March 21, 2017
Journalist William Langewiesche at Vanity Fair presents the storied career of a hacker-turned-security expert, whom he pseudonymously calls Opsec, in the extensive article, “Welcome to the Dark Net, a Wilderness Where Invisible World Wars are Fought and Hackers Roam Free.” The engaging piece chronicles the rise of the Dark Web alongside Opsec’s cyber adventures, which began when he was but a child in the late ’80s. It also clearly explains how some things work on and around the Dark Web, and defines some jargon. I would recommend this article as a clear and entertaining introduction to the subject, so readers may want to check out the whole thing.
Meanwhile, I found this tidbit about a recent botnet attack interesting. For background, Opsec now works for a large, online entertainment company. Langewiesche describes an intrusion the security expert recently found into that company’s systems:
The Chinese [hacking team] first went into a subcontractor, a global offshore payment processor that handled credit-card transactions, and then, having gained possession of that network, quietly entered the Company through a legitimate back door that had been installed on the Company’s network to administer consumer accounts. The initial breach was a work of art. The Chinese wrote a piece of customized software purely for that job. It was a one-of-a-kind ‘callback dropper,’ a Trojan horse that could be loaded with any of many malware modules, but otherwise stood empty, and regularly checked in with its masters to ask for instructions. Once inside the network, the Chinese were able to move laterally because the Company, for the sake of operational efficiency, had not compartmentalized its network. …
First, using ‘bounce points’ within the network to further obscure their presence, [the hackers] went after the central domain controller, where they acquired their own administrative account, effectively compromising 100 million user names and passwords and gaining the ability to push software packages throughout the network. Second, and more important, the Chinese headed into the network’s ‘build’ system, a part of the network where software changes are compiled and then uploaded to a content-distribution network for the downloading of updates to customers. In that position they acquired the ability to bundle their own software packages and insert them into the regular flow, potentially reaching 70 million personal computers or more. But, for the moment, they did none of that. Instead they installed three empty callback Trojans on three separate network computers and left them standing there to await future instructions. Opsec and his team concluded that the purpose was to lay the groundwork for the rapid construction of a giant botnet.
Opsec suspects the same payment processor vulnerability was exploited at other companies, as well, as part of a plan to launch this giant botnet as part of a global cyber-war. Considering he only caught the attack due to one small error made by the hackers, the discovery is unnerving. Opsec has his ideas on how to fight such a series of attacks, but he is holding off at the behest of his employer. Officially, at least. See the article for more information.
Cynthia Murrell, March 21, 2017
March 17, 2017
As institutions like banks and law enforcement come to grips with the flow of Bitcoin, another cyber currency is suddenly gaining ground. Bloomberg Technology reveals, “New Digital Currency Spikes as Drug Dealers Get More Secrecy.” The coin in question, Monero, has been around for a couple of years, but was recently given a boost by the marketplace AlphaBay, one of the most popular destinations for buyers of illicit drugs on the Dark Web. In the two weeks after the site announced it would soon accept Monero, the total worth of that currency in circulation jumped to over $100 million (from about $25 million the previous month). Writer Yuji Nakamura explains why a shift may be underway:
Bitcoin, the most popular digital currency in the world with a total value of $9.1 billion, also allows users to move funds discreetly and uses a network of miners to verify the authenticity of each trade. But its privacy has come under threat as governments and private investigators increase their ability to track transactions across the bitcoin network and trace funds to bank accounts ultimately used to convert digital assets to and from traditional currencies like U.S. dollars.
Monero similarly uses a network of miners to verify its trades, but mixes multiple transactions together to make it harder to trace the genesis of the funds. It also adopts ‘dual-key stealth’ addresses, which make it difficult for third-parties to pinpoint who received the funds.
For any two outputs, from the same or different transactions, you cannot prove they were sent to the same person,’ Riccardo Spagni, a lead developer of Monero, wrote by e-mail. Jumbling trades together makes it ‘impossible to tell which transaction, of a set of transactions, a particular input comes from. It appears to come from all of them.
Though Monero has yet to withstand the trials of AlphaBay-level volumes for long, its security features received praise from investor and prominent digital-currency-advocate Roger Ver. As of this writing, Monero is ranked fifth among digital currencies in overall market value. Click here for a list of digital currencies ranked, in real time, by market cap.
Cynthia Murrell, March 17, 2017
March 9, 2017
Here is the story of another successful Dark Web bust. Motherboard reports, “Undercover FBI Agent Busts Alleged Explosives Buyer on the Dark Web.” The 50-year-old suspect was based in Houston, and reporter Joseph Cox examined the related documents from the Southern District of Texas court. We are not surprised to learn that the FBI found this suspect through its infiltration of AlphaBay.; Cox writes:
The arrest was largely due to the work of an undercover agent who posed as an explosives seller on the dark web marketplace AlphaBay, showing that, even in the age of easy-to-use anonymization technology, old-school policing tactics are still highly effective at catching suspects.
According to the complaint, on August 21, an FBI Online Covert Employee (OCE)—essentially an undercover agent—located outside Houston logged into an AlphaBay vendor account they were running and opened an unsolicited private message from a user called boatmanstv. ‘looking for wireless transmitter with detonator,’ the message read. ‘Everything I need to set of a 5 gallon can of gas from a good distance away [sic].’ The pair started a rapport, and boatmanstv went into some detail about what he wanted to do with the explosives.
One thing led to another, and the buyer and “seller” agreed to an exchange after communicating for a couple of weeks. (Dark Web sting operations require patience. Lots of patience.) It became clear that Boatmanstv had some very specific plans in mind for a very specific target, and that he’d made plenty of purchases from AlphaBay before. The FBI was able to connect the suspect’s email account to other accounts, and finally to his place of business. He was arrested shortly after receiving and opening the FBI’s package, so it would appear there is one fewer violent criminal on the streets of Houston.
It is clear that the FBI, and other intelligence organizations, are infiltrating the Dark Web more and more. Let the illicit buyer be wary.
Cynthia Murrell, March 9, 2016
March 3, 2017
Hackers tend to the flock to the Internet’s underbelly, the Dark Web, and it remains inaccessible unless you have a Tor browser. According to the AIRS Association, hacker search engines are a lot easier to access than you think, read about it in “5 Hacker-Friendly Search Engines You Must Use.” The best-known hacker-friendly search engine is Shodan, which can search for Internet connected devices. While Shodan can search computers, smartphones, and tablets the results also include traffic lights, license plate readers, and anything with an Internet connection. The biggest problem, however, is that most of these devices do not have any security:
The main reason that Shodan is considered hacker-friendly is because of the amount and type of information it reveals (like banner information, connection types, etc.). While it is possible to find similar information on a search engine like Google, you would have to know the right search terms to use, and they aren’t all laid out for you.
Other than Shodan some of the other scary search engines are ZoomEye, I2P, PunkSPIDER, and Censys. These search engines range in the amount of data they share as well as their intended purpose, but they all reveal Internet connected devices. Beginners can use these search engines, but it takes a little more than technical know how to get results displayed. One needs to figure out how to use them before you even enter the first search result, because basic keyword will not get you far.
Hacker search engines are a good tool to use to find security breaches in your personal network or Web site. What will prevent most people from using them is the lack of experience, but with only a small amount of learning these search engines in the wrong hands are dangerous.
Whitney Grace, March 3, 2017
March 1, 2017
Law enforcement’s focus on the Dark Web seems to be paying off, as we learn from the write-up, “Finland: Dark Web Drug Operation Exposed” at Hetq, an outlet of the Association of Investigative Journalists. In what was described as Finland’s largest drug bust, authorities seized over a million dollars’ worth of narcotics from a network selling their wares on the Dark Web. We learn:
The network is alleged to have imported €2 million (US$ 2.2 million) worth of drugs between 2014 and 2016, selling them on the dark web site Silkkitie. More than 40 kilograms of powdered narcotics, such as amphetamine, heroin and cocaine, as well as 40,000 ecstasy tablets and 30,000 LSD blotters were smuggled into Finland from the Netherlands and Germany, and then sold on the site. …
As part of the investigation, customs officers in April seized at least €1.1 million worth of heroin, cocaine, methamphetamine, MDMA and ecstasy in the coastal town of Kustavi. The same month, police arrested three Finnish citizens.
The write-up notes that Silkkitie users communicated through encrypted messages under pseudonyms, and that Bitcoin was the currency used. We’re also reminded that Silkkitie, a.k.a. Valhalla, is one of the Dark Web’s most popular drug marketplaces. The Finnish site was launched in 2013.
Cynthia Murrell, March 1, 2017
February 22, 2017
What is known as the Dark Web has a fair amount of myth surrounding it, thanks to a sensationalized name and a few high-profile media stories. Tech Republic shared an article called, Four misleading myths about the Dark Web, attempting to shine light on some of the common fallacies. In summary, the Dark Web is not necessarily anonymous, it’s not very difficult to access, it’s not all nefarious activity, and there is support for businesses and organizations seeking protection from and prevention of cybertheft and security breaches. The article explains,
The biggest mistake businesses large and small can make regarding the Dark Web is to pretend it doesn’t exist. After the FBI took down the Silk Road, dozens of other niche markets took its place. With a slick interface and well organized ecommerce-like storefront, AlphaBay, one of the largest black markets on the Dark Web, makes shopping for stolen credit card data a breeze. Fortunately for companies, there’s no need to track the Dark Web alone. One technology in particular, Matchlight by Terbium Labs, helps business monitor and locate stolen Dark Web data like stolen source code, employee social security numbers, and other proprietary trade documents.
The Dark Web has become almost synonymous with Tor, the seemingly most popular way to access it. Tor has actually been used since the 1990’s by members of the intelligence community; it was developed by the US Naval Research Laboratory. While over the last decade or so, Tor has been surrounded by media coverage about drugs and crime, it will be interesting to see if the coverage shifts — or increases — because of emerging technologies such as Matchlight.
Megan Feil, February 22, 2017
February 14, 2017
A feature article on CNN recently provided some background on Dark Web marketplaces. Entitled Inside the illegal online weapons trade, this piece shares the story of Michael Andrew Ryan. Ryan adopted the moniker gunrunner and opened up a gun sales business on the Dark Web while based in a small town in Kansas. Dark Web trading statistics are tough to pinpoint. However, in comparison with other illegal online trading, gun sales on the Dark Web are less than 3% according to a Carnegie Mellon professor and researcher. The author writes,
By the way, it’s entirely legal to buy guns online in the U.S. — although the process is more complicated, depending on various factors. Nonetheless, the ATF said it’s taking enforcement to a new level by creating an Internet Investigations Center aimed at combating illegal online gunrunners. The center includes federal agents, legal counsel and investigators. Their job: track illegal online firearms trafficking and feed intelligence to agents in the field. It’s a gigantic task, which aims to hit a constantly moving target.
While we will not comment on the sensationalizing and dramatizing of the Dark Web through Ryan’s story, we can say found the concluding remarks above to be helpful. This presents a good picture of the interconnectivity between multiple layers of law enforcement. It also hints at a need for technology upgrades in this cybersecurity arena.
Megan Feil, February 14, 2017
February 13, 2017
Have you ever heard of dark pools? You may be hearing more about them as Bitcoin pioneer Jered Kenna and TradeZero offer digital currency dark pool trading. According to this International Business Times article, these two have created the world’s first dark pool exchange for Bitcoin. Their plan is to eventually scale to include other digital currencies. What is a dark pool? It is a private exchange to trade securities in a way where large transactions can occur without impacting the marketing. This means it can be used to avoid adverse price movements. We learned,
The Bitcoin market is less liquid than traditional FX and hence more volatile. Dark pool trading in Bitcoin would be useful to mainstream investors who may want to make large trades in Bitcoin, or use it as a currency hedge without alerting the market to their positions. Kenna, who launched the first US Bitcoin exchange in 2011, brings a wealth of experience to the table. He told IBTimes UK: “Dark pool trading certainly mitigates volatility where individuals making large trades are concerned.
Apparently, the size of the trade one would need to impact the Bitcoin market in is much smaller than what traditional traders experience. Jared Kenna appears to be projecting the future of Bitcoin, and non-traditional currencies in general, to explode. Why else would there be such a need for this kind of service? This is something we will be keeping an eye on, especially as it may come to be more interconnected with Dark Web matters.
Megan Feil, February 13, 2017
February 10, 2017
Business is apparently booming for Dark Web drug sales. Business Insider published an article that reports on this news: An in-depth new study shows that the online market for illegal drugs is skyrocketing. The study conducted by RAND Europe found the number of transactions on illegal drug sites has tripled since 2013, and revenues have almost doubled. Apparently, most of the shipping routes are within North America. The article tells us,
Elsewhere in the study, researchers found that wholesale transactions (which it categorised as sales worth over $1,000 [£770]) generated a quarter of total revenue for drug marketplaces. That figure was unchanged between 2013 and 2016, though. Cannabis was the most popular drug globally, making up 33% of drug marketplace transactions. But the report looked at sales to Holland specifically and found that it only made up 17% of transactions there. That’s likely because the sale of cannabis is legal in the country through licensed venues, reducing the need for people to use illegal online stores.
The year 2013 carries meaning because it was in fall 2013 that the Silk Road was shut down. This study suggests its closure did not eliminate Dark Web drug sales. As the article alludes to, as cannabis laws may or may not change in the United States, it will be interesting to see how this affects Dark web use and marketplace sales.
Megan Feil, February 10, 2017
February 7, 2017
Some articles about the Dark Web are erring on the side of humor about it’s threat-factor. Metro UK published 12 scary things which happen when you go on the ‘Dark Web’, which points out some less commonly reported happenings on the Dark Web. Amongst the sightings mentioned were: a German man selling pretzels, someone with a 10/10 rating at his carrot (the actual vegetable) marketplace, and a template for creating counterfeit Gucci designs. The article reports,
Reddit users shared their stories about the ‘dark web’ – specifically Tor sites, invisible to normal browsers, and notorious for hosting drug markets and child pornography. Using the free Tor browser, you can access special .onion sites – only accessible using the browser – many of which openly host highly illegal content including pirated music and films, drugs, child pornography and sites where credit card details are bought and sold.
While we chose not to summarize several of the more dark happenings mentioned by Redditors, we know the media has given enough of that side to let your imaginations run wild. Of course, as has also been reported by more serious publications, it is a myth that the Dark Web is only filled with cybercriminals. Unless pretzels have qualities that have yet to be understood as malicious.
Megan Feil, February 7, 2017