CyberOSINT banner

Stealing Data on the Dark Web Just Became Easier

February 1, 2016

“Underground Black Market: Thriving Trade in Stolen Data, Malware, and Attack Services” assumes that the reader knows the basics of the Dark Web. Let’s stake a step back.

Before we talk about stealing data on the Dark Web we must first define what we mean by the Dark Web. Most internet uses never go beyond the surface web, that part of the Web that consists of static Web sites such as Google, Facebook, and YouTube. What makes the Dark Web so interesting is that is it not entirely dark.

In fact, many Dark Web sites and their content are visible to the public. What is not visible is the server addresses which block most people from seeing who is running the sites.

In the article, Candid Wueest talks about a new paradigm for stealing and moving stolen data on the Dark Web. I noted that crimeware-as-a-service lets:

Attackers can easily rent the entire infrastructure needed to run a botnet or any other online scams. This makes cybercrime easily accessible for budding criminals who do not have the technical skills to run an attack campaign on their own. A drive-by download web toolkit, which includes updates and 24/7 support, can be rented for between $100 and $700 per week.

That means that it is becoming increasing easier for criminals to find, access, and sell data. Now you know. Now, anyone, including your local bad actor or your 11 year old, can access and steal data.

Here’s a troubling factoid from “The Tangled World of Stolen Data,” which we assume is spot on: It takes about 205 days for a company detect a data breach,  more than enough time for a cybercriminal to sell the data and get it distributed on the Dark Web.

So what can law enforcement agencies do? New advances in Dark Web access, such as I2P, are making it more difficult for these agencies to identify and react to data crimes. What this means is that the law security companies and law enforcement agencies will need to be creative. The FBI ran an offensive image site to get a grip on alleged wrong doers.

Perhaps the Dark Web is not as dark as many assume.

Martin A. Matisoff, MSc, February 1, 2016

A Road Map to the Dark Suburb of i2p Content

February 1, 2016

According to the I2P Web site, the Invisible Internet Project (I2P)  is an

anonymous overlay network … that is intended to protect communication from dragnet surveillance and monitoring by third parties such as ISPs and … is used by many people who care about their privacy: activists, oppressed people, journalists and whistleblowers.

Users who wanted information on I2P had two options for obtaining information about I2P and I2P services: search the web and create your own guide over time, or visit the I2P website which provides a useful index to I2P.


A more rich i2p resource is one you may want to explore. A fascinating Baedeker for the Dark Web is available on a pastesite, which is an anonymous publishing service.

The Guide to I2P and I2P Services Version 1 puts a Cliff’s Notes to sources of products, services, and information about weapons, controlled substances, and stolen Uber accounts. There are descriptions of the best ways for users to configure their computers so they can access .i2p sites and what you need to do once connected to these hidden services.

The guides offers a plethora of links to some of the most requested I2P sites, including image boards, such as Anch , a site for and by anarchists; file sharing sites such as Document Heaven  financial sites such as VEscudero’s Service, Darknet Products,  and social sites such as id3nt  and Visibility. Investigators may understand Facebook and Twitter, but the Dark Web is, for many, a digital Rubik’s cube.

In addition, the guide will offer tutorials and other topics including links to sites for users who speak different languages such as Russian, German, and Spanish.

The Guide to I2P and I2P Services not only provides numerous links to I2P sites, but it addresses concerns about the dangers of relaying encrypted traffic and Java vulnerabilities. Furthermore, it tells you how to connect to I2P IRC servers that are not part of IRC2p. The guide can help you map dark net maze.

How can investigators, analysts, and intelligence professionals get a working understanding of i2p? Easy. Contact benkent2020 at and inquire about our on site or online webinars about the Dark Web.

Martin A. Matisoff, MSc, February 1, 2016

AOL: A New Do for the Year of the Monkey

January 18, 2016

I read “AOL’s Identity Crisis: The Company May Ditch the AOL Brand.” I remember the flood of discs. I remember the hidden files thoughtfully placed on my hard drive when I installed America Online. I remember the Xoogler who bought his own local publishing outfit to reinvigorate AOL and, of course, his own local America Online. I remember Verizon buying AOL because, well, it could.

According to the write up:

one of AOL’s biggest priorities for the new year is figuring out its brand and investing in it, even if that means saying goodbye to the name “AOL” in favor of launching something completely new.

I learned that

Mark Ritson, a leading brand expert and marketing consultant, tells Business Insider that he also thinks the messy corporate brand definitely needs a clean up. AOL is tricky, he says, because it has very strong brand awareness, but that its image “has an unpalatable mix of being seen to be out of date and a business failure.”

No matter what name Verizon chooses, AOL will always evoke fond memories for me. The dial up modem, the chat groups, the fantastical email services.

So many memories. What ever happened to that Xoogler’s local news idea? Ah, it did not work out.

I look forward to the Yahooligans following AOL’s trajectory. Two new branding opportunities for the marketing consultants.

It is the year of the monkey too. Love those creatures.

Stephen E Arnold, January 18, 2016

Boolean Search: Will George Boole Rotate in His Grave?

January 12, 2016

Boolean logic is, for most math wonks, the father of Boolean logic. This is a nifty way to talk about sets and what they contain. One can perform algebra and differential equations whilst pondering George and his method for thinking about fruits when he went shopping.

In the good old days of search, there was one way to search. One used AND, OR, NOT, and maybe a handful of other logic operators to retrieve information from structured indexes and content. Most folks with a library science degree or a friendly math major can explain Boolean reasonably well. Here’s an example which might even work on CSA ProQuest (nèe Lockheed Dialog) even today:

CC=77? AND scam?

The systems when fed the right query would reply with pretty good precision and recall. Precision provided info that was supposed to be useful. Recall meant that what should be included was in the result set.

I thought about Boole, fruit, and logic when I read “The Best Boolean and Semantic Search Tool.” Was I going to read about SDC’s ORBIT, ESA Quest, or (heaven help me) the original Lexis system?


I learned about LinkedIn. Not one word about Palantir’s injecting Boolean logic squarely in the middle of its advanced data management processes. Nope.

LinkedIn. I thought that LinkedIn used open source Lucene, but maybe the company has invested in Exorbyte, Funnelback, or some other information access system.

The write up stated:

If you use any source of human capital data to find and recruit people (e.g., your ATS/CRM, resume databases, LinkedIn, Google, Facebook, Github, etc.) and you really want to understand how to best approach your talent sourcing efforts, I recommend watching this video when you have the time.

Okay, human resource functions. LinkedIn, right.

But there is zero content in the write up. I was pointed to a video called “Become a LinkedIn Search Ninja: Advanced Boolean Search” on YouTube.

Here’s what I learned before I killed the one hour video:

  1. The speaker is in charge of personnel and responsible for Big Data activities related to human resources
  2. Search is important to LinkedIn users
  3. Profiles of people are important
  4. Use OR. (I found this suggestion amazing.)
  5. Use iterative, probabilistic, and natural language search, among others. (Yep, that will make sense to personnel professionals.)

Okay. I hit the stop button. Not only will George be rotating, I may have nightmares.

Please, let librarians explicitly trained in online search and retrieval explain methods for obtaining on point results. Failing a friendly librarian, ask someone who has designed a next generation system which provides “helpers” to allow the user to search and get useful outputs.

Entity queries are important. LinkedIn can provide some useful information. The tools to obtain that high value information are a bit more sophisticated than the recommendations in this video.

Stephen E Arnold, January 12, 2016

Search Online Too Long? Tietze Disease Will Get You

January 8, 2016

I read “Technology Addict Develops Tietze Disease from Spending 23 Hours a Day Online.” I know, gentle reader, that using search engines can be frustrating. I know too that most of my readers spend hours upon hours trying to make Bing, Google, and Yandex point to a specific document which will answer your most pressing business question.

The fix is little more than search systems which return relevant results without ads and fluff.

Be aware. If you find yourself investing hours upon hours in crafting queries, you may succumb to “shooting pains” in your “back and chest.” You may have strained your “costal cartridges.”

The culprit Tietze disease.

Rest easy. The problem is benign. Go back to searching. Be tough.

Stephen E Arnold, January 8, 2016

The Long Goodbye of Internet Freedom Heralded by CISA

January 8, 2016

The article on MotherBoard titled Internet Freedom Is Actively Dissolving in America paints a bleak picture of our access to the “open internet.” In spite of the net neutrality win this year, broadband adoption is decreasing, and the number of poor Americans forced to choose between broadband and smartphone internet is on the rise. In addition to these unfortunate trends,

“Congress and President Obama made the Cybersecurity Information Sharing Act a law by including it in a massive budget bill (as an extra gift, Congress stripped away some of the few privacy provisions in what many civil liberties groups are calling a “surveillance bill”)… Finally, the FBI and NSA have taken strong stands against encryption, one of the few ways that activists, journalists, regular citizens, and yes, criminals and terrorists can communicate with each other without the government spying.”

What this means for search and for our access to the Internet in general, is yet to be seen. The effects of security laws and encryption opposition will obviously be far-reaching, but at what point do we stop getting the information that we need to be informed citizens?

And when you search, if it is not findable, does the information exist?


Chelsea Kerwin, January 8, 2016

Sponsored by, publisher of the CyberOSINT monograph

US Broadband: Good News or Some Obvious News

December 29, 2015

I read “Home Broadband 2015.” The write up is from Pew, a US research outfit. What’s interesting about Pew is that its results are used by some MBAs, former middle school teachers, and unemployed “real” journalists as evidence about the world. You know. If the US is like this, then Sudan is going to be just the same. I find this a somewhat touching approach to the world’s uptake of online connectivity. Life is just easier to manage if the Pew view is the lens through which one perceives behavior.

Now to the research.

The write up reports:

Three notable changes relating to digital access and digital divides are occurring in the realm of personal connectivity, according to new findings from Pew Research Center surveys. First, home broadband adoption seems to have plateaued. It now stands at 67% of Americans, down slightly from 70% in 2013, a small but statistically significant difference which could represent a blip or might be a more prolonged reality. This change moves home broadband adoption to where it was in 2012.

Okay, plateau is a metaphor for “hit a brick wall”. The implications are likely to be important for those not in the top one percent who want to buy a whizzy new iPhone to figure out what gifts are selling. (If it is not on the shelf, isn’t that a clue?)

The write up says:

Second, this downtick in home high-speed adoption has taken place at the same time there has been an increase in “smartphone-only” adults – those who own a smartphone that they can use to access the internet, but do not have traditional broadband service at home.

Maybe this explains the somewhat energetic efforts of outfits like the Alphabet Google thing to find additional sources of revenue. Loon balloons, self driving autos, and solving death come to mind. Nothing will sell like a pill to cure death. The device shift makes it harder to put ads in front of eye balls not interested in viewing the commercial messages. With home or desktop anchor surfing stagnating, the business models have to be tweaked. Pronto.

Also, I noted:

Third, 15% of American adults report they have become “cord cutters” – meaning they have abandoned paid cable or satellite television service.

This datum suggests to me that there may be some revenue pain for the purveyors of cords.

The write up is long. I had to click eight times to read the summary. The post includes many nifty, pale graphics. These are somewhat difficult to read on the mobile devices which the write up explains are the cat’s pajamas with Star Wars’ characters on the synthetic flannel.

I found the information about non broadband users’ perceptions of what’s important about having a zippy Internet connection. The surprise is that in 2015 40 percent of the sample for this question want to use high speed Internet to access government services.


Hard to read? Too bad.

This makes sense. Have you, gentle reader, attempted to interact with a US government agency in person? Give it a whirl. The problem is that the US government Web sites are not particularly helpful for many situations. Run a query on to see what I mean.

The discussion about cost seems obvious. With the notion of income disparity squeezing air time on TV news from the coverage of the NFL and Lady Gaga, I find the idea that those without resources find broadband too expensive. Okay. Obvious to me, but I think the Pew data make the point. The sky is blue, but wait, let me check a survey to make sure. Those without graduate degrees, jobs or sources of income, and the knowledge required to achieve cash flow are affected by costs. Got it.

The good news is that on page 7 Pew explains its methodology. Most of the hyperbole-infused marketers skip this step. I also found the data table on page 8 of the online report interesting. Let’s have more data tables and less of the dancing around the flat lines and inequality stuff.

Worth reading if one wants some obvious points reiterated. Google and other ad supported services will not work unless the ads flow. That’s the take away for me.

Stephen E Arnold, December 29, 2015

Money Laundering: Digital Currency or Old Fashioned Methods?

November 27, 2015

Online is zeros and ones. I worked for a number of years for a fellow with lots of money who explained, “Money is information.” He was mostly correct. However, in the world of big time money laundering, online does not yet have the NFL lineman muscles to do the entire job of keeping financial transactions secret.

The challenge with digital currencies boils down to a search and retrieval problem. Actionable information is embedded in transaction data. Bad actors may not be Bitcoin fans for certain types of unregulated cash transfer tasks.

Navigate to “‘White Gloves,’ ‘VIP Boxes:’ How It’s Done at China’s Underground Banks,” which does a good job of explaining how more traditional money laundering is handled. Bitcoin is okay for moving assets if one has the time, the operational security, and expertise to make the system work.

For folks with JP Morgan-style funds, something more robust and reliable may be needed. Oh, the ability to keep the activity hard to find, hidden from regulators and tax authorities, and reliable is important.

The article states:

In one case Xinhua highlighted this week, state investigators accused a longtime general manager, surnamed Dai, in a state-owned engineering company, Beijing-based China Harbour Engineering, of helping to move $3 million of corruption-tainted gains via a Chinese underground bank onshore. The underground bank used a technique that regulators called an “audit hedge,” essentially depositing 18 million yuan in Mr. Dai’s onshore account in exchange for an equivalent amount of foreign exchange placed in the underground bank’s offshore account. No money crosses the border physically or electronically, making the transaction almost perfectly undetectable — hence “a hedge against audits.”

Another method is an old fave: Shell accounts. The article stated:

In Ningxia, a small northwestern region home to China’s Hui ethnic minority, criminal gangs in the provincial capital Yinchuan set up 12 trading shells that did nothing but generate false export data as a means to move money in or out of the country under the guise of legitimate corporate payments, according to Xinhua. Companies are allowed to move foreign exchange exceeding China’s $50,000 annual limit for legitimate purposes. Police found that the gangs marked the funds that moved through their shell accounts as “national export incentive awards” obtained from the Yinchuan City Bureau of Finance. Investigators alleged that the gangs used the scheme to defraud the Ningxia government since 2013 of export incentives worth 38.6 million yuan ($6 million). Export scams like these usually facilitate illegally moving funds onshore, rather than offshore. China controls foreign exchange coming onshore just as it does money trying to move offshore. The Ningxia case stemmed from 2013, when China was experiencing a high level of net capital inflows.

When will digital currencies facilitate money laundering on this supersized scale? Not surprisingly, verifiable data about the volume of money laundering via digital currencies is tough to obtain.

I would point out that old fashioned methods still have their use. Investigators, therefore, have to rely on useful software like Maltego and add ins and have the resources to dig out information the old fashioned way. This is not just feet on the street; it is humans pulling information threads.

Stephen E Arnold, November 27, 2015

IBM and Digital Piracy: Just Three Ways?

November 27, 2015

I read “Preventing Digital Piracy: 3 Ways to Use Big Data to Protect Content.” I love making complicated issues really easy. Remember the first version of the spreadsheet? Easy. Just get a terminal, wrangle the team to install LANPAR, and have at it. Easy as 1-2-3, which came after VisiCalc.

Ah, LANPAR. You remember that, right. I have fond memories of Language for Programming Arrays at Random, don’t you? I still think the approach embodied in that software was a heck of a lot more user friendly than filling in tiny rectangular areas with a No. 4 pencil and adding and subtracting columns using an adding machine.

IBM has cracked digital piracy by preventing it. Now I find that notion fascinating. On a recent trip, I noted that stolen software and movies were more difficult to find. However, a question or two of the helpful folks at a computer store in Cape Town revealed a number of tips for snagging digital content. One involved a visit to a storefront in a township. Magic. Downloaded stuff on a USB stick. Cheap, fast, unmonitored.

IBM’s solution involve streaming data. Okay, but maybe streaming for some content is not available; for example, a list of firms identified by an intelligence agency as “up and comers.”

IBM also wants me to build a real time feedback loop. That sounds great, but the angle is not rules. The IBM approach is social media. This fix also involves live streaming. Not too useful when the content is not designed to entertain.

The third step wants me to perform due diligence. I am okay with this, but then what? When I worked at a blue chip consulting firm, the teams provided specific recommendations. The due diligence is useless without informed, affordable options and the resources to implement, maintain, and tune the monitoring activity.

I am not sure what IBM expects me to do with these three steps. My initial reaction is that I would do what charm school at Booz, Allen taught decades ago; that is, figure out the problem, identify the options, and implement the approach that had the highest probability of resolving the issue. The job is not to generalize. Proper scope helps ensure success.

If I wanted to prevent digital privacy, I would look to companies which have sophisticated, automatable methods to identify and remediate issues.

IBM, for example, does not possess the functionality of a company like Terbium Labs. There are other innovators dealing with leaking data. I could use LANPAR to do certain types of spreadsheet work. But why? Forward looking solutions do more than offer trivial 1-2-3.

Stephen E Arnold, November 27, 2015

Insight into Hacking Team

November 25, 2015

Short honk: Curious about the world of exploits available to governments and other authorized entities? You may find “Metadata Investigation: Inside Hacking Team” interesting.” Keep in mind that “metadata” means indexes, entity extraction, and other controlled and uncontrolled data content. The report from Share Lab was online on November 23, 2015, when I last checked the link. I discuss Hacking Team and several other firms in my forthcoming monograph about the Dark Web.

Stephen E Arnold, November 25, 2015

Next Page »