DarkCyber for January 12, 2021, Now Available

January 12, 2021

DarkCyber is a twice-a-month video news program about online, the Dark Web, and cyber crime. You can view the video on Beyond Search or at this YouTube link.

The program for January 12, 2021, includes a featured interview with Mark Massop, DataWalk’s vice president. DataWalk develops investigative software which leapfrogs such solutions as IBM’s i2 Analyst Notebook and Palantir Gotham. In the interview, Mr. Massop explains how DataWalk delivers analytic reports with two or three mouse clicks, federates or brings together information from multiple sources, and slashes training time from months to several days.

Other stories include DarkCyber’s report about the trickles of information about the SolarWinds’ “misstep.” US Federal agencies, large companies, and a wide range of other entities were compromised. DarkCyber points out that Microsoft’s revelation that bad actors were able to view the company’s source code underscores the ineffectiveness of existing cyber security solutions.

DarkCyber highlights remarkable advances in smart software’s ability to create highly accurate images from poor imagery. The focus of DarkCyber’s report is not on what AI can do to create faked images. DarkCyber provides information about how and where to determine if a fake image is indeed “real.”

The final story makes clear that flying drones can be an expensive hobby. One audacious drone pilot flew in restricted air zones in Philadelphia and posted the exploits on a social media platform. And the cost of this illegal activity. Not too much. Just $182,000. The good news is that the individual appears to have avoided one of the comfortable prisons available to authorities.

One quick point: DarkCyber accepts zero advertising and no sponsored content. Some have tried, but begging for dollars and getting involved in the questionable business of sponsored content is not for the DarkCyber team.

Finally, this program begins our third series of shows. We have removed DarkCyber from Vimeo because that company insisted that DarkCyber was a commercial enterprise. Stephen E Arnold retired in 2017, and he is now 77 years old and not too keen to rejoin the GenX and Millennials in endless Zoom meetings and what he calls “blatant MBA craziness.” (At least that’s what he told me.)

Kenny Toth, January 12, 2021

DarkCyber for December 29, 2020, Is Now Available

December 29, 2020

DarkCyber for December 29, 2020, is now available on YouTube at this link or on the Beyond Search blog at this link. This week’s program includes seven stories. These are:

A Chinese consulting firm publishes a report about the low profile companies indexing the Dark Web. The report is about 114 pages long and does not include Chinese companies engaged in this business.

A Dark Web site easily accessible with a standard Internet browser promises something that DarkCyber finds difficult to believe. The Web site contains what are called “always” links to Dark Web sites; that is, those with Dot Onion addresses.

Some pundits have criticized the FBI and Interpol for their alleged failure to take down Jokerstash. This Dark Web site sells access to “live” credit cards and other financial data. Among those suggesting that the two law enforcement organizations are falling short of the mark are four cyber security firms. DarkCyber explains one reason for this alleged failure.

NSO Group, a specialized services company, has been identified as the company providing technology to “operators” surveilling dozens of Al Jazeera journalists. DarkCyber points out that a commercial firm is not in a position to approve or disapprove the use of its technology by the countries which license the Pegasus platform.

Facebook has escalated its dispute with Apple regarding tracking. Now the social media company has alleged that contractors to the French military are using Facebook in Africa via false accounts. What’s interesting is that Russia is allegedly engaged in a disinformation campaign in Africa as well.

The drone news this week contaisn two DJI items. DJI is one of the world’s largest vendors of consumer and commercial drones. The US government has told DJI that it may no longer sell its drones in the US. DJI products remain available in the US. DJI drones have been equipped with flame throwers to destroy wasp nests. The flame throwing drones appear formidable.

DarkCyber is a twice a month video news program reporting on the Dark Web, lesser known Internet services, and cyber crime. The program is produced by Stephen E Arnold and does not accept advertising or sponsorships.

Kenny Toth, December 29, 2020

DarkCyber Video News Link Fixed for 12-15-20 Video

December 22, 2020

Maybe it was I? Maybe it was AMP? Google knows, of course. If you were trying to locate the December 15, 2020, DarkCyber video news program, the malformed url has been fixed. No more “Video not found” messages, at least for now. Since I was fully responsible and those AMP messages are ever so helpful, I was able to reform myself, obtain another copy of the video url from the ever reliable Google, and make this change. I’m off to don a hair shirt and a barbed wire undergarment to remind myself to improve. Oh, both garments have a Google logo. Inspiration at hand.

Stephen E Arnold, December 22, 2020

DarkCyber for December 15, 2020, Now Available

December 15, 2020

The DarkCyber video news program for December 15, 2020, is now available at this link. This week’s program includes:

  • Fact or fiction: Work around iCloud security for an iPad
  • Germany opens backdoor to one encrypted email system
  • The Dark Web and Covid is a thing
  • Smart weapons and surgical strikes: The future of war
  • NSO Group in the spotlight again
  • Current information about beam weapons.

You may also view the program via the embedded player on the Beyond Search Web site at this link. Plus, no begging for dollars and no advertising.

Kenny Toth, December 15, 2020

Alleged CCP Database: 1.9 Million Entries

December 14, 2020

DarkCyber noted the availability of 1.9 million members of the Chinese Communist Party in 2016. We think we can here “The data are old,” “The data are a scam,” and “That was then, this is now” statements from those listed in the file. The information, which you will have to figure out for yourself, may be on the money or a bit of a spoof. Elaborate spoof, yes. It will help if you can read Chinese or have access to a system which can translate the ideographs into ASCII characters and normalized. Spellings can be variable depending on the translator or the machine translation system one uses. For now, the file is available on Go File at this link.\

Here’s a tiny snippet:

chinese database

Are there uses of the data? Sure, how about:

  • Filtering the list for those individuals in Canada, the UK, and the US and mapping the names against university faculty
  • Filtering the list for graduate students in such countries as Australia, Canada, and France. While you are at it, why not do the same for graduate students in the US
  • Filtering the list for individuals who are or have been part of a cultural or scientific exchange, particularly within driving or drone distance of a US national research laboratory; e.g., University of New Mexico or the University of Tennessee?

The data appear to be at least four years old and may turn out to be little more than a listing of individuals who purchased a SIM from a Chinese vendor in the last 48 months. On the other hand, some of the information may be a cyber confection. DarkCyber finds the circumstances of the data’s “availability,” its possible accuracy, and its available as open source information interesting.

Stephen E Arnold, December 14, 2020

DarkCyber for December 1, 2020, Now Available

December 1, 2020

DarkCyber reports about Maltrail, an open source cyber tool for detecting malicious traffic. Crime as a Service matures. Now anyone can point-and-click through a ransomware attack. Bad actors helpfully make cyber crime less of a hassle. Insider threats — what DarkCyber calls “the Snowden play” — are becoming more prevalent. Why? A need for money, revenge, or a dose of that old Silicon Valley attitude.

The feature in this episode is a summary of the next-generation in entity recognition from videos and still images. Face recognition is not the most reliable technology in the world; however, researchers from China and Japan have figured out how to match a person’s gait to an individual. Ergo gait recognition. A link to the technical details appears in the program.

The program features a brief extract from a conversation between Robert David Steele, a former CIA professional, and Stephen E Arnold (owner of Dark Cyber). Arnold describes some of the less appreciated reasons why digital information creates new challenges for law enforcement and intelligence professionals. Good news? Not really.

The final story in the program addresses the urgent need for counter unmanned aerial systems by local, county, and statement law enforcement agencies. Individuals are ramming drones into police helicopters. The DarkCyber discussion of this problem includes a link to a series of recommendations promulgated by the British government to address this kinetic use of drones.

DarkCyber is produced by Beyond Search. The video program appears every two weeks. The third season of DarkCyber begins in January 2021. The program is non-commercial, does not accept advertising, and does not beg for dollars. How is this possible? DarkCyber is not sure.

You can view the program at this link.

Kenny Toth, December 1, 2020

DarkCyber for November 17, 2020, Now Available

November 17, 2020

The DarkCyber video news program for November 17, 2020, is now available at this link. This week’s program includes stories and links to information about the legal risks hacking and cracking pose to researchers. The October US Congressional report about the intelligence community’s need for innovation describes the challenges technology presents to more than a dozen agencies. You will also learn about how the former CEO of Google has “diversified his citizenship.” Allegedly a passport granting access to the European Union has been acquired by a member of the US Defense Innovation Board. Fourth, reports of security breaches decreased in 2020. Yet the number of personal data records has surged. Why the mismatch. DarkCyber explains that keeping quiet can present better optics for the organization which remains silent. Also, DarkCyber highlights a dated US electronic warfare diagram which is now circulating via Twitter and other online services as “new.” It presents a view of EW two or more years old. Finally, DarkCyber reports about a consumer drone which can perform surveillance and other actions underwater. With six thrusters, the drone can maneuver like its aerial cousins and deploy a robotic arm available on Amazon’s eCommerce site. More information related to cyber technologies is available in the blog at www.arnoldit.com/wordpress.

Kenny Toth, November 17, 2020

DarkCyber for November 3, 2020, Now Available

November 3, 2020

The November 3, 2020, DarkCyber video news program contains five stories. You are able to view the program at this YouTube location. The first is a report about the FinFisher raids conducted by German and other European enforcement officials. FinFisher allegedly produces and sells policeware to government agencies. An alleged failure in following German government procedures contributed to the multi-country action. The second story describes the free services of Social Search. This online service allows a user to obtain information gleaned from a number of social media sites like Facebook and Twitter. Test queries run by the DarkCyber research team revealed that interesting information can be obtained from this free service. Also referenced is a consumer mobile phone surveillance tool. Used together, the type of insights available from specialized services developers becomes evident. The third story points to a new book by a Harvard professor. The book reveals the origin of the concept of investigative software, what DarkCyber calls policeware. The fourth story provides additional information about the diffusion of digital currencies into the “regular” Web. What was just two years ago a specialized payment mechanism has moved into the mainstream. No Tor or other obfuscation software required. The final story mentions a Chinese innovation. The truck-mounted tube launcher can release a swarm of drones simultaneously. How does one deal with a swarm of drones? DarkCyber answers this question with information about the Drone Bullet. DarkCyber is produced by Stephen E Arnold, publisher of Beyond Search, a free Web log, and the author of Dark Web Notebook and CyberOSINT.

Kenny Toth, November 3, 2020

 

Organizational Security: Many Vendors, Many Breaches

October 30, 2020

I noted a write up with a fraught title: “Breaches Down 51%, Exposed Records Set New Record with 36 Billion So Far.” I interpreted this to mean “fewer security breaches but more data compromised.”

The write up explains the idea this way:

The number of records exposed has increased to a staggering 36 billion. There were 2,935 publicly reported breaches in the first three quarters of 2020, with the three months of Q3 adding an additional 8.3 billion records to what was already the “worst year on record,” Risk Based Security reveals.

Okay. How is this possible? The answer:

The report explores numerous factors such as how media coverage may be a factor contributing to the decline in publicly reported breaches. In addition, the increase of ransomware attacks may also have a part to play.

I interpreted this to mean, “Let’s not tell anyone.”

If you want a copy of this RiskBased Security report, navigate to this link. You will have to cough up an email and a name.

Net net: More data breaches and fewer organizations willing to talk about their security lapses. What about vendors of smart cyber security systems? Vendors are willing to talk about the value and performance of their products.

Talk, however, may be less difficult than dealing with security breaches.

Stephen E Arnold, October 30, 2020

Tactical AI: Research for the 21st Century

October 23, 2020

The company is Tactical Analysis Intelligence. The acronym is Tactical AI. The url is tactical-ai.com. Clever. Indexing systems will glom on the “ai” and the name suggests advanced technologies. The company’s business is, according to its Web site:

a premier boutique information search provider of numerous public and non-public internet sources. Our proprietary deep search system and monitoring service has a proven track record of providing businesses with the data they need to make informed, critical business decisions.

The company performs “deep Web search.” The idea is that when you search via Bing, Google, or Swisscow, you are doing shallow search. The company also delivers Dark Web breach monitoring. The idea is that the increasingly small Dark Web requires specialized skills.

I learned about this company via a link to its “white paper” or article called “Going Undercover for Your Company on the Dark Web? Read This First.” The article provides some information which leads some readers to the conclusion that Dark Web research requires an expert. That’s where Tactical Analysis Intelligence enters. The company’s article by the same name is a link to a Department of Justice document. That’s okay, just a surprise.

After scanning the company’s Web site, some librarians before the Great Disintermediation decimated their ranks should have had Tactical’s marketing know how.

Keep in mind that:

  • Forums, discussion groups, and digital watering holes are no longer confined to the Dark Web
  • The “regular” Web houses a surprising amount of information, including facts about companies which do classified work and do their level best to remain invisible; for example, ATA in Albuquerque, NM.
  • Chat tools like WhatsApp, Telegram, and others have become alternatives now that the Dark Web is getting tinier.

What services provide access to threat intelligence from these sources? That’s a good question.

The experts in cyber open source intelligence might be able to help. Is it possible the author of CyberOSINT could offer some guidance? No, doubtful.

Stephen E Arnold, October 23, 2020

Next Page »

  • Archives

  • Recent Posts

  • Meta