DarkCyber for August 14, 2018, Now Available

August 14, 2018

DarkCyber for July 24, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/284579347 .

Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.

This week’s program covers four Dark Web and security related stories.

The first story presents data about online drug sellers. The estimated number of vendors is in the 30,000 to 50,000 range. DarkCyber points out that such data are likely to be uncertain. Estimates of online sources for controlled substances are based on difficult-to-verify data. DarkCyber reports that as many as one half of the prescription drugs sold online may be fakes.

The second story reports that the Dark Web is changing. The shift from Tor-centric Web sites to encrypted chat and messaging systems is underway. Encrypted chat complicates the work of law enforcement and intelligence professionals. Plus, encrypted chat sessions can trigger mob actions which can spiral out of control and without warning. A lynching in India may be the direct result of forwarded encrypted chat messages.

The third story provides a snapshot of the NC4 policeware system Street Smart. A popular US magazine referenced the company without providing details about the system and its functions. DarkCyber explains that information about the software system are available on the NC4 Web site and in videos publicly available on YouTube.

The final story explains how 3D printing makes it comparatively easy for an individual to create what is called a “ghost gun.” The 3D printed weapon does not have an identification number, so tracing the gun is difficult. DarkCyber points out that copyright issues and regulations concerning the manufacture of weapons will consume time, money, and human resources.

Kenny Toth, August 14, 2018

Europe Creates a Potential Target for Bad Actors

August 9, 2018

The goal, most agree, is to keep sensitive information out of the hands of hackers and crooks, right? European officials might be planning to fly directly in the face of that logic, after we read a recent article in The Register, “Think Tank Calls for Post-Brexit National ID Cards: The Kids Have Phones, So What’s The Difference?”

Things got dicey here:

“The government intends to assign EU citizens unique numbers based on either a passport or national ID card number…he system will be accessed via GOV.UK or a smartphone app, and the report praised the security and privacy credentials promised for the database of citizen numbers…The data will be kept on Home Office servers in a tier 3 data centre, with individual pieces of information stored and encrypted separately.”

So, let’s get this straight? All of Europe will have its personal information on file in one location and they are just publicly telling the bad guys where to find it? What could go wrong? Google seems to be rolling out a program to warn governments when they are being hacked, which makes Google more “useful” to certain authorities.

But bad actors gravitate to data collections which have significant value. The ID card repository may become a high profile target.

Patrick Roland, August 9, 2018

Factoids for July 25, 2018

July 25, 2018

Some useful factoids:

  1. 11 percent of Americans do not use the Internet, down from 48 percent in Year 2000. Source: TheHustle
  2. Google’s capital expenditures for 2017-2018 were $5.5 billion. This is a 2X increase over the previous year. Source: GeekWire
  3. The health records of 1.5 million Singaporeans, including Prime Minister Lee Hsien Loong, were stolen. Source: Manila Times
  4. Stolen credit cards with PINS cost as little as US$8. Source: Daily Mail
  5. Almost two million start-ups were registered in the UK between 2013-2017 with 392,627 (20 percent) classified as technology firms. Source: Cambridge Network
  6. Companies selling flaws in software to government entities include Vupen in Montpellier, France; Netragard in Acton, Mass.; Exodus Intelligence in Austin, Tex.; and ReVuln (Malta). Source: Dark Government

Stephen E Arnold, July 25, 2018

Does Security Sell? Will Security Provide Revenue Lift?

June 14, 2018

Years ago Oracle positioned its enterprise search system as more secure than any other information access available at that time. How did that work out? Do you use SES? Why did Oracle buy Endeca, ostensibly an enterprise search system of sorts? What happened to Triple Hop? Artificial Linguistics? The other search systems Oracle has acquired? My hunch is that security did not sell.

Now Apple is betting that its secure Apply phone will cruise along, sucking up the majority of the profits from mobile phones. The company has determined that engineers working for vendors focused on law enforcement and intelligence agencies will no longer be able to use the connection and charging port to hack into a mobile device.

Who knows? Maybe Apple can make security generate big revenue flows and juicy profits?

Apple to Close iPhone Security Hole That Police Use to Crack Devices” explains that Apple will close a “technological loophole.” The move may rekindle the push from some law enforcement and intelligence professionals for a way to unlock bad actors’ iPhones.

Our weekly video DarkCyber described products available from Grayshift and has mentioned Cellebrite in our weekly reports.

Our view is that considerable discussion and legal fireworks will ensue. Compromise? Nope, that’s an approach not too popular in some circles. Are companies governments? Can governments impact how companies do business.

This is a major issue, and the outcome is not as clear as the information about China’s surveillance actions. How has Apple adapted to China’s rules? How is Apple adapting the US laws?

Interesting days ahead.

Stephen E Arnold, June 14, 2018

DarkCyber, May 29, 2018, Now Available

May 29, 2018

Stephen E Arnold’s DarkCyber video news program for Tuesday, May 29, 2018, is now available.

This week’s story line up is:

  • The “personality” of a good Web hacker
  • Why lists are replacing free Dark Web search services
  • Where to find a directory of OSINT software
  • A new Dark Web index from a commercial vendor.

You can find this week’s program at either www.arnoldit.com/wordpress or on Vimeo at https://vimeo.com/272088088.

On June 5, 2018, Stephen will be giving two lectures at the Telestrategies ISS conference in Prague. The audiences will consist of intelligence, law enforcement, and security professionals from Europe. A handful of attendees from other countries will be among the attendees.

On Tuesday, June 5, 2018, Stephen will reveal one finding from our analysis of Amazon’s law enforcement, war fighting, and intelligence services initiative.

Because his books have been reused (in several cases without permission) by other analysts, the information about Amazon is available via online or in person presentations.

The DarkCyber team has prepared short video highlighting one research finding. He will include some of the DarkCyber research information in his Prague lectures.

The Amazon-centric video will be available on Tuesday, June 5, 2018. After viewing the video, if you want the details of his for fee lecture, write him at darkcyber333@yandex dot com. Please, put “Amazon” in the subject line.

Several on the DarkCyber team believe that most people will dismiss Stephen’s analysis of Amazon. The reason is that people buy T shirts, books, and videos from the company. However, the DarkCyber research team has identified facts which suggest a major new revenue play from the one time bookseller.

Just as Stephen’s analyses of Google in 2006 altered how some Wall Street professionals viewed Google, his work on Amazon is equally significant. Remember those rumors about Alexa recording what it “hears”? Now think of Amazon’s services/products as pieces in a mosaic.

The picture is fascinating and it has significant financial implications as well.

Enjoy today’s program at this link.

Kenny Toth, May 29, 2018

Plan a Hike or an Attack: Piece of Cake Now

May 26, 2018

Forget the utility of the procedure for outdoor hikers described in “Plot a Hike on Google Earth.” My first thought was, “What a Mother’s Little Helper” for those involved in military orienteering. I particularly liked the use of Strava, an application with data of some value to those eager to locate certain types of behavior patterns inadvertently created by joggers. I also liked the bouncing between a desktop / laptop computer and mobile devices. No problem for personnel operating from a semi fixed base station. Finally, the “fly around” functionality is helpful. My problem with these capabilities is that they are available to anyone. My personal view is that certain types of technology applications can be put to what I would describe as questionable uses. Why go through the hassle of joining the military or law enforcement, cope with the rigors of FLETC and other training program, and sharpen one’s skills in the field. Take a short cut and put the capabilities in whatever context one wants. Sorry. Too much information.

Stephen E Arnold, May 26, 2018

DarkCyber for April 24, 2018, Now Available

April 24, 2018

DarkCyber for April 124, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/266003727 .

Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.

This week’s lead story focuses on universities as unwitting accomplices for student cyber criminals. Five students at Manchester University began selling drugs via SilkRoad. The students “graduated” to their own brand and branched out. Before UK law enforcement shut down the students’ operation, more than 6,000 drug sales were completed. Plus, university computer systems have become targets for malicious crypto currency mining operations. A student can take classes in computer science and be up and scamming quickly.

Stephen E Arnold, producer of DarkCyber and author of “CyberOSINT: Next Generation Information Access” said: “The combination of easy access to high-value information about programming and computer systems plus the lure of easy money can turn a good student into a good criminal. Universities, despite their effort to implement more robust security, are targets for bad actors. Students can operate Dark Web businesses from their campus residence. Outsiders can exploit the institution’s computer system in order to install crypto currency mining software. At this time, colleges and universities are in a cat and mouse game with high stakes and stiff penalties for students, administrators, and school security professionals.”

DarkCyber revisits the security of virtual private networks. This week’s program answers a viewer’s question about improving the security of a VPN. In addition to changing the ports the VPN uses, DarkCyber points out that a tech savvy individual can operate his or her own VPN or use additional specialized software to shore up the often leaky security many VPN services provide.

Vendors of “policeware” are generally unknown to most tech professionals. DarkCyber highlights a new, UK based company doing business as Grey Heron. The company offers a range of cyber security services. The firm’s staff appears to include individuals once affiliated with the Hacking Team, another policeware vendor which found itself the victim of a cyber attack two years ago. If Gray Heron taps the Hacking Team’s technical talent, the firm may make an impact in this little known sector of the software market.

The final story in DarkCyber for April 24, 2018, highlights several findings from a study sponsored by Bromium, a cyber security company. The researchers at a UK university gathered data which provide some surprising and interesting information about the Dark Web. For example, the new report asserts that more than $200 billion is laundered on the Dark Web in a single year. If true, these newly revealed research data provide hard metrics about the role of digital currency in today’s online economy.

Beginning in May 2018, coverage of the Dark Web and related subjects will be increased within Beyond Search.

Kenny Toth, April 24, 2018

DarkCyber Profiles the Grayshift iPhone Unlocking Appliance

April 5, 2018

DarkCyber has released a special video report about Grayshift’s iPhone unlocking device for law enforcement forensics professionals. The GrayKey device unlocks most iPhones quickly and without the need to ship the suspect’s mobile phone off site.

The video is available on Vimeo at https://vimeo.com/262858305.

The video covers the pricing for the iPhone unlocker and its key features. Plus, the video product overview identifies the challenges that Grayshift will have to overcome if it wants to become the preferred provider of plug-and-unlock iPhone devices.

Stephen E Arnold said, “Grayshift’s GrayKey is important because it offers an easy-to-use iPhone unlocking system. Four digit passcode protected devices can be unlocked in two to three hours. Apple mobiles with six digit passcodes can be unlocked in two to three days. The device can be used in a mobile forensics lab and costs a fraction of some competitive solutions. GrayKey looks like the right product at the right time and at the right price.”

DarkCyber is a weekly video new program for law enforcement, intelligence, and security professionals. The special report series will focus on a single product, service, or technical innovation.

This is a special report in his CyberOSINT Tools series. These special reports will be issued when notable products, services, or technologies become available to law enforcement and intelligence professionals.

Stephen E Arnold is the author of “Dark Web Notebook” and “CyberOSINT: Next Generation Information Access.” He has been named as a technology adviser to the UK based Judicial Commission of Inquiry into Human Trafficking and Child Sex Abuse.” Mr. Arnold also lectures to law enforcement and intelligence professionals attending the Telestrategies ISS conferences in Prague, Washington, DC, and Panama City, Panama. In recent months, he has shared his research with law enforcement and intelligence professionals in the US and Europe. His most recent lectures focus on deanonymizing chat and digital currency transactions. One hour and full day programs are available via webinars and on-site presentations.

Kenny Toth, April 5, 2018

AI Will Be 2018s Biggest Tech Topic

February 20, 2018

Seems like some algorithm should have predicted this a long time ago, but our best bet is that AI leads the way in most important tech topics of the new year. We are not alone. Datanami recently penned an article, “What Will AI Bring in 2018? Experts Sound Off.”

According to the story:

Artificial intelligence and machine learning are often misunderstood and misused terms. Many startups and larger technology companies attempt to boost their appeal by forcing an association with these phrases. Well, the buzz will have to stop in 2018…This will be the year we begin to demand substance to justify claims of anything that’s capable of using data to predict any outcome of any relevance for business, IT or security. While 2018 will not be the year when AI capabilities mature to match human skills and capacity, AI using machine learning will increasingly help organizations make decisions on massive amounts of data that otherwise would be difficult for us to make sense of.

This comes as no surprise to us. AI has been cracking mysteries left and right lately and is finally getting down to seriously important work. Take, for example, how AI is helping solve the opioid crisis. AI will be 2018’s big story and it couldn’t come at a better time for us.

Patrick Roland, February 20, 2018

A BitCoin Crackdown Will Not Stop The Flood

February 19, 2018

Bitcoin’s rocketing value has put a spotlight on this intentionally shadowy money system. Now, with all that attention governments are starting to crack down. However, we don’t think that’ll help. We were tipped off to this trend from a recent BitCoinIst story, “AUSTRALIAN BANKS REPORTEDLY FREEZING THE ACCOUNTS OF BITCOIN USERS.”

According to the story:

The Australian banks which have been accused of freezing accounts of Bitcoin users have been listed as the National Australia Bank, ANZ, Commonwealth Bank of Australia, and Westpac Banking Corporation. The claim was made in a tweet saying that user activity associated with certain websites (BTC Markets, CoinSpot Australia, CoinJar, and Coinbase) have been affected as triggering suspicious activity on Australian users’ bank accounts.

 

Should your bank refuse to make a payment of your money, then you are rendered powerless to access your own money. The banks’ heavy handedness in this regard only gives further fuel to those proponents of decentralized money that lie outside of institutional control, such as Bitcoin and the rest of cryptocurrency. That Australian banks are still not providing fail-safes to their customers when they fall foul of unspecified account flagging is not portraying the country’s banks in a positive manner at all.

While it is worth applauding Australia’s attempt at stopping criminal activity this way, it’s only part of the oldest story in the book. As soon as someone solves a problem, two new ones crop up. Those being new cryptocurrencies, like Monero, which criminals are beginning to flock to. Fat chance stopping this flood of trouble.

Patrick Roland, February 19, 2018

Next Page »

  • Archives

  • Recent Posts

  • Meta