DarkCyber for September 18, 2018 Now Available

September 18, 2018

DarkCyber for September 18, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/290147202 . 

This week’s DarkCyber video news program covers … Bitfury’s deanonymization service and its unusual sales approach… the loss of UK law enforcement laptops… facial recognition for law enforcement challenged by tech company employees… and X1 and its eDiscovery system with Dark Web content support.

The first story explains that Bitfury, a UK company with an interesting staff line up, offers digital currency deanonymization services. The company’s approach to sales, however, is unusual. Specifically, the company refused to explain its services at a recent law enforcement conference. DarkCyber continues to recommend that agencies interested in digital currency deanonymization look at services available from Chainalysis and Elliptic, two companies which do explain their services to security and enforcement officials.

The second story reports that UK media pointed out that in one year, UK law enforcement lost 60 laptops. With tens of thousands of officers and operators, DarkCyber states that the alleged problem is blown out of proportion. Bad actors attempt to obtain laptops, mobiles, and other computing devices in order to compromise investigations. DarkCyber asserts that the loss of 60 laptops illustrates the good job UK authorities do with regard to preventing loss of laptops.

The third story describes the Amazon DeepLens system. In addition to explaining how this Amazon camera integrates with Amazon’s machine learning and analytics subsystems, DarkCyber reports that neither Amazon, IBM, or any other US company was able to sell their technology to Ecuador. That country purchased a state-of-the-art Chinese developed system. With employee pushback against their employers’ work for the US government, US facial recognition technology may find itself at a disadvantage with regard to technical development and system innovation.

The final story covers the X1 eDiscovery system for social content. The X1 technology can now acquire and process social media information as well as some Dark Web content. Instead of directly scraping Dark Web sites, the X1 method relies on the Tor2Web.org service. The new product costs about $2,000 per year. DarkCyber explains where to download a 14-day free trial.

Kenny Toth, September 18, 2018

DarkCyber for September 11, 2018, Now Available

September 11, 2018

DarkCyber for September 11, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com .

Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.

This week’s program covers four Dark Web and security related stories.

The first story reports that cybercrime has increased by 32 percent in the first quarter of 2018 compared to the first quarter of 2017. The most popular malware is for covert crypto currency mining and for Trojan software that can entice a user to download a document or video. DarkCyber reveals an easy way to locate malware using Bing.com and the Pastebin.com service. The easy access to potentially harmful software presents an increasing risk for many Internet users.

The second story explains that a citizen attempted to research a Dark Web murder-for-hire site. After engaging law enforcement, the individual used malware to create a disturbance on the Dark Web site. What happened next surprised the citizen hacker. The police picked up the individual and held him for 36 hours. The incident makes clear that law enforcement has the technical capabilities to monitor Dark Web access and identify individuals who perform certain online actions. The Dark Web and access to it can present some interesting challenges to those who assume that the Dark Web access is secret.

The third story explores the capabilities of SpyCloud, a fast-growing start up based in Austin, Texas. The company has amassed billions of items of information related to passwords, users names, and other types of high-value information. The firm’s system makes it possible for the company to identify a data security problem, often before it poses a problem for the organization. The company recently raised an additional $5 million in Series A funding, bringing the total funding to about $8 million.

The final story reports that the Australian government wants access to computing devices protected by a password. Pending legislation provides for a sentence of 10 years in jail for an individual who refuses to comply with a government request to unlock devices or decrypt encrypted data.

Kenny Toth, September 11, 2018

The Organization Of The Dark Web

September 7, 2018

The Internet is a sprawling, unorganized digital expanse, while the Dark Web is smaller, underground, unorganized trailer court.  Because it is smaller, it is easier to create a Dark Web map.  The Recorded Future took on the endeavor and described the Dark Web’s structure in: “Dark Networks: Social Network Analysis Of Dark Web Communities.

While the Dark Web is considerably smaller than the Internet it is quite big and there is a huge amount of data that cannot be classified.  Using social network analysis, Recorded Future found three distinct Dark Web communities:

“We found three distinct communities of actors in dark web and special-access sites: low-tier underground forums, higher-tier dark web forums, and dark web markets. These three clusters line up with our expert intuition of the dark web, appearing almost as if no other sensible organization is possible in retrospect. Additionally we found notable cross-posting between low-tier and higher-tier forums. The results of this research are directly reflected in Recorded Future’s product and ontology. This new categorization helps security teams obtain targeted, relevant dark web intelligence, facilitates their understanding of threats, and opens a window into the methods, tactics, and motivations of threat actors.”

The next part of the article explains how Recorded Future collected its data and discovered patterns between the three tiers.  From the gathered data, they made visualizations of the connections between the tiers.  The visualizations yielded more information about the communities, including that the low-tier underground forums are free, open access, and house the novices.  The higher-tier Dark Web forums are restricted through a vetting process, sites are hosted on Tor, and experienced criminals and Dark Web markets are generally open, because they are selling services.

The Dark Web has various levels and interconnections between the three tiers.  There are restricted communities that overlap with each other and there is a huge commerce section.  It sounds like the regular Internet, except it deals in illegal services and goods. Google, along with In-Q-Tel, was an early investor in Recorded Future.

Whitney Grace, September 7, 2018

DarkCyber for September 4, 2018, Now Available

September 4, 2018

DarkCyber for September 4, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/287783314.

Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.

This week’s program covers three Dark Web and security related stories.

The first story addresses Gephi, an open graph visualization platform. Unlike Excel, Gephi is a platform. The software system can be a useful complement to blockchain deanonymization tasks. An analyst can perform link analysis; that is, what hyperlink or item leads to another. The Gephi One feature allows the user to turn a graphical representation and explore it in three dimensions. A user can interact with the data, drilling down into a cluster or popping up one or more levels to see how a particular item relates to a broader grouping of data. The system can manipulate up to one million nodes and edges. Some commercial tools struggle to deal with more than a handful of nodes and edges. The video includes a link at which Gephi can be downloaded.

The second story describes a vehicle tracking and surveillance innovation called Zoomed. Developed by Cameroonia computer whiz Zuo Bruno, the system does not require the Internet. Instead, Zuo Bruno devised a system which operates via SMS. Once the device is placed in a vehicle, the location of the vehicle can be determined by placing a mobile call to the Zoomed device. The device drops the call and messages the location and other data of the vehicle. The Zoomed technology can perform other functions as well; for example, the audio in the vehicle can be recorded and the vehicle can be disabled.

The third story describes a free account takeover alerting service or ATO from Truthfinder. The idea is that after a person registers for the service, Truthfinder will notify that individual when his personal information is discovered by the monitoring service. DarkCyber explains how to sign up for the service and how to disable the notifications if they become a burden.

Kenny Toth, September 4, 2018

WhatsApp Veering Closer to Traditional Social Media

August 29, 2018

Next week, the publisher of Beyond Search and producer of DarkCyber (Stephen E Arnold) will be delivering a lecture in Washington, DC. The subject? The “new” Dark Web. Encrypted chat is becoming the go to system for certain types of information and product / service transactions.

What’s the angle?

The meteoric rise of group text and chatting tool, WhatsApp, has been well documented. In a world of tangled social media webs, this seemed like a smaller, more concentrated way to get updates from friends and family. However, the app has made some recent additions that may take it more toward the Facebooks and Twitters of the world. We learned more in a recent Make Use Of story, “The Best New WhatsApp Features You Might Have Missed.”

Among the new tools:

“Catch-up: A new @ button appears at the bottom right corner of the chat when you’ve been mentioned by someone, or if someone has quoted you, while you were away. It’s easier to catch up on something you might have missed.

“Protection From Re-Adding: WhatsApp groups don’t need your consent to add you to a group. Now, if you leave that group, an admin can’t just add you back immediately.”

In addition, there are search features and tools for deleting messages. It should come as no surprise that the program’s co-founder is a former (technically current) Facebook employee. Is this a step toward becoming a more direct competitor of the social giant? But encrypted chat has larger implications. If you are in DC, write Stephen at darkcyber333 at yandex dot com. You might be able to set  up a short meet up at a physical coffee shop. No chat required.

Patrick Roland, August 29, 2018

DarkCyber for August 28, 2018, Now Available

August 28, 2018

DarkCyber for August 28, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/286743860.

Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.

This week’s program covers five Dark Web and security related stories.

The first story address Microsoft’s acquisition of Hyas, a Canadian cyber intelligence company. DarkCyber believes that Microsoft is making an effort to close the gap between its cloud capabilities and those of Amazon. Policeware appears to be a key strategic capability of Amazon, and Microsoft has found that more than in-house innovation may be necessary to close the gap. Stephen E Arnold, producer of DarkCyber and author of CyberOSINT (2017) said: Amazon’s policeware has helped the company make progress with its US government cloud services. Microsoft’s acquisition of Hyas adds an important cyber analytic capability to the Azure system.”

DarkCyber reports the newly-released details about two Dark Web operations. The Dutch police methods used to take down the Hansa contraband-focused ecommerce site complements new information about the arrest of eight individuals involved with the Rex Mundi hack-and-extort spin on ransomware. Both operations involved investigators from multiple countries, advanced analytics, and traditional investigative techniques. The success of these two operations makes clear that use of software to create hidden Internet sites and services is not as effective as some individuals believe.

DarkCyber reports that draft legislation in Australia may be a different way to force companies to provide decryption backdoors to messaging applications. The Australian government can request decryption assistance or decryption keys. If the company does not comply, the firm may be fined up to seven million dollars for each failure to cooperate. The proposed legislation is accepting public comments and further action will be taken on this proposal later this year.

The final DarkCyber report shares some findings from a yet-to-be-released report about the Asian Dark Web. The report is a work product of IntSights, a cyber intelligence firm. The key finding in the report is that each country takes a unique approach to the Dark Web. Cultural considerations require the use of the country’s language and the jargon used to prevent outsiders from making sense of the content.

Kenny Toth, August 28, 2018

DarkCyber for August 21, 2018 Now Available

August 21, 2018

The DarkCyber video news program for August 21, 2018, is now available. You can view the nine minute show at www.arnoldit.com/wordpress or on Vimeo at this link.

This week’s program reports about Methods for hacking crypto currency … hijacking mobile phones via SIM swapping… TSMC hacked with an Eternal Blue variant… and information about WikiLeaks leaked.

The first story runs down more than nine ways to commit cybercrime in order to steal digital currency. A student assembled these data and published them on a personal page on the Medium information service. Prior to the step by step explanation, ways to exploit blockchain for the purpose of committing a possible crime was difficult to find. The Dark Cyber video includes a link to the online version of this information.

The second story reviews the mobile phone hacking method called SIM swapping. This exploit makes it possible for a bad actor to take control of a mobile phone and then transfer digital currency from the phone owner’s account to the bad actor’s account. More “how to” explanations are finding their way into the Surface Web, a trend which has been gaining momentum in the last six months.

The third story reviews how a variant of the Eternal Blue exploit compromised the Taiwan Semiconductor Manufacturing Company. Three of the company’s production facilities were knocked offline. Eternal Blue is the software which enables a number of ransomware attacks. The code was allegedly developed by a government agency. The DarkCyber video provides links to repositories of some software developed by the US government. Stephen E Arnold, author of Dark Web Notebook, “The easier and easier access to specific methods for committing cybercrime make it easy to attack individuals and organizations. On one hand, greater transparency may help some people take steps to protect their data. On the other hand, the actionable information may encourage individuals to try their hand at crime in order to obtain easy money. Once how to information is available to hackers, the likelihood of more attacks, exploits, and crimes is likely to rise.”

The final story reports that WikiLeaks itself has had some of its messages leaked. These messages provide insight into the topics which capture WikiLeaks interest and reveal information about some of the source of support the organization enjoys. The Dark Cyber video provides a link to this collection of WikiLeaks messages.

Stephen E Arnold will be lecturing in Washington, DC, the week of September 6, 2018. If you want to meet or speak with him, please contact him via this email benkent2020 at yahoo dot com.

Kenny Toth, August 21, 2018

DarkCyber for August 14, 2018, Now Available

August 14, 2018

DarkCyber for July 24, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/284579347 .

Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.

This week’s program covers four Dark Web and security related stories.

The first story presents data about online drug sellers. The estimated number of vendors is in the 30,000 to 50,000 range. DarkCyber points out that such data are likely to be uncertain. Estimates of online sources for controlled substances are based on difficult-to-verify data. DarkCyber reports that as many as one half of the prescription drugs sold online may be fakes.

The second story reports that the Dark Web is changing. The shift from Tor-centric Web sites to encrypted chat and messaging systems is underway. Encrypted chat complicates the work of law enforcement and intelligence professionals. Plus, encrypted chat sessions can trigger mob actions which can spiral out of control and without warning. A lynching in India may be the direct result of forwarded encrypted chat messages.

The third story provides a snapshot of the NC4 policeware system Street Smart. A popular US magazine referenced the company without providing details about the system and its functions. DarkCyber explains that information about the software system are available on the NC4 Web site and in videos publicly available on YouTube.

The final story explains how 3D printing makes it comparatively easy for an individual to create what is called a “ghost gun.” The 3D printed weapon does not have an identification number, so tracing the gun is difficult. DarkCyber points out that copyright issues and regulations concerning the manufacture of weapons will consume time, money, and human resources.

Kenny Toth, August 14, 2018

DarkCyber for August 7, 2018, Now Available

August 7, 2018

This week’s DarkCyber video news program is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/user77362226/ .

DarkCyber covers news related to the Dark Web and lesser known Internet services. The program is produced and hosted by Stephen E Arnold, author of CyberOSINT and the Dark Web Notebook.

This week’s program includes four stories.

The first story reviews how hardware devices can be used by an individual to compromise an organization’s computers, servers, and network. The video illustrates how a normally appearing wristwatch can transfer malware to a computer or server. The video also explains how cufflinks which are housing for men’s cufflinks can evade a physical security inspection. The object is to make clear that an insider with physical access to computing devices can compromise those devices in a matter of minutes. Stephen E Arnold said: “Anyone with access to a computer within an organization can easily create havoc on existing systems. Security guards usually overlook watches and jewelry which contain storage devices, programs, and capabilities which can penetrate cyber barriers. These direct access attacks like the Evil Maid method are a threat because interns, temporary workers, and compromised employees have the opportunity and means to perform malicious actions.”

The second report summarizes findings about successful email phishing attacks. These are seemingly innocuous and legitimate emails which are conduits for malware. The most effective phishing scams reference Amazon deliveries and requests for information from what appear to be legitimate sources like Facebook.

The third story provides an overview of the Zotero research assistant software. The software keeps track of information discovered on the Internet and performs a number of functions for a researcher, an analyst, or an investigator. The Zotero tool allows the user to maintain an archive of data and generate reports which can be submitted to a colleague or a legal team. The software is available without charge, and DarkCyber provides a link for downloading the program.

The final story revisits the mythical idea that a person can hire an assassin on the Dark Web. A physician in England tried to arrange the death of his financial adviser. The doctor suffered cold feet, but police arrested him for malicious email. The Chechen mob did not get the doctor’s bitcoin nor the opportunity to terminate a financial wizard.

Kenny Toth, August 7, 2018

DarkCyber for July 31, 2018, Is Now Available

July 31, 2018

This week’s DarkCyber video news program is available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/282131610 .

Produced by Stephen E Arnold and the DarkCyber research team, the weekly program covers the Dark Web and lesser known Internet services.

The July 31, 2018, program includes four stories. These are:

Chinese citizens are using the Dark Web via Tor and i2p to circumvent the Great Firewall of China. The Web surfers use hidden Internet sites and services to obtain information and engage in ecommerce. DarkCyber learned that there is an elite group of “red” hackers working for the Chinese government. These “red hat” professionals engage in cyber activities which may be viewed as “black hat” activities by those outside of China.

The second story updates viewers about the legal challenges several SEA members face in US courts. DarkCyber provides brief descriptions of two reports about the SEA’s hacking activities in the US and elsewhere. These reports contain high value information about systems and methods used by these individuals. Links to these reports are included in the video plus a pointer to an SEA recruiting video available on YouTube. Stephen E Arnold, author of Dark Web Notebook, said: “Technical information compiled by analysts provides a road map for cyber security professionals. On the other hand, the availability of information warfare techniques makes it easier for bad actors to improve their digital attack methods. A cat and mouse game with significant stakes is escalating.”

The third story explains that Russia’s new surveillance and data retention regulations are now in effect. Mobile vendors, ISPs, and similar companies have to retain index data and content for six months. The influence of the Russian Internet crackdown has diffused to Kazakhstan. That Russian neighbor throttles the Internet and blocks access when opposition political voices stream via the Internet.

The final story directs viewers to the free Dark Web scanning service provided by Capitol One. The new service looks for individuals social security numbers, emails, and other personal information. Automatic alerts are sent to registered users when sensitive information is discovered.

You can view the video at this link.

Kenny Toth, July 31, 2018

Next Page »

  • Archives

  • Recent Posts

  • Meta