DarkCyber for February 26, 2019, Now Available

February 26, 2019

DarkCyber for February 26,2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/77362226.

The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.

This week’s story line up includes: a nano drone for US Army operators; lonely heart cyber cons; a major denial of service takedown; and a snapshot of Cyberheist, a deep dive into financial cyber crime.

The first story explores FLIR’s Black Hornet nano drones. These devices are the size of one half sheet of paper and weigh as much as a single slice of bread. US Army operators will use the devices to see around corners and look over the next ridge. Each drone can transmit high definition video and still images and remain aloft for 30 minutes. The operator can fly the nearly invisible drones from a handheld mobile phone sized controller. The nano drones will be used by military forces in France as well as by US military personnel.

The second story explains how romance cons have become a growth business for cyber criminals. The method exploits online dating or “hook up” sites. Individuals seek females over the age of 50, build trust via online communications, and then use that relationship to obtain cash or financial information. Losses average, according to the UK authorities, about $10,000 per successful con. Victims are often reluctant to go to the authorities because they are embarrassed about their behavior.

The third story provides information about the recent takedown of individuals responsible for more than 200,000 denial of service attacks. One of the individuals arrested began his business based on making it easy to knock a Web site offline when he was 17. The method used flooded a Web site or service with a large number of requests. If the targeted service was not correctly configured, the DDOS attack would cause the Web site or service to become unresponsive.

The final story provides a summary of a free book called “Cyberheist.” The 260 document provides a wealth of information about the mechanisms used for stealing bank account information, credit card data, and other personal financial information. The volume reviews numerous types of online methods for deceiving an individual into providing information or for allowing the attacker to install malware on the target’s computing device. DarkCyber provides information about how to download this useful volume without charge.

Kenny Toth, February 26, 2019

DarkCyber for February 19, 2019, Now Available

February 19, 2019

DarkCyber for February 19,2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/317779445. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.

This week’s story line up includes: image analysis applied to hotel rooms used for human trafficking; compromising an iPhone via a text message or email; a new report about digital currency crime; and shipping arms the old fashioned way, via the mail.

Facial recognition systems continue to be criticized for inaccuracy and potential human rights violations. A group of researchers have applied artificial intelligence and image analysis to locate hotels allegedly used for human trafficking and the commission of child sex crimes. Plus the team compiled a database of more than 50,000 hotel rooms. The system matches a known hotel room against a photograph obtained from a human trafficker’s advertisement. By pinpointing the location, law enforcement can direct its resources at that venue. Anyone can contribute by uploading hotel room and short term property rentals to a public website.

The second story focuses on a new way to compromise iPhones produced in the period from 2016 to mid 2017. The technique was allegedly used by former US government personnel working for organizations based in the United Arab Emirates. The Project Raven team used a technique which required only a single email or text message. The payload was sent directly to a target’s iPhone. Once the iPhone received the message, that device was accessible to the Project Raven personnel and allowed text messages, images, and other data to be accessed without the iPhone user’s knowledge. Apple closed the security hole, but the technique was interesting because no clicks, downloads, or other actions on the part of the target were necessary.

The third story describes the free “Crypto Crime Report” available from Chainalysis. This company is one of the leaders in the deanonymization of digital currency transactions, including Bitcoin. With the Dark Web losing traction, Chainalysis reports bad actors have turned to encrypted message apps like Telegram and WhatsApp to conduct advertise and sell their products and services. Customers have shifted from Dark Web ecommerce sites to these distributed, anonymous messaging services. The report includes details of investigative methods used to steal digital currency. The majority of thefts were the work of two gangs. Investigators are engaged in an increasingly fierce game of Whack a Mole.

The final story recounts how a spy stole a secret US missile and shipped the device to Russia in the mid 1960s. Today the same method is used by arms dealers in Europe. Postal services and commercial shipping companies have to identify weapons which are disassembled. The components are then placed in cartons which contain parts for common products like vacuum cleaners and kitchen equipment. The old methods remain valid despite today’s modern technology and knowledge of the methods used by bad actors.

Kenny Toth, February 19, 2019

Cyber Saturday for February 16, 2018

February 16, 2019

Sifting through the information flowing into DarkCyber was less than thrilling. We did spot several items which may presage more cyber excitement in the new world of the Internet.

Security Lapse of the Week

The British newspaper Guardian (paywall) reported that a former US intelligence operative joined Team Iran. The flip exposed information and operatives. The high profile government contractor Booz Allen employed this individual for five months in 2008. Insider threats are a major threat to the security of organizations and individuals engaged in intelligence work. The fancy and expensive software available from numerous vendors may prevent some embarrassing and dangerous activities. Booz Allen was the employer of Edward Snowden, and that company may be a prospect for vendors of next generation insider threat identification systems.

Be Afraid

Deep Fakes is a phrase which is used to described spoofed videos. DarkCyber learned that researchers are allegedly afraid of their own advances in what is called “deep fakes for text.” The Generative Pre Trained Transformer 2 or GPT 2 can punch out content that

comes so close to mimicking human writing that it could potentially be used for “deep fake” content.

You can learn more about DFT and the GPT from Ars Technica.

Plus There Is a Scary Future Arriving

In our weekly DarkCyber video news programs we report about image recognition. In the January 19, 2019, program we explain how making sense of images can be used to pinpoint certain human trafficking hot spots. The Guardian (registration required for some users) explains that pop star Taylor Swift “showed us the scary future of facial recognition.” The focal point of the story is a vendor doing business at ISM. More information about the company is at this link.

Also There Creepy Face Generating AI

Many bad actors attach their images to some social media posts. Some Facebook users have some pride in their law breaking achievements. What happens when the bad actor creates a Facebook account and then posts images with faces automatically generated by smart software? Good question. You can check out the service at this url for “This Person Does Not Exist.”

A Content Treasure Trove for Investigators

That delete button may not work the way you think. Whether you are reselling your old Macbook or deleting Twitter messages, those data may still be around and available for certain types of investigations. Twitter has allegedly retained messages sent to and from deactivated or suspended accounts. Security problem for some; big plus for others. For the Verge’s take, navigate to “Twitter Has Been Storing Your Deleted DMs for Years.”

Online Auction Fraud Group

The US Secret Service took down a gang running an online auction scam. The angle was that ads said:

“I’m in the military and being deployed overseas and have to sell fast.”

To find marks (suckers), the operation unfolded in this way:

Alleged conspirators in Romania posted fake ads on popular online auction and sales websites, including Craigslist and eBay, for high-cost goods (typically vehicles) that ran on air because they were figments of the imagination. They’d con people in the US with, among other lies, stories of how they were in the military and needed to sell their car before being deployed.

Then, according to the Naked Security story:

After their targets fell for it and sent payment, the conspirators allegedly laundered the money by converting it to crypto currency and transferring it to their foreign-based buddies. According to the indictment, the alleged foreign-based money launderers include Vlad-C?lin Nistor, who owns Coinflux Services SRL, and Rossen Iossifov, who owns R G Coins.

And That Fish You Ate Last Night?

An interesting scam has been quantified in Canada by the CBC. Those in the seafood supply chain mislabel their products. Seafood fraud is selling an undesirable species of fish for a more desirable one. How widespread is the practice? I learned:

Oceana Canada, a Toronto-based conservation organization, said it found there was mislabeling with 44 per cent of the seafood samples it tested this year and last in five Canadian cities  — and in 75 per cent of cases, cheaper fish were mislabeled as something more expensive.

And, Of Course, Stolen User Data

DarkCyber noted that another 127 million user records have been offered for sale. The vendor previously posted the availability of 620 million records. More about this now routine event at ZDNet.

Stephen E Arnold, February 16, 2019

Weapons via the Hidden Web

February 15, 2019

Gun control continues to be a major issue for Americans. However, if ever there was to be a tightening of gun ownership laws in this country, it’s interesting to wonder what the result might look like. Chances are, it would be a lot like Europe—even the problems that come with it, as we discovered in a recent Gunpowder Magazine article, “European Gun Ownership is Surging, Concerned Citizens Resort to Dark Web.”

According to the story:

“High threats of terror attacks and surging crime have left Europeans increasingly uneasy about their personal safety. And because gun control laws are so strict in Europe, citizens are resorting to illicit means to obtain firearms, to the point that, The Wall Street Journal reports, “unregistered weapons outnumbered legal ones” in 2017.”

It’s not just guns that are posing a threat on the dark web. Recently, a hacker posted over 600 million people’s information up for sale there. This is the reason why intelligence agencies are paying closer attention to the dark web, working on ways to crack its mysterious codes. The issue becomes staying in step or even a step ahead of the dark web, which isn’t as easy as it may sound.

Patrick Roland, February 15, 2019

DarkCyber for February 12, Now Available

February 12, 2019

DarkCyber for February 12, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/316376994. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.

This week’s story line up includes: Italy’s facial recognition system under fire; Marriott trains 500,000 employees to spot human traffickers; a new Dark Web search system from Portugal; and the most popular digital currencies on the hidden Web.

The first story explores the political criticism of Italy’s facial recognition system for law enforcement. The database of reference images contains about one third of Italy’s population. The system integrates with other biometric systems including the fingerprint recognition modules which is operating at several of Italy’s busiest airports. Despite the criticism, government authorities have no practical way to examine images for a match to a person of interest. DarkCyber believes image recognition is going to become more important and more widely used as its accuracy improves and costs come down.

The second story discusses Marriott Corporation’s two year training program. The hotel chain created information to help employees identify cues and signals of human trafficking. The instructional program also provides those attending with guidelines for taking appropriate action. Marriott has made the materials available to other groups. But bad actors have shifted their mode of operation to include short term rentals from Airbnb type vendors. Stephen E Arnold, producer of DarkCyber and author of “CyberOSINT: Next Generation Information Access, said: ”The anonymity of these types of temporary housing makes it easier for human traffickers to avoid detection. Prepaid credit cards, burner phones, and moving victims from property to property create an additional set of challenges for law enforcement”

The third story provides information about a new hidden Web indexing service. The vendor is Dogdaedis. The system uses “artificial intelligence” to index automatically the hidden services its crawler identifies. A number of companies are indexing and analyzing the Dark Web. Furthermore the number of Dark Web and hidden Web sites is decreasing due to increased pressure from law enforcement. Bad actors have adapted, shifting from traditional single point hidden Web sites to encrypted chat services.

The final story extracts from a Recorded Future report the most popular digital currencies on the Dark Web. Bitcoin is losing ground to Litecoin and Monero.

A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cyber crime, Dark Web, and company profiles are now appearing on a daily basis.

Kenny Toth, February 12, 2019

Allegations Aloft on the Karma Feathered Wing of a Raven: Reuters and the UAE

February 9, 2019

Activists, diplomats, and foreign leaders were allegedly among the targets of a surveillance operation in the United Arab Emirates, according to Reuters’ article, “Exclusive: UAD Used Cyber Super-Weapon to Spy on iPhones of Foes.” Dubbed Project Raven, the operation broke into targets’ iPhones using a hack known as “Karma,” which may or may not still be operational after Apple updated the iPhone’s software in 2017. Indeed, the breaches were made possible by a flaw in Apple’s iMessage app in the first place: hackers found they could establish their connections by implanting malware through iMessage, even if the user never used the app.

Some may be surprised learn who was involved in Project Raven; reporters Joel Schectman and Christopher Bing write:

“Raven was largely staffed by U.S. intelligence community veterans, who were paid through an Emirati cyber security firm named DarkMatter, according to documents reviewed by Reuters. … The UAE government purchased Karma from a vendor outside the country, the operatives said. Reuters could not determine the tool’s creator.

I also noted this statement:

“The operatives knew how to use Karma, feeding it new targets daily, in a system requiring almost no input after an operative set its target. But the users did not fully understand the technical details of how the tool managed to exploit Apple vulnerabilities. People familiar with the art of cyber espionage said this isn’t unusual in a major signals intelligence agency, where operators are kept in the dark about most of what the engineers know of a weapon’s inner workings. …

Did the method work? I learned:

“The Raven team successfully hacked into the accounts of hundreds of prominent Middle East political figures and activists across the region and, in some cases, Europe, according to former Raven operatives and program documents.”

The article names a few of Raven’s known victims, including the noteworthy human rights activist Tawakkol Karman, also known as the Iron Woman of Yemen. Having been a prominent leader of her country’s Arab Spring protests in 2011, Karman is used to hacking notices popping up on her phone. However, even she was bewildered that Americans, famously champions of human rights, were involved.

Cynthia Murrell, February 09, 2019

LA Times and Its Counterfeiting Thriller

February 5, 2019

I read “Glowing Reviews Tout Counterfeit Cash on the Dark Web.” The news story is more like a thriller, however. The Dark Web, fake money, online investigations, and a shoot out.

DarkCyber noted several interesting factoids in the write up:

  1. Reviews by customers of the Dark Web counterfeiting operation were important to the criminal’s business. The article refers to a “loyal fan base.”
  2. The agency taking the lead in the investigation was the US Secret Service. DarkCyber has heard that this entity is the most capable team of cyber sleuths in the US government.
  3. The “printing” was carried out on lasers and special paper.
  4. The bad actor had a long history of illegal activities. (This suggests that pattern analysis may be a useful adjunct to a traditional investigation.)
  5. The bad actor mailed counterfeit bills on several occasions from a traditional outdoor mail box across from a police station.
  6. After neutralizing the bad actor, agents discovered “about $300,000 in fake $100 bills, lined up and hanging to dry in neat rows.”

Investigators have not solved the problem of the location of the digital currency to which the bad actor had access. Also, computers seized in the raid were encrypted, and these, according to the write up, have not yet been decrypted by the USSS.

Stephen E Arnold, February 5, 2019

DarkCyber for February 5, 2019, Now Available

February 5, 2019

DarkCyber for February 5,2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/315073592. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.

This week’s story line up includes: Alleged money laundering via the popular Fortnite game; and an excerpt from Stephen E Arnold’s “Dark Web, Version 2” lecture at the University of Louisville.

The first story explains how bad actors launder money via the online game Fortnite. The game allows players to purchase “digital assets” by purchasing via a credit card. The credit card funds allow the player to acquire V Bucks. These V Bucks can be converted to weapons, information, or other in-game benefits. But the digital assets can be sold, often on chat groups, Facebook, or other social media. In the process, the person buying the digital assets with a stolen credit card, for example, converts the digital assets to Bitcoin or another digital currency. Many people are unaware that online games can be used in this manner. Law enforcement will have to level up their game in order to keep pace with bad actors.

The second story is an excerpt from Stephen E Arnold’s invited lecture. He spoke on January 25, 2019 to an audience of 50 engineering students and faculty on the subject of “Dark Web, Version 2.” In his remarks, he emphasized that significant opportunities for innovation exist. Investigators need to analyze in a more robust way data from traditional telephone intercepts and the Internet, particularly social media.

Arnold said, “The structured data from telephone intercepts must be examined along with the unstructured data acquired from a range of Internet sources. Discovering relationships among entities and events is a difficult task. Fresh thinking is in demand in government agencies and commercial enterprises.” In the video, Mr. Arnold expands on the specific opportunities for engineers, programmers, and analysts with strong mathematics skills.

A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cyber crime, Dark Web, and company profiles are now appearing on a daily basis.

Kenny Toth, February 5, 2019

Playing Games with Money Laundering

January 29, 2019

Mark this one down in your diaries: just when you thought you’ve heard all the strangest ways imaginable to launder money, the dark web strikes again. This time, the incredibly popular online game, Fortnite is being used. Specifically, the pseudo-currency players use to buy weapons and outfits—V-Bucks. We discovered how this strange scam works via a recent Digital Trends article, “Fortnite V-Bucks Used By Criminals for Money Laundering Schemes.”

According to the story:

Criminals are buying V-Bucks from the official Fortnite store using stolen credit card information. The V-Bucks are then sold in online black markets at discounted rates to “clean” the money, according to an investigation by The Independent and research by cybersecurity firm Sixgill.

From bizarre video game-related ways of washing dirty money, to Mexican drug cartels using Chinese crypto-brokers to do the same, one thing is abundantly clear to law enforcement. It pays to look under every rock and follow every lead on the dark web, because criminals are never going to stop looking for strange new avenues to make money.

Yep, games.

Patrick Roland, January 29, 2019

DarkCyber for January 29, 2019, Now Available

January 29, 2019

DarkCyber for January 29, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/313630318. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.

This week’s story line up includes: Microsoft Bing and a child pornography allegation; Endace introduces facial recognition and a tie up with Darktrace; A report about drones and correctional institutions; and CIA report about hazardous compounds.

The first story discusses allegations of child pornography and other inappropriate content in the Microsoft Bing index. DarkCyber’s experts report that problematic content can be found within any free Web search system. The reasons range from bad actors use of code words to innocuous pages which contain links to objectionable content labeled as popular services. Filtering is one approach, but a cat and mouse game requires that Web search providers have to continue to enhance their content review procedures. Chatter about artificial intelligence is often hand waving, politically correct speech, or marketing.

Second, Endace is one of the leaders in lawful intercept hardware and software. However, Endace continues to innovate. The firm has added facial recognition to its service offering. Darktrace, one of the more innovative cyber security vendors, has announced a relationship with Endace. Darktrace’s three D visualization and analytics may spark new products and services for Endace. Verint, another cyber security firm, has also added support for Endace’s lawful intercept systems.

The third story calls attention to a free report about bad actors’ use of drones to deliver contraband into prisons. Correctional institutions in the US are adding anti drone technology. Drones have been used to deliver mobile phones and other contraband to inmates. DarkCyber provides a link so that viewers can request a copy of the Dedrone report.

The final story is a follow up to an earlier report about the chemicals and compounds frequently used for home made explosive devices. A viewer want to know where additional information could be found. DarkCyber provides a link to a CIA document which reviews chemical, biological, radiological, and nuclear substances.

A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cyber crime, Dark Web, and company profiles are now appearing on a daily basis.

Kenny Toth, January 29, 2019

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta