Fighting Cyber Crime: New Approach Described by FBI

March 6, 2020

DarkCyber noted a report from ABC News called “FBI Working to ‘Burn Down’ Cyber Criminals’ Infrastructure.” The report states that “law enforcement agents are working to take out the tools that allow increasingly dangerous cyber criminals to carry out their devastating attacks.”

Some factoids appeared in the write up:

  • A 40 percent increase in ransomware attacks between 2018 and 2019
  • Ransomware has emerged as a major bad actor method
  • Foreign actors are using cyber attacks to steal information from certain vendors in the US.

As DarkCyber points out in the forthcoming March 10, 2020, video program many of the hacker tools are available as open source software. Programming languages widely taught in schools and online courses provide the equivalent of a tabula rasa for bad actors. An often overlooked source of “how to” information are instructional information, code snippets, and technical road maps distributed via online discussion groups. Dark Web resources exist, but there are bad actors advertising their software and expertise available via a standard Web browser. Will the infrastructure focus result in stepped up investigations of hosting providers?

This new approach illustrates a shift in response to the escalating risks associated with online connectivity.

Stephen E Arnold, March 6, 2020

Dark Web Bitcoin Mixer and Search Service Explained

February 17, 2020

Curious about the methods use to operate a Bitcoin mixer service. The idea is to disguise who owns a Bitcoin. Quite a few interesting details appear in an indictment dated May 7, 2019. The document is stamped “sealed,” but it was available online at this link on February 14, 2020. There was some information about Grams Helix that suggested the service operated from Moscow. But that is not correct. The tumbler service and the search engine were masterminded from Akron, Ohio. The IRS and other government agencies cooperated in the investigation.

Stephen E Arnold, February 17, 2020

NSO Group: More Lumens Added to the PR Spotlight

February 1, 2020

DarkCyber noted this Thomson Reuters’ story: “FBI Probes Use of Israeli Firm’s Spyware in Personal and Government Hacks.” This is an exclusive story from “sources.” The write up reports:

The FBI is investigating the role of Israeli spyware vendor NSO Group Technologies in possible hacks on American residents and companies as well as suspected intelligence gathering on governments.

Our view is that companies purpose built to serve the needs of government agencies may find themselves struggling to break through a revenue ceiling made of Level 1 bullet resistant acrylic sheet. That may be an issue. Also, some of the specialized tools may be used for extracurricular activities which may not be monitored or authorized.

image

Why?

  • Developing and maintaining the efficacy of special purpose software is expensive. Think in terms of more demand for certain engineers than there are engineers. Think in terms of the time required to figure out how to perform certain tasks.
  • Investors have many, many choices of cyber security ventures in which to invest. The companies which have been around for several years may not provide the potential “lift” a funding source requires. (It doesn’t matter if these Borges-like dreams are possible. Dreams about big payoffs are just more interesting. Otherwise, a fund could buy stock in Verint.)
  • There are a finite number of really big specialized software buyers. This means that price pressure on licensing fees exists for most of the companies.
  • Numerous “me too” services are pushing down prices of specialized tools; possibly Sixgill, another firm based in Israel, with the tag line “deep, dark, and beyond.
  • There are unexpected competitors; for example, some specialized tools can be located using off the grid services located via WhatsApp groups, i2p services, or the on-again, off-again Dark Web.

A changing market with more companies facing a need to make sales may push specialized software vendors to look for other sources of revenue. And there may be some enterprise customers who could be repurposing certain systems and methods. Some software may be so useful it can punch holes in that acrylic ceiling.

Net net: What is clear that change is afoot.

Stephen E Arnold, February 1, 2020

DarkCyber for January 14, 2020, Now Available

January 14, 2020

The DarkCyber for January 14, 2020, is now available. The program includes stories about ToTok, cyber trends in 2020, and information about the new Amazon Blockchain Policeware report. You can view the video on Vimeo at this link: https://vimeo.com/384343454.

We want to thank the people who commented on our interview with Robert David Steele. We posted this video on December 31, 2019. If you missed that program, you can view it at this link: https://vimeo.com/382165736.

Kenny Toth, January 14, 2020

Black Friday On The Dark Web

December 9, 2019

This sounds newsy.

Black Friday not only affects retailers, but it also occurs on the Dark Web. Uazmi reports that “Drug Dealers Offer Black Friday Deals On the Black Web.” Drug dealers want their own slice of Black Friday sales. Digital Shadows, a cyber risk form, discovered 1,600 posts about Black Friday 2019 sales.

Drug dealers on the Dark Web are offering 30% discounts and even more discounts for buyers who spend more than $2,000. People who buy illegal drugs are always looking for ways to leave more green in the their pockets for next hit and sellers are willing to take advantage of that in the spirit of the season.

“‘People are always on the lookout for deals, regular consumer and cyber criminal alike. This is why towards the beginning of November, users on dark web forums typically flock to create threads dedicated to finding and sharing the best Black Friday deals,’ Digital Shadows research analyst Alex Guirakhoo told The Independent.

‘On dark web marketplaces, Black Friday is an excellent opportunity for site operators to increase sales and attract new buyers. Attracting new customers is particularly important, as consistent law enforcement action and repeated exit scams on popular marketplaces have thrown the ecosystem into disarray.’”

At least Dark Web drug dealers do not have to deal with mad mobs of people hoping to buy the hottest toy or fight over a flat screen TV. Black Friday sales on the Dark Web might bring new customers, but it also brings new law enforcement officials looking to catch more bad actors.

Whitney Grace, December 9, 2019

Dark Web Search: Beating a Small, Nearly Dead Horse

October 28, 2019

Despite popular opinion, search engines do not yield all the information on the Internet. Albrecht Ude recycles tips in Global Investigative Journalism Network’s article, “How To Become A Deep Web Super Sleuth” that only 4% of Internet content is shown in search results. The key to discovering information hidden on the Internet is not search for specific details, instead search for where that information should be. For example, if you are searching for someone’s email address, but cannot find it search instead for organizations related to the person. Digging through content and searching for clues is how to find the gold (aka the desired information).

The article also offers some advice how to become a super deep web sleuth. These tips are helpful for any type of information search, not only those linked to specific organizations or their databases usually not listed in search results.

Figure out who runs the database or organization, these will usually be individuals who would invest funds or stand to make a profit from the information. Interestingly enough databases can also be “hacked:”

‘Find databases by searching for your topic with “database OR directory OR catalogue OR registry” on a search engine. If you want some privacy, Dutch company www.startpage.com runs searches for you on Google, without giving the tech giant your information.”

As millions of students know, while you cannot use Wikipedia as a research tool, you can use the information they cite in their articles. Check out the external links in the bottom of articles as well as search for lists of academic or online databases. Do not forget to search Wikipedia in other languages for more diverse results.

Take advantage of what is available at your public or university library. Public and university libraries pay subscriptions for databases. They can be accessed on site or via a library card, generally these are free to local residents. The Wayback Machine and Archive.today are also great sources for Web site history, because sites disappear as quickly as they are made, but these archives store them.

Relying solely on search engines for research is a lazy move. Lazy.

Whitney Grace, October 28, 2019

DarkCyber for August 27, 2019, Now Available

August 27, 2019

DarkCyber for August 20, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/.

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: Amazon AWS as an attack launch pad for bad actors; obtaining fake paper and passports; cyber warriors have side gigs; adversarial fashions are for sale; and information about the new DarkCyber series about policeware starting in November 2019.

The feature story this week is reports that some bad actors are integrating Amazon Web Services into their phishing and malware activities. The reason is that the platform is widely available, easy to use, and has an excellent reputation. Many phishing attacks use multiples services, and AWS is becoming a resource that is gaining acceptance among bad actors.

Other stories in this week’s program are:

Jeffrey Epstein, accused of human trafficking activity, had several passports in his home at the time of his arrest. Passports and other documents like a driver’s license can be purchased on the Dark Web and via other channels. Valid passports are available from a number of countries, including Greece. The valid passport from St. Kitts and Nevis cost between $150,000 and $400,000 and up. The lower charge is for a donation to the country’s sustainable growth fund. The $400,000 is the minimum required for a real estate purchase on the island. Crossing a border with fake paper or multiple passports can invite the question, “Why do you have these documents?” Unsatisfactory answers can result in denied entry, fines, or incarceration.

DarkCyber reports that Chinese cyber warriors have discovered how to operate side gigs. The idea is that these individuals use their hacking skills to compromise financial accounts. Another approach is to obtain digital products which can be sold to online game enthusiasts. Gamers will pay for game cheats and special powers to obtain an in game advantage.

For individuals who are concerned about facial recognition, a new fashion trend may be building up steam. Adversarial Fashion has developed clothing which uses designs and colors that can confuse facial recognition systems and license plate optical character recognition readers. DarkCyber provides information about where to order these T shirts, jackets, and other items. Plus, DarkCyber gives the viewer instructions for downloading a report about the technological weaknesses in surveillance systems.

DarkCyber is a weekly production of Stephen E Arnold. The currency series of videos ends with the August 27, 2019, program. The new series of DarkCyber videos begins on November 5, 2019. The new series will focus on policeware with an emphasis on Amazon’s products and services for law enforcement, intelligence professionals, and regulatory authorities in the US, Canada, Australia, New Zealand, and the United Kingdom.

DarkCyber programs are available on Vimeo.com and YouTube.com.

Kenny Toth, August 27, 2019

DarkCyber for August 20, 2019, Now Available

August 20, 2019

DarkCyber for August 20, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/354476523 .
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

The story line up this week includes a feature about Anduril Technologies’ surveillance system for border monitoring. The show also includes a critique of a public report about robocalling and a comment about the increasingly loud calls for backdoors to mobile phones and encrypted messages by law enforcement in the US and other countries.

The feature story this week is about Anduril Industries, the company which is developing systems for the Department of Defense’s Project Maven. The company was founded in 2017 by Palmer Luckey. After creating the virtual reality product Oculus Rift, Luckey sold the company to Facebook. He then founded Anduril to develop next generation surveillance products and systems. His clients include US government agencies like the Department of Homeland Security. Anduril’s innovations allow software to monitor, analyze, and make decisions. These decisions can be taken without human involved, take place automatically, or employ human-machine interactions. The system can process data from digital cameras and specialized devices. These data are then federated and analyzed by the firm’s proprietary algorithms. The system can, for example, identify a herd of cattle as well as a group of people approaching a border. Anduril, however, is able to differentiate between the animals and the humans. If detection occurs at an Anduril monitoring tower, Anduril drones can also scan the area. If multiple Anduril drones are deployed in the area in which the anomaly was detected, the resolution of the system increases. In effect, Anduril has developed a way for surveillance to deliver detection, analysis, and increased resolution. An operator can immerse himself or herself in a virtual reality presentation of what the drones and the monitoring devices “see”. Anduril’s approach to US government work stands in direct contrast to that of Google. Google refused to work on Project Maven yet funded an educational artificial intelligence center in mainland China. Anduril welcomes US government work. One of the investors in Anduril suggested that Google’s attitude toward the US government could be interpreted as treasonous.

Two other stories round out this week’s episode.

Law enforcement agencies in the US and other Five Eyes member countries continue their call for a way for government agencies to access devices and messages by persons of interest. The “growing dark” problem in the US made headlines. Law enforcement investigating the Dayton, Ohio, killings have been unable to access the alleged shooter’s mobile phone data. DarkCyber anticipates increasingly loud calls for legislation to make it mandatory for technology companies to cooperate with law enforcement when courts permit access to mobile devices.

DarkCyber calls attention to an article which provides a road map for an individual who wants to run a robocall operation. The details of the method are reviewed. Plus, DarkCyber names two services which allow a robocall spammer to set up an operation with a few clicks online. One of these services includes a “press one feature” which allows the robocaller to charge the individual who happens to answer the telephone. DarkCyber finds these types of “how to” articles somewhat troubling. The information may encourage some individuals to launch a robocall business and runs scams anonymously.

A new multi part series about Amazon policeware initiative begins on November 5, 2019. DarkCyber programs are available on Vimeo.com and YouTube.com.

Note that DarkCyber will begin a new series of programs on November 5, 2019. The current series or “season” ends on August 27, 2019. We are developing the new series now. It’s about everyone favorite online bookstore with an emphasis on policeware and intelware.

Kenny Toth, August 20, 2019

DarkCyber for August 6, 2019, Now Available

August 6, 2019

DarkCyber for August 6, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/351872293. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

DarkCyber (August 6, 2019) explores reports about four high-profile leaks of confidential or secret information. Each “leak” has unique attributes, and some leaks may be nothing more than attempts to generate publicity, cause embarrassment to a firm, or a clever repurposing of publicly available but little known information. Lockheed Martin made available in a blog about automobiles data related to its innovative propulsion system. The fusion approach is better suited to military applications. The audience for the “leak” may be US government officials. The second leak explains that the breach of a Russian contractor providing technical services to the Russian government may be politically-motivated. The information could be part of an effort to criticize Vladimir Putin. The third example is the disclosure of “secret” Palantir Technologies’ documents. This information may create friction for the rumored Palantir INITIAL PUBLIC OFFERING. The final secret is the startling but unverified assertion that the NSO Group, an Israeli cyber security firm, can compromise the security of major cloud providers like Amazon and Apple, among others. The DarkCyber conclusion from this spate of “leak” stories is that the motivations for each leak are different. In short, leaking secrets may be political, personal, or just marketing.

Other stories in this week’s DarkCyber include:

A report about Kazakhstan stepped up surveillance activities. Monitoring of mobile devices in underway in the capital city. DarkCyber reports that the system may be deployed to other Kazakh cities. The approach appears to be influenced by China’s methods; namely, installing malware on mobile devices and manipulating Internet routing.

DarkCyber explains that F Secure offers a free service to individuals who want to know about their personal information. The Data Discovery Portal makes it possible for a person to plug in an email. The system will then display some of the personal information major online services have in their database about that person.

DarkCyber’s final story points out that online drug merchants are using old-school identity verification methods. With postal services intercepting a larger number of drug packages sent via the mail, physical hand offs of the contraband are necessary. The method used relies on the serial number on currency. When the recipient provides the number, the “drug mule” verifies that number on a printed bank note.

DarkCyber videos appears each week through the September 30, 2019. A new series of videos will begin on November 1, 2019. Programs are available on Vimeo.com and YouTube.com.

Kenny Toth, August 6, 2019

DarkCyber for July 30, 2019, Now Available

July 30, 2019

DarkCyber for July 30, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/350567599. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

DarkCyber (July 30, 2019) explores China’s aggressive method of dealing with encrypted messaging; Perceptics’ data breach and its consequences; a way to determine email links to other online services; and Palantir’s secret Gotham information exposed.

This week’s lead story concerns Palantir Technologies, a vendor of search and analytic tools for analysts. Founded in 2003, Palantir has draped a cloak of secrecy over one of its flagship products, now more than 16 years’ old. The information about the “secret” document appeared in Vice, an online information service. For those unfamiliar with investigative software, the revelations were of interest to some individuals. Vice’s public records request yielded a user manual written for police with access to the Palantir Gotham “intelware” system. The manual—described as secret and confidential—provides step-by-step instructions for performing certain investigative tasks; for example, how to obtain a profile of a person of interest, how to obtain information about a vehicle, and similar basic investigative questions.

Other stories in the July 23, 2019, program are:

First, China has introduced a very direct method of obtaining access to content on mobile phones and tablets. Citizens and allegedly some visitors have to install software from Xiamen Meiya Pico Information Company. The MFSocket software provides access to images, audio files, location data, call logs, messages, and the phone’s calendar and contacts, including those used in the messaging app Telegram. It is possible that the Meiya Pico organization has a cooperative relationship with the Chinese government. The company allegedly has 40 percent of the Chinese digital forensics market.

Second, a Web service named Deseat.me provides a useful service. Few people know what Web sites and Web services are linked to a person’s email address. Deseat.me makes locating this information easy. The service, at this time, is offered without charge. DarkCyber points out that many modern policeware systems offer a similar functionality for any email address. Deseat, along with a small number of similar services, makes the process of locating these linked sites and services easy and quick.

Finally, Perceptics, a company best known for its license plate identification system, suffered a security breach. Among the items of information compromised were US government data and a range of Perceptics’ proprietary data. The information allegedly included data related to recent border activities, a contentious issue in the United States. Perceptics may find that making sales to the US government more difficult. A loss of contracts would adversely impact the company’s revenue. A larger issue is that the security measures implemented by a company engaged in cyber services failed to deploy systems which guarded high-value data. The cost of a data breach can be high and create a public relations challenge for organizations more comfortable operating in a low-profile way.

DarkCyber videos appears each week through the September 30, 2019. A new series of videos will begin on November 1, 2019. Programs are available on Vimeo.com and YouTube.com.

Kenny Toth, July 30, 2019

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta