DarkCyber for February 5, 2019, Now Available
February 5, 2019
DarkCyber for February 5,2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/315073592. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.
This week’s story line up includes: Alleged money laundering via the popular Fortnite game; and an excerpt from Stephen E Arnold’s “Dark Web, Version 2” lecture at the University of Louisville.
The first story explains how bad actors launder money via the online game Fortnite. The game allows players to purchase “digital assets” by purchasing via a credit card. The credit card funds allow the player to acquire V Bucks. These V Bucks can be converted to weapons, information, or other in-game benefits. But the digital assets can be sold, often on chat groups, Facebook, or other social media. In the process, the person buying the digital assets with a stolen credit card, for example, converts the digital assets to Bitcoin or another digital currency. Many people are unaware that online games can be used in this manner. Law enforcement will have to level up their game in order to keep pace with bad actors.
The second story is an excerpt from Stephen E Arnold’s invited lecture. He spoke on January 25, 2019 to an audience of 50 engineering students and faculty on the subject of “Dark Web, Version 2.” In his remarks, he emphasized that significant opportunities for innovation exist. Investigators need to analyze in a more robust way data from traditional telephone intercepts and the Internet, particularly social media.
Arnold said, “The structured data from telephone intercepts must be examined along with the unstructured data acquired from a range of Internet sources. Discovering relationships among entities and events is a difficult task. Fresh thinking is in demand in government agencies and commercial enterprises.” In the video, Mr. Arnold expands on the specific opportunities for engineers, programmers, and analysts with strong mathematics skills.
A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cyber crime, Dark Web, and company profiles are now appearing on a daily basis.
Kenny Toth, February 5, 2019
Japan: A Security Clamp
February 4, 2019
We are used to Olympic athletes pushing the limit of human accomplishment, but authorities in Japan are going even further. In preparation for the 2020 Olympics, the National Institute of Information and Communication Technology has gained permission to hack into citizens’ IOT devices in order to prevent terror attacks. We learned more from a recent ZDnet story, “Japanese Government Plans to Hack into Citizens’ IOT Devices.”
According to the story:
“The plan is to compile a list of insecure devices that use default and easy-to-guess passwords and pass it on to authorities and the relevant internet service providers, so they can take measures to alert consumers and secure the devices…The survey is scheduled to kick off next month, when authorities plan to test the password security of over 200 million IoT devices, beginning with routers and web cameras.”
From home security systems, to coffee pots, to doorbell cameras—these IOT tools are very vulnerable. While it’s promising to see an intelligence agency getting out ahead of a potential issue, the path to safety is fraught with potential problems. Would such a leap in privacy be acceptable in the US? We find it impossible to believe, but it’ll be interesting to see how Japan juggles this issue.
Patrick Roland, February 4, 2019
Colorado Retail Fraud Team Brings Agencies Together
January 31, 2019
Law enforcement officers in Douglas County, Colorado, are on the offensive against retail fraud. The Denver Post reports, “Multi-Agency ‘Strike Team’ Puts Heat on Retail Thieves, Fraudsters in Douglas County.” The strike force is called the Financial Investigative Regional Strike Team (FIRST), and brings together investigators from local law enforcement, the U.S. Secret Service, and the U.S. Postal Inspection Service, for a total of five agencies involved. At the beginning of this year, the team had already arrested two alleged counterfeiters, stopped a nationwide identity theft involving iPhones, and busted a credit-card cloning and skimming operation, among other accomplishments. Reporter John Aguilar tells us:
“FIRST, which launched in mid-October and operates out of the Douglas County sheriff’s headquarters in Castle Rock, has the singular focus of chasing down the fraudsters and organized retail theft rings that cause misery for victims and cost stores millions of dollars a year. It is a unique example in Colorado of collaboration and information-sharing across jurisdictional boundaries and even state lines. ‘Retail theft and fraud is the No. 1 crime we deal with in Lone Tree, and frankly, in the state,’ said Lone Tree Police Chief Kirk Wilson. ‘This isn’t a new problem — it’s just becoming more prolific every year.’
We also noted:
“In 2018, Colorado was ranked as the second-riskiest state for identity theft, according to a report from ASecureLife. The security firm calculated that 385 victims in the state lost more than $1.7 million to identity theft in 2017.”
Aguilar notes that, nationally, 92% of companies fell victim to organized retail crimes that year, with losses averaging over $777,000 per $1 billion in sales, according to a report from the National Retail Federation. Naturally, the internet makes physical jurisdictions somewhat irrelevant in such schemes, which is why the Secret Service (the only federal agency, we’re reminded, that investigates counterfeiting operations) and the Postal Inspection Service are on board. As Douglas County’s Chief Deputy Steve Johnson observes, such cooperation lets each organization escape their local “silos” see the bigger picture.
Cynthia Murrell, January 31, 2019
Playing Games with Money Laundering
January 29, 2019
Mark this one down in your diaries: just when you thought you’ve heard all the strangest ways imaginable to launder money, the dark web strikes again. This time, the incredibly popular online game, Fortnite is being used. Specifically, the pseudo-currency players use to buy weapons and outfits—V-Bucks. We discovered how this strange scam works via a recent Digital Trends article, “Fortnite V-Bucks Used By Criminals for Money Laundering Schemes.”
According to the story:
Criminals are buying V-Bucks from the official Fortnite store using stolen credit card information. The V-Bucks are then sold in online black markets at discounted rates to “clean” the money, according to an investigation by The Independent and research by cybersecurity firm Sixgill.
From bizarre video game-related ways of washing dirty money, to Mexican drug cartels using Chinese crypto-brokers to do the same, one thing is abundantly clear to law enforcement. It pays to look under every rock and follow every lead on the dark web, because criminals are never going to stop looking for strange new avenues to make money.
Yep, games.
Patrick Roland, January 29, 2019
DarkCyber for January 29, 2019, Now Available
January 29, 2019
DarkCyber for January 29, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/313630318. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.
This week’s story line up includes: Microsoft Bing and a child pornography allegation; Endace introduces facial recognition and a tie up with Darktrace; A report about drones and correctional institutions; and CIA report about hazardous compounds.
The first story discusses allegations of child pornography and other inappropriate content in the Microsoft Bing index. DarkCyber’s experts report that problematic content can be found within any free Web search system. The reasons range from bad actors use of code words to innocuous pages which contain links to objectionable content labeled as popular services. Filtering is one approach, but a cat and mouse game requires that Web search providers have to continue to enhance their content review procedures. Chatter about artificial intelligence is often hand waving, politically correct speech, or marketing.
Second, Endace is one of the leaders in lawful intercept hardware and software. However, Endace continues to innovate. The firm has added facial recognition to its service offering. Darktrace, one of the more innovative cyber security vendors, has announced a relationship with Endace. Darktrace’s three D visualization and analytics may spark new products and services for Endace. Verint, another cyber security firm, has also added support for Endace’s lawful intercept systems.
The third story calls attention to a free report about bad actors’ use of drones to deliver contraband into prisons. Correctional institutions in the US are adding anti drone technology. Drones have been used to deliver mobile phones and other contraband to inmates. DarkCyber provides a link so that viewers can request a copy of the Dedrone report.
The final story is a follow up to an earlier report about the chemicals and compounds frequently used for home made explosive devices. A viewer want to know where additional information could be found. DarkCyber provides a link to a CIA document which reviews chemical, biological, radiological, and nuclear substances.
A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cyber crime, Dark Web, and company profiles are now appearing on a daily basis.
Kenny Toth, January 29, 2019
UK Finds Ways to Fight Dark Web
January 28, 2019
Battling the dark web and its many tentacles of crime is a game of cat and mouse. As soon as law enforcement agents catch on to a scheme, criminals can vanish. However, the tide feels like it is turning, as we discovered from an article found in Breaking News, “Dark Web Criminals Who Sold Fentanyl Around the World Jailed in UK.”
According to the story:
“Prosecutors said that over 2,800 packages were sent by the trio, and at least 635 grams of pure carfentanyl, which is described by some experts as being between 3,000 and 5,000 times stronger than heroin, was found at the premises following their arrests. A raid on the premises by officers following the defendants’ arrests in April 2017 is believed to be the largest single seizure of the two drugs in Europe.”
England’s sophistication with tracking down dark web crime is to be applauded. It is also, oddly, a necessity. Studies have shown that the UK is among the top countries that buy drugs through the dark web. For the tie being, it seems Scotland Yard and the like are keeping up with the bad guys. We can only hope this trend continues.
Patrick Roland, January 28, 2019
Aleph: Another Hidden Internet Indexing Service
January 23, 2019
Law enforcement and intelligence organizations have a new tool to navigate the Dark Web, the Mail & Guardian reports in, “French Start-Up Offers ‘Dark Web’ Compass, but Not for Everyone.” The start-up, called Aleph Networks, has developed a way to navigate the Dark Web, but they wish it to only be wielded for good. In fact, report writer Frederic Garlan, the company performs ethics reviews of potential clients and turns down 30-40 percent of the licensing requests it receives. We also learn:
“Over the past five years Aleph has indexed 1.4 billion links and 450 million documents across some 140,000 dark web sites. As of December its software had also found 3.9 million stolen credit card numbers. ‘Without a search engine, you can’t have a comprehensive view’ of all the hidden sites, Hernandez said. He and a childhood friend began their adventure by putting their hacking skills to work for free-speech advocates or anti-child abuse campaigners, while holding down day jobs as IT engineers. [Co-founder Celine] Haeri, at the time a teacher, asked for their help in merging blogs by her colleagues opposed to a government reform of the education system. The result became the basis of their mass data collection and indexing software, and the three created Aleph in 2012. They initially raised €200,000 ($228,000) but had several close calls with bankruptcy before finding a keen client in the French military’s weapon and technology procurement agency. ‘They asked us for a demonstration two days after the Charlie Hebdo attack,’ Hernandez said, referring to the 2015 massacre of 12 people at the satirical magazine’s Paris offices, later claimed by a branch of Al-Qaeda. ‘They were particularly receptive to our pitch which basically said, if you don’t know the territory — which is the case with the dark web — you can’t gain mastery of it,’ Haeri added.”
That is a good point. Garlan notes the DARPA’s Memex program, which is based on the same principle. As for Aleph, it is now working to incorporate AI into its platform. While the company’s clients so far have mostly been government agencies, it plans to bring in more private-sector clients as it continues to attract investors. Based in Pommiers, France, Aleph Networks was launched in 2012.
Cynthia Murrell, January 23, 2019
Iceland Criminal Moxie: Not Chilling in the Lock Up
January 22, 2019
ZDNet published “Iceland’s Bitcoin Bandit Sentenced for Stealing Mining Rigs.” A “mining rig” is one or more computers set up to do the calculations necessary to make a digital currency exist.
What’s interesting about this report is the malefactor was convicted for stealing equipment from three data centers in Iceland, a country about the size of Cuba except a bit more nippy.
The number of computers removed numbered about 600. Three separate robberies were conducted to snag the gear. The theft was not hijacking a computer’s cycle. The theft involved physical hardware.
A total of seven people were charged with the alleged crime.
One of these individuals — Sindri Þór Stefánsson — received the most severe sentence. Held in a low security prison, Mr. Stefánsson walked off the grounds and hopped a flight to Stockholm. Once in Stockholm, the bad actor traveled to Amsterdam. Upon his recapture, he was returned to Iceland.
Two key points:
- The missing 600 computers have not been found
- Mr. Stefánsson booked his escape flights using a mobile phone he operated from prison.
Interesting digitally enabled crime. Now about the use of mobile phones by prisoners while in custody? And boarding security checks?
Stephen E Arnold, January 22, 2019
Fortnite: A LE and Intel Gold Mine
January 21, 2019
Fortnite is not something that old folks like me spend much effort understanding. That might be a problem if you are over 35 and engaged in enforcement activities.
Next Friday (January 25, 2019), I will giving a lecture to computer science students at one of Kentucky’s more interesting universities. I won’t define “interesting.” There is a reception with yummy university snacks, and I do not want to be dis-invited.
I have to mention the new mechanisms bad actors use to evade surveillance. One of the handy dandy tools is a game. Yep, Fortnite. That’s the game you probably don’t think about.
Consider these data points from one of my go to, real news, frightened of acquisition sources, USA Today:
- One in five parents find it “moderately difficult” to get their progeny to stop playing
- 27 percent of teens play Fortnite when in school classes
- 50 percent of the teens in the survey use Fortnite to “keep up” with their friends
- 44 percent have made a “friend” online within the game
- 47 percent of teen girls play as well
- 61 percent of teens have played.
Ah, the digital cocktail: Chat, in game money which can be used for money laundering, audio, an opportunity for grooming, learning new dances like the one Athletic Madrid’s Antoine Griezmann does when he scores a goal.
Now this game has made news in a different way.
Newsweek reported that Fortnite data have been compromised. “Fortnite Hack Could Have Accessed Accounts, V-Buck Purchases, & Chat” states:
Fortnite boasts more than 200 million active players, and a recent exploit found by Check Point Software Technologies could have put all of them at risk. The vulnerability, first discovered in November and patched by developers at Epic Games, could have been devastating. If leveraged, it would give third-parties full access to user account details, payment information and even in-game chat audio.
What’s the big deal?
Wherever there are young people, chat, digital currency, and minimal parental understanding, the game may provide:
- A Petri dish for sexual predators looking for young people to groom
- A mechanism for exchanging messages about drugs, weapons, and terrorist plans in plain view if one knows how and where to look
- A conduit for money laundering. My hunch you, gentle reader, may not know how game currencies can be used to convert illegal gains into a hot property which can sell quickly to motivated buyers.
Net net: Fortnite may be more than a game, and it may be time to do more than say, “Put down that game. Come to dinner. Now.”
I will ask the audience on Friday, “Who plays Fortnite?” I will let you know if I learn anything or just get grumbles and blank stares from students and faculty alike.
Stephen E Arnold, January 21, 2019
DarkCyber for January 15, 2019, Now Available
January 15, 2019
DarkCyber for January 15, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/311054042 . The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cyber crime, and lesser known Internet services.
The first story discusses Discord, an in-game and chat service. The system takes a somewhat hands-off approach to monitoring user messages. Discord features what are called “magic emojis.” These emojis, when used among those who are members of a specific social group within Discord, can convey messages. Some potential bad actors–for example, white supremacists–allegedly have been using the services as a communications channel.
The second story explores an allegation that Facebook WhatsApp makes it possible for those interested in child pornography to locate this type of content. Third party apps provide finder services. Facebook is introducing electronic payments within WhatsApp. The likelihood for bad actors to use WhatsApp as a mechanism to exchange objectionable content is high. Facebook’s content policies are likely to undergo scrutiny from government authorities in 2019.
The third story profiles Gamalon, a company which develops software for the Defense Advanced Research Projects Agency and commercial enterprises. The key to Gamalon system is that it uses advanced statistical procedures to identify and extract ideas from source content. The company’s technology makes use of Bayesian methods in order to create automatically machine learning models. The models can then create new models to deal with new ideas expressed in the source data processed by the system.
The fourth story reports on Spain’s 36 month effort to slow or halt the trade of weapons in the country via the Dark Web. Authorities have arrested more than 200 individuals and seized hand guns and automatic weapons. The investigation continues.
The final story points to a study which provides facts and figures about the hidden Internet. Some of the data in the study sponsored by a star of the hit cable television program Shark Tank is quite remarkable. To cite one example, the number of hidden sites on the Internet is 32 times the number of stars in the galaxy. That a very large number and difficult to match with DarkCyber’s research data.
Kenny Toth, January 15, 2019
-
- Subscribe to Beyond Search
Feature archive
News archive
-
