DarkCyber for November 27, 2018, Now Available
November 27, 2018
DarkCyber for November 27, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/302658825.
This week’s program covers four stories related to the Dark Web and specialized Internet services.
DarkCyber reports that another call for a backdoors to encrypted communications. Cyrus Vance, the Manhattan district attorney, emphasized that government mandated backdoors are the only solution to device encryption. DarkCyber provides a link to the government report which substantiates this statement. Australia has issued a similar statement. Even though encrypted devices can be broken open, the time and resources required are significant. With the growing number of mobile devices in use by bad actors, the number of phones requiring decryption has created an evidence backlog. Encrypted devices, therefore, pose a significant challenge to law enforcement and intelligence professionals.
The second story reveals that autonomous killer drone technology is advancing rapidly. An autonomous drone is able to find, fix, and finish a target. DarkCyber describes the Elbit Systems’ Skystriker device which is about 95 percent autonomous at this time. Full autonomous operation is within view.
Other countries are working on similar technology. DarkCyber identifies autonomous sea going devices which can neutralize a target without a human in the kill chain. DarkCyber’s view is that countries without autonomous warfighting will find themselves at a strategic disadvantage.
The third story reports that facial recognition allowed 130 victims of child abuse to be identified by Dutch authorities. Mug shot image recognition and matching can perform at an accuracy level of about 90 percent. However, facial recognition from real time video feeds like surveillance cameras pose a more difficult problem. Accuracy rates for video identification can dip below 60 percent. Nevertheless, facial recognition technology is advancing rapidly with innovations from such firms as Boeing, Verint, and NSO. Startups are making significant technical contributions as well. Innovations from Trueface, Kairos, and PointGrab are likely to yield advances in recognition accuracy. DarkCyber provides links to two sources of information about facial recognition systems. One of these documents is a General Accountability Office report about facial recognition within the US government.
The final story describes an off tune Dark Web weapons deal. Three young men in England thought that buying Glock 19 firearms via the Dark Web was a foolproof scheme. Their idea was to specify that the weapons were shipped inside of an amplifier for an electric guitar. US and UK authorities identified the contraband and placed a video camera in the parcel. When the men received their delivery, the event was captured on video. The investigation yielded cash and narcotics. The individuals are now serving eight years in prison. It is unlikely that the amplifier is delivering Elvis’ hit “Jailhouse Rock” to the felons.
DarkCyber appears each Tuesday on the blog Beyond Search and on Vimeo. Watch for new programs each week at www.arnoldit.com/wordpress.
Kenny Toth, November 27, 2018
DarkCyber for September 18, 2018 Now Available
September 18, 2018
DarkCyber for September 18, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/290147202 .
This week’s DarkCyber video news program covers … Bitfury’s deanonymization service and its unusual sales approach… the loss of UK law enforcement laptops… facial recognition for law enforcement challenged by tech company employees… and X1 and its eDiscovery system with Dark Web content support.
The first story explains that Bitfury, a UK company with an interesting staff line up, offers digital currency deanonymization services. The company’s approach to sales, however, is unusual. Specifically, the company refused to explain its services at a recent law enforcement conference. DarkCyber continues to recommend that agencies interested in digital currency deanonymization look at services available from Chainalysis and Elliptic, two companies which do explain their services to security and enforcement officials.
The second story reports that UK media pointed out that in one year, UK law enforcement lost 60 laptops. With tens of thousands of officers and operators, DarkCyber states that the alleged problem is blown out of proportion. Bad actors attempt to obtain laptops, mobiles, and other computing devices in order to compromise investigations. DarkCyber asserts that the loss of 60 laptops illustrates the good job UK authorities do with regard to preventing loss of laptops.
The third story describes the Amazon DeepLens system. In addition to explaining how this Amazon camera integrates with Amazon’s machine learning and analytics subsystems, DarkCyber reports that neither Amazon, IBM, or any other US company was able to sell their technology to Ecuador. That country purchased a state-of-the-art Chinese developed system. With employee pushback against their employers’ work for the US government, US facial recognition technology may find itself at a disadvantage with regard to technical development and system innovation.
The final story covers the X1 eDiscovery system for social content. The X1 technology can now acquire and process social media information as well as some Dark Web content. Instead of directly scraping Dark Web sites, the X1 method relies on the Tor2Web.org service. The new product costs about $2,000 per year. DarkCyber explains where to download a 14-day free trial.
Kenny Toth, September 18, 2018
DarkCyber for August 14, 2018, Now Available
August 14, 2018
DarkCyber for July 24, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/284579347 .
Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.
This week’s program covers four Dark Web and security related stories.
The first story presents data about online drug sellers. The estimated number of vendors is in the 30,000 to 50,000 range. DarkCyber points out that such data are likely to be uncertain. Estimates of online sources for controlled substances are based on difficult-to-verify data. DarkCyber reports that as many as one half of the prescription drugs sold online may be fakes.
The second story reports that the Dark Web is changing. The shift from Tor-centric Web sites to encrypted chat and messaging systems is underway. Encrypted chat complicates the work of law enforcement and intelligence professionals. Plus, encrypted chat sessions can trigger mob actions which can spiral out of control and without warning. A lynching in India may be the direct result of forwarded encrypted chat messages.
The third story provides a snapshot of the NC4 policeware system Street Smart. A popular US magazine referenced the company without providing details about the system and its functions. DarkCyber explains that information about the software system are available on the NC4 Web site and in videos publicly available on YouTube.
The final story explains how 3D printing makes it comparatively easy for an individual to create what is called a “ghost gun.” The 3D printed weapon does not have an identification number, so tracing the gun is difficult. DarkCyber points out that copyright issues and regulations concerning the manufacture of weapons will consume time, money, and human resources.
Kenny Toth, August 14, 2018
Europe Creates a Potential Target for Bad Actors
August 9, 2018
The goal, most agree, is to keep sensitive information out of the hands of hackers and crooks, right? European officials might be planning to fly directly in the face of that logic, after we read a recent article in The Register, “Think Tank Calls for Post-Brexit National ID Cards: The Kids Have Phones, So What’s The Difference?”
Things got dicey here:
“The government intends to assign EU citizens unique numbers based on either a passport or national ID card number…he system will be accessed via GOV.UK or a smartphone app, and the report praised the security and privacy credentials promised for the database of citizen numbers…The data will be kept on Home Office servers in a tier 3 data centre, with individual pieces of information stored and encrypted separately.”
So, let’s get this straight? All of Europe will have its personal information on file in one location and they are just publicly telling the bad guys where to find it? What could go wrong? Google seems to be rolling out a program to warn governments when they are being hacked, which makes Google more “useful” to certain authorities.
But bad actors gravitate to data collections which have significant value. The ID card repository may become a high profile target.
Patrick Roland, August 9, 2018
Factoids for July 25, 2018
July 25, 2018
Some useful factoids:
- 11 percent of Americans do not use the Internet, down from 48 percent in Year 2000. Source: TheHustle
- Google’s capital expenditures for 2017-2018 were $5.5 billion. This is a 2X increase over the previous year. Source: GeekWire
- The health records of 1.5 million Singaporeans, including Prime Minister Lee Hsien Loong, were stolen. Source: Manila Times
- Stolen credit cards with PINS cost as little as US$8. Source: Daily Mail
- Almost two million start-ups were registered in the UK between 2013-2017 with 392,627 (20 percent) classified as technology firms. Source: Cambridge Network
- Companies selling flaws in software to government entities include Vupen in Montpellier, France; Netragard in Acton, Mass.; Exodus Intelligence in Austin, Tex.; and ReVuln (Malta). Source: Dark Government
Stephen E Arnold, July 25, 2018
Does Security Sell? Will Security Provide Revenue Lift?
June 14, 2018
Years ago Oracle positioned its enterprise search system as more secure than any other information access available at that time. How did that work out? Do you use SES? Why did Oracle buy Endeca, ostensibly an enterprise search system of sorts? What happened to Triple Hop? Artificial Linguistics? The other search systems Oracle has acquired? My hunch is that security did not sell.
Now Apple is betting that its secure Apply phone will cruise along, sucking up the majority of the profits from mobile phones. The company has determined that engineers working for vendors focused on law enforcement and intelligence agencies will no longer be able to use the connection and charging port to hack into a mobile device.
Who knows? Maybe Apple can make security generate big revenue flows and juicy profits?
“Apple to Close iPhone Security Hole That Police Use to Crack Devices” explains that Apple will close a “technological loophole.” The move may rekindle the push from some law enforcement and intelligence professionals for a way to unlock bad actors’ iPhones.
Our weekly video DarkCyber described products available from Grayshift and has mentioned Cellebrite in our weekly reports.
Our view is that considerable discussion and legal fireworks will ensue. Compromise? Nope, that’s an approach not too popular in some circles. Are companies governments? Can governments impact how companies do business.
This is a major issue, and the outcome is not as clear as the information about China’s surveillance actions. How has Apple adapted to China’s rules? How is Apple adapting the US laws?
Interesting days ahead.
Stephen E Arnold, June 14, 2018
DarkCyber, May 29, 2018, Now Available
May 29, 2018
Stephen E Arnold’s DarkCyber video news program for Tuesday, May 29, 2018, is now available.
This week’s story line up is:
- The “personality” of a good Web hacker
- Why lists are replacing free Dark Web search services
- Where to find a directory of OSINT software
- A new Dark Web index from a commercial vendor.
You can find this week’s program at either www.arnoldit.com/wordpress or on Vimeo at https://vimeo.com/272088088.
On June 5, 2018, Stephen will be giving two lectures at the Telestrategies ISS conference in Prague. The audiences will consist of intelligence, law enforcement, and security professionals from Europe. A handful of attendees from other countries will be among the attendees.
On Tuesday, June 5, 2018, Stephen will reveal one finding from our analysis of Amazon’s law enforcement, war fighting, and intelligence services initiative.
Because his books have been reused (in several cases without permission) by other analysts, the information about Amazon is available via online or in person presentations.
The DarkCyber team has prepared short video highlighting one research finding. He will include some of the DarkCyber research information in his Prague lectures.
The Amazon-centric video will be available on Tuesday, June 5, 2018. After viewing the video, if you want the details of his for fee lecture, write him at darkcyber333@yandex dot com. Please, put “Amazon” in the subject line.
Several on the DarkCyber team believe that most people will dismiss Stephen’s analysis of Amazon. The reason is that people buy T shirts, books, and videos from the company. However, the DarkCyber research team has identified facts which suggest a major new revenue play from the one time bookseller.
Just as Stephen’s analyses of Google in 2006 altered how some Wall Street professionals viewed Google, his work on Amazon is equally significant. Remember those rumors about Alexa recording what it “hears”? Now think of Amazon’s services/products as pieces in a mosaic.
The picture is fascinating and it has significant financial implications as well.
Enjoy today’s program at this link.
Kenny Toth, May 29, 2018
Plan a Hike or an Attack: Piece of Cake Now
May 26, 2018
Forget the utility of the procedure for outdoor hikers described in “Plot a Hike on Google Earth.” My first thought was, “What a Mother’s Little Helper” for those involved in military orienteering. I particularly liked the use of Strava, an application with data of some value to those eager to locate certain types of behavior patterns inadvertently created by joggers. I also liked the bouncing between a desktop / laptop computer and mobile devices. No problem for personnel operating from a semi fixed base station. Finally, the “fly around” functionality is helpful. My problem with these capabilities is that they are available to anyone. My personal view is that certain types of technology applications can be put to what I would describe as questionable uses. Why go through the hassle of joining the military or law enforcement, cope with the rigors of FLETC and other training program, and sharpen one’s skills in the field. Take a short cut and put the capabilities in whatever context one wants. Sorry. Too much information.
Stephen E Arnold, May 26, 2018
DarkCyber for April 24, 2018, Now Available
April 24, 2018
DarkCyber for April 124, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/266003727 .
Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.
This week’s lead story focuses on universities as unwitting accomplices for student cyber criminals. Five students at Manchester University began selling drugs via SilkRoad. The students “graduated” to their own brand and branched out. Before UK law enforcement shut down the students’ operation, more than 6,000 drug sales were completed. Plus, university computer systems have become targets for malicious crypto currency mining operations. A student can take classes in computer science and be up and scamming quickly.
Stephen E Arnold, producer of DarkCyber and author of “CyberOSINT: Next Generation Information Access” said: “The combination of easy access to high-value information about programming and computer systems plus the lure of easy money can turn a good student into a good criminal. Universities, despite their effort to implement more robust security, are targets for bad actors. Students can operate Dark Web businesses from their campus residence. Outsiders can exploit the institution’s computer system in order to install crypto currency mining software. At this time, colleges and universities are in a cat and mouse game with high stakes and stiff penalties for students, administrators, and school security professionals.”
DarkCyber revisits the security of virtual private networks. This week’s program answers a viewer’s question about improving the security of a VPN. In addition to changing the ports the VPN uses, DarkCyber points out that a tech savvy individual can operate his or her own VPN or use additional specialized software to shore up the often leaky security many VPN services provide.
Vendors of “policeware” are generally unknown to most tech professionals. DarkCyber highlights a new, UK based company doing business as Grey Heron. The company offers a range of cyber security services. The firm’s staff appears to include individuals once affiliated with the Hacking Team, another policeware vendor which found itself the victim of a cyber attack two years ago. If Gray Heron taps the Hacking Team’s technical talent, the firm may make an impact in this little known sector of the software market.
The final story in DarkCyber for April 24, 2018, highlights several findings from a study sponsored by Bromium, a cyber security company. The researchers at a UK university gathered data which provide some surprising and interesting information about the Dark Web. For example, the new report asserts that more than $200 billion is laundered on the Dark Web in a single year. If true, these newly revealed research data provide hard metrics about the role of digital currency in today’s online economy.
Beginning in May 2018, coverage of the Dark Web and related subjects will be increased within Beyond Search.
Kenny Toth, April 24, 2018
DarkCyber Profiles the Grayshift iPhone Unlocking Appliance
April 5, 2018
DarkCyber has released a special video report about Grayshift’s iPhone unlocking device for law enforcement forensics professionals. The GrayKey device unlocks most iPhones quickly and without the need to ship the suspect’s mobile phone off site.
The video is available on Vimeo at https://vimeo.com/262858305.
The video covers the pricing for the iPhone unlocker and its key features. Plus, the video product overview identifies the challenges that Grayshift will have to overcome if it wants to become the preferred provider of plug-and-unlock iPhone devices.
Stephen E Arnold said, “Grayshift’s GrayKey is important because it offers an easy-to-use iPhone unlocking system. Four digit passcode protected devices can be unlocked in two to three hours. Apple mobiles with six digit passcodes can be unlocked in two to three days. The device can be used in a mobile forensics lab and costs a fraction of some competitive solutions. GrayKey looks like the right product at the right time and at the right price.”
DarkCyber is a weekly video new program for law enforcement, intelligence, and security professionals. The special report series will focus on a single product, service, or technical innovation.
This is a special report in his CyberOSINT Tools series. These special reports will be issued when notable products, services, or technologies become available to law enforcement and intelligence professionals.
Stephen E Arnold is the author of “Dark Web Notebook” and “CyberOSINT: Next Generation Information Access.” He has been named as a technology adviser to the UK based Judicial Commission of Inquiry into Human Trafficking and Child Sex Abuse.” Mr. Arnold also lectures to law enforcement and intelligence professionals attending the Telestrategies ISS conferences in Prague, Washington, DC, and Panama City, Panama. In recent months, he has shared his research with law enforcement and intelligence professionals in the US and Europe. His most recent lectures focus on deanonymizing chat and digital currency transactions. One hour and full day programs are available via webinars and on-site presentations.
Kenny Toth, April 5, 2018
-
- Subscribe to Beyond Search
Feature archive
News archive
-
