CyberOSINT banner

eBay and Facebook: Different Spins in Online Sales

April 14, 2016

I noted two seemingly unrelated items about two different companies. Here are the two items:

  1. Russian Diplomat: ISIS Making $200 Million Selling Stolen Artifacts on eBay
  2. Weapons for Sale on Facebook in Libya

In our work on the “Dark Web Notebook,” we have examined a number of sites which purport to offer contraband or prohibited products. These sites have been accessible using special software.

What is interesting is that the difference between the Dark Web and the “regular” Web seem to be blurring.

If these two stories are accurate, questions about governance by the owners of the Web sites may be raised. Since we began working on this new study of online content, we have noted that the boundary separating the Web which billions use from the Web tailored to a smaller set of online users is growing more difficult to discern.

In itself, the boundary’s change is interesting.

Stephen E Arnold, April 14, 2016

US Control of Internet Over

March 20, 2016

Short honk: I read “Quietly, Symbolically, US Control of the Internet Was Just Ended.” The write up explains that at a meeting in Morocco, people who run the “Internet’s naming and numbering system” have a plan

to end direct US government oversight control of administering the internet and commit permanently to a slightly mysterious model of global “multi-stakeholderism”.

What’s multi stakeholderism? I noted the reference to Snowden but multi stakeholderism?

Stephen E Arnold, March 20, 2016

Anonymous Hacks Turkish Cops

February 17, 2016

No Dark Web needed.

Anonymous has struck again, this time hacking the Turkish General Directorate of Security (EGM) in its crusade against corruption. The International Business Times reports, “Anonymous: Hacker Unleashes 17.8 GB Trove of Data from a Turkish National Police Server.” It is believed that the hacker responsible is ROR[RG], who was also deemed responsible for last year’s Adult Friend Finder breach. The MySQL-friendly files are now available for download at TheCthulhu website, which seems to be making a habit of posting hacked police data.

Why has Anonymous targeted Turkey? Reporter Jason Murdock writes:

“Anonymous has an established history with carrying out cyberattacks against Turkey. In 2015 the group, which is made up of a loose collection of hackers and hacktivists from across the globe, officially ‘declared war’ on the country. In a video statement, the collective accused Turkish President Recep Tayyip Erdo?an’s government of supporting the Islamic State (Isis), also known as Daesh. Turkey is supporting Daesh by buying oil from them, and hospitalising their fighters,’ said a masked spokesperson at the time. ‘We won’t accept that Erdogan, the leader of Turkey, will help Isis any longer. If you don’t stop supporting Isis, we will continue attacking your internet […] stop this insanity now Turkey. Your fate is in your own hands.’”

We wonder how Turkey will respond to this breach, and what nuggets of troublesome information will be revealed. We are also curious to see what Anonymous does next; stay tuned.

Cynthia Murrell, February 16, 2016


Stealing Data on the Dark Web Just Became Easier

February 1, 2016

“Underground Black Market: Thriving Trade in Stolen Data, Malware, and Attack Services” assumes that the reader knows the basics of the Dark Web. Let’s stake a step back.

Before we talk about stealing data on the Dark Web we must first define what we mean by the Dark Web. Most internet uses never go beyond the surface web, that part of the Web that consists of static Web sites such as Google, Facebook, and YouTube. What makes the Dark Web so interesting is that is it not entirely dark.

In fact, many Dark Web sites and their content are visible to the public. What is not visible is the server addresses which block most people from seeing who is running the sites.

In the article, Candid Wueest talks about a new paradigm for stealing and moving stolen data on the Dark Web. I noted that crimeware-as-a-service lets:

Attackers can easily rent the entire infrastructure needed to run a botnet or any other online scams. This makes cybercrime easily accessible for budding criminals who do not have the technical skills to run an attack campaign on their own. A drive-by download web toolkit, which includes updates and 24/7 support, can be rented for between $100 and $700 per week.

That means that it is becoming increasing easier for criminals to find, access, and sell data. Now you know. Now, anyone, including your local bad actor or your 11 year old, can access and steal data.

Here’s a troubling factoid from “The Tangled World of Stolen Data,” which we assume is spot on: It takes about 205 days for a company detect a data breach,  more than enough time for a cybercriminal to sell the data and get it distributed on the Dark Web.

So what can law enforcement agencies do? New advances in Dark Web access, such as I2P, are making it more difficult for these agencies to identify and react to data crimes. What this means is that the law security companies and law enforcement agencies will need to be creative. The FBI ran an offensive image site to get a grip on alleged wrong doers.

Perhaps the Dark Web is not as dark as many assume.

Martin A. Matisoff, MSc, February 1, 2016

A Road Map to the Dark Suburb of i2p Content

February 1, 2016

According to the I2P Web site, the Invisible Internet Project (I2P)  is an

anonymous overlay network … that is intended to protect communication from dragnet surveillance and monitoring by third parties such as ISPs and … is used by many people who care about their privacy: activists, oppressed people, journalists and whistleblowers.

Users who wanted information on I2P had two options for obtaining information about I2P and I2P services: search the web and create your own guide over time, or visit the I2P website which provides a useful index to I2P.


A more rich i2p resource is one you may want to explore. A fascinating Baedeker for the Dark Web is available on a pastesite, which is an anonymous publishing service.

The Guide to I2P and I2P Services Version 1 puts a Cliff’s Notes to sources of products, services, and information about weapons, controlled substances, and stolen Uber accounts. There are descriptions of the best ways for users to configure their computers so they can access .i2p sites and what you need to do once connected to these hidden services.

The guides offers a plethora of links to some of the most requested I2P sites, including image boards, such as Anch , a site for and by anarchists; file sharing sites such as Document Heaven  financial sites such as VEscudero’s Service, Darknet Products,  and social sites such as id3nt  and Visibility. Investigators may understand Facebook and Twitter, but the Dark Web is, for many, a digital Rubik’s cube.

In addition, the guide will offer tutorials and other topics including links to sites for users who speak different languages such as Russian, German, and Spanish.

The Guide to I2P and I2P Services not only provides numerous links to I2P sites, but it addresses concerns about the dangers of relaying encrypted traffic and Java vulnerabilities. Furthermore, it tells you how to connect to I2P IRC servers that are not part of IRC2p. The guide can help you map dark net maze.

How can investigators, analysts, and intelligence professionals get a working understanding of i2p? Easy. Contact benkent2020 at and inquire about our on site or online webinars about the Dark Web.

Martin A. Matisoff, MSc, February 1, 2016

AOL: A New Do for the Year of the Monkey

January 18, 2016

I read “AOL’s Identity Crisis: The Company May Ditch the AOL Brand.” I remember the flood of discs. I remember the hidden files thoughtfully placed on my hard drive when I installed America Online. I remember the Xoogler who bought his own local publishing outfit to reinvigorate AOL and, of course, his own local America Online. I remember Verizon buying AOL because, well, it could.

According to the write up:

one of AOL’s biggest priorities for the new year is figuring out its brand and investing in it, even if that means saying goodbye to the name “AOL” in favor of launching something completely new.

I learned that

Mark Ritson, a leading brand expert and marketing consultant, tells Business Insider that he also thinks the messy corporate brand definitely needs a clean up. AOL is tricky, he says, because it has very strong brand awareness, but that its image “has an unpalatable mix of being seen to be out of date and a business failure.”

No matter what name Verizon chooses, AOL will always evoke fond memories for me. The dial up modem, the chat groups, the fantastical email services.

So many memories. What ever happened to that Xoogler’s local news idea? Ah, it did not work out.

I look forward to the Yahooligans following AOL’s trajectory. Two new branding opportunities for the marketing consultants.

It is the year of the monkey too. Love those creatures.

Stephen E Arnold, January 18, 2016

Boolean Search: Will George Boole Rotate in His Grave?

January 12, 2016

Boolean logic is, for most math wonks, the father of Boolean logic. This is a nifty way to talk about sets and what they contain. One can perform algebra and differential equations whilst pondering George and his method for thinking about fruits when he went shopping.

In the good old days of search, there was one way to search. One used AND, OR, NOT, and maybe a handful of other logic operators to retrieve information from structured indexes and content. Most folks with a library science degree or a friendly math major can explain Boolean reasonably well. Here’s an example which might even work on CSA ProQuest (nèe Lockheed Dialog) even today:

CC=77? AND scam?

The systems when fed the right query would reply with pretty good precision and recall. Precision provided info that was supposed to be useful. Recall meant that what should be included was in the result set.

I thought about Boole, fruit, and logic when I read “The Best Boolean and Semantic Search Tool.” Was I going to read about SDC’s ORBIT, ESA Quest, or (heaven help me) the original Lexis system?


I learned about LinkedIn. Not one word about Palantir’s injecting Boolean logic squarely in the middle of its advanced data management processes. Nope.

LinkedIn. I thought that LinkedIn used open source Lucene, but maybe the company has invested in Exorbyte, Funnelback, or some other information access system.

The write up stated:

If you use any source of human capital data to find and recruit people (e.g., your ATS/CRM, resume databases, LinkedIn, Google, Facebook, Github, etc.) and you really want to understand how to best approach your talent sourcing efforts, I recommend watching this video when you have the time.

Okay, human resource functions. LinkedIn, right.

But there is zero content in the write up. I was pointed to a video called “Become a LinkedIn Search Ninja: Advanced Boolean Search” on YouTube.

Here’s what I learned before I killed the one hour video:

  1. The speaker is in charge of personnel and responsible for Big Data activities related to human resources
  2. Search is important to LinkedIn users
  3. Profiles of people are important
  4. Use OR. (I found this suggestion amazing.)
  5. Use iterative, probabilistic, and natural language search, among others. (Yep, that will make sense to personnel professionals.)

Okay. I hit the stop button. Not only will George be rotating, I may have nightmares.

Please, let librarians explicitly trained in online search and retrieval explain methods for obtaining on point results. Failing a friendly librarian, ask someone who has designed a next generation system which provides “helpers” to allow the user to search and get useful outputs.

Entity queries are important. LinkedIn can provide some useful information. The tools to obtain that high value information are a bit more sophisticated than the recommendations in this video.

Stephen E Arnold, January 12, 2016

Search Online Too Long? Tietze Disease Will Get You

January 8, 2016

I read “Technology Addict Develops Tietze Disease from Spending 23 Hours a Day Online.” I know, gentle reader, that using search engines can be frustrating. I know too that most of my readers spend hours upon hours trying to make Bing, Google, and Yandex point to a specific document which will answer your most pressing business question.

The fix is little more than search systems which return relevant results without ads and fluff.

Be aware. If you find yourself investing hours upon hours in crafting queries, you may succumb to “shooting pains” in your “back and chest.” You may have strained your “costal cartridges.”

The culprit Tietze disease.

Rest easy. The problem is benign. Go back to searching. Be tough.

Stephen E Arnold, January 8, 2016

The Long Goodbye of Internet Freedom Heralded by CISA

January 8, 2016

The article on MotherBoard titled Internet Freedom Is Actively Dissolving in America paints a bleak picture of our access to the “open internet.” In spite of the net neutrality win this year, broadband adoption is decreasing, and the number of poor Americans forced to choose between broadband and smartphone internet is on the rise. In addition to these unfortunate trends,

“Congress and President Obama made the Cybersecurity Information Sharing Act a law by including it in a massive budget bill (as an extra gift, Congress stripped away some of the few privacy provisions in what many civil liberties groups are calling a “surveillance bill”)… Finally, the FBI and NSA have taken strong stands against encryption, one of the few ways that activists, journalists, regular citizens, and yes, criminals and terrorists can communicate with each other without the government spying.”

What this means for search and for our access to the Internet in general, is yet to be seen. The effects of security laws and encryption opposition will obviously be far-reaching, but at what point do we stop getting the information that we need to be informed citizens?

And when you search, if it is not findable, does the information exist?


Chelsea Kerwin, January 8, 2016

Sponsored by, publisher of the CyberOSINT monograph

US Broadband: Good News or Some Obvious News

December 29, 2015

I read “Home Broadband 2015.” The write up is from Pew, a US research outfit. What’s interesting about Pew is that its results are used by some MBAs, former middle school teachers, and unemployed “real” journalists as evidence about the world. You know. If the US is like this, then Sudan is going to be just the same. I find this a somewhat touching approach to the world’s uptake of online connectivity. Life is just easier to manage if the Pew view is the lens through which one perceives behavior.

Now to the research.

The write up reports:

Three notable changes relating to digital access and digital divides are occurring in the realm of personal connectivity, according to new findings from Pew Research Center surveys. First, home broadband adoption seems to have plateaued. It now stands at 67% of Americans, down slightly from 70% in 2013, a small but statistically significant difference which could represent a blip or might be a more prolonged reality. This change moves home broadband adoption to where it was in 2012.

Okay, plateau is a metaphor for “hit a brick wall”. The implications are likely to be important for those not in the top one percent who want to buy a whizzy new iPhone to figure out what gifts are selling. (If it is not on the shelf, isn’t that a clue?)

The write up says:

Second, this downtick in home high-speed adoption has taken place at the same time there has been an increase in “smartphone-only” adults – those who own a smartphone that they can use to access the internet, but do not have traditional broadband service at home.

Maybe this explains the somewhat energetic efforts of outfits like the Alphabet Google thing to find additional sources of revenue. Loon balloons, self driving autos, and solving death come to mind. Nothing will sell like a pill to cure death. The device shift makes it harder to put ads in front of eye balls not interested in viewing the commercial messages. With home or desktop anchor surfing stagnating, the business models have to be tweaked. Pronto.

Also, I noted:

Third, 15% of American adults report they have become “cord cutters” – meaning they have abandoned paid cable or satellite television service.

This datum suggests to me that there may be some revenue pain for the purveyors of cords.

The write up is long. I had to click eight times to read the summary. The post includes many nifty, pale graphics. These are somewhat difficult to read on the mobile devices which the write up explains are the cat’s pajamas with Star Wars’ characters on the synthetic flannel.

I found the information about non broadband users’ perceptions of what’s important about having a zippy Internet connection. The surprise is that in 2015 40 percent of the sample for this question want to use high speed Internet to access government services.


Hard to read? Too bad.

This makes sense. Have you, gentle reader, attempted to interact with a US government agency in person? Give it a whirl. The problem is that the US government Web sites are not particularly helpful for many situations. Run a query on to see what I mean.

The discussion about cost seems obvious. With the notion of income disparity squeezing air time on TV news from the coverage of the NFL and Lady Gaga, I find the idea that those without resources find broadband too expensive. Okay. Obvious to me, but I think the Pew data make the point. The sky is blue, but wait, let me check a survey to make sure. Those without graduate degrees, jobs or sources of income, and the knowledge required to achieve cash flow are affected by costs. Got it.

The good news is that on page 7 Pew explains its methodology. Most of the hyperbole-infused marketers skip this step. I also found the data table on page 8 of the online report interesting. Let’s have more data tables and less of the dancing around the flat lines and inequality stuff.

Worth reading if one wants some obvious points reiterated. Google and other ad supported services will not work unless the ads flow. That’s the take away for me.

Stephen E Arnold, December 29, 2015

Next Page »