Another Specialized Method Revealed
April 20, 2020
This is another example of an article which should not be widely available. Rumors of a method to compromise Android phones have been circulating for months. The major signal that a specialized services firm had developed a way to compromise Android phones was a change in Zerodium’s bounty. Android bounties cratered; iPhone vulnerability values skyrocketed. Why? Android devices could become the house pets of certain entities.
“The Secret Behind Unkillable Android Backdoor Called xHelper Has Been Revealed” explains the procedures followed. If you are interested in what significant research efforts can achieve, read the article.
DarkCyber’s view is that Google’s Android team, like many zip zip development shops, overlook excellence. The pursuit of good enough has paid dividends for Google’s approach to business. However, Googlers make assumptions that their way is THE highway.
That works until it doesn’t.
DarkCyber has little to say about the specialized services which have been able to convert the Android device into a handy dandy information provider.
And what about the cyber security firms selling “security”? Does this minor issue suggest that talk and PR about digital security solutions is hot air?
But Google? Yep, Google. Good enough is not.
Stephen E Arnold, April 20, 2020
Cookies and Fingerprints: You Will Be Monitored by Mom
April 15, 2020
Everywhere you go on the Internet, cookies are tracking your movements (even with a VPN). The technology is over a decade old and they range from tracking pixels, content tracker, cross-site tracking cookies, social trackers and browser finger-printing. The Next Web explains that browser fingerprinting is becoming more popular with advertisers in the article, “Digital Fingerprints Are The New Cookies-And Advertisers Want Yours.”
Digital Fingerprinting refers to a company generating a profile about your device’s characteristics. These can include everything from operating system down to browser settings. In other words, it is more like an anonymous barcode. Your identity is not attached to the digital fingerprint, but your data is for advertisers to send targeted ads.
Banks use digital fingerprinting as a security measure. Banking Web sites can identify the device you are on, but if they do not they ask security questions. Advertisers now want the technology to make more money. For users, it is more along the lines of capitalist Big Brother.
There are ways to turn off digital fingerprinting. Most of the tracking happens when you are on the Internet, so look through your browser settings and see if it has tracking protection. Even if you turn on tracking protection it does not entirely hide you:
“While “incognito mode” prevents your browser history from being recorded on your computer and prevents your spouse to spy on you, it does not prevent websites that you visit from collecting data about you and it does nothing to block fingerprinting. Similarly, clearing your browsing history on a regular basis, while a healthy thing to do, does not address fingerprinting either.
While ad blockers block ads from loading, not all ad blockers also block trackers, even less fingerprinters. Trackers can come attached to ads, but quite often they are not part of the ad delivery process itself. Social trackers, tracking pixels and fingerprinters for instance don’t need to piggyback on an ad to track your data.”
To avoid cookies, use a private connection, a good decent VPN, and browse in incognito mode. It does not work 100%, but it is better than capitalist Big Brother.
Whitney Grace, April 15, 2020
The Roots Behind Criminality: Cyber and Regular
April 8, 2020
Coronavirus scams, global Internet traffic hijacking, and attacks on work-from-homers. Where does crime originate?
In the United States, true crime documentaries and fictional detective shows are popular. People love these shows because it explores the human psyche and tries to answer why people commit crimes. Mental health professionals have explored criminals motivations for centuries, including University of California Santa Cruz professor of psychology Craig Haney. Phys.org shares more on Haney’s work in the article, “New Book Debunks Myths About Who Causes Crime And Why.”
For over forty years, Haney researched the real causes behind crimes and he formulated the hypothesis that criminal behavior could be tied to childhood suffering, such as abuse, trauma, and maltreatment. Haney had interviewed many death row inmates and noticed trauma patterns in them. His colleagues were skeptical about his findings, because there was not much research not the idea and few studies. Haney wrote about his findings in a new book, Criminality in Context: The Psychological Foundations of Criminal Justice Reform. In his new book, Haney discusses forty years of research and what believes to be the root causes of criminal behavior, how it differs from accepted conventions, and what reforms are needed in the criminal justice system. Haney stated:
‘“The nation’s dominant narrative about crime is that it is committed by bad people who freely choose to make bad decisions, persons who are fundamentally different from the rest of us,’ said Haney, who holds psychology and law degrees. “The only thing that is fundamentally different about them is the lives they’ve lived and the structural impediments they’ve faced.’”
Haney found that the people most at risk to commit crimes were those exposed to childhood trauma and often experienced even more maltreatment in places meant to protect them: school, foster care systems, and juvenile justice systems.
He also argues that poverty and racism are key contributors to criminal behaviors. Poverty is a gateway to criminal behavior, because it leads to trauma, unmet needs, and less opportunities. Unfortunately ethnic minorities who experience poverty and trauma are more likely to end up imprisoned. By proxy ethnic minorities receive differential treatment and represent the largest criminal populations.
Haney’s research exposes bigger holes in the already broken criminal justice system. He points that bigger reforms need to be made than simple criminal justice. Crime prevention strategies need to start at the cradle, most importantly combating social inequality and and poverty.
While Haney’s research may sound new, it only augments what other mental health professionals have been spouting for years. Everything is connected when it comes to mental health, but humans usually are not taught how to properly care for their minds.
Whitney Grace, April 8, 2020
Global Internet Routing: About Security and Big Time Actors
April 6, 2020
In my lectures about changes in Internet security last year, I mentioned the targeted efforts to undermine the servers responsible for certain core functionality. I described attacks directed at a foundation server in Scandinavia. One point I stressed was that redirecting traffic was an objective of a bad actor—a bad actor with considerable resources.
“Not Just Another BGP Hijack” reports that on April Fool’s Day, a large scale border gateway protocol event took place. Companies like Amazon and Akamai, among others, had their traffic routed through the Russian telecommunications operator Rostelecom.
Yes, there is a global pandemic. No, bad actors or careless system administrators are still chugging along. The rerouting is a reminder that the “Internet” is not a construct that can be ignored, assumed to be secure, and resistant to attacks.
Far from it. The “talk” about firms providing cybersecurity are themselves vulnerable when bad actors target underlying functions. The report about this attack, if true, is a grim reminder that marketing talk about security may disguise deeper and larger criminal activities.
Stephen E Arnold, April 6, 2020
Cellebrite: Low Profile Outfit Shares Some High Value Information
March 27, 2020
Cellebrite, now owned by Japanese interests, is not a household word. That’s good from DarkCyber’s point of view. If you want to know more about this company, navigate to the company’s Web site.
“Cellebrite Unveils the Top Global Digital Intelligence Trends for 2020” provides observations / finds in its Annual Digital Intelligence Industry Benchmark Report for 2020. Our video program will consider some of these findings in the context of cyber intelligence. However, there are four items of interest which DarkCyber wants to highlight in this short article.
Intelligence and other enforcement agencies are slow to adapt. This finding is in line with DarkCyber’s experience. We reported on March 24, 2020, in our DarkCyber video that the Canadian medical intelligence firm Bluedot identified the threat of the corona virus in November 2019. How quickly did the governments of major countries react? How is the US reacting now? The “slowness” is bureaucratic friction. Who wants to be identified as the person who was wrong? In terms of cyber crime, Cellebrite’s data suggest “43 percent of agencies report either a poor or mediocre strategy or no digital intelligence strategy at all.” [emphasis added].
Government agency managers want modernization to help attract new officers. The Cellebrite study reports, “Most agency managers believe police forces that embrace mobile tech to collect digital evidence in the field will help reduce turnover and be significantly more prepared to meet the digital evidence challenges of 2020.” DarkCyber wants to point out that skilled cyber professionals do not grow on trees. Incentives, salaries, and work magnetism are more important than “hopes.”
Budgets are an issue. This is a “duh” finding. DarkCyber is not being critical of Cellebrite. Anyone involved directly or indirectly in enforcement or intelligence knows that bad actors seem to have infinite scalability. Government entities do not. The report says, “With the deluge of digital devices and cloud data sources, examiners face an average 3-month backlog and an average backlog of 89 devices per station. The push for backdoors is not designed to compromise user privacy; it is a pragmatic response to the urgent need to obtain information as close to real time as possible. Cellebrite’s tools have responded to the need for speed, but for many governments’ enforcement and intelligence agencies, a 90 day period of standing around means that bad actors have an advantage.
DarkCyber will consider more findings from this report in an upcoming video news program. Watch this blog for the release date for the program.
Stephen E Arnold, March 27, 2020
Want a Line Up of AI-Fueled Cybersecurity Firms?
March 25, 2020
Artificial intelligence and cybersecurity seem like a natural pairing. Check out a list of firms that think so, too, in Built In’s write-up, “30 Companies Merging AI and Cybersecurity to Keep us Safe and Sound.” Reporter Alyssa Schroer explains:
“By the year 2021, cybercrime losses will cost upwards of $6 trillion annually. It’s no surprise, then, that the cybersecurity industry is exploding as it grows to protect the networks and systems on which companies and organizations operate and store data. Because effective information security requires smarter detection, many cybersecurity companies are upping their game by using artificial intelligence to achieve that goal. A new wave of AI-powered solutions and products keep bad actors on their toes while giving IT teams much needed relief. Here are 30 companies merging artificial intelligence and cybersecurity to make the virtual world safer.”
Navigate to the article for the names of all 30 companies. They include well established firms like Symantec, Darktrace, and Fortinet alongside many less familiar names. Several serve specific industries. Schroer lists the location of each entry and describes how it is applying AI tech to cybersecurity. For example, for Shape Security she writes:
“Shape Security provides software that fights imitation attacks like fake accounts, credential stuffing and credit application fraud for businesses in retail, finance, government, tech and travel. Shape’s machine learning models have been given access to data resembling attackers, enabling the system to learn what human activity looks like against fraud. The company’s solutions, Enterprise Defense and Blackfish, use this AI to identify the differences between real and artificial users and then block, redirect or flag the fraudulent source.”
Hacking tools and procedures have become prolific and incredibly efficient. It makes sense to fight them with well-crafted machine learning solutions. Any organization looking to employ one of these (or similar) firms should do its research and choose a well-designed solution that meets its particular needs.
Cynthia Murrell, March 25, 2020
DarkCyber for March 24, 2020, Now Available
March 24, 2020
DarkCyber for March 24, 2020, covers four stories. You can view the video on YouTube or on Vimeo.
The first story explains that phishing is a contentious issue in many organizations. Managers see phishing one way; information and security professionals often have a different view. The divide can create more vulnerabilities for organizations ignoring the escalating risk from weaponized email.
The second story provides some information about Banjo (a US firm engaged in providing specialized services to law enforcement) and BlueDot (a Canadian company applying advanced analysis to open source and limited access medical information). The story makes clear that the methods of these firms provide excellent insight into how some specialized software systems deliver high value intelligence to law enforcement and intelligence professionals worldwide.
The third story provides information about a Department of Justice report aimed at Dark Web researchers. The document is available without charge from the url provided in the program. Failure to follow the guidelines in the document can convert a researcher into a bad actor.
The final story reviews recent steps taken by the Russian government to exert tighter control over Internet applications. The affected software includes Tor and the Telegram Open Network. Mr. Putin has become Russia’s first digital tsar.
Kenny Toth, March 24, 2020
Secret No More: An Alternative to VPNs
March 20, 2020
Dor Knafo founded Axis Security. (The name may create some confusion for those familiar with an event planning outfit.) The company seeks to deliver what Tech.eu reported as:
a single managed solution for access, security, control, and scalability without the complexity…. Built on a zero trust approach, the startup’s Axis Application Access Cloud offers an agentless model that connects users on any device to private apps, without touching the network or the applications. This separation shrinks the attack surface, or reduces the chances of a cyber attack.
Don’t VPNs deliver this?
Nope.
The Axis approach is an SaaS solution. Here’s the explanation in “Israeli startup Axis Security emerges from stealth mode with $17 million Series A.”
Built on a zero trust approach, the startup’s Axis Application Access Cloud offers an agentless model that connects users on any device to private apps, without touching the network or the applications. This separation shrinks the attack surface, or reduces the chances of a cyber attack.
The funding comes from, according to the write up:
Ten Eleven Ventures’ Alex Doll led the round, joined by Cyberstarts, Palo Alto Networks, Check Point, Imperva, among others. Angel investors include Dan Amiga, founder of Fireglass, and board of director member Michael Fey, former president of Symantec and Blue Coat.
Note that Mr. Knafo previously Symantec.
Net net: The solution has been rumored for more than a year. With its more public approach, the company is likely to signal a flow of related start up innovations for cyber security markets.
Stephen E Arnold, March 20, 2020
DOJ Suggestions for Threat Research and Cyber Intelligence Gathering
March 13, 2020
DarkCyber spotted “Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources.” The Department of Justice has assembled what a mini best practices for those who are gathering certain types of cyber security information; for example, Dark Web fora.
The document states:
The application of federal criminal law to activities occurring online can be complicated.
That should be a yellow warning signal to those who embark on digital journeys into certain parts of the datasphere. The document provides some information about different ways to gather information from online discussion groups.
Online storefronts can appear to provide a way to purchase products or services which, in some jurisdictions, are problematic.
The document is informative and, in DarkCyber’s opinion, a useful contribution to the literature related to obtaining threat intelligence.
Net net: Don’t intentionally or unintentionally become what some authorities would consider a criminal. Plus, any spelunking in certain areas of the datasphere can change a curious eager beaver into a target for bad actors.
Stephen E Arnold, March 13, 2020
Phishing Faces a Tough Competitor
March 13, 2020
DarkCyber spotted a factoid which could be marketing dressed up in factual finery or a datum which is accurate. You will have to figure out which.
Navigate to “Adware Accounts for 72% of Mobile Malware: Avast.” The write up states:
Adware or software that hijacks a device in order to spam the user with unwanted ads now accounts for 72 per cent of all mobile malware, says a new report from cybersecurity firm Avast.
But what about the other 28 percent of digital legerdemain?
The remaining 28 per cent consist of banking Trojans, fake apps, lockers, and downloaders, according to statistics gathered by Avast’s Threat Lab experts.
The write up points out:
Adware often disguises itself in the form of gaming and entertainment apps, or other app types that are trending and therefore are interesting targets with a high potential to spread far. These apps may appear harmless, but once they have infected a device they will surreptitiously click on ads in the background. Sometimes, adware also serves ads with malicious content.
Phishing may lose its pride of place among bad actors.
By the way, the data in the write up, if on the money, does not explain how malware on a mobile phone can perform a number of other useful services for the developer. These services can be helpful to certain types of professionals working in field other than Madison Avenue pursuits.
Stephen E Arnold, March 13, 2020