Browse > Home / Archive by category 'cybercrime'

HSDirs Could Be the Key to Dark Web Intelligence

January 12, 2017

An article on Security Affairs called Boffins spotted over 100 snooping Tor HSDir nodes spying on Dark Web sites points to a new tactic that could be useful to companies offering Dark Web intelligence services. Within the inner workings of the Dark Web live at least 100, according to researchers, malicious hidden service directories (HSDirs). These are the relays of the network that allow people to visit hidden services. The author quotes researchers Filippo Valsorda and George Tankersley who presented at the Hack in the Box Security Conference,

When a person wants to host a hidden service, they have to advertise their service on a Tor Onion database, which is a DHT made up of a group of stable relay machines called HSDirs . The person who wants to visit the hidden service has to request information about that service from the database. Therefore, those relays or HSDirs can see who is making the request for a connection and when you want to connect. Therefore, to deanonymize a user’s traffic, an attacker could choose to become the HSDir nodes for the hidden service.

Additionally, researchers from Karlstad University in Sweden found 25 nodes within the The Onion Router (Tor) which showed entities snooping on the supposedly anonymous network. It appears gaps exist. The research shows an unspecified actor from Russia was eavesdropping. Are these snoopers Dark Web intelligence or cybercriminals? We shall stay tuned.

Megan Feil, January 12, 2017

Written by Stephen E. Arnold · Filed Under cybercrime, Dark Web, Hackers, News, Security, Tor | Comments Off on HSDirs Could Be the Key to Dark Web Intelligence 

The Sophistication of the Dark Web Criminals of Today

January 11, 2017

Vendors of stolen credit card information on the dark web are now verifying their customers’ identities, we learn from an article at the International Business Times, “The Fraud Industry: Expect to be KYC’d by Criminals When Buying Stolen Credit Cards on the Dark Web.” Yes, that is ironic. But these merchants are looking for something a little different from the above-board businesses that take KYC measures. They want to ensure potential clients are neither agents of law-enforcement nor someone who will just waste their time.  Reporter Ian Allison cites Richard Harris, an expert in fraud detection through machine learning, when he writes:

Harris said some websites begin with a perfunctory request that the buyer produce some stolen card numbers of their own to show they are in the game. ‘There are various websites like that where undercover cops have been caught out and exposed. Like anybody else, they are in business and they take the security of their business seriously,’ he said.

Things have moved on from the public conception of a hacker in a hoodie who might hack the Pentagon’s website one day and steal some credit card details the next. That was 10 or 15 years ago. Today this is a business, pure and simple. It is about money and lots of it, like for instance the recent hit in Japan that saw a criminal gang make off with ¥1.4bn (£8.9m, $13m) from over 1,400 ATMs in under three hours. They simultaneously targeted teller machines located in Tokyo, Kanagawa, Aichi, Osaka, Fukuoka, Nagasaki, Hyogo,Chiba and Nigata. The Japanese police suspect more than 100 criminals were involved in the heist.

Harris is excited about the potential for machine learning to help thwart such sophisticated and successful, criminals. The article continues with more details about today’s data-thievery landscape, such as the dark-web bulletin boards where trade occurs, and the development of “sniffers” — fake wi-fi hubs that entice users with a promise of free connectivity, then snatch passwords and other delectable data. Allison also mentions the feedback pages on which customers review dark-web vendors, and delves into ways the dark web is being used to facilitate human trafficking. See the write-up for more information.

Cynthia Murrell, January 11, 2017

Written by Stephen E. Arnold · Filed Under cybercrime, Dark Web, Government, Hackers, News, Security | Comments Off on The Sophistication of the Dark Web Criminals of Today 

Medical Records Are the Hot New Dark Web Commodity

January 10, 2017

From emails to Netflix and Uber account information to other personally identifiable information has long been for sale on the Dark Web. A recent article from Fast Company, On The Dark Web, Medical Records Are A Hot Commodity, shares that medical records are the latest offerings for sale on the Dark Web. Medical records sold in these marketplaces usually include an individual’s name, birthdate, social security number and medical information. They fetch the relatively high price of $60 a piece, in comparison to social security numbers at $15. The article explains more,

On the dark web, medical records draw a far higher price than credit cards. Hackers are well aware that it’s simple enough to cancel a credit card, but to change a social security number is no easy feat. Banks have taken some major steps to crack down on identity theft. But hospitals, which have only transitioned en masse from paper-based to digital systems in the past decade, have far fewer security protections in place.

Cybercrime of medical records is potentially life-threatening because oftentimes during the theft of medical records, data showing allergies and other vital information is erased or swapped. Hopefully, the amount of time it took the medical industry to transition from paper to electronic health records is not representative of the time it will take the industry to increase security measures.

Megan Feil, January 10, 2017

Written by Stephen E. Arnold · Filed Under cybercrime, Dark Web, healthcare, News, Privacy, Security | 1 Comment 

Cybersecurity Technology and the Hacking Back Movement

December 19, 2016

Anti-surveillance hacker, Phineas Fisher, was covered in a recent Vice Motherboard article called, Hacker ‘Phineas Fisher’ Speaks on Camera for the First Time—Through a Puppet. He broke into Hacking Team, one of the companies Vice called cyber mercenaries. Hacking team and other firms sels hacking and surveillance tools to police and intelligence agencies worldwide. The article quotes Fisher saying,

I imagine I’m not all that different from Hacking Team employees, I got the same addiction to that electronic pulse and the beauty of the baud [a reference to the famous Hacker’s manifesto]. I just had way different experiences growing up. ACAB [All Cops Are Bastards] is written on the walls, I imagine if you come from a background where you see police as largely a force for good then writing hacking tools for them makes some sense, but then Citizen Lab provides clear evidence it’s being used mostly for comic-book villain level of evil. Things like spying on journalists, dissidents, political opposition etc, and they just kind of ignore that and keep on working. So yeah, I guess no morals, but most people in their situation would do the same. It’s easy to rationalize things when it makes lots of money and your social circle, supporting your family etc depends on it.

The topics of ethical and unethical hacking were discussed in this article; Fisher states the tools used by Hacking Team were largely used for targeting political dissidents and journalists. Another interesting point to note is that his evaluation of Hacking Team’s software is that it “works well enough for what it’s used for” but the real value it offers is “packaging it in some point-and-click way.” An intuitive user experience remains key.

Megan Feil, December 19, 2016

Written by Stephen E. Arnold · Filed Under cybercrime, cybersecurity, Hackers, News, Security, User experience | 1 Comment 

« Previous Page

  • Archives

  • Recent Posts

  • Meta