Google Wants ISIS to Stay Off the Regular Web
January 29, 2016
Propaganda from the Islamic State (Isis) exists not only in the Dark Web, but is also infiltrating the familiar internet. A Wired article discusses the best case scenario to stop such information from spreading in their article Google: ISIS must be ‘contained to the Dark Web’. Google describes ISIS only existing in the Dark Web as success. This information helps explain why,
“As Isis has become more prominent in Syria and Iraq, social media, alongside traditional offline methods, have have been used to spread the group’s messages and recruit members. In 2014 analysis of the group’s online activity showed that they routinely hijack hashtags, use bots, and post gruesome videos to Twitter, Facebook, and YouTube. The UK’s internet counter terrorism unit claims to remove 1,000 illegal pieces of terrorism related content from the internet each week — it says that roughly 800 of these are to do with Syria and Iraq. The group claims in the 12 months before June 2012 that 39,000 internet takedowns were completed.”
The director of Google Ideas is quoted as describing ISIS’ tactics ranging from communication to spamming to typical email scams; he explains they are not “tech-savy.” Unfortunately, tech chops is not a requirement for effective marketing, so the question still remains whether containing this group and their messages to the Dark Web is possible — and whether that means success with growing numbers of people using the Dark Web.
Megan Feil, January 29, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Trust and Security Lessons Offered by the Dark Web
January 27, 2016
Spreading lessons about trust is not what most people think when they think of the drug dealers, hackers and cyber criminals of the Dark Web, but an article from Medium begs to differ. Let’s hear it for the bad guys: What the Dark Web can teach us about trust focuses on the idea that these “bad guys” are successfully and efficiently making transactions, ultimately based on trust. The article states:
“Crucially, they offer the same kind of reliability of experience rather than ripping people off, thus creating a sustainable business model. Transactions are made using digital currency Bitcoin and are recorded and verified through a distributed public ledger called the block chain. In this way, such sites build trust by offering a straightforward transaction built on transparency, albeit achieved with complete anonymity.”
This trust may be seen as missing from many internet sites where collection of personal data is the price of admission; the Dark Web offers an alternative with the promise of information not being tracked. Ironically, the issue of information being collected, albeit through other means, and sold through channels in the Dark Web means the problem of security is not eradicated.
Megan Feil, January 27, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Cybercrime as a Service Drives Cyber Attacks on Uber Accounts and More
January 26, 2016
Several articles lately have shined light on the dynamics at play in the cybercriminal marketplaces of the Dark Web; How much is your Uber account worth?, for example, was recently published on Daily Mail. Summarizing a report from security researchers at Trend Micro for CNBC, the article explains this new information extends the research previously done by Intel Security’s The Hidden Data Economy report. Beyond describing the value hierarchy where Uber and Paypal logins cost more than social security numbers and credit cards, this article shares insights on the bigger picture,
“’Like any unregulated, efficient economy, the cybercrime ecosystem has quickly evolved to deliver many tools and services to anyone aspiring to criminal behavior,’ said Raj Samani, chief technology officer for Intel Security EMEA. ‘This “cybercrime-as-a-service” marketplace has been a primary driver for the explosion in the size, frequency, and severity of cyber attacks.
‘The same can be said for the proliferation of business models established to sell stolen data and make cybercrime pay.’”
Moving past the shock value of the going rates, this article draws our attention to the burgeoning business of cybercrime. Similarly to the idea that Google has expanded the online ecosystem by serving as a connector, it appears marketplaces in the Dark Web may be carving out a similar position. Quite the implications when you consider the size of the Dark Web.
Megan Feil, January 26, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Hackers Opt for Netflix and Uber over Credit Card Theft on Dark Web
January 25, 2016
It is no surprise that credit cards and other account information is sold on the Dark Web but which accounts are most valuable might surprise. Baiting us to click, the article It turns out THIS is more valuable to hackers than your stolen credit card details on the United Kingdom’s Express offers the scoop on the going rate of various logins cybercriminals are currently chasing. Hacked Uber, Paypal and Netflix logins are the most valuable. The article explains,
“Uber rolled-out multi-factor authentication in some markets last year which decreased the value of stolen account details on the Dark Web, the International Business Times reported. According to the Trend Micro study, the price for credit cards is so comparatively low because banks have advanced techniques to detect fraudulent activity.”
The sales of these accounts are under $10 each, and according to the article, they seem to actually be used by the thief. Products and experiences, as consumable commodities, are easier to steal than cash when organizations fail to properly protect against fraudulent activity. The takeaway seems to be obvious.
Megan Feil, January 25, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
A Death of Dark Web Weapons
January 20, 2016
President Obama recently announced some executive orders designed to curb gun violence; one of these moves, according to the U.S. Attorney General, specifically targets weapon purchases through the Dark Web. However, Deep.Dot.Web asks, “Do People Really Buy Weapons from Dark Web Markets?” Not many of them, as it turns out. Reporter Benjamin Vitáris writes:
“Fast Company made an interview with Nicolas Christin, assistant research professor of electrical and computer engineering at Carnegie Mellon University (CMU). The professor is one of the researchers behind a recent deep-dive analysis of sales on 35 marketplaces from 2013 to early 2015. According to him, dark web gun sales are pretty uncommon: ‘Weapons represent a very small portion of the overall trade on anonymous marketplaces. There is some trade, but it is pretty much negligible.’ On the dark net, the most popular niche is drugs, especially, MDMA and marijuana, which takes around 25% of sales on the dark web, according to Christin’s analysis. However, weapons are so uncommon that they were put into the ‘miscellaneous’ category, along with drug paraphernalia, electronics, tobacco, viagra, and steroids. These together takes 3% of sales.”
Vitáris notes several reasons the Dark Web is not exactly a hotbed of gun traffic. For one thing, guns are devilishly difficult to send through the mail. Then there’s the fact that, with current federal and state laws, buying a gun in person is easier than through dark web markets in most parts of the U.S.; all one has to do is go to the closest gun show. So, perhaps, targeting Dark Web weapon sales is not the most efficient thing we could do to keep guns away from criminals.
Cynthia Murrell, January 20, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Dark Web: How Big Is It?
January 11, 2016
I read “Big Data and the Deep, Dark Web.” The write up raises an important point. I question the data, however.
First, there is the unpleasant task of dealing with terminology. A number of different phrases appear in the write up; for example:
- Dark Web
- Deep Web
- Surface Web
- Web World Wide
Getting hard data about the “number” of Web pages or Web sites is an interesting problem. I know that popular content gets indexed frequently. That makes sense in an ad-driven business model. I know that less frequently indexed content often is an unhappy consequence of resource availability. It takes time and money to index every possible link on each index cycle. I know that network latency can cause an indexing system to move on to another, more responsive site. Then there is bad code, intentional obfuscation such as my posting content on Xenky.com for those who attend my LEA/Intelligence lectures sponsored by Telestrategies in information friendly Virginia.
Then what is the difference between the Surface Web, which I call the Clear Web which allows access to a Wall Street Journal article when I click a link from one site and not from another. The Wall Street Journal requires a user name and password—sometimes. So what is this? A Clear Web site or a visible, not accessible site?
The terminology is messy.
Bright Planet coined the Deep Web moniker decades ago. The usage was precise: These are sites which are not static; for example dynamically generated Web pages. An example would be the Southwest Airlines fare page. A user has to click in order to get the pricing options. Bright Planet also included password protected sites. Examples range from a company’s Web page for employees to sites which require the user to pay money to gain access.
Then we have the semi exciting Dark Web, which can also be referenced as the Hidden Web.
Most folks writing about the number of Web sites or Web pages available in one of these collections are pretty much making up data.
Here’s an example of fanciful numerics. Note the disclaimers which is a flashing yellow caution light for me:
Accurately determining the size of the deep web or the dark web is all but impossible. In 2001, it was estimated that the deep web contained 7,500 terabytes of information. The surface web, by comparison, contained only 19 terabytes of content at the time. What we do know is that the deep web has between 400 and 550 times more public information than the surface web. More than 200,000 deep web sites currently exist. Together, the 60 largest deep web sites contain around 750 terabytes of data, surpassing the size of the entire surface web by 40 times. Compared with the few billion individual documents on the surface web, 550 billion individual documents can be found on the deep web. A total of 95 percent of the deep web is publically accessible, meaning no fees or subscriptions.
Where do these numbers come from? How many sites require Tor to access their data. I am working on my January Webinar for Telestrategies. Sorry. Attendance is limited to those active in LEA/Intelligence/Security. I queried one of the firm’s actively monitoring and indexing Dark Web content. That company which you may want to pay attention to is Terbium Labs. Visit them at www.terbiumlabs.com. Like most of the outfits involved in Dark Web analytics, certain information is not available. I was able to get some ball park figures from one of the founders. (He is pretty good with counting since he is a sci-tech type with industrial strength credentials in the math oriented world of advanced physics.
Here’s the information I obtained which comes from Terbium Labs’s real time monitoring of the Dark Web:
We [Terbium Labs] probably have the most complete picture of it [the Dark Web] compared to most anyone out there. While we don’t comment publicly on our specific coverage, in our estimation, the Dark Web, as we loosely define it, consists of a few tens of thousands or hundreds of thousands of domains, including light web paste sites and carding forums, Tor hidden services, i2p sites, and others. While the Dark Web is large enough that it is impossible to comprehensively consume by human analysts, compared with the billion or so light web domains, it is relatively compact.
My take is that the Dark Web is easy to talk about. it is more difficult to obtained informed analysis of the Dark Web, what is available, which sites are operated by law enforcement and government agencies which sites are engaged actively is Dark Web commerce, information exchange, publishing, and other tasks.
One final point: The Dark Web uses Web protocols. In a sense, the Dark Web is little more than a suburb of the metropolis that Google indexes selectively. For more information about the Dark Web and its realities, check out my forthcoming Dark Web Notebook. If you want to reserve a copy, email benkent2020 at yahoo dot com. LEA, intel, and security professionals get a discount. Others pay $200 per copy.
Stephen E Arnold, January 11, 2016
Tor-n Agenda? Good Question
January 11, 2016
I want to steer clear of the thrashing about the Tor Project. I do want to point you to the blurring of the lines between the Clear or Open Web (what you can see in Firefox or Chrome) and the Dark Web (what you can access via the Tor software bundle). My view is that the boundary between open and closed Webs is getting broader.
Navigate to “Two Months after FBI Debacle, Tor Project Still Can’t Get an Answer from CMU.” The write up is about understanding what academics can do and what they cannot talk about.
The write up also talks about “defensive” issues related to Tor. Among the most important are increasingly consumer-y apps; for example, Mumble. The issue of US government funding has some interesting implications.
I learned in the write up:
I would like to see Tor funded to the point where they’re not funded in the way they grow the network based on funding priorities. I would like to see Tor respected as a freedom-enhancing technology, and I’d like to see the world not throwing negative stuff in there along with it. I want them to get that this is really important.
The statement comes from Shari Steele, Executive Director of the Tor Project.
How will the concept of Tor usage mesh with that of those who fund the system? Worth watching.
Stephen E Arnold, January 11, 2016
Dark Web and Tor Investigative Tools Webinar
January 5, 2016
Telestrategies announced on January 4, 2016, a new webinar for active LEA and intel professionals. The one hour program is focused on tactics, new products, and ongoing developments for Dark Web and Tor investigations. The program is designed to provide an overview of public, open source, and commercial systems and products. These systems may be used as standalone tools or integrated with IBM i2 ANB or Palantir Gotham. More information about the program is available from Telestrategies. There is no charge for the program. In 2016, Stephen E Arnold’s new Dark Web Notebook will be published. More information about the new monograph upon which the webinar is based may be obtained by writing benkent2020 at yahoo dot com.
Stephen E Arnold, January 5, 2016
They Hid in Plain Sight
December 28, 2015
Those who carried out last November’s attacks in Paris made their plans in the open, but intelligence agencies failed to discover and thwart those plans beforehand. TechDirt reveals “Details of How The Paris Attacks Were Carried Out Show Little Effort by Attackers to Hide Themselves.” To us, that means intelligence agencies must not be making much use of the Dark Web. What about monitoring of mobile traffic? We suggest that some of the marketing may be different from the reality of these systems.
Given the apparent laxity of these attackers’ security measures, writer Mike Masnick wonders why security professionals continue to call for a way around encryption. He cites an in-depth report by the
Wall Street Journal’s Stacy Meichtry and Joshua Robinson, and shares some of their observations; see the article for those details. Masnick concludes:
“You can read the entire thing and note that, nowhere does the word ‘encryption’ appear. There is no suggestion that these guys really had to hide very much at all. So why is it that law enforcement and the intelligence community (and various politicians) around the globe are using the attacks as a reason to ban or undermine encryption? Again, it seems pretty clear that it’s very much about diverting blame for their own failures. Given how out in the open the attackers operated, the law enforcement and intelligence community failed massively in not stopping this. No wonder they’re grasping at straws to find something to blame, even if it had nothing to do with the attacks.”
Is “terrorism” indeed a red herring for those pushing the encryption issue? Were these attackers an anomaly, or are most terrorists making their plans in plain sight? Agencies may just need to look in the right directions.
Cynthia Murrell, December 28, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Index and Search: The Threat Intel Positioning
December 24, 2015
The Dark Web is out there. Not surprisingly, there are a number of companies indexing Dark Web content. One of these firms is Digital Shadows. I learned in “Cyber Threat Intelligence and the Market of One” that search and retrieval has a new suit of clothes. The write up states:
Cyber situational awareness shifts from only delivering generic threat intelligence that informs, to also delivering specific information to defend against adversaries launching targeted attacks against an organization or individual(s) within an organization. Cyber situational awareness brings together all the information that an organization possesses about itself such as its people, risk posture, attack surface, entire digital footprint and digital shadow (a subset of a digital footprint that consists of exposed personal, technical or organizational information that is often highly confidential, sensitive or proprietary). Information is gathered by examining millions of social sites, cloud-based file sharing sites and other points of compromise across a multi-lingual, global environment spanning the visible, dark and deep web.
The approach seems to echo the Palantir “platform” approach. Palantir, one must not forget, is a 2015 version of the Autonomy platform. The notion is that content is acquired, federated, and made useful via outputs and user friendly controls.
What’s interesting is that Digital Shadows indexes content and provides a search system to authorized users. Commercial access is available via tie up in the UK.
My point is that search is alive and well. The positioning of search and retrieval is undergoing some fitting and tucking. There are new terms, new rationale for business cases (fear is workable today), and new players. Under the surface are crawlers, indexes, and search functions.
The death of search may be news to the new players like Digital Shadows, Palantir, and Recorded Future, among numerous other shape shifters.
Stephen E Arnold, December 24, 2015
-
- Subscribe to Beyond Search
Feature archive
News archive
-
