HonkinNews Returns as Dark Cyber

November 17, 2017

On November 21, 2017, HonkinNews returns. The new look and approach focuses on the less visible products and services associated with the Internet. The new series is called “Dark Cyber.” The program has a new look while retaining the fact-and-opinion approach in the original HonkinNews series. HonkinNews Dark Cyber draws its information from the content in the free blog Beyond Search and from the research conducted for Stephen E Arnold’s CyberOSINT and Dark Web Notebook monographs. For information about Dark Web Notebook, click this link. Watch for the YouTube link for Dark Cyber on November 21, 2017.

Kenny Toth, November 17, 2017

Ichan Makes It Easier to Access the Dark Web

November 17, 2017

A new search engine for the Dark Web may make that shady side of the Internet accessible to more people. A piece at DarkWebNews introduces us to “Ichidan: A New Darknet Search Engine.” Writer Richard tells us:

Ichidan is a brand new darknet search engine platform that lets users search and access Tor-powered ‘.onion’ sites. The format and interface of the platform bear much similitude with the conventional search engines like Bing and Google. However, the darknet search engine has been designed with an entirely different purpose. While Google was created with the aim of collecting user information and analyzing the behavior across several platforms, Ichidan specifically aims to render selfless services to the users who access the darknet and are looking for some particular Tor site to get the necessary information. Owing to its simplicity and ease of use, the darknet search engine has now managed to be an incredibly helpful tool for individuals using the dark web. Security research professionals, for instance, are quite happy with the services of this new darknet search engine.

The article notes that one way to use Ichan seems to be to pinpoint security vulnerabilities on Dark Web sites. A side effect of the platform’s rise is, perhaps ironically, its revelation that the number of Dark Web marketplaces has shrunk dramatically. Perhaps the Dark Web is no longer such a good place for criminals to do business as it once was.

Cynthia Murrell, November 17, 2017

Fake Hitman Dark Web Site Rakes in the Bitcoin

November 16, 2017

No one can accuse these scammers of not going all in. Motherboard reports, “This Fake Hitman Site Is the Most Elaborate, Twisted Dark Web Scam Yet.” Reporter Joseph Cox describes the almost-certainly fake hitman-services website Besa Mafia. He writes:

Although many already suspected the site was a sham, Risk Based Security reported last week that supposedly hacked data shining more light on its behind-the-scenes dealings had been posted online. Included in that dump were alleged lists of ‘hitmen,’ photos of targets customers had uploaded, orders made on the site, and a large cache of messages purportedly between users and site admins.

Although the site is almost definitely a scam—and a seemingly profitable one at that—the sheer effort its creators have gone to puts Besa Mafia head and shoulders above just about anything else on the dark web.”

Yes, to protect its stream of bitcoin profit (apparently about $23,000 by the time of the data dump), the site admins literally threaten to burn the cars of those who give them negative reviews. Less dramatically, they also seem to be seeding the Dark Web with positive reviews of their own non-existent services

Another interesting point from the data dump—in a hedge, the website has been supplying information on would-be clients and contractors to law enforcement. The article reports:

In one message from the dump, the admin writes that the site not only cheats people out of their bitcoin; it also provides information to law enforcement about ordered hits. ‘This website is to scam criminals of their money. We report them for 2 reasons: to stop murder, this is moral and right; to avoid being charged with conspiracy to murder or association to murder, if we get caught,’ the admin writes.

They certainly thought this through. See the article for more details on this fake purveyor of violent services.

Cynthia Murrell, November 16, 2017

Dark Web Predator Awaits Sentencing

November 15, 2017

Here we have one of the darker corners of the Dark Web. A brief but disturbing article at the UK’s Birmingham Mail reports, “Birmingham University Academic Dr Matthew Falder Led Horrific Dark Web Double Life as ‘666devil’.” The 28-year-old academic in question has pled guilty to 137 charges, most if not all, it seems, of vile crimes against children. Reporter James Cartledge writes:

Since 2010, the geophysicist, who worked at Birmingham University till September, had degraded and humiliated more than 50 victims online using the names ‘666devil’ and ‘evilmind’. … He admitted the offences at a hearing at Birmingham Crown Court on Monday. He was arrested on June 21 this year and has been held in custody since that date. Falder, of Edgbaston, Birmingham, posed as a woman on sites such as Gumtree to trick his victims into sending him naked or partially-clothed images of themselves. The disgraced geophysicist then threatened to expose his victims if they did not send severe and depraved abuse images of themselves. He then distributed the images.

It gets worse from there. We’re told this is the first time the UK’s National Crime Agency had delved into the Dark Web’s hidden forums that share and discuss such “dark” material. Falder is scheduled to be sentenced on December 7 and shall remain in custody in the meantime.

Cynthia Murrell, November 15, 2017

Ichidan Simplifies Dark Web Searches

November 10, 2017

Now there is an easier way to search the Dark Web, we learn from a write-up at Cylance, “Ichidan, a Search Engine for the Dark Web.” Cybersecurity pro and writer Kim Crawley informs us:

Ichidan is a search engine for looking up websites that are hosted through the Tor network, which may be the first time that’s been done at this scale. Websites on Tor usually have the .onion top level domain and you typically need a web browser with the Tor plugin or Tor’s own configured web browser in order to access them. … The search engine is less like Google and more like Shodan, in that it allows users to see technical information about .onion websites, including their connected network interfaces, such as TCP/IP ports.

Researchers at BleepingComputer explored the possibilities of this search engine. They were able to reproduce OnionScan’s findingss on the shrinkage of the Dark Web—the number of Dark Web services decreased from about 30,000 in April 2016 to about 4,400 not quite a year later (so by about 85%). Researchers found this alarming capability, too:

BleepingComputer was also able to use Ichidan to find a website which a lot of exposed ports, including OpenSSH, an email server,  a Telnet implementation, vsftpd, and an exposed Fritzbox router. That sort of information is very attractive to cyber attackers. Using Ichidan is a lot easier than command line pentesting tools, which require more specific technical know-how.

Uh-oh. Crawley predicts that use of Icihan will grow as folks on both sides of the law discover its possibilities. She advises anyone administering a .onion site to strengthen their cyber defenses posthaste, “if they want to survive.”

Cynthia Murrell, November 10, 2017

Silobreaker Digs Deeper into Dark Web

November 9, 2017

The Dark Web is small, unmonitored part of the Internet.  While the Dark Web seems untraceable and unsearchable, many tech companies are making strides documenting it.  Silobreaker is one of the companies and they announced a partnership with Flashpoint to take on the Dark Web: “Silobreaker Expands Its Data Coverage To Deep And Dark Web By Teaming Up With Flashpoint.”  Flashpoint is a leading provider of business risk intelligence technology and they focus on uncovering Dark Web information.

Flashpoint recently released version four of their business risk intelligence API.  Along with the newest release, Silobreaker and Flashpoints’ team up means that more of their clients will be able to predict, detect, and resolve unstructured data into actionable intelligence.

How will Silobreaker and Flashpoint work together?

Flashpoint’s data is being ingested by Silobreaker’s platform, where it is indexed and fully integrated for use across all analytical tools, visualizations and workflow features. When correlated with Silobreaker’s open source data, this combination empowers customers to move seamlessly between the two data-sets in a single application, expanding their analyses to include both.

The only downside is in order to take advantage of the team up, their clients must have licenses to both companies.  Maybe they will offer a bundle deal if you ask nicely.

Whitney Grace, November 9, 2017


Great Moments in Publishing: The Gray Lady on Tor

October 28, 2017

I read “The New York Times Is Now a Tor Onion Service.” Interesting. Tor attracts about three million users per month.


Source: https://metrics.torproject.org/userstats-relay-country.html

I found the decision a bit of a surprise. Increasing censorship squeezes some individuals to “hidden” information services. I am aware of the data which suggests that Tor and other hidden services are used for good purposes. For a run down on nine benefits, review “9 Things You Probably Don’t Know about Positive Uses of the Dark/Deep Web.” [I corrected the misspelling of “probable” in the title.]

On the other hand, other individuals use hidden services for less sunlight and happiness type activities. See, for example, “Dark Web Browser Tor Is Overwhelmingly Used for Crime, Says Study.”

The New York Times wants traffic and subscribers.

I will be watching for a surge in New York Times revenue and a spate of new Dark Web services. The Dark Web does offer online advertising. Perhaps this will be a new frontier for the newspaper. For more information about our most recent monograph, check out the description of Dark Web Notebook.

Stephen E Arnold, October 28, 2017

Quote to Note: The Dark Web and Its Uses

October 20, 2017

I read “Everything You Need to Know about…the Dark Web (but May Have Been Afraid to Ask!)” The article references research by Terbium Labs, a company profiled in my monograph “Dark Web Notebook.”

Here’s the quote to note:

Research by Terbium Labs suggests that less than half of activity on the dark web is illegal or nefarious. “Anonymity does not equate criminality, merely a desire for privacy,”

Stephen E Arnold, October 20, 2017

The Underside of the Internet, Just Slightly Off Base

October 11, 2017

Deutsche Welle ran a story about the Dark Web called “Darknet, The Shady Internet.” I found the approach interesting. Let me mention that I am the author of Dark Web Notebook, a guide for law enforcement and intelligence professionals. (Information about the Notebook is at this link.) I don’t want to work pedantically through the write up, pointing out issues I have with some of the assertions. I do want to highlight the conclusion of the article. DW points out that LE and intel professionals have to use methods which seem to be less than elegant. Here’s the passage I highlighted:

So what can police, federal law enforcement officials, secret police and international crime-fighting networks do to combat the darknet? Some tactics are surprisingly old fashioned. One is to purchase an illegal item from a darknet marketplace and then analyze the package and its contents when it comes in the mail. With enough data, police can hone in on the package’s source. Another tactic is to build rapport with the site’s owner, say a drug dealer, and to request a real-life meeting to exchange the goods.

I would point out that there are a number of companies which offer specialized products and services to assist LE and intel professionals with Dark Web investigations. These range from the Google and In-Q-Tel funded Recorded Future to the less well known Terbium Labs. There are other companies as well, and I profile a number of them in Dark Web Notebook.

I am surprised that the DW invested modest effort in its write up. Dark Web content is a tiny fraction of data available online. Nevertheless, as censorship in countries and at such firms as Facebook, Google, and Twitter-type companies increases, the Dark Web will experience some growth despite the hurdles the Dark Web puts in front of users.

I would point out that in the Dark Web Notebook we recount  an anecdote involving a German policeman who explored the Dark Web and found himself caught in a digital bear trap. Thus, knowledge of the sophisticated tools available to LE and intel professionals is important. Leaving these out of an article from a respected “news” organization underscores the need for a bit more attention to detail and context.

Stephen E Arnold, October 11, 2017

An Algorithm with Unintended Consequences

September 12, 2017

Some of us who follow developments in AI wondered about this: apparently, the algorithm YouTube tasked with eliminating “extremist content” on its platform goes too far. Business Insider reports, “YouTube’s Crackdown on Extremist Content and ISIS Is Also Hurting Researchers and Journalists.”  It is a good thing there now exist commercial services that can meet the needs of analysts, researchers, and government officials; many of these services are listed in Stephen E Arnold’s Dark Web Notebook.

In this case, the problem is an algorithm that cannot always distinguish between terrorist propaganda and terrorist coverage. Since the site implemented its new steps to combat terrorist content, several legitimate researchers and journalists have protested that their content was caught in the algorithm’s proverbial net and summarily removed; some of it had been available on the site for years. Reporter Rob Price writes

Open-source researcher Eliot Higgins says he has had his old videos about Syria deleted and his account was suspended as the Google-owned video platform attempts to tackle material that supports terrorism. Middle East Eye reports that Syrian opposition news site Orient News was also deleted, as was a video uploaded by one of the publication’s own journalists. ‘YouTube has now suspended my account because of videos of Syria I uploaded 2-3 years ago. Nice anti-ISIS AI you’ve got there, YouTube,’ Higgins tweeted on Saturday. ‘Ironically, by deleting years-old opposition channels YouTube is doing more damage to Syrian history than ISIS could ever hope to achieve.’ In another incident, a video from American journalist Alexa O’Brien’s video that was used in Chelsea Manning’s trial was deleted, according to Middle East Eye.

Higgins, whose account has since been reinstated, has an excellent point—ultimately, tools that destroy important documentation along with propaganda are counter-productive. Yes, algorithms are faster (and cheaper) than human workers. But do we really want to sacrifice first-hand footage of crucial events for the sake of speedy sanitization? There must be a better way.

Cynthia Murrell, September 12, 2017

Next Page »

  • Archives

  • Recent Posts

  • Meta