DarkCyber for April 24, 2018, Now Available

April 24, 2018

DarkCyber for April 124, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/266003727 .

Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.

This week’s lead story focuses on universities as unwitting accomplices for student cyber criminals. Five students at Manchester University began selling drugs via SilkRoad. The students “graduated” to their own brand and branched out. Before UK law enforcement shut down the students’ operation, more than 6,000 drug sales were completed. Plus, university computer systems have become targets for malicious crypto currency mining operations. A student can take classes in computer science and be up and scamming quickly.

Stephen E Arnold, producer of DarkCyber and author of “CyberOSINT: Next Generation Information Access” said: “The combination of easy access to high-value information about programming and computer systems plus the lure of easy money can turn a good student into a good criminal. Universities, despite their effort to implement more robust security, are targets for bad actors. Students can operate Dark Web businesses from their campus residence. Outsiders can exploit the institution’s computer system in order to install crypto currency mining software. At this time, colleges and universities are in a cat and mouse game with high stakes and stiff penalties for students, administrators, and school security professionals.”

DarkCyber revisits the security of virtual private networks. This week’s program answers a viewer’s question about improving the security of a VPN. In addition to changing the ports the VPN uses, DarkCyber points out that a tech savvy individual can operate his or her own VPN or use additional specialized software to shore up the often leaky security many VPN services provide.

Vendors of “policeware” are generally unknown to most tech professionals. DarkCyber highlights a new, UK based company doing business as Grey Heron. The company offers a range of cyber security services. The firm’s staff appears to include individuals once affiliated with the Hacking Team, another policeware vendor which found itself the victim of a cyber attack two years ago. If Gray Heron taps the Hacking Team’s technical talent, the firm may make an impact in this little known sector of the software market.

The final story in DarkCyber for April 24, 2018, highlights several findings from a study sponsored by Bromium, a cyber security company. The researchers at a UK university gathered data which provide some surprising and interesting information about the Dark Web. For example, the new report asserts that more than $200 billion is laundered on the Dark Web in a single year. If true, these newly revealed research data provide hard metrics about the role of digital currency in today’s online economy.

Beginning in May 2018, coverage of the Dark Web and related subjects will be increased within Beyond Search.

Kenny Toth, April 24, 2018

DarkCyber Profiles the Grayshift iPhone Unlocking Appliance

April 5, 2018

DarkCyber has released a special video report about Grayshift’s iPhone unlocking device for law enforcement forensics professionals. The GrayKey device unlocks most iPhones quickly and without the need to ship the suspect’s mobile phone off site.

The video is available on Vimeo at https://vimeo.com/262858305.

The video covers the pricing for the iPhone unlocker and its key features. Plus, the video product overview identifies the challenges that Grayshift will have to overcome if it wants to become the preferred provider of plug-and-unlock iPhone devices.

Stephen E Arnold said, “Grayshift’s GrayKey is important because it offers an easy-to-use iPhone unlocking system. Four digit passcode protected devices can be unlocked in two to three hours. Apple mobiles with six digit passcodes can be unlocked in two to three days. The device can be used in a mobile forensics lab and costs a fraction of some competitive solutions. GrayKey looks like the right product at the right time and at the right price.”

DarkCyber is a weekly video new program for law enforcement, intelligence, and security professionals. The special report series will focus on a single product, service, or technical innovation.

This is a special report in his CyberOSINT Tools series. These special reports will be issued when notable products, services, or technologies become available to law enforcement and intelligence professionals.

Stephen E Arnold is the author of “Dark Web Notebook” and “CyberOSINT: Next Generation Information Access.” He has been named as a technology adviser to the UK based Judicial Commission of Inquiry into Human Trafficking and Child Sex Abuse.” Mr. Arnold also lectures to law enforcement and intelligence professionals attending the Telestrategies ISS conferences in Prague, Washington, DC, and Panama City, Panama. In recent months, he has shared his research with law enforcement and intelligence professionals in the US and Europe. His most recent lectures focus on deanonymizing chat and digital currency transactions. One hour and full day programs are available via webinars and on-site presentations.

Kenny Toth, April 5, 2018

AI Will Be 2018s Biggest Tech Topic

February 20, 2018

Seems like some algorithm should have predicted this a long time ago, but our best bet is that AI leads the way in most important tech topics of the new year. We are not alone. Datanami recently penned an article, “What Will AI Bring in 2018? Experts Sound Off.”

According to the story:

Artificial intelligence and machine learning are often misunderstood and misused terms. Many startups and larger technology companies attempt to boost their appeal by forcing an association with these phrases. Well, the buzz will have to stop in 2018…This will be the year we begin to demand substance to justify claims of anything that’s capable of using data to predict any outcome of any relevance for business, IT or security. While 2018 will not be the year when AI capabilities mature to match human skills and capacity, AI using machine learning will increasingly help organizations make decisions on massive amounts of data that otherwise would be difficult for us to make sense of.

This comes as no surprise to us. AI has been cracking mysteries left and right lately and is finally getting down to seriously important work. Take, for example, how AI is helping solve the opioid crisis. AI will be 2018’s big story and it couldn’t come at a better time for us.

Patrick Roland, February 20, 2018

A BitCoin Crackdown Will Not Stop The Flood

February 19, 2018

Bitcoin’s rocketing value has put a spotlight on this intentionally shadowy money system. Now, with all that attention governments are starting to crack down. However, we don’t think that’ll help. We were tipped off to this trend from a recent BitCoinIst story, “AUSTRALIAN BANKS REPORTEDLY FREEZING THE ACCOUNTS OF BITCOIN USERS.”

According to the story:

The Australian banks which have been accused of freezing accounts of Bitcoin users have been listed as the National Australia Bank, ANZ, Commonwealth Bank of Australia, and Westpac Banking Corporation. The claim was made in a tweet saying that user activity associated with certain websites (BTC Markets, CoinSpot Australia, CoinJar, and Coinbase) have been affected as triggering suspicious activity on Australian users’ bank accounts.

 

Should your bank refuse to make a payment of your money, then you are rendered powerless to access your own money. The banks’ heavy handedness in this regard only gives further fuel to those proponents of decentralized money that lie outside of institutional control, such as Bitcoin and the rest of cryptocurrency. That Australian banks are still not providing fail-safes to their customers when they fall foul of unspecified account flagging is not portraying the country’s banks in a positive manner at all.

While it is worth applauding Australia’s attempt at stopping criminal activity this way, it’s only part of the oldest story in the book. As soon as someone solves a problem, two new ones crop up. Those being new cryptocurrencies, like Monero, which criminals are beginning to flock to. Fat chance stopping this flood of trouble.

Patrick Roland, February 19, 2018

Apple and Its Snowden Moment

February 14, 2018

I don’t pay much attention to the antics of Apple, its employees, or its helpers. I did note this story in Boy Genius Report: “We Now Know Why an Apple Employee Decided to Leak Secret iPhone Code.” My take is that the trigger was a bit of the high school science club mentality and the confusion of what is straight and true with the odd ball ethos of clever, young tech wizards.

The cat is out of the bag. Removing content from Github does not solve the problem of digital information’s easy copy feature.

How will Apple handle its Snowden moment? Will the leaker flee to a friendly computing nation state like Google or Microsoft? Will the Apple iPhone code idealist hole up in a Motel 6 at SFO until the powers that be can debrief him and move him to a safe cubicle?

I think the episode suggests that insider threats are a challenge in today’s online environment. With the report that security service providers are suffering from false positives, the reality of protecting secrets is a bit different from the fog of assumption that some have about their next generation systems. I call it the “illusion of security.”

Reality is what one makes it, right?

Stephen E Arnold, February 14, 2018

 The Future of Social Media is Old School

February 8, 2018

Before social media, the only way to express yourself online was via a mostly anonymous series of blogs and sites that were impossible to go viral because virality didn’t exist. Oddly, some bright minds are going back to this method with txt.fyi, a platform where you can post anything you want without it going to search engines. This old-fashioned message board was examined in a recent Wired article, “This Stripped-Down Blogging Tool Exemplifies Antisocial Media.”

I wanted something where people could publish their thoughts without any false game of social manipulation, one-upmanship, and favor-trading,” he says. This is what I found so interesting about his creation. Its antivirality doesn’t necessarily prevent a post from becoming wildly popular. (A txt.fyi URL shared on, say, Facebook could perhaps go viral.) But its design favors messages to someone, not everyone.

 

[The inventor] discovered someone using txt.fyi to write letters to a deceased relative. It was touching and weirdly human, precisely the sort of unconventional expression we used to see a lot more of online. But today we sand down those rough edges, those barbaric yawps, in the quest for social spread. Even if you don’t want to share something, Medium or Tumblr or Snapchat tries to make you. They have the will to virality baked in.

This is a neat idea and might have a longer shelf life than you’d think. That’s because we are firm believers that every good idea on the internet gets retooled for awfulness. (Reddit, anyone?) This quasi-dark web blogging approach is almost certain to be used for nefarious purposes and will become a tool for hate speech and crime.

Patrick Roland, February 8, 2018

OpenText Wants to Be the Big Dog in Cyber Security

February 4, 2018

My wife and I rescued a French bull dog. We also have a boxer, which is three times the size of the rescued canine. The rescued canine thinks he is a bull mastiff. We believe that the French bull dog has a perception problem.

Image result for french bulldog compared to boxer

Here’s a quote from “OpenText Enfuse 2018 To Showcase The Future of Cybersecurity and Digital Investigations”:

OpenText’s industry leading digital investigation, forensic security and data risk management solutions are defining the future of cybersecurity, digital investigations and e-Discovery, and serve to extend the security capabilities of OpenText’s leading information management platform.”

I noticed this statement at the bottom of the “real” news story:

Certain statements in this press release may contain words considered forward-looking statements or information under applicable securities laws.

I think our French bull dog might say something like this when he tries to impose his will on Max, our large, strong, aggressive boxer.

In the cyber marketplace, will IBM i2 roll over and play dead? Will Palantir Technologies whimper and scamper back to Philz Coffee? Will the UAE vendor DarkMatter get into the pizza business? Will the Google and In-Q-Tel funded Recorded Future decide that real estate development is where the action is?

Forward looking? Yeah, no kidding.

Stephen E Arnold, February 4, 2018

DuckDuckGo: Delivering Privacy. That Is the Claim.

January 25, 2018

I read “Protecting Your Personal Data Has Never Been This Easy.” The metasearch engine asserts that it delivers what other browsers cannot. Privacy.

I don’t feel strongly about browsers. I don’t feel much about free Web search systems either.

I circled this statement in the write up:

Today we’re taking a major step to simplify online privacy with the launch of fully revamped versions of our browser extension and mobile app, now with built-in tracker network blocking, smarter encryption, and, of course, private search – all designed to operate seamlessly together while you search and browse the web.

DuckDuckGo was one of the Surface Web services to offer a Dark Web alternative. The New York Times dabbles in the Dark Web as well.

I assume that DuckDuckGo’s browser extension will perform as advertised.

However, I would point out that operations mounted by Lebanon’s GDGS and other government authorities use a wide range of mechanisms to obtain information about certain online users.

A number of companies operating outside the US have systems and methods which perform a number of surveillance functions. Each week, I mention some of the firms and describe in simple terms a few of the methods employed by those who have the responsibility to enforce laws and protect citizens. You can view the DarkCyber videos at this link.

Several observations:

  1. Some of the engineers working for specialists who design, deploy, and manage systems for governments are using sophisticated systems which perform remarkable data collection tasks
  2. Mathematical recipes identify items of data which are “interesting” and knit these together into useful patterns. Australia’s success in shutting down a Dark Web site has become a useful case example for innovative data analysis and investigation
  3. Users, regardless of the security methods employed, are often the vector for revealing information. One anecdote circulated at a security event I attended. Lebanon’s surveillance activities were revealed by a mistake by the operatives.

Has DuckDuckGo delivered on its privacy promise? On the surface, one might conclude that the metasearch system has executed a slam duck. However, mashing a nerf ball through a hoop hanging on an office door is different from pulling off the stunt in the NBA finals.

Stephen E Arnold, January 25, 2018

Amazon Embraces a Sqrrl

January 24, 2018

I love names with no vowels. I read “Amazon’s Cloud Business Acquires Sqrrl, a Security Start-Up with NSA Roots.” Sqrrl is one of a number of cybersecurity vendors with interesting technology. The article sees the main point of the Amazon deal as part of the online giant’s effort to “pick up business from US intelligence agencies.”

Amazon has a “secret” region of data centers. Keep in mind that Ashburn, Virginia, may be the home to secret data centers. Some government agencies want their data housed in a secure manner.

Is there another angle to the deal?

Here in Harrod’s Creek, we asked: “Has Amazon’s AWS system been the target of individuals or groups looking to harvest data stored with what might be called casual procedures.”

Leaving data on some cloud services publicly accessible servers is a bit like leaving a hot and juicy hamburger on a picnic table on a warm summer day.

Sqrrl, without vowels of course, has some interesting technology which may have more utility than offering a dot point in response to an RFP.

Stephen E Arnold, January 24, 2018

Cyber Weapons Becoming Big Bucks

January 15, 2018

Cyberwarfare, meet capitalism. Here’s a twist we didn’t see coming. According to sources, digital weaponry and the defenses needed to fight them are now one of the hottest markets in the world. Just take a look at a recent SAT PR News story, “Cyber Weapon Market is Expected to Reach a Valuation of US $521.87 billion by the End of 2021.”

According to the story:

Governments, intelligence agencies, and other organizations have spiked their investment to identify zero-day exploits and use them against enemy networks when necessary. With an aim of capitalizing on the prevalent trend, several traditional arms manufacturing companies are expanding their businesses in the cyber security segment. This will in turn fuel the development of cyber weapons.

 

The market is also expected to gain from the increasing demand for security across critical infrastructure and utilities.

This should come as no surprise. Just as government contractors have cashed in on creating physical weaponry, the digital world is finally going to have its Raytheons. Look at this Fast Company story about how a company you’ve probably never heard of, Pegasus, is worth a billion dollars. Welcome to the new dot-com boom.

Watch our Dark Cyber video news program each week. The video is available at www.arnoldit.com/wordpress

Patrick Roland, January 15, 2018

Next Page »

  • Archives

  • Recent Posts

  • Meta