DarkCyber for May 26, 2020 Now Available

May 26, 2020

DarkCyber for May 26, 2020, is an online video program focusing on cyber crime, intelligence, and lesser known Internet services. This week’s stories include NSO Group in the PR spotlight, Covid 19 phishing, Germany limits intel services scope of action, a source for bad actor hackers, ETSI.org as a job hunter’s game preserve, and four new drones for surveillance and kinetic action. (Kinetic means explosive munitions.)

The program is a production of Stephen E Arnold and the DarkCyber research team.

In addition to our news programs, we have begun adding special videos. You can view the most recent interview segments with a CIA professional is DarkCyber Exclusive: Litigation Likely for Short Selling.

More special video features are in the works. Remember. DarkCyber contains no demeaning “begging for dollars” pleas, no content marketing, and no subscription fees. As a result, DarkCyber videos and blog posts deliver information that may be difficult to locate and analysis that can cause consternation.

This week’s program is at https://vimeo.com/422426350.

Kenny Toth, May 26, 2020

Dark Web Marketplace Bans Fake Vaccine Sales

April 30, 2020

As the Internet’s underbelly, the dark web sells illegal drugs and weapons, child pornography, and one can even hire hit men. The dark web operates more on profit than a conscience. Inside Bitcoins, however, explains that there is one white knight out there: “Notable Dark Web Marketplace Bans COVID-19 Vaccine Sale.”

During the COVID-19 pandemic, governments have cracked down on brick and mortar as well as online retailers who jack up prices on important supplies: PPE, soap, hand sanitizer, bleach, disposable gloves, face masks, etc. They have also banned the sale of any so-called “cure” or “vaccine” for COVID-19. According to current health care news, there is not a cure for COVID-19. Health care professionals are actively researching for the cure, but it has not been discovered yet.

That does not mean people will not be fooled.

Monopoly Market is a popular dark web marketplace and it has banned the sale of any COVID-19 vaccines or cures. Since a cure does not exist right now, people could be buying and ingesting dangerous substances from the dark web. Other dark web marketplaces are not so ethical. So-called COVID-19 cures and vaccines are selling for hundreds of dollars.

It is nice to know that some black hat hackers are ethical:

“However, it’s also worth noting that Monopoly Market isn’t the only entity that has taken a stand against using the coronavirus to make money. Last month, popular cybersecurity blog Bleeping Computer confirmed that it had contacted seven ransomware operators concerning their plans for the virus. Two of those reportedly wrote back and confirmed that they won’t be targeting hospitals during the pandemic.”

While there are a few white knights, the majority of black hat hackers and dark web sellers do not care who they hurt as long as they can profit. Bad actors are bad actors, but one good act does not absolve them.

Whitney Grace, April 30, 2020

What Is Popular on the Dark Web? Contraband, Stolen Credentials, or Crime Training?

April 22, 2020

The answer, according to “What’s Hot on Dark Net Forums? Fraud Guides” reveals that training is popular. The finding comes from Terbium Labs, a cyber security firm in Maryland. DarkCyber noted this statement:

“Fraud guides” designed to assist cybercriminals in carrying out schemes that leverage stolen financial or personal data are the most common offerings on three prominent dark net marketplaces…

How much does it cost to learn how to be a criminal? The write up reports that the average cost of these guides is $3.88. A “bundle” of guides costs about $12.

The reason for the growth market, according to Terbium’s expert, is that people want to know how to leverage stolen financial data like bank account information.

Questions which the article prompts include:

  • Why aren’t cyber security solutions offered by Terbium’s peers not clamping down on personal information like credit card and financial data?
  • Is there a correlation between layoffs in the tech industry and the alleged surge in how to information?
  • Why are Dark Web sites thriving despite the clamp down by law enforcement in the US and elsewhere?

DarkCyber’s research suggests that the Dark Web offers non training products and services which account for a larger volume of business; for example, crime as a service.

Kenny Toth, April 22, 2020

Dark Web Ethicists? Maybe One or Two?

April 15, 2020

Believe it or not, ethical criminals do exist. At least to a point. The Independent describes the line Monopoly Market will not cross in it’s article, “Coronavirus: Dark Web Market Bans Drug Dealers Selling Fake Covid-19 Vaccines.” (The experts estimate we are at least 18 months away from developing a real vaccine.) The market also blocked sales of purported cures and related scarce supplies. Reporter Anthony Cuthbertson writes:

“The site is a relatively new market on the dark web, counting just over 100 active vendors who sell and ship illegal drugs to buyers in exchange for cryptocurrencies like bitcoin and monero. The warning to sellers comes amid a recent influx of coronavirus-related drugs and treatments advertised by scammers and criminals across dark web marketplaces. ‘Any vendor caught flogging goods as a “cure” to coronavirus will not only be permanently removed from this market but should be avoided like the Spanish flu,’ a Monopoly Market administrator wrote in a forum post. The site also forbids users from selling items that have been impacted by shortages, such as protective face masks and toilet roll. ‘You do not, under any circumstances use Covid-19 as a marketing tool,’ the post stated. ‘No magical cures, no silly f***ing mask selling, toilet paper selling. None of that b*******. We have class here.’”

Other dark web vendors are still peddling fake and vaccines and cures, to be sure. However, dark web forum discussions show even career cyber criminals feel that the gravity of this pandemic warrants restraint. Furthermore, sites that market illegal drugs are urging their vendors to use glasses, masks, and gloves while preparing their wares. Coming from a crowd that usually does not balk at stoking fears to make a profit, this attitude illustrates how severe the current situation is.

Cynthia Murrell, April 15, 2020

DarkCyber for April 14, 2020, Now Available

April 14, 2020

This week’s DarkCyber program contains three news stories and one feature. The program is available via Vimeo and YouTube.

Geospark Analytics is the subject of a DarkCyber profile. The company has a new president, a new partner, and a public podcast. What makes these announcements interesting is that most firms engaged in geolocation analysis maintain a low profile. DarkCyber points out the downside of attracting too much attention. Geospark Analytics, a start up, is likely to become a disruptor in what is a little known sector of the law enforcement and intelligence markets. The technology is directly germane to recent announcements about tracking individuals of interest.

DarkCyber reports that bad actors are going to great lengths to make credit card theft easy. The story explains the principal features of a new point-and-click way to obtain names, credit card data, and the codes printed on each card. Also, this type of “skimming crime” is going to be further automated. After paying a fee, the developer of the skimming system will automate the theft for the customer. How much does the service cost? About $1000 but if a customer does not have the cash a revenue split is available.

A 2014 report produced by the US Department of Justice suggests that predictive analytics may not be as reliable as some experts assert The original document was not available to the public, but it was obtained via a Freedom of Information request by a watch dog group this year. The 2014 report reveals information about the somewhat dismal performance of predictive analytics systems. The outputs of these systems from well-known vendors were not helpful to enforcement and legal officials. The DarkCyber story includes a link to the full report as well as a link to a recent analysis of predictive analytics systems efficacy in identifying life outcomes for young people. The results of both studies appear to call into question the reliability of some predictive software.

DarkCyber’s program concludes with a reminder that virtual private networks may not be private. An online news service identified a number of comparatively high-profile VPNs that are not particularly secure. A link to the source document and the name of three suspect services are provided.

DarkCyber is a production of Stephen E Arnold. Programs are released twice a month and provide news, analysis, interviews, and commentary about the Dark Web, cyber crime, and lesser known Internet services.

Programs are available on Vimeo and YouTube. For the current program, you are welcome to navigate to www.arnoldit.com/wordpress.

Kenny Toth, April 14, 2020

Dark Web Search: Specialized Services Are Still Better

March 26, 2020

Free Dark Web search is a hit-and-miss solution. In fact, “free” Dark Web search is often useless. Some experts do not agree with DarkCyber’s view, however. The reason is that these experts may not be aware of the specialized services available to government agencies and qualified licensees.

Here’s a recent example of cheerleading for a limited Dark Web search system.

A search engine does not exist for the Dark Web, until now says Digital Shadows in the article, “Dark Web Search Engine Kilos: Tipping The Scales InFavor Of Cybercrime.” Back in 2017, there used to be a search engine dubbed Grams that specialized in searching the Dark Web. It was taken down when its creator Larry Harmon, supposed operate of Helix the Bitcoin tumbling service. The Dark Web was search engine free, until November 2019 when Kilos debuted.

Kilos piggy backs on the same concept of Grams: using a Google-like search structure to locate illegal goods and services, bad actors, and cybercriminal marketplaces. Kilos has indexed more platforms, search functions, and includes many ways to ensure that users remain anonymous. Grams and Kilos are clearly linked based on the names that are units of measure.

Grams was the prominent search engine to use for the Dark Web, because it searched every where including Dream Market, Hansa, and AlphaBay and users could also hide their Bitcoin transactions via Helix. Grams did not have a powerful structure to crawl and index the Internet. Also it was expensive to maintain. This resulted in it going dark in 2017.

The argument is that Kilos is killing the Dark Web search scene as a more robust and powerful crawler/indexer. It already has indexed Samsara, Versus, Cannazon, CannaHome, and Cryptonia. Plus it has way more search functions to filter search results. Every day Kilos indexes more of the Dark Web’s content and has a unique feature Grams did not:

“Since the site’s creation in November 2019, the Kilos administrator has not only focused on increasing the site’s index but has also implemented updates and added new features and services to the site. These updates and features ensure the security and anonymity of its users but have also added a human element to the site not previously seen on dark web-based search engines, by allowing direct communication between the administrator and the users, and also between the users themselves.”

Kilos is adding more services to keep its users happy and anonymous. Among the upgrades are a CAPTCHA ranking system, faster search algorithm, a new Bitcoin mixer service, live chat, and ways to directly communicate with the administration.

Reading about Kilos sounds like an impressive search application startup, but wipe away the technology and its another tool to help bad actors hurt and break the system.

So what’s the issue? Kilos focuses on Dark Web storefronts, not the higher-value content in other Dark Web, difficult-to-index content pools.

But PR is PR, even in the Dark Web world.

Whitney Grace, March 26, 2020

DarkCyber for March 24, 2020, Now Available

March 24, 2020

DarkCyber for March 24, 2020, covers four stories. You can view the video on YouTube or on Vimeo.

The first story explains that phishing is a contentious issue in many organizations. Managers see phishing one way; information and security professionals often have a different view. The divide can create more vulnerabilities for organizations ignoring the escalating risk from weaponized email.

The second story provides some information about Banjo (a US firm engaged in providing specialized services to law enforcement) and BlueDot (a Canadian company applying advanced analysis to open source and limited access medical information). The story makes clear that the methods of these firms provide excellent insight into how some specialized software systems deliver high value intelligence to law enforcement and intelligence professionals worldwide.

The third story provides information about a Department of Justice report aimed at Dark Web researchers. The document is available without charge from the url provided in the program. Failure to follow the guidelines in the document can convert a researcher into a bad actor.

The final story reviews recent steps taken by the Russian government to exert tighter control over Internet applications. The affected software includes Tor and the Telegram Open Network. Mr. Putin has become Russia’s first digital tsar.

Kenny Toth, March 24, 2020

DOJ Suggestions for Threat Research and Cyber Intelligence Gathering

March 13, 2020

DarkCyber spotted “Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources.” The Department of Justice has assembled what a mini best practices for those who are gathering certain types of cyber security information; for example, Dark Web fora.

The document states:

The application of federal criminal law to activities occurring online can be complicated.

That should be a yellow warning signal to those who embark on digital journeys into certain parts of the datasphere. The document provides some information about different ways to gather information from online discussion groups.

Online storefronts can appear to provide a way to purchase products or services which, in some jurisdictions, are problematic.

The document is informative and, in DarkCyber’s opinion, a useful contribution to the literature related to obtaining threat intelligence.

Net net: Don’t intentionally or unintentionally become what some authorities would consider a criminal. Plus, any spelunking in certain areas of the datasphere can change a curious eager beaver into a target for bad actors.

Stephen E Arnold, March 13, 2020

Fighting Cyber Crime: New Approach Described by FBI

March 6, 2020

DarkCyber noted a report from ABC News called “FBI Working to ‘Burn Down’ Cyber Criminals’ Infrastructure.” The report states that “law enforcement agents are working to take out the tools that allow increasingly dangerous cyber criminals to carry out their devastating attacks.”

Some factoids appeared in the write up:

  • A 40 percent increase in ransomware attacks between 2018 and 2019
  • Ransomware has emerged as a major bad actor method
  • Foreign actors are using cyber attacks to steal information from certain vendors in the US.

As DarkCyber points out in the forthcoming March 10, 2020, video program many of the hacker tools are available as open source software. Programming languages widely taught in schools and online courses provide the equivalent of a tabula rasa for bad actors. An often overlooked source of “how to” information are instructional information, code snippets, and technical road maps distributed via online discussion groups. Dark Web resources exist, but there are bad actors advertising their software and expertise available via a standard Web browser. Will the infrastructure focus result in stepped up investigations of hosting providers?

This new approach illustrates a shift in response to the escalating risks associated with online connectivity.

Stephen E Arnold, March 6, 2020

Dark Web Bitcoin Mixer and Search Service Explained

February 17, 2020

Curious about the methods use to operate a Bitcoin mixer service. The idea is to disguise who owns a Bitcoin. Quite a few interesting details appear in an indictment dated May 7, 2019. The document is stamped “sealed,” but it was available online at this link on February 14, 2020. There was some information about Grams Helix that suggested the service operated from Moscow. But that is not correct. The tumbler service and the search engine were masterminded from Akron, Ohio. The IRS and other government agencies cooperated in the investigation.

Stephen E Arnold, February 17, 2020

Next Page »

  • Archives

  • Recent Posts

  • Meta