DarkCyber for November 19, 2019, Now Available

November 19, 2019

The November 19, 2019, DarkCyber discussed Amazon’s patent US 10,296,764 B1 “Verifiable Cryptographically Secured Ledgers for Human Resource Systems.” Stephen tries his best to make this patent discussion thrilling. Well, perhaps “thrilling” may be stretching the discussion of the system and method disclosed in this 24 page disclosure. But there are some graphics and a number of statements which are probably too simple to satisfy a patent attorney. Nevertheless, if you are curious about Amazon and its invention for human resources, navigate to www.vimeo.com/373810982 and check out the program. This week’s program marks the start of “season two” of DarkCyber. More patents, an interview, and news stories will feature in the coming weeks. After celebrating three quarters of a century of semi-coherent thinking, DarkCyber will appear every two weeks. The interfaces implemented in the software Stephen uses slows him down. The team just tells him, “Okay, Boomer, work harder.” His response cannot be printed in this prestigious blog.

PS. In August, Stephen was quoted by the New York Times, in October by MIT’s Technology Review (yep, the Epstein friendly organization), and this month by Le Monde (that’s in Paris and in French no less). The subjects? Intelligence, Amazon, and the lack of awareness among certain residents of Harrod’s Creek to Stephen’s research. Hey, he lives in Kentucky which holds a proud place in the lower quartile of literacy in the US.

Kenny Toth, November 19, 2019

Remounting the Pegasus Named NSO

November 15, 2019

Those who care about security will want to check out the article, “Pegasus Spyware: All You Need to Know” from the Deccan Herald. Approximately 1,400 smartphones belonging to activists, lawyers, and journalists across four continents suffered cyber attacks that exploited a WhatsApp vulnerability, according to a statement from that company. They say the attacks used the Pegasus software made by (in)famous spyware maker NSO Group. Though the Israeli spyware firm insists only licensed government intelligence and law enforcement agencies use their products, WhatsApp remains unconvinced; the messaging platform is now suing NSO over this.

The article gives a little history on Pegasus and the investigation Citizen Lab and Lookout Security undertook in 2016. We learn the spyware takes two approaches to hacking into a device. The first relies on a familiar technique: phishing. The second, and much scarier, was not a practical threat until now. Writer David Binod Shrestha reports:

“The zero-click vector is far more insidious as it does not require the target user to click or open a link. Until the WhatsApp case, no example of this was seen in real-world usage. Zero-click vectors generally function via push messages that automatically load links within the SMS. Since a lot of recent phones can disable or block push messages, a workaround has evidently been developed. WhatsApp, in its official statement, revealed that a vulnerability in their voice call function was exploited, which allowed for ‘remote code execution via specially crafted series of packets sent to a target phone number.’ Basically, the phones were infected via an incoming call, which even when ignored, would install Pegasus on the device. The data packets containing the spyware code were carried via the internet connection and a small backdoor for its installation was immediately opened when the phone rang. The call would then be deleted from the log, removing any visible trace of infection. The only way you will know if your phone has been infected in the recent attacks is once WhatsApp notifies you via a message on the platform.”

Pegasus itself targets iPhones, but Android users are not immune; a version Google has called Chrysaor focuses on Android. Both versions immediately compromise nearly all the phone’s data (like personal data and passwords) and give hackers access to the mike and camera, live GPS location, keystroke logging, and phone calls. According to the Financial Times, the latest version of Pegasus can also access cloud-based accounts and bypass two-factor authentication. Perhaps most unnerving is the fact that all this activity is undetectable by the user. See the article for details on the spyware’s self-destruct mechanism.

Shrestha shares a list of suggestions for avoiding a Pegasus attack. They are oft-prescribed precautions, but they bear repeating:

“*Never open links or download or open files sent from an unknown source

*Switch off push SMS messages in your device settings

*If you own an iPhone, do not jailbreak it yourself to get around restrictions

*Always install software updates and patches on time

*Turn off Wi-Fi, Bluetooth and locations services when not in use

*Encrypt any sensitive data located on your phone

*Periodically back up your files to a physical storage

*Do not blindly approve app permission requests”

For those who do fall victim to Pegasus, Citizen Lab suggests these remedies—they should delink their cloud accounts, replace their device altogether, change all their passwords, and take security more seriously on the new device. Ouch! Best avoid the attacks altogether.

Cynthia Murrell, November 15, 2019

Russia and Iran: Beards (in the Medieval Sense) Are Back

November 6, 2019

Here is a terrific example of how Russian cyber attackers skillfully sow confusion. The Financial Times reveals, “Russian Cyber attack Unit ‘Masqueraded’ as Iranian Hackers, UK Says.” A joint investigation by the UK’s National Cyber Security Centre and the US’s National Security Agency reveals the espionage group first hacked an Iranian hacking group, then attacked over 35 other countries posing as that group. The Russian group, known as Turla, has been linked to Russian intelligence. Reporters Helen Warrell and Henry Foy write:

“The Iranian group is most likely unaware that its hacking methods have been hacked and deployed by another cyber espionage team, security officials involved in the investigation said. Victims include military establishments, government departments, scientific organizations and universities across the world, mainly in the Middle East. Paul Chichester, NCSC director of operations, said Turla’s activity represented ‘a real change in the modus operandi of cyber actors’ which he said ‘added to the sense of confusion’ over which state-backed cyber groups had been responsible for successful attacks. ‘The reason we are [publicizing] this is because of the different tradecraft we are seeing Turla use,’ he told reporters. ‘We want others to be able to understand this activity.’ Mr Chichester described how Turla began ‘piggybacking’ on Oilrig’s attacks by monitoring an Iranian hack closely enough to use the same backdoor route into an organization or to gain access to the resulting intelligence. … But the Russian group then progressed to initiating their own attacks using Oilrig’s command-and-control infrastructure and software.”

We’re told the group successfully hacked about 20 countries using this tactic. It let them tap into Oilrig’s operational output to gain access to victims faster and easier. Not surprisingly, the Kremlin refused to comment; Russia consistently denies it hacks other states, describing such allegations as “mythical.”

Cynthia Murrell, November 6, 2019

Deepfake Detection: Unsolvable

November 3, 2019

CEO of Anti-Deepfake Software Says His Job Is Ultimately a Losing Battle” describes what may be an unsolvable problem. Manipulated content may be in the category of the Millennium Prize Problems, just more complicated. The slightly gloomy write up quotes the founder of Amber Video (Shamai Allibhai):

“Ultimately I think it’s a losing battle. The whole nature of this technology is built as an adversarial network where one tries to create a fake and the other tries to detect a fake. The core component is trying to get machine learning to improve all the time…Ultimately it will circumvent detection tools.

The newspaper publishing this observation did not include Jorge Luis Borges’ observation made in the Paris Review in 1967:

Really, nobody knows whether the world is realistic or fantastic, that is to say, whether the world is a natural process or whether it is a kind of dream, a dream that we may or may not share with others.

But venture funding makes the impossible appear to be possible until it is not.

Stephen E Arnold, November 3, 2019

China and Its Data Method

November 2, 2019

China continues to expand its authority to surveil anything and everything that occurs electronically within its borders, and its latest plan could pose a legal bind for any foreign companies doing business there. China Law Blog sums up the problem in, “China’s New Cybersecurity Program: NO Place to Hide.” China’s Ministry of Security plans to access all raw data that crosses Chinese networks and/or resides on Chinese servers and to employ renowned big-data expert Wang Yingwei to analyze it in his new role as head of the Cybersecurity Bureau. Reporter Steve Dickinson emphasizes the Ministry intends to intercept every scrap of data from every corner of society, from businesses to fellow ministries to even the Internet of things. Note that foreign businesses are included, and the methods such entities used to rely upon to avoid the surveillance will no longer apply. Dickinson writes:

“They did this primarily by establishing VPN internet servers in their own offices. These servers used VPN technologies to isolate data from the Chinese controlled networks, allowing for the use of a company intranet that maintained the secrecy of emails and data stored on the company servers in China. As cloud computing has advanced, foreign owned companies typically use the same VPN technologies to isolate their cloud based servers from the Chinese controlled system. Though the Chinese authorities often complained about these VPN systems, foreign companies were usually able to claim that their special WFOE status exempted them from Chinese data controls. However, with the roll-out of the new system, that will all change. First, the Cybersecurity Law and related laws and regulations are very clear that they apply to all individuals and entities in China without regard to ownership or nationality. There are no exceptions. More important, the new Foreign Investment Law that goes into effect on January 1, 2020 eliminates any special status associated with being a WFOE or other foreign invested enterprise. Foreign owned companies will be treated in exactly the same way as Chinese owned companies.”

Not only does this mean foreign companies will be unable to secure their own trade secrets on Chinese networks or at offices within China, neither will they be able to adhere to U.S. or EU laws on protecting client confidentiality, restricted emerging technologies, or other sensitive information. To avoid prosecution for breaking these laws simply by doing business within China, some companies may have no choice but to shutter any operations in that country.

Cynthia Murrell, November 2, 2019

DarkCyber for August 27, 2019, Now Available

August 27, 2019

DarkCyber for August 20, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/.

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: Amazon AWS as an attack launch pad for bad actors; obtaining fake paper and passports; cyber warriors have side gigs; adversarial fashions are for sale; and information about the new DarkCyber series about policeware starting in November 2019.

The feature story this week is reports that some bad actors are integrating Amazon Web Services into their phishing and malware activities. The reason is that the platform is widely available, easy to use, and has an excellent reputation. Many phishing attacks use multiples services, and AWS is becoming a resource that is gaining acceptance among bad actors.

Other stories in this week’s program are:

Jeffrey Epstein, accused of human trafficking activity, had several passports in his home at the time of his arrest. Passports and other documents like a driver’s license can be purchased on the Dark Web and via other channels. Valid passports are available from a number of countries, including Greece. The valid passport from St. Kitts and Nevis cost between $150,000 and $400,000 and up. The lower charge is for a donation to the country’s sustainable growth fund. The $400,000 is the minimum required for a real estate purchase on the island. Crossing a border with fake paper or multiple passports can invite the question, “Why do you have these documents?” Unsatisfactory answers can result in denied entry, fines, or incarceration.

DarkCyber reports that Chinese cyber warriors have discovered how to operate side gigs. The idea is that these individuals use their hacking skills to compromise financial accounts. Another approach is to obtain digital products which can be sold to online game enthusiasts. Gamers will pay for game cheats and special powers to obtain an in game advantage.

For individuals who are concerned about facial recognition, a new fashion trend may be building up steam. Adversarial Fashion has developed clothing which uses designs and colors that can confuse facial recognition systems and license plate optical character recognition readers. DarkCyber provides information about where to order these T shirts, jackets, and other items. Plus, DarkCyber gives the viewer instructions for downloading a report about the technological weaknesses in surveillance systems.

DarkCyber is a weekly production of Stephen E Arnold. The currency series of videos ends with the August 27, 2019, program. The new series of DarkCyber videos begins on November 5, 2019. The new series will focus on policeware with an emphasis on Amazon’s products and services for law enforcement, intelligence professionals, and regulatory authorities in the US, Canada, Australia, New Zealand, and the United Kingdom.

DarkCyber programs are available on Vimeo.com and YouTube.com.

Kenny Toth, August 27, 2019

DarkCyber for August 20, 2019, Now Available

August 20, 2019

DarkCyber for August 20, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/354476523 .
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

The story line up this week includes a feature about Anduril Technologies’ surveillance system for border monitoring. The show also includes a critique of a public report about robocalling and a comment about the increasingly loud calls for backdoors to mobile phones and encrypted messages by law enforcement in the US and other countries.

The feature story this week is about Anduril Industries, the company which is developing systems for the Department of Defense’s Project Maven. The company was founded in 2017 by Palmer Luckey. After creating the virtual reality product Oculus Rift, Luckey sold the company to Facebook. He then founded Anduril to develop next generation surveillance products and systems. His clients include US government agencies like the Department of Homeland Security. Anduril’s innovations allow software to monitor, analyze, and make decisions. These decisions can be taken without human involved, take place automatically, or employ human-machine interactions. The system can process data from digital cameras and specialized devices. These data are then federated and analyzed by the firm’s proprietary algorithms. The system can, for example, identify a herd of cattle as well as a group of people approaching a border. Anduril, however, is able to differentiate between the animals and the humans. If detection occurs at an Anduril monitoring tower, Anduril drones can also scan the area. If multiple Anduril drones are deployed in the area in which the anomaly was detected, the resolution of the system increases. In effect, Anduril has developed a way for surveillance to deliver detection, analysis, and increased resolution. An operator can immerse himself or herself in a virtual reality presentation of what the drones and the monitoring devices “see”. Anduril’s approach to US government work stands in direct contrast to that of Google. Google refused to work on Project Maven yet funded an educational artificial intelligence center in mainland China. Anduril welcomes US government work. One of the investors in Anduril suggested that Google’s attitude toward the US government could be interpreted as treasonous.

Two other stories round out this week’s episode.

Law enforcement agencies in the US and other Five Eyes member countries continue their call for a way for government agencies to access devices and messages by persons of interest. The “growing dark” problem in the US made headlines. Law enforcement investigating the Dayton, Ohio, killings have been unable to access the alleged shooter’s mobile phone data. DarkCyber anticipates increasingly loud calls for legislation to make it mandatory for technology companies to cooperate with law enforcement when courts permit access to mobile devices.

DarkCyber calls attention to an article which provides a road map for an individual who wants to run a robocall operation. The details of the method are reviewed. Plus, DarkCyber names two services which allow a robocall spammer to set up an operation with a few clicks online. One of these services includes a “press one feature” which allows the robocaller to charge the individual who happens to answer the telephone. DarkCyber finds these types of “how to” articles somewhat troubling. The information may encourage some individuals to launch a robocall business and runs scams anonymously.

A new multi part series about Amazon policeware initiative begins on November 5, 2019. DarkCyber programs are available on Vimeo.com and YouTube.com.

Note that DarkCyber will begin a new series of programs on November 5, 2019. The current series or “season” ends on August 27, 2019. We are developing the new series now. It’s about everyone favorite online bookstore with an emphasis on policeware and intelware.

Kenny Toth, August 20, 2019

DarkCyber for July 30, 2019, Now Available

July 30, 2019

DarkCyber for July 30, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/350567599. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

DarkCyber (July 30, 2019) explores China’s aggressive method of dealing with encrypted messaging; Perceptics’ data breach and its consequences; a way to determine email links to other online services; and Palantir’s secret Gotham information exposed.

This week’s lead story concerns Palantir Technologies, a vendor of search and analytic tools for analysts. Founded in 2003, Palantir has draped a cloak of secrecy over one of its flagship products, now more than 16 years’ old. The information about the “secret” document appeared in Vice, an online information service. For those unfamiliar with investigative software, the revelations were of interest to some individuals. Vice’s public records request yielded a user manual written for police with access to the Palantir Gotham “intelware” system. The manual—described as secret and confidential—provides step-by-step instructions for performing certain investigative tasks; for example, how to obtain a profile of a person of interest, how to obtain information about a vehicle, and similar basic investigative questions.

Other stories in the July 23, 2019, program are:

First, China has introduced a very direct method of obtaining access to content on mobile phones and tablets. Citizens and allegedly some visitors have to install software from Xiamen Meiya Pico Information Company. The MFSocket software provides access to images, audio files, location data, call logs, messages, and the phone’s calendar and contacts, including those used in the messaging app Telegram. It is possible that the Meiya Pico organization has a cooperative relationship with the Chinese government. The company allegedly has 40 percent of the Chinese digital forensics market.

Second, a Web service named Deseat.me provides a useful service. Few people know what Web sites and Web services are linked to a person’s email address. Deseat.me makes locating this information easy. The service, at this time, is offered without charge. DarkCyber points out that many modern policeware systems offer a similar functionality for any email address. Deseat, along with a small number of similar services, makes the process of locating these linked sites and services easy and quick.

Finally, Perceptics, a company best known for its license plate identification system, suffered a security breach. Among the items of information compromised were US government data and a range of Perceptics’ proprietary data. The information allegedly included data related to recent border activities, a contentious issue in the United States. Perceptics may find that making sales to the US government more difficult. A loss of contracts would adversely impact the company’s revenue. A larger issue is that the security measures implemented by a company engaged in cyber services failed to deploy systems which guarded high-value data. The cost of a data breach can be high and create a public relations challenge for organizations more comfortable operating in a low-profile way.

DarkCyber videos appears each week through the September 30, 2019. A new series of videos will begin on November 1, 2019. Programs are available on Vimeo.com and YouTube.com.

Kenny Toth, July 30, 2019

Cyber Threats from Semi Insiders

July 24, 2019

I was thrilled to learn that the New York Times (which quoted me on Sunday, July 21, 2019) concluded that I had no work for the last 40 years. Well, I least I don’t rely on a SNAP card, sleep under the overpass, and hold a sign which says, “Will analyze data for food.”

What did I do in those four decades which the NYT fact checkers couldn’t find? I worked as a rental. Yep, a contractor. A semi insider.

I did what I was paid to do, delivered by now routine “This is what I think, not what you want me to think” reports, and muddled forward.

For some outfits for which I worked, I was a regular. I did projects for years, decades even. For some government agencies, it may seem as if I never left because my son is working on the projects now.

I suppose the phrase “semi insider” explains this relationship. One is “around” long enough that people assume you are part of the furniture or the break room.

I thought of this “semi insider” phrase when I read “Siemens Contractor Pleads Guilty to Planting Logic Bomb in Company Spreadsheets.” The guts of the write up strikes me as:

But while Tinley’s files worked for years, they started malfunctioning around 2014. According to court documents, Tinley planted so-called “logic bombs” that would trigger after a certain date, and crash the files. Every time the scripts would crash, Siemens would call Tinley, who’d fix the files for a fee.

So the idea was sell more work.

My view is that this practice is more widespread than may be recognized.

How does one deal with a situation in which a company’s management and regular “professionals” are so disconnected from the semi insiders’ work that no one knows there’s a scheme afoot?

How does a zip zip zip modern outfit hire individuals who can be trusted, often over a span of years?

How does an organization verify that its semi insiders have not planted a bug, malware, or some other malicious “thing” in a system?

The answer is that today’s cyber security tools will not be much help. Most organizations lack the expertise and resources to verify that what semi insiders do is a-okay.

There’s a lot of chatter about identifying and tracking insider threats. The story makes clear that semi insiders are a risk as well. Considering that Snowden and others who have acted improperly and outside the bounds of their secrecy and other agreements makes crystal clear:

Semi insider threats are a significant risk.

And as the “expertise” of many technical professionals decreases, the risks just go up.

In short, today’s cyber security solutions, cyber governance methods, and day to day management techniques are ineffective, not addressed by cyber security solutions which are essentially reactive, and not well understood.

Siemens may have gotten the memo. It only took two years to arrive.

Stephen E Arnold, July 23, 2019

DarkCyber for July 23, 2019, Now Available

July 23, 2019

DarkCyber for July 23, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/349282829. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s DarkCyber reports about Australia’s use of its anti-encryption law; tools for video piracy, a profile of SearchLight Security’s Cerberus system, and where to get information needed to join a Dark Web forum.

This week’s lead story concern easily findable software to facilitate video piracy and streaming. A report in TorrentFreak presents information from an unnamed source. This individual allegedly has been involved in video piracy and streaming for an extended period of time. The individual provides specific information about some of the software needed to remove digital rights management protections from commercial, copyrighted video content. The DarkCyber research team was able to locate software designed for the same purpose. No Dark Web and Tor were required. More significantly, these programs can be located by anyone with access to a browser and a Web search engine like Bing, Google, or Yandex. DarkCyber’s research has revealed that industrialized crime is now playing a larger role in streaming stolen video content.

Other stories in the July 23, 2019, program are:

First, Australia’s anti encryption law is now being put to use. The new regulations were used in the warrant to obtain content from a journalist. Australia is a member of the Five Eyes confederation. Australia’s law requires companies to cooperate with law enforcement and provide access to encrypted and other secured information. Canada, New Zealand, the United Kingdom, and the United States are likely to have elected officials who will seek to implement similar laws. News organizations in Australia perceive such laws as a threat.

Second, DarkCyber profiles a company founded in 2017 focused on providing law enforcement and intelligence professionals with an investigative tool. The company indexes a range of content, including forums, Dark Web sites and services, and social media content. Plus the company has created an easy-to-use interface which allows an investigator or analyst to search for a person of interest, an entity, or an event. The system then generates outputs which are suitable for use in a legal matter. The company says that use of its system has grown rapidly, and that the Cerberus investigative system is one of the leaders in this software sector.

Finally, DarkCyber provides information about a new report from IntSights, a cyber-intelligence firm. The report includes information which helps an individual to gain access to “cracker” forums and discussion groups which examine topics such as credit card fraud, money laundering, contraband, and similar subjects. The video provides the information required to download this report.

DarkCyber videos appears each week through the September 30, 2019. A new series of videos will begin on November 1, 2019. Programs are available on Vimeo.com and YouTube.com.

A new series of DarkCyber begin in November 2019.

Kenny Toth, July 23, 2019

Next Page »

  • Archives

  • Recent Posts

  • Meta