Echosec: Dark Web Search for Those Who Qualify
April 2, 2019
A Canadian company has devised a way to search the Dark Web without the hassle of the Tor browser or proxy servers. HotHardware reports: “Beacon, a Dark Web Search Engine Can Be Your Eyes in the Internet Underworld.” The catch—one must prove to the company behind Beacon, Echosec, that they have a legitimate reason to use the “Google of the Dark Web.” The intention, we’re told, is for organizations to monitor whether any of their sensitive data has made it onto a Dark Web marketplace. Reporter Rod Scher writes:
“This could include stolen corporate emails, company documents, personal info, or other such data that could be detrimental to a company, its brand, or its customers. After all, if your data has been compromised, it’s always better to know than not to know. …
We noted this statement:
“While [CTO Mike] Raypold notes that it is possible to misuse Beacon, since the tool makes it easier for users to locate data they might otherwise have difficulty finding, he says that the company has taken steps to mitigate that danger. ‘First, every Echosec customer must go through a use-case approval process to determine how the customer is using the application and to make sure they are in compliance with the vendors from whom the data Is sourced,’ says Raypold. ‘If a potential customer cannot pass the use-case approval process, they do not get access to the system.’ Second, the company has built automated tools and manual processes into its platform and into the company workflows to notify the Echosec team if users attempt to run searches that are in violation of their approved use case.”
Not only will Echosec know if a user violates their agreement, certain queries simply cannot be run through Beacon. The company shares their acceptable-use policy here, and it is thorough. Founded in 2013, Echosec is based in Vancouver, British Columbia. If you want to see selected screenshots of the system’s output, check out the Dark Cyber video for March 26, 2019, at this link.
Stephen E Arnold, February 27, 2019
DarkCyber for April 2, 2019, Now Available
April 2, 2019
DarkCyber for April 2, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/327544822.
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: Online censorship increases; Dark Web drug czar goes offline; Dark Web tech comes to the Firefox browser; and more evidence of change in the Dark Web; plus a look at Megaputer’s fraud detection technology.
This week’s feature reviews Megaputer’s fraud detection technology. The firm uses a number of advanced mathematical and linguistic methods to make sense of large flows of data. Based in Bloomington, Indiana, the company serves a wide range of clients from finance, government, pharmaceuticals, and consulting services. The firm was the first to put advanced text analytics on the desktop at a time when other firms required Unix workstations and client server computing resources. The firm’s PolyAnalyst H makes it possible to process large volumes of data at extremely high speed.
This week’s “Cybershots” cover four subjects:
There are more indications that online censorship is becoming more aggressive. Russia has implemented regulations governing what sites can be accessed and what type of content is permissible. Germany’s statement legislators have begun work on a bill to criminalize use of Tor and other hidden Internet tools.
The individual who created RAMP or the Russian Anonymous Marketplace asserted that his customized encrypted chat client was one reason his site had eluded government authorities. The site is now offline.
Letterboxing, a technology which prevents certain types of online tracking, will be introduced in an upcoming release of Firefox, a popular Web browser. This feature has been part of the Tor browser since 2016 and is one more indication of Dark Web technology seeping into the public Internet or “Clear Net”.
The program explains how to get a summary of software and tools to access hidden Internet sites and service. Written by Veracode, a cyber security firm, the video provides information necessary to obtain a copy of this useful report.
A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cybercrime, Dark Web, and company profiles are now appearing on a daily basis.
Kenny Toth, April 2, 2019
DarkCyber for March 26, 2019, Now Available
March 26, 2019
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: A call to block Tor in the European Union; Mimikatz, a key hacking tool; and SSL/TLS exploits; a look at IntSights’ marketing of its intelligence software and services; and a Bitcoin poster boy captured in Australia.
This week’s feature reviews IntSights, a cyber intelligence firm which has experienced rapid growth. Most firms providing services to law enforcement and intelligence agencies maintain a low profile. IntSights has published a sponsored book and promoted Digital Risk Protection for Dummies written by a former Forrester consultant. The company also released some financial information, which is a departure from the less open approach taken by other companies in this low profile niche.
The second major story concerns the founder of Auscoin, an Australian digital currency. The Australian Federal Police arrested an advocate of Bitcoin for dealing in controlled substances and operating a drug syndicate. The AFP seized about 60 pounds of cocaine, MDMA, and methamphetamines and the alleged wrongdoer’s bright green Lamborghini. Now faced with 14 charges related to controlled substances, the association of criminal activity and digital currency is difficult to ignore.
The “Cybershots” for this week include:
1. Wolfgang Sobotka’s call for blocking access to Tor (The Onion Router) within the European Union. Tor facilitates access to hidden Web sites, some of which facilitate the sale of drugs and other contraband. Tor may be criminalized after Sobotka’s presentation at the February 2019 European Police Congress.
2. The Mimikatz hacking tool is widely used by hackers around the world. DarkCyber describes this free software and explains where it can be obtained.
3. As cyber security becomes more effective, wrongdoers are seeking new ways to compromise systems. One active approach is to compromise SSL and TLS functions. DarkCyber provides information about obtaining a new, free report about this method of attack written by researchers at Georgia State University and the University of Surrey.
A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cybercrime, Dark Web, and company profiles are now appearing on a daily basis.
Kenny Toth, March 26, 2019
DarkCyber for March 19, 2019, Now Available
March 19, 2019
DarkCyber for March 19,2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/324801049.
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cyber crime, and lesser known Internet services.
This week’s story line up includes: Google search blockchain data; emojis puzzle lawyers; NATO soldiers fooled by social media come ons; big paydays for hackers; Dark Web search for marketers; and Iran’s hacker army
This week’s feature looks at the Beacon Dark Web search system. Developed by Echosec Systems in Canada, Beacon provides search and analytics for those interested in tracking brands, companies, and people in Dark Web content. The system’s developers enforce a code of behavior on licensees. If Echosec determines that a user violates its guidelines, access to Beacon will be cut off. Echosec offers a number of powerful features, including geofencing. With this function it is possible to locate images of military facilities and other locations.
The second feature in this week’s video focuses on Iran’s cyber warfare activities. One key individual—Behrooz Kamalian—has been maintaining a lower profile. Those whom he has trained have been suspected of participating in online gambling activities. Kamalian himself, despite his connections with the Iranian government, served a short stint in prison for this allegation. Iran has one of the large cyber warfare forces in the world, ranking fourth behind Russia, China, and the US.
The “Cybershots” for this week include:
- Google has made available a search engine for blockchain data. Those skilled in blockchain and digital currency transactions may be able to deanonymize certain aspects of a transaction.
- Emojis which carry meaning are creating issues for lawyers and eDiscovery systems. The colorful icons’ meaning are not easily understood.
- A social media test for NATO soldiers’ resistance to online tricks was completed by central command. The result was that soldiers can be easily tricked into revealing secret information.
- Organize hidden Web criminals are paying up to $1 million a year in salary and providing benefits to hackers.
A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cyber crime, Dark Web, and company profiles are now appearing on a daily basis.\
Kenny Toth, March 19, 2019
DarkCyber for March 12, 2019, Now Available
March 12, 2019
DarkCyber for March 12, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/322579803 ,
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cyber crime, and lesser known Internet services.
This week’s story line up includes: Cellebrite devices for sale on eBay; emojis can activate app functions; and sources selling bulk personal data.
The feature this week discusses speech analysis. Reports have surfaced which reveal that some US correctional facilities are building databases of inmates’ voice prints. The news appeared coincident with rumors that the US National Security Agency was curtailing its voice collection activities. Companies like Securus Technologies provide tools and services related to prison telephone and unauthorized mobile device use. The Securus Investigator Pro has been available and in use for almost a decade. Voice print technology which is analogous to a digital fingerprint system makes it possible to identify those on a call. Inclusion of behavioral tags promises to make voice print systems more useful. With a tag for the caller’s emotional state, investigators can perform cross correlation and other analytic functions to obtain useful information related to a person of interest.
Links are provided to explanations of Amazon’s policeware system which can be used to perform these types of analytic operations.
The final story provides a snapshot of a 100 page field manual about online deception. Published by the US Army, this document is a comprehensive review of systems and methods for military use of deception in an online environment. Checklists and procedural diagrams make clear why social media operations are successful in civilian and military contexts. The DarkCyber video includes a link so viewers can download this unclassified publication.
Kenny Toth, March 12, 2019
Facebook Tracking Amidst Privacy Assertions
March 7, 2019
Privacy International published “Guess What? Facebook Still Tracks You on Android Apps (Even If You Don’t Have a Facebook Account).”
I am not particularly surprised. The chatter about Facebook and its privacy initiative is one of those “pivot” plays. Talk is cheap, unlike online advertising.
The write up states:
seven apps, including Yelp, the language-learning app Duolingo and the job search app Indeed, as well as the King James Bible app and two Muslim prayer apps, Qibla Connect and Muslim Pro, still send your personal data to Facebook before you can decide whether you want to consent or not. Keep in mind: these are apps with millions of installs.
There are some recommendations in the write up. DarkCyber suggests you read these before spending much time on statements like this one from Facebook: “A Privacy Focused Vision for Social Networking.”
Stephen E Arnold, March 7, 2019
DarkCyber for March 5, 2019, Now Available
March 5, 2019
Cyber for March 5, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/321045698 .
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.
This week’s story line-up includes: A new feature called Cybershots with information about authentic AI, Psy-Group, Microsoft malware, and VKontakte; our feature Facebook as a digital problem; and illegal video streaming.
DarkCyber’s feature reviews the UK government’s report which states that Facebook acted as a “digital gangster.” DarkCyber provides a link from which the document can be downloaded. Among the conclusions set forth in the report were re mediating actions which range from increased regulation of social media firms to fines for their behavior. The report included information that suggests that other countries will take enforcement and regulatory action directed at Facebook. Among the countries identified were Brazil and Singapore.
The second principal story focuses on illegal streaming video services. Google has blocked some of these services and legal actions are underway. Nevertheless, streaming video continues to thrive with thousands of first run movies and major US television programs available. Some of the services are operated from Russia or other Eastern European countries. These services make use of sophisticated content delivery services and rely on technology which allows the criminals to spin up a new service when authorities close one in operation. Services available from some illegal streaming services offer Netflix-like interfaces, sell advertising, and charge subscription fees. Legal hurdles and the cost of pursuing enforcement action in some countries increases the difficulty copyright holders face in closing these services.
This week, DarkCyber introduces a new feature called Cybershots. The items in this section of the video news program reveal that one of the companies associated with weaponized social media has gone out of business. Microsoft has unwittingly allowed malware to be distributed from its online store. A company providing policeware has found that one of its marketing phrases has been picked up by a Chinese company and used as the firm’s name. Plus, a customer of the Russian social media service VKontakte received an unusual Valentine greeting, a cyber attack from a disgruntled customer.
Kenny Toth, March 5, 2019
DARPA Looks Into Nano AI
February 26, 2019
The fields of nanotechnology and artificial intelligence have never been hotter. Just look at the recent call for ideas from the Defense Advanced Research Projects Agency (DARPA), that they are calling the “Micro-Brain Project.” No, this has nothing to do with the IQ level of politicians, it is actually a groundbreaking idea in defense, as we learned from a recent Newsweek story, “US Military is Building Smarter Robots and Thinks Insects Might Be The Key to New Artificial Intelligence.”
According to the story:
“The proposal…[looks for a plan] capable of mapping out the insect’s brain and its decision-making functions as part of the Artificial Intelligence Exploration program which…’constitutes a series of high-risk, high-payoff projects where researchers will work to establish the feasibility of new AI concepts within 18 months of award.’”
Obviously, the idea of mapping an insect’s brain and nervous system would pay dividends in the spy industry. Imagining microscopic drones has tongues wagging everywhere from the Pentagon to Langley. And they’re not alone. MI6 recently hailed this as the next frontier that they, too, are focusing on. We are on the cusp of a new arms race, where the weapons are getting smaller, not bigger. Any agency that could harness the AI capability and size of insects will, obviously, gain a major advantage over other nations.
Now imagine the mix of DARPA’s nano intelligence with the FLIR nano drone explained in this week’s DarkCyber. Interesting stuff.
Patrick Roland, February 26, 2019
DarkCyber for February 26, 2019, Now Available
February 26, 2019
DarkCyber for February 26,2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/77362226.
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.
This week’s story line up includes: a nano drone for US Army operators; lonely heart cyber cons; a major denial of service takedown; and a snapshot of Cyberheist, a deep dive into financial cyber crime.
The first story explores FLIR’s Black Hornet nano drones. These devices are the size of one half sheet of paper and weigh as much as a single slice of bread. US Army operators will use the devices to see around corners and look over the next ridge. Each drone can transmit high definition video and still images and remain aloft for 30 minutes. The operator can fly the nearly invisible drones from a handheld mobile phone sized controller. The nano drones will be used by military forces in France as well as by US military personnel.
The second story explains how romance cons have become a growth business for cyber criminals. The method exploits online dating or “hook up” sites. Individuals seek females over the age of 50, build trust via online communications, and then use that relationship to obtain cash or financial information. Losses average, according to the UK authorities, about $10,000 per successful con. Victims are often reluctant to go to the authorities because they are embarrassed about their behavior.
The third story provides information about the recent takedown of individuals responsible for more than 200,000 denial of service attacks. One of the individuals arrested began his business based on making it easy to knock a Web site offline when he was 17. The method used flooded a Web site or service with a large number of requests. If the targeted service was not correctly configured, the DDOS attack would cause the Web site or service to become unresponsive.
The final story provides a summary of a free book called “Cyberheist.” The 260 document provides a wealth of information about the mechanisms used for stealing bank account information, credit card data, and other personal financial information. The volume reviews numerous types of online methods for deceiving an individual into providing information or for allowing the attacker to install malware on the target’s computing device. DarkCyber provides information about how to download this useful volume without charge.
Kenny Toth, February 26, 2019
DarkCyber for February 19, 2019, Now Available
February 19, 2019
DarkCyber for February 19,2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/317779445. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.
This week’s story line up includes: image analysis applied to hotel rooms used for human trafficking; compromising an iPhone via a text message or email; a new report about digital currency crime; and shipping arms the old fashioned way, via the mail.
Facial recognition systems continue to be criticized for inaccuracy and potential human rights violations. A group of researchers have applied artificial intelligence and image analysis to locate hotels allegedly used for human trafficking and the commission of child sex crimes. Plus the team compiled a database of more than 50,000 hotel rooms. The system matches a known hotel room against a photograph obtained from a human trafficker’s advertisement. By pinpointing the location, law enforcement can direct its resources at that venue. Anyone can contribute by uploading hotel room and short term property rentals to a public website.
The second story focuses on a new way to compromise iPhones produced in the period from 2016 to mid 2017. The technique was allegedly used by former US government personnel working for organizations based in the United Arab Emirates. The Project Raven team used a technique which required only a single email or text message. The payload was sent directly to a target’s iPhone. Once the iPhone received the message, that device was accessible to the Project Raven personnel and allowed text messages, images, and other data to be accessed without the iPhone user’s knowledge. Apple closed the security hole, but the technique was interesting because no clicks, downloads, or other actions on the part of the target were necessary.
The third story describes the free “Crypto Crime Report” available from Chainalysis. This company is one of the leaders in the deanonymization of digital currency transactions, including Bitcoin. With the Dark Web losing traction, Chainalysis reports bad actors have turned to encrypted message apps like Telegram and WhatsApp to conduct advertise and sell their products and services. Customers have shifted from Dark Web ecommerce sites to these distributed, anonymous messaging services. The report includes details of investigative methods used to steal digital currency. The majority of thefts were the work of two gangs. Investigators are engaged in an increasingly fierce game of Whack a Mole.
The final story recounts how a spy stole a secret US missile and shipped the device to Russia in the mid 1960s. Today the same method is used by arms dealers in Europe. Postal services and commercial shipping companies have to identify weapons which are disassembled. The components are then placed in cartons which contain parts for common products like vacuum cleaners and kitchen equipment. The old methods remain valid despite today’s modern technology and knowledge of the methods used by bad actors.
Kenny Toth, February 19, 2019
-
- Subscribe to Beyond Search
Feature archive
News archive
-
