DarkCyber for June 4, 2019, Now Available
June 4, 2019
DarkCyber for June 4, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/339717881 .
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: A look at SafeSkyHacks; cyber crime data from the Global Drug Survey; bad actors shift to closed chat service; the real threat of GozNym malware; LookingGlass and GoldmanSachs announce cyber intelligence deal.,
This week’s feature is a look at the broader implications of the GozNym malware. This series of attacks netted the bad actors more than $100 million from 41,000 businesses and financial institutions. The malware was a combination of code, operating by deploying numerous exploits. As damaging as GozNym was, it signals a phase change in how modern digital attacks operate. DarkCyber identifies three key characteristics of GozNym. First, it was a multi-national force. Second, the hackers met and communicated via social media and chat. Third, the hackers operated like Amazon the AWS cloud, offering Crime as a Service. Attackers needed little or no technical expertise.
Stephen E Arnold, producer of DarkCyber and author of “The Dark Web Notebook,” said in his lecture on June 4, 2019, at the TechnoSecurity & Digital Forensics Conference: “The law enforcement crackdown on the Dark Web has been effective. The unanticipated consequence has been a shift to decentralized operations delivering Crime as a Service.” Point-and-click is now point-and-attack.”
Other stories covered in the June 4, 2019, DarkCyber video include:
First, a review of the software and services available on a hacker forum available to anyone with a standard browser. SafeSkyHacks provides free information about hacking, stolen data sets, and information about exploits. A members-only section of the Web site makes it possible to locate hackers with specific skills, services, software, and data. The DarkCyber video segment takes a close look at the profile posted by one of SafeSkyHack’s’ members. Hackers offer a number of services which may cross the boundary between general information and illegal activity.
Second, the Global drug survey for 2019 contains a wealth of information about the illegal use of narcotics available from the Dark Web and other sources. DarkCyber extracts items which reveal the countries which are now experiencing sharp increases in the use of controlled substances. The United States, for example, is at the top of the list of countries for opioid abuse. Another significant finding in the 2019 report links drug abuse with sexual assault. Assaults often happen when other people are nearby and reports of these attacks are rarely, if ever, reported to the police.
Third, DarkCyber reports about Stephen E Arnold’s remarks about the technology being adopted by bad actors. With information about distributed system widely available and the willingness of criminal elements to pay as much as $1 million for technical talent, law enforcement faces a new challenge. Services like illegal online gambling and video streaming services are becoming difficult to stop. When authorities seize one server, the bad actors deploy a replacement system at a different hosting location with a different Internet address. The new location for the illegal service is disseminated via closed chat and online forums. Often the access information is available on public content hosting sites like Pastebin.com. In some countries, the technical resources needed to disable an illegal online service structured like Netflix is a new challenge.
The final story is a report about the transfer of GoldmanSachs’ Sentinel cyber security software to LookingGlass, a cyber intelligence firm. Terms of the deal were not disclosed. LookingGlass is likely to integrate the Sentinel system into the LookingGlass services for financial institutions. Sentinel was recognized for excellence by the US Department of Homeland Security.
Kenny Toth, June 4, 2019
DarkCyber for May 28, 2019, Now Available
May 28, 2019
DarkCyber for May 28, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/338518927. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: The Offensive Community hacking Web site; malware requires no user action to seize mobile phone data; Dutch police deal with prisoner monitoring failure; a snapshot of Cobwebs Technologies’ investigative software; and China’s Great Firewall burns Wikipedia.
This week’s feature provides information about hackers for hire on the regular Internet, no Dark Web surfing required. The Offensive Community Web sites offers a classified advertising service. Hackers can post their capabilities in order to attract customers. The information on the site references a range of exploits which can be used for positive as well as illegal activities. Forums provide information and sources for botnets, keyloggers, remote access controls, specialized scripts, and related functions.
Other stories covered in the May 21, 2019, DarkCyber video include:
First, malware, allegedly developed by a specialist vendor supporting government customers, can compromise a mobile phone. What makes this alleged exploit notable is that the standard way of placing malware on a user’s device is to require that the user click a link or take some other action. That action allows the attacker to place the exploit on the user’s phone. The new approach requires only that the target has Facebook’s WhatsApp installed. The attacker places an in app voice call to the target. The exploit automatically uses a programming error in WhatsApp to compromise the target’s phone. The method was allegedly used to track the journalist Jamal Khashoggi. The fact that this method is no longer secret provides sufficient information to ensure that other bad actors will seek to emulate this technique.
Second, a botched software update in the Netherlands disabled prisoner ankle bracelets. These devices are used to monitor prisoners under house confinement. When these devices go offline, the monitored individual can flee the country or return to his or her pre-arrest activities. The Dutch police experienced a similar outage in 2018 when the mobile phone system used to transmit data went down. The modern ankle bracelet includes the tracking technology, but can also include two-way communications, alcohol level monitoring, and anti-removal technology. There are videos allegedly showing how one removes these devices, but tampering with the devices typically leads to additional charges.
Third, DarkCyber provides a profile of the basic functions available in the investigative software developed by Cobwebs Technologies. This is an Israeli startup which allows a user to extract actionable information from open source content. The tools available include a search and retrieval system and analytics. Data can be displayed in a visual format, including maps. DarkCyber’s overview includes examples of the interface and analytic reports.
Finally, China’s Great Firewall has blocked Wikipedia, the online encyclopedia. The online information service publishes content in numerous languages, and China has blocked every version of the digital encyclopedia. China’s approach to information control is part of a larger effort to maintain order and ensure government control of citizen activity. The process is called “Chinafication,” and the censorship method is influencing other governments’ approach to ensuring civil order.
DarkCyber appears each Tuesday and is available on YouTube, Vimeo, and directly from the DarkCyber news service.
Kenny Toth, May 28, 2019
DarkCyber for May 21, 2019, Now Available
May 21, 2019
DarkCyber for May 21, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/337093968.
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: A new version of Tor; digital bits trigger bombs; highlights from the FBI’s 2018 Cyber Crime Report; more details about the Wall Street Market take down; DeepDotWeb seized; Telegram used to sell weapons; and the size of the Dark Web.
This week’s feature provides more details about the take down of the Dark Web contraband ecommerce site, Wall Street Market. DarkCyber reports that the operation involved law enforcement from several countries, including Germany and the US. One moderator of the site initiated a blackmail scheme as law enforcement prepared to seize the site’s servers and arrest its owners. As part of the takedown, providers of drugs were arrested in the US. The take down revealed millions in cash and digital currency accounts worth more than $14 million. Investigators also seized data and other information, including customer details.
Other stories covered in the May 21, 2019, DarkCyber video include:
First, information about the new release of the Tor software bundle. Firefox is used as the base for the Tor browser. Technical issues with Firefox required some scrambling to address technical issues. The new release is available on the Tor.org Web site. DarkCyber points out that in some countries, downloading Tor is interpreted as an indicator of possible ill intent.
Second, a cyber attack on Israel prompted a kinetic response. The incident marks the first time Israel has responded to an act it regarded as information warfare with a missile strike on the alleged perpetrators’ headquarters. DarkCyber points out that the US may have used force in response to an adversary’s leaking classified and sensitive information on a public Web site. The use of traditional weapons in response to a digital attack is a behavior to monitor.
Third, DarkCyber selects several highlights from the FBI’s report about cyber crime in 2018. Among the key points identified is the data about the most common types of online crime. Most attacks make use of email and use social engineering to obtain personal financial information or user name and password data. The FBI report verifies data from other sources about the risks associated with email, specifically enticing an email recipient into downloading a document with malware or clicking on a link that leads to a spoofed page; for example, a PayPal page operated by the attacker, not the legitimate company. DarkCyber provides information about how to obtain this government report.
Fourth, an international team of law enforcement professionals seized the Sheepdog, an online information service. This site was accessible using a standard browser, no Tor or i2p software was required. The site referred its visitors to Dark Web sites selling drugs and other contraband. The seizure is an indication that Europol, FBI, and other law enforcement agencies are expanding their activities to curtail illegal eCommerce.
Fifth, DarkCyber explains that a story about bad actors using Telegram, an encrypted messaging app, to sell weapons should be viewed with caution. The story originated with a report from MEMRI, the Middle East Media Research Institute. The organization was founded by a former Israeli intelligence offer and has been identified as an organization generating content which may have characteristics of disinformation. DarkCyber provides a link to the MEMRI organization to make it easy for viewers to follow its information stream.
The final story reports that another vendor has sized the scope of the Dark Web. The most recent size estimate comes from Recorded Future. The company reports that it was able to identify 55,000 Dark Web domains. Of that number, only about 8,400 are online. DarkCyber notes that of the active site, a relatively few sites dominate illegal eCommerce, sharing of sensitive information, and other questionable services.
DarkCyber appears each Tuesday and is available on YouTube, Vimeo, and directly from the DarkCyber news service.
Kenny Toth, May 21, 2019
DarkCyber Video News for May 7, 2019, Now Available
May 7, 2019
DarkCyber for May 7, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/334253067.
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: The use of Telegram for ecommerce; phishing with fake email undergoes a renaissance; Cisco Talos explains a serious attack on foundation servers; a review of weapons for sale on the Dark Web; and a look at advanced autonomous drone technology.
This week’s feature examines a new study about the sale of weapons on the Dark Web. The report explains that handguns are long rifles are for sale on some Dark Web sites. The majority of these weapons are handguns. Only a small percentage of the weapons are automatic rifles. The research comes from three academics involved in criminal justice. The data from the Dark Web were collection in 2016. Because information about the type of weapons offered for sale is limited, the report helps fill this data gap. DarkCyber points out that the Dark Web has undergone some significant changes in the last two years. As a result, the study provides information, but some of it may be outdated.
The May 7, 2019, program also reports on:
First, how Telegram, an encrypted messaging application, can be used to promote and sell certain types of contraband products, services, and data. Messaging technology may be “old school” but Telegram’s features create challenges for enforcement agencies.
Second, phishing and spear phishing are methods for stealing users’ credentials with a long history. Now these techniques are gaining more momentum. DarkCyber reports about a “smart” application which can automate phishing and spear phishing attacks. Unlike commercial specialist tools, the Dark Web phishing kit costs a few hundred dollars, and it features a “fill in the blanks” approach to these malicious attacks.
Third, Cisco’s cyber security unit Talos has published a detailed report about a denial of service attack on core Internet systems. There are 13 foundation or core servers which facilitate domain name services. One of these has been the focus of a digital assault by a bad actor, possible supported by a nation state. The denial of service method relies on a series of nested malware programs. The attack makes use of misdirection and several different methods designed to compromise a foundation server. If such an attack is successful, other types of malicious activity is simplified for the bad actors.
Finally, DarkCyber responds to a viewer’s request for an update on advanced autonomous drone technology. DarkCyber provides a look into the future of US drone capabilities.
Kenny Toth, May 7, 2019
Human Trafficking: Popular and Pervasive
April 18, 2019
Sex trafficking is one of the greatest crimes in the world. Sex trafficking is one of the crimes facilitated by digital environments, but the same technology the bad actors use for their crimes is always being used to catch them. USA Today shares how the technology is used to put an end to sex trafficking in the article, “Technological Tricks Can Help End Sex Trafficking: Former IBM Vice President.”
In January 2019, the US Institute Against Human Trafficking launched the Reach Out Campaign in Tampa, Florida. The program used web scraping technology to gather phone numbers of Web sites selling sex in Tampa. It was discovered that most of the numbers linked to cell phones of people sold for sex so they could communicate and book appointments with their “clients.” Reach Out gathered over 10,000 numbers and a mass text was sent out to the numbers with information to leave the sex industry.
The Reach Out Campaign received a 13 percent response. The program needs to be launched across the country in order to assist more sex trafficking victims, who deal with complicated psychological issues. AI bots called Intercept Bots are deployed to create fake sex ads on the Internet, then when someone responds it collects the user’s information. The bot will then share that it is a lure and that the user’s information will potentially be given to law enforcement. While it is important to assist the victims, it is also helpful to address the perpetrators, generally men, and prevent them from committing the crimes in the first place:
It is important, however, that we not just focus on punishing those engaged in buying sex. Many of these men suffer from sex addictions that can be treated. This is why the Intercept Bots program also sends potential sex buyers information on where to get this help. A study in the medical journal Neuro psycho pharmacology estimates that between 3-6 percent of Americans suffer from compulsive sexual behavior. And studies estimate that the percentage of American men who have engaged in commercial sex at least once is 15 to 20 percent; compared to their peers, these men think about sex more often.
Thee are also ad campaigns targeted at people buying sex share the consequences of getting caught buying sex.
Combating trafficking is difficult, but spreading information and using technology to catch bad actors saves victims from further abuse.
Whitney Grace, April 18, 2019
Bad Actors Include Russian Crime Oligarchs: Wosar Speaks Out
April 12, 2019
Hollywood romanticizes computer hacking and other digital crimes. There is some truth to what happens on the screen, but the action is usually more downbeat and usually does not keep the bad actors at the edge of their seats. While the bad actors get a lot of screen time, the good guys, those who protect the average person, from cyber attacks rarely get praised. The BBC took the time to praise one digital hero’s actions in the article, “Hated And Hunted.”
Perhaps the most vicious type of malware is ransomware. Ransomware is a computer virus that once downloaded onto a computer, it scrambles all of the data and delivers a ransom note stating the user must pay a certain amount of money or all of their data will be deleted. Fabian Wosar is a good actor, because he understands the virus code and knows how to hack the hacker. In other words, he knows how to outsmart the hackers and beat them at their own game. The hackers are so upset with Wosar that they actually write mean notes to him in their virus code.
Wosar is an introverted individual, who loves to design anti-virus code for his cyber security company, Emsisoft. He spends hours working and often binges long hours at his job, often giving away his ant-ransomware away for free. Wosar compares writing code to writing a novel and how he can tell who wrote specific code based on individual styles. He also believes that he stopped over 100 different cyber gangs from their illegal activities.
Ransomware is one of the most profitable cyber crimes and its perpetrators can evade authorities for years, especially if they are smart about it. Ransomware victims often pay hundreds of thousands of dollars and pounds to the criminals, especially if they decide paying the ransom is considered cheaper than replacing a system. Cyber criminals are also quite intimidating:
The most successful cyber-crime gangs are run like mafia organizations with specific structures and divisions of labor.There are the virus coders, the money launderers, the protection heavies and the bosses who decide on targets and sometimes funnel the money into other, potentially more serious, criminal enterprises.Catching these gangs is extremely challenging. One of the most prolific recent ransomware gangs, responsible for two major ransomware families – CTB-Locker and Cerber – made an estimated $27m and eluded police for years.It took a global police operation involving the FBI, the UK’s National Crime Agency, and Romanian and Dutch investigators to bring them down. In December 2017, five arrests were made in Romania.
Wosar keeps his identity hidden and moves around to keep himself safe. While he does enjoy his work, he does suffer from health problems due to his sedentary lifestyle and might get a dog to force himself outside. Outside, however, may pose risks.
Whitney Grace, April 12, 2019
DarkCyber for April 9, 2019, Now Available
April 9, 2019
DarkCyber for April 9, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/328921981
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: Predictive Policing at the LAPD; How to spoof PDF signatures; How teens can hold secret chat sessions in front of parents and teachers; Tips for creating a credible online persona; and phishing lures that work.
This week’s feature examines the Los Angeles Police Department’s audit of its data-driven policing programs. In what will be a three part series about this report about advanced law enforcement technology, DarkCyber examines the evaluation of Predictive Policing’s system. This software analyzes data from field interviews and automated systems and produces maps of hot spots. Those with access to the system can plan patrol routes or take other preventive actions. DarkCyber explains the basics of the system and the challenges PredPol and similar systems face in a dynamic law enforcement environment. Sophisticated data analysis requires accurate, consistent data to generate high-value outputs.
The “cybershots” in this week’s program cover these four topics:
- Digitally-signed Adobe Portable Document Formats are presumed to be authentic. DarkCyber explains that a student in Europe has found ways to compromise the security of these widely-used files.
- Google Docs, used by middle school and high school students, can conduct chats within school work online. Teachers and parents may monitor this activity and be unaware that the school software makes it possible for users to exchange messages, set up drug deals, and disseminate the location of parties in a way that neither teachers nor parents are monitoring. The system allows these chat messages to be deleted with a single mouse click. DarkCyber explains how.
- Predators and con artists create false personas or online identities. What is needed to craft a credible online identity. DarkCyber reveals the methods used by bad actors outside the US.
- What are the five best subject lines to use in an email intended to steal a user’s password or other information? DarkCyber reveals the top five phishing lures. The research, conducted by Barracuda networks, was performed by analyzing 300,000 phishing emails.
A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cybercrime, Dark Web, and company profiles are now appearing on a daily basis.
Kenny Toth, April 9, 2019
DarkCyber for April 2, 2019, Now Available
April 2, 2019
DarkCyber for April 2, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/327544822.
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: Online censorship increases; Dark Web drug czar goes offline; Dark Web tech comes to the Firefox browser; and more evidence of change in the Dark Web; plus a look at Megaputer’s fraud detection technology.
This week’s feature reviews Megaputer’s fraud detection technology. The firm uses a number of advanced mathematical and linguistic methods to make sense of large flows of data. Based in Bloomington, Indiana, the company serves a wide range of clients from finance, government, pharmaceuticals, and consulting services. The firm was the first to put advanced text analytics on the desktop at a time when other firms required Unix workstations and client server computing resources. The firm’s PolyAnalyst H makes it possible to process large volumes of data at extremely high speed.
This week’s “Cybershots” cover four subjects:
There are more indications that online censorship is becoming more aggressive. Russia has implemented regulations governing what sites can be accessed and what type of content is permissible. Germany’s statement legislators have begun work on a bill to criminalize use of Tor and other hidden Internet tools.
The individual who created RAMP or the Russian Anonymous Marketplace asserted that his customized encrypted chat client was one reason his site had eluded government authorities. The site is now offline.
Letterboxing, a technology which prevents certain types of online tracking, will be introduced in an upcoming release of Firefox, a popular Web browser. This feature has been part of the Tor browser since 2016 and is one more indication of Dark Web technology seeping into the public Internet or “Clear Net”.
The program explains how to get a summary of software and tools to access hidden Internet sites and service. Written by Veracode, a cyber security firm, the video provides information necessary to obtain a copy of this useful report.
A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cybercrime, Dark Web, and company profiles are now appearing on a daily basis.
Kenny Toth, April 2, 2019
DarkCyber for March 19, 2019, Now Available
March 19, 2019
DarkCyber for March 19,2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/324801049.
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cyber crime, and lesser known Internet services.
This week’s story line up includes: Google search blockchain data; emojis puzzle lawyers; NATO soldiers fooled by social media come ons; big paydays for hackers; Dark Web search for marketers; and Iran’s hacker army
This week’s feature looks at the Beacon Dark Web search system. Developed by Echosec Systems in Canada, Beacon provides search and analytics for those interested in tracking brands, companies, and people in Dark Web content. The system’s developers enforce a code of behavior on licensees. If Echosec determines that a user violates its guidelines, access to Beacon will be cut off. Echosec offers a number of powerful features, including geofencing. With this function it is possible to locate images of military facilities and other locations.
The second feature in this week’s video focuses on Iran’s cyber warfare activities. One key individual—Behrooz Kamalian—has been maintaining a lower profile. Those whom he has trained have been suspected of participating in online gambling activities. Kamalian himself, despite his connections with the Iranian government, served a short stint in prison for this allegation. Iran has one of the large cyber warfare forces in the world, ranking fourth behind Russia, China, and the US.
The “Cybershots” for this week include:
- Google has made available a search engine for blockchain data. Those skilled in blockchain and digital currency transactions may be able to deanonymize certain aspects of a transaction.
- Emojis which carry meaning are creating issues for lawyers and eDiscovery systems. The colorful icons’ meaning are not easily understood.
- A social media test for NATO soldiers’ resistance to online tricks was completed by central command. The result was that soldiers can be easily tricked into revealing secret information.
- Organize hidden Web criminals are paying up to $1 million a year in salary and providing benefits to hackers.
A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cyber crime, Dark Web, and company profiles are now appearing on a daily basis.\
Kenny Toth, March 19, 2019
DarkCyber for March 12, 2019, Now Available
March 12, 2019
DarkCyber for March 12, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/322579803 ,
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cyber crime, and lesser known Internet services.
This week’s story line up includes: Cellebrite devices for sale on eBay; emojis can activate app functions; and sources selling bulk personal data.
The feature this week discusses speech analysis. Reports have surfaced which reveal that some US correctional facilities are building databases of inmates’ voice prints. The news appeared coincident with rumors that the US National Security Agency was curtailing its voice collection activities. Companies like Securus Technologies provide tools and services related to prison telephone and unauthorized mobile device use. The Securus Investigator Pro has been available and in use for almost a decade. Voice print technology which is analogous to a digital fingerprint system makes it possible to identify those on a call. Inclusion of behavioral tags promises to make voice print systems more useful. With a tag for the caller’s emotional state, investigators can perform cross correlation and other analytic functions to obtain useful information related to a person of interest.
Links are provided to explanations of Amazon’s policeware system which can be used to perform these types of analytic operations.
The final story provides a snapshot of a 100 page field manual about online deception. Published by the US Army, this document is a comprehensive review of systems and methods for military use of deception in an online environment. Checklists and procedural diagrams make clear why social media operations are successful in civilian and military contexts. The DarkCyber video includes a link so viewers can download this unclassified publication.
Kenny Toth, March 12, 2019
-
- Subscribe to Beyond Search
Feature archive
News archive
-
