The Dark Web Small Yet Still Dark Place
February 15, 2019
The Dark Web is an easy scapegoat to blame for all of the Internet’s woes and perils. Even the name “Dark Web” elicits images of negative activity. The truth about the Dark Web is much more complicated than we are led to believe. The Dark Web is a tool to browse and publish information anonymously on the Internet. Yes, criminals do use it to sell stolen goods and for sex trafficking, but it is also a haven for journalists in oppressive regimes, freedom of the press, and freedom fighters around the world.
ZeroFOX shares more details about the Dark Web and its uses in the article, “Evolving Landscape And Emerging Threats On The Dark Web.” ZeroFOX’s article first explains some basic information about what the Dark Web is and how it started as a US Navy project. The project developed into the Onion Router or Tor browser that can access Web sites with the .onion extension.
As the Dark Web grows, its users are experimenting with ways to improve anonymity. Some of the methods are moving to deep web sites that are membership or invite only. These types of Web sites are breeding grounds for criminal activity. The threats increase as technology improves.
The Web sites that pose the greatest threat are the ones that are the hardest to access. Organizations often lack the ability and knowledge to monitor the Dark Web. The most common crimes on the Dark Web are:
“Physical threats, doxxing, and chatter against top executives, public servants/figures, and journalists
Consumer data for sale or exposed, often credit card dumps and credentials leaks
Distribution of copyrighted materials, movies, music and TV
Hacking techniques, vulnerabilities, and planned attacks on cyber forums
Sales of drugs, counterfeit/stolen goods, proprietary technology”
With increased pressure from law enforcement, bad actors are shifting from the “old” Dark Web to alternative ways to obfuscate, communicate, and sell their products and services, exchange information, and chip away at some social norms.
Whitney Grace, February 15, 2019
Dark Web Leads To Dark Deals For Children
February 14, 2019
Illegal drugs and arms trafficking are some of the worst crimes on the Dark Web, but the most abhorrent crime is sex trafficking. A large majority of sex trafficking victims are women, but children (boys and girls) are also in the victim pool. The New York Post reports how over “123 Missing Children Found In Michigan During Sex Trafficking Operation.” On September 26, 2018, Michigan law enforcement and Operation MISafeKid recovered over one hundred missing children.
Michigan law enforcement were investigating 301 open missing children cases of which 123 were found. All the recovered children were interviewed about if they were sexually abused or trafficked in any fashion. Of the 123 children, only three of them reported being possibly victimized. The sting also revealed leads to missing children in Texas and Minnesota. It is horrible that the most vulnerable humans are sold for sex, but authorities are all the more dedicated to saving them.
“ ‘The message to the missing children and their families that we wish to convey is that we will never stop looking for you,’ the US Marshals Service said. Several agencies were involved in the operation including the US Marshals Service, Michigan State Police, Detroit Police Department, Wayne County local law enforcement, as well as the National Center for Missing and Exploited Children and the Department of Housing and Urban Development’s Office of Inspector General.”
It takes many law enforcement agencies to track, investigate, and prosecute the sex trafficking ringleaders. It is hard to imagine how these ringleaders kept their victims in line, because children are loud by nature. How much intimidation did they use to maintain a low profile?
Whitney Grace, February 14, 2018
LA Times and Its Counterfeiting Thriller
February 5, 2019
I read “Glowing Reviews Tout Counterfeit Cash on the Dark Web.” The news story is more like a thriller, however. The Dark Web, fake money, online investigations, and a shoot out.
DarkCyber noted several interesting factoids in the write up:
- Reviews by customers of the Dark Web counterfeiting operation were important to the criminal’s business. The article refers to a “loyal fan base.”
- The agency taking the lead in the investigation was the US Secret Service. DarkCyber has heard that this entity is the most capable team of cyber sleuths in the US government.
- The “printing” was carried out on lasers and special paper.
- The bad actor had a long history of illegal activities. (This suggests that pattern analysis may be a useful adjunct to a traditional investigation.)
- The bad actor mailed counterfeit bills on several occasions from a traditional outdoor mail box across from a police station.
- After neutralizing the bad actor, agents discovered “about $300,000 in fake $100 bills, lined up and hanging to dry in neat rows.”
Investigators have not solved the problem of the location of the digital currency to which the bad actor had access. Also, computers seized in the raid were encrypted, and these, according to the write up, have not yet been decrypted by the USSS.
Stephen E Arnold, February 5, 2019
DarkCyber for February 5, 2019, Now Available
February 5, 2019
DarkCyber for February 5,2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/315073592. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.
This week’s story line up includes: Alleged money laundering via the popular Fortnite game; and an excerpt from Stephen E Arnold’s “Dark Web, Version 2” lecture at the University of Louisville.
The first story explains how bad actors launder money via the online game Fortnite. The game allows players to purchase “digital assets” by purchasing via a credit card. The credit card funds allow the player to acquire V Bucks. These V Bucks can be converted to weapons, information, or other in-game benefits. But the digital assets can be sold, often on chat groups, Facebook, or other social media. In the process, the person buying the digital assets with a stolen credit card, for example, converts the digital assets to Bitcoin or another digital currency. Many people are unaware that online games can be used in this manner. Law enforcement will have to level up their game in order to keep pace with bad actors.
The second story is an excerpt from Stephen E Arnold’s invited lecture. He spoke on January 25, 2019 to an audience of 50 engineering students and faculty on the subject of “Dark Web, Version 2.” In his remarks, he emphasized that significant opportunities for innovation exist. Investigators need to analyze in a more robust way data from traditional telephone intercepts and the Internet, particularly social media.
Arnold said, “The structured data from telephone intercepts must be examined along with the unstructured data acquired from a range of Internet sources. Discovering relationships among entities and events is a difficult task. Fresh thinking is in demand in government agencies and commercial enterprises.” In the video, Mr. Arnold expands on the specific opportunities for engineers, programmers, and analysts with strong mathematics skills.
A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cyber crime, Dark Web, and company profiles are now appearing on a daily basis.
Kenny Toth, February 5, 2019
Japan: A Security Clamp
February 4, 2019
We are used to Olympic athletes pushing the limit of human accomplishment, but authorities in Japan are going even further. In preparation for the 2020 Olympics, the National Institute of Information and Communication Technology has gained permission to hack into citizens’ IOT devices in order to prevent terror attacks. We learned more from a recent ZDnet story, “Japanese Government Plans to Hack into Citizens’ IOT Devices.”
According to the story:
“The plan is to compile a list of insecure devices that use default and easy-to-guess passwords and pass it on to authorities and the relevant internet service providers, so they can take measures to alert consumers and secure the devices…The survey is scheduled to kick off next month, when authorities plan to test the password security of over 200 million IoT devices, beginning with routers and web cameras.”
From home security systems, to coffee pots, to doorbell cameras—these IOT tools are very vulnerable. While it’s promising to see an intelligence agency getting out ahead of a potential issue, the path to safety is fraught with potential problems. Would such a leap in privacy be acceptable in the US? We find it impossible to believe, but it’ll be interesting to see how Japan juggles this issue.
Patrick Roland, February 4, 2019
Colorado Retail Fraud Team Brings Agencies Together
January 31, 2019
Law enforcement officers in Douglas County, Colorado, are on the offensive against retail fraud. The Denver Post reports, “Multi-Agency ‘Strike Team’ Puts Heat on Retail Thieves, Fraudsters in Douglas County.” The strike force is called the Financial Investigative Regional Strike Team (FIRST), and brings together investigators from local law enforcement, the U.S. Secret Service, and the U.S. Postal Inspection Service, for a total of five agencies involved. At the beginning of this year, the team had already arrested two alleged counterfeiters, stopped a nationwide identity theft involving iPhones, and busted a credit-card cloning and skimming operation, among other accomplishments. Reporter John Aguilar tells us:
“FIRST, which launched in mid-October and operates out of the Douglas County sheriff’s headquarters in Castle Rock, has the singular focus of chasing down the fraudsters and organized retail theft rings that cause misery for victims and cost stores millions of dollars a year. It is a unique example in Colorado of collaboration and information-sharing across jurisdictional boundaries and even state lines. ‘Retail theft and fraud is the No. 1 crime we deal with in Lone Tree, and frankly, in the state,’ said Lone Tree Police Chief Kirk Wilson. ‘This isn’t a new problem — it’s just becoming more prolific every year.’
We also noted:
“In 2018, Colorado was ranked as the second-riskiest state for identity theft, according to a report from ASecureLife. The security firm calculated that 385 victims in the state lost more than $1.7 million to identity theft in 2017.”
Aguilar notes that, nationally, 92% of companies fell victim to organized retail crimes that year, with losses averaging over $777,000 per $1 billion in sales, according to a report from the National Retail Federation. Naturally, the internet makes physical jurisdictions somewhat irrelevant in such schemes, which is why the Secret Service (the only federal agency, we’re reminded, that investigates counterfeiting operations) and the Postal Inspection Service are on board. As Douglas County’s Chief Deputy Steve Johnson observes, such cooperation lets each organization escape their local “silos” see the bigger picture.
Cynthia Murrell, January 31, 2019
Playing Games with Money Laundering
January 29, 2019
Mark this one down in your diaries: just when you thought you’ve heard all the strangest ways imaginable to launder money, the dark web strikes again. This time, the incredibly popular online game, Fortnite is being used. Specifically, the pseudo-currency players use to buy weapons and outfits—V-Bucks. We discovered how this strange scam works via a recent Digital Trends article, “Fortnite V-Bucks Used By Criminals for Money Laundering Schemes.”
According to the story:
Criminals are buying V-Bucks from the official Fortnite store using stolen credit card information. The V-Bucks are then sold in online black markets at discounted rates to “clean” the money, according to an investigation by The Independent and research by cybersecurity firm Sixgill.
From bizarre video game-related ways of washing dirty money, to Mexican drug cartels using Chinese crypto-brokers to do the same, one thing is abundantly clear to law enforcement. It pays to look under every rock and follow every lead on the dark web, because criminals are never going to stop looking for strange new avenues to make money.
Yep, games.
Patrick Roland, January 29, 2019
DarkCyber for January 29, 2019, Now Available
January 29, 2019
DarkCyber for January 29, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/313630318. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.
This week’s story line up includes: Microsoft Bing and a child pornography allegation; Endace introduces facial recognition and a tie up with Darktrace; A report about drones and correctional institutions; and CIA report about hazardous compounds.
The first story discusses allegations of child pornography and other inappropriate content in the Microsoft Bing index. DarkCyber’s experts report that problematic content can be found within any free Web search system. The reasons range from bad actors use of code words to innocuous pages which contain links to objectionable content labeled as popular services. Filtering is one approach, but a cat and mouse game requires that Web search providers have to continue to enhance their content review procedures. Chatter about artificial intelligence is often hand waving, politically correct speech, or marketing.
Second, Endace is one of the leaders in lawful intercept hardware and software. However, Endace continues to innovate. The firm has added facial recognition to its service offering. Darktrace, one of the more innovative cyber security vendors, has announced a relationship with Endace. Darktrace’s three D visualization and analytics may spark new products and services for Endace. Verint, another cyber security firm, has also added support for Endace’s lawful intercept systems.
The third story calls attention to a free report about bad actors’ use of drones to deliver contraband into prisons. Correctional institutions in the US are adding anti drone technology. Drones have been used to deliver mobile phones and other contraband to inmates. DarkCyber provides a link so that viewers can request a copy of the Dedrone report.
The final story is a follow up to an earlier report about the chemicals and compounds frequently used for home made explosive devices. A viewer want to know where additional information could be found. DarkCyber provides a link to a CIA document which reviews chemical, biological, radiological, and nuclear substances.
A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cyber crime, Dark Web, and company profiles are now appearing on a daily basis.
Kenny Toth, January 29, 2019
UK Finds Ways to Fight Dark Web
January 28, 2019
Battling the dark web and its many tentacles of crime is a game of cat and mouse. As soon as law enforcement agents catch on to a scheme, criminals can vanish. However, the tide feels like it is turning, as we discovered from an article found in Breaking News, “Dark Web Criminals Who Sold Fentanyl Around the World Jailed in UK.”
According to the story:
“Prosecutors said that over 2,800 packages were sent by the trio, and at least 635 grams of pure carfentanyl, which is described by some experts as being between 3,000 and 5,000 times stronger than heroin, was found at the premises following their arrests. A raid on the premises by officers following the defendants’ arrests in April 2017 is believed to be the largest single seizure of the two drugs in Europe.”
England’s sophistication with tracking down dark web crime is to be applauded. It is also, oddly, a necessity. Studies have shown that the UK is among the top countries that buy drugs through the dark web. For the tie being, it seems Scotland Yard and the like are keeping up with the bad guys. We can only hope this trend continues.
Patrick Roland, January 28, 2019
Aleph: Another Hidden Internet Indexing Service
January 23, 2019
Law enforcement and intelligence organizations have a new tool to navigate the Dark Web, the Mail & Guardian reports in, “French Start-Up Offers ‘Dark Web’ Compass, but Not for Everyone.” The start-up, called Aleph Networks, has developed a way to navigate the Dark Web, but they wish it to only be wielded for good. In fact, report writer Frederic Garlan, the company performs ethics reviews of potential clients and turns down 30-40 percent of the licensing requests it receives. We also learn:
“Over the past five years Aleph has indexed 1.4 billion links and 450 million documents across some 140,000 dark web sites. As of December its software had also found 3.9 million stolen credit card numbers. ‘Without a search engine, you can’t have a comprehensive view’ of all the hidden sites, Hernandez said. He and a childhood friend began their adventure by putting their hacking skills to work for free-speech advocates or anti-child abuse campaigners, while holding down day jobs as IT engineers. [Co-founder Celine] Haeri, at the time a teacher, asked for their help in merging blogs by her colleagues opposed to a government reform of the education system. The result became the basis of their mass data collection and indexing software, and the three created Aleph in 2012. They initially raised €200,000 ($228,000) but had several close calls with bankruptcy before finding a keen client in the French military’s weapon and technology procurement agency. ‘They asked us for a demonstration two days after the Charlie Hebdo attack,’ Hernandez said, referring to the 2015 massacre of 12 people at the satirical magazine’s Paris offices, later claimed by a branch of Al-Qaeda. ‘They were particularly receptive to our pitch which basically said, if you don’t know the territory — which is the case with the dark web — you can’t gain mastery of it,’ Haeri added.”
That is a good point. Garlan notes the DARPA’s Memex program, which is based on the same principle. As for Aleph, it is now working to incorporate AI into its platform. While the company’s clients so far have mostly been government agencies, it plans to bring in more private-sector clients as it continues to attract investors. Based in Pommiers, France, Aleph Networks was launched in 2012.
Cynthia Murrell, January 23, 2019
-
- Subscribe to Beyond Search
Feature archive
News archive
-
