Browse > Home / Archive by category 'cybercrime'

Cyber Criminals Rejoice: Quick Fraud Development Kit Announced

October 11, 2024

dino 10 19_thumbThis blog post did not require the use of smart software, just a dumb humanoid.

I am not sure the well-organized and managed OpenAI intended to make cyber criminals excited about their future prospects. Several Twitter enthusiasts pointed out that OpenAI makes it possible to develop an app in 30 seconds. Prashant posted:

App development is gonna change forever after today. OpenAI can build an iPhone app in 30 seconds with a single prompt. [emphasis added]

The expert demonstrating this programming capability was Romain Huet. The announcement of the capability débuted at OpenAI’s Dev Day.

image

A clueless dinobaby is not sure what this group of youngsters is talking about. An app? Pictures of a slumber party? Thanks, MSFT Copilot, good enough.

What’s a single prompt mean? That’s not clear to me at the moment. Time is required to assemble the prompt, run it, check the outputs, and then fiddle with the prompt. Once the prompt is in hand, then it is easy to pop it into o1 and marvel at the 30 second output. Instead of coding, one prompts. Zip up that text file and sell it on Telegram. Make big bucks or little STARS and TONcoins. With some cartwheels, it is sort of money.

Is this quicker that other methods of cooking up an app; for example, some folks can do some snappy app development with Telegram’s BotFather service?

Let’s step back from the 30-second PR event.

Several observations are warranted.

First, programming certain types of software is becoming easier using smart software. That means that a bad actor may be able to craft a phishing play more quickly.

Second, specialized skills embedded in smart software open the door to scam automation. Scripts can generate other needed features of a scam. What once was a simple automated bogus email becomes an orchestrated series of actions.

Third, the increasing cross-model integration suggests that a bad actor will be able to add a video or audio delivering a personalized message. With some fiddling, a scam can use a phone call to a target and follow that up with an email. To cap off the scam, a machine-generated Zoom-type video call makes a case for the desired action.

The key point is that legitimate companies may want to have people they manage create a software application. However, is it possible that smart software vendors are injecting steroids into a market given little thought by most people? What is that market? I am thinking that bad actors are often among the earlier adopters of new, low cost, open source, powerful digital tools.

I like the gee whiz factor of the OpenAI announcement. But my enthusiasm is a fraction of that experienced by bad actors. Sometimes restraint and judgment may be more helpful than “wow, look at what we have created” show-and-tell presentations. Remember. I am a dinobaby and hopelessly out of step with modern notions of appropriateness. I like it that way.

Stephen E Arnold, October 11, 2024 

Written by Stephen E. Arnold · Filed Under AI, Business strategy, cybercrime, Fogint, News | Comments Off on Cyber Criminals Rejoice: Quick Fraud Development Kit Announced 

What Can Cyber Criminals Learn from Automated Ad Systems?

October 10, 2024

Vea_thumb_thumbThe only smart software involved in producing this short FOGINT post was Microsoft Copilot’s estimable art generation tool. Why? It is offered at no cost.

My personal opinion is that most online advertising is darned close to suspicious or outright legal behavior. “New,” “improved,” “Revolutionary” — Sure, I believe every online advertisement. But consider this: For hundreds of years those in the advertising business urged a bit of elasticity with reality. Sure, Duz does it. As a dinobaby, I assert that most people in advertising and marketing assume that reality and a product occupy different parts of a data space. Consequently most people — not just marketers, advertising executives, copywriters, and prompt engineers. I mean everyone.

image

An ad sales professional explains the benefits of Facebook, Google, and TikTok-type of sales. Instead of razor blades just sell ransomware as stolen credit cards. Thanks, MSFT Copilot. How are those security remediation projects with anti-malware vendors coming? Oh, sorry to hear that.

With a common mindset, I think it is helpful to consider the main points of “TikTok Joins the AI-Driven Advertising Pack to Compete with Meta for Ad Dollars.” The article makes clear that Google and Meta have automated the world of Madison Avenue. Not only is work mechanical, that work is informed by smart software. The implications for those who work the old fashioned way over long lunches and golf outings are that work methods themselves are changing.

The estimable TikTok is beavering away to replicate the smart ad systems of companies like the even more estimable Facebook and Google type companies. If TikTok is lucky as only an outfit linked with a powerful nation state can be, a bit of competition may find its way into the hardened black boxes of the digital replacement for Madison Avenue.

The write up says:

The pitch is all about simplicity and speed — no more weeks of guesswork and endless A/B testing, according to Adolfo Fernandez, TikTok’s director, global head of product strategy and operations, commerce. With TikTok’s AI already trained on what drives successful ad campaigns on the platform, advertisers can expect quick wins with less hassle, he added. The same goes for creative; Smart+ is linked to TikTok’s other AI tool, Symphony, designed to help marketers generate and refine ad concepts.

Okay, knowledge about who clicks what plus automation means less revenue for the existing automated ad system purveyors. The ideas are information about users, smart software, and automation to deliver “simplicity and speed.” Go fast, break things; namely, revenue streams flowing to Facebook and Google.

Why? Here’s a statement from the article answering the question:

TikTok’s worldwide ad revenue is expected to reach $22.32 billion by the end of the year, and increase 27.3% to $28.42 billion by the end of 2025, according to eMarketer’s March 2024 forecast. By comparison, Meta’s worldwide ad revenue is expected to total $154.16 billion by the end of this year, increasing 23.2% to $173.92 billion by the end of 2025, per eMarketer. “Automation is a key step for us as we enable advertisers to further invest in TikTok and achieve even greater return on investment,” David Kaufman, TikTok’s global head of monetization product and solutions, said during the TikTok.

I understand. Now let’s shift gears and ask, “What can bad actors learn from this seemingly routine report about jockeying among social media giants?”

Here are the lessons I think a person inclined to ignore laws and what’s left of the quaint notion of ethical behavior:

  1. These “smart” systems can be used to advertise bogus or non existent products to deliver ransomware, stealers, or other questionable software
  2. The mechanisms for automating phishing are simple enough for an art history or poli-sci major to use; therefore, a reasonably clever bad actor can whip up an automated phishing system without too much trouble. For those who need help, there are outfits like Telegram with its BotFather or helpful people advertising specialized skills on assorted Web forums and social media
  3. The reason to automate are simple: Better, faster, cheaper. Plus, with some useful data about a “market segment”, the malware can be tailored to hot buttons that are hard wired to a sucker’s nervous system.
  4. Users do click even when informed that some clicks mean a lost bank account or a stolen identity.

Is there a fix for articles which inform both those desperate to find a way to tell people in Toledo, Ohio, that you own a business selling aftermarket 22 inch wheels and alert bad actors to the wonders of automation and smart software? Nope. Isn’t online marketing a big win for everyone? And what if TikTok delivers a very subtle type of malware? Simple and efficient.

Stephen E Arnold, October 10, 2024

Written by Stephen E. Arnold · Filed Under Advertising, AI, cybercrime, Marketing, News | Comments Off on What Can Cyber Criminals Learn from Automated Ad Systems? 

FOGINT: Internet Service Providers in the Hot Box

October 9, 2024

Vea_thumbThe only smart software involved in producing this short FOGINT post was Microsoft Copilot’s estimable art generation tool. Why? It is offered at no cost.

For several years, I have used the term “ghost providers” to describe online service providers as enablers of online crime. The advent of virtual machines and virtual servers operated by customers who just pay a monthly fee and do everything themselves provides a great foggy ground cover. If an investigators speaks with one of these providers, the response includes variations of “We don’t know” and “No clue, bro.” The reason is that the service provider provides access to a system, includes no support, and leaves it up to the person paying the bill to be the cook, bottlewasher, and janitor. These outfits are in the service business with a range of offerings: Full service to DIY.

image

“Oh, we cannot see what is on the virtual machines working as virtual servers,” says the bright ISP operator. Thanks, MSFT Copilot. That’s pretty lousy fog if I say so myself.

Italy wants to take action to prevent enablers who provide ghost services with bare metal and zero service other than pings, plumbing, and power. “ISPs ‘Betrayed’ Over Pirate Site-Blocking Threats, The Reckoning Will Be Invisible” reports that Italy’s

advanced legal weaponry is incapable of dealing with distant pirate IPTV services. Instead, it mainly targets communications infrastructure, much of it operated by rightsholders’ supposed allies – ISPs – who were given no say in the matter.

Torrent Freak’s view of the law is somewhat reserved, even skeptical. The cited article continues:

if pirate sites share an IP address with entirely innocent sites, and the innocent sites are outnumbered, ISPs, VPNs and DNS services will be legally required to block them all. Since nobody ever passes bad law and good laws hurt no one, blocking innocent sites can be conducted guilt-free from the moral high ground.

Among those with a strong view of the law is Giovanni Zorzoni, president of the Italian Internet Provider Association. No big surprise, FOGINT surmises. The article quotes him as saying:

“Irresponsible initiative that, in the sole interest of the football lobby, tramples on operators, [AGCOM] and the Internet ecosystem,” he said. “Thanks to the new law, they will be able to block sites that are no longer exclusively, but also ‘mainly’ used to distribute illegal content, substantially widening the scope of [rightsholders’] discretion. It may therefore happen, much more frequently, that even legitimate addresses that are only accidentally used for the transmission of pirated content are blocked,” Zorzoni added.

Google offered some input which Torrent Freak presented; to wit:

Diego Ciulli, Head of Government Affairs and Public Policy at Google in Italy, expressed concern over the likely effect on the justice system in Italy should Google be required to comply. Under the label of “fighting piracy”, Ciulli said that digital platforms will be required to notify the judicial authorities of ALL copyright infringements – present, past and future – when they become aware of them. That could be a problem. “Do you know how many there are in the case of Google? At the moment, 9,756,931,770. In short, the Senate is asking us to flood the judicial authorities with almost 10 billion URLs – and provides for prison if we miss a single notification. If the law is not amended, the risk is to do the opposite of the spirit of the law: clog up the judicial authorities, and take resources away from the fight against piracy,” he warned.

Yep, imagine if ISPs had to block packets containing information directly linked to illegal activities. That is, it seems, to be a lot of work for the ISPs to do.

Several observations:

  1. Some service providers are known for their willingness to facilitate content which breaks laws
  2. The “virtualization” of “services” provides a 24×7 disco dance fog machine to hide certain activities from staff, other customers, and government authorities
  3. The money derived from the customers who exploit the willful obfuscation makes the service provider business tick.

Is the Italian law a remedy? No. Will other countries crank up regulation of ISPs? Yes. But after decades of a digital Wild West, fences will not be erected overnight. As a result, the black sheep will roam among wild ponies and make a range of online crimes possible and lucrative. That’s quite a marketing position for some firms.

Stephen E Arnold, October 9, 2024

Written by Stephen E. Arnold · Filed Under cybercrime, Fogint, News, Online (general) | Comments Off on FOGINT: Internet Service Providers in the Hot Box 

FOGINT: A Doggie Telegram Play in the Mists of Crypto

October 8, 2024

The FOGINT team has noticed an uptick about the Simplex messenger. You can download the end to end encrypted application from this link. According to chatter on interesting discussion services, individuals espousing certain beliefs are abandoning Telegram because Mr. Freedom (Pavel Durov is allegedly cooperating with law enforcement and other government officials in certain investigation). The causal link between Simplex and Telegram’s new, flexible approach to allegedly illegal activities may be clear to some people. That’s fine.

image

Some people will not be aware that the sheep are ignoring a government worker wearing a rather poor sheep disguise. Thanks, MSFT Copilot. How are those Windows updates going? Oh, how about those security changes?

However, Telegram continues to push into territory far more significant than fooling around with the craziness of those who use Telegram to organize traffic jams and sell contraband. The big fish is now on the dock. The fish mongers are crowding around to find out the value of the snatch.

The First Telegram ICO Is Here: Dogizen, Launches Today” reveals what may be a more significant move in the underground financial ecosystem. The FOGINT teams thinks that Telegram is doing its part to undermine the US dollar, not make weird animal games available to people who want free money. The article reported on October 4, 2024:

This is the first ICO to offer investors the chance to purchase the DOGIZ token directly from within Telegram itself and could open up a whole new slice of the crypto community. DOGIZ will go on sale at $0.00007, with a total of one hundred billion presale tokens available for purchase. Dogizen finds itself in the midst of Telegram gaming’s surge, which has recently gained attention with multiple successful launches, collectively amassing a market cap nearing $2 billion in just six months.

Telegram ran into a brick wall several years ago when the US Securities & Exchange Commission blocked the messaging company’s initial foray into crypto. Now the Telegram plan is coming into focus. There are STARs, TONcoins, and deals with outfits like Tether. This play with doggies is a transactional platform applied to providing for a fee the plumbing necessary to ramp crypto with essentially zero friction. The estimable Durov brothers are demonstrating that there is more to a messaging application than groups, channels, advertising, and faux compliance with government officials.

The Durovs are doggies who want to grow up to be wolves.

Stephen E Arnold, October 8, 2024

Written by Stephen E. Arnold · Filed Under cryptocurrency, cybercrime, Fogint, News | Comments Off on FOGINT: A Doggie Telegram Play in the Mists of Crypto 

Russian Crypto Operation: An Endgame

October 3, 2024

green-dino_thumb_thumb_thumb_thumb_t[2]This essay is the work of a dumb dinobaby. No smart software required.

The US Department of the Treasury took action to terminate “PM2BTC—a Russian virtual currency exchanger associated with Russian individual Sergey Sergeevich Ivanov (Ivanov)—as being of “primary money laundering concern” in connection with Russian illicit finance.” The DOT’s news release about the multi-national action is located at this link. Fogint has compiled a list of details about this action.

The write up says:

Today, the U.S. Department of the Treasury is undertaking actions as part of a coordinated international effort to disrupt Russian cybercrime services. Treasury’s Financial Crimes Enforcement Network (FinCEN) is issuing an order that identifies PM2BTC—a Russian virtual currency exchanger associated with Russian individual Sergey Sergeevich Ivanov (Ivanov)—as being of “primary money laundering concern” in connection with Russian illicit finance. Concurrently, the Office of Foreign Assets Control (OFAC) is sanctioning Ivanov and Cryptex—a virtual currency exchange registered in St. Vincent and the Grenadines and operating in Russia. The FinCEN and OFAC actions are being issued in conjunction with actions by other U.S. government agencies and international law enforcement partners to hold accountable Ivanov and the associated virtual currency services.

Here’s a selection of the items which may be of interest to cyber crime analysts and those who follow crypto activity.

  • Two individuals were added to the sanctions list: Sergey Ivanov and Timur Shakhmametov. A reward or bounty has been offered for information leading to the arrest of these individuals. The payment could exceed US$9 million
  • The PM2BTC and Cryptex entities has worked or been associated with other crypto entities; possibly  Guarantex, UAPS, Cryptex, Hydra, FerumShop, Bitzlato, and an underground payment processing service known as Bitzlato
  • Among the entities working on this operation (Endgame) were Europol, Germany, Great Britain, Latvia, Netherlands, and the US
  • In 2014, the two persons of interest want to set up an automated (smart) service and may have been working with PerfectMoney and Paymer
  • The activities of Messrs. Ivanov and Shakhmametov involved “carding” and other bank-related fraud

Russian regulations provide wiggle room for certain types of financial activity not permitted in the US and countries associated with this take down.

Several observations:

  1. The operation was large, possibly exceeding billions in illegal transactions
  2. The network of partners and affiliated firms illustrates the appeal of illegal crypto services
  3. One method of communication used by PM2BTC was Telegram Messenger.
  4. “The $9 Million US reward / bounty for those two Russian crypto exchange operators wanted by US DOJ is a game changer due to the enormous reward,” Sean Brizendine, blockchain researcher told  the FOGINT team.

Additional information may become available as the case moves forward in the US and Europe. FOGINT will monitor public information which appears in Russia and other countries.

Stephen E Arnold, October 3, 2024

Written by Stephen E. Arnold · Filed Under cryptocurrency, cybercrime, Fogint, News | Comments Off on Russian Crypto Operation: An Endgame 

Hamster Kombat: Does It Matter?

October 2, 2024

green-dino_thumb_thumb_thumb_thumb_t[2]_thumb_thumbThis essay is the work of a dumb dinobaby. No smart software required.

The Fogint team pays attention to crypto plays like Hamster Kombat. Those engaged in cyber fraud investigations, analysis, and research may want to take a quick look at what is called a “click to earn” game. I was asked the question at a recent lecture to cyber fraud professionals, “Why should I care about Hamster whatever?” This free, public blog is not the place for a detailed answer. However, I am willing to share several observations offered by Coin Telegraph.

First, check out this chart. From zero users in late March 2024 to a few weeks ago. The hockey stick is what is reported at 300 million users. Anecdotal information suggests that one third may be agentic; that is, bots. And “only” 100 million are people looking to make a quick buck on a crypto play.

image

Note that the chart only shows growth through June 2024. The number cited above is derived by normalizing user estimates from a range of sources which the Fogint team has compiled and reviews on a daily basis.

Second, the word game does not convey exactly what Hamster Combat and similar “games” offer their users. Cointelegraph.com reports that an expert named Sébastien Borget uses the phrase “play to earn games.” The question some may pose is, “What is a play to earn game?” The clicks on icons or the actions of the user generate money in the form of crypto for those who play them. The easiest way to understand the business model is to get a burner mobile phone, a pay-as-you-go SIM, a disposable email address, and the Telegram app. Search for Hamster Kombat and “play.” If you cannot figure out the interface, ask a mobile-dependent teen.

Third, this facet of Telegram is one that helps differentiate its “games” from those available on other platforms. Everything in Hamster Kombat is about revenue generation, the belief that the HMSTR coin will be increasingly valuable, and the addictive nature of clicks, buying software items from Hamster Kombat, and becoming “addicted” to or dependent upon the Open Network, a “spin off” or “spin up” from Telegram and its plumbing.

The Fogint team believes that Telegram itself will be monitoring more closely than the fate of Pavel Durov (Telegram’s founder who is possibly enjoying the ministrations of the French bureaucracy) how the TON blockchain handles validation. This process is not going to be explained in this blog post, but for those who are curious, just email benkent2020 at yahoo dot and a Fogint professional will respond with options for getting more information about what is likely to be a significant digital fraud event in 2025. “INDOAX Exchange the first Exchange to list Hamster Kombat coin does not allow US residents to open accounts,” Sean Brizendine, blockchain researcher told the FOGINT team.

When this post becomes public, the mining of HMSTR coins will be underway. Hamster Kombat is a combination of old-fashioned online games, crypto mining, and human enthusiasm to get rich quick. And what does one need to join in the craze? The Telegram application and the mini app Hamster Kombat.

Stephen E Arnold, October 2, 2024

Written by Stephen E. Arnold · Filed Under cryptocurrency, cybercrime, Fogint, News | Comments Off on Hamster Kombat: Does It Matter? 

FOGINT: Telegram Changes Its Tune

October 1, 2024

green-dino_thumb_thumb_thumb_thumb_t[2]_thumbThis essay is the work of a dumb dinobaby. No smart software required.

Editor note: The term Fogint is a way for us to identify information about online services which obfuscate or mask in some way some online activities. The idea is that end-to-end encryption, devices modified to disguise Internet identifiers, and specialized “tunnels” like those associated with the US MILNET methods lay down “fog”. A third-party is denied lawful intercept, access, or monitoring of obfuscated messages when properly authorized by a governmental entity. Here’s a Fogint story with the poster boy for specialized messaging, Pavel Durov.

Coindesk’s September 23, 2024, artice “Telegram to Provide More User Data to Governments After CEO’s Arrest” reports:

Messaging app Telegram made significant changes to its terms of service, chief executive officer Pavel Durov said in a post on the app on Monday. The app’s privacy conditions now state that Telegram will now share a user’s IP address and phone number with judicial authorities in cases where criminal conduct is being investigated.

Usually described as a messaging application, Telegram is linked to a crypto coin called TON or TONcoin. Furthermore, Telegram — if one looks at the entity from 30,000 feet — consists of a distributed organization engaged in messaging, a foundation, and a recent “society” or “social” service. Among the more interesting precepts of Telegram and its founder is a commitment to free speech and a desire to avoid being told what to do.

image

Art generated by the MSFT Copilot service. Good enough, MSFT.

After being detained in France, Mr. Durov has made several changes in the way in which he talks about Telegram and its precepts. In a striking shift, Mr. Durov, according to Coindesk:

said that “establishing the right balance between privacy and security is not easy,” in a post on the app. Earlier this month, Telegram blocked users from uploading new media in an effort to stop bots and scammers.

Telegram had a feature which allowed a user of the application to locate users nearby. This feature has been disabled. One use of this feature was its ability to locate a person offering personal services on Telegram via one of its functions. A person interested in the service could use the “nearby” function and pinpoint when the individual offering the service was located. Creative Telegram users could put this feature to a number of interesting uses; for example, purchasing an illegal substance.

Why is Mr. Durov abandoning his policy of ignoring some or most requests from law enforcement seeking to identify a suspect? Why is Mr. Durov eliminating the nearby function? Why is Mr. Durov expressing a new desire to cooperate with investigators and other government authority?

The answer is simple. Once in the custody of the French authorities, Mr. Durov learned of the penalties for breaking French law. Mr. Durov’s upscale Parisian lawyer converted the French legal talk into some easy to understand concepts. Now Mr. Durov has evaluated his position and is taking steps to avoid further difficulties with the French authorities. Mr. Durov’s advisors probably characterized the incarceration options available to the French government; for example, even though Devil’s Island is no longer operational, the Centre Pénitentiaire de Rémire-Montjoly, near Cayenne in French Guiana, moves Mr. Durov further from his operational comfort zone in the Russian Federation and the United Arab Emirates.

The Fogint team does not believe Mr. Durov has changed his core values. He is being rational and using cooperation as a tactic to avoid creating additional friction with the French authorities.

Stephen E Arnold, October 1, 2024

Written by Stephen E. Arnold · Filed Under cybercrime, cybersecurity, Fogint, Legal matters, News | Comments Off on FOGINT: Telegram Changes Its Tune 

Zapping the Ghost Comms Service

September 23, 2024

green-dino_thumb_thumb_thumb_thumb_thumbThis essay is the work of a dumb dinobaby. No smart software required.

Europol generated a news release titled “Global Coalition Takes Down New Criminal Communication Platform.” One would think that bad actors would have learned a lesson from the ANOM operation and from the take downs of other specialized communication services purpose built for bad actors. The Europol announcement explains:

Europol and Eurojust, together with law enforcement and judicial authorities from around the world, have successfully dismantled an encrypted communication platform that was established to facilitate serious and organized crime perpetrated by dangerous criminal networks operating on a global scale. The platform, known as Ghost, was used as a tool to carry out a wide range of criminal activities, including large-scale drug trafficking, money laundering, instances of extreme violence and other forms of serious and organized crime.

Eurojust, as you probably know, is the EU’s agency responsible for dealing with judicial cooperation in criminal matters among agencies. The entity was set up 2002 and concerns itself serious crime and cutting through the red tape to bring alleged bad actors to court. The dynamic of Europol and Eurojust is to investigate and prosecute with efficiency.

image

Two cyber investigators recognize that the bad actors can exploit the information environment to create more E2EE systems. Thanks, MSFT Copilot. You do a reasonable job of illustrating chaos. Good enough.

The marketing-oriented name of the system is or rather was Ghost. Here’s how Europol describes the system:

Users could purchase the tool without declaring any personal information. The solution used three encryption standards and offered the option to send a message followed by a specific code which would result in the self-destruction of all messages on the target phone. This allowed criminal networks to communicate securely, evade detection, counter forensic measures, and coordinate their illegal operations across borders. Worldwide, several thousand people used the tool, which has its own infrastructure and applications with a network of resellers based in several countries. On a global scale, around one thousand messages are being exchanged each day via Ghost.

With law enforcement compromising certain bad actor-centric systems like Ghost, what are the consequences of these successful shutdowns? Here’s what Europol says:

The encrypted communication landscape has become increasingly fragmented as a result of recent law enforcement actions targeting platforms used by criminal networks. Following these operations, numerous once-popular encrypted services have been shut down or disrupted, leading to a splintering of the market. Criminal actors, in response, are now turning to a variety of less-established or custom-built communication tools that offer varying degrees of security and anonymity.  By doing so, they seek new technical solutions and also utilize popular communication applications to diversify their methods. This strategy helps these actors avoid exposing their entire criminal operations and networks on a single platform, thereby mitigating the risk of interception. Consequently, the landscape of encrypted communications remains highly dynamic and segmented, posing ongoing challenges for law enforcement.

Nevertheless, some entities want to create secure apps designed to allow criminal behaviors to thrive. These range from “me too” systems like one allegedly in development by a known bad actor to knock offs of sophisticated hardware-software systems which operate within the public Internet. Are bad actors more innovative than the whiz kids at the largest high-technology companies? Nope. Based on my team’s research, notable sources of ideas to create problems for law enforcement include:

  1. Scanning patent applications for nifty ideas. Modern patent search systems make the identification of novel ideas reasonably straightforward
  2. Hiring one or more university staff to identify and get students to develop certain code components as part of a normal class project
  3. Using open source methods and coming up with ad hoc ways to obfuscate what’s being done. (Hats off to the open source folks, of course.)
  4. Buying technology from middle “men” who won’t talk about their customers. (Is that too much information, Mr. Oligarch’s tech expert?)

Like much in today’s digital world or what I call the datasphere, each successful takedown provides limited respite. The global cat-and-mouse game between government authorities and bad actors is what some at the Santa Fe Institute might call “emergent behavior” at the boundary between entropy and chaos. That’s a wonderful insight despite suggesting another consequence of living at the edge of chaos.

Stephen E Arnold, September 23, 2024

x

A

Written by Stephen E. Arnold · Filed Under cybercrime, law enforcement, News | 2 Comments 

New Research about Telegram and Its Technology

August 29, 2024

green-dino_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumbThis essay is the work of a dumb dinobaby. No smart software required.

Next week, my team and I will be presenting a couple of lectures to a group of US government cyber experts. Our topic is Telegram, which has been a focal point of my research team for most of 2024. Much of the information we have included in our talks will be new; that is, it presents a view of Telegram which is novel. However, we have available a public version of the material. Most of our work is delivered via video conferencing with PDFs of selected exhibits provided to those participating in a public version of our research.

For the Telegram project, the public lecture includes:

  1. A block diagram of the Telegram distributed system, including the crypto and social media components
  2. A timeline of Telegram innovations with important or high-impact innovations identified
  3. A flow diagram of the Open Network and its principal components
  4. Likely “next steps” for the distributed operation.

With the first stage of the French judiciary process involving the founder of Telegram completed, our research project has become one of the first operational analyses of what to many people outside of Russia, the Russian Federation, Ukraine, and other countries is unfamiliar. Although usage of Telegram in North America is increasing, the service is off the radar of many people.

In fact, knowledge of Telegram’s basic functions is sketchy. Our research revealed:

  1. Users lack knowledge of Telegram’s approach to encryption
  2. The role US companies play in keeping the service online and stable
  3. The automation features of the system
  4. The reach of certain Telegram dApps (distributed applications) and YouTube, to cite one example.

The public version of our presentation at the US government professionals will be available in mid-September 2024. If you are interested in this lecture, please, write benkent2020 at yahoo dot com. One of the Beyond Search team will respond to your inquiry with dates and fees, if applicable.

Stephen E Arnold, August 29, 2024

Written by Stephen E. Arnold · Filed Under cybercrime, cybersecurity, News, Online (general), Webinar | Comments Off on New Research about Telegram and Its Technology 

Which Is It, City of Columbus: Corrupted or Not Corrupted Data

August 23, 2024

green-dino_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumbThis essay is the work of a dumb dinobaby. No smart software required.

I learned that Columbus, Ohio, suffered one of those cyber security missteps. But the good news is that I learned from the ever reliable Associated Press, “Mayor of Columbus, Ohio, Says Ransomware Attackers Stole Corrupted, Unusable Data.” But then I read the StateScoop story “Columbus, Ohio, Ransomware Data Might Not Be Corrupted After All.”

image

The answer is, “I don’t know.” Thanks, MSFT Copilot. Good enough.

The story is a groundhog day tale. A bad actor compromises a system. The bad actor delivers ransomware. The senior officers know little about ransomware and even less about the cyber security systems marketed as a proactive, intelligent defense against bad stuff like ransomware. My view, as you know, is that it is easier to create sales decks and marketing collateral than it is is to deliver cyber security software that works. Keep in mind that I am a dinobaby. I like products that under promise and over deliver. I like software that works, not sort of works or mostly works. Works. That’s it.

What’s interesting about Columbus other than its zoo, its annual flower festival, and the OCLC organization is that no one can agree on this issue. I believe this is a variation on the Bud Abbott and Lou Costello routine “Who’s on First.”

StateScoop’s story reported:

An anonymous cybersecurity expert told local news station WBNS Tuesday that the personal information of hundreds of thousands of Columbus residents is available on the dark web. The claim comes one day after Columbus Mayor Andrew Ginther announced to the public that the stolen data had been “corrupted” and most likely “unusable.” That assessment was based on recent findings of the city’s forensic investigation into the incident.

The article noted:

Last week, the city shared a fact sheet about the incident, which explains: “While the city continues to evaluate the data impacted, as of Friday August 9, 2024, our data mining efforts have not revealed that any of the dark web-posted data includes personally identifiable information.”

What are the lessons I have learned from these two stories about a security violation and ransomware extortion?

  1. Lousy cyber security is a result of indifferent (maybe lousy) management? How do I know? The City of Columbus cannot generate a consistent story.
  2. The compromised data were described in two different and opposite ways. The confusion underscores that the individuals involved are struggling with basic data processes. Who’s on first? I don’t know. No, he’s on third.
  3. The generalization that no one wants the data misses an important point. Data, once available, is of considerable interest to state actors who might be interested in the employees associated with either the university, Chemical Abstracts, or some other information-centric entity in Columbus, Ohio.

Net net: The incident is one more grim reminder of the vulnerabilities which “managers” choose to ignore or leave to people who may lack certain expertise. The fix may begin in the hiring process.

Stephen E Arnold, August 23, 2024

Written by Stephen E. Arnold · Filed Under cybercrime, cybersecurity, Government, News | Comments Off on Which Is It, City of Columbus: Corrupted or Not Corrupted Data 

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta