CyberOSINT banner

New Security Service Enters Consumer Space

April 29, 2016

It looks like another company is entering the arena of consumer cybersecurity. An article from Life Hacker, Privacy Lets You Create “Virtual” Credit Card Numbers, Deactivate One Instantly If It’s Stolen, shares the details of Privacy. Their tool generates disposable card numbers online, which can be tied to accounts with participating banks or Visa cards, and then allows users to easily deactivate if one is stolen. The service is free to users because Privacy makes money acting as a credit card processor. The article tells us,

“Privacy just gives you the ability to create virtual “accounts” that are authorized to charge a given amount to your account. You can set that account to be single use or multi-use, and if the amount is used up, then the transaction doesn’t go through to your main account. If one of your virtual accounts gets hit with an account you don’t recognize, you’ll be able to open the account from the Privacy Chrome or Firefox extension and shut it down immediately. The Chrome extension lets you manage your account quickly, auto-fill shopping sites with your virtual account numbers, or quickly create or shut down numbers.”

We think the concept of Privacy and the existence of such a service points to the perception consumers find security measures increasingly important. However, why trust Privacy? We’re not testing this idea, but perhaps Privacy is suited for Dark Web activity.


Megan Feil, April 29, 2016

Sponsored by, publisher of the CyberOSINT monograph

Businesses as Beneficiaries of the Dark Web

April 28, 2016

Who makes money off the Dark Web? Vice’s Motherboard covers this in a recent article, The Booming and Opaque Business of Dark Web Monitoring. Much coverage exists on the cybercriminals using Tor, but this article describes the two types of threat intelligence monitoring businesses which specialize in crawling the Dark Web. The first approach is algorithm-based, such as the method used by Terbium Labs’ Matchlight product which scans and scours marketplaces for sensitive data or intellectual property. The alternative approach used by some companies is explained,

“The other tactic is a more human approach, with analysts going undercover in hacking forums or other haunts, keeping tabs on what malware is being chatted about, or which new data dump is being traded. This information is then provided to government and private clients when it affects them, with each monitoring company digesting it in their own particular way. But, there is a lot of misleading or outright fabricated information in the dark web. Often, particular listings or entire sites are scams, and forum chatter can be populated with people just trying to rip each other off. For that reason, it’s not really good enough to just report everything and anything you see to a customer.”

Recent media coverage mostly zeroes in on cybercrime related to the Dark Web, so this article is a refreshing change of pace as it covers the businesses capitalizing on the existence of this new platform where stolen data and security breaches can find a home. Additionally, an important question about this business sector is raised: how do these Dark Web monitoring companies valuable leads from scams aimed at deceiving?


Megan Feil, April 28, 2016

Sponsored by, publisher of the CyberOSINT monograph

Google. No One Can Stop It. No One. No One. Aaaargh.

April 24, 2016

When I was a wee lad in days when admission to a motion picture was 25 cents, I recall watching with eyeballs wide open The Blob. Look at the poster for the film which flickered across the silver screen in 1958:

The words chosen to promote the film were “indescribable,” “indestructible,” and “Nothing can stop it.”

I read “If the Eurocrats Don’t Take on Google, No One Will Be Able to Stop It.” I find it interesting that the shock and awe words used by a promotion team in 1958 have become the currency of “real” journalism and punditry. Nothing can stop it lacks only an exclamation point.

The write up, wittingly or unwittingly, evokes “the molten meteor” as a metaphor for Google. The article reminded me:

If the commission decides that Google has indeed broken European competition law, then it can levy fines of up to 10% of the company’s annual global revenue for each of the charges. Given that Google’s global sales last year came to nearly $75bn, we’re talking about a possible fine of $15bn (£10.5bn). Even by Google standards, that’s serious money. And it’s not exactly an idle threat: in the past, the Eurocrats have taken more than a billion dollars off both Microsoft and Intel for such violations.

Money. The molten meteor cannot ignore that financial blood bank contribution. Imagine. Messrs. Brin and Page losing color and wheezing toward a Foosball game in the Alphabet Google offices in Mountain View. Frightening.

The legal system lacks a Steve McQueen it seems. The forces of good (the European Commission) has to find a way to stop the Alphabet Google from spelling doom. The article whines:

Once upon a time, we relied on the state to do this on our behalf – to cut monopolies down to size, to keep corporate power in check. The strange thing about the digital world is that states now seem unequal to this task. At the moment, the EC is the only game in town. Which makes one wonder if the Brexit enthusiasts have thought of that.

The Google has been doing exactly one thing consistently for more than 15 years. To stop the Google is an interesting thought. I am not confident that fines will do the trick. After cranking out three monographs about the Google between 2004 and 2009, it is pretty clear that the Google is falling victim to flawed reproduction of its own DNA. The death of the Alphabet Google will come from within the company itself. Regulators may find themselves looking in the mirror and see Mr. McQueen, but my research suggested:

  1. The shift to mobile is putting new stresses upon the governance structure of the Google
  2. The endless photocopying of the company’s online ad DNA is producing fuzzier and fuzzier systems and methods. I ran a query and had to work to spot an objective result. Try this query yourself from your laptop and then from your mobile phone: “Manhattan lawyers.” What’s an ad?
  3. The founders, once passionate about search, are now involved in math and science club projects like solving death.
  4. Users make the Google and the users are less and less aware of options. Online services coalesce into monopolies and the process has been chugging along for more than 15 years.

I like the zing of the “Nothing can stop it.” But the Alphabet Google thing is not forever no matter what regulators and alarmists assert. The blob did not die. It was put on ice. With the situation facing the European Community, I don’t think a suitable cooling system is available at this time. A small USB fan maybe?

Stephen E Arnold, April 24, 2016

Graceful, Tasteful Essay about Gawker and Hulk Hogan

April 24, 2016

Short honk: I am certainly no expert in “real” journalism. I am not an “academic.” I just paddle around the duck pond in rural Kentucky. I like to highlight interesting writing. An essay caught my attention because it had an interesting, although confusing, title; to wit:

“The First Amendment and a Couple of Pricks.”

When I read it, I thought about “If you prick us, do we not bleed?” Wrong. the write up uses a Shakespeare-echoing in a thoroughly modern Millie way. The write up discusses the US Constitution, the US legal system, and the behaviors of two notable persons.

Quite graceful, tasteful essay. I wish I could write with this elegant blend of colloquial phrase and rich metaphor. How many middle school teachers will use this particular personal essay as an illustration of a personal opinion? Lots? Only in New York?

Stephen E Arnold, April 24, 2016

ID Agent Alerts Government Contractors to Cyber Risk

April 12, 2016

All kinds of information shows up on the Dark Web, including thousands of emails of federal contractors. A recent article from Fierce Government IT, Report: Thousands of contractor emails found on Dark Web, shares several findings from a study conducted by ID Agent, a firm promoting its Dark Web security intelligence product. The study, “Federal Supply Chain Analysis: Cyber Threats from the Dark Web” relied on historical data loss information regarding numbers of email accounts stolen to analyze contracting areas based on their cyber risk.

The write-up expands on where ID Agent sees opportunity,

“Having cyber criminals with access to these accounts is scary enough, but malicious actors operating on the Dark Web have also taken many more forms in recent years. “While stolen personal information is concerning, national and corporate espionage continues to play a major role in the activities conducted via the Dark Web,” the report noted. ID Agent is by no means a disinterested party in disclosing the risk of these email accounts, as it hopes to market its Dark Web ID product that regularly provides this sort of threat intelligence to customers. Still, the study’s findings are a wake-up call to government contractors and the agencies employing them.”

ID Agent uses a proprietary algorithm for situating the risk of various companies and organizations. While this is a new market space, they are certainly not the only game in town when it comes to security and intelligence solutions which take the Dark Web into account. This appears to be an expanding ecosystem.


Megan Feil, April 12, 2016

Sponsored by, publisher of the CyberOSINT monograph


FBI Runs Child Porn Website to Take down Child Porn Website

April 12, 2016

The article on MotherBoard titled How The FBI Located Suspected Administrator of the Dark Web’s Largest Child Porn Site provides a comprehensive overview of the events that led to the FBI being accused of “outrageous conduct” for operating a child pornography site for just under two weeks in February of 2015 in order to take down Playpen, a dark web child porn service. The article states,

“In order to locate these users in the real world, the agency took control of Playpen and operated it from February 20 to March 4 in 2015, deploying a hacking tool to identify visitorsof the site. The FBI hacked computers in the US, Greece, Chile, and likely elsewhere.

But, in identifying at least two high ranking members of Playpen, and possibly one other, the FBI relied on information provided by a foreign law enforcement agency (FLA), according to court documents.”

Since the dial-up era, child pornographers have made use of the Internet. The story of comedian Barry Crimmins exposing numerous child pornographers who were using AOL’s early chat rooms to share their pictures is a revealing look at that company’s eagerness to turn a blind eye. In spite of this capitulation, the dark web is the current haven for such activities, and the February 2015 hacking project was the largest one yet.




Chelsea Kerwin, April 12, 2016

Sponsored by, publisher of the CyberOSINT monograph

UK Cybersecurity Director Outlines Agencys Failures in Ongoing Cyberwar

April 8, 2016

The article titled GCHQ: Spy Chief Admits UK Agency Losing Cyberwar Despite £860M Funding Boost on International Business Times examines the surprisingly frank confession made by Alex Dewdney, a director at the Government Communications Headquarters (GCHQ). He stated that in spite of the £860M funneled into cybersecurity over the past five years, the UK is unequivocally losing the fight. The article details,

“To fight the growing threat from cybercriminals chancellor George Osborne recently confirmed that, in the next funding round, spending will rocket to more than £3.2bn. To highlight the scale of the problem now faced by GCHQ, Osborne claimed the agency was now actively monitoring “cyber threats from high-end adversaries” against 450 companies across the UK aerospace, defence, energy, water, finance, transport and telecoms sectors.”

The article makes it clear that search and other tools are not getting the job done. But a major part of the problem is resource allocation and petty bureaucratic behavior. The money being poured into cybersecurity is not going towards updating the “legacy” computer systems still in place within GCHQ, although those outdated systems represent major vulnerabilities. Dewdney argues that without basic steps like migrating to an improved, current software, the agency has no hope of successfully mitigating the security risks.


Chelsea Kerwin, April 8, 2016

Sponsored by, publisher of the CyberOSINT monograph


The Dark Web Cuts the Violence

March 23, 2016

Drug dealing is a shady business that takes place in a nefarious underground and runs discreetly under our noses.  Along with drug dealing comes a variety of violence involving guns, criminal offenses, and often death.   Countless people have lost their lives related to drug dealing, and that does not even include the people who overdosed.  Would you believe that the drug dealing violence is being curbed by the Dark Web?  TechDirt reveals, “How The Dark Net Is Making Drug Purchases Safer By Eliminating Associated Violence And Improving Quality.”

The Dark Web is the Internet’s underbelly, where stolen information and sex trafficking victims are sold, terrorists mingle, and, of course, drugs are peddled.  Who would have thought that the Dark Web would actually provide a beneficial service to society by sending drug dealers online and taking them off the streets?  With the drug dealers goes the associated violence.  There also appears to be a system of checks and balances, where drug users can leave feedback a la eBay.  It pushes the drug quality up as well, but is that a good or bad thing?

“The new report comes from the European Monitoring Centre for Drugs and Drug Addiction, which is funded by the European Union, and, as usual, is accompanied by an official comment from the relevant EU commissioner. Unfortunately, Dimitris Avramopoulos, the European Commissioner for Migration, Home Affairs and Citizenship, trots out the usual unthinking reaction to drug sales that has made the long-running and totally futile “war on drugs” one of the most destructive and counterproductive policies ever devised:

‘We should stop the abuse of the Internet by those wanting to turn it into a drug market. Technology is offering fresh opportunities for law enforcement to tackle online drug markets and reduce threats to public health. Let us seize these opportunities to attack the problem head-on and reduce drug supply online.’”

The war on drugs is a futile fight, but illegal substances do not benefit anyone.  While it is a boon to society for the crime to be taken off the streets, take into consideration that the Dark Web is also a breeding ground for crimes arguably worse than drug dealing.


Whitney Grace, March 23, 2016
Sponsored by, publisher of the CyberOSINT monograph


Google in Russia: First No Space Ship Ride, Now No Anti Monopoly Win

March 21, 2016

In 2008, I learned that Sergey Brin would take a ride on the first private Soyuz flight to the International Space Station. The cost? $5 million, according to “Google Co-Founder Slated as Next Space Tourist.” The dream was still alive in 2014 according to “After Sarah Brightman, Will Sergey Brin Fly to the International Space Station?” The ride seems to be moving at a snail’s pace even though Russia seems to be dragging its feet. In 12009, NBC News reported “Russia: No More Space Tourists after 2009.”

Despite the slow down for Mr. Brin’s ride, the Russia courts are zipping right along. I learned that “Google Loses Anti Monopoly Appeal in Russia over Obligatory Pre Installation of Android Apps.” According to the article:

The Moscow Arbitration court has upheld a previous ruling from the Federal Antimonopoly Service (FAS) that found Google had abused its dominant market position and broken anti-competition legislation. The crux of the complaint was that Google hindered the ability to create competing services on Android by forcing manufacturers to bundle some Google apps, including Gmail, Google Search, and Google Play, on the phones.

Google appears to be encountering friction in a number of nation states. Some officials are not reacting in a positive manner to Google’s business initiatives. Space ride slow, court decisions fast. An interesting inversion.

Stephen E Arnold, March 21, 2016

Organized Cybercrime Continues to Evolves

March 10, 2016

In any kind of organized crime, operations take place on multiple levels and cybercrime is no different. A recent article from Security Intelligence, Dark Web Suppliers and Organized Cybercrime Gigs, describes the hierarchy and how the visibility of top-level Cybercrime-as-a-Service (CaaS) has evolved with heightened scrutiny from law enforcement. As recently as a decade ago, expert CaaS vendors were visible on forums and underground boards; however, now they only show up to forums and community sites typically closed to newcomers and their role encompasses more expertise and less information sharing and accomplice-gathering. The article describes their niche,

“Some of the most popular CaaS commodities in the exclusive parts of the Dark Web are the services of expert webinjection writers who supply their skills to banking Trojan operators.

Webinjections are code snippets that financial malware can force into otherwise legitimate Web pages by hooking the Internet browser. Once a browser has been compromised by the malware, attackers can use these injections to modify what infected users see on their bank’s pages or insert additional data input fields into legitimate login pages in order to steal information or mislead unsuspecting users.”

The cybercrime arena shows one set of organized crime professionals, preying on individuals and organizations while simultaneously being sought out by organized cyber security professionals and law enforcement. It will be most interesting to see how collisions and interactions between these two groups will play out — and how that shapes the organization of their rings.


Megan Feil, March 10, 2016

Sponsored by, publisher of the CyberOSINT monograph


Next Page »