DarkCyber for September 21, 2021 Now Available

September 21, 2021

DarkCyber for September 21, 2021, reports about the Dark Web, cyber crime, and lesser known Internet services. The program is produced every two weeks. This is the 19th show of 2021. There are no sponsored stories nor advertisements. The program provides basic information about subjects which may not have been given attention in other forums. The program is available at this link.

This week’s program includes five stories.

First, we provide information about two online services which offer content related to nuclear weapons. Neither source has been updated for a number of months. If you have an interest in this subject, you may want to examine the information in the event it is disappeared.

Second, you will learn about Spyfone. DarkCyber’s approach is to raise the question, “What happens when specialized software once considered “secret” by some nation states becomes available to consumers.

Third, China has demonstrated its control of certain online companies; for example, Apple. The country can cause certain applications to be removed from online stores. The argument is that large US companies, like a French bulldog, must be trained in order stay in the Middle Kingdom.

Fourth, we offer two short items about malware delivered in interesting ways. The first technique is put malicious code in a video card’s graphics processing unit. The second summarizes how “free” games have become a vector for compromising network security.

The final story reports that a Russian manufacturer of drones is taking advantage of a relaxed policy toward weapons export. The Russian firm will produce Predator-like drones in countries which purchase the unmanned aerial vehicles. The technology includes 3D printing, specialized software, and other advanced manufacturing techniques. The program includes information about they type of kinetic weapons these drones can launch.

DarkCyber is produced by Stephen E Arnold and his DarkCyber research team. You can download the program from the Beyond Search blog or from YouTube.

Kenny Toth, September 21, 2021

DarkCyber for July 27, 2021: NSO Group Again, Making AWS Bots, How Bad Actors Scale, and Tethered Drones

July 27, 2021

The 15th DarkCyber for 2021 addresses some of the NSO Group’s market position. With more than a dozen news organizations digging into who does what with the Pegasus intelware system, the Israeli company has become the face of what some have called the spyware industry. In this program, Stephen E Arnold, author of the Dark Web Notebook, explains how bad actors scale their cyber crime operations. One thousand engineers is an estimate which is at odds with how these cyber groups and units operate. What’s the technique? Tune in to learn why Silicon Valley provided the road map for global cyber attacks. If you are curious, you can build your own software robot to perform interesting actions using the Amazon AWS system as a launch pad. The final story explains that innovation in policing can arrive from the distant pass. An 18th century idea may be the next big thing in law enforcement’s use of drones. DarkCyber is produced by Stephen E Arnold, who publishes Beyond Search. You can access the blog at www.arnoldit.com/wordpress and view the DarkCyber video at this link.

Kenny Toth, July 27, 2021

Tor Compromised?

July 9, 2021

I read “Tor Encryption Can Allegedly Be Accessed by the NSA, Says Security Expert.” I was stunned. I thought that the layers of encryption, the triple hop through relays, and the hope that everything worked as planned was bulletproof. And who funded Tor in the first place? What’s the status of the not-for-profit foundation today? Why were some European entities excited about cross correlating date and time stamps, IP addresses, and other bits of metadata? I don’t have answers to these questions, nor does the write up.

The article presents this information:

A security expert by the name of Robert Graham, however, has outlined his reasons for actually believing that the NSA might not even need tricks and paltry exploits in order for them to gain access to Tor, according to a blog post on Erratasec. Why? The security expert notes that this is because they might already have the keys to the kingdom. If they don’t, then they might be able to, according to arsTechnica.

Let me see if I can follow the source of this interesting assertion. TechTimes (the outfit publishing the “Tor Encryption Can” story cited above) quotes a security expert. There was a source called Erratasec. Then there was a story on ars Technica.

Now I think that Tor software and the onion method have security upsides and downsides. I also know that what humans create, other humans can figure out. I think the point of the write up is that anyone who uses Tor should embrace the current version.

Can NSA or any other intelligence entity figure out who is doing what, when, and why? My view is that deobfuscation methods are advancing. The fact that bad actors are shifting from old-school Dark Web sites to other channels speaks volumes. Bad actors have been shifting to messaging services which feature end-to-end encryption (E2EE) and do not require a particularly hard-to-complete registration process. But this shift from the “old” Dark Web to the “new” Dark Web began several years ago.  Bad actors have been aware that other secure communications options were Job One for years. My thought is that this story in interesting, just not focused on what is actually further consumerizing criminal behavior. The action has shifted, and the US may not be the leader in making sense of the new types of communications traffic.

Stephen E Arnold, July 9, 2021

The New Dark Web: Innovation in the Middle Kingdom

July 9, 2021

Chinese actors have created an interesting spin when obfuscation is important. “China’s Dark Web Spawns a Hard-to-Crack Hacker Community” reports:

Dark websites in China are unique in two ways, according to SouthPlume, the Japanese agency for CNsecurity. First, Chinese hackers communicate with one another through local social media. This creates what amounts to a members-only organization that differs from the general darknet, where websites are accessed only through anonymizing browsers such as Tor. Chinese dark websites also lack the typical underground listings of drugs, weapons or child pornography. Instead, they mostly traffic in personal information and tips on hacking corporate sites, according to SouthPlume.

Is Tor the go-to system? i2p? Neither. The trick is to use social media. Worth watching.

Stephen E Arnold, July 9, 2021

Deloitte Acquires Terbium Labs: Does This Mean Digital Shadows Won the Dark Web Indexing Skirmish?

July 7, 2021

Deloitte has been on a cybersecurity shopping spree this year. The giant auditing and consulting firm bought Root9B in January and CloudQuest at the beginning of June. Now, ZDNet reports, “Deloitte Scoops Up Digital Risk Protection Company Terbium Labs.” We like Terbium. Perhaps the acquisition will help Deloitte move past the unfortunate Autonomy affair. Writer Natalie Gagliordi tells us:

“The tax and auditing giant said Terbium Labs’ services — which include a digital risk protection platform that aims to helps organizations detect and remediate data exposure, theft, or misuse — will join Deloitte’s cyber practice and bolster its Detect & Respond offering suite. Terbium Labs’ digital risk platform leverages AI, machine learning, and patented data fingerprinting technologies to identify illicit use of sensitive data online. Deloitte said that adding the Terbium Labs business to its portfolio would enable the company to offer clients another way to continuously monitor for data exposed on the open, deep, or dark web. ‘Finding sensitive or proprietary data once it leaves an organization’s perimeter can be extremely challenging,’ said Kieran Norton, Deloitte Risk & Financial Advisory’s infrastructure solution leader, and principal. ‘Advanced cyber threat intelligence, paired with remediation of data risk exposure requires a balance of advanced technology, keen understanding of regulatory compliance and fine-tuning with an organization’s business needs and risk profile.’”

Among the Deloitte clients that may now benefit from Terbium tech are several governments and Fortune 500 companies. It is not revealed how much Deloitte paid for the privilege.

Terbium Labs lost the marketing fight with an outfit called Digital Shadows. That company has not yet been SPACed, acquired, or IPOed. There are quite a few Dark Web indexing outfits, and quite a bit of the Dark Web traffic appears to come from bots indexing the increasingly shrinky-dink obfuscated Web.

Is Digital Shadows’ marketing up to knocking Deloitte out of the game? Worth watching.

Cynthia Murrell, July 6, 2021

DarkCyber for June 15, 2021, Now Available

June 15, 2021

DarkCyber is a video news program issued every two weeks. The June 15, 2021, show includes five stories:

  • Pentest tools you can download and use today for free
  • A free report that explains Britain’s cyber weaknesses
  • Additional information about the E2EE revolution
  • Another tip for finding flexible developers and programmers who will do exactly what you want done
  • The FireScout, a drone with a 100 mile range and the ability to drop sonobuoys and other devices, perform surveillance, and remain aloft for up to 10 hours.

The DarkCyber video news program contains information presented in Stephen E Arnold’s lectures to law enforcement and intelligence professionals. His most recent lecture was the New Dark Web. He presented his most recent research findings to a group of more than 100 cyber fraud investigators working in Connecticut for a variety of LE and related organizations. The

The June 15, 2021, DarkCyber video program is available from Mr. Arnold’s blog splash page and can be viewed on YouTube. One important note: The video program does not contain advertisements or sponsored content. We know that’s unusual today, but the DarkCyber team prefers to operate without an invisible hand on the controls or an invisible foot on the team’s neck.

Kenny Toth, June 15, 2021

DarkCyber for June 1, 2021, Now Available

June 1, 2021

DarkCyber is a video news program about the Dark Web, cyber crime, and lesser known Internet services. This edition’s story line up includes a bad actor promoting on the regular Internet, a look at Europol’s business process analysis for industrialized cyber crime, a University of Washington research project for a do-it-yourself IMSI sniffer, two free reports about phishing, the go-to method for compromising users’ computer security, and a look at the Gaza, a new drone designed to strike at those who would wrongfully act toward certain groups. DarkCyber is produced by Stephen E Arnold with assistance from the DarkCyber research team. The programs appear twice each month. The videos are available on YouTube. You can view the video via the player on the Beyond Search blog or at https://youtu.be/f1ym19l2Y0I. No ads, no vendor supported posts, nothing but Mr. Arnold commenting on important news stories. How is this possible? No one who thumb typers knows.

Kenny Toth, June 1, 2021

DarkCyber for May 18, 2021 Now Available

May 18, 2021

DarkCyber is a twice-a-month video news program usually available on YouTube at this link. The topics in the May 18, 2021, video include a look at what the Signal subpoena “signals” about advanced US intelware systems. The program also explores ways to spy on a mobile phone. If you want to purchase your own IMSI catcher, you will find a an online ecommerce site ready to respond. (Keep in mind intercepting mobile content can be problematic in some jurisdictions.) Reluctantly we revisit the increasingly embarrassing Microsoft security software and systems. We report that a UK cyber security company has entered into a partnership with Microsoft in order to put the polish on that digital Yugo. The program profiles a not-so-clever trick to smuggle liquid meth into the United States. The scheme included a drug mule, a VW SUV, and a fuel tank available from an auto parts shop. Hint: The ploy did not work. This program’s drone news explains the new features of the UAVTEK bug nano. This is a remarkable device which can operate in swarms, perform surveillance whether in the air or perched in an inconspicuous location. The new version can carry a payload; for example, additional sensors and micro-explosives.

DarkCyber is available at www.arnoldit.com/wordpress and on YouTube. (Sometimes the really smart software used to filter objectionable content becomes irritated with the video news program. Is it because the LE and intel centric content is troublesome? Is it because DarkCyber does not run ads (no big momma ads nor from individual companies), and the content is not sponsored. No wonder videos are objectionable. I mean no ads, no sponsorships, no shilling! Terrible, right?

Kenny Toth, May 18, 2021

PS. This video is available on Facebook (we think). Try this url: https://bit.ly/3wfTnNu

DarkCyber for May 4, 2021, Now Available

May 4, 2021

The 9th 2021 DarkCyber video is now available on the Beyond Search Web site. Will the link work? If it doesn’t, the Facebook link can assist you. The original version of this 9th program contained video content from an interesting Dark Web site selling malware and footage from the PR department of the university which developed the kid-friendly Snakebot. Got kids? You will definitely want a Snakebot, but the DarkCyber team thinks that US Navy Seals will be in line to get duffle of Snakebots too. These are good for surveillance and termination tasks.

Plus, this 9th program of 2021 addresses five other stories, not counting the Snakebot quick bite. These are: [1] Two notable take downs, [2] iPhone access via the Lightning Port, [3] Instant messaging apps may not be secure, [4] VPNs are now themselves targets of malware, and [5] Microsoft security with a gust of SolarWinds.

The complete program is available — believe it or not — on Tess Arnold’s Facebook page. You can view the video with video inserts of surfing a Dark Web site and the kindergarten swimmer friendly Snakebot at this link: https://bit.ly/2PLjOLz. If you want the YouTube approved version without the video inserts, navigate to this link.

DarkCyber is produced by Stephen E Arnold, publisher of Beyond Search. You can access the current video plus supplemental stories on the Beyond Search blog at www.arnoldit.com/wordpress.

We think smart filtering is the cat’s pajamas, particularly for videos intended for law enforcement, intelligence, and cyber security professionals. Smart software crafted in the Googleplex is on the job.

Kenny Toth, May 4, 2021

Signal and Cellebrite: Raising Difficult Questions

April 22, 2021

Signal published an summary of its exploration of the Cellebrite software. Founded in Israel and now owned by the Japanese company Sun Corporation, Cellebrite is a frequent exhibitor, speaker, and training sponsor at law enforcement and intelligence conferences. There are units and subsidiaries of the company, which are not germane to this short blog post. The company’s main business is to provide specialized services to make sense of data on mobile devices. Yes, there are other use cases for the company’s technology, but phones are a magnet at the present time.

Exploiting Vulnerabilities in Cellebrite UFED and Physical Analyzer from an App’s Perspective” makes clear that Cellebrite’s software is probably neither better nor worse than the SolarWinds, Microsoft Exchange Server, or other vendors’ software. Software has bugs, and once those bugs are discovered and put into circulation via a friendly post on a Dark Web pastesite or a comment in a tweet, it’s party time for some people.

Signal’s trope is that the Cellebrite “package” fell off a truck. I am not sure how many of those in my National Cyber Crime 2021 lectures will find that explanation credible, but some people are skeptics. Signal says:

[Cellebrite’s] products have often been linked to the persecution of imprisoned journalists and activists around the world, but less has been written about what their software actually does or how it works. Let’s take a closer look. In particular, their software is often associated with bypassing security, so let’s take some time to examine the security of their own software.

The write up then points out vulnerabilities. The information may be very useful to bad actors who want to configure their mobile devices to defeat the Cellebrite system and method. As readers of this blog may recall, I am not a big fan of disclosures about specialized software for certain government entities. Others — like the Signal analysts — have a different view point. I am not going to get involved in a discussion of this issue.

What I want to point out is that the Signal write up, if accurate, is another example of a specialized services vendor doing the MBA thing of over promising, overselling, and over marketing a cyber security solution.

In the context of the cyber security threat intelligence services which failed to notice the not-so-trivial SolarWinds, Microsoft Exchange Server, and Pulse Secure cyber missteps — the Signal essay is important.

Let me express my concern in questions:

What if the cyber security products and services are not able to provide security? What if the indexes of the Dark Web are not up to date and complete so queries return misleading results? What if the auto-generate alerts are based on flawed  methods?

The cyber vendors and their customers are likely to respond, “Our products are more than 95 percent effective.” That may be accurate in some controlled situations. But at the present time, the breaches and the Signal analysis may form the outlines of a cyber environment in which expensive cyber tools are little more than plastic hammers and saws. Expensive plastic tools which break when subjective to real world work.

Stephen E Arnold, April 22, 2021

Next Page »

  • Archives

  • Recent Posts

  • Meta