Dark Web and Identity
July 24, 2018
Many in the media are making the Dark Web out to be a boogie man who will steal your identity and ruin your life. While that is possible, a greater threat lurks out there on the regular everyday Web that we all use. A fascinating recent study discovered that we are extremely vulnerable to anyone looking for our personal data. We learned just how vulnerable in a recent Which? story, “How The Internet Reveals Your Personal Data Secrets.”
According to the story, when 14 hackers were paid to do a test run and look for dirt on everyday citizens:
“None of the personal data sources we found were on the ‘dark web’ – a phrase that describes websites accessible only by a specialist browser geared up for anonymity. We were able to discover passwords and password hints, email and postal addresses, dates of birth, phone numbers, middle names and even signatures. There was also a wealth of ‘softer’ information revealing people’s interests, hobbies, religion and political preferences.”
If that isn’t enough to scare you, consider that the place where we are supposed to feel the most safe, is actually a hotbed of identity theft. According to US News and World Report, your doctor’s medical files on you is an ID thief’s dream come true.
Patrick Roland, July 24, 2018
DarkCyber for July 24, 2018, Now Available
July 24, 2018
DarkCyber for July 24, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/281132690 .
Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.
This week’s program covers five Dark Web and security related stories.
The first story reports that a hacker stole technical details of the hunter killer MQ9 Reaper drone. These documents were offered for sale on a Dark Web eCommerce site. The documents in the wrong hands could lead to a bad actor’s development of jamming technology.
Second, the consumerization of encrypted blockchain services is accelerating. The Chinese electronics giant Huawei has announced that it will release a blockchain enable mobile phone in the fall of 2018. The idea is to make it easy to use digital currency from a mobile device. Each device can function as a node on the network which would expand the use of digital currency.
Third, Opera has released as a beta product of its flagship browser with a built in digital currency wallet. The implementation eliminates most of the technical complexity associated with using Bitcoin or other digital currencies. Stephen E Arnold, author of Dark Web Notebook, said: “Consumerization of encrypted services can be a plus for some business transactions. However, if the user of the encrypted services engages in illegal activity, the challenge for law enforcement becomes significantly more difficult for some investigations.”
The fourth story reports that German authorities are stepping up certain Tor related activities. Operators of Tor nodes and computers providing Tor relay services were seized in multiple locations in the country. German authorities allegedly wanted information about the use of Tor as well as the names of individuals who have contributed money to the US based Tor Project, a non profit organization sponsoring the development of the Tor software bundle.
The final story discloses that Mozambique has developed a fast growing heroin smuggling industry. The infrastructure used by the bad actors is based on mobile phones and WhatsApp messaging software. The heroin business now rivals Mozambique’s coal exporting business in revenue.
DarkCyber is released weekly on Tuesday at 0130 am US Eastern time.
Kenny Toth, July 24, 2018
DarkCyber for July 17, 2018, Now Available
July 17, 2018
DarkCyber for July 17, 2018, is now available. You may view the nine minute news program about the Dark Web and lesser known Internet services at www.arnoldit.com/wordpress or Vimeo at this link. This week’s program covers:
This week’s program covers four stories.
The first story reviews the enhanced capabilities of Webhose.io’s Dark Web and Surface Web monitoring service. Tor Version 3 is supported. The content collection system can now access content on Dark Web and i2p services. Plus, Webhose’s system now scans compressed attachments and can access obfuscated sites with Captcha and user name and password requirements.
The second story reports that NSO, an Israeli intelligence services firm, suffered an insider breach. NSO’s Pegasus platform can extract email, text messages, SIM card and cell network information, GPS location data, keychain passwords, including Wi-Fi and router, and voice and image data. The NSO Pegasus system was advertised on the Dark Web. The insider was identified and arrested.
The third story takes a look at Dark Web money laundering services. Mixers, tumblers, and flip concepts are explained. These services are becoming more popular and are coming under closer scrutiny by law enforcement.
The fourth story explains Diffeo’s approach to next generation information access. Diffeo was one of the technology vendors for the Defense Advanced Research Projects Agency’s Memex Dark Web indexing program. The commercial version of Diffeo’s analytic tool is in use at major financial institutions and the US Department of Defense.
Enjoy.
Kenny Toth, July 17, 2018
DarkCyber for July 10, 2018, Now Available
July 10, 2018
The DarkCyber video news program for July 10, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/278891411.
This week’s program includes four stories.
The first story reports that Brave has introduced Tor tabs. The security-centric browser makes obfuscated Internet access easier to implement. The system is activated with a mouse click. Users do not have to download, install, and configure the Tor software bundle. DarkCyber reveals how to get a beta copy of this Tor-equipped browser.
Second, facial recognition systems captured some space in the news cycle. The Annapolis police were able to identify the Capital Gazette shooter using a commercial facial recognition system. The accuracy of these systems is not usually discussed. DarkCyber reveals the accuracy achieved by systems from Chinese, Russian, and US vendors.
Stephen E Arnold, author of Dark Web Notebook, said: “Facial recognition systems generate false positives. This means that unless the system generates a high probability match, human investigators and analysts have to examine the matched images. With accuracy rates for the best systems achieving 70 percent, facial recognition is a work in progress.”
The third story explains how a person with python and network expertise can configure MalTrail to identify malicious network traffic. The open source solution makes it possible to avoid the costs and contractual work associated with commercial malicious traffic analysis systems. DarkCyber points out the important differences between commercial software and the open source equivalent.
The fourth story points to a free report from the security organization InfoSec. The document includes useful information about weaknesses identified in Tor botnets and sources of malicious software. DarkCyber provides the download information for this free report and recommends that those interested in malware obtain a copy.
Next week’s program features a report about the NSO Pegasus source code slip up and a new introduction to the video program.
Kenny Toth, July 10, 2018
Socially Dark: Communities in the Shade
July 4, 2018
Security-analysis firm Recorded Future demonstrates its capabilities in its recent blog post, “Dark Networks: Social Network Analysis of Dark Web Communities.” The write-up describes the methodology researchers used to mine social network data for clues to Dark Web social circles, so navigate there for the technical details. Data engineer Adrian Tirados delineates the three clusters, or communities, they found:
*Low-Tier Underground Forums: Usually free and open-access forums, with many novice members. Higher-Tier Dark Web Forums: The access is generally restricted through things like strict membership vetting, only hosting the site on Tor, or other requirements for access. Members of these sites are experienced and regarded as reputable by other members of the criminal community. Rippers (members that scam other members without delivering a good or service) are scarce, and rigorous banning is enforced in order to protect the community. Dark Web Markets: Market sites with listings of illicit services and goods, stolen credentials, credit card dumps, etc. The access is usually open, meaning that they do not require an existing member to vouch for new registrants. The presence of edges between the two forum clusters versus the almost complete disconnection of the market cluster shows that there is a greater division between forums and markets than there is between low-tier and higher-tier forums.”
The piece goes on to posit upon the difference, suggesting high-tier forum users visit lower-tier forums for information and self-promotion. Those visiting marketplaces seem uninterested in what the forums have to offer (though, of course, they could be checking them out under different names, Tirados allows). Launched in 2009, Recorded Future is headquartered in Somerville, Massachusetts, with offices in London; Washington, D.C.; and Göteborg, Sweden. They are also hiring as of this writing, in case any readers are interested.
Cynthia Murrell, July 4, 2018
DarkCyber for July 3, 2018, Now Available
July 3, 2018
DarkCyber for July 3, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/277849110 .
Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.
This week’s program covers four stories.
The first story reports that French authorities conducted multi-city simultaneous raids to take down Dark Hand. The Dark Web contraband site was operated by a housewife. Authorities seized digital currency and user and customer data.
Second, the Federal Bureau of Investigation has published the results of a study of active shooters. The report is available without charge and provides details about the demographics of active shooters. One set of data provides a snapshot of where active shooters obtain their weapons. One of the surprising findings revealed in the report is that most active shooters are over the age of 35.
The third story explains how an individual can use the open source SpiderFoot software to scour the regular and Dark Web for personal information. Instead of paying for a commercial service, the SpiderFoot system can be used effectively by an individual with some programming skills.
The fourth story reveals that Iran’s blocking of Telegram, a popular encrypted messaging application, had unexpected consequences. Despite the disruption of some Iranian government processes, censorship of the Internet is gaining momentum in Iran and other countries.
Kenny Toth, July 3, 2018
Dark Web News Reviews DarkCyber Video News about the Dark Web
July 2, 2018
The DarkCyber research team was surprised and honored with Dark Web News’s review of our weekly video news program. “DarkCyber: Weekly Video Series Explores the Dark Web in Depth” describes the weekly videos as a “well timed show.”
The core research team, working with Stephen E Arnold, consists of Cynthia Murrell, Patrick Roland, Whitney Grace, and Stuart Schram IV. On an on going basing, this team uses its “Overflight” system and other research tools to identify news about events, tools, and procedures which are related to the Dark Web, i2p, and related services such as encrypted chat, deanonymization of digital currency transactions, and intelligence-centric procedures, software, systems, and hardware.
The Dark Web News review stated:
A show such as Arnold’s DarkCyber has been long overdue.
That’s an important point.
Stephen E Arnold, the producer of the show, told Stuart Schram in an interview about the program review:
Dark Web News provides high value information to its readers. I wanted to provide a weekly video news program. Coverage of stories like the OxyMonster arrest, the Dark Web drug dealer housewife, tools like OSINT Framework, and the investigative procedures used in the Hansa case are not gathered in one place and explained in our eight to 10 minute program format. Our goal is to provide education plus useful information to those curious about the Dark Web and related services.
Funding for the program comes from Arnold Information Technology, and the program features no commercial advertising or paid endorsements. Note that DarkCyber sometimes includes information about Mr. Arnold’s books and lectures. As a result, the selection of what to cover is only influenced by the research team and by Mr. Arnold, not advertisers who pay to play in the DarkCyber information sandbox.
If you are not familiar with Dark Web News, we strongly recommend that you visit the online information services. You can find the story about DarkCyber plus a wealth of other cyber information at https://www.darkwebnews.com.
Also, you can locate the weekly program at the Beyond Search blog at www.arnoldit.com/wordpress and on Vimeo. You can also locate programs by searching Google, Google Video, YouTube, or Vimeo for “Arnold DarkCyber.”
Kenny Toth, July 2, 2018
DarkCyber for June 26, 2018 Now Available
June 26, 2018
This week’s DarkCyber is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/?276722659? .
DarkCyber’s story line up for this week’s program includes four stories.
First, the FBI and other US enforcement agencies shut down a child pornography ring. After a three month sweep, officials from 61 different law enforcement organizations identified 195 offenders, primarily in the United States.
Second, investigators arrested OxyMonster (aka Gal Vallerius). The bearded drug kingpin inadvertently leaked information about his identify via a mismanaged Bitcoin wallet. When arrested at the Atlanta airport, Mr. Vallerius sported a bright red orange beard. He also had documents revealing that he was a citizen of France, Israel, and the United Kingdom.
The third story provides information about Warwire’s image identification and analysis software. An investigator can automatically review, identify, classify, and metatag images from popular sites such as Facebook and Twitter. Data can be displayed on a map so that images related to a particular event or incident can be reviewed in a fraction of the time required for manual review of visual imagery.
The fourth story provides updated cybercrime statistics. Among the data presented in this week’s DarkCyber program is a revised estimate of the dollar value of illegal drugs, services, and transactions. Arnold also provides information about the growing financial impact of ransomware and compromised personal financial information.
Kenny Toth, June 26, 2018
DarkCyber for May 22, 2018, Now Available
May 22, 2018
The May 22, 2018 DarkCyber is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/270993972
This week’s story line up includes … Russia increases the pressure on encrypted services… The end of Webstresser’s denial of service system… Tangem’s “just like paper money” Bitcoin bank notes… and scammers cultivate Orchid Labs with a fake initial coin offering.
Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.
Russia wants access to messages and online sessions conducted within its borders. The government has now taken steps to outlaw virtual private networks unless special conditions are met. The move to block VPNs follows the country’s blocking of encrypted messaging services. Although VPNs lead data, time and technical resources are required to make sense of the data flowing through a VPN. A ban or tight restrictions will allow authorities to access content and monitor activity more easily. As censorship and clamp downs increase, innovators will try to find ways to circumvent government barriers.
Crime as a service (CaaS) has become a popular way to generate revenue among some bad actors. A vendor doing business as Webstresser has been shut down by government authorities in the UK. The service was allegedly used to prevent certain online sites from serving their users. Among those organization affected by Webstresser’s ability to flood a targeted Web site with bogus traffic were several banks in England. Nevertheless, CaaS vendors continue to make their technology available via the Dark Web and other obfuscated services.
The third story highlights what amount to Bitcoin bank notes. Tangem has created a physical bank note which can be used a currency without having to go online and use a digital wallet. The breakthrough appears to be a low-cost, highly functional chip which is embedded in the physical bank note. Merchants can verify that the account has a positive balance using a mobile phone. The first trial of the Bitcoin bank note will be in Singapore with other locations to be announced in the near future. Stephen E Arnold said, “A physical form of Bitcoin may facilitate easier use of digital currency. Despite the technical innovations incorporated in the Tangem bank note, convenience will come at a price. Bad actors will find physical Bitcoin notes useful in illegal transactions because the anonymity of the transaction and the lack of regulation opens the door to unlawful commerce, money laundering, and purchases of contraband.”
The final story reveals that Orchid Labs, a developer of high-security technology, has been the target of a scam. Bad actors have created a bogus initial coin offering (ICO). However, the digital currency does not benefit Orchid Labs. The funds flow to the bad actors. In May 2018, Orchid Labs wrote individuals on the company’s mailing list in order to explain the same.
A special report about one of the DarkCyber’s most interesting research findings will be released on June 5, 2018.
Kenny Toth, May 22, 2018
DarkCyber for May 8, 2018, Now Available
May 8, 2018
DarkCyber for May 8, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/268247100
Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.
Terrogence, a business unit of Verint, has developed a specialized image collection and search system. The focus is on identifying bad actors. Images are harvested from a wide range of sources, and the images are indexed. Verint also offers a robust FaceDetect system, which when combined with Verint’s other technologies and engineering capabilities provides a number of high-value functions for investigators. However, China has made significant advances in facial recognition as well. The key point is that real-time facial recognition technology has diffused around the world. No single country or region dominates this technical field. Although consumer applications of facial recognition technology are reducing flight boarding times, facial recognition is an amplifier for law enforcement. What once took days or weeks can now be accomplished in minutes or hours.
Chemistry majors know that fabricating a synthetic opioid, if not particularly complicated, requires time, expertise, and attention to detail. Bulk 4-ANPP can be acquired via transactions on the hidden Internet, shipped to a country (for example, Mexico), and then smuggled into the US. With this intermediate, street grade fentanyl can be manufactured quickly. Due to the small size of some fentanyl doses, drug orders can be sent via traditional package and letter delivery systems. Fentanyl is, ounce for ounce, significantly more profitable for drug dealers to handle.opioid More aggressive and stringent parcel per-screening may be needed to deal with this type of contraband.
Since the ground breaking FBI PlayPen operation, a number of “seize and operate” stings have neutralized some bad actors. A recent operation in Ohio resulted in the arrest of bad actors who had in their possession more than 250,000 child pornography (CP) images and videos. Operation Pacifier was a success, resulting in the identification of 300 individuals, 55 of whom were hands-on child abusers. Despite the success of CP operations in the US and the UK, child sex abuse remains a serious, world-wide problem.
The final story describes an allegedly fool proof way to allow law enforcement to access encrypted messages. DarkCyber reports that the idea of solving two complicated problems is interesting. However, what a human has crafted can be solved by a human. The academic researchers’ proposed method is likely to be less useful than techniques developed by policeware vendors. DarkCyber believes than one large online vendor will be introducing capabilities which may be more useful to law enforcement. The patented method will be profiled in Stephen E Arnold’s “Deanonymizing Digital Currency Transactions at the Telestrategies ISS conference in Prague in June 2018.
Kenny Toth, May 8, 2018
-
- Subscribe to Beyond Search
Feature archive
News archive
-
