DarkCyber for July 23, 2019, Now Available

July 23, 2019

DarkCyber for July 23, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/349282829. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s DarkCyber reports about Australia’s use of its anti-encryption law; tools for video piracy, a profile of SearchLight Security’s Cerberus system, and where to get information needed to join a Dark Web forum.

This week’s lead story concern easily findable software to facilitate video piracy and streaming. A report in TorrentFreak presents information from an unnamed source. This individual allegedly has been involved in video piracy and streaming for an extended period of time. The individual provides specific information about some of the software needed to remove digital rights management protections from commercial, copyrighted video content. The DarkCyber research team was able to locate software designed for the same purpose. No Dark Web and Tor were required. More significantly, these programs can be located by anyone with access to a browser and a Web search engine like Bing, Google, or Yandex. DarkCyber’s research has revealed that industrialized crime is now playing a larger role in streaming stolen video content.

Other stories in the July 23, 2019, program are:

First, Australia’s anti encryption law is now being put to use. The new regulations were used in the warrant to obtain content from a journalist. Australia is a member of the Five Eyes confederation. Australia’s law requires companies to cooperate with law enforcement and provide access to encrypted and other secured information. Canada, New Zealand, the United Kingdom, and the United States are likely to have elected officials who will seek to implement similar laws. News organizations in Australia perceive such laws as a threat.

Second, DarkCyber profiles a company founded in 2017 focused on providing law enforcement and intelligence professionals with an investigative tool. The company indexes a range of content, including forums, Dark Web sites and services, and social media content. Plus the company has created an easy-to-use interface which allows an investigator or analyst to search for a person of interest, an entity, or an event. The system then generates outputs which are suitable for use in a legal matter. The company says that use of its system has grown rapidly, and that the Cerberus investigative system is one of the leaders in this software sector.

Finally, DarkCyber provides information about a new report from IntSights, a cyber-intelligence firm. The report includes information which helps an individual to gain access to “cracker” forums and discussion groups which examine topics such as credit card fraud, money laundering, contraband, and similar subjects. The video provides the information required to download this report.

DarkCyber videos appears each week through the September 30, 2019. A new series of videos will begin on November 1, 2019. Programs are available on Vimeo.com and YouTube.com.

A new series of DarkCyber begin in November 2019.

Kenny Toth, July 23, 2019

Google: Hunting for Not Us

June 26, 2019

There was a dust up about song lyrics. As I recall, the responsibility did not fall upon the impossibly magnificent Google shoulders. A supplier may have acted in a manner which some “genius” thinks is a third party’s problem. Yep, a supplier.

I just read “Tracing the Supply Chain Attack on Android.” The write up explained that malware with impossible to remember and spell names like Yehuo found its way on to Android phones via the “supply chain.” I don’t know much about supply chains, but I think these are third parties who do work for a company. The idea is that someone at one firm contracts with the third party to perform work. When I worked as a “third party,” I recall people who were paying me taking actions; for example, texting, visiting, emailing, requiring me or my colleagues to attend meetings in which some of the people in charge fiddled with their mobile devices, and fidgeted.

The write up digs through quite a bit of data and reports many interesting details.

However, there is one point which is not included in the write up: Google appears to find itself looking at a third party as a bad actor. What unites the “genius” affair and the pre installed malware.

Google management processes?

Yes, that’s one possible answer. Who said something along the lines that if one creates chaos, that entity must address the problems created by chaos?

But if a third party did it, whose problem is it anyway?

Stephen E Arnold, June 26, 2019

DarkCyber for June 18, 2019, Now Available

June 18, 2019

DarkCyber for June 18, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/342544814.

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up covers: A next-generation content processing system funded by In-Q-Tel; Dark Web scans for personal information; a new spin on Crime as a Service tuned to steal financial data; Canada’s prisons get a drone detection systems; and the FBI Vault adds additional Clinton email data.

This week’s feature is a review of Forge.ai’s content processing system for law enforcement and intelligence applications. The system converts open source and other data into “structured intelligent event event feeds.” Unlike many commercial content processing and intelligence systems, Forge.ai is designed to handle data flows of virtually any size and perform processing in real time. The company recently received the support of In-Q-Tel, the CIA’s investment unit. Lt. General John Mulholland is accepted a position on Forge.ai’s board of advisers. General Mulholland was the deputy commander of Special Operations command and also served at the CIA.

Other stories in this week’s DarkCyber video news program are:

First, Dark Web scans to find personal information are advertised on television. DarkCyber looks at some of the methods used by vendors who offer free or low-cost scans of the Dark Web for PII or personal identification information. DarkCyber reports that many services do not deliver comprehensive results. There are specialized services available to law enforcement and intelligence professionals, but most of these are not available for public use.

Second, crime-as-a-service or CaaS continues to improve. Malware from two different sources have evolved into a symbiotic relationship. The Gazorp tool makes it easy to customize malware known as Azorult. Despite the odd names, the one-two punch facilitates the use of these tools by an individual or group of individuals without deep technical expertise. Gazorp is offered without charge, but the value of the software opens the door to monetization. Other bad actors are likely to build on the CaaS approach of Gazorp’s and Azorult’s developers and users.

Third, in this week’s drone news, DarkCyber reports that Version 2, a Canadian company, will deploy a drone detection system as six of Corrections Canada’s prisons. Drones have been sued to drop contraband into correctional facilities. Some drone have delivered drugs, mobile phones, and McChicken sandwiches to inmates. Donnacona, one of Canada’s most secure facilities, will be among the first group of institutions to receive the new technology in early 2020.

Finally, DarkCyber provides information so that a viewer can download more than 400 pages of information related to Hillary Clinton’s email. The collection of documents is available in the Federal Bureau of Investigation’s Vault service. Manual review of the documents is recommended. Some media reports have not presented a comprehensive picture of the information in this most recent release of information.

DarkCyber video news is a weekly program. It contains no advertising, and it is designed for law enforcement, security, and intelligence professionals interested in software, new developments, and investigative innovations. New programs become available on Tuesday of each week. Programs are available via YouTube and Vimeo.

Kenny Toth, June 17, 2019

Cyber Tools Diffuse Globally

June 16, 2019

Ever heard of Project Raven? Probably not, unless you are an enemy of United Arab Emirates (UAE). This team of highly-skilled hackers was made up of former NSA spies working for the Middle Eastern monarchy. But when they were asked to spy on fellow Americans, the story broke wide open, as we discovered in a recent NewsMax story, “Former NSA Cyberspies Reveal How They Helped Hack Foes of UAE.”

According to the story:

“Surveillance techniques taught by the NSA were central to the UAE’s efforts to monitor opponents. The sources interviewed by Reuters were not Emirati citizens…The operatives utilized an arsenal of cyber tools, including a cutting-edge espionage platform known as Karma, in which Raven operatives say they hacked into the iPhones of hundreds of activists, political leaders and suspected terrorists.”

This may seem like an oddity, a bunch of cyberspies working for a rich country, potentially against the best intents of America, but it’s not. There has been a strange rash of intelligence issues like this recently, such as the Air Force officer who defected to Iran with damaging information. Is this a growing trend or just an odd sequence of events?

Patrick Roland, June 16, 2019

LookingGlass Threat Map

June 11, 2019

You may want to check out an interesting approach to marketing as practiced by a cyber intelligence firm. And if you are curious about threats posed by exploits, malware, and other cyber weapons, you will want to examine the LookingGlass Threat Map. The display shows attacks (attempted and successful). If you put your mouse on the map, you can display threats by region. The map is zoomable, so you can obtain information about target of the attack; for example, attacks in Italy. Click on a dot and information about the attack is displayed in a pop up window.

image

The map also displays a moving real time graph of attacks per second. DarkCyber found the scrolling list of attack types particularly interesting. One can see that the Sality variants are one of the more popular attacks at this time (Tuesday, June 11, 2019, 0603 US Eastern time).

The threat map provides graphs as well; for instance:

image

I discuss some of LookingGlass’ capabilities in my Dark Web 2 lectures. For more information about LookingGlass, navigate to the company’s Web site. The Sality exploit exists in variants. The software has been available for many years. It exploits the bad actors’ best friend: Microsoft Windows. After 16 years and numerous variants, one could ask the question, “What’s up with this, Microsoft?”

I won’t ask that question because I address Microsoft’s ball fumbling in the DarkCyber video for June 11, 2019.

Stephen E Arnold, June 11, 2019

DarkCyber for June 4, 2019, Now Available

June 4, 2019

DarkCyber for June 4, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/339717881 .

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: A look at SafeSkyHacks; cyber crime data from the Global Drug Survey; bad actors shift to closed chat service; the real threat of GozNym malware; LookingGlass and GoldmanSachs announce cyber intelligence deal.,

This week’s feature is a look at the broader implications of the GozNym malware. This series of attacks netted the bad actors more than $100 million from 41,000 businesses and financial institutions. The malware was a combination of code, operating by deploying numerous exploits. As damaging as GozNym was, it signals a phase change in how modern digital attacks operate. DarkCyber identifies three key characteristics of GozNym. First, it was a multi-national force. Second, the hackers met and communicated via social media and chat. Third, the hackers operated like Amazon the AWS cloud, offering Crime as a Service. Attackers needed little or no technical expertise.

Stephen E Arnold, producer of DarkCyber and author of “The Dark Web Notebook,” said in his lecture on June 4, 2019, at the TechnoSecurity & Digital Forensics Conference: “The law enforcement crackdown on the Dark Web has been effective. The unanticipated consequence has been a shift to decentralized operations delivering Crime as a Service.” Point-and-click is now point-and-attack.”

Other stories covered in the June 4, 2019, DarkCyber video include:

First, a review of the software and services available on a hacker forum available to anyone with a standard browser. SafeSkyHacks provides free information about hacking, stolen data sets, and information about exploits. A members-only section of the Web site makes it possible to locate hackers with specific skills, services, software, and data. The DarkCyber video segment takes a close look at the profile posted by one of SafeSkyHack’s’ members. Hackers offer a number of services which may cross the boundary between general information and illegal activity.

Second, the Global drug survey for 2019 contains a wealth of information about the illegal use of narcotics available from the Dark Web and other sources. DarkCyber extracts items which reveal the countries which are now experiencing sharp increases in the use of controlled substances. The United States, for example, is at the top of the list of countries for opioid abuse. Another significant finding in the 2019 report links drug abuse with sexual assault. Assaults often happen when other people are nearby and reports of these attacks are rarely, if ever, reported to the police.

Third, DarkCyber reports about Stephen E Arnold’s remarks about the technology being adopted by bad actors. With information about distributed system widely available and the willingness of criminal elements to pay as much as $1 million for technical talent, law enforcement faces a new challenge. Services like illegal online gambling and video streaming services are becoming difficult to stop. When authorities seize one server, the bad actors deploy a replacement system at a different hosting location with a different Internet address. The new location for the illegal service is disseminated via closed chat and online forums. Often the access information is available on public content hosting sites like Pastebin.com. In some countries, the technical resources needed to disable an illegal online service structured like Netflix is a new challenge.

The final story is a report about the transfer of GoldmanSachs’ Sentinel cyber security software to LookingGlass, a cyber intelligence firm. Terms of the deal were not disclosed. LookingGlass is likely to integrate the Sentinel system into the LookingGlass services for financial institutions. Sentinel was recognized for excellence by the US Department of Homeland Security.

Kenny Toth, June 4, 2019

DarkCyber for May 28, 2019, Now Available

May 28, 2019

DarkCyber for May 28, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at  https://www.vimeo.com/338518927. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: The Offensive Community hacking Web site; malware requires no user action to seize mobile phone data; Dutch police deal with prisoner monitoring failure; a snapshot of Cobwebs Technologies’ investigative software; and China’s Great Firewall burns Wikipedia.

This week’s feature provides information about hackers for hire on the regular Internet, no Dark Web surfing required. The Offensive Community Web sites offers a classified advertising service. Hackers can post their capabilities in order to attract customers. The information on the site references a range of exploits which can be used for positive as well as illegal activities. Forums provide information and sources for botnets, keyloggers, remote access controls, specialized scripts, and related functions.

Other stories covered in the May 21, 2019, DarkCyber video include:

First, malware, allegedly developed by a specialist vendor supporting government customers, can compromise a mobile phone. What makes this alleged exploit notable is that the standard way of placing malware on a user’s device is to require that the user click a link or take some other action. That action allows the attacker to place the exploit on the user’s phone. The new approach requires only that the target has Facebook’s WhatsApp installed. The attacker places an in app voice call to the target. The exploit automatically uses a programming error in WhatsApp to compromise the target’s phone. The method was allegedly used to track the journalist Jamal Khashoggi. The fact that this method is no longer secret provides sufficient information to ensure that other bad actors will seek to emulate this technique.

Second, a botched software update in the Netherlands disabled prisoner ankle bracelets. These devices are used to monitor prisoners under house confinement. When these devices go offline, the monitored individual can flee the country or return to his or her pre-arrest activities. The Dutch police experienced a similar outage in 2018 when the mobile phone system used to transmit data went down. The modern ankle bracelet includes the tracking technology, but can also include two-way communications, alcohol level monitoring, and anti-removal technology. There are videos allegedly showing how one removes these devices, but tampering with the devices typically leads to additional charges.

Third, DarkCyber provides a profile of the basic functions available in the investigative software developed by Cobwebs Technologies. This is an Israeli startup which allows a user to extract actionable information from open source content. The tools available include a search and retrieval system and analytics. Data can be displayed in a visual format, including maps. DarkCyber’s overview includes examples of the interface and analytic reports.

Finally, China’s Great Firewall has blocked Wikipedia, the online encyclopedia. The online information service publishes content in numerous languages, and China has blocked every version of the digital encyclopedia. China’s approach to information control is part of a larger effort to maintain order and ensure government control of citizen activity. The process is called “Chinafication,” and the censorship method is influencing other governments’ approach to ensuring civil order.

DarkCyber appears each Tuesday and is available on YouTube, Vimeo, and directly from the DarkCyber news service.

Kenny Toth, May 28, 2019

DarkCyber Video News for May 7, 2019, Now Available

May 7, 2019

DarkCyber for May 7, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/334253067.

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: The use of Telegram for ecommerce; phishing with fake email undergoes a renaissance; Cisco Talos explains a serious attack on foundation servers; a review of weapons for sale on the Dark Web; and a look at advanced autonomous drone technology.

This week’s feature examines a new study about the sale of weapons on the Dark Web. The report explains that handguns are long rifles are for sale on some Dark Web sites. The majority of these weapons are handguns. Only a small percentage of the weapons are automatic rifles. The research comes from three academics involved in criminal justice. The data from the Dark Web were collection in 2016. Because information about the type of weapons offered for sale is limited, the report helps fill this data gap. DarkCyber points out that the Dark Web has undergone some significant changes in the last two years. As a result, the study provides information, but some of it may be outdated.

The May 7, 2019, program also reports on:

First, how Telegram, an encrypted messaging application, can be used to promote and sell certain types of contraband products, services, and data. Messaging technology may be “old school” but Telegram’s features create challenges for enforcement agencies.

Second, phishing and spear phishing are methods for stealing users’ credentials with a long history. Now these techniques are gaining more momentum. DarkCyber reports about a “smart” application which can automate phishing and spear phishing attacks. Unlike commercial specialist tools, the Dark Web phishing kit costs a few hundred dollars, and it features a “fill in the blanks” approach to these malicious attacks.

Third, Cisco’s cyber security unit Talos has published a detailed report about a denial of service attack on core Internet systems. There are 13 foundation or core servers which facilitate domain name services. One of these has been the focus of a digital assault by a bad actor, possible supported by a nation state. The denial of service method relies on a series of nested malware programs. The attack makes use of misdirection and several different methods designed to compromise a foundation server. If such an attack is successful, other types of malicious activity is simplified for the bad actors.

Finally, DarkCyber responds to a viewer’s request for an update on advanced autonomous drone technology. DarkCyber provides a look into the future of US drone capabilities.

Kenny Toth, May 7, 2019

DarkCyber for March 19, 2019, Now Available

March 19, 2019

DarkCyber for March 19,2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/324801049.

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cyber crime, and lesser known Internet services.

This week’s story line up includes: Google search blockchain data; emojis puzzle lawyers; NATO soldiers fooled by social media come ons; big paydays for hackers; Dark Web search for marketers; and Iran’s hacker army

This week’s feature looks at the Beacon Dark Web search system. Developed by Echosec Systems in Canada, Beacon provides search and analytics for those interested in tracking brands, companies, and people in Dark Web content. The system’s developers enforce a code of behavior on licensees. If Echosec determines that a user violates its guidelines, access to Beacon will be cut off. Echosec offers a number of powerful features, including geofencing. With this function it is possible to locate images of military facilities and other locations.

The second feature in this week’s video focuses on Iran’s cyber warfare activities. One key individual—Behrooz Kamalian—has been maintaining a lower profile. Those whom he has trained have been suspected of participating in online gambling activities. Kamalian himself, despite his connections with the Iranian government, served a short stint in prison for this allegation. Iran has one of the large cyber warfare forces in the world, ranking fourth behind Russia, China, and the US.

The “Cybershots” for this week include:

  • Google has made available a search engine for blockchain data. Those skilled in blockchain and digital currency transactions may be able to deanonymize certain aspects of a transaction.
  • Emojis which carry meaning are creating issues for lawyers and eDiscovery systems. The colorful icons’ meaning are not easily understood.
  • A social media test for NATO soldiers’ resistance to online tricks was completed by central command. The result was that soldiers can be easily tricked into revealing secret information.
  • Organize hidden Web criminals are paying up to $1 million a year in salary and providing benefits to hackers.

A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cyber crime, Dark Web, and company profiles are now appearing on a daily basis.\

Kenny Toth, March 19, 2019

DarkCyber for March 12, 2019, Now Available

March 12, 2019

DarkCyber for March 12, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/322579803 ,

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cyber crime, and lesser known Internet services.

This week’s story line up includes: Cellebrite devices for sale on eBay; emojis can activate app functions; and sources selling bulk personal data.

The feature this week discusses speech analysis. Reports have surfaced which reveal that some US correctional facilities are building databases of inmates’ voice prints. The news appeared coincident with rumors that the US National Security Agency was curtailing its voice collection activities. Companies like Securus Technologies provide tools and services related to prison telephone and unauthorized mobile device use. The Securus Investigator Pro has been available and in use for almost a decade. Voice print technology which is analogous to a digital fingerprint system makes it possible to identify those on a call. Inclusion of behavioral tags promises to make voice print systems more useful. With a tag for the caller’s emotional state, investigators can perform cross correlation and other analytic functions to obtain useful information related to a person of interest.

Links are provided to explanations of Amazon’s policeware system which can be used to perform these types of analytic operations.
The final story provides a snapshot of a 100 page field manual about online deception. Published by the US Army, this document is a comprehensive review of systems and methods for military use of deception in an online environment. Checklists and procedural diagrams make clear why social media operations are successful in civilian and military contexts. The DarkCyber video includes a link so viewers can download this unclassified publication.

Kenny Toth, March 12, 2019

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta