The Hacking Hit Parade
October 12, 2018
Beyond Search readers may find “Top 10 Web Hacking Techniques of 2017 interesting.” Many of these may seem to be small potatoes compared to the allegedly hacking of Supermicro motherboards, but intriguing nevertheless.
The top three techniques, according to the write up, are:
- Coming in at number three is a method for spoofing customer support tickets. The key is “implicit trust.”
- At number two is Web cache deception. The idea is to put data into a Web cache in order to get the good stuff.
- And, the number one, hacking method for 2017 was use of server side request forgery. Now this method is like a multiple warhead weapon; that is, once can use some quite interesting methods of delivery and create what the innovator calls “quick fun”.
We will provide more information in our November 27, 2018, DarkCyber news program.
Stephen E Arnold, November 27, 2018
DarkCyber for October 9, 2018, Now Available
October 9, 2018
DarkCyber for October 9, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/293949062
Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services. This week’s program covers two stories related to Israel’s thriving intelligence technology capabilities.
The first story discusses the allegation that NSO, based in Israel, has licensed its Pegasus system to the United Arab Emirates. A number of news services have suggested that NSO has the capability to turn a mobile phone into a remote surveillance device. Another allegation explored in this week’s DarkCyber is that NSO can access an Apple iPhone when only the mobile telephone number is provided to the company. If these assertions are accurate, NSO has leapfrogged other forensic and intelligence related firms’ capabilities.
The second story explores the startup Cobwebs Technologies. The company, founded in 2015, has implemented a wide range of capabilities into one easy to use system. Unlike IBM i2 Analyst Notebook and Palantir Technologies Gotham, Cobwebs Technologies’ approach reduces user training to a few days. Most advanced functions such as generating a relationship map or analyzing a stream of social media content require no programming. Stephen E Arnold, producer of Dark Cyber and author of CyberOSINT: Next Generation Information Access, said: “Cobwebs Technologies simplification of the content acquisition and analytics process makes advanced technology within the reach of most law enforcement and intelligence personnel. Until now, most users of advanced intelligence systems needed some programming knowledge and specialized training in the software system. Cobwebs changes the game in a significant way.”
DarkCyber appears each Tuesday. A special four part series about Amazon’s policeware capabilities begins on October 30, 2018. The program will be available on the Beyond Search blog, YouTube, and Vimeo.
Remember our special four part series about Amazon policeware begins on October 30, 2018.
Kenny Toth, October 9, 2018
DarkCyber for October 2, 2018, Now Available
October 2, 2018
Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services. This week’s program covers four Dark Web and security related stories.
The first story reports some of the findings from Carbon Black’s study of cryptojacking. The exploit uses an unsuspecting organization’s computers to mine cryptocurrency without the knowledge of the unwitting host. Organizations in the US, according to the study, are the number one target in the world. DarkCyber reveals how to get a free copy of this report.
The second story explores a new Dark Web crowd funding site called SadaqaCoins. The purpose of the site is to make it easy for terrorist – activists to support specific projects; for example, funding ransom, purchasing weapons, or contributing money so that sacrificial animals can be purchased by the devout. Contributions are accepted in Bitcoin, Monero, and Ethereum. The SadaqaCoins’ site then provides the funds to the person or organization requesting the funds. SadaqaCoins is not a replacement for hawala method of fund transfer.
The third story provides a snapshot of a hacking tool called theHarvester. Included with Kali Linux, theHarvester acquires information about a domain, including subdomains and other information. The system uses publicly available sources of information, including Web searches, PGP registries, Shodan, and similar content resources. The software can display names, email addresses, and related information. The software tool can be used for forensic and more aggressive information gathering tasks. DarkCyber provides information so that a viewer can download the software without charge.
The final story reports that the Drug Llama has been identified and captured. A 31 year old female allegedly sold controlled substances, including fentanyl and engaged in money laundering. The investigation included state and federal law enforcement units. For now, the Drug Llama is no longer roaming the highs and lows of the Dark Web.
Watch for our Amazon Policeware series beginning on Tuesday, October 30, 2018.
Stephen E Arnold, October 2, 2018
DarkCyber for September 25, 2018, Now Available
September 25, 2018
DarkCyber for September 25, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/291347184
Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.
This week’s program covers four Dark Web and security related stories.
The first story answers the question, “What are some essential programs for my hacking toolkit. DarkCyber identifies eight tools used by an ethical hacker and provides links to these programs. Each program performs a specific function and delivers information about passwords, system configuration, and other items of information associated with a target.
The second story explores a money laundering method implemented via online games. By exploiting the allegedly lax credit card verification methods used by Apple and other online game sellers, bad actors can use a stolen card to purchase digital assets sold within an online game. The assets can enhance the game play of the purchaser by activating special powers and other features. These digital assets can then be resold with the payments directed to an encrypted and allegedly anonymous digital currency wallet. DarkCyber notes that few parents and some game players are unaware of this scam.
The third story takes a look at Verizon’s detailed analysis of cyber crime exploits. The free report provides “how to” instructions for undertaking social engineering, hardware attacks, and malware attacks. The report includes detailed tables and appendices with additional cyber crime information. Stephen E Arnold, author of Dark Web Notebook, said, “The Verizon report contains information of value for security and law enforcement personnel. Unfortunately, this type of explanatory information provides bad actors with important insights into specific methods are effective when attacking an organization or an individual.”
The final story explains how to create a custom Tor Onion URL. Instead of a string of incomprehensible letters and numbers, DarkCyber reviews a method for generating a more easily recognized URL like “bobsbankxxxxxxxx. The procedure taps an open source software program and specific operational types created by a security expert. The video includes the site locations for the software and the instructional article.
Beginning with the program for October 30, 2018, and then for programs released on November 6, November 13, and November 20, Stephen will issue a series of four DarkCyber programs about Amazon’s policeware initiative. Each video will be about three minutes. The standard news format will resume on November 27.
The DarkCyber team has developed a for fee one hour briefing about the little known facet of Amazon’s product and services initiative. To set up a video conference, email benkent2020 at yahoo dot com. Please, put “Amazon policeware” in the subject line.
Kenny Toth, September 25, 2018
Kenny Toth
DarkCyber for September 18, 2018 Now Available
September 18, 2018
DarkCyber for September 18, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/290147202 .
This week’s DarkCyber video news program covers … Bitfury’s deanonymization service and its unusual sales approach… the loss of UK law enforcement laptops… facial recognition for law enforcement challenged by tech company employees… and X1 and its eDiscovery system with Dark Web content support.
The first story explains that Bitfury, a UK company with an interesting staff line up, offers digital currency deanonymization services. The company’s approach to sales, however, is unusual. Specifically, the company refused to explain its services at a recent law enforcement conference. DarkCyber continues to recommend that agencies interested in digital currency deanonymization look at services available from Chainalysis and Elliptic, two companies which do explain their services to security and enforcement officials.
The second story reports that UK media pointed out that in one year, UK law enforcement lost 60 laptops. With tens of thousands of officers and operators, DarkCyber states that the alleged problem is blown out of proportion. Bad actors attempt to obtain laptops, mobiles, and other computing devices in order to compromise investigations. DarkCyber asserts that the loss of 60 laptops illustrates the good job UK authorities do with regard to preventing loss of laptops.
The third story describes the Amazon DeepLens system. In addition to explaining how this Amazon camera integrates with Amazon’s machine learning and analytics subsystems, DarkCyber reports that neither Amazon, IBM, or any other US company was able to sell their technology to Ecuador. That country purchased a state-of-the-art Chinese developed system. With employee pushback against their employers’ work for the US government, US facial recognition technology may find itself at a disadvantage with regard to technical development and system innovation.
The final story covers the X1 eDiscovery system for social content. The X1 technology can now acquire and process social media information as well as some Dark Web content. Instead of directly scraping Dark Web sites, the X1 method relies on the Tor2Web.org service. The new product costs about $2,000 per year. DarkCyber explains where to download a 14-day free trial.
Kenny Toth, September 18, 2018
DarkCyber for September 11, 2018, Now Available
September 11, 2018
DarkCyber for September 11, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com .
Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.
This week’s program covers four Dark Web and security related stories.
The first story reports that cybercrime has increased by 32 percent in the first quarter of 2018 compared to the first quarter of 2017. The most popular malware is for covert crypto currency mining and for Trojan software that can entice a user to download a document or video. DarkCyber reveals an easy way to locate malware using Bing.com and the Pastebin.com service. The easy access to potentially harmful software presents an increasing risk for many Internet users.
The second story explains that a citizen attempted to research a Dark Web murder-for-hire site. After engaging law enforcement, the individual used malware to create a disturbance on the Dark Web site. What happened next surprised the citizen hacker. The police picked up the individual and held him for 36 hours. The incident makes clear that law enforcement has the technical capabilities to monitor Dark Web access and identify individuals who perform certain online actions. The Dark Web and access to it can present some interesting challenges to those who assume that the Dark Web access is secret.
The third story explores the capabilities of SpyCloud, a fast-growing start up based in Austin, Texas. The company has amassed billions of items of information related to passwords, users names, and other types of high-value information. The firm’s system makes it possible for the company to identify a data security problem, often before it poses a problem for the organization. The company recently raised an additional $5 million in Series A funding, bringing the total funding to about $8 million.
The final story reports that the Australian government wants access to computing devices protected by a password. Pending legislation provides for a sentence of 10 years in jail for an individual who refuses to comply with a government request to unlock devices or decrypt encrypted data.
Kenny Toth, September 11, 2018
The Organization Of The Dark Web
September 7, 2018
The Internet is a sprawling, unorganized digital expanse, while the Dark Web is smaller, underground, unorganized trailer court. Because it is smaller, it is easier to create a Dark Web map. The Recorded Future took on the endeavor and described the Dark Web’s structure in: “Dark Networks: Social Network Analysis Of Dark Web Communities.”
While the Dark Web is considerably smaller than the Internet it is quite big and there is a huge amount of data that cannot be classified. Using social network analysis, Recorded Future found three distinct Dark Web communities:
“We found three distinct communities of actors in dark web and special-access sites: low-tier underground forums, higher-tier dark web forums, and dark web markets. These three clusters line up with our expert intuition of the dark web, appearing almost as if no other sensible organization is possible in retrospect. Additionally we found notable cross-posting between low-tier and higher-tier forums. The results of this research are directly reflected in Recorded Future’s product and ontology. This new categorization helps security teams obtain targeted, relevant dark web intelligence, facilitates their understanding of threats, and opens a window into the methods, tactics, and motivations of threat actors.”
The next part of the article explains how Recorded Future collected its data and discovered patterns between the three tiers. From the gathered data, they made visualizations of the connections between the tiers. The visualizations yielded more information about the communities, including that the low-tier underground forums are free, open access, and house the novices. The higher-tier Dark Web forums are restricted through a vetting process, sites are hosted on Tor, and experienced criminals and Dark Web markets are generally open, because they are selling services.
The Dark Web has various levels and interconnections between the three tiers. There are restricted communities that overlap with each other and there is a huge commerce section. It sounds like the regular Internet, except it deals in illegal services and goods. Google, along with In-Q-Tel, was an early investor in Recorded Future.
Whitney Grace, September 7, 2018
DarkCyber for September 4, 2018, Now Available
September 4, 2018
DarkCyber for September 4, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/287783314.
Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.
This week’s program covers three Dark Web and security related stories.
The first story addresses Gephi, an open graph visualization platform. Unlike Excel, Gephi is a platform. The software system can be a useful complement to blockchain deanonymization tasks. An analyst can perform link analysis; that is, what hyperlink or item leads to another. The Gephi One feature allows the user to turn a graphical representation and explore it in three dimensions. A user can interact with the data, drilling down into a cluster or popping up one or more levels to see how a particular item relates to a broader grouping of data. The system can manipulate up to one million nodes and edges. Some commercial tools struggle to deal with more than a handful of nodes and edges. The video includes a link at which Gephi can be downloaded.
The second story describes a vehicle tracking and surveillance innovation called Zoomed. Developed by Cameroonia computer whiz Zuo Bruno, the system does not require the Internet. Instead, Zuo Bruno devised a system which operates via SMS. Once the device is placed in a vehicle, the location of the vehicle can be determined by placing a mobile call to the Zoomed device. The device drops the call and messages the location and other data of the vehicle. The Zoomed technology can perform other functions as well; for example, the audio in the vehicle can be recorded and the vehicle can be disabled.
The third story describes a free account takeover alerting service or ATO from Truthfinder. The idea is that after a person registers for the service, Truthfinder will notify that individual when his personal information is discovered by the monitoring service. DarkCyber explains how to sign up for the service and how to disable the notifications if they become a burden.
Kenny Toth, September 4, 2018
DarkCyber for August 28, 2018, Now Available
August 28, 2018
DarkCyber for August 28, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/286743860.
Stephen E Arnold’s DarkCyber is a weekly video news and analysis program about the Dark Web and lesser known Internet services.
This week’s program covers five Dark Web and security related stories.
The first story address Microsoft’s acquisition of Hyas, a Canadian cyber intelligence company. DarkCyber believes that Microsoft is making an effort to close the gap between its cloud capabilities and those of Amazon. Policeware appears to be a key strategic capability of Amazon, and Microsoft has found that more than in-house innovation may be necessary to close the gap. Stephen E Arnold, producer of DarkCyber and author of CyberOSINT (2017) said: Amazon’s policeware has helped the company make progress with its US government cloud services. Microsoft’s acquisition of Hyas adds an important cyber analytic capability to the Azure system.”
DarkCyber reports the newly-released details about two Dark Web operations. The Dutch police methods used to take down the Hansa contraband-focused ecommerce site complements new information about the arrest of eight individuals involved with the Rex Mundi hack-and-extort spin on ransomware. Both operations involved investigators from multiple countries, advanced analytics, and traditional investigative techniques. The success of these two operations makes clear that use of software to create hidden Internet sites and services is not as effective as some individuals believe.
DarkCyber reports that draft legislation in Australia may be a different way to force companies to provide decryption backdoors to messaging applications. The Australian government can request decryption assistance or decryption keys. If the company does not comply, the firm may be fined up to seven million dollars for each failure to cooperate. The proposed legislation is accepting public comments and further action will be taken on this proposal later this year.
The final DarkCyber report shares some findings from a yet-to-be-released report about the Asian Dark Web. The report is a work product of IntSights, a cyber intelligence firm. The key finding in the report is that each country takes a unique approach to the Dark Web. Cultural considerations require the use of the country’s language and the jargon used to prevent outsiders from making sense of the content.
Kenny Toth, August 28, 2018
DarkCyber for August 21, 2018 Now Available
August 21, 2018
The DarkCyber video news program for August 21, 2018, is now available. You can view the nine minute show at www.arnoldit.com/wordpress or on Vimeo at this link.
This week’s program reports about Methods for hacking crypto currency … hijacking mobile phones via SIM swapping… TSMC hacked with an Eternal Blue variant… and information about WikiLeaks leaked.
The first story runs down more than nine ways to commit cybercrime in order to steal digital currency. A student assembled these data and published them on a personal page on the Medium information service. Prior to the step by step explanation, ways to exploit blockchain for the purpose of committing a possible crime was difficult to find. The Dark Cyber video includes a link to the online version of this information.
The second story reviews the mobile phone hacking method called SIM swapping. This exploit makes it possible for a bad actor to take control of a mobile phone and then transfer digital currency from the phone owner’s account to the bad actor’s account. More “how to” explanations are finding their way into the Surface Web, a trend which has been gaining momentum in the last six months.
The third story reviews how a variant of the Eternal Blue exploit compromised the Taiwan Semiconductor Manufacturing Company. Three of the company’s production facilities were knocked offline. Eternal Blue is the software which enables a number of ransomware attacks. The code was allegedly developed by a government agency. The DarkCyber video provides links to repositories of some software developed by the US government. Stephen E Arnold, author of Dark Web Notebook, “The easier and easier access to specific methods for committing cybercrime make it easy to attack individuals and organizations. On one hand, greater transparency may help some people take steps to protect their data. On the other hand, the actionable information may encourage individuals to try their hand at crime in order to obtain easy money. Once how to information is available to hackers, the likelihood of more attacks, exploits, and crimes is likely to rise.”
The final story reports that WikiLeaks itself has had some of its messages leaked. These messages provide insight into the topics which capture WikiLeaks interest and reveal information about some of the source of support the organization enjoys. The Dark Cyber video provides a link to this collection of WikiLeaks messages.
Stephen E Arnold will be lecturing in Washington, DC, the week of September 6, 2018. If you want to meet or speak with him, please contact him via this email benkent2020 at yahoo dot com.
Kenny Toth, August 21, 2018
-
- Subscribe to Beyond Search
Feature archive
News archive
-
