Iceland Criminal Moxie: Not Chilling in the Lock Up
January 22, 2019
ZDNet published “Iceland’s Bitcoin Bandit Sentenced for Stealing Mining Rigs.” A “mining rig” is one or more computers set up to do the calculations necessary to make a digital currency exist.
What’s interesting about this report is the malefactor was convicted for stealing equipment from three data centers in Iceland, a country about the size of Cuba except a bit more nippy.
The number of computers removed numbered about 600. Three separate robberies were conducted to snag the gear. The theft was not hijacking a computer’s cycle. The theft involved physical hardware.
A total of seven people were charged with the alleged crime.
One of these individuals — Sindri Þór Stefánsson — received the most severe sentence. Held in a low security prison, Mr. Stefánsson walked off the grounds and hopped a flight to Stockholm. Once in Stockholm, the bad actor traveled to Amsterdam. Upon his recapture, he was returned to Iceland.
Two key points:
- The missing 600 computers have not been found
- Mr. Stefánsson booked his escape flights using a mobile phone he operated from prison.
Interesting digitally enabled crime. Now about the use of mobile phones by prisoners while in custody? And boarding security checks?
Stephen E Arnold, January 22, 2019
Fortnite: A LE and Intel Gold Mine
January 21, 2019
Fortnite is not something that old folks like me spend much effort understanding. That might be a problem if you are over 35 and engaged in enforcement activities.
Next Friday (January 25, 2019), I will giving a lecture to computer science students at one of Kentucky’s more interesting universities. I won’t define “interesting.” There is a reception with yummy university snacks, and I do not want to be dis-invited.
I have to mention the new mechanisms bad actors use to evade surveillance. One of the handy dandy tools is a game. Yep, Fortnite. That’s the game you probably don’t think about.
Consider these data points from one of my go to, real news, frightened of acquisition sources, USA Today:
- One in five parents find it “moderately difficult” to get their progeny to stop playing
- 27 percent of teens play Fortnite when in school classes
- 50 percent of the teens in the survey use Fortnite to “keep up” with their friends
- 44 percent have made a “friend” online within the game
- 47 percent of teen girls play as well
- 61 percent of teens have played.
Ah, the digital cocktail: Chat, in game money which can be used for money laundering, audio, an opportunity for grooming, learning new dances like the one Athletic Madrid’s Antoine Griezmann does when he scores a goal.
Now this game has made news in a different way.
Newsweek reported that Fortnite data have been compromised. “Fortnite Hack Could Have Accessed Accounts, V-Buck Purchases, & Chat” states:
Fortnite boasts more than 200 million active players, and a recent exploit found by Check Point Software Technologies could have put all of them at risk. The vulnerability, first discovered in November and patched by developers at Epic Games, could have been devastating. If leveraged, it would give third-parties full access to user account details, payment information and even in-game chat audio.
What’s the big deal?
Wherever there are young people, chat, digital currency, and minimal parental understanding, the game may provide:
- A Petri dish for sexual predators looking for young people to groom
- A mechanism for exchanging messages about drugs, weapons, and terrorist plans in plain view if one knows how and where to look
- A conduit for money laundering. My hunch you, gentle reader, may not know how game currencies can be used to convert illegal gains into a hot property which can sell quickly to motivated buyers.
Net net: Fortnite may be more than a game, and it may be time to do more than say, “Put down that game. Come to dinner. Now.”
I will ask the audience on Friday, “Who plays Fortnite?” I will let you know if I learn anything or just get grumbles and blank stares from students and faculty alike.
Stephen E Arnold, January 21, 2019
DarkCyber for January 15, 2019, Now Available
January 15, 2019
DarkCyber for January 15, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/311054042 . The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cyber crime, and lesser known Internet services.
The first story discusses Discord, an in-game and chat service. The system takes a somewhat hands-off approach to monitoring user messages. Discord features what are called “magic emojis.” These emojis, when used among those who are members of a specific social group within Discord, can convey messages. Some potential bad actors–for example, white supremacists–allegedly have been using the services as a communications channel.
The second story explores an allegation that Facebook WhatsApp makes it possible for those interested in child pornography to locate this type of content. Third party apps provide finder services. Facebook is introducing electronic payments within WhatsApp. The likelihood for bad actors to use WhatsApp as a mechanism to exchange objectionable content is high. Facebook’s content policies are likely to undergo scrutiny from government authorities in 2019.
The third story profiles Gamalon, a company which develops software for the Defense Advanced Research Projects Agency and commercial enterprises. The key to Gamalon system is that it uses advanced statistical procedures to identify and extract ideas from source content. The company’s technology makes use of Bayesian methods in order to create automatically machine learning models. The models can then create new models to deal with new ideas expressed in the source data processed by the system.
The fourth story reports on Spain’s 36 month effort to slow or halt the trade of weapons in the country via the Dark Web. Authorities have arrested more than 200 individuals and seized hand guns and automatic weapons. The investigation continues.
The final story points to a study which provides facts and figures about the hidden Internet. Some of the data in the study sponsored by a star of the hit cable television program Shark Tank is quite remarkable. To cite one example, the number of hidden sites on the Internet is 32 times the number of stars in the galaxy. That a very large number and difficult to match with DarkCyber’s research data.
Kenny Toth, January 15, 2019
DarkCyber for January 8, 2019, Now Available
January 8, 2019
DarkCyber for January 8, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/309717457 . The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.
The lead story is a profile of Sintelix, an Australian company developing software for law enforcement and intelligence professionals. The system can acquire content from the hidden Internet, the Surface Web, third-party sources, and content repositories in an organization; for example, arrest records. Sintelix provides IBM Analyst’s Notebook user with a streamlined, modern interface without giving up the unique features of the IBM Analyst’s Notebook. The three key features of the Sintelix technology are its speed of document and content processing. Hundreds of thousands of documents can be analyzed and indexed on a standard office desktop computer in a few hours. Sintelix also includes an application programming interface. This API makes it possible to use Sintelix with a wide range of third party solutions. Also, the system incorporates robust timeline features. Ana analyst can examine events over a month and then zoom into look at activities in an hour on a specific day.
The second story addresses a way to reduce the complexity of the Tor software bundle, which is required to access Dark Web sites, Many Tor users find the bundle confusing, which can lead to careless errors. . A number of user-induced errors can lead to the user’s loss of the privacy which the Tor software appears to offer. The fix is to use a hardware device which can run the Tor software. DarkCyber reports on an older system called PORTAL as well as a new Raspberry Pi approach. Will these devices provide a way to surf the Web in anonymity. Unlikely, but if properly configured, the devices may prevent some types of operator errors.
The third story discusses India’s legislation which mandates that technology companies provide access to encrypted content. Like Australia, India’s action is helpful to law enforcement and intelligence professionals. However, the mandatory decryption may increase the likelihood that bad actors will find a way to exploit the backdoor. The regulations require that a technology company like Apple or Facebook would have to respond to the government request within a day or two. Even with automated decryption technology, the time limit may prove difficult for some companies.
The final story describes a novel type of punishment for child abuse. The UK has begun deporting abusers to their country of origin and stripping the individual of his or her UK citizenship. So far one Indian who amassed 23 counts of child abuse have been flagged for deportation. Three abusers from Pakistan are likely to be deported as well. Once in their home country, authorities may take punitive action against the abusers.
A new blog Dark Cyber Annex will be available at www.arnoldit.com/wordpress. Cyber crime, Dark Web, and company profiles are now appearing on a daily basis.
Kenny Toth, January 8, 2019
DarkCyber for December 18, 2018 Now Available
December 18, 2018
DarkCyber for December 18, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/306639675 .
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.
This week’s story line up includes… an informal agreement among Dark Web drug dealers to cut off sales of fentanyl… NSO, a provider of intelware to governments, is back in the news… Devicesavers can unlock any phone for $4,000… and a father and son Dark Web scheme leads directly to five years in prison.
First, some Dark Web ecommerce vendors are voluntarily cutting off sales of the synthetic opioid fentanyl. The reason is not going straight. The vendors are wary of stepped up police action in order to take down Dark Web sites selling the potent drug. DarkCyber notes that the actions of Dark Web ecommerce vendors are not likely to curtail the sale of the drug. Vendors move their transactions to encrypted chat sessions or private messaging groups on social media systems. Furthermore China prohibits the manufacture of fentanyl, but not some of its analogs.
Second, DarkCyber reports that the vendor of software for government agencies is back in the news. Reports link NSO with Saudi Arabia and allege that the Kingdom used NSO’s Pegasus tool to monitor Omar Abdulaziz and the slain journalist Jamal Khashoggi. Companies like NSO shun the spotlight. Now NSO finds itself allegedly linked to a high profile news story and the subject of increased attention from the Canadian Lab, an independent research group.
The third story reports that Drivesavers has a proprietary method for unlocking iPhones and Android devices. Apple took steps to eliminate a USB vulnerability which some firms were using to unlock iPhones. Drivesavers technique requires the law enforcement send the iPhone to the Drivesavers’ lab, where the phone is unlocked and its data copied to an external storage device. Drivesavers does not provide details about how its method works, but DarkCyber believes the approach is similar to that used by Cellebrite’s mobile device unlocking service. Drivesavers, DarkCyber reports, is listed on the GSA schedule which means US federal agencies can make use of the service with a minimum of bureaucratic
The final story recounts the fate of a father and son duo. The father hit upon the idea of selling his extra doctor prescribed painkillers on the Internet. When that did not work, he enlisted his son for help in setting up a Dark Web business. Federal agents spotted the ads and made an authorized drug buy. The father and son team were arrested and computing devices, text messages, and narcotics were seized. One of the text messages was from a customer who overdosed on the duo’s product. The message, sent from the hospital where the addict was recovering, wanted to set up another drug buy. The father and son team are now serving five years in prison.
DarkCyber is released each week on Tuesday. The next program will be available on December 25, 2018. In 2019, DarkCyber will introduce a Web log covering the stories in the weekly news program plus additional law enforcement related subjects.
Kenny Toth, December 18, 2018
DarkCyber for November 27, 2018, Now Available
November 27, 2018
DarkCyber for November 27, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/302658825.
This week’s program covers four stories related to the Dark Web and specialized Internet services.
DarkCyber reports that another call for a backdoors to encrypted communications. Cyrus Vance, the Manhattan district attorney, emphasized that government mandated backdoors are the only solution to device encryption. DarkCyber provides a link to the government report which substantiates this statement. Australia has issued a similar statement. Even though encrypted devices can be broken open, the time and resources required are significant. With the growing number of mobile devices in use by bad actors, the number of phones requiring decryption has created an evidence backlog. Encrypted devices, therefore, pose a significant challenge to law enforcement and intelligence professionals.
The second story reveals that autonomous killer drone technology is advancing rapidly. An autonomous drone is able to find, fix, and finish a target. DarkCyber describes the Elbit Systems’ Skystriker device which is about 95 percent autonomous at this time. Full autonomous operation is within view.
Other countries are working on similar technology. DarkCyber identifies autonomous sea going devices which can neutralize a target without a human in the kill chain. DarkCyber’s view is that countries without autonomous warfighting will find themselves at a strategic disadvantage.
The third story reports that facial recognition allowed 130 victims of child abuse to be identified by Dutch authorities. Mug shot image recognition and matching can perform at an accuracy level of about 90 percent. However, facial recognition from real time video feeds like surveillance cameras pose a more difficult problem. Accuracy rates for video identification can dip below 60 percent. Nevertheless, facial recognition technology is advancing rapidly with innovations from such firms as Boeing, Verint, and NSO. Startups are making significant technical contributions as well. Innovations from Trueface, Kairos, and PointGrab are likely to yield advances in recognition accuracy. DarkCyber provides links to two sources of information about facial recognition systems. One of these documents is a General Accountability Office report about facial recognition within the US government.
The final story describes an off tune Dark Web weapons deal. Three young men in England thought that buying Glock 19 firearms via the Dark Web was a foolproof scheme. Their idea was to specify that the weapons were shipped inside of an amplifier for an electric guitar. US and UK authorities identified the contraband and placed a video camera in the parcel. When the men received their delivery, the event was captured on video. The investigation yielded cash and narcotics. The individuals are now serving eight years in prison. It is unlikely that the amplifier is delivering Elvis’ hit “Jailhouse Rock” to the felons.
DarkCyber appears each Tuesday on the blog Beyond Search and on Vimeo. Watch for new programs each week at www.arnoldit.com/wordpress.
Kenny Toth, November 27, 2018
US Government to Crowdsource Malware
November 19, 2018
When we talk about all the wonderful opportunities for crowdsourcing, we often think about everything from network building to cake recipes. Very rarely do we think about governments crowdsourcing and even less frequently do we think about the benefits of sharing malware. But that’s exactly what’s happening and we couldn’t speak more highly of this choice. We learned more in a recent ZDNet story, “US Cyber Command Starts Uploading Foreign APT Malware to VirusTotal.”
According to the story:
“The Cyber National Mission Force (CNMF), a subordinate unit of US Cyber Command (USCYBERCOM), set in motion a new initiative through which the DOD would share malware samples it discovered on its networks with the broader cybersecurity community.”
What is VirusTotal? It’s a unique organization that works a little like the Center for Disease Control, in that they keep a running bank of all malware and viruses on the internet. What this does, is allows experts to investigate these nasty elements and keep us safe. The CNMF is a great resource to team with VirusTotal and we hope good things stem from this. Oddly, one thing we did discover is that VirusTotal is owned by Google, which has the potential to make for strange bedfellows someday.
Patrick Roland, November 19, 2018
DarkCyber for October 23, 2018, Now Available
October 23, 2018
DarkCyber, Stephen E Arnold’s video news program about the Dark Web and lesser known Internet services, is now available. You can view the video at www.arnoldit.com/wordpress or on Vimeo at https://vimeo.com/296379232.
This week’s program includes four stories.
Bing and Google allegedly display content not appropriate to some users. Bing suggests links to content related to images not suitable for young people. Google allegedly returns results to YouTube videos which explain how to purchase illegal substances on the Dark Web. DarkCyber’s research team verified that content some individuals may find problematic do appear in search results. YouTube “how to” videos are findable by exploring pages deeper in a Google search result set; for example, pages six and following. The conclusion is that even when “safe search” features are activated links to topics which may be interpreted as offensive are easy to find, even for novice Web searchers.
The second story reveals that old school exploits and hacks have found a new lease on life. Bad actors are using standard office software and widely used utilities to obtain access to confidential information, employee email, and customer data. The method involves luring an employee to click on a link such as a document allegedly containing a list of employees at another company. Once the document is opened, a known vulnerability in Microsoft Office Dynamic Data Exchange is used to take over the target’s computer. DarkCyber reveals the simple fix to use to protect from this old school exploit.
The third story presents information about the system and method used by the now defunct Psy-Group. This firm has been identified as an organization of interest in the Robert Mueller investigation of President Donald Trump’s alleged interactions related to the 2016 election. DarkCyber walks through the principal components of a psychological operation designed to push the hot buttons of individuals associated with certain topics and political ideas. The DarkCyber video includes a link to additional documents related to the Psy-Group’s methods, which appear to be similar to those used by Cambridge Analytica.
The final story provides information about the decrease in Facebook usage in 2017. However, among one group, Facebook has become a must have social network. This user group is law enforcement officers. These professionals adopt false personas and work to obtain access to closed Facebook groups in order to gather information related to an investigation. The use of false personas is becoming a standard practice, and the data gathered are admissible in certain proceedings.
Beginning on October 30, 2018, DarkCyber presents a four part series about Amazon’s policeware initiative. The videos explain the importance of the Department of Defense’s JEDI procurement, the principal components of Amazon’s machine learning system, how Amazon will work to create a new type of vendor lock in, and the use of the Amazon policeware platform as a jumping off point for regulatory services in the US and expansion of its customer base outside the United States.
Kenny Toth, October 23, 2018
DarkCyber for September 18, 2018 Now Available
September 18, 2018
DarkCyber for September 18, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/290147202 .
This week’s DarkCyber video news program covers … Bitfury’s deanonymization service and its unusual sales approach… the loss of UK law enforcement laptops… facial recognition for law enforcement challenged by tech company employees… and X1 and its eDiscovery system with Dark Web content support.
The first story explains that Bitfury, a UK company with an interesting staff line up, offers digital currency deanonymization services. The company’s approach to sales, however, is unusual. Specifically, the company refused to explain its services at a recent law enforcement conference. DarkCyber continues to recommend that agencies interested in digital currency deanonymization look at services available from Chainalysis and Elliptic, two companies which do explain their services to security and enforcement officials.
The second story reports that UK media pointed out that in one year, UK law enforcement lost 60 laptops. With tens of thousands of officers and operators, DarkCyber states that the alleged problem is blown out of proportion. Bad actors attempt to obtain laptops, mobiles, and other computing devices in order to compromise investigations. DarkCyber asserts that the loss of 60 laptops illustrates the good job UK authorities do with regard to preventing loss of laptops.
The third story describes the Amazon DeepLens system. In addition to explaining how this Amazon camera integrates with Amazon’s machine learning and analytics subsystems, DarkCyber reports that neither Amazon, IBM, or any other US company was able to sell their technology to Ecuador. That country purchased a state-of-the-art Chinese developed system. With employee pushback against their employers’ work for the US government, US facial recognition technology may find itself at a disadvantage with regard to technical development and system innovation.
The final story covers the X1 eDiscovery system for social content. The X1 technology can now acquire and process social media information as well as some Dark Web content. Instead of directly scraping Dark Web sites, the X1 method relies on the Tor2Web.org service. The new product costs about $2,000 per year. DarkCyber explains where to download a 14-day free trial.
Kenny Toth, September 18, 2018
Blockchain Bridges the Crypto Gap of Legality
September 4, 2018
Cryptocurrency like Bitcoin has long been the Dark Web’s favorite way of doing illegal business transactions. However, the technology that it is built upon is opening up and providing law enforcement with an interesting weapon, as we discovered in a recent CoinPick story, “Use of BitCoin Over Dark Web Has Dropped, but DEA Wants Criminals to Keep Using Cryptocurrencies.”
According to the piece:
“This is where blockchain plays a very important part. Even though Bitcoin does not carry IDs, the transactions being available on a distributive ledger are accessible to the public. The investigators can track the funds and apprehend Individuals related to criminal activity this way. Infante further stated: The blockchain actually gives us a lot of tools to be able to identify people.”
By exploiting the platform’s weaknesses, law enforcement is zeroing in on illegal activity. We expect this to become more and more common thanks to the fact that police are beginning to familiarize themselves with it for run-of-the-mill internal programs as well as high level crimefighting. This gap is being bridged and one of two things will happen: Either cryptocurrency crime will be wiped out, or the bad guys will have to find a new way to stay hidden.
In Stephen E Arnold’s upcoming lecture in Washington, DC, attendees will learn that bad actors need to be aware of a new intelligence service. The provider? Amazon. More details will be shared in a DarkCyber video after Stephen returns.
Patrick Roland, September 4, 2018
-
- Subscribe to Beyond Search
Feature archive
News archive
-
