Cyber Saturday for February 16, 2018
February 16, 2019
Sifting through the information flowing into DarkCyber was less than thrilling. We did spot several items which may presage more cyber excitement in the new world of the Internet.
Security Lapse of the Week
The British newspaper Guardian (paywall) reported that a former US intelligence operative joined Team Iran. The flip exposed information and operatives. The high profile government contractor Booz Allen employed this individual for five months in 2008. Insider threats are a major threat to the security of organizations and individuals engaged in intelligence work. The fancy and expensive software available from numerous vendors may prevent some embarrassing and dangerous activities. Booz Allen was the employer of Edward Snowden, and that company may be a prospect for vendors of next generation insider threat identification systems.
Be Afraid
Deep Fakes is a phrase which is used to described spoofed videos. DarkCyber learned that researchers are allegedly afraid of their own advances in what is called “deep fakes for text.” The Generative Pre Trained Transformer 2 or GPT 2 can punch out content that
comes so close to mimicking human writing that it could potentially be used for “deep fake” content.
You can learn more about DFT and the GPT from Ars Technica.
Plus There Is a Scary Future Arriving
In our weekly DarkCyber video news programs we report about image recognition. In the January 19, 2019, program we explain how making sense of images can be used to pinpoint certain human trafficking hot spots. The Guardian (registration required for some users) explains that pop star Taylor Swift “showed us the scary future of facial recognition.” The focal point of the story is a vendor doing business at ISM. More information about the company is at this link.
Also There Creepy Face Generating AI
Many bad actors attach their images to some social media posts. Some Facebook users have some pride in their law breaking achievements. What happens when the bad actor creates a Facebook account and then posts images with faces automatically generated by smart software? Good question. You can check out the service at this url for “This Person Does Not Exist.”
A Content Treasure Trove for Investigators
That delete button may not work the way you think. Whether you are reselling your old Macbook or deleting Twitter messages, those data may still be around and available for certain types of investigations. Twitter has allegedly retained messages sent to and from deactivated or suspended accounts. Security problem for some; big plus for others. For the Verge’s take, navigate to “Twitter Has Been Storing Your Deleted DMs for Years.”
Online Auction Fraud Group
The US Secret Service took down a gang running an online auction scam. The angle was that ads said:
“I’m in the military and being deployed overseas and have to sell fast.”
To find marks (suckers), the operation unfolded in this way:
Alleged conspirators in Romania posted fake ads on popular online auction and sales websites, including Craigslist and eBay, for high-cost goods (typically vehicles) that ran on air because they were figments of the imagination. They’d con people in the US with, among other lies, stories of how they were in the military and needed to sell their car before being deployed.
Then, according to the Naked Security story:
After their targets fell for it and sent payment, the conspirators allegedly laundered the money by converting it to crypto currency and transferring it to their foreign-based buddies. According to the indictment, the alleged foreign-based money launderers include Vlad-C?lin Nistor, who owns Coinflux Services SRL, and Rossen Iossifov, who owns R G Coins.
And That Fish You Ate Last Night?
An interesting scam has been quantified in Canada by the CBC. Those in the seafood supply chain mislabel their products. Seafood fraud is selling an undesirable species of fish for a more desirable one. How widespread is the practice? I learned:
Oceana Canada, a Toronto-based conservation organization, said it found there was mislabeling with 44 per cent of the seafood samples it tested this year and last in five Canadian cities — and in 75 per cent of cases, cheaper fish were mislabeled as something more expensive.
And, Of Course, Stolen User Data
DarkCyber noted that another 127 million user records have been offered for sale. The vendor previously posted the availability of 620 million records. More about this now routine event at ZDNet.
Stephen E Arnold, February 16, 2019
Weapons via the Hidden Web
February 15, 2019
Gun control continues to be a major issue for Americans. However, if ever there was to be a tightening of gun ownership laws in this country, it’s interesting to wonder what the result might look like. Chances are, it would be a lot like Europe—even the problems that come with it, as we discovered in a recent Gunpowder Magazine article, “European Gun Ownership is Surging, Concerned Citizens Resort to Dark Web.”
According to the story:
“High threats of terror attacks and surging crime have left Europeans increasingly uneasy about their personal safety. And because gun control laws are so strict in Europe, citizens are resorting to illicit means to obtain firearms, to the point that, The Wall Street Journal reports, “unregistered weapons outnumbered legal ones” in 2017.”
It’s not just guns that are posing a threat on the dark web. Recently, a hacker posted over 600 million people’s information up for sale there. This is the reason why intelligence agencies are paying closer attention to the dark web, working on ways to crack its mysterious codes. The issue becomes staying in step or even a step ahead of the dark web, which isn’t as easy as it may sound.
Patrick Roland, February 15, 2019
DarkCyber for February 12, Now Available
February 12, 2019
DarkCyber for February 12, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/316376994. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.
This week’s story line up includes: Italy’s facial recognition system under fire; Marriott trains 500,000 employees to spot human traffickers; a new Dark Web search system from Portugal; and the most popular digital currencies on the hidden Web.
The first story explores the political criticism of Italy’s facial recognition system for law enforcement. The database of reference images contains about one third of Italy’s population. The system integrates with other biometric systems including the fingerprint recognition modules which is operating at several of Italy’s busiest airports. Despite the criticism, government authorities have no practical way to examine images for a match to a person of interest. DarkCyber believes image recognition is going to become more important and more widely used as its accuracy improves and costs come down.
The second story discusses Marriott Corporation’s two year training program. The hotel chain created information to help employees identify cues and signals of human trafficking. The instructional program also provides those attending with guidelines for taking appropriate action. Marriott has made the materials available to other groups. But bad actors have shifted their mode of operation to include short term rentals from Airbnb type vendors. Stephen E Arnold, producer of DarkCyber and author of “CyberOSINT: Next Generation Information Access, said: ”The anonymity of these types of temporary housing makes it easier for human traffickers to avoid detection. Prepaid credit cards, burner phones, and moving victims from property to property create an additional set of challenges for law enforcement”
The third story provides information about a new hidden Web indexing service. The vendor is Dogdaedis. The system uses “artificial intelligence” to index automatically the hidden services its crawler identifies. A number of companies are indexing and analyzing the Dark Web. Furthermore the number of Dark Web and hidden Web sites is decreasing due to increased pressure from law enforcement. Bad actors have adapted, shifting from traditional single point hidden Web sites to encrypted chat services.
The final story extracts from a Recorded Future report the most popular digital currencies on the Dark Web. Bitcoin is losing ground to Litecoin and Monero.
A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cyber crime, Dark Web, and company profiles are now appearing on a daily basis.
Kenny Toth, February 12, 2019
Allegations Aloft on the Karma Feathered Wing of a Raven: Reuters and the UAE
February 9, 2019
Activists, diplomats, and foreign leaders were allegedly among the targets of a surveillance operation in the United Arab Emirates, according to Reuters’ article, “Exclusive: UAD Used Cyber Super-Weapon to Spy on iPhones of Foes.” Dubbed Project Raven, the operation broke into targets’ iPhones using a hack known as “Karma,” which may or may not still be operational after Apple updated the iPhone’s software in 2017. Indeed, the breaches were made possible by a flaw in Apple’s iMessage app in the first place: hackers found they could establish their connections by implanting malware through iMessage, even if the user never used the app.
Some may be surprised learn who was involved in Project Raven; reporters Joel Schectman and Christopher Bing write:
“Raven was largely staffed by U.S. intelligence community veterans, who were paid through an Emirati cyber security firm named DarkMatter, according to documents reviewed by Reuters. … The UAE government purchased Karma from a vendor outside the country, the operatives said. Reuters could not determine the tool’s creator.
I also noted this statement:
“The operatives knew how to use Karma, feeding it new targets daily, in a system requiring almost no input after an operative set its target. But the users did not fully understand the technical details of how the tool managed to exploit Apple vulnerabilities. People familiar with the art of cyber espionage said this isn’t unusual in a major signals intelligence agency, where operators are kept in the dark about most of what the engineers know of a weapon’s inner workings. …
Did the method work? I learned:
“The Raven team successfully hacked into the accounts of hundreds of prominent Middle East political figures and activists across the region and, in some cases, Europe, according to former Raven operatives and program documents.”
The article names a few of Raven’s known victims, including the noteworthy human rights activist Tawakkol Karman, also known as the Iron Woman of Yemen. Having been a prominent leader of her country’s Arab Spring protests in 2011, Karman is used to hacking notices popping up on her phone. However, even she was bewildered that Americans, famously champions of human rights, were involved.
Cynthia Murrell, February 09, 2019
LA Times and Its Counterfeiting Thriller
February 5, 2019
I read “Glowing Reviews Tout Counterfeit Cash on the Dark Web.” The news story is more like a thriller, however. The Dark Web, fake money, online investigations, and a shoot out.
DarkCyber noted several interesting factoids in the write up:
- Reviews by customers of the Dark Web counterfeiting operation were important to the criminal’s business. The article refers to a “loyal fan base.”
- The agency taking the lead in the investigation was the US Secret Service. DarkCyber has heard that this entity is the most capable team of cyber sleuths in the US government.
- The “printing” was carried out on lasers and special paper.
- The bad actor had a long history of illegal activities. (This suggests that pattern analysis may be a useful adjunct to a traditional investigation.)
- The bad actor mailed counterfeit bills on several occasions from a traditional outdoor mail box across from a police station.
- After neutralizing the bad actor, agents discovered “about $300,000 in fake $100 bills, lined up and hanging to dry in neat rows.”
Investigators have not solved the problem of the location of the digital currency to which the bad actor had access. Also, computers seized in the raid were encrypted, and these, according to the write up, have not yet been decrypted by the USSS.
Stephen E Arnold, February 5, 2019
DarkCyber for February 5, 2019, Now Available
February 5, 2019
DarkCyber for February 5,2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/315073592. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.
This week’s story line up includes: Alleged money laundering via the popular Fortnite game; and an excerpt from Stephen E Arnold’s “Dark Web, Version 2” lecture at the University of Louisville.
The first story explains how bad actors launder money via the online game Fortnite. The game allows players to purchase “digital assets” by purchasing via a credit card. The credit card funds allow the player to acquire V Bucks. These V Bucks can be converted to weapons, information, or other in-game benefits. But the digital assets can be sold, often on chat groups, Facebook, or other social media. In the process, the person buying the digital assets with a stolen credit card, for example, converts the digital assets to Bitcoin or another digital currency. Many people are unaware that online games can be used in this manner. Law enforcement will have to level up their game in order to keep pace with bad actors.
The second story is an excerpt from Stephen E Arnold’s invited lecture. He spoke on January 25, 2019 to an audience of 50 engineering students and faculty on the subject of “Dark Web, Version 2.” In his remarks, he emphasized that significant opportunities for innovation exist. Investigators need to analyze in a more robust way data from traditional telephone intercepts and the Internet, particularly social media.
Arnold said, “The structured data from telephone intercepts must be examined along with the unstructured data acquired from a range of Internet sources. Discovering relationships among entities and events is a difficult task. Fresh thinking is in demand in government agencies and commercial enterprises.” In the video, Mr. Arnold expands on the specific opportunities for engineers, programmers, and analysts with strong mathematics skills.
A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cyber crime, Dark Web, and company profiles are now appearing on a daily basis.
Kenny Toth, February 5, 2019
Playing Games with Money Laundering
January 29, 2019
Mark this one down in your diaries: just when you thought you’ve heard all the strangest ways imaginable to launder money, the dark web strikes again. This time, the incredibly popular online game, Fortnite is being used. Specifically, the pseudo-currency players use to buy weapons and outfits—V-Bucks. We discovered how this strange scam works via a recent Digital Trends article, “Fortnite V-Bucks Used By Criminals for Money Laundering Schemes.”
According to the story:
Criminals are buying V-Bucks from the official Fortnite store using stolen credit card information. The V-Bucks are then sold in online black markets at discounted rates to “clean” the money, according to an investigation by The Independent and research by cybersecurity firm Sixgill.
From bizarre video game-related ways of washing dirty money, to Mexican drug cartels using Chinese crypto-brokers to do the same, one thing is abundantly clear to law enforcement. It pays to look under every rock and follow every lead on the dark web, because criminals are never going to stop looking for strange new avenues to make money.
Yep, games.
Patrick Roland, January 29, 2019
DarkCyber for January 29, 2019, Now Available
January 29, 2019
DarkCyber for January 29, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/313630318. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.
This week’s story line up includes: Microsoft Bing and a child pornography allegation; Endace introduces facial recognition and a tie up with Darktrace; A report about drones and correctional institutions; and CIA report about hazardous compounds.
The first story discusses allegations of child pornography and other inappropriate content in the Microsoft Bing index. DarkCyber’s experts report that problematic content can be found within any free Web search system. The reasons range from bad actors use of code words to innocuous pages which contain links to objectionable content labeled as popular services. Filtering is one approach, but a cat and mouse game requires that Web search providers have to continue to enhance their content review procedures. Chatter about artificial intelligence is often hand waving, politically correct speech, or marketing.
Second, Endace is one of the leaders in lawful intercept hardware and software. However, Endace continues to innovate. The firm has added facial recognition to its service offering. Darktrace, one of the more innovative cyber security vendors, has announced a relationship with Endace. Darktrace’s three D visualization and analytics may spark new products and services for Endace. Verint, another cyber security firm, has also added support for Endace’s lawful intercept systems.
The third story calls attention to a free report about bad actors’ use of drones to deliver contraband into prisons. Correctional institutions in the US are adding anti drone technology. Drones have been used to deliver mobile phones and other contraband to inmates. DarkCyber provides a link so that viewers can request a copy of the Dedrone report.
The final story is a follow up to an earlier report about the chemicals and compounds frequently used for home made explosive devices. A viewer want to know where additional information could be found. DarkCyber provides a link to a CIA document which reviews chemical, biological, radiological, and nuclear substances.
A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cyber crime, Dark Web, and company profiles are now appearing on a daily basis.
Kenny Toth, January 29, 2019
UK Finds Ways to Fight Dark Web
January 28, 2019
Battling the dark web and its many tentacles of crime is a game of cat and mouse. As soon as law enforcement agents catch on to a scheme, criminals can vanish. However, the tide feels like it is turning, as we discovered from an article found in Breaking News, “Dark Web Criminals Who Sold Fentanyl Around the World Jailed in UK.”
According to the story:
“Prosecutors said that over 2,800 packages were sent by the trio, and at least 635 grams of pure carfentanyl, which is described by some experts as being between 3,000 and 5,000 times stronger than heroin, was found at the premises following their arrests. A raid on the premises by officers following the defendants’ arrests in April 2017 is believed to be the largest single seizure of the two drugs in Europe.”
England’s sophistication with tracking down dark web crime is to be applauded. It is also, oddly, a necessity. Studies have shown that the UK is among the top countries that buy drugs through the dark web. For the tie being, it seems Scotland Yard and the like are keeping up with the bad guys. We can only hope this trend continues.
Patrick Roland, January 28, 2019
Cyber Saturday, January 26, 2019
January 26, 2019
Information about the world of government centric information makes headlines. Usually one or two stories a week make it into the trade journals or on the talking head TV shows.
This morning was an exception.
If you a follower of cloak-and-dagger, cat-and-mouse style adventures, you may be interested in these stories.
Kremlin Secrets Maybe?
DDoSecrets (an acronym for Distributed Denial of Secrets) points to gigabytes of Kremlin related data. You can find the links at this tweet for now. Once the data are taken down, you may have to do your own sleuthing. You will need to be wise in the ways of Tor, however.
Facebook and Message Encryption
Worried about your Facebook Messenger and Instagram posts being viewed by someone other than the recipient. Like WhatsApp, the company will be rolling out end to end encryption before the end of 2019. Will this move make government authorities gathering information for an investigation happy? Will more countries adopt Australia-style backdoor regulations? This is an important development. Is Facebook sufficiently organized to make this happen? Details appear in the New York Times’ story “Zuckerberg Plans to Integrate WhatsApp, Instagram and Facebook Messenger.” This is also a story which may be pay walled.
Journalists Targeted
Writing real news — whether behind a pay wall or not — may be risky. According to the Association Press, an outfit which frightens me when I even consider quoting a sentence — some of the people at Citizen Lab have been under pressure as a result of their reporting. The subject? NSO, an cyber security firm, and the Khashoggi matter. Navigate to this link.
Better Filtering
Some may call Google You Tube recommendations censorship. I am not sure what to call Google’s actions. The company is a bit of a waffler on most things except selling online advertisements and chastising me because I disabled Google Play on one of my Android test mobile phones. According to the Guardian, YouTube will back off suggesting conspiracy theory videos. What’s a conspiracy theory video? Good question which Google assumes it can answer.
From my point of view, Dark cyber has become mainstream. Interesting.
Stephen E Arnold, January 26, 2019
-
- Subscribe to Beyond Search
Feature archive
News archive
-
