DarkCyber for July 16, 2019, Now Available

July 16, 2019

This week’s program is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/348009146. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: An Australian teen with 20,000 LSD doses; a money laundering operation run within a Florida prison; a how to guide for credit card fraudsters; Facebook’s digital currency triggers domain name land rush; and Interpol smashes a global child sex crime operation.

This week’s lead story talks about Facebook’s digital currency. Regulators in the US have expressed some reservations about what could be considered a sovereign currency. Facebook’s effort to unify its messaging applications and integrate encryption into the service poses one additional hurdle for investigators. The proposed digital currency called Libra may enable seamless, friction free financial transactions within the encrypted Facebook system. Bad actors are likely to test the system to find ways to use Facebook for illegal activities. Messaging apps can provide access to digital content like pirated videos, child pornography, commercial software with its security compromised, and similar digital contraband.

Other stories in the July 16, 2019, program are:

First, an Australian teenager used the Dark Web to purchase LSD, a controlled substance. The Australian Joint Agency Strike Team monitored the teenager’s activity which included setting up a mail drop in the central business district of Adelaide. When police moved in, they seized 20,000 doses or “tabs” of LSD. The contraband had an estimated street value of US$200,000. The legal representative of the alleged drug dealer pointed out that the young man had good family support. The teen also had knowledge of the Dark Web, a mail drop, and the 20,000 LSD tabs.

Second, Terbium Labs issued a new report which provides information about credit card fraud. For security professionals, the report is a concise review of key factors. To an individual looking for a primer explaining credit card fraud or “carding” the Terbium report is an interesting resource. Terbium points out that lesson plans for would be credit card fraudsters are available on the Dark Web. Most of the instructional material and guides cost between $4 and $13. Similar information can be located using Regular Web search engines. DarkCyber reveals that Yandex.com offers both current credit card fraud instruction guides as well as direct links to explanatory videos. This type of information may pose a dilemma for public search engines. For an individual seeking information about how to perform financial fraud, the abundance of available information is remarkable for its scope and its ready availability.

Third, convicted criminals in Pasco Country, Florida, operated a money laundering scheme from their cells. The angle was to obtain stolen credit cards from a Dark Web marketplace and transfer money from the credit card to a prisoner’s personal commissary account. Many US prisons allow inmates to purchase snacks and approved items from this prison store. Once the money was in a prisoner’s account, the ringleader then submitted a request for the prison to transfer the money to the account of an individual who was not in prison. Investigators identified the prisoners involved in the scheme, arrested one person who acted as an accomplice, and identified seven other individuals involved the the operation. A total of $8,000 was stolen in 40 separate transactions.

Finally, DarkCyber reports that Interpol’s Blackwrist investigated a global child sex crime operation. Dozens of individuals were arrested. One pedophile has been sentenced to more than 100 years in a Thailand prison. Others snared in the sweep are allegedly individuals who have abused children, some as young as 15 months. Blackwrist continues its investigations and more arrests are expected.

Kenny Toth, July 16, 2019

DarkCyber for July 9, 2019, Now Available

July 9, 2019

DarkCyber for July 9, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: Amazon’s drone-centric surveillance technology; Mauritania loses Internet access; cyber criminals stumble at the US Post Office; the US develops THOR to kill drone swarms; and cyber crime for vertical markets grows.

This week’s lead story pivots on Amazon’s patent US 10,313,638 “Image Creation for Geo-Fence Data.” This invention makes it possible for an Amazon drone delivering packages or performing some other function like verifying that a driver dropped off an order to perform other functions. The specific example described in the patent is for Amazon to parse drone footage within a specific area and then extract data about a person or other entity. The idea is to geo-fence a front yard, a back door, or some other location and then extract the image and assign metadata to that extracted object. In short, deliveries plus surveillance. The invention makes us of the Amazon Web Services’ suite of services; for example, cross correlation of drone captured data with facial recognition, purchase history, and financial information.

Other stories in the July 9, 2019, program are:

First, Bromium and the Surrey Crime Research Lab in the UK have published information about a new trend in cyber crime. Instead of Dark Web bad actors just offering generic malware, SCRL reports that specialized software has become more widely available. The “vertical” malware is purpose built to attack retail, health care, and financial institutions. The technology needed to compromise an employee’s mobile device and corporate network access has been fine-tuned to deal with the security procedures in place for banking, finance, and credit card providers. Instead of relying on general purpose exploits, malware like Ramnit is bundled with tools able to penetrate hospitals and retail operations. Bromium provides a summary of some of the SCRL results, and DarkCyber provides information necessary to register to obtain this high value report.

Second, the US government, assisted by three commercial enterprises, has develop a system to kill or disable a swam of drones. The technology makes use of a directed beam which interferes with the electronics of a group of drones. The idea is that a swarm of drones can operated in an autonomous and semi-autonomous manner to compromise US security or perform in an offensive manner; for example, deliver poison, explosives, or surveillance devices. The THOR (Tactical High Power Microwave Responder) can be set up by two people in less than three hours. The beam defense is operated with a hand held controller. The technology can be mounted on a variety of platforms, included land based vehicles.

Third, two individuals based in the US shipped more than 25,000 packages containing controlled substances. The duo collected more than $8 million from the sale of narcotics and fake prescription drugs like Adderall. US investigators broke the case because the team used Stamps.com, an online service for postage. One of the bad actors signed up for the service using his real name and home address. Agents purchased four batches of narcotics and then raided the operation. In that raid, a commercial pill press was seized along with other evidence. When arraigned, the duo pleaded “Not guilty.”

Finally, Mauritania, a northwest African nation with a population of four million lost Internet access. An estimated 800,000 citizens had been unable to send email, use Facebook, and other online services. The government took this step in order to help quell political unrest in that country. Other countries in that region’s Internet shut down zone are Ethiopia and Sudan.

Kenny Toth, July 9, 2019

DarkCyber for July 2, 2019, Is Now Available

July 2, 2019

DarkCyber for July 2, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/345294527. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: Tor survives another court battle related to a child who overdosed on Dark Web drugs; a newspaper unwittingly provides a road map for undertaking credit card fraud; a profile of DataWalk, a next-generation intelligence platform with a secret sauce; and Recorded Future’s threat intelligence service runs from Amazon’s platform.

This week’s lead story is the revelation that Recorded Future relies on Amazon AWS to serve its new threat intelligence service. Recorded Future was founded in 2009 with initial investors Google and In-Q-Tel, the investment arm of the US Central Intelligence Agency. In May 2019, the predictive analytics company was acquired by Insight Partners, a leading global capital and private equity firm. The purchase price was about $700 million. Recorded Future’s threat intelligence service is in the same product category as FireEye’s information service. Providing threat information in a browser provides easier access to this information. Stephen E Arnold, author of CyberOSINT: Next Generation Information Access, said: “The use of the Amazon AWS platform, not the competing Google service, is significant. Recorded Future joins BAE, Palantir Technology, and a handful of other firms leveraging the AWS infrastructure. Amazon is emerging as the plumbing for law enforcement and intelligence software.”

Other stories for the July 2, 2019, program are:

First, a Utah court decided that Tor, the software bundle required to access the Dark Web, was not liable for a death. The parents of a young person who overdosed on drugs ordered from a online contraband vendor via Tor sued the foundation involved with the anonymizing technology. Other cases have been filed against Tor. The deciding factor in this most recent decision and other cases is the US law which treats online platforms differently from traditional publishers. The court uncovered information that there are about 4,000 people in Utah who use Tor and presumably the Dark Web each day.

Second, a British newspaper published an informational article about online credit card fraud. DarkCyber interpreted the information in the report as a road map for a person who wanted to commit an online crime. The news story provided sufficient information about where to locate “how to” materials to guide an interested individual. Tips for locating sources of stolen credit card data were embedded “between the lines” in the report. The newspaper did omit one important fact. Organized crime syndicates are hiring individuals to commit credit card fraud and other financial crimes.

Finally, DarkCyber profiles a start up called DataWalk. This company provides a next-generation intelligence analysis and investigation platform. Competitors include IBM Analyst’s Notebook and Palantir Technologies Gotham / Titan products. DataWalk, however, has patented its technology which implements the firm’s method of delivering query results from disparate sources of structured an unstructured content. Plus the company can provide an analyst with content from third-party content products such as Thomson Reuters and the specialist publisher Whooster. The service also scales to accommodate data analysis, regardless of the volume of information available to the system. DataWalk’s analytic system operates in near-real time. DataWalk allows a user to perform sophisticated investigative and analytic procedures via a mouse-centric graphical interface. A user can click on an icon and the system automatically generates a “workflow ribbon.” The ribbon can be saved and reused or provided to another member of the investigative team. More information about this firm is available at www.datawalk.com .

Kenny Toth, July 2, 2019

DarkCyber Video News for June 25, 2019, Now Available

June 25, 2019

DarkCyber for June 25, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/343915592 .

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: Twitch.tv covers of the Hong Kong protests when YouTube did not; Cellebrite technology unlocks any mobile phone; Virsec’s Shadow Broker report; DarkCyber’s new coverage of intelware for government use; and French police shut down a contraband market with 7,000 customers.

This week’s feature is a report about Amazon Twitch.tv’ live coverage of the Hong Kong extradition protest. The free service streamed programs which provided continuous views of official announcements, confrontations between protestors and police, and stunning images of hundreds of thousands of Hong Kong residents protesting. One stream features nine panels of live video. Each panel provided live video of different protest locations. YouTube Live did not stream the event. Queries about the Hong Kong protest returned hits to archived video of protests. DarkCyber reports that Twitch.tv’s coverage of this important event marks a turning point for both Amazon and for Google.

Other stories covered in this week’s DarkCyber video news program are:

Cellebrite, a company specializing in services for law enforcement and intelligence agencies, announced an important technology achievement. The company can now unlock and access information on any Android or Apple iPhone. Cellebrite’s innovation provides access to iPhones running the most recent version of iOS. Plus, with the new technology, cyber labs will be able to unlock these devices on their premises.

With the surge in ransomware and the stepped up attacks on US cities’ networks, the Virsec white paper “How the Shadow Brokers have Permanently Changed the Cybersecurity Landscape” is a timely and important report. DarkCyber highlights the contents of this free document and explains how a person can obtain a copy of the report.

French police continued its crackdown on hidden Web sites selling contraband. In simultaneous raids in Bordeaux, Nice, and other cities, authorities arrested three individuals believed to be the operators of the ecommerce site. The French Deep Web Market sold drugs, weapons, and forged documents. The operation served more than 5,000 customers and relied on about 700 vendors. Police seized data, hardware, and software.

The final story reports that each weekly video will feature intelligence and investigative software. Systems profiled will make it possible for investigators and intelligence professionals to perform functions like geo-fencing via graphical interfaces, no programming by the user will be required. The story highlights a free bundle of policeware gathered by a former FBI professional. DarkCyber explains how to obtain more than 36 software tools without charge.

DarkCyber video news is a weekly program. It contains no advertising, and it is designed for law enforcement, security, and intelligence professionals interested in software, new developments, and investigative innovations. New programs become available on Tuesday of each week. Programs are available via YouTube and Vimeo.

Kenny Toth, June 25, 2019

DarkCyber for June 18, 2019, Now Available

June 18, 2019

DarkCyber for June 18, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/342544814.

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up covers: A next-generation content processing system funded by In-Q-Tel; Dark Web scans for personal information; a new spin on Crime as a Service tuned to steal financial data; Canada’s prisons get a drone detection systems; and the FBI Vault adds additional Clinton email data.

This week’s feature is a review of Forge.ai’s content processing system for law enforcement and intelligence applications. The system converts open source and other data into “structured intelligent event event feeds.” Unlike many commercial content processing and intelligence systems, Forge.ai is designed to handle data flows of virtually any size and perform processing in real time. The company recently received the support of In-Q-Tel, the CIA’s investment unit. Lt. General John Mulholland is accepted a position on Forge.ai’s board of advisers. General Mulholland was the deputy commander of Special Operations command and also served at the CIA.

Other stories in this week’s DarkCyber video news program are:

First, Dark Web scans to find personal information are advertised on television. DarkCyber looks at some of the methods used by vendors who offer free or low-cost scans of the Dark Web for PII or personal identification information. DarkCyber reports that many services do not deliver comprehensive results. There are specialized services available to law enforcement and intelligence professionals, but most of these are not available for public use.

Second, crime-as-a-service or CaaS continues to improve. Malware from two different sources have evolved into a symbiotic relationship. The Gazorp tool makes it easy to customize malware known as Azorult. Despite the odd names, the one-two punch facilitates the use of these tools by an individual or group of individuals without deep technical expertise. Gazorp is offered without charge, but the value of the software opens the door to monetization. Other bad actors are likely to build on the CaaS approach of Gazorp’s and Azorult’s developers and users.

Third, in this week’s drone news, DarkCyber reports that Version 2, a Canadian company, will deploy a drone detection system as six of Corrections Canada’s prisons. Drones have been sued to drop contraband into correctional facilities. Some drone have delivered drugs, mobile phones, and McChicken sandwiches to inmates. Donnacona, one of Canada’s most secure facilities, will be among the first group of institutions to receive the new technology in early 2020.

Finally, DarkCyber provides information so that a viewer can download more than 400 pages of information related to Hillary Clinton’s email. The collection of documents is available in the Federal Bureau of Investigation’s Vault service. Manual review of the documents is recommended. Some media reports have not presented a comprehensive picture of the information in this most recent release of information.

DarkCyber video news is a weekly program. It contains no advertising, and it is designed for law enforcement, security, and intelligence professionals interested in software, new developments, and investigative innovations. New programs become available on Tuesday of each week. Programs are available via YouTube and Vimeo.

Kenny Toth, June 17, 2019

LookingGlass Threat Map

June 11, 2019

You may want to check out an interesting approach to marketing as practiced by a cyber intelligence firm. And if you are curious about threats posed by exploits, malware, and other cyber weapons, you will want to examine the LookingGlass Threat Map. The display shows attacks (attempted and successful). If you put your mouse on the map, you can display threats by region. The map is zoomable, so you can obtain information about target of the attack; for example, attacks in Italy. Click on a dot and information about the attack is displayed in a pop up window.


The map also displays a moving real time graph of attacks per second. DarkCyber found the scrolling list of attack types particularly interesting. One can see that the Sality variants are one of the more popular attacks at this time (Tuesday, June 11, 2019, 0603 US Eastern time).

The threat map provides graphs as well; for instance:


I discuss some of LookingGlass’ capabilities in my Dark Web 2 lectures. For more information about LookingGlass, navigate to the company’s Web site. The Sality exploit exists in variants. The software has been available for many years. It exploits the bad actors’ best friend: Microsoft Windows. After 16 years and numerous variants, one could ask the question, “What’s up with this, Microsoft?”

I won’t ask that question because I address Microsoft’s ball fumbling in the DarkCyber video for June 11, 2019.

Stephen E Arnold, June 11, 2019

DarkCyber for June 11, 2019, Now Available

June 11, 2019

DarkCyber for June 11, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/341177540.

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: News about Leidos’ new cyber intelligence system; the risks and vulnerabilities of autonomous smart weapons; and the overlooked factors in the Baltimore ransomware attack.

This week’s feature is a discussion of three facets of the Baltimore ransomware problem. The city was unable to deliver some services and conduct routine business due to malware. With the computers down, Baltimore officials struggled to get its computers back online. Most of the reports ignored three facets of this problem which are as important as the vulnerability of the city. DarkCyber points out that sensitive software must be better protected. Multiple security lapses within US government agency have occurred. The loss of the personnel data from the Office of Personnel Management, the Edward Snowden data theft, and the TSB activity, among other are inexcusable. There is plenty of talk about cyber security, but that talk has not prevented data loss. That’s a problem which endangers lives, national security, and the integrity of Federal institutions. Action is necessary.

Second, cyber security firms offering a mind boggling array of threat intelligence, defensive shields, and specialized procedures are not enough. Perhaps Baltimore could not afford products sold by companies located within the city limits or a short drive down the Baltimore–Washington Parkway. The vendors of cyber security systems have to do a better job. Now. The breezy PowerPoints and the slick demos are obviously falling short.

Finally, the Microsoft Corporation is the vector of an attack which has been available to bad actors for more than two years has dropped the ball. The company’s software has no significant defense, and that too is inexcusable. Microsoft has either been unable or unwilling to address the security flaws which EternalBlue exploits. Should a company receive the Department of Defense JEDI contract worth about $10 billion when its software is vulnerable and being exploited? Microsoft must be held accountable. More than a Congressional hearing is needed. Much more.

Stephen E Arnold, producer of DarkCyber and author of “The Dark Web Notebook,” said in his lecture on June 4, 2019, at the TechnoSecurity & Digital Forensics Conference: “The stakes continue to rise. Cyber professionals have to become more aggressive in their efforts to prevent bad actors from mounting successful attacks.”

Other stories covered in the June 4, 2019, DarkCyber video include:

Leidos (formerly SAIC) has announced developed a new intelligence analysis system known as “Advanced Analytics and Machine Learning Microservices Platform”. The system has been developed to solve one major problem facing analysts; specifically, data that can be useful has been stored on a variety of stovepiped software systems, or in different digital mediums. A manual investigation is impractical due to the different data formats and the volume of historical and real time data. The new system Artificial intelligence and machine learning uses artificial intelligence and machine learning to sort through data and pinpoint the content relevant to their operation.

The final story identifies new research which pinpoints what experts call “normal accidents” in smart, autonomous weapons systems. The problem was identified decades ago when complex processes interact and tiny probabilities trigger a chain of failure.

DarkCyber appears each Tuesday and is available on YouTube, Vimeo, and directly from the DarkCyber news service.

Kenny Toth, June 11, 2019

DarkCyber for June 4, 2019, Now Available

June 4, 2019

DarkCyber for June 4, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/339717881 .

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: A look at SafeSkyHacks; cyber crime data from the Global Drug Survey; bad actors shift to closed chat service; the real threat of GozNym malware; LookingGlass and GoldmanSachs announce cyber intelligence deal.,

This week’s feature is a look at the broader implications of the GozNym malware. This series of attacks netted the bad actors more than $100 million from 41,000 businesses and financial institutions. The malware was a combination of code, operating by deploying numerous exploits. As damaging as GozNym was, it signals a phase change in how modern digital attacks operate. DarkCyber identifies three key characteristics of GozNym. First, it was a multi-national force. Second, the hackers met and communicated via social media and chat. Third, the hackers operated like Amazon the AWS cloud, offering Crime as a Service. Attackers needed little or no technical expertise.

Stephen E Arnold, producer of DarkCyber and author of “The Dark Web Notebook,” said in his lecture on June 4, 2019, at the TechnoSecurity & Digital Forensics Conference: “The law enforcement crackdown on the Dark Web has been effective. The unanticipated consequence has been a shift to decentralized operations delivering Crime as a Service.” Point-and-click is now point-and-attack.”

Other stories covered in the June 4, 2019, DarkCyber video include:

First, a review of the software and services available on a hacker forum available to anyone with a standard browser. SafeSkyHacks provides free information about hacking, stolen data sets, and information about exploits. A members-only section of the Web site makes it possible to locate hackers with specific skills, services, software, and data. The DarkCyber video segment takes a close look at the profile posted by one of SafeSkyHack’s’ members. Hackers offer a number of services which may cross the boundary between general information and illegal activity.

Second, the Global drug survey for 2019 contains a wealth of information about the illegal use of narcotics available from the Dark Web and other sources. DarkCyber extracts items which reveal the countries which are now experiencing sharp increases in the use of controlled substances. The United States, for example, is at the top of the list of countries for opioid abuse. Another significant finding in the 2019 report links drug abuse with sexual assault. Assaults often happen when other people are nearby and reports of these attacks are rarely, if ever, reported to the police.

Third, DarkCyber reports about Stephen E Arnold’s remarks about the technology being adopted by bad actors. With information about distributed system widely available and the willingness of criminal elements to pay as much as $1 million for technical talent, law enforcement faces a new challenge. Services like illegal online gambling and video streaming services are becoming difficult to stop. When authorities seize one server, the bad actors deploy a replacement system at a different hosting location with a different Internet address. The new location for the illegal service is disseminated via closed chat and online forums. Often the access information is available on public content hosting sites like Pastebin.com. In some countries, the technical resources needed to disable an illegal online service structured like Netflix is a new challenge.

The final story is a report about the transfer of GoldmanSachs’ Sentinel cyber security software to LookingGlass, a cyber intelligence firm. Terms of the deal were not disclosed. LookingGlass is likely to integrate the Sentinel system into the LookingGlass services for financial institutions. Sentinel was recognized for excellence by the US Department of Homeland Security.

Kenny Toth, June 4, 2019

DarkCyber for May 28, 2019, Now Available

May 28, 2019

DarkCyber for May 28, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at  https://www.vimeo.com/338518927. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: The Offensive Community hacking Web site; malware requires no user action to seize mobile phone data; Dutch police deal with prisoner monitoring failure; a snapshot of Cobwebs Technologies’ investigative software; and China’s Great Firewall burns Wikipedia.

This week’s feature provides information about hackers for hire on the regular Internet, no Dark Web surfing required. The Offensive Community Web sites offers a classified advertising service. Hackers can post their capabilities in order to attract customers. The information on the site references a range of exploits which can be used for positive as well as illegal activities. Forums provide information and sources for botnets, keyloggers, remote access controls, specialized scripts, and related functions.

Other stories covered in the May 21, 2019, DarkCyber video include:

First, malware, allegedly developed by a specialist vendor supporting government customers, can compromise a mobile phone. What makes this alleged exploit notable is that the standard way of placing malware on a user’s device is to require that the user click a link or take some other action. That action allows the attacker to place the exploit on the user’s phone. The new approach requires only that the target has Facebook’s WhatsApp installed. The attacker places an in app voice call to the target. The exploit automatically uses a programming error in WhatsApp to compromise the target’s phone. The method was allegedly used to track the journalist Jamal Khashoggi. The fact that this method is no longer secret provides sufficient information to ensure that other bad actors will seek to emulate this technique.

Second, a botched software update in the Netherlands disabled prisoner ankle bracelets. These devices are used to monitor prisoners under house confinement. When these devices go offline, the monitored individual can flee the country or return to his or her pre-arrest activities. The Dutch police experienced a similar outage in 2018 when the mobile phone system used to transmit data went down. The modern ankle bracelet includes the tracking technology, but can also include two-way communications, alcohol level monitoring, and anti-removal technology. There are videos allegedly showing how one removes these devices, but tampering with the devices typically leads to additional charges.

Third, DarkCyber provides a profile of the basic functions available in the investigative software developed by Cobwebs Technologies. This is an Israeli startup which allows a user to extract actionable information from open source content. The tools available include a search and retrieval system and analytics. Data can be displayed in a visual format, including maps. DarkCyber’s overview includes examples of the interface and analytic reports.

Finally, China’s Great Firewall has blocked Wikipedia, the online encyclopedia. The online information service publishes content in numerous languages, and China has blocked every version of the digital encyclopedia. China’s approach to information control is part of a larger effort to maintain order and ensure government control of citizen activity. The process is called “Chinafication,” and the censorship method is influencing other governments’ approach to ensuring civil order.

DarkCyber appears each Tuesday and is available on YouTube, Vimeo, and directly from the DarkCyber news service.

Kenny Toth, May 28, 2019

When Know How Gets Loose: Excitement Ensues

May 23, 2019

Bad actor hackers are pains in the rear, especially when they steal personal information. They are even worse when they steal from the government and use the stolen information for nefarious purposes. From The Trenches World Report explains the how and why about the hackers in that “China Used NSA Cyber weapon To Hack Targets, Symantec Says.”

The NSA developed a hacking tool dubbed “Double Pulsar” that can secretly download malware onto Windows-based PCs. Chinese hackers stole it, put their stamp on it, and used it on unsuspecting victims back in 2016. There was evidence that the altered Black Pulsar paired with another Chinese hacking tool were used in attacks in Belgium and Hong Kong. What is even worse is that the Chinese hacking tool could only hack 32-bit systems, but was revamped to attack 64-bit systems with newer Windows versions.

It is unknown how the alleged Chinese hackers obtained Double Pulsar. The possible theories are that an NSA server with bad security or a NSA employee went rogue. Another idea is that the hackers collected some NSA traffic that contained Double Pulsar..

“Whatever the case may be, the findings underscore the risks of NSA cyber weapons falling into the wrong hands. Double Pulsar, itself, is no longer a secret. In April 2017, a mysterious party called the Shadow Brokers went online and dumped a cache of NSA hacking tools, which included details on Double Pulsar. A month later, the same NSA hacking tools were used to launch Wannacry, a ransomware attack that hit Windows machines across the world.

Who the Shadows Brokers are remains a mystery. But according to Symantec, the Chinese hacking group that gained access to Double Pulsar no longer appears to be active. In Nov. 2017, the US publicly charged three members of the group with hacking crimes and intellectual property theft.”

One more hacking tool is now an open source piece. DarkCyber is not keen on certain types of technology becoming widely available.

Whitney Grace, May 23, 2018

Next Page »

  • Archives

  • Recent Posts

  • Meta