When Know How Gets Loose: Excitement Ensues

May 23, 2019

Bad actor hackers are pains in the rear, especially when they steal personal information. They are even worse when they steal from the government and use the stolen information for nefarious purposes. From The Trenches World Report explains the how and why about the hackers in that “China Used NSA Cyber weapon To Hack Targets, Symantec Says.”

The NSA developed a hacking tool dubbed “Double Pulsar” that can secretly download malware onto Windows-based PCs. Chinese hackers stole it, put their stamp on it, and used it on unsuspecting victims back in 2016. There was evidence that the altered Black Pulsar paired with another Chinese hacking tool were used in attacks in Belgium and Hong Kong. What is even worse is that the Chinese hacking tool could only hack 32-bit systems, but was revamped to attack 64-bit systems with newer Windows versions.

It is unknown how the alleged Chinese hackers obtained Double Pulsar. The possible theories are that an NSA server with bad security or a NSA employee went rogue. Another idea is that the hackers collected some NSA traffic that contained Double Pulsar..

“Whatever the case may be, the findings underscore the risks of NSA cyber weapons falling into the wrong hands. Double Pulsar, itself, is no longer a secret. In April 2017, a mysterious party called the Shadow Brokers went online and dumped a cache of NSA hacking tools, which included details on Double Pulsar. A month later, the same NSA hacking tools were used to launch Wannacry, a ransomware attack that hit Windows machines across the world.

Who the Shadows Brokers are remains a mystery. But according to Symantec, the Chinese hacking group that gained access to Double Pulsar no longer appears to be active. In Nov. 2017, the US publicly charged three members of the group with hacking crimes and intellectual property theft.”

One more hacking tool is now an open source piece. DarkCyber is not keen on certain types of technology becoming widely available.

Whitney Grace, May 23, 2018

DarkCyber for May 21, 2019, Now Available

May 21, 2019

DarkCyber for May 21, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/337093968.

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: A new version of Tor; digital bits trigger bombs; highlights from the FBI’s 2018 Cyber Crime Report; more details about the Wall Street Market take down; DeepDotWeb seized; Telegram used to sell weapons; and the size of the Dark Web.

This week’s feature provides more details about the take down of the Dark Web contraband ecommerce site, Wall Street Market. DarkCyber reports that the operation involved law enforcement from several countries, including Germany and the US. One moderator of the site initiated a blackmail scheme as law enforcement prepared to seize the site’s servers and arrest its owners. As part of the takedown, providers of drugs were arrested in the US. The take down revealed millions in cash and digital currency accounts worth more than $14 million. Investigators also seized data and other information, including customer details.

Other stories covered in the May 21, 2019, DarkCyber video include:

First, information about the new release of the Tor software bundle. Firefox is used as the base for the Tor browser. Technical issues with Firefox required some scrambling to address technical issues. The new release is available on the Tor.org Web site. DarkCyber points out that in some countries, downloading Tor is interpreted as an indicator of possible ill intent.

Second, a cyber attack on Israel prompted a kinetic response. The incident marks the first time Israel has responded to an act it regarded as information warfare with a missile strike on the alleged perpetrators’ headquarters. DarkCyber points out that the US may have used force in response to an adversary’s leaking classified and sensitive information on a public Web site. The use of traditional weapons in response to a digital attack is a behavior to monitor.

Third, DarkCyber selects several highlights from the FBI’s report about cyber crime in 2018. Among the key points identified is the data about the most common types of online crime. Most attacks make use of email and use social engineering to obtain personal financial information or user name and password data. The FBI report verifies data from other sources about the risks associated with email, specifically enticing an email recipient into downloading a document with malware or clicking on a link that leads to a spoofed page; for example, a PayPal page operated by the attacker, not the legitimate company. DarkCyber provides information about how to obtain this government report.

Fourth, an international team of law enforcement professionals seized the Sheepdog, an online information service. This site was accessible using a standard browser, no Tor or i2p software was required. The site referred its visitors to Dark Web sites selling drugs and other contraband. The seizure is an indication that Europol, FBI, and other law enforcement agencies are expanding their activities to curtail illegal eCommerce.

Fifth, DarkCyber explains that a story about bad actors using Telegram, an encrypted messaging app, to sell weapons should be viewed with caution. The story originated with a report from MEMRI, the Middle East Media Research Institute. The organization was founded by a former Israeli intelligence offer and has been identified as an organization generating content which may have characteristics of disinformation. DarkCyber provides a link to the MEMRI organization to make it easy for viewers to follow its information stream.

The final story reports that another vendor has sized the scope of the Dark Web. The most recent size estimate comes from Recorded Future. The company reports that it was able to identify 55,000 Dark Web domains. Of that number, only about 8,400 are online. DarkCyber notes that of the active site, a relatively few sites dominate illegal eCommerce, sharing of sensitive information, and other questionable services.

DarkCyber appears each Tuesday and is available on YouTube, Vimeo, and directly from the DarkCyber news service.

Kenny Toth, May 21, 2019

DarkCyber for May 14, Now Available

May 15, 2019

DarkCyber for May 14, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/335676549

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: Free penetration software; how emojis puzzle police and parents; a major Dark Web drug market take down; two chilling cyber threat reports; how to learn what is censored online; and a drug dealer’s surprising security system.

This week’s feature examines the use of emojis (graphic cartoons) to communicate secret messages. With the shift to mobile devices for communicating via text messages, colorful icons are used instead of words. A smiley face signals happiness. A thumbs up conveys agreement. But what does a snowflake mean? What does a filling station pump nozzle convey. For those with inside knowledge, both emojis relate to drugs; for example, the snowflake is a visual signal for cocaine. When bad actors or children want to conceal information, emojis are easily available and often not understood by law enforcement, attorneys, or individuals more accustomed to text. DarkCyber provides information about how to get up-to-date information about these ubiquitous icons. Stephen E Arnold, producer of DarkCyber and author of “The Dark Web Notebook,” said: “Individuals with a desire to hide information can use emojis to create encoded messages. These are often meaningless or nonsense to someone unfamiliar with the hidden meanings assigned to colorful icons. Most text processing systems do not handle these types of ideographs in an effective manner. Emojis pose a new challenge to those involved in investigations or trying to figure out what their teenagers are planning for the weekend.”

The May 14, 2019, program also reports on:

First, FireEye, a cyber security firm, has compiled a collection of more than 120 penetration testing software tools. “Pentest” programs make it possible for investigators to perform certain types of actions in order to obtain access to otherwise secure information. The software is also used to verify the security of an organization’s computing infrastructure. DarkCyber explains how to obtain this collection of high-value software for free.

Second, a major Dark Web drug market was taken down by German police. The system sold a wide range of narcotics and allegedly served more than one million customers. Details about the operation are sparse. The operators of the site posted a notice that the site was down for maintenance. Less than 72 hours after the notice appeared, law enforcement seized the site. Online discussion forums suggested that the owners of the site planned an exit scam in order to steal customers’ money.

Third, two new and somewhat chilling reports about cyber crime have been published. One report originates in England, authored by Darktrace. The other report was written by experts at Neustar Security in Sterling, Virginia. Both reports make clear that online cyber operations are depending on email messages. The use of mass emails and targeted messages are slipping through individual and organizational security mechanisms. In short, email is now a go-to vector for a cyber attack. DarkCyber reveals how to obtain both reports without charge.

Fourth, censorship is increasing, How does an individual keep track of what is online and what is being blocked by different countries. DarkCyber reports that the Web site Netblocks.org provides a convenient way to track current developments in online censorship.

The final story in this week’s DarkCyber provides detail about one drug dealer’s security system. The criminal used a parrot to alert those in the compound when police approached. DarkCyber explains that selecting a parrot may not have been the optimal choice for high-reliability alerts.

Kenny Toth, May 15, 2019

DarkCyber Video News for May 7, 2019, Now Available

May 7, 2019

DarkCyber for May 7, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/334253067.

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: The use of Telegram for ecommerce; phishing with fake email undergoes a renaissance; Cisco Talos explains a serious attack on foundation servers; a review of weapons for sale on the Dark Web; and a look at advanced autonomous drone technology.

This week’s feature examines a new study about the sale of weapons on the Dark Web. The report explains that handguns are long rifles are for sale on some Dark Web sites. The majority of these weapons are handguns. Only a small percentage of the weapons are automatic rifles. The research comes from three academics involved in criminal justice. The data from the Dark Web were collection in 2016. Because information about the type of weapons offered for sale is limited, the report helps fill this data gap. DarkCyber points out that the Dark Web has undergone some significant changes in the last two years. As a result, the study provides information, but some of it may be outdated.

The May 7, 2019, program also reports on:

First, how Telegram, an encrypted messaging application, can be used to promote and sell certain types of contraband products, services, and data. Messaging technology may be “old school” but Telegram’s features create challenges for enforcement agencies.

Second, phishing and spear phishing are methods for stealing users’ credentials with a long history. Now these techniques are gaining more momentum. DarkCyber reports about a “smart” application which can automate phishing and spear phishing attacks. Unlike commercial specialist tools, the Dark Web phishing kit costs a few hundred dollars, and it features a “fill in the blanks” approach to these malicious attacks.

Third, Cisco’s cyber security unit Talos has published a detailed report about a denial of service attack on core Internet systems. There are 13 foundation or core servers which facilitate domain name services. One of these has been the focus of a digital assault by a bad actor, possible supported by a nation state. The denial of service method relies on a series of nested malware programs. The attack makes use of misdirection and several different methods designed to compromise a foundation server. If such an attack is successful, other types of malicious activity is simplified for the bad actors.

Finally, DarkCyber responds to a viewer’s request for an update on advanced autonomous drone technology. DarkCyber provides a look into the future of US drone capabilities.

Kenny Toth, May 7, 2019

DarkCyber for April 30, 2019, Now Available

April 30, 2019

DarkCyber for April 30, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/332933089 .

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: The British government’s online harms report; work methods of hackers; Qintar, a Sharia compliant crypto currency; a new Dark Web index; and a close look at Haystax Constellation cyber software.

This week’s feature examines Haystax Technologies’ Constellation system. The platform can perform a range of cyber functions, including analyzing and protecting facilities and events like the US Super Bowl. The system can also identify and monitor employees which are likely to present a high probability of risk to their employers. The insider threat capability reduces risk and helps reduce the loss of sensitive data. Constellation uses a range of patented systems and methods. The company relies, in part, on the mathematics of Sir Thomas Bayes. Like Autonomy plc, Haystax processes existing data and then integrates real time information in order to generate its predictive outputs.

Other stories in the April 30, 2019, DarkCyber video include brief “cybershots” about:

  • The British government released a report about the activities of social media firms. The document is a harsh critique of the management and business tactics of a number of high profile firms. The facts uncovered by the government analysts, the examples presented, and the recommendations set forth in the document are likely to have considerable weight. Britain is contemplating new regulations to control the behaviors of US social media firms.
  • DarkCyber provides basic information about how hackers (white hat and black hat varieties) perform their work. Not surprisingly, trial and error play a sign cant part. However, there are specific methods, and these have been disclosed by the WikiLeaks-type site edited by a persona which appears to be a former CIA agent. A way to download the report and access the site are included in the video.
  • A new Dark Web indexing service called Darkmention. The viewer learns where a detailed technical description of the system can be obtained. Although there are numerous Dark Web indexing systems, the Darkmention approach is to process more than 350 different content platforms, not just Tor accessible sites.
  • DarkCyber explains that a new Sharia compliant crypto currency is now available. Qintar is based on the Islamic blockchain technology. The crypto tokens may be purchased from the Qintar bank based in Geneva, Switzerland.

The video is available at www.arnoldit.com/wordpress.

Kenny Toth, April 30, 2019

DarkCyber for April 23, 2019, Now Available

April 23, 2019

DarkCyber for April 23, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/331645696.

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: Candiru, a vendor of cyber software; ways to obtain open source content for free; a shotgun equipped drone; and a look at the conclusions from the audit of the LAPD data driven policing effort.

This week’s feature looks at the conclusions reported in the audit of the Los Angeles Police Department’s data-driven policing programs. In the final part of this three-part series we look at the major weakness identified by the Inspector General’s team. The challenge will be to introduce workflows which reduce the errors in data provided to the analytic systems. Stephen E Arnold, producer of DarkCyber, said: “Investigators have work procedures in place for tangible evidence. Information streaming from GPS systems or automatic devices may vary from the after action reports filed by law enforcement professionals. With conflicting data, the analytic systems can produce outputs which are less accurate. Training can help, but specialists who review data may play a more important role as data-driven policing increases.” The audit reveals that the software used by LAPD helps reduce criminal activity. Data quality requires attention.

Other stories in the DarkCyber video include:

A low-profile cyber intelligence firm called Candiru develops tools for law enforcement and government agencies. The company markets in the Middle East and in some Asian countries. Candiru is just one of more than 100 firms providing cyber services from Tel Aviv. The company’s name evokes a powerful image of how the firm’s technology works.

Russia’s large defense contractor funded a program to develop weaponized drones. One of the more interesting engineering solutions involved a vertical takeoff and landing drone equipped with a shotgun. The drone flies near a target and a ground operator discharges the shotgun in order to disable the target. The drone makes it clear that autonomous or semi-autonomous technology combined with weapons can yield a potent force multiplier.

Social media content is available from commercial vendors, often at costs that range from $5,000 a month an up. DarkCyber reveals that there are low cost or no cost options available to investigators with technical expertise. There are more than a dozen application programming interfaces available. Each can deliver a stream of near-real time data for analysis in an IBM Analyst’s Notebook- or Palantir Technologies-type system.

Kenny Toth, April 23, 2019

DarkCyber for April 16, 2019, Now Available

April 16, 2019

DarkCyber for April 16, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/330298628 .

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes… The LAPD’s review of Palantir Technologies; Australia’s forceful social media crackdown; Russia blocks virtual private networks; and X1 offer social eDiscovery.

This week’s feature continues DarkCyber’s review of the Los Angeles Police Department’s audit of its data-driven policing programs. In the second part of this series we look at the LAPD’s assessment of Palantir Technologies’ platform. The Palantir system provides a platform for integrating and analyzing data for the department’s identification of chronic offenders. The audit revealed that the program provided officers with a useful tool for reducing certain types of crimes. However, the challenge for the department is to provide the Palantir platform with more accurate and consistent data.

Other stories in the DarkCyber video include:

Australia’s crack down on US social media companies continues. In addition to fines, the country proposes mandatory three-year prison terms for offenders. The country, like New Zealand, is a member of the Five Eyes’ intelligence sharing group. Legislation in Australia often provides a model for similar legislation in Canada, Britain, and the United States.

Russia’s government has taken steps to prohibit the use of virtual private networks. This technology makes it more difficult for law enforcement and intelligence professionals to monitor Russian citizens’ communications. More than a half dozen VPN providers have been blocked by Russian Internet Service Providers. Crackdowns on obfuscation technologies is another example of the “Chinafication” of communications and privacy.

Software designed to compromise adults’ and children’s mobile phones is being distributed via the Google Play store. The mechanism Google uses to prevent compromised software or malware from being available on its electronic store for Android users has allowed thousands of individuals to install these programs. One government is alleged to have used the Google Play Store as a way to gain access to personal contacts and confidential information.

X1, a vendor of keyword search and retrieval, has introduced a version of its software tailored to social media eDiscovery. Founded in 2003, X1 allows a lawyer or investigator to search for people, places, events, and other content across a collection of open source data provided by X1 for a starting fee of $2,000. The eDiscovery product joins a growing list of investigative tools, including the personal investigative tool Hunchly which starts at $129 per year.

Kenny Toth, April 16, 2019

Virtual Private Networks: Is Free Good?

April 10, 2019

VPNs are the new wonder tool in Internet security and privacy. Want one? Download Opera.

DarkCyber has noted that Vladimir Putin is not a fan of digital tunneling. In our weekly news program, we have mentioned that some VPNs are not providing the security the user wants. In some enforcement circles, use of a VPN is a red flag.

It seems logical to assume that anything free on the Internet comes with a catch. Free VPNs come with with a special extra. Tech Radar explores free VPNs in, “Four Ways That A Free VPN Can Profit From Its Users.”

Paid VPNs manage to stay on top of their game by having their users pay a monthly subscription fee. Free VPNS do offer comparable services, but in order to do that they have to make money somehow. There are four ways free VPNs can make a profit from their users. The first one is called a “gateway” VPN, because it is a free trial or tier associated with a paid VPN The hope is that the trial users will become monthly subscribers when they discover the free version’s limitations, such as low bandwidth.

Another alternative involves free VPN selling information about your Internet habits. This information would usually be collected by ISPs, but the VPN blocks them. ISPs sell the information to the highest bidder, but the VPNs do that instead. Free VPNs can also share and reroute bandwidth amongst its various users:

“Yet with one free VPN provider, HolaVPN, this is exactly what happened. HolaVPN doesn’t have its own network of servers, but effectively crowd sources, with everyone using the service providing them bandwidth – not only for the free HolaVPN offering, but also for a related paid product known as Luminati. In addition, your device could become the exit node for another user’s activity, making you potentially liable for their actions.”

Then there is the tried and true method of selling advertising on the VPN network, including targeted ads. The VPN might block the ISPs from collection information, but the VPN collects it and makes a profit from the user’s information.

Yep, free.

Whitney Grace, April 10, 2019

Echosec: Dark Web Search for Those Who Qualify

April 2, 2019

A Canadian company has devised a way to search the Dark Web without the hassle of the Tor browser or proxy servers. HotHardware reports: “Beacon, a Dark Web Search Engine Can Be Your Eyes in the Internet Underworld.” The catch—one must prove to the company behind Beacon, Echosec, that they have a legitimate reason to use the “Google of the Dark Web.” The intention, we’re told, is for organizations to monitor whether any of their sensitive data has made it onto a Dark Web marketplace. Reporter Rod Scher writes:

“This could include stolen corporate emails, company documents, personal info, or other such data that could be detrimental to a company, its brand, or its customers. After all, if your data has been compromised, it’s always better to know than not to know. …

We noted this statement:

“While [CTO Mike] Raypold notes that it is possible to misuse Beacon, since the tool makes it easier for users to locate data they might otherwise have difficulty finding, he says that the company has taken steps to mitigate that danger. ‘First, every Echosec customer must go through a use-case approval process to determine how the customer is using the application and to make sure they are in compliance with the vendors from whom the data Is sourced,’ says Raypold. ‘If a potential customer cannot pass the use-case approval process, they do not get access to the system.’ Second, the company has built automated tools and manual processes into its platform and into the company workflows to notify the Echosec team if users attempt to run searches that are in violation of their approved use case.”

Not only will Echosec know if a user violates their agreement, certain queries simply cannot be run through Beacon. The company shares their acceptable-use policy here, and it is thorough. Founded in 2013, Echosec is based in Vancouver, British Columbia. If you want to see selected screenshots of the system’s output, check out the Dark Cyber video for March 26, 2019, at this link.

Stephen E Arnold, February 27, 2019

DarkCyber for April 2, 2019, Now Available

April 2, 2019

DarkCyber for April 2, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/327544822.

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: Online censorship increases; Dark Web drug czar goes offline; Dark Web tech comes to the Firefox browser; and more evidence of change in the Dark Web; plus a look at Megaputer’s fraud detection technology.

This week’s feature reviews Megaputer’s fraud detection technology. The firm uses a number of advanced mathematical and linguistic methods to make sense of large flows of data. Based in Bloomington, Indiana, the company serves a wide range of clients from finance, government, pharmaceuticals, and consulting services. The firm was the first to put advanced text analytics on the desktop at a time when other firms required Unix workstations and client server computing resources. The firm’s PolyAnalyst H makes it possible to process large volumes of data at extremely high speed.

This week’s “Cybershots” cover four subjects:

There are more indications that online censorship is becoming more aggressive. Russia has implemented regulations governing what sites can be accessed and what type of content is permissible. Germany’s statement legislators have begun work on a bill to criminalize use of Tor and other hidden Internet tools.

The individual who created RAMP or the Russian Anonymous Marketplace asserted that his customized encrypted chat client was one reason his site had eluded government authorities. The site is now offline.

Letterboxing, a technology which prevents certain types of online tracking, will be introduced in an upcoming release of Firefox, a popular Web browser. This feature has been part of the Tor browser since 2016 and is one more indication of Dark Web technology seeping into the public Internet or “Clear Net”.

The program explains how to get a summary of software and tools to access hidden Internet sites and service. Written by Veracode, a cyber security firm, the video provides information necessary to obtain a copy of this useful report.

A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cybercrime, Dark Web, and company profiles are now appearing on a daily basis.

Kenny Toth, April 2, 2019

Next Page »

  • Archives

  • Recent Posts

  • Meta