DarkCyber for July 17, 2018, Now Available

July 17, 2018

DarkCyber for July 17, 2018, is now available. You may view the nine minute news program about the Dark Web and lesser known Internet services at www.arnoldit.com/wordpress or Vimeo at this link. This week’s program covers:

This week’s program covers four stories.
The first story reviews the enhanced capabilities of Webhose.io’s Dark Web and Surface Web monitoring service. Tor Version 3 is supported. The content collection system can now access content on Dark Web and i2p services. Plus, Webhose’s system now scans compressed attachments and can access obfuscated sites with Captcha and user name and password requirements.

The second story reports that NSO, an Israeli intelligence services firm, suffered an insider breach. NSO’s Pegasus platform can extract email, text messages, SIM card and cell network information, GPS location data, keychain passwords, including Wi-Fi and router, and voice and image data. The NSO Pegasus system was advertised on the Dark Web. The insider was identified and arrested.

The third story takes a look at Dark Web money laundering services. Mixers, tumblers, and flip concepts are explained. These services are becoming more popular and are coming under closer scrutiny by law enforcement.

The fourth story explains Diffeo’s approach to next generation information access. Diffeo was one of the technology vendors for the Defense Advanced Research Projects Agency’s Memex Dark Web indexing program. The commercial version of Diffeo’s analytic tool is in use at major financial institutions and the US Department of Defense.


Kenny Toth, July 17, 2018

DarkCyber for July 10, 2018, Now Available

July 10, 2018

The DarkCyber video news program for July 10, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/278891411.

This week’s program includes four stories.

The first story reports that Brave has introduced Tor tabs. The security-centric browser makes obfuscated Internet access easier to implement. The system is activated with a mouse click. Users do not have to download, install, and configure the Tor software bundle. DarkCyber reveals how to get a beta copy of this Tor-equipped browser.

Second, facial recognition systems captured some space in the news cycle. The Annapolis police were able to identify the Capital Gazette shooter using a commercial facial recognition system. The accuracy of these systems is not usually discussed. DarkCyber reveals the accuracy achieved by systems from Chinese, Russian, and US vendors.

Stephen E Arnold, author of Dark Web Notebook, said: “Facial recognition systems generate false positives. This means that unless the system generates a high probability match, human investigators and analysts have to examine the matched images. With accuracy rates for the best systems achieving 70 percent, facial recognition is a work in progress.”

The third story explains how a person with python and network expertise can configure MalTrail to identify malicious network traffic. The open source solution makes it possible to avoid the costs and contractual work associated with commercial malicious traffic analysis systems. DarkCyber points out the important differences between commercial software and the open source equivalent.

The fourth story points to a free report from the security organization InfoSec. The document includes useful information about weaknesses identified in Tor botnets and sources of malicious software. DarkCyber provides the download information for this free report and recommends that those interested in malware obtain a copy.

Next week’s program features a report about the NSO Pegasus source code slip up and a new introduction to the video program.

Kenny Toth, July 10, 2018

Socially Dark: Communities in the Shade

July 4, 2018

Security-analysis firm Recorded Future demonstrates its capabilities in its recent blog post, “Dark Networks: Social Network Analysis of Dark Web Communities.” The write-up describes the methodology researchers used to mine social network data for clues to Dark Web social circles, so navigate there for the technical details. Data engineer Adrian Tirados delineates the three clusters, or communities, they found:

*Low-Tier Underground Forums: Usually free and open-access forums, with many novice members. Higher-Tier Dark Web Forums: The access is generally restricted through things like strict membership vetting, only hosting the site on Tor, or other requirements for access. Members of these sites are experienced and regarded as reputable by other members of the criminal community. Rippers (members that scam other members without delivering a good or service) are scarce, and rigorous banning is enforced in order to protect the community. Dark Web Markets: Market sites with listings of illicit services and goods, stolen credentials, credit card dumps, etc. The access is usually open, meaning that they do not require an existing member to vouch for new registrants. The presence of edges between the two forum clusters versus the almost complete disconnection of the market cluster shows that there is a greater division between forums and markets than there is between low-tier and higher-tier forums.”

The piece goes on to posit upon the difference, suggesting high-tier forum users visit lower-tier forums for information and self-promotion. Those visiting marketplaces seem uninterested in what the forums have to offer (though, of course, they could be checking them out under different names, Tirados allows). Launched in 2009, Recorded Future is headquartered in Somerville, Massachusetts, with offices in London; Washington, D.C.; and Göteborg, Sweden. They are also hiring as of this writing, in case any readers are interested.

Cynthia Murrell, July 4, 2018

DarkCyber for July 3, 2018, Now Available

July 3, 2018

DarkCyber for July 3, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/277849110 .

Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.

This week’s program covers four stories.

The first story reports that French authorities conducted multi-city simultaneous raids to take down Dark Hand. The Dark Web contraband site was operated by a housewife. Authorities seized digital currency and user and customer data.

Second, the Federal Bureau of Investigation has published the results of a study of active shooters. The report is available without charge and provides details about the demographics of active shooters. One set of data provides a snapshot of where active shooters obtain their weapons. One of the surprising findings revealed in the report is that most active shooters are over the age of 35.

The third story explains how an individual can use the open source SpiderFoot software to scour the regular and Dark Web for personal information. Instead of paying for a commercial service, the SpiderFoot system can be used effectively by an individual with some programming skills.

The fourth story reveals that Iran’s blocking of Telegram, a popular encrypted messaging application, had unexpected consequences. Despite the disruption of some Iranian government processes, censorship of the Internet is gaining momentum in Iran and other countries.

Kenny Toth, July 3, 2018

Dark Web News Reviews DarkCyber Video News about the Dark Web

July 2, 2018

The DarkCyber research team was surprised and honored with Dark Web News’s review of our weekly video news program. “DarkCyber: Weekly Video Series Explores the Dark Web in Depth” describes the weekly videos as a “well timed show.”

The core research team, working with Stephen E Arnold, consists of Cynthia Murrell, Patrick Roland, Whitney Grace, and Stuart Schram IV. On an on going basing, this team uses its “Overflight” system and other research tools to identify news about events, tools, and procedures which are related to the Dark Web, i2p, and related services such as encrypted chat, deanonymization of digital currency transactions, and intelligence-centric procedures, software, systems, and hardware.

The Dark Web News review stated:

A show such as Arnold’s DarkCyber has been long overdue.

That’s an important point.

Stephen E Arnold, the producer of the show, told Stuart Schram in an interview about the program review:

Dark Web News provides high value information to its readers. I wanted to provide a weekly video news program. Coverage of stories like the OxyMonster arrest, the Dark Web drug dealer housewife, tools like OSINT Framework, and the investigative procedures used in the Hansa case are not gathered in one place and explained in our eight to 10 minute program format. Our goal is to provide education plus useful information to those curious about the Dark Web and related services.

Funding for the program comes from Arnold Information Technology, and the program features no commercial advertising or paid endorsements. Note that DarkCyber sometimes includes information about Mr. Arnold’s books and lectures. As a result, the selection of what to cover is only influenced by the research team and by Mr. Arnold, not advertisers who pay to play in the DarkCyber information sandbox.

If you are not familiar with Dark Web News, we strongly recommend that you visit the online information services. You can find the story about DarkCyber plus a wealth of other cyber information at https://www.darkwebnews.com.

Also, you can locate the weekly program at the Beyond Search blog at www.arnoldit.com/wordpress and on Vimeo. You can also locate programs by searching Google, Google Video, YouTube, or Vimeo for “Arnold DarkCyber.”

Kenny Toth, July 2, 2018

DarkCyber for June 26, 2018 Now Available

June 26, 2018

This week’s DarkCyber is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/?276722659? .

DarkCyber’s story line up for this week’s program includes four stories.

First, the FBI and other US enforcement agencies shut down a child pornography ring. After a three month sweep, officials from 61 different law enforcement organizations identified 195 offenders, primarily in the United States.

Second, investigators arrested OxyMonster (aka Gal Vallerius). The bearded drug kingpin inadvertently leaked information about his identify via a mismanaged Bitcoin wallet. When arrested at the Atlanta airport, Mr. Vallerius sported a bright red orange beard. He also had documents revealing that he was a citizen of France, Israel, and the United Kingdom.

The third story provides information about Warwire’s image identification and analysis software. An investigator can automatically review, identify, classify, and metatag images from popular sites such as Facebook and Twitter. Data can be displayed on a map so that images related to a particular event or incident can be reviewed in a fraction of the time required for manual review of visual imagery.

The fourth story provides updated cybercrime statistics. Among the data presented in this week’s DarkCyber program is a revised estimate of the dollar value of illegal drugs, services, and transactions. Arnold also provides information about the growing financial impact of ransomware and compromised personal financial information.

Kenny Toth, June 26, 2018

DarkCyber for May 22, 2018, Now Available

May 22, 2018

The May 22, 2018 DarkCyber is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/270993972

This week’s story line up includes  … Russia increases the pressure on encrypted services… The end of Webstresser’s denial of service system… Tangem’s “just like paper money” Bitcoin bank notes… and scammers cultivate Orchid Labs with a fake initial coin offering.

Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.

Russia wants access to messages and online sessions conducted within its borders. The government has now taken steps to outlaw virtual private networks unless special conditions are met. The move to block VPNs follows the country’s blocking of encrypted messaging services. Although VPNs lead data, time and technical resources are required to make sense of the data flowing through a VPN. A ban or tight restrictions will allow authorities to access content and monitor activity more easily. As censorship and clamp downs increase, innovators will try to find ways to circumvent government barriers.

Crime as a service (CaaS) has become a popular way to generate revenue among some bad actors. A vendor doing business as Webstresser has been shut down by government authorities in the UK. The service was allegedly used to prevent certain online sites from serving their users. Among those organization affected by Webstresser’s ability to flood a targeted Web site with bogus traffic were several banks in England. Nevertheless, CaaS vendors continue to make their technology available via the Dark Web and other obfuscated services.

The third story highlights what amount to Bitcoin bank notes. Tangem has created a physical bank note which can be used a currency without having to go online and use a digital wallet. The breakthrough appears to be a low-cost, highly functional chip which is embedded in the physical bank note. Merchants can verify that the account has a positive balance using a mobile phone. The first trial of the Bitcoin bank note will be in Singapore with other locations to be announced in the near future. Stephen E Arnold said, “A physical form of Bitcoin may facilitate easier use of digital currency. Despite the technical innovations incorporated in the Tangem bank note, convenience will come at a price. Bad actors will find physical Bitcoin notes useful in illegal transactions because the anonymity of the transaction and the lack of regulation opens the door to unlawful commerce, money laundering, and purchases of contraband.”

The final story reveals that Orchid Labs, a developer of high-security technology, has been the target of a scam. Bad actors have created a bogus initial coin offering (ICO). However, the digital currency does not benefit Orchid Labs. The funds flow to the bad actors. In May 2018, Orchid Labs wrote individuals on the company’s mailing list in order to explain the same.

A special report about one of the DarkCyber’s most interesting research findings will be released on June 5, 2018.

Kenny Toth, May 22, 2018

DarkCyber for May 8, 2018, Now Available

May 8, 2018

DarkCyber for May 8, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/268247100

Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.

Terrogence, a business unit of Verint, has developed a specialized image collection and search system. The focus is on identifying bad actors. Images are harvested from a wide range of sources, and the images are indexed. Verint also offers a robust FaceDetect system, which when combined with Verint’s other technologies and engineering capabilities provides a number of high-value functions for investigators. However, China has made significant advances in facial recognition as well. The key point is that real-time facial recognition technology has diffused around the world. No single country or region dominates this technical field. Although consumer applications of facial recognition technology are reducing flight boarding times, facial recognition is an amplifier for law enforcement. What once took days or weeks can now be accomplished in minutes or hours.

Chemistry majors know that fabricating a synthetic opioid, if not particularly complicated, requires time, expertise, and attention to detail. Bulk 4-ANPP can be acquired via transactions on the hidden Internet, shipped to a country (for example, Mexico), and then smuggled into the US. With this intermediate, street grade fentanyl can be manufactured quickly. Due to the small size of some fentanyl doses, drug orders can be sent via traditional package and letter delivery systems. Fentanyl is, ounce for ounce, significantly more profitable for drug dealers to handle.opioid More aggressive and stringent parcel per-screening may be needed to deal with this type of contraband.

Since the ground breaking FBI PlayPen operation, a number of “seize and operate” stings have neutralized some bad actors. A recent operation in Ohio resulted in the arrest of bad actors who had in their possession more than 250,000 child pornography (CP) images and videos. Operation Pacifier was a success, resulting in the identification of 300 individuals, 55 of whom were hands-on child abusers. Despite the success of CP operations in the US and the UK, child sex abuse remains a serious, world-wide problem.

The final story describes an allegedly fool proof way to allow law enforcement to access encrypted messages. DarkCyber reports that the idea of solving two complicated problems is interesting. However, what a human has crafted can be solved by a human. The academic researchers’ proposed method is likely to be less useful than techniques developed by policeware vendors. DarkCyber believes than one large online vendor will be introducing capabilities which may be more useful to law enforcement. The patented method will be profiled in Stephen E Arnold’s “Deanonymizing Digital Currency Transactions at the Telestrategies ISS conference in Prague in June 2018.

Kenny Toth, May 8, 2018

An Interesting Use of Instagram

April 24, 2018

There is an opioid dealer nearby. In fact, this drug kingpin is not standing on the corner or lurking on college campuses, this supplier is right at your fingertips. Thanks to a recent article, the plague of drug sales through popular and public social media platforms has caught the attention of some powerful people. We learned about these developments in a recent Wired article, “One Woman Got Facebook to Police Opioid Sales on Instagram.”

While it’s a little confusing, the basic story goes that one woman who discovered opioid sales on Instagram (which is owned by Facebook) reached out to Facebook, urging them to take action, through a rival social platform, Twitter. The tactic worked, even getting the FDA involved.

According to the story:

“It shouldn’t take this much effort to get people to realize that you have some responsibility for the stuff on your platform…A 13 year old could do this search and realize there’s bad stuff on your platform — and probably has — you don’t need the commissioner of the FDA to tell you that.”

However, the act of policing drug sales on social media platforms and the dark web is not as easy as one might think. Yes, they shut down offending accounts, but beyond that there is little that can be done. According to the story, it outlawed certain hashtags, like it had done before. “Instagram previously restricted the drug-related hashtags, #Xanax and #Xanaxbar and banned #weedforsale and #weed4sale.”

It’s a small step, but hopefully one that will lead to greater and greater progress. For more information, learn more about CyberOSINT: Next Generation Information Access here.

Patrick Roland, April 24, 2018

DarkCyber for April 24, 2018, Now Available

April 24, 2018

DarkCyber for April 124, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/266003727 .

Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.

This week’s lead story focuses on universities as unwitting accomplices for student cyber criminals. Five students at Manchester University began selling drugs via SilkRoad. The students “graduated” to their own brand and branched out. Before UK law enforcement shut down the students’ operation, more than 6,000 drug sales were completed. Plus, university computer systems have become targets for malicious crypto currency mining operations. A student can take classes in computer science and be up and scamming quickly.

Stephen E Arnold, producer of DarkCyber and author of “CyberOSINT: Next Generation Information Access” said: “The combination of easy access to high-value information about programming and computer systems plus the lure of easy money can turn a good student into a good criminal. Universities, despite their effort to implement more robust security, are targets for bad actors. Students can operate Dark Web businesses from their campus residence. Outsiders can exploit the institution’s computer system in order to install crypto currency mining software. At this time, colleges and universities are in a cat and mouse game with high stakes and stiff penalties for students, administrators, and school security professionals.”

DarkCyber revisits the security of virtual private networks. This week’s program answers a viewer’s question about improving the security of a VPN. In addition to changing the ports the VPN uses, DarkCyber points out that a tech savvy individual can operate his or her own VPN or use additional specialized software to shore up the often leaky security many VPN services provide.

Vendors of “policeware” are generally unknown to most tech professionals. DarkCyber highlights a new, UK based company doing business as Grey Heron. The company offers a range of cyber security services. The firm’s staff appears to include individuals once affiliated with the Hacking Team, another policeware vendor which found itself the victim of a cyber attack two years ago. If Gray Heron taps the Hacking Team’s technical talent, the firm may make an impact in this little known sector of the software market.

The final story in DarkCyber for April 24, 2018, highlights several findings from a study sponsored by Bromium, a cyber security company. The researchers at a UK university gathered data which provide some surprising and interesting information about the Dark Web. For example, the new report asserts that more than $200 billion is laundered on the Dark Web in a single year. If true, these newly revealed research data provide hard metrics about the role of digital currency in today’s online economy.

Beginning in May 2018, coverage of the Dark Web and related subjects will be increased within Beyond Search.

Kenny Toth, April 24, 2018

Next Page »

  • Archives

  • Recent Posts

  • Meta