DarkCyber for August 20, 2019, Now Available

August 20, 2019

DarkCyber for August 20, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/354476523 .
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

The story line up this week includes a feature about Anduril Technologies’ surveillance system for border monitoring. The show also includes a critique of a public report about robocalling and a comment about the increasingly loud calls for backdoors to mobile phones and encrypted messages by law enforcement in the US and other countries.

The feature story this week is about Anduril Industries, the company which is developing systems for the Department of Defense’s Project Maven. The company was founded in 2017 by Palmer Luckey. After creating the virtual reality product Oculus Rift, Luckey sold the company to Facebook. He then founded Anduril to develop next generation surveillance products and systems. His clients include US government agencies like the Department of Homeland Security. Anduril’s innovations allow software to monitor, analyze, and make decisions. These decisions can be taken without human involved, take place automatically, or employ human-machine interactions. The system can process data from digital cameras and specialized devices. These data are then federated and analyzed by the firm’s proprietary algorithms. The system can, for example, identify a herd of cattle as well as a group of people approaching a border. Anduril, however, is able to differentiate between the animals and the humans. If detection occurs at an Anduril monitoring tower, Anduril drones can also scan the area. If multiple Anduril drones are deployed in the area in which the anomaly was detected, the resolution of the system increases. In effect, Anduril has developed a way for surveillance to deliver detection, analysis, and increased resolution. An operator can immerse himself or herself in a virtual reality presentation of what the drones and the monitoring devices “see”. Anduril’s approach to US government work stands in direct contrast to that of Google. Google refused to work on Project Maven yet funded an educational artificial intelligence center in mainland China. Anduril welcomes US government work. One of the investors in Anduril suggested that Google’s attitude toward the US government could be interpreted as treasonous.

Two other stories round out this week’s episode.

Law enforcement agencies in the US and other Five Eyes member countries continue their call for a way for government agencies to access devices and messages by persons of interest. The “growing dark” problem in the US made headlines. Law enforcement investigating the Dayton, Ohio, killings have been unable to access the alleged shooter’s mobile phone data. DarkCyber anticipates increasingly loud calls for legislation to make it mandatory for technology companies to cooperate with law enforcement when courts permit access to mobile devices.

DarkCyber calls attention to an article which provides a road map for an individual who wants to run a robocall operation. The details of the method are reviewed. Plus, DarkCyber names two services which allow a robocall spammer to set up an operation with a few clicks online. One of these services includes a “press one feature” which allows the robocaller to charge the individual who happens to answer the telephone. DarkCyber finds these types of “how to” articles somewhat troubling. The information may encourage some individuals to launch a robocall business and runs scams anonymously.

A new multi part series about Amazon policeware initiative begins on November 5, 2019. DarkCyber programs are available on Vimeo.com and YouTube.com.

Note that DarkCyber will begin a new series of programs on November 5, 2019. The current series or “season” ends on August 27, 2019. We are developing the new series now. It’s about everyone favorite online bookstore with an emphasis on policeware and intelware.

Kenny Toth, August 20, 2019

Cyber Security and Its Soft Underbelly

August 18, 2019

DarkCyber found “We Asked Def Con Attendees Why People Are Still Getting Hacked” quite interesting. The write up presents information from different individuals and sources about the surprising ineffectiveness of cyber security. Significant money, dozens of start ups, and some mouth watering marketing have been generated. But the big question, “Why are people still getting hacked?” remains perched on a power line like a digital bird of prey.

Here are a couple of statements from the write up which DarkCyber finds interesting:

As the [cyber security] industry matures, it’s becoming clear that it must be held accountable for a lack of diversity and a sometimes toxic and misogynistic culture.

This theme does sound familiar. Perhaps the opportunity to make money and do some “real coding” is in a business sector where the investment dollars are flowing and the personal payoffs are possibly higher.

Why are people getting hacked? DarkCyber noted a couple of points which are difficult to deflect:

  1. People will always get hacked. This answer to the question is the digital equivalent of “just because.”
  2. People are the weak link: Loose lips, friends, being human. This answer to the question is related to “just because.”
  3. People don’t update their systems. Yep, humans again.

What’s the fix? Teach those humans what to do.

Perhaps a better question is, “What’s the business sector with more potential for a coder who is not interested is displaying pizza joint icons on a mobile map?”

The answer is cyber security. The write up explains the answer this way:

There’s more money pouring into cybersecurity than ever, but we continue to see high-profile (and devastating) hacks. At the same time, cybersecurity as an industry is no longer made up of lone coders and small, grey-hat hacking groups; it’s a gigantic industry with startups worth billions of dollars.

Is it possible that the incentive to “fix” cyber security is that there is easy money, fearful customers, and uncertain outcomes for those breached.

FUD worked for IBM, and it may be working for the cyber security sector today and it may be the horse to back in the race to big paydays tomorrow.

But those pesky humans—still a problem.

Stephen E Arnold, August 18, 2019

DarkCyber for August 6, 2019, Now Available

August 6, 2019

DarkCyber for August 6, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/351872293. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

DarkCyber (August 6, 2019) explores reports about four high-profile leaks of confidential or secret information. Each “leak” has unique attributes, and some leaks may be nothing more than attempts to generate publicity, cause embarrassment to a firm, or a clever repurposing of publicly available but little known information. Lockheed Martin made available in a blog about automobiles data related to its innovative propulsion system. The fusion approach is better suited to military applications. The audience for the “leak” may be US government officials. The second leak explains that the breach of a Russian contractor providing technical services to the Russian government may be politically-motivated. The information could be part of an effort to criticize Vladimir Putin. The third example is the disclosure of “secret” Palantir Technologies’ documents. This information may create friction for the rumored Palantir INITIAL PUBLIC OFFERING. The final secret is the startling but unverified assertion that the NSO Group, an Israeli cyber security firm, can compromise the security of major cloud providers like Amazon and Apple, among others. The DarkCyber conclusion from this spate of “leak” stories is that the motivations for each leak are different. In short, leaking secrets may be political, personal, or just marketing.

Other stories in this week’s DarkCyber include:

A report about Kazakhstan stepped up surveillance activities. Monitoring of mobile devices in underway in the capital city. DarkCyber reports that the system may be deployed to other Kazakh cities. The approach appears to be influenced by China’s methods; namely, installing malware on mobile devices and manipulating Internet routing.

DarkCyber explains that F Secure offers a free service to individuals who want to know about their personal information. The Data Discovery Portal makes it possible for a person to plug in an email. The system will then display some of the personal information major online services have in their database about that person.

DarkCyber’s final story points out that online drug merchants are using old-school identity verification methods. With postal services intercepting a larger number of drug packages sent via the mail, physical hand offs of the contraband are necessary. The method used relies on the serial number on currency. When the recipient provides the number, the “drug mule” verifies that number on a printed bank note.

DarkCyber videos appears each week through the September 30, 2019. A new series of videos will begin on November 1, 2019. Programs are available on Vimeo.com and YouTube.com.

Kenny Toth, August 6, 2019

Capital One and Surprising Consequences

August 4, 2019

DarkCyber noted the ZDNet article “GitHub Sued for Aiding Hacking in Capital One Breach.” According to the “real news” outfit:

While Capital One is named in the lawsuit because it was its data that the hacker stole, GitHub was also included because the hacker posted some of the stolen information on the code-sharing site.

Github (now owned by Microsoft) allegedly failed to detect the stolen data. Github did not block the posting of Social Security numbers. These follow a specific pattern. Many text parsing methods identify and index the pattern and link the number to other data objects.

What law did Github violate? Management lapses are not usually the stuff that makes for a good legal drama, at least on “Law and Order” reruns. The write up reports:

The lawsuit alleges that by allowing the hacker to store information on its servers, GitHub violated the federal Wiretap Act.

DarkCyber thanks ZDNet for including a link to the complaint.

Lawyers, gotta love ‘em because we have a former Amazon employee, a financial institution with a remarkable track record of security issues, and a company owned by Microsoft. What about the people affected? Oh, them. What if Github is “guilty”? Perhaps a new chapter in open source and public posting sites begins?

Stephen E Arnold, August 4, 2019

Capital One, Amazon, Cats, and the Common Infrastructure Play

July 31, 2019

I read “Hacking Suspect Acted Oddly Online.” (Note: the online story is paywalled by Rupert Murdoch. You may  be able to get a peek at the dead tree version of this story in the Wall Street Journal for July 31, 2019.) Yep, Internet cat angle, self incrimination, and public content dissemination. That’s a plot hook which may make a great Lifetime or Netflix program. Amazon is likely to pass on funding the film version of this now familiar story.

Here’s the plot:

There’s the distraught financial institution, in this case, the lovable Capital One. This is the outfit known for “what’s in your pocket”? Good question. The financial outfit teamed up with Amazon in 2015, and according to the “real news” outfit:

In 2015, Capital One Chief Information Officer Rob Alexander said, “The financial services industry attracts some of the worst cyber criminals. So we worked closely with the Amazon team to develop a security model, which we believe enables us to operate more securely in the public cloud than we can even in our own data centers.”

That sounds darned good, but data affecting about 100 million people was breached. That number has not been verified to my satisfaction, and DarkCyber awaits additional data. But 100 million is a good enough number for the story.

Next we have a protagonist with some employment history at Amazon. Remember that this is the cloud service which was in the chain of data compromise. But — and this is important — Amazon was not at fault. The security problem was a is configured bit of “infrastructure.” Plus, the infrastructure which was the point of weakness is “common to both cloud and on premises data center environments.”

The story ends with a suspect. If the program becomes a mini series, we will follow the protagonist with empathy for cats through a trial, and perhaps a variation on the story weaving of “Orange Is the New Black.”

What’s missing from the analysis in the “real news” outlets? Here in Harrod’s Creek, Kentucky, we think of Amazon as an outfit with nifty white Mercedes Benz vans and fast moving van drivers.

But a couple of the pundits lounging in the convenience story / tavern floated some ideas:

  1. Why is Amazon not providing a system to address misconfiguration? It seems that 100 million people are now aware of this dropped ball.
  2. Why is an Amazon person, presumably with Amazon expertise, behaving in a manner that appears problematic? If the person was hired, what’s the flaw in the Amazon hiring process? If the person was terminated for a germane reason, why was the person not given appropriate “support” to make the transition from Amazonian to a person with unusual online activities? How does Amazon prevent information from being used by a former employee? What can be improved? Are there other former Amazon employees who are able to behave in an allegedly problematic way?
  3. Why is the problem “common” to use Capital One’s alleged word quoted in the WSJ story? There are dozens upon dozens of firms which are marketing themselves as cyber safeguard providers. Are these services used by Amazon, or is Amazon relying on home grown solutions. There are indeed Amazon’s own security tools. But are these findable, usable, reliable, and efficacious? Security may be lost in the thicket of proliferating Amazon products, services, and features. In effect, is it possible that Amazon is not doing enough to prevent such security lapses associated closely with its cloud solutions.

Stepping back, let’s think about this incident in a cinematic way:

  1. A giant company offering services which are so complex that problems are likely to result from component interactions, blundering customers, and former employees with a behavior quirk.
  2. A financial services firm confident of its technical competence. (Note that this financial firm with a previous compliance allegation which seemed to pivot on money laundering and ended with a $100 million fine. See “Compliance Weaknesses Cost Capital One $100M”, October 23, 2018. You will have to pay to view this allegedly accurate write up.
  3. A protagonist who seemed to send up distress flags via online communication channels.

What’s the big story?

Maybe there’s a “heart of darkness” with regard to security within the Amazon jungle.

To which jungle was Joseph Conrad, author of the “Heart of Darkness” referring?

“Nowhere did we stop long enough to get a particularized impression, but the general sense of vague and oppressive wonder grew upon me. It was like a weary pilgrimage amongst hints for nightmares.”

Psychological, digital, or financial? With the JEDI contract award fast approaching, will the procurement officials interpret the Capital One breach as a glimpse of the future. Maybe Oracle is correct in its view of Amazon?

Stephen E Arnold, July 31, 2019

Cyber Threats from Semi Insiders

July 24, 2019

I was thrilled to learn that the New York Times (which quoted me on Sunday, July 21, 2019) concluded that I had no work for the last 40 years. Well, I least I don’t rely on a SNAP card, sleep under the overpass, and hold a sign which says, “Will analyze data for food.”

What did I do in those four decades which the NYT fact checkers couldn’t find? I worked as a rental. Yep, a contractor. A semi insider.

I did what I was paid to do, delivered by now routine “This is what I think, not what you want me to think” reports, and muddled forward.

For some outfits for which I worked, I was a regular. I did projects for years, decades even. For some government agencies, it may seem as if I never left because my son is working on the projects now.

I suppose the phrase “semi insider” explains this relationship. One is “around” long enough that people assume you are part of the furniture or the break room.

I thought of this “semi insider” phrase when I read “Siemens Contractor Pleads Guilty to Planting Logic Bomb in Company Spreadsheets.” The guts of the write up strikes me as:

But while Tinley’s files worked for years, they started malfunctioning around 2014. According to court documents, Tinley planted so-called “logic bombs” that would trigger after a certain date, and crash the files. Every time the scripts would crash, Siemens would call Tinley, who’d fix the files for a fee.

So the idea was sell more work.

My view is that this practice is more widespread than may be recognized.

How does one deal with a situation in which a company’s management and regular “professionals” are so disconnected from the semi insiders’ work that no one knows there’s a scheme afoot?

How does a zip zip zip modern outfit hire individuals who can be trusted, often over a span of years?

How does an organization verify that its semi insiders have not planted a bug, malware, or some other malicious “thing” in a system?

The answer is that today’s cyber security tools will not be much help. Most organizations lack the expertise and resources to verify that what semi insiders do is a-okay.

There’s a lot of chatter about identifying and tracking insider threats. The story makes clear that semi insiders are a risk as well. Considering that Snowden and others who have acted improperly and outside the bounds of their secrecy and other agreements makes crystal clear:

Semi insider threats are a significant risk.

And as the “expertise” of many technical professionals decreases, the risks just go up.

In short, today’s cyber security solutions, cyber governance methods, and day to day management techniques are ineffective, not addressed by cyber security solutions which are essentially reactive, and not well understood.

Siemens may have gotten the memo. It only took two years to arrive.

Stephen E Arnold, July 23, 2019

DarkCyber for July 23, 2019, Now Available

July 23, 2019

DarkCyber for July 23, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/349282829. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s DarkCyber reports about Australia’s use of its anti-encryption law; tools for video piracy, a profile of SearchLight Security’s Cerberus system, and where to get information needed to join a Dark Web forum.

This week’s lead story concern easily findable software to facilitate video piracy and streaming. A report in TorrentFreak presents information from an unnamed source. This individual allegedly has been involved in video piracy and streaming for an extended period of time. The individual provides specific information about some of the software needed to remove digital rights management protections from commercial, copyrighted video content. The DarkCyber research team was able to locate software designed for the same purpose. No Dark Web and Tor were required. More significantly, these programs can be located by anyone with access to a browser and a Web search engine like Bing, Google, or Yandex. DarkCyber’s research has revealed that industrialized crime is now playing a larger role in streaming stolen video content.

Other stories in the July 23, 2019, program are:

First, Australia’s anti encryption law is now being put to use. The new regulations were used in the warrant to obtain content from a journalist. Australia is a member of the Five Eyes confederation. Australia’s law requires companies to cooperate with law enforcement and provide access to encrypted and other secured information. Canada, New Zealand, the United Kingdom, and the United States are likely to have elected officials who will seek to implement similar laws. News organizations in Australia perceive such laws as a threat.

Second, DarkCyber profiles a company founded in 2017 focused on providing law enforcement and intelligence professionals with an investigative tool. The company indexes a range of content, including forums, Dark Web sites and services, and social media content. Plus the company has created an easy-to-use interface which allows an investigator or analyst to search for a person of interest, an entity, or an event. The system then generates outputs which are suitable for use in a legal matter. The company says that use of its system has grown rapidly, and that the Cerberus investigative system is one of the leaders in this software sector.

Finally, DarkCyber provides information about a new report from IntSights, a cyber-intelligence firm. The report includes information which helps an individual to gain access to “cracker” forums and discussion groups which examine topics such as credit card fraud, money laundering, contraband, and similar subjects. The video provides the information required to download this report.

DarkCyber videos appears each week through the September 30, 2019. A new series of videos will begin on November 1, 2019. Programs are available on Vimeo.com and YouTube.com.

A new series of DarkCyber begin in November 2019.

Kenny Toth, July 23, 2019

Google: Hunting for Not Us

June 26, 2019

There was a dust up about song lyrics. As I recall, the responsibility did not fall upon the impossibly magnificent Google shoulders. A supplier may have acted in a manner which some “genius” thinks is a third party’s problem. Yep, a supplier.

I just read “Tracing the Supply Chain Attack on Android.” The write up explained that malware with impossible to remember and spell names like Yehuo found its way on to Android phones via the “supply chain.” I don’t know much about supply chains, but I think these are third parties who do work for a company. The idea is that someone at one firm contracts with the third party to perform work. When I worked as a “third party,” I recall people who were paying me taking actions; for example, texting, visiting, emailing, requiring me or my colleagues to attend meetings in which some of the people in charge fiddled with their mobile devices, and fidgeted.

The write up digs through quite a bit of data and reports many interesting details.

However, there is one point which is not included in the write up: Google appears to find itself looking at a third party as a bad actor. What unites the “genius” affair and the pre installed malware.

Google management processes?

Yes, that’s one possible answer. Who said something along the lines that if one creates chaos, that entity must address the problems created by chaos?

But if a third party did it, whose problem is it anyway?

Stephen E Arnold, June 26, 2019

DarkCyber for June 18, 2019, Now Available

June 18, 2019

DarkCyber for June 18, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/342544814.

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up covers: A next-generation content processing system funded by In-Q-Tel; Dark Web scans for personal information; a new spin on Crime as a Service tuned to steal financial data; Canada’s prisons get a drone detection systems; and the FBI Vault adds additional Clinton email data.

This week’s feature is a review of Forge.ai’s content processing system for law enforcement and intelligence applications. The system converts open source and other data into “structured intelligent event event feeds.” Unlike many commercial content processing and intelligence systems, Forge.ai is designed to handle data flows of virtually any size and perform processing in real time. The company recently received the support of In-Q-Tel, the CIA’s investment unit. Lt. General John Mulholland is accepted a position on Forge.ai’s board of advisers. General Mulholland was the deputy commander of Special Operations command and also served at the CIA.

Other stories in this week’s DarkCyber video news program are:

First, Dark Web scans to find personal information are advertised on television. DarkCyber looks at some of the methods used by vendors who offer free or low-cost scans of the Dark Web for PII or personal identification information. DarkCyber reports that many services do not deliver comprehensive results. There are specialized services available to law enforcement and intelligence professionals, but most of these are not available for public use.

Second, crime-as-a-service or CaaS continues to improve. Malware from two different sources have evolved into a symbiotic relationship. The Gazorp tool makes it easy to customize malware known as Azorult. Despite the odd names, the one-two punch facilitates the use of these tools by an individual or group of individuals without deep technical expertise. Gazorp is offered without charge, but the value of the software opens the door to monetization. Other bad actors are likely to build on the CaaS approach of Gazorp’s and Azorult’s developers and users.

Third, in this week’s drone news, DarkCyber reports that Version 2, a Canadian company, will deploy a drone detection system as six of Corrections Canada’s prisons. Drones have been sued to drop contraband into correctional facilities. Some drone have delivered drugs, mobile phones, and McChicken sandwiches to inmates. Donnacona, one of Canada’s most secure facilities, will be among the first group of institutions to receive the new technology in early 2020.

Finally, DarkCyber provides information so that a viewer can download more than 400 pages of information related to Hillary Clinton’s email. The collection of documents is available in the Federal Bureau of Investigation’s Vault service. Manual review of the documents is recommended. Some media reports have not presented a comprehensive picture of the information in this most recent release of information.

DarkCyber video news is a weekly program. It contains no advertising, and it is designed for law enforcement, security, and intelligence professionals interested in software, new developments, and investigative innovations. New programs become available on Tuesday of each week. Programs are available via YouTube and Vimeo.

Kenny Toth, June 17, 2019

Cyber Tools Diffuse Globally

June 16, 2019

Ever heard of Project Raven? Probably not, unless you are an enemy of United Arab Emirates (UAE). This team of highly-skilled hackers was made up of former NSA spies working for the Middle Eastern monarchy. But when they were asked to spy on fellow Americans, the story broke wide open, as we discovered in a recent NewsMax story, “Former NSA Cyberspies Reveal How They Helped Hack Foes of UAE.”

According to the story:

“Surveillance techniques taught by the NSA were central to the UAE’s efforts to monitor opponents. The sources interviewed by Reuters were not Emirati citizens…The operatives utilized an arsenal of cyber tools, including a cutting-edge espionage platform known as Karma, in which Raven operatives say they hacked into the iPhones of hundreds of activists, political leaders and suspected terrorists.”

This may seem like an oddity, a bunch of cyberspies working for a rich country, potentially against the best intents of America, but it’s not. There has been a strange rash of intelligence issues like this recently, such as the Air Force officer who defected to Iran with damaging information. Is this a growing trend or just an odd sequence of events?

Patrick Roland, June 16, 2019

Next Page »

  • Archives

  • Recent Posts

  • Meta