DarkCyber for March 13, 2018, Now Available

March 13, 2018

The March 13, 2018 DarkCyber video news program, produced by Stephen E Arnold, is now available. DarkCyber covers the Dark Web and lesser known Internet services.

The program is available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/259403592.

The March 13 program explores the high-profile National Crime Agency arrest and sentencing of Matthew Falder. Mr. Falder, a faculty member at the University of Birmingham, was engaged in child pornography, blackmail, and related offenses. In the aftermath of the case, the difficulty of shutting down the Dark Web became evident to some in the United Kingdom.

Stephen E Arnold said, “The UK’s National Crime Agency has demonstrated its capabilities in data analysis of Dark Web metadata and its traditional investigative expertise. The identification, prosecution, and incarceration of an individual responsible for abuse of dozens of young people illustrates the effectiveness of the NCA’s blending of advanced technology and cyber expertise.”

DarkCyber takes a look at the information about the Defense Intelligence Agency’s National Media Exploitation Center. DarkCyber reveals that the capabilities of NMEC and other government agencies are significant and are extensible with the user of tools and methods developed by commercial firms like Cellebrite, now owned by a Japanese company.

The regulation of digital currency is gaining momentum in the US and elsewhere. Coinbase, a digital currency facilitator, has agreed to comply with a request from the US Internal Revenue Service. The IRS will receive the digital currency transaction histories of more than 10,000 Coinbase users. The door remains open for the IRS to gain access to additional transaction data. With this IRS activity, the deanonymization of digital currency transactions is underway.

DarkCyber reveals that TLS (transport layer security) certificates caught  the attention of Recorded Future’s analysts. Dark Web sites are selling hijacked TLS certificates. DarkCyber provides the names of Surface Web vendors which sell legitimate certificates for about $5, a fraction of what Dark Web vendors charge.

Kenny Toth, March 13, 2018

DarkCyber for March 6, 2018, Now Available

March 6, 2018

The DarkCyber weekly video news program is available at www.arnoldit.com/wordpress and at vimeo.com/258482690. Produced by Stephen E Arnold and Beyond Search, the program covers the Dark Web and lesser known Internet services.

The March 6, 2018, DarkCyber video news program is now available. This week’s program features information about Stephen Allwine’s attempt to purchase an assassination from the Dark Web Besa Mafia site. Mr. Allwine was swindled and his wife remained alive. DarkCyber explains how an information technology professional killed his wife and staged a suicide. Mr. Allwine was convicted and is in jail with time to contemplate losing $6,000 paid to the Besa Mafia Dark Web site and his incarceration for murder.

DarkCyber reports about ASI Data Science’s smart software. The system can scan millions of videos and identify those with terrorist-related content. The system operates at an accuracy level greater than 90 percent.

Criminals operating from Ukraine stole $50 million in Bitcoin. However, the Dark Web was not the vehicle in this case. The criminals used Google advertising, spoofed Web sites, and gullible people. The fraudsters are now sought by Ukrainian authorities.

A multi-jurisdictional task force has shut down Infraud, a Dark Web site and discussion service. DarkCyber explains the method used to deanonymize the bad actors. One of the criminals used the handle “1stunna,” which is either a reference to the individual’s appearance or a misspelling of “first tuna.” Software correlates handles (aliases) with IP addresses and other data. DarkCyber reports that “tunna” was caught in the net. Arrests took place in the US, Australia, the UK, France, Italy, Kosovo, and Serbia.

Kenny Toth, March 6, 2018

DarkCyber, February 27, 2018, Now Available

February 27, 2018

The DarkCyber video news program about the Dark Web and lesser known Internet services is now available. The program can be viewed at http://www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/257348721 . The program features Stephen E Arnold, author of CyberOSINT and The Dark Web Notebook.

This week’s program covers research which explains why Dark Web vendors of controlled substances offer free samples. Unlike street dealers who use samples to “hook” new users, Dark Web merchants have another goal in mind. Dark Web drug buyers can leave reviews about the quality of product and the reliability of a Dark Web vendor. The free samples are designed to cause people who post an Amazon-style recommendation about a drug market that is positive.

What motivates an individual to use the Dark Web to locate and acquire child pornography? Researchers from Australia have offered a mathematical procedure to identifying specific characteristics which help answer this question. An analysis of Dark Web traffic combined with streamlined analytic techniques yield a partial answer. Not too surprisingly, greed and desire are the fuel which contribute to the behavior.

Stephen E Arnold said:

“The development of the Tor Use Motivation Module or TMM allows more precise and rapid analysis of hidden Web data. The benefit is that identification of bad actors now consumes fewer computational resources and generates results in minutes, not days.”

DarkCyber reports that open source software can be used to obtain information from multiple Dark Web sites or probe a specific Dark Web site for intelligence. A series of informative articles with code snippets allows a person with average programming skills to conduct a Dark Web intelligence operation.

The Georgia Bureau of Investigation, working with the US FBI uncovered and shut down a sex trafficking service in the Peach state. A human trafficking circuit operated between Atlanta and three other Georgia cites.

About Stephen E Arnold

Stephen E Arnold is the author of “Dark Web Notebook” and “CyberOSINT: Next Generation Information Access.” He lectures at the Telestrategies ISS conferences about Dark Web and lesser known Internet security threats. His training programs for law enforcement and intelligence professionals reach hundreds of operating personnel each year and influence agent instructional programs in the US and in other countries. He provides strategic information services to clients worldwide. His services include analysis, investigation support, and training to commercial organizations and government agencies. His daily blog Beyond Search is available at www.arnoldit.com/wordpress.

Kenny Toth, February 27, 2018

DarkCyber for February 20, 2018, Now Available

February 20, 2018

The February 20, 2018, DarkCyber walks through the method for de-anonymizing Bitcoin transactions. The paper, written by researchers at Qatar University, highlights information leakage in the Bitcoin blockchain implementation. The video news program is available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/256283081 .

A Dark Web customer used multiple identities to purchase Class A controlled substances via the Dark Web. Investigators were able to trace one of the bad actor’s false identities to specific personal details and arrest the individual. Aliases combined with use of the Tor browser are vulnerable to the investigative methods used by British cybercrime investigators.

LmnTrix, an Australian cyber security firm, discovered a new ransomware service called GAndCrab. What makes the service unique is that the developers impose a terms of service agreement upon individuals wishing to extort money. One example of the deal is that clients of the ransomware software developer must agree to use the software outside of Russia and other members of the Commonwealth of Independent States or have their license for the ransomware revoked. MBA thinking now informs black hat hackers.

You can view the video at this link.

Kenny Toth, February 20, 2018

DarkCyber for February 13, 2018, Now Available

February 13, 2018

The February 13,2018, DarkCyber reports on Ecuador’s country-wide surveillance system. A new story about a Dark Web criminal case sparks a surge of interest in the Dark Web. The publicity is similar to the attention directed at Random Darknet Shopper’s exhibition of contraband purchased by a software robot from hidden Internet contraband markets. Bitcoin’s anonymization is becoming less and less anonymous. The latest innovation is the use of ad tracking technology similar to that used by Google DoubleClick to unmask users of digital currency for Dark Web purchases. Ecuador has implemented a country-wide surveillance system developed jointly by Chinese and Ecuadorian engineers. The program is also available on Vimeo at https://vimeo.com/255241891.

Kenny Toth, February 13, 2018

DarkCyber for February 6, 2018, Now Available

February 6, 2018

The Beyond Search DarkCyber video program for January 6, 2018, is now available. You can view the program on YouTube or on Vimeo. This week’s program reveals that the go-to system for purchasing military-grade weapons is Telegram, the messaging app. Lebanon’s surveillance program has been exposed. After years of covert operation, human error allowed researchers to characterize the operation. White hat and black hat techniques were used by the Middle Eastern country. Haven, a software app attributed to Edward Snowden, promises protection from third-party access to a mobile phone. Dark Cyber tested the app and found that it could transmit data back to the app’s creator. The program also reviews some of the investigative techniques used to locate the operator of a Dark Web pornography site. In addition to analysis of Dark Web traffic, investigators matched behavioral to Surface Web sources and examined linguistic behaviors to track down users. You can view the video from the Beyond Search main page at this link.

Kenny Toth, February 6, 2018

DarkCyber for January 30, 2018, Now Available

January 30, 2018

DarkCyber for January 30, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at www.vimeo.com at https://vimeo.com/253109084.

This week’s program looks at the 4iq discovery of more than one billion user names and passwords. The collection ups the ante for stolen data. The Dark Web database contains a search system and a “how to” manual for bad actors. 4iq, a cyber intelligence specialist, used its next-generation system to locate and analyze the database.

Stephen E Arnold said:

“The technology powering 4iq combines sophisticated data acquisition with intelligent analytics. What makes 4iq’s approach interesting is that the company integrates trained intelligence analysts in its next-generation approach. The discovery of the user credentials underscores the importance of 4iq’s method and the rapidly rising stakes in online access.”

DarkCyber discusses “reputation scores” for Dark Web contraband sites. The systems emulate the functionality of Amazon and eBay-style vendor report cards.

Researchers in Germany have demonstrated one way to compromise WhatsApp secure group chat sessions. With chat and alternative communication channels becoming more useful to bad actors than Dark Web forums and Web sites, law enforcement and intelligence professionals seek ways to gather evidence.

DarkCyber points to a series of Dark Web reviews. The sites can be difficult to locate using Dark Web search systems and postings on pastesites. One of the identified Dark Web sites makes use of a hosting service in Ukraine.

About DarkCyber

DarkCyber is one of the few video news programs which presents information about the Dark Web and lesser known Internet services. The information in the program comes from research conducted for the second edition of “Dark Web Notebook” and from the information published in Beyond Search, a free Web log focused on search and online services. The blog is now in its 10th year of publication, and the backfile consists of more than 15,000 stories.


Kenny Toth, January 30, 2018

DarkCyber for January 23, 2018, Now Available

January 23, 2018

The January 23, 2018, DarkCyber program about the Dark Web and related online issues is now available. The program can be viewed at www.arnoldit.com/wordpress and on Vimeo at this link:  https://vimeo.com/251980239.

The program address four important news stories related to law enforcement and intelligence work.

A new Dark Web search systems called Candle wants to provide easy, quick access to Dark Web content. The DarkCyber’s research team found that the system was easy to use. However, specific searches often return no results. This week’s program suggests an work around.

Mobile phones can be fingerprinted. Take a picture with a mobile phone, and researchers have discovered that manufacturing defects in sensors make it possible to tie a specific mobile phone to a particular digital image. Although in the research and development stage, the data suggest a new tool for law enforcement when gathering evidence in human trafficking and pornography cases.

The need for anonymous communication is fueling an open source project called Soprani.ca. The idea is that an alternative network will allow untraceable messaging and calling. The challenge of these leapfrog innovations is that established lawful intercept companies may have to develop new systems and methods. The giant Shoghi Communications reveals that its system can struggle when trying to make sense of encrypted communications, including https packets.

Bitcoin is running into regulatory headwinds. The news about China’s actions has overshadowed an equally important development in Australia. DarkCyber explains why Australia’s actions are important.

You can view the program at www.arnoldit.com/wordpress.

Kenny Toth, January 23, 2018

DarkCyber, January 16, 2018, Now Available

January 16, 2018

This week’s DarkCyber examines the Experian Dark Web alerting service. Based on an examination of the Digital Shadows’ Web site, that company is working with Experian to provide the Experian consumer service. Digital Shadows appears to be moving from its law enforcement and intelligence focus into a broader business to business and consumer market.

The video is available on Vimeo at https://vimeo.com/250765019 The video can be accessed via Beyond Search at www.arnoldit.com/wordpress.

The program also takes a different approach to the changes in net neutrality. DarkCyber reports that law enforcement and intelligence agencies may have wider scope for action for certain data collection methods. Companies like FinFisher allow non US customers a way to gather information using higher levels of network access.

Stephen E Arnold, publisher of the Beyond Search blog and producer of HonkinNews DarkCyber, said:

“Outside of the US certain governments are able to use the capabilities of Tier 1 and Tier 2 network providers, aided by specialized software from companies like FinFisher. With a higher level of network access, placing special software on suspected bad actors computing devices is less complicated. Changes in net neutrality in the United States may facilitate a similar capability. In order to deal with the increasingly rapid changes in technology available to bad actors, access to higher level network access can pay significant dividends for law enforcement and intelligence authorities.”

Dark Web eCommerce vendors, Stephen E Arnold reports, are now showing more interest in digital currencies with more robust obfuscation. Monero and Zcash are two currencies gaining momentum in the Dark Web. Investigators’ ability to figure out who is conducting certain digital currency transactions continues to improve.

The final story takes a look at the alleged kidnapping of a British supermodel. The alleged wrongdoer is awaiting trial in Italy, but the publicity about the alleged auctioning of the supermodel as a Dark Web sex slave remains controversial.

Check out the video at this link.

Kenny Toth, January 16, 2018

Encryption and Decryption: A Difficult Global Problem

January 10, 2018

I read “FBI’s Wray Calls for Significant Innovation’ in Accessing Encrypted Data.” The story echoed a statement which appeared in one of the technical product sheets from a company few people reading generalized online content have heard about.

The firm is Shoghi, and it is based in India. The main business of the firm is designing and licensing hardware and software for military and law enforcement use. The company can acquire data from a range of sources, including undersea cables. In the company’s description of its https intercept service, I noted this statement:

“Interception of this secure HTTPS traffic is possible at various point but it is normally not possible to achieve the decryption of the HTTPS traffic due to the secrecy algorithms used for encryption of the data.”

HTTPS poses a challenge. Encrypted hardware poses a problem. The volume of data continues to increase.

When a major lawful intercept company is quite explicit about the difference between intercept (capture) and being able to “read” the information, the problem is not confined to the US. Shoghi has as customers more than 65 countries and, it appears, each has the same problem.

Jumping back to the Fox story and Mr. Wray’s call for innovation, I want to point out that:

  1. The problem is not just the FBI’s; it is a problem for many authorities
  2. The “weakening” of the Internet is a powerful argument; however, as the fabric of security continues to fray from insider and outsider activities continues to capture headlines, the Internet has not become weak. The Internet is what it was designed to be: Robust in delivering packets and weak in terms of inherent security.
  3. The technical innovation referenced in the write up is what Shoghi wants its licensees to do: Figure out how to make sense of the captured data.
  4. The solution may reside with specialist firms which have developed technologies which perform date and time stamp analysis, clustering, digital fingerprinting of handles (user names), link analyses, and other text processing methods.

To sum up, Mr. Wray has identified a problem. Keep in mind that it is one that exists for countries other than the US. From my point of view, identifying specialists with non-intuitive ways of approaching the encryption problem warrant additional funding in the efforts to crack this “problem.”

My Dark Web Notebook team has compiled a list of companies with orthogonal approaches. We do make this information available on a fee basis. If you are interested, write benkent2020 at yahoo dot com for more information. Also, the January 23, 2018 “Dark Cyber” video includes a segment about the encryption problem for lawful intercept and surveillance vendors.

Stephen E Arnold, January 10, 2018

Next Page »

  • Archives

  • Recent Posts

  • Meta