AI Enables Cyber Attacks

June 4, 2020

Is it not wonderful that technology has advanced so much that we are closer to AI led cyberattacks? It is true that bad actor hackers already rely on AI to augment their nasty actions, but their AI is not on par with human intelligence yet. Verdict warns that AI powered cyberattacks will be on the rise in the future: “Leveling Up: How Offensive AI Will Augment Cyberattacks.”

A 2020 Forrester report stated that 88% of security leaders believe AI will be used in cyberattacks and over half thought an attack could occur sometime in the next twelve months. Cyber security professionals are already arming their systems with AI to combat bad actors using the same technology, but they cannot predict everything.

Bad actor hackers want AI capabilities, because it scales their operations, increases their profitability, provides an understanding of context, and makes attribution and detection harder. Verdict’s article breaks down a bad actor hacker’s attack strategy.

The first step would be reconnaissance, where chatbots interact with employees with AI generated photos. Once the chatbots gained the victims’ trust, CAPTCHA breakers are used for automated reconnaissance on the public Web site. The next step would be intrusion with spear-phishing attacks targeted at key employees.

Part three would follow with an attacker hacking the enterprise framework and blending in with regular business operations. The next phases would collect passwords another privileges as the hacker moved laterally to gather more targeted information while avoiding detection. The final phase would be where the AI shows its chops by pre-selecting information to steal instead of sifting through an entire system. The AI would get it, download the targeted data, and then get out, most likely without a trace.

“Offensive AI will make detecting and responding to cyberattacks far more difficult. Open-source research and projects exist today which can be leveraged to augment every phase of the attack lifecycle. This means that the speed, scale, and contextualization of attacks will exponentially increase. Traditional security controls are already struggling to detect attacks that have never been seen before in the wild – be it malware without known signatures, new command and control domains, or individualized spear-phishing emails. There is no chance that traditional tools will be able to cope with future attacks as this becomes the norm and easier to realize than ever before.”

The human element is still the surprise factor.

Whitney Grace, June 4, 2020

Is Cyber Crime Boring? Maybe The Characterization Masks a Painful Consequence?

June 1, 2020

DarkCyber read “Career Choice Tip: Cybercrime is Mostly Boring.” The article is clear. The experts cited are thorough and thoughtful. Practicing cyber crime is similar to what engineers, developers, and programmers do in the course of their work for firms worldwide. Much of that work is boring, filled with management friction, and repetitive.

The article states:

the academics stress that the romantic notions of those involved in cybercrime ignore the often mundane, rote aspects of the work that needs to be done to support online illicit economies. The researchers concluded that for many people involved, cybercrime amounts to little more than a boring office job sustaining the infrastructure on which these global markets rely, work that is little different in character from the activity of legitimate system administrators.


The paper is quoted in the article as explaining:

We find that as cybercrime has developed into industrialized illicit economies, so too have a range of tedious supportive forms of labor proliferated, much as in mainstream industrialized economies. We argue that cybercrime economies in advanced states of growth have begun to create their own tedious, low-fulfillment jobs, becoming less about charismatic transgression and deviant identity, and more about stability and the management and diffusion of risk. Those who take part in them, the research literature suggests, may well be initially attracted by exciting media portrayals of hackers and technological deviance.”

The DarkCyber study team discussed the Cambridge research summary and formulated some observations:

  1. Boring means that cyber crime will be automated. Automated processes will be tuned to be more efficient. Greater efficiency translates to the benefit the cyber criminals seek. Thus, the forward momentum of boring cyber crime is an increase in the volume and velocity of attacks.
  2. Certain criminal elements are hiring out of work or disgruntled technologist from mainstream companies, including high-profile Silicon Valley companies. Our research identified one criminal organization paying 90,000 euros per month and offering benefits to contract workers with specialized skills. The economic pressures translates to a talent pool available to certain criminal orchestrators. More talent feeds the engineering resources available to cyber crime constructs. DarkCyber believes a “Google effect” is beginning, just in the cyber crime market space.
  3. Law enforcement, government agencies, and some providers of specialized services to law enforcement and intelligence entities will be unable to hire at the rate criminal constructs hire. Asymmetry will increase with bad actors having an opportunity to outpace enforcement and detection activities.

Net net: The task facing law enforcement, security, and intelligence professionals is becoming more difficult. Cyber crime may be boring, but boring tasks fuel innovation. With access to talent and cash, there is a widening chasm. Talking about boring does not make clear the internal forces pushing cyber crime forward.

Stephen E Arnold, June 1, 2020

Dark Patterns: A Partial Explanation

May 21, 2020

Manipulation is a rich, multi-layered concept. DarkCyber noted “Dark Patterns: Past, Present, and Future: The Evolution of Tricky User Interfaces” is a slice of a manipulative pie, but the bakery has not been fully sampled. (Note: You may have to pay to read the article.) That poorly lit patisserie can be explored by future computer, scholar, analyst philosophers.

The pie slice at hand look good and seems tasty.

The article is the work of a number of computer, scholar, analyst philosophers. The main point is:

Dark patterns are user interfaces that benefit an online service by coercing users into making decisions they might not otherwise make.

The authors have ingested the thinking of the economist, scholar, and analysts Richard H. Thaler and Cass R. Sunstein. The idea is that “helpful” suggestions, facts, comments, opinions, or other message payloads can cause a person to react. This is the Newtonian approach to manipulation. Like the pie, there is a quantum world of manipulation waiting to be documented; for example, a shaped experience slightly more subtle that a nun’s whacking an inattentive choir boy on the head with a hymnal.

The write up includes diagrams, an origin story, and a nod to the Google. Like many aspiring experts, the authors offer suggestions or recommendations presented in adulting language; for instance:

Let’s urge the design community to set standards for itself, both to avoid onerous regulation and because it’s the right thing to do.

Yep, that will work. The datasphere may be slightly more intractable for users unable to figure out a log scale.

Stephen E Arnold, May 21, 2020

DarkCyber for May 12, 2020: Web Tracking, Free Malware Appliance, Banjo Trouble, New Drones, and Mobile Location Spoofing

May 12, 2020

DarkCyber for May 12, 2020, is now available. You can view this program on YouTube or Vimeo. This week’s program covers the Banjo founder – KKK connection. SoftBank invested $100 million in the company. There has been a potential feature film project called Banjo Policeware: The Wrath of Khan. Two stories focus on surveillance of persons of interest. The first references allegations that the US Federal Bureau of Investigation uses faked Web pages or seized pages to obtain useful information about actors. Another story describes an open source malware analysis appliance. Unlike commercial solutions which cost thousands of dollars, the Phoenix appliance is available without charge. The appliance, which is a software wrapper around a number of tools, allows analysis and visualization of malware behavior. The program also includes a report about two new drones which can perform surveillance and data collection. The first is an autonomous system developed by AeroVironment. The second is DJI’s drone equipped with a 48 megapixel camera.

We are now producing two DarkCyber videos each month. We plan to release a short “special focus program” between our regular shows. Watch DarkCyber for details about this special report. Topics on the production schedule include the failure of cyber security solutions to protect Work From Home employees and contractors, search engine optimization fraud, and policeware marketing.

DarkCyber is produced by Stephen E Arnold and the DarkCyber research team. Tony S. has rejoined the group after a hiatus due to family responsibilities. Join me in saying, “Yo, Tony, get to work.” He is now our principal researcher for a new project related to the European Community’s investigation of Google search result manipulation. (I know that most people are unaware of this most recent thrust at Google, but it is happening.)

One final but important point: The DarkCyber video programs contain no sponsored content, no advertisements, and no embarrassing “begging for dollars” messages. The approach allows the DarkCyber team to discuss a range of topics, even those which can be uncomfortable for search engine marketers, consultants, and sketchy service providers.

Kenny Toth, May 12, 2020

DarkCyber for April 28, 2020: Free Cyber Warfare Book, Spy Insights, the Info Gap Map, and HaaS

April 28, 2020

The April 28, 2020, DarkCyber tackles four stories this week. This week’s program is available via the DarkCyber blog, Vimeo, or YouTube. This week’s stories include information that is otherwise difficult to locate.

You can download a comprehensive look at cyber warfare published by the Carnegie Endowment for International Peace. The book covers cyber intelligence and methods of cyber warfare. DarkCyber’s Stephen E Arnold and former CIA spy Robert David Steele discussed misinformation in a one hour interview which is available on the Phi Beta Iota Web site. DarkCyber includes an extract from the discussion about obtaining hyper local data about people, events, and places. The information gap map illustrates how little digital information is available in free Web search systems. The map makes clear that anyone relying on Bing, Google, Yandex, and other free Web search systems is likely to be drowned in misinformation. The program explains how to access a no cost honeypot as a service. HaaS makes it possible to explore malware and learn about exploits in a controlled environment. The link to the service is provided in the program.

Kenny Toth, April 28, 2020


Another Specialized Method Revealed

April 20, 2020

This is another example of an article which should not be widely available. Rumors of a method to compromise Android phones have been circulating for months. The major signal that a specialized services firm had developed a way to compromise Android phones was a change in Zerodium’s bounty. Android bounties cratered; iPhone vulnerability values skyrocketed. Why? Android devices could become the house pets of certain entities.

The Secret Behind Unkillable Android Backdoor Called xHelper Has Been Revealed” explains the procedures followed. If you are interested in what significant research efforts can achieve, read the article.

DarkCyber’s view is that Google’s Android team, like many zip zip development shops, overlook excellence. The pursuit of good enough has paid dividends for Google’s approach to business. However, Googlers make assumptions that their way is THE highway.

That works until it doesn’t.

DarkCyber has little to say about the specialized services which have been able to convert the Android device into a handy dandy information provider.

And what about the cyber security firms selling “security”? Does this minor issue suggest that talk and PR about digital security solutions is hot air?

But Google?  Yep, Google. Good enough is not.

Stephen E Arnold, April 20, 2020

DarkCyber for April 14, 2020, Now Available

April 14, 2020

This week’s DarkCyber program contains three news stories and one feature. The program is available via Vimeo and YouTube.

Geospark Analytics is the subject of a DarkCyber profile. The company has a new president, a new partner, and a public podcast. What makes these announcements interesting is that most firms engaged in geolocation analysis maintain a low profile. DarkCyber points out the downside of attracting too much attention. Geospark Analytics, a start up, is likely to become a disruptor in what is a little known sector of the law enforcement and intelligence markets. The technology is directly germane to recent announcements about tracking individuals of interest.

DarkCyber reports that bad actors are going to great lengths to make credit card theft easy. The story explains the principal features of a new point-and-click way to obtain names, credit card data, and the codes printed on each card. Also, this type of “skimming crime” is going to be further automated. After paying a fee, the developer of the skimming system will automate the theft for the customer. How much does the service cost? About $1000 but if a customer does not have the cash a revenue split is available.

A 2014 report produced by the US Department of Justice suggests that predictive analytics may not be as reliable as some experts assert The original document was not available to the public, but it was obtained via a Freedom of Information request by a watch dog group this year. The 2014 report reveals information about the somewhat dismal performance of predictive analytics systems. The outputs of these systems from well-known vendors were not helpful to enforcement and legal officials. The DarkCyber story includes a link to the full report as well as a link to a recent analysis of predictive analytics systems efficacy in identifying life outcomes for young people. The results of both studies appear to call into question the reliability of some predictive software.

DarkCyber’s program concludes with a reminder that virtual private networks may not be private. An online news service identified a number of comparatively high-profile VPNs that are not particularly secure. A link to the source document and the name of three suspect services are provided.

DarkCyber is a production of Stephen E Arnold. Programs are released twice a month and provide news, analysis, interviews, and commentary about the Dark Web, cyber crime, and lesser known Internet services.

Programs are available on Vimeo and YouTube. For the current program, you are welcome to navigate to

Kenny Toth, April 14, 2020

The Roots Behind Criminality: Cyber and Regular

April 8, 2020

Coronavirus scams, global Internet traffic hijacking, and attacks on work-from-homers. Where does crime originate?

In the United States, true crime documentaries and fictional detective shows are popular. People love these shows because it explores the human psyche and tries to answer why people commit crimes. Mental health professionals have explored criminals motivations for centuries, including University of California Santa Cruz professor of psychology Craig Haney. shares more on Haney’s work in the article, “New Book Debunks Myths About Who Causes Crime And Why.”

For over forty years, Haney researched the real causes behind crimes and he formulated the hypothesis that criminal behavior could be tied to childhood suffering, such as abuse, trauma, and maltreatment. Haney had interviewed many death row inmates and noticed trauma patterns in them. His colleagues were skeptical about his findings, because there was not much research not the idea and few studies. Haney wrote about his findings in a new book, Criminality in Context: The Psychological Foundations of Criminal Justice Reform. In his new book, Haney discusses forty years of research and what believes to be the root causes of criminal behavior, how it differs from accepted conventions, and what reforms are needed in the criminal justice system. Haney stated:

‘“The nation’s dominant narrative about crime is that it is committed by bad people who freely choose to make bad decisions, persons who are fundamentally different from the rest of us,’ said Haney, who holds psychology and law degrees. “The only thing that is fundamentally different about them is the lives they’ve lived and the structural impediments they’ve faced.’”

Haney found that the people most at risk to commit crimes were those exposed to childhood trauma and often experienced even more maltreatment in places meant to protect them: school, foster care systems, and juvenile justice systems.

He also argues that poverty and racism are key contributors to criminal behaviors. Poverty is a gateway to criminal behavior, because it leads to trauma, unmet needs, and less opportunities. Unfortunately ethnic minorities who experience poverty and trauma are more likely to end up imprisoned. By proxy ethnic minorities receive differential treatment and represent the largest criminal populations.

Haney’s research exposes bigger holes in the already broken criminal justice system. He points that bigger reforms need to be made than simple criminal justice. Crime prevention strategies need to start at the cradle, most importantly combating social inequality and and poverty.

While Haney’s research may sound new, it only augments what other mental health professionals have been spouting for years. Everything is connected when it comes to mental health, but humans usually are not taught how to properly care for their minds.

Whitney Grace, April 8, 2020

DarkCyber for March 31, 2020, Now Available

March 31, 2020

DarkCyber video news program interviews Robert David Steele, a former CIA professional, about human trafficking. Among the topics touched upon in the video are:

  • Why human trafficking is useful to intelligence operatives
  • The mechanics of running an entrapment operation.
  • Jeffrey Epstein’s activities
  • The role of Ghislaine Maxwell, daughter of Israeli spy Robert Maxwell.

Mr. Steele’s comments reflect his involvement in a book about human trafficking. The video provides a link to a free download of information not widely disseminated.

You can view the program on Vimeo at this link or on YouTube at this link.

Kenny Toth, March 31, 2020

Cellebrite: Low Profile Outfit Shares Some High Value Information

March 27, 2020

Cellebrite, now owned by Japanese interests, is not a household word. That’s good from DarkCyber’s point of view. If you want to know more about this company, navigate to the company’s Web site.

Cellebrite Unveils the Top Global Digital Intelligence Trends for 2020” provides observations / finds in its Annual Digital Intelligence Industry Benchmark Report for 2020. Our video program will consider some of these findings in the context of cyber intelligence. However, there are four items of interest which DarkCyber wants to highlight in this short article.

Intelligence and other enforcement agencies are slow to adapt. This finding is in line with DarkCyber’s experience. We reported on March 24, 2020, in our DarkCyber video that the Canadian medical intelligence firm Bluedot identified the threat of the corona virus in November 2019. How quickly did the governments of major countries react? How is the US reacting now? The “slowness” is bureaucratic friction. Who wants to be identified as the person who was wrong? In terms of cyber crime, Cellebrite’s data suggest “43 percent of agencies report either a poor or mediocre strategy or no digital intelligence strategy at all.” [emphasis added].

Government agency managers want modernization to help attract new officers. The Cellebrite study reports, “Most agency managers believe police forces that embrace mobile tech to collect digital evidence in the field will help reduce turnover and be significantly more prepared to meet the digital evidence challenges of 2020.” DarkCyber wants to point out that skilled cyber professionals do not grow on trees. Incentives, salaries, and work magnetism are more important than “hopes.”

Budgets are an issue. This is a “duh” finding. DarkCyber is not being critical of Cellebrite. Anyone involved directly or indirectly in enforcement or intelligence knows that bad actors seem to have infinite scalability. Government entities do not. The report says, “With the deluge of digital devices and cloud data sources, examiners face an average 3-month backlog and an average backlog of 89 devices per station. The push for backdoors is not designed to compromise user privacy; it is a pragmatic response to the urgent need to obtain information as close to real time as possible. Cellebrite’s tools have responded to the need for speed, but for many governments’ enforcement and intelligence agencies, a 90 day period of standing around means that bad actors have an advantage.

DarkCyber will consider more findings from this report in an upcoming video news program. Watch this blog for the release date for the program.

Stephen E Arnold, March 27, 2020

Next Page »

  • Archives

  • Recent Posts

  • Meta