DarkCyber Profiles the Grayshift iPhone Unlocking Appliance
April 5, 2018
DarkCyber has released a special video report about Grayshift’s iPhone unlocking device for law enforcement forensics professionals. The GrayKey device unlocks most iPhones quickly and without the need to ship the suspect’s mobile phone off site.
The video is available on Vimeo at https://vimeo.com/262858305.
The video covers the pricing for the iPhone unlocker and its key features. Plus, the video product overview identifies the challenges that Grayshift will have to overcome if it wants to become the preferred provider of plug-and-unlock iPhone devices.
Stephen E Arnold said, “Grayshift’s GrayKey is important because it offers an easy-to-use iPhone unlocking system. Four digit passcode protected devices can be unlocked in two to three hours. Apple mobiles with six digit passcodes can be unlocked in two to three days. The device can be used in a mobile forensics lab and costs a fraction of some competitive solutions. GrayKey looks like the right product at the right time and at the right price.”
DarkCyber is a weekly video new program for law enforcement, intelligence, and security professionals. The special report series will focus on a single product, service, or technical innovation.
This is a special report in his CyberOSINT Tools series. These special reports will be issued when notable products, services, or technologies become available to law enforcement and intelligence professionals.
Stephen E Arnold is the author of “Dark Web Notebook” and “CyberOSINT: Next Generation Information Access.” He has been named as a technology adviser to the UK based Judicial Commission of Inquiry into Human Trafficking and Child Sex Abuse.” Mr. Arnold also lectures to law enforcement and intelligence professionals attending the Telestrategies ISS conferences in Prague, Washington, DC, and Panama City, Panama. In recent months, he has shared his research with law enforcement and intelligence professionals in the US and Europe. His most recent lectures focus on deanonymizing chat and digital currency transactions. One hour and full day programs are available via webinars and on-site presentations.
Kenny Toth, April 5, 2018
Apple and Its Snowden Moment
February 14, 2018
I don’t pay much attention to the antics of Apple, its employees, or its helpers. I did note this story in Boy Genius Report: “We Now Know Why an Apple Employee Decided to Leak Secret iPhone Code.” My take is that the trigger was a bit of the high school science club mentality and the confusion of what is straight and true with the odd ball ethos of clever, young tech wizards.
The cat is out of the bag. Removing content from Github does not solve the problem of digital information’s easy copy feature.
How will Apple handle its Snowden moment? Will the leaker flee to a friendly computing nation state like Google or Microsoft? Will the Apple iPhone code idealist hole up in a Motel 6 at SFO until the powers that be can debrief him and move him to a safe cubicle?
I think the episode suggests that insider threats are a challenge in today’s online environment. With the report that security service providers are suffering from false positives, the reality of protecting secrets is a bit different from the fog of assumption that some have about their next generation systems. I call it the “illusion of security.”
Reality is what one makes it, right?
Stephen E Arnold, February 14, 2018
OpenText Wants to Be the Big Dog in Cyber Security
February 4, 2018
My wife and I rescued a French bull dog. We also have a boxer, which is three times the size of the rescued canine. The rescued canine thinks he is a bull mastiff. We believe that the French bull dog has a perception problem.
Here’s a quote from “OpenText Enfuse 2018 To Showcase The Future of Cybersecurity and Digital Investigations”:
OpenText’s industry leading digital investigation, forensic security and data risk management solutions are defining the future of cybersecurity, digital investigations and e-Discovery, and serve to extend the security capabilities of OpenText’s leading information management platform.”
I noticed this statement at the bottom of the “real” news story:
Certain statements in this press release may contain words considered forward-looking statements or information under applicable securities laws.
I think our French bull dog might say something like this when he tries to impose his will on Max, our large, strong, aggressive boxer.
In the cyber marketplace, will IBM i2 roll over and play dead? Will Palantir Technologies whimper and scamper back to Philz Coffee? Will the UAE vendor DarkMatter get into the pizza business? Will the Google and In-Q-Tel funded Recorded Future decide that real estate development is where the action is?
Forward looking? Yeah, no kidding.
Stephen E Arnold, February 4, 2018
Dark Web Criminals Seek Alternatives to Bitcoin
January 8, 2018
Law enforcement has been getting better at using Bitcoin to track criminals on the dark web, so bad actors are exploring alternatives, we learn from the article, “Dark Web Finds Bitcoin Increasingly More of a Problem Than a Help, Tires Other Digital Currencies” at CNBC.
Reporter Evelyn Cheng writes:
In the last three years, new digital currencies such as monero have emerged in an effort to increase privacy. Unlike the open transaction record of bitcoin, monero’s technology hides the name of the sender, amount and receiver. A representative from monero did not respond to email and Twitter requests for comment. Monero hit a record high Monday of $154.58, up more than 1,000 percent this year, according to CoinMarketCap.
Digital currency ethereum is an increasing target for cybercrime as well, according to Chainalysis. Ethereum is up about 4,300 percent this year amid a flood of funds into the digital currency for initial coin offerings, which have raised the equivalent of nearly $1.8 billion in the last three years, CoinDesk data showed. Cybercriminals raised $225 million in ethereum so far this year, Chainalysis said in a report posted Aug. 7 on its website. Phishing attacks — disguised emails or other communication used to trick people into disclosing personal information — make up more than half of all ethereum cybercrime revenue this year at $115 million, the study said. The Ethereum Foundation did not return a CNBC request for comment.
Make no mistake, Bitcoin is still in the lead even with criminals—its popularity makes it easy to quickly convert with no third parties involved. As that popularity continues to increase and the currency becomes more mainstream, though, other options await.
Cynthia Murrell, January 8, 2018
Investigating Cybercrime
December 29, 2017
The devastating Equifax breach is being pursued by federal investigators who know what they are doing, we learn from the piece, “Cybercrimes Present Unique Challenges for Investigators” at SFGate. AP Writer Kate Brumback writes:
The federal investigators looking into the breach that exposed personal information maintained by the Equifax credit report company are used to dealing with high-profile hacks and the challenges they present. The U.S. attorney’s office and FBI in Atlanta have prosecuted developers and promoters of the SpyEye and Citadel malware toolkits, used to infect computers and steal banking information. They’ve helped prosecute a hack into Scottrade and ETrade that was part of an identity theft scheme, and aided the international effort that in July shut down AlphaBay, the world’s largest online criminal marketplace.
The U.S. Attorney’s office has confirmed that, along with the FBI, it is investigating the breach at Atlanta-based Equifax, which the company said lasted from mid-May to July and exposed the data of 145 million Americans.
Though investigators would not tell Brumback anything about this specific investigation, they shared some of what it is like to pursue cybercrime in general. For example, one prosecutor notes that for every conviction there are about 10 times as many investigations that dead-end. Aliases and invite-only forums make it difficult to identify perpetrators; often, success is the result of a slip-up on the part of the bad actor. Another complication—as we know, the internet transcends boundaries, and several foreign governments do not extradite to the U.S. (or do, but slowly). Once we do catch the bad guys, they can be punished, but the issue of restitution tends to be prohibitively complicated. With a focus on prevention, investigators are now working with many companies before breaches occur.
Cynthia Murrell, December 29, 2017
Law Enforcement Do Not Like Smartphones
December 26, 2017
Smartphones and privacy concerns are always hot topics after mass shootings and terroristic acts. The killers and terrorists always use their smartphones to communicate with allies, buy supplies, and even publicize their actions. Thanks to these criminals, law enforcement officials want tech companies to build backdoors into phones so they can always can the information. The remainder of the public does not like this. One apple spoils the entire batch. KPTV explains why smartphones are a problem in “Why Smartphones Are Giving Police Fits.”
After the recent mass shooting in Texas, police were unable to hack into the killer’s phone because of all the privacy software in place. Law enforcement do not like this because they are unable to retrieve data from suspects’ phones. Software developers insist that the encryption software is necessary for digital privacy, but police do not like that. It holds up their investigations.
…it could take specialists weeks to unlock the phone and access material that may reveal the killer’s motive and other information.
The FBI’s first option is likely to pressure the device-maker to help access the phone, but if that won’t work they could try breaking into it. Sometimes “brute force” attacks aimed at methodically guessing a user’s passcode can open a device, though that won’t work with all phones.
Arora said the difficulty of breaking into the phone would depend on numerous factors, including the strength of the gunman’s passcode and the make and model of the phone. Police may have more options if it’s an Android phone, since security practices can vary across different manufacturers.
The tech companies, though, are out to protect the average person, especially after the Edward Snowden incident. The worry is that if all smartphones have a backdoor, then it will be used for more harm than good. It establishes a dangerous precedent.
Law enforcement, however, needs to do their jobs. This is similar to how the Internet is viewed. It is a revolutionary tool, but a few bad apples using it for sex trafficking, selling illegal goods, and child porn ruins it for the rest of us.
Whitney Grace, December 26, 2017
SIXGILL: Dark Web Intelligence with Sharp Teeth
December 14, 2017
“Sixgill” refers to the breathing apparatus of a shark. Deep. Silent. Stealthy. SIXGILL offers software and services which function like “your eyes in the Dark Web.”
Based in Netanya, just north of Tel Aviv, SIXGILL offers services for its cyber intelligence platform for the Dark Web. What sets the firm apart is its understanding of social networks and their mechanisms for operation.*
The company’s primary product is called “Dark-i.” The firm’s Web site states that the firm’s system can:
- Track and discover communication nodes across darknets with the capability to trace malicious activity back to their original sources
- Track criminal activity throughout the cyber crime lifecycle
- Operate in a covert manner including the ability to pinpoint and track illegal hideouts
- Support clients with automated and intelligence methods.
The Dark-i system is impressive. In a walk through of the firm’s capabilities, I noted these specific features of the Dark-i system:
- Easy-to-understand reports, including summaries of alleged bad actors behaviors with time stamp data
- Automated “profiles” of Dark Web malicious actors
- The social networks of the alleged bad actors
- The behavior patterns in accessing the Dark Web and the Dark Web sites the individuals visit.
- Access to the information on Dark Web forums.
Details about the innovations the company uses are very difficult to obtain. Based on open source information, a typical interface for SIXGILL looks like this:
Based on my reading of the information in the screenshot, it appears that this SIXGILL display provides the following information:
- The results of a query
- Items in the result set on a time line
- One-click filtering based on categories taken from the the sources and from tags generated by the system, threat actors, and Dark Web sources
- A list of forum posts with the “creator” identified along with the source site and the date of the post.
Compared with reports about Dark Web activity from other vendors providing Dark Web analytic, monitoring, and search services, the Dark Web Notebook team pegs s SIXGILL in the top tier of services.
Fake Hitman Dark Web Site Rakes in the Bitcoin
November 16, 2017
No one can accuse these scammers of not going all in. Motherboard reports, “This Fake Hitman Site Is the Most Elaborate, Twisted Dark Web Scam Yet.” Reporter Joseph Cox describes the almost-certainly fake hitman-services website Besa Mafia. He writes:
Although many already suspected the site was a sham, Risk Based Security reported last week that supposedly hacked data shining more light on its behind-the-scenes dealings had been posted online. Included in that dump were alleged lists of ‘hitmen,’ photos of targets customers had uploaded, orders made on the site, and a large cache of messages purportedly between users and site admins.
Although the site is almost definitely a scam—and a seemingly profitable one at that—the sheer effort its creators have gone to puts Besa Mafia head and shoulders above just about anything else on the dark web.”
Yes, to protect its stream of bitcoin profit (apparently about $23,000 by the time of the data dump), the site admins literally threaten to burn the cars of those who give them negative reviews. Less dramatically, they also seem to be seeding the Dark Web with positive reviews of their own non-existent services
Another interesting point from the data dump—in a hedge, the website has been supplying information on would-be clients and contractors to law enforcement. The article reports:
In one message from the dump, the admin writes that the site not only cheats people out of their bitcoin; it also provides information to law enforcement about ordered hits. ‘This website is to scam criminals of their money. We report them for 2 reasons: to stop murder, this is moral and right; to avoid being charged with conspiracy to murder or association to murder, if we get caught,’ the admin writes.
They certainly thought this through. See the article for more details on this fake purveyor of violent services.
Cynthia Murrell, November 16, 2017
Dark Web Predator Awaits Sentencing
November 15, 2017
Here we have one of the darker corners of the Dark Web. A brief but disturbing article at the UK’s Birmingham Mail reports, “Birmingham University Academic Dr Matthew Falder Led Horrific Dark Web Double Life as ‘666devil’.” The 28-year-old academic in question has pled guilty to 137 charges, most if not all, it seems, of vile crimes against children. Reporter James Cartledge writes:
Since 2010, the geophysicist, who worked at Birmingham University till September, had degraded and humiliated more than 50 victims online using the names ‘666devil’ and ‘evilmind’. … He admitted the offences at a hearing at Birmingham Crown Court on Monday. He was arrested on June 21 this year and has been held in custody since that date. Falder, of Edgbaston, Birmingham, posed as a woman on sites such as Gumtree to trick his victims into sending him naked or partially-clothed images of themselves. The disgraced geophysicist then threatened to expose his victims if they did not send severe and depraved abuse images of themselves. He then distributed the images.
It gets worse from there. We’re told this is the first time the UK’s National Crime Agency had delved into the Dark Web’s hidden forums that share and discuss such “dark” material. Falder is scheduled to be sentenced on December 7 and shall remain in custody in the meantime.
Cynthia Murrell, November 15, 2017
A Flashing Way to Find Business Risks
November 8, 2017
Business intelligence involves many factors that range from enterprise systems to big data business analytics. Another aspect is determining the risk of business decisions. While a piece of software does not exist that can accurately predict the future, technology companies have come close. Programmable Web published the article, “Flashpoint Launches V4 Of Its Business Risk Intelligence API” that describes one company’s newest endeavors in business risk intelligence.
Flashpoint’s business risk intelligence API is officially on its fourth version. Dubbed Flashpoint API 4, the software provides a set of cybersecurity tools and the newest version includes a dataset for Risk Intelligence Observables (RIOs). RIOs dig deeper than past indicators in specified activities to deliver secure insights.
The Flashpoint API aims to deliver near to real-time access to its security services. Because of RESTful API access, Flashpoint technology is available to entry-level users and enterprises alike. Through the API, users can search across Finished Intelligence, Deep & Dark Web data, and RIOs. A key component of Flashpoint’s strategy is context surrounding threats, and the API’s customization options allow users to define and address context to suit specific needs. Contact the Flashpoint team for more information.
Perhaps the most impressive thing about version four’s release is the partner community. These include ThreatConnect, ThreatQuotient, Silobreaker, and Anomali. These four companies are part of Flashpoint’s Strategic Partner Network and all have the goal to help companies detect cybercrime and other threats.
Whitney Grace, November 8, 2017
-
- Subscribe to Beyond Search
Feature archive
News archive
-
