UK Finds Ways to Fight Dark Web
January 28, 2019
Battling the dark web and its many tentacles of crime is a game of cat and mouse. As soon as law enforcement agents catch on to a scheme, criminals can vanish. However, the tide feels like it is turning, as we discovered from an article found in Breaking News, “Dark Web Criminals Who Sold Fentanyl Around the World Jailed in UK.”
According to the story:
“Prosecutors said that over 2,800 packages were sent by the trio, and at least 635 grams of pure carfentanyl, which is described by some experts as being between 3,000 and 5,000 times stronger than heroin, was found at the premises following their arrests. A raid on the premises by officers following the defendants’ arrests in April 2017 is believed to be the largest single seizure of the two drugs in Europe.”
England’s sophistication with tracking down dark web crime is to be applauded. It is also, oddly, a necessity. Studies have shown that the UK is among the top countries that buy drugs through the dark web. For the tie being, it seems Scotland Yard and the like are keeping up with the bad guys. We can only hope this trend continues.
Patrick Roland, January 28, 2019
Aleph: Another Hidden Internet Indexing Service
January 23, 2019
Law enforcement and intelligence organizations have a new tool to navigate the Dark Web, the Mail & Guardian reports in, “French Start-Up Offers ‘Dark Web’ Compass, but Not for Everyone.” The start-up, called Aleph Networks, has developed a way to navigate the Dark Web, but they wish it to only be wielded for good. In fact, report writer Frederic Garlan, the company performs ethics reviews of potential clients and turns down 30-40 percent of the licensing requests it receives. We also learn:
“Over the past five years Aleph has indexed 1.4 billion links and 450 million documents across some 140,000 dark web sites. As of December its software had also found 3.9 million stolen credit card numbers. ‘Without a search engine, you can’t have a comprehensive view’ of all the hidden sites, Hernandez said. He and a childhood friend began their adventure by putting their hacking skills to work for free-speech advocates or anti-child abuse campaigners, while holding down day jobs as IT engineers. [Co-founder Celine] Haeri, at the time a teacher, asked for their help in merging blogs by her colleagues opposed to a government reform of the education system. The result became the basis of their mass data collection and indexing software, and the three created Aleph in 2012. They initially raised €200,000 ($228,000) but had several close calls with bankruptcy before finding a keen client in the French military’s weapon and technology procurement agency. ‘They asked us for a demonstration two days after the Charlie Hebdo attack,’ Hernandez said, referring to the 2015 massacre of 12 people at the satirical magazine’s Paris offices, later claimed by a branch of Al-Qaeda. ‘They were particularly receptive to our pitch which basically said, if you don’t know the territory — which is the case with the dark web — you can’t gain mastery of it,’ Haeri added.”
That is a good point. Garlan notes the DARPA’s Memex program, which is based on the same principle. As for Aleph, it is now working to incorporate AI into its platform. While the company’s clients so far have mostly been government agencies, it plans to bring in more private-sector clients as it continues to attract investors. Based in Pommiers, France, Aleph Networks was launched in 2012.
Cynthia Murrell, January 23, 2019
Iceland Criminal Moxie: Not Chilling in the Lock Up
January 22, 2019
ZDNet published “Iceland’s Bitcoin Bandit Sentenced for Stealing Mining Rigs.” A “mining rig” is one or more computers set up to do the calculations necessary to make a digital currency exist.
What’s interesting about this report is the malefactor was convicted for stealing equipment from three data centers in Iceland, a country about the size of Cuba except a bit more nippy.
The number of computers removed numbered about 600. Three separate robberies were conducted to snag the gear. The theft was not hijacking a computer’s cycle. The theft involved physical hardware.
A total of seven people were charged with the alleged crime.
One of these individuals — Sindri Þór Stefánsson — received the most severe sentence. Held in a low security prison, Mr. Stefánsson walked off the grounds and hopped a flight to Stockholm. Once in Stockholm, the bad actor traveled to Amsterdam. Upon his recapture, he was returned to Iceland.
Two key points:
- The missing 600 computers have not been found
- Mr. Stefánsson booked his escape flights using a mobile phone he operated from prison.
Interesting digitally enabled crime. Now about the use of mobile phones by prisoners while in custody? And boarding security checks?
Stephen E Arnold, January 22, 2019
Fortnite: A LE and Intel Gold Mine
January 21, 2019
Fortnite is not something that old folks like me spend much effort understanding. That might be a problem if you are over 35 and engaged in enforcement activities.
Next Friday (January 25, 2019), I will giving a lecture to computer science students at one of Kentucky’s more interesting universities. I won’t define “interesting.” There is a reception with yummy university snacks, and I do not want to be dis-invited.
I have to mention the new mechanisms bad actors use to evade surveillance. One of the handy dandy tools is a game. Yep, Fortnite. That’s the game you probably don’t think about.
Consider these data points from one of my go to, real news, frightened of acquisition sources, USA Today:
- One in five parents find it “moderately difficult” to get their progeny to stop playing
- 27 percent of teens play Fortnite when in school classes
- 50 percent of the teens in the survey use Fortnite to “keep up” with their friends
- 44 percent have made a “friend” online within the game
- 47 percent of teen girls play as well
- 61 percent of teens have played.
Ah, the digital cocktail: Chat, in game money which can be used for money laundering, audio, an opportunity for grooming, learning new dances like the one Athletic Madrid’s Antoine Griezmann does when he scores a goal.
Now this game has made news in a different way.
Newsweek reported that Fortnite data have been compromised. “Fortnite Hack Could Have Accessed Accounts, V-Buck Purchases, & Chat” states:
Fortnite boasts more than 200 million active players, and a recent exploit found by Check Point Software Technologies could have put all of them at risk. The vulnerability, first discovered in November and patched by developers at Epic Games, could have been devastating. If leveraged, it would give third-parties full access to user account details, payment information and even in-game chat audio.
What’s the big deal?
Wherever there are young people, chat, digital currency, and minimal parental understanding, the game may provide:
- A Petri dish for sexual predators looking for young people to groom
- A mechanism for exchanging messages about drugs, weapons, and terrorist plans in plain view if one knows how and where to look
- A conduit for money laundering. My hunch you, gentle reader, may not know how game currencies can be used to convert illegal gains into a hot property which can sell quickly to motivated buyers.
Net net: Fortnite may be more than a game, and it may be time to do more than say, “Put down that game. Come to dinner. Now.”
I will ask the audience on Friday, “Who plays Fortnite?” I will let you know if I learn anything or just get grumbles and blank stares from students and faculty alike.
Stephen E Arnold, January 21, 2019
DarkCyber for January 15, 2019, Now Available
January 15, 2019
DarkCyber for January 15, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/311054042 . The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cyber crime, and lesser known Internet services.
The first story discusses Discord, an in-game and chat service. The system takes a somewhat hands-off approach to monitoring user messages. Discord features what are called “magic emojis.” These emojis, when used among those who are members of a specific social group within Discord, can convey messages. Some potential bad actors–for example, white supremacists–allegedly have been using the services as a communications channel.
The second story explores an allegation that Facebook WhatsApp makes it possible for those interested in child pornography to locate this type of content. Third party apps provide finder services. Facebook is introducing electronic payments within WhatsApp. The likelihood for bad actors to use WhatsApp as a mechanism to exchange objectionable content is high. Facebook’s content policies are likely to undergo scrutiny from government authorities in 2019.
The third story profiles Gamalon, a company which develops software for the Defense Advanced Research Projects Agency and commercial enterprises. The key to Gamalon system is that it uses advanced statistical procedures to identify and extract ideas from source content. The company’s technology makes use of Bayesian methods in order to create automatically machine learning models. The models can then create new models to deal with new ideas expressed in the source data processed by the system.
The fourth story reports on Spain’s 36 month effort to slow or halt the trade of weapons in the country via the Dark Web. Authorities have arrested more than 200 individuals and seized hand guns and automatic weapons. The investigation continues.
The final story points to a study which provides facts and figures about the hidden Internet. Some of the data in the study sponsored by a star of the hit cable television program Shark Tank is quite remarkable. To cite one example, the number of hidden sites on the Internet is 32 times the number of stars in the galaxy. That a very large number and difficult to match with DarkCyber’s research data.
Kenny Toth, January 15, 2019
DarkCyber for January 8, 2019, Now Available
January 8, 2019
DarkCyber for January 8, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/309717457 . The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.
The lead story is a profile of Sintelix, an Australian company developing software for law enforcement and intelligence professionals. The system can acquire content from the hidden Internet, the Surface Web, third-party sources, and content repositories in an organization; for example, arrest records. Sintelix provides IBM Analyst’s Notebook user with a streamlined, modern interface without giving up the unique features of the IBM Analyst’s Notebook. The three key features of the Sintelix technology are its speed of document and content processing. Hundreds of thousands of documents can be analyzed and indexed on a standard office desktop computer in a few hours. Sintelix also includes an application programming interface. This API makes it possible to use Sintelix with a wide range of third party solutions. Also, the system incorporates robust timeline features. Ana analyst can examine events over a month and then zoom into look at activities in an hour on a specific day.
The second story addresses a way to reduce the complexity of the Tor software bundle, which is required to access Dark Web sites, Many Tor users find the bundle confusing, which can lead to careless errors. . A number of user-induced errors can lead to the user’s loss of the privacy which the Tor software appears to offer. The fix is to use a hardware device which can run the Tor software. DarkCyber reports on an older system called PORTAL as well as a new Raspberry Pi approach. Will these devices provide a way to surf the Web in anonymity. Unlikely, but if properly configured, the devices may prevent some types of operator errors.
The third story discusses India’s legislation which mandates that technology companies provide access to encrypted content. Like Australia, India’s action is helpful to law enforcement and intelligence professionals. However, the mandatory decryption may increase the likelihood that bad actors will find a way to exploit the backdoor. The regulations require that a technology company like Apple or Facebook would have to respond to the government request within a day or two. Even with automated decryption technology, the time limit may prove difficult for some companies.
The final story describes a novel type of punishment for child abuse. The UK has begun deporting abusers to their country of origin and stripping the individual of his or her UK citizenship. So far one Indian who amassed 23 counts of child abuse have been flagged for deportation. Three abusers from Pakistan are likely to be deported as well. Once in their home country, authorities may take punitive action against the abusers.
A new blog Dark Cyber Annex will be available at www.arnoldit.com/wordpress. Cyber crime, Dark Web, and company profiles are now appearing on a daily basis.
Kenny Toth, January 8, 2019
DarkCyber for December 18, 2018 Now Available
December 18, 2018
DarkCyber for December 18, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/306639675 .
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.
This week’s story line up includes… an informal agreement among Dark Web drug dealers to cut off sales of fentanyl… NSO, a provider of intelware to governments, is back in the news… Devicesavers can unlock any phone for $4,000… and a father and son Dark Web scheme leads directly to five years in prison.
First, some Dark Web ecommerce vendors are voluntarily cutting off sales of the synthetic opioid fentanyl. The reason is not going straight. The vendors are wary of stepped up police action in order to take down Dark Web sites selling the potent drug. DarkCyber notes that the actions of Dark Web ecommerce vendors are not likely to curtail the sale of the drug. Vendors move their transactions to encrypted chat sessions or private messaging groups on social media systems. Furthermore China prohibits the manufacture of fentanyl, but not some of its analogs.
Second, DarkCyber reports that the vendor of software for government agencies is back in the news. Reports link NSO with Saudi Arabia and allege that the Kingdom used NSO’s Pegasus tool to monitor Omar Abdulaziz and the slain journalist Jamal Khashoggi. Companies like NSO shun the spotlight. Now NSO finds itself allegedly linked to a high profile news story and the subject of increased attention from the Canadian Lab, an independent research group.
The third story reports that Drivesavers has a proprietary method for unlocking iPhones and Android devices. Apple took steps to eliminate a USB vulnerability which some firms were using to unlock iPhones. Drivesavers technique requires the law enforcement send the iPhone to the Drivesavers’ lab, where the phone is unlocked and its data copied to an external storage device. Drivesavers does not provide details about how its method works, but DarkCyber believes the approach is similar to that used by Cellebrite’s mobile device unlocking service. Drivesavers, DarkCyber reports, is listed on the GSA schedule which means US federal agencies can make use of the service with a minimum of bureaucratic
The final story recounts the fate of a father and son duo. The father hit upon the idea of selling his extra doctor prescribed painkillers on the Internet. When that did not work, he enlisted his son for help in setting up a Dark Web business. Federal agents spotted the ads and made an authorized drug buy. The father and son team were arrested and computing devices, text messages, and narcotics were seized. One of the text messages was from a customer who overdosed on the duo’s product. The message, sent from the hospital where the addict was recovering, wanted to set up another drug buy. The father and son team are now serving five years in prison.
DarkCyber is released each week on Tuesday. The next program will be available on December 25, 2018. In 2019, DarkCyber will introduce a Web log covering the stories in the weekly news program plus additional law enforcement related subjects.
Kenny Toth, December 18, 2018
DarkCyber for November 27, 2018, Now Available
November 27, 2018
DarkCyber for November 27, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/302658825.
This week’s program covers four stories related to the Dark Web and specialized Internet services.
DarkCyber reports that another call for a backdoors to encrypted communications. Cyrus Vance, the Manhattan district attorney, emphasized that government mandated backdoors are the only solution to device encryption. DarkCyber provides a link to the government report which substantiates this statement. Australia has issued a similar statement. Even though encrypted devices can be broken open, the time and resources required are significant. With the growing number of mobile devices in use by bad actors, the number of phones requiring decryption has created an evidence backlog. Encrypted devices, therefore, pose a significant challenge to law enforcement and intelligence professionals.
The second story reveals that autonomous killer drone technology is advancing rapidly. An autonomous drone is able to find, fix, and finish a target. DarkCyber describes the Elbit Systems’ Skystriker device which is about 95 percent autonomous at this time. Full autonomous operation is within view.
Other countries are working on similar technology. DarkCyber identifies autonomous sea going devices which can neutralize a target without a human in the kill chain. DarkCyber’s view is that countries without autonomous warfighting will find themselves at a strategic disadvantage.
The third story reports that facial recognition allowed 130 victims of child abuse to be identified by Dutch authorities. Mug shot image recognition and matching can perform at an accuracy level of about 90 percent. However, facial recognition from real time video feeds like surveillance cameras pose a more difficult problem. Accuracy rates for video identification can dip below 60 percent. Nevertheless, facial recognition technology is advancing rapidly with innovations from such firms as Boeing, Verint, and NSO. Startups are making significant technical contributions as well. Innovations from Trueface, Kairos, and PointGrab are likely to yield advances in recognition accuracy. DarkCyber provides links to two sources of information about facial recognition systems. One of these documents is a General Accountability Office report about facial recognition within the US government.
The final story describes an off tune Dark Web weapons deal. Three young men in England thought that buying Glock 19 firearms via the Dark Web was a foolproof scheme. Their idea was to specify that the weapons were shipped inside of an amplifier for an electric guitar. US and UK authorities identified the contraband and placed a video camera in the parcel. When the men received their delivery, the event was captured on video. The investigation yielded cash and narcotics. The individuals are now serving eight years in prison. It is unlikely that the amplifier is delivering Elvis’ hit “Jailhouse Rock” to the felons.
DarkCyber appears each Tuesday on the blog Beyond Search and on Vimeo. Watch for new programs each week at www.arnoldit.com/wordpress.
Kenny Toth, November 27, 2018
US Government to Crowdsource Malware
November 19, 2018
When we talk about all the wonderful opportunities for crowdsourcing, we often think about everything from network building to cake recipes. Very rarely do we think about governments crowdsourcing and even less frequently do we think about the benefits of sharing malware. But that’s exactly what’s happening and we couldn’t speak more highly of this choice. We learned more in a recent ZDNet story, “US Cyber Command Starts Uploading Foreign APT Malware to VirusTotal.”
According to the story:
“The Cyber National Mission Force (CNMF), a subordinate unit of US Cyber Command (USCYBERCOM), set in motion a new initiative through which the DOD would share malware samples it discovered on its networks with the broader cybersecurity community.”
What is VirusTotal? It’s a unique organization that works a little like the Center for Disease Control, in that they keep a running bank of all malware and viruses on the internet. What this does, is allows experts to investigate these nasty elements and keep us safe. The CNMF is a great resource to team with VirusTotal and we hope good things stem from this. Oddly, one thing we did discover is that VirusTotal is owned by Google, which has the potential to make for strange bedfellows someday.
Patrick Roland, November 19, 2018
DarkCyber for October 23, 2018, Now Available
October 23, 2018
DarkCyber, Stephen E Arnold’s video news program about the Dark Web and lesser known Internet services, is now available. You can view the video at www.arnoldit.com/wordpress or on Vimeo at https://vimeo.com/296379232.
This week’s program includes four stories.
Bing and Google allegedly display content not appropriate to some users. Bing suggests links to content related to images not suitable for young people. Google allegedly returns results to YouTube videos which explain how to purchase illegal substances on the Dark Web. DarkCyber’s research team verified that content some individuals may find problematic do appear in search results. YouTube “how to” videos are findable by exploring pages deeper in a Google search result set; for example, pages six and following. The conclusion is that even when “safe search” features are activated links to topics which may be interpreted as offensive are easy to find, even for novice Web searchers.
The second story reveals that old school exploits and hacks have found a new lease on life. Bad actors are using standard office software and widely used utilities to obtain access to confidential information, employee email, and customer data. The method involves luring an employee to click on a link such as a document allegedly containing a list of employees at another company. Once the document is opened, a known vulnerability in Microsoft Office Dynamic Data Exchange is used to take over the target’s computer. DarkCyber reveals the simple fix to use to protect from this old school exploit.
The third story presents information about the system and method used by the now defunct Psy-Group. This firm has been identified as an organization of interest in the Robert Mueller investigation of President Donald Trump’s alleged interactions related to the 2016 election. DarkCyber walks through the principal components of a psychological operation designed to push the hot buttons of individuals associated with certain topics and political ideas. The DarkCyber video includes a link to additional documents related to the Psy-Group’s methods, which appear to be similar to those used by Cambridge Analytica.
The final story provides information about the decrease in Facebook usage in 2017. However, among one group, Facebook has become a must have social network. This user group is law enforcement officers. These professionals adopt false personas and work to obtain access to closed Facebook groups in order to gather information related to an investigation. The use of false personas is becoming a standard practice, and the data gathered are admissible in certain proceedings.
Beginning on October 30, 2018, DarkCyber presents a four part series about Amazon’s policeware initiative. The videos explain the importance of the Department of Defense’s JEDI procurement, the principal components of Amazon’s machine learning system, how Amazon will work to create a new type of vendor lock in, and the use of the Amazon policeware platform as a jumping off point for regulatory services in the US and expansion of its customer base outside the United States.
Kenny Toth, October 23, 2018
-
- Subscribe to Beyond Search
Feature archive
News archive
-
