona masks and seed packets. Probes or attacks? The motto may be a certain foreign power’s willingness to learn the lessons of action oriented people like Generals Curtis LeMay or George Patton. Add some soy sauce and stir in a cup of Sun Tzu. Yummy. Cheap. Maybe brutally effective?
So pundits and predictive analytics experts, analyze but look for the muted glowing of threat vector beyond the screen of one’s mobile phone.
Stephen E Arnold, July 27, 2020
The Cloud Becomes the New PC, So the Cloud Becomes the Go To Attack Vector
July 24, 2020
Cloud providers are not Chatty Cathies when it comes to some of their customers’ more interesting activities. Take malware, for example. Bad actors can use cloud services for a number of activities, including a temporary way station when deploying malware, delivering bogus or spoofed Web sites as part of a social engineering play, or just launching phishing emails. Major cloud providers are sprawling operations, and management tools are still in their infancy. In fact, management software for cloud operators are in a cat-and-mouse race. Something happens, and the cloud provider responds.
“Hackers Found Using Google Cloud to Hide Phishing Attacks” provides some information about the Google and its struggles to put on a happy face for prospects and regulators while some Googlers are reading books about dealing with stressful work.
The article reports:
Researchers at cybersecurity firm Check Point on Tuesday cited an instance when hackers used advanced features on Google Cloud Platform to host phishing pages and hide them. Some of the warning signs that users generally look out for in a phishing attack include suspicious-looking domains, or websites without a HTTPS certificate. However, by using well-known public cloud services such as Google Cloud or Microsoft Azure to host their phishing pages, the attackers can overcome this obstacle and disguise their malicious intent, improving their chances of ensnaring even security-savvy victims…
What’s the fix?
Obviously vendors of cloud management software, hawkers of smart cyber security systems, and bright young PhD track cyber specialists have ideas.
The reality may be that for now, there is no solution. Exposed Amazon S3 buckets, Google based endeavors, and Microsoft (no, we cannot update Windows 10 without crashing some machines) Azure vectors are here to stay.
Perhaps one should tweet this message? Oh, right, Twitter was compromised. Yeah.
Stephen E Arnold, July 24, 2020
Russian Hacker: Maybe a Tattoo and New Opportunities for Friendship?
June 29, 2020
In my Dark Web 2020 lecture in July for the “now virtual” US National Cyber Crime Conference, I will review some of the information my study team has gathered about Russian digital crime factories. Some of these are hidden in plain sight. Others are less visible. In this interesting world, surprises are not uncommon. “Russian Cybercrime Boss Burkov Gets 9 Years” describes how “a well connected Russian hacker once described as an asset of supreme importance” booked a one-way ticket to prison. The write up explains that:
Aleksei Burkov of St. Petersburg, Russia admitted to running CardPlanet, a site that sold more than 150,000 stolen credit card accounts, and to being a founder of DirectConnection — a closely guarded underground community that attracted some of the world’s most-wanted Russian hackers.
Mr. Burkov (kopa to his Dark Web and hacker colleagues) operated DirectConnection (now offline). If you are interested in the legal explanation of Mr. Burkov’s activities, the indictment was online as of June 29, 2020, at this link. Some documents return cheerful 404 errors, and DarkCyber understands your pain.
Will Mr. Burkov share some of his knowledge about Russian cyber crime, a type of wrong doing that has been ignored by some authorities in Mr. Putin’s government? DarkCyber surmises that he may become a chatty Kathie once he experiences the delights of a sojourn in America.
Stephen E Arnold, June 29, 2020
Criminals Want Cash? An Astounding Insight for Whom Exactly?
June 15, 2020
Why is it so hard for some people to understand a concept? Cyber criminals break laws not because it is fun (some might get a kick out of it), but to steal money. The old adage “money makes the world go around” is the goal for cyber criminals, because with money they can live their desired lifestyle. Security Brief delves into a report about cyber criminal activities in: “Cybercriminals After Money More Than Anything Else-Verizon Report.”
Security Brief read the Verizon Business 2020 Data Breach Investigations Report, where there 32,000 breaches were analyzed. Of that 3950 were from eighty-one countries and 86% of the breaches were related money. When broken down by continents, 91% were in North America, 70% in Europe, Africa, and the Middle East, and 63% in Asia.
Most financially related organizations are taking precautions to protect their clients and fewer than one in twenty breaches exploit vulnerabilities. Other types of crumbier crime include:
“Other common cyber attacks include web application attacks, as threat actors go after cloud-based data. According to the report, more than 20% of attacks were against web application and used stolen credentials in some way. The report notes that the trend is worrying as more organizations shift business-critical workloads to the cloud.
Credential theft, phishing, business email compromise and other social engineering attacks caused more than 67% of breaches. Specifically, 37% of credential theft breaches used stolen or weak credentials, 25% involved phishing, and 22% involved human error.
Amongst malware incidents, ransomware was involved in 27% of cases, and 18% of organizations blocked at least one piece of ransomware in the last year.”
The article recommends businesses and users education themselves about common cyber crime attacks to prevent breaches. It is also a good idea to have a decent cyber security system that is regularly updated. Most breaches in North America involved stolen credentials, phishing/pretexting.
Money motivates cyber criminals? Why does that even need to be stated?
Whitney Grace, June 15, 2020
Brave Browsing Sniping
June 9, 2020
DarkCyber noted “The Brave Web Browser Is Hijacking Links, and Inserting Affiliate Codes.” The write up explains that the Brave browser is behaving in a way that is unseemly. The point is that a free Web browser is pitching privacy and at the same time performs some underhanded actions to generate revenue. The explanation of the digital sleight of hand is interesting and illustrates that those “gee, stuff is free” online users assume one thing and may find something different. The write up includes this list and suggestions for accessing Web sites in a non-Brave way. We quote:
There is no good reason to use Brave. Use Chromium — the open-source core of Chrome — with the uBlock Origin ad blocker. [Chromium download, uBO Chrome]
Or use Firefox with uBlock Origin — ‘cos it blocks more ads than the Chromium framework will let anything block. [uBO Firefox]
Or, if you want a really cleaned-out Chrome — ungoogled-chromium, with uBlock Origin. [GitHub]
If you’re on Android, use Firefox with uBlock Origin, or the new Firefox Focus browser. [Mozilla]
Brave is a browser for suckers who want to keep getting played — so it’s a 100% crypto enterprise. As Eich’s pinned tweet still tells us: “Who gets paid? If not you, then you’re ‘product’.” [Twitter]
DarkCyber is not sure if this comment is as ominous as it sounded to one DarkCyber researcher:
Brendan Eich has responded to this post by claiming “David lies about us all the time.” I have pointed out that this is a prima facie defamatory statement, and asked him to detail these claimed lies. [Twitter, archive]
Mr. Eich is the alleged perpetrator of the Brave misdeeds. Online marketing and advertising are fascinating disciplines.
Stephen E Arnold, June 8, 2020
Is Cyber Crime Boring? Maybe The Characterization Masks a Painful Consequence?
June 1, 2020
DarkCyber read “Career Choice Tip: Cybercrime is Mostly Boring.” The article is clear. The experts cited are thorough and thoughtful. Practicing cyber crime is similar to what engineers, developers, and programmers do in the course of their work for firms worldwide. Much of that work is boring, filled with management friction, and repetitive.
The article states:
the academics stress that the romantic notions of those involved in cybercrime ignore the often mundane, rote aspects of the work that needs to be done to support online illicit economies. The researchers concluded that for many people involved, cybercrime amounts to little more than a boring office job sustaining the infrastructure on which these global markets rely, work that is little different in character from the activity of legitimate system administrators.
Exactly.
The paper is quoted in the article as explaining:
We find that as cybercrime has developed into industrialized illicit economies, so too have a range of tedious supportive forms of labor proliferated, much as in mainstream industrialized economies. We argue that cybercrime economies in advanced states of growth have begun to create their own tedious, low-fulfillment jobs, becoming less about charismatic transgression and deviant identity, and more about stability and the management and diffusion of risk. Those who take part in them, the research literature suggests, may well be initially attracted by exciting media portrayals of hackers and technological deviance.”
The DarkCyber study team discussed the Cambridge research summary and formulated some observations:
- Boring means that cyber crime will be automated. Automated processes will be tuned to be more efficient. Greater efficiency translates to the benefit the cyber criminals seek. Thus, the forward momentum of boring cyber crime is an increase in the volume and velocity of attacks.
- Certain criminal elements are hiring out of work or disgruntled technologist from mainstream companies, including high-profile Silicon Valley companies. Our research identified one criminal organization paying 90,000 euros per month and offering benefits to contract workers with specialized skills. The economic pressures translates to a talent pool available to certain criminal orchestrators. More talent feeds the engineering resources available to cyber crime constructs. DarkCyber believes a “Google effect” is beginning, just in the cyber crime market space.
- Law enforcement, government agencies, and some providers of specialized services to law enforcement and intelligence entities will be unable to hire at the rate criminal constructs hire. Asymmetry will increase with bad actors having an opportunity to outpace enforcement and detection activities.
Net net: The task facing law enforcement, security, and intelligence professionals is becoming more difficult. Cyber crime may be boring, but boring tasks fuel innovation. With access to talent and cash, there is a widening chasm. Talking about boring does not make clear the internal forces pushing cyber crime forward.
Stephen E Arnold, June 1, 2020
DarkCyber for May 26, 2020 Now Available
May 26, 2020
DarkCyber for May 26, 2020, is an online video program focusing on cyber crime, intelligence, and lesser known Internet services. This week’s stories include NSO Group in the PR spotlight, Covid 19 phishing, Germany limits intel services scope of action, a source for bad actor hackers, ETSI.org as a job hunter’s game preserve, and four new drones for surveillance and kinetic action. (Kinetic means explosive munitions.)
The program is a production of Stephen E Arnold and the DarkCyber research team.
In addition to our news programs, we have begun adding special videos. You can view the most recent interview segments with a CIA professional is DarkCyber Exclusive: Litigation Likely for Short Selling.
More special video features are in the works. Remember. DarkCyber contains no demeaning “begging for dollars” pleas, no content marketing, and no subscription fees. As a result, DarkCyber videos and blog posts deliver information that may be difficult to locate and analysis that can cause consternation.
This week’s program is at https://vimeo.com/422426350.
Kenny Toth, May 26, 2020
Content Free Advice: SEO Hits New Heights
May 19, 2020
I have just watched a value-free video about producing value-free content. Uselessness squared, if you will. Regular readers know we are no fans of quick and easy SEO techniques—slapping keywords onto a page just to boost a company’s Google search ranking. The “marketing” approach has had a negative impact on the Internet for years, and we have recently noted an uptick in SEO advice creeping across the web.
One fast talker in particular has garnered our attention, and you can read more of what we’ve learned about him here. He calls his YouTube channel The Hustle Show; at least he acknowledges his advice is designed for shady characters. The video I was tasked with reviewing, “How to Find Keywords for Plumbers—Best Keywords for a Plumbing Company” provides no redemption. Our host claims to have done a lot of plumbing. After checking out his purported bona fides on LinkedIn, we wonder where he found the time.
The video pushes a specific SEO platform with its “keyword magic” tool. Just plug and play—no beneficial content needed! Several times in this five-minute video, the speaker prompts viewers to follow a link to the platform’s free trial and to watch more videos where he explains the self-explanatory tools.
What’s the line between content free and duplicitous information? None. We have a new SEO centric service in the works. Gathering data about the questionable activities of SEO experts is long overdue. When money changes hand, the SEO game enters a new playground.
Cynthia Murrell, May 19, 2020
Content Marketing: The Faux Monte
May 8, 2020
I wrote about the SEO hustle email I received on April 30, 2020. That email became the subject of the conversation I had with the former CIA professional, Robert David Steele. He interviewed me and posted the video from his Web site PhiBetaIota.net. You can view the video at this link. In this post, I want to call attention to the SEO expert’s example blog content, thoughtfully provided by an individual named Christian Arriola and using the alias of a person named Jeffrey Garay. The blog in question is part of a kitchen remodeling business doing work in Pearland near Houston and Allen near Dallas.
The blog post is “How to Get Your Dream Kitchen Remodel Without Breaking the Bank.” Here’s an example of the content which the outfit Woobound wanted to provide to Beyond Search / DarkCyber:
When you have an excellent suggestion of what you desire, take a seat and also write a great breakdown of jobs that you desire finished. You do not need to be technological and also you do not need to make use of building terms yet simply state all the important things you desire a service provider to do and also bid. It can be as easy as: eliminate all existing floor covering and also closets; mount brand-new floor covering, cupboards, kitchen counters, sink as well as home appliances per the strategy; paint; attach sink pipes; as well as mount brand-new lighting fixtures.
It appears that the connection between Beyond Search / DarkCyber is that the root “techno*” appears in the paragraph above and some of Beyond Search / DarkCyber’s more than 18,000 articles. I may be missing other, more sophisticated connections, but on the surface, the idea that kitchen remodeling and the topics in Beyond Search / DarkCyber are tenuously related. Oh, wait, I do cover cyber crime, perhaps that is the hook?
The blog features some broken image links, an 888 number to contact the firm, and a content pool exactly one post deep.
My concern about search engine optimization’s latest “trick” is that some people will accept this “link trade” or “backlink” pitch.
Meaningless links are not helpful to a user. We will be monitoring this ploy because deception is a precursor of cyber crime. Our objective is to take a close look at this faux monte. What we see so far is not appealing; in fact, one of the DarkCyber team used the term
Stephen E Arnold, May 8, 2020
Unusual Medical Marketing
May 6, 2020
One of the DarkCyber team alerted me to a blog post titled “Top 19 Ways to Attract More Patients to Your Medical Practice.” In the midst of the coronavirus pandemic, the evening news, online news reports, and podcasts are buzzing about Covid19. The idea that medical professionals need to escalate their marketing efforts is an interesting one.
What are the recommendations? Here’s a selection of seven ideas. Please, consult the original essay to learn the other 12. Our comments about the item appear in italics following the information from the expert in medical marketing.
- Create contests. The idea is unusual. Based on my experience with doctors, nurses, and intermediaries like “doc in the box” operations in Kroger, the free time available to think about a contest may be limited. What will the winner receive? A co-pay waiver? An appliance for a broken ankle? A coupon good for $20 percent off a lab test.
- Get active in Social Media. Most of the health care professionals with whom I have knowledge are not eager to post content on TikTok, Facebook, Instagram, or other social media sources. The likelihood of the information being used in the event of an insurance fraud, Medicare integrity issue, or malpractice exists. Perhaps some health care professionals post. There are images of nurses and physicians in coronavirus treatment facilities. These may be legal time bombs. Our suggestion is to ask an attorney first.
- Email your patients once in a while. In the city in which the DarkCyber team members live, communications from physicians are intermediated through a combine of health care providers or from a corporate entity. Emails move through specific channels in order to minimize issues with HIPPA, legal issues, and security. Again: Check with an attorney before spamming, using a proxy, or putting into the Internet’s memory a comment which may be problematic for regulatory authorities.
- Be Adaptable. The idea of adaptation is important. However, in a regulated sector, protocols must be followed. The physician or nurse who wanders off the reservation and is discovered as a protocol violator can face penalties. These range from losing a license to a fine or worse. Adaptation in quite specific frames of reference is important. Losing track of a particular frame of reference can be problematic.
- Get plenty of online reviews. What does “plenty” mean? Many physicians — particularly independent physicians providing plastic surgery type services to wealthy clients — may find patient reviews a double edged sword. A good review is, by definition, better than a damning review. A bad review may be evidence in another patient’s malpractice case. Corporate health care providers face internal and other restrictions on their posting about procedures. We are repeating, but checking with an attorney may be prudent.
The other 19 tips to get up to 30 new patients a week presents a problem on three fronts:
First, in today’s medical climate, generating business for a health problem may be perceived as unprofessional. In some cases, the virus is providing sufficient demand. There is no data in the write up to draw a direct link between search engine optimization and social media and new patients. Without data, the implication and overt statements are difficult to believe.
Second, health care professionals face numerous challenges. These range from regulation to burn out, from excessive paperwork to the challenge of keeping pace with medical information germane to their work. In today’s climate, convincing medical professionals to embrace marketing may be a difficult sale. The attention bandwidth of many medical professionals goes offline when computer centric double talk is the meat of the conversation.
Finally, the implication that the 19 recommendations will deliver new patients is a checklist easily applied to other business sectors. The ideas are not customized, not tuned to the regulatory climate, and not in touch with the new normal for medical treatment.
Net net: The ideas may create more problems, increase costs, and present a larger attack surface for patients pursuing malpractice claims against the advertising health care professional. The blog post may be a hustle, not a help.
Stephen E Arnold, May 6, 2020
Want more SEO fancy dancing? Read this DarkCyber story https://wp.me/pf6p2-gdY
-
- Subscribe to Beyond Search
Feature archive
News archive
-
