DarkCyber for April 6, 2021, Now Available

April 6, 2021

DarkCyber is a twice-a-month video news program about the Dark Web, cyber crime, and lesser known Internet services. You can view the program at this link.

This program covers five stories:

  1. Banjo, founded by a controversial figure, has been given an overhaul. There’s new management and a new name. The challenge? Turn the off tune Banjo into a sweet revenue song.
  2. The Dark Web is not a hot bed of innovation. In fact, it’s stagnant, and law enforcement has figured out its technology and is pursuing persons of interest. A “new” Dark Web-like datasphere is now emerging. Robust encrypted messaging apps allow bad actors to make deals, pay for goods and services, and locate fellow travelers more easily and quickly than ever before.
  3. User tracking is a generator of high value information. Some believe that user tracking is benign or nothing about which to worry. That’s not exactly the situation when third-party and primary data are gathered, cross-correlated, and analyzed. Finding an insider who can be compromised has never been easier.
  4. New cyber crime reports are flowing in the aftermath of the Solarwinds’ and Microsoft Exchange Server fiascos. What’s interesting that two of these reports reveal information which provides useful insight into what the bad actors did to compromise thousands of systems.
  5. The final story reports about the world’s first drone which makes it possible for law enforcement and intelligence operatives to conduct a video conference with a bad actor near the drone. The innovative device can also smash through tempered glass to gather information about persons of interest.

DarkCyber is produced by Stephen E Arnold. The program is a production of Beyond Search and Arnold Information Technology. Mr. Arnold is the author of CyberOSINT and The Dark Web Notebook. He will be lecturing at the 2021 National Cyber Crime Conference.

Kenny Toth, April 6, 2021

The Value of Threat Data: An Interesting Viewpoint

March 29, 2021

Security is not job one in the cyber security business. Making sales and applying technology to offensive cyber actions are more important. Over the past couple of decades, security for users of mainstream enterprise applications and operating systems has been a puppet show. No one wants to make these digital ecosystems too secure; otherwise, it would be more difficult, expensive, and slow to compromise these systems when used by adversaries. This is a viewpoint not widely known by some professionals, even those in the cyber security business. Don’t agree. That’s okay with me. I would invite those who take exception to reflect on the failure of modern cyber security systems, including threat intelligence systems, to prevent SolarWinds and Microsoft Exchange security breaches. Both are reasonably serious, and both illustrate the future of cyber operations for the foreseeable future. Just because the mainstream pundit-verse is not talking about these security breaches does not mean the problem is solved. It is not.

Threat Data Helps Enterprises Strengthen Security” describes a different point of view. I am not confident that the data in the write up have factored in the very loud signals from the SolarWinds and Microsoft Exchange missteps. Maybe “collapses” is a more appropriate word.

The write up states:

Benefits of threat data feeds include; adding unique data to better inform security (71 percent), increasing preventive blocking to ensure better defense (63 percent), reducing the mean time to detect and remediate an attack (55 percent), and reducing the time spent researching false positives (51 percent). On the downside 56 percent of respondents also say threat feeds deliver data that is often too voluminous or complex to provide timely and actionable intelligence.

Let’s consider these statements.

First, with regard to benefits, knowing about what exactly? The abject failure of the cyber security defenses for the SolarWinds and Microsoft Exchange problems did zero to prevent the attacks. Victims are not 100 percent sure that recently “sanitized” systems are free from backdoors and malware. The fact that more than half of those in the survey believe that getting threat intelligence is good says more about the power of marketing and the need to cyber security professionals to do something to demonstrate to their superiors that they are on the ball. Yeah, reading about Fullz on the Dark Web may be good for a meeting with the boss, but it does and did zero for the recent, global security lapses. Organizations are in a state of engineered vulnerability, and threat intelligence is not going to address that simple fact.

Next, what about the information in the threat feeds. Like the headlines in a supermarket tabloid or a TikTok video, titillation snags attention. The problem, however, is that despite the high powered systems from developers from Herliya to Mountain View, information flows generate a sense of false security.

A single person at FireEye noticed an anomaly. That single person poked around. What did that individual find: Something in a threat feed, a snappy graphic from a $100,000 visualization tool, or specific information about a malware attack? Nope, zippy items and factoids. Links to Dark Web sites add spice.

The write up says:

Each of the organizations surveyed faced an average of 28 cyber attacks in the past two years. On average, respondents say 38 percent of these attacks were not stopped because security teams lacked timely and actionable data. Respondents also report that 50 percent of all attacks can be stopped using timely and actionable intelligence.

SolarWinds went undetected for possibly longer than 18 months. Attacks one knows about are one thing. The painful reality of SolarWinds and Microsoft Exchange breaches are another. Marketing won’t make the reality different.

Stephen E Arnold, March 29, 2021

DarkCyber for March 23, 2021, Now Available

March 23, 2021

DarkCyber for March 23, 2021, is now available at this link.

The March 23, 2021, program contains four stories.

The feature is an interview with the director of GovWizely, Erik Arnold. A former Lycos and Vivisimo executive, Mr. Arnold was a principal researcher on a study about the SolarWinds’ breach. The client for this report was an investment firm. The focus, therefore, was different from the obfuscation and marketing reports generated by cyber security firms and consultants.

Some of the report’s more interesting finding are discussed in the video. A more comprehensive review of the SolarWinds’ breach will be provided on March 25, 2021. Mr. Arnold will conduct an informational webinar on March 25, 2021, at 11 am Eastern time. Registration is required, but there is not charge for the one hour program. You can sign up at https://www.govwizely.com/contact/.

Other stories in the March 23, 2021, program are:

  • A look at the management and credibility challenges the Microsoft Exchange Server security lapses create
  • How anyone can implement an email tracking function. Three commercial services are mentioned and a GitHub repository is provided for those who want to reuse open source surveillance and monitoring code
  • The Russian GROM. This is a weapons capable drone which has been upgraded to carry 10 mini-drones. Each mini-drone can perform kinetic (micro munition)  or reconnaissance functions. The 10 drones can function as a swarm, coordinated via artificial intelligence to adapt to changing battled conditions.

DarkCyber is a video news program published twice each month. The videos are available on YouTube. The video news program covers the Dark Web, cyber crime, and lesser known Internet services. The producer is Stephen E Arnold, publisher of Beyond Search which is available at www.arnoldit.com/wordpress.

Kenny Toth, March 23, 2021

Facebook WhatsApp, No Code Ecommerce, and Google: What Could Go Wrong?

March 5, 2021

The Dark Web continues to capture the attention of some individuals. The little secret few pursue is that much of the Dark Web action has shifted to encrypted messaging applications. Even Signal gets coverage in pot boiler novels. Why? Encrypted messaging apps are quite robust convenience stores? Why go to Ikea when one can scoot into a lightweight, mobile app and do “business.” How hard is it to set up a store, make its products like malware or other questionable items available in WhatsApp, and start gathering customers? Not hard at all. In fact, there is a no code wrapper available. With a few mouse clicks, a handful of images, and a product or service to sell, one can be in business. The developer – an outfit called Wati – provides exactly when the enterprising marketer requires. None of that Tor stuff. None of the Amazon police chasing down knock off products from the world’s most prolific manufacturers. New territory, so what could go wrong. If you are interested in using WhatsApp as an ecommerce vehicle, you can point your browser to this Google Workspace Marketplace. You will need both a Google account and a WhatsApp account. Then you can us “a simple and powerful Google Sheet add-on to launch an online store from Google Sheets and take orders on WhatsApp.” How much does this service cost? The developer asserts, “It’s free forever.” There is even a video explaining what one does to become a WhatsApp merchant. Are there legitimate uses for this Google Sheets add on? Sure. Will bad actors give this type of service a whirl? Sure. Will Google police the service? Sure. Will Facebook provide oversight? Sure. That’s a lot of sures. Why not be optimistic? For me, the Wati wrapper is a flashing yellow light that a challenge to law enforcement is moving from the Dark Web to apps which are equally opaque. Progress? Nope.

Stephen E Arnold, March 5, 2021

DarkCyber for February 9, 2021, Now Available

February 9, 2021

DarkCyber is a twice-a-month video news program about the Dark Web, cyber crime, and lesser known online services. The program is produced by Stephen E Arnold. You can view the program on the Beyond Search blog or on YouTube at this link.

This week’s program features a discussion of Microsoft’s explanation of the SolarWinds’ misstep. The online explanation is a combination of forensic information with an old-fashioned, almost Balmer-esque marketing pitch. Plus, DarkCyber responds to a viewer who wanted more information about locating bad actor hackers promoting their criminal capabilities on the Dark Web. The program highlights two Dark Web services and provides information to two online resources which offer additional information. Three other stories round out the February 9, 2021, program. Allegedly some of the software stolen in the SolarWinds’ misstep (a data breach which compromised more than 18,000 companies and government organizations) is available for sale. Information about the cost of the software and how to buy are provided. Next you learn about the app tracking technology which is creating friction between Apple and Facebook. Who benefits from tracking users’ actions hundreds of times each day? DarkCyber answers this question. The final story is another signature drone news item. If you think that one drone poses a challenge, consider the difficulty of dealing with thousands of miniature weaponized drones converging on a unit or disrupting warfighting tactics under live fire.

Kenny Toth, February 9, 2021

DarkCyber for January 26, 2021, Now Available

January 26, 2021

DarkCyber is a twice-a-month video news program. The stories cover cyber crime, lesser known Internet services, and online. The feature in the January 26, 2021, program is a conversation between Ric Manning, a former Gannett technology columnist and author, and Stephen E Arnold, author of CyberOSINT: Next Generation Information Access. Arnold and Manning talk about the online implications of deplatforming users. Manning points out that protections extended to online platforms free the managers from the constraints in which other media are enmeshed. Arnold points out that government involvement is likely to take place and have significant unforeseen consequences.

Others stories in this program are the deanonymization of digital currency users, a book of algorithms selected for their usefulness in intelligence analysis, and our mini-feature about drones. This week, learn about the flying ginsu knife.

You can view the video at www.arnoldit.com/wordpress or at this url on YouTube.

Kenny Toth, January 26, 2021

DarkCyber for January 12, 2021, Now Available

January 12, 2021

DarkCyber is a twice-a-month video news program about online, the Dark Web, and cyber crime. You can view the video on Beyond Search or at this YouTube link.

The program for January 12, 2021, includes a featured interview with Mark Massop, DataWalk’s vice president. DataWalk develops investigative software which leapfrogs such solutions as IBM’s i2 Analyst Notebook and Palantir Gotham. In the interview, Mr. Massop explains how DataWalk delivers analytic reports with two or three mouse clicks, federates or brings together information from multiple sources, and slashes training time from months to several days.

Other stories include DarkCyber’s report about the trickles of information about the SolarWinds’ “misstep.” US Federal agencies, large companies, and a wide range of other entities were compromised. DarkCyber points out that Microsoft’s revelation that bad actors were able to view the company’s source code underscores the ineffectiveness of existing cyber security solutions.

DarkCyber highlights remarkable advances in smart software’s ability to create highly accurate images from poor imagery. The focus of DarkCyber’s report is not on what AI can do to create faked images. DarkCyber provides information about how and where to determine if a fake image is indeed “real.”

The final story makes clear that flying drones can be an expensive hobby. One audacious drone pilot flew in restricted air zones in Philadelphia and posted the exploits on a social media platform. And the cost of this illegal activity. Not too much. Just $182,000. The good news is that the individual appears to have avoided one of the comfortable prisons available to authorities.

One quick point: DarkCyber accepts zero advertising and no sponsored content. Some have tried, but begging for dollars and getting involved in the questionable business of sponsored content is not for the DarkCyber team.

Finally, this program begins our third series of shows. We have removed DarkCyber from Vimeo because that company insisted that DarkCyber was a commercial enterprise. Stephen E Arnold retired in 2017, and he is now 77 years old and not too keen to rejoin the GenX and Millennials in endless Zoom meetings and what he calls “blatant MBA craziness.” (At least that’s what he told me.)

Kenny Toth, January 12, 2021

Advertising on the Dark Web with Quo

January 1, 2021

Quo, a Dark Web search engine has appeared. According to “Cybercriminals Have Started Indexing the Dark Web”:

QUO is “a dark web, full-text search engine designed to create a continuously updated index of onion pages” in order to provide its users with a way to “explore the dark web quickly and anonymously, without logs, cookies and JavaScript”.

You can locate the service at this link, but keep in mind that Dark Web search engines come and go. The system was up and running on December 28, 2020, when the research team checked our links. You can run queries for the Dark Web  go to topics like carding, contraband, and crime as a service. Search results look like this:

image

What’s interesting is that the service indexes “eight million pages from around 20,000 thousand sites including their URLs, titles, metadata, keywords and headings.” With any Dark Web search engine, the question is, “What percentage of these indexed pages are active?”

You can also advertise on the service. Navigate to this link and get the details.

Stephen E Arnold, January 1, 2021

DarkCyber for December 29, 2020, Is Now Available

December 29, 2020

DarkCyber for December 29, 2020, is now available on YouTube at this link or on the Beyond Search blog at this link. This week’s program includes seven stories. These are:

A Chinese consulting firm publishes a report about the low profile companies indexing the Dark Web. The report is about 114 pages long and does not include Chinese companies engaged in this business.

A Dark Web site easily accessible with a standard Internet browser promises something that DarkCyber finds difficult to believe. The Web site contains what are called “always” links to Dark Web sites; that is, those with Dot Onion addresses.

Some pundits have criticized the FBI and Interpol for their alleged failure to take down Jokerstash. This Dark Web site sells access to “live” credit cards and other financial data. Among those suggesting that the two law enforcement organizations are falling short of the mark are four cyber security firms. DarkCyber explains one reason for this alleged failure.

NSO Group, a specialized services company, has been identified as the company providing technology to “operators” surveilling dozens of Al Jazeera journalists. DarkCyber points out that a commercial firm is not in a position to approve or disapprove the use of its technology by the countries which license the Pegasus platform.

Facebook has escalated its dispute with Apple regarding tracking. Now the social media company has alleged that contractors to the French military are using Facebook in Africa via false accounts. What’s interesting is that Russia is allegedly engaged in a disinformation campaign in Africa as well.

The drone news this week contaisn two DJI items. DJI is one of the world’s largest vendors of consumer and commercial drones. The US government has told DJI that it may no longer sell its drones in the US. DJI products remain available in the US. DJI drones have been equipped with flame throwers to destroy wasp nests. The flame throwing drones appear formidable.

DarkCyber is a twice a month video news program reporting on the Dark Web, lesser known Internet services, and cyber crime. The program is produced by Stephen E Arnold and does not accept advertising or sponsorships.

Kenny Toth, December 29, 2020

Blog Assembles Information for Dark Web Adventurers

December 25, 2020

We wish to draw our dear readers’ attention to this resource: the site DeepWebSitesLinks maintains a Dark Web Blog. From ways to access the Dark Web and purchase cryptocurrency to maintaining anonymity while doing so, this roundup supplies a lot of information that could be difficult to find elsewhere. Recent articles include a list of privacy tools, a discussion of VPN services, and several reviews of specific Dark Web marketplaces. The host site’s About Us page reveals:

“My website is completely dedicated to Deep Web(Dark Internet world), Here I shared newly searched deep web sites and tips and tricks like how to access Deep web and others. DeepWebSitesLinks.com first time introduced on 15 Jan 2016, and after a month of Jan, DeepWebSitesLinks.com readers growing very fast day by days. My team regularly improving DeepWebSitesLinks.com Features, Now we are planning to add some extra categories into this site by which we can extend our area globally. Advertise With US: Deep Web Sites Links having only information about Deep Web Links or Tor Links, This Website having more than 10K+ Daily unique hits, and Still growing day to Day. If you want to promote Your Deep Web Sites or any relevant Products or Services. We have some ad places by which you can promote you service and easily can increase your audience very quick. We also promote relevant software and service like(VPN, Darknet Markets, Bitcoin Markets, Drugs Markets, Stores and any other relevant services) by the help of features oriented review type post, If you looking any one type promotion then you can contact Us by the help of bellow given Email.”

A couple observations: the site’s operator(s) appears to conflate Deep Web and Dark Web. That is a common mistake, but one would expect purported experts to know better. They could also use the services of a good copy editor. Or are misspellings, bad punctuation, and random misplaced capitalizations hallmarks of authenticity in the Dark Web community? No matter. Those details aside, we find this blog to be a very interesting source of information.

Cynthia Murrell, December 25, 2020

Next Page »

  • Archives

  • Recent Posts

  • Meta