Elasticsearch: Security Assertions

January 20, 2017

I read “MongoDB Hackers Set Sights on ElasticSearch Servers with Widespread Ransomware Attacks.” According to the write up, more than 2,400 ElasticSearch services were “affected by ransomware in three days.”

“Attackers are finding open servers where there is no authentication at all. This can be done via a number of services and tools. Unfortunately, system admins and developers have been leaving these unauthenticated systems online for a while and attackers are just picking off the low hanging fruit right now.”

The write up explained:

ElasticSearch is a Java-based search engine, commonly used by enterprises for information cataloguing and data analysis.

What’s the remediation? One can pay the ransom. We suggest that Elastic cloud users read the documentation and implement the features appropriate for their use case.

Stephen E Arnold, January 20, 2017

The Internet Is Once Again Anonymous

January 19, 2017

Let us reminiscence for a moment (and if you like you can visit the Internet archive) about the Internet’s early days, circa late 1990s.  It was a magic time, because there were chatrooms, instant messaging, and forums.  The Internet has not changed these forms of communication much, although chatrooms are pretty dead, but one great thing about the early days is that the Internet was mostly anonymous.  With the increase in tracking software, IP awareness, and social media, Internet anonymity is reserved for the few who are vigilant and never post anything online.    Sometimes, however, you want to interact online without repercussions and TechCrunch shares that “Secret Founder Returns To Anonymous Publishing With Launch Of IO.”

David Byttow, Secret co-founder, started the anonymous publishing app IO that is similar to Postcard Confessions.  IO’s purpose is to:

IO is a pseudo-resurrection of Secret that Byttow told us in November came into being partly because “the downsides of current social media products MUST be addressed,” an imperative he felt was especially urgent following the results of the last U.S. election. IO’s stated mission is to achieve “authentic publishing,” by which Byttow means that he’s hoping users having an option to publishing either anonymously, using a pseudonym or as their actual selves will allow for easier sharing of true thoughts and feelings.

IO really does not do much.  You can type something up, hit publish, but it is only shared with other people if you attach social media links.  You can remain anonymous and IO does include writing assistance tools.  I really do not get why IO is useful, but it does allow a person to create a shareable link without joining a forum, owning a Web site, etc.  Reddit seems more practical, though.

Whitney Grace, January 19, 2016

 

Another Untraceable Dark Web Actor Put Behind Bars

January 19, 2017

A prison librarian in England who purchased drugs and weapons over the Dark Web for supplying them to prisoners was sentenced to 7-years in prison.

The Register in a news report Prison Librarian Swaps Books for Bars After Dark-Web Gun Buy Caper says:

Dwain Osborne, of Avenue Road, Penge, in London, was nabbed in October of 2015 after he sought to procure a Glock 19 – a staple of police and security forces worldwide – and 100 rounds of ammunition on the dark web. A search of Osborne’s house revealed the existence of a storage device, two stolen passports, and a police uniform.

Osborne was under the impression that like other Dark Web actors, he too is untraceable. What made the sleuths suspicious is not known, however, the swift action and prosecution are commendable. Law enforcement agencies are challenged by this new facet of crime wherein most perpetrators manage to remain anonymous.

Most arrests related to the purchase of arms and drugs over Dark Web were result of undercover operations. However, going beyond this type of modus operandi is the need of the hour.

Systems like Apacke Teka seem to be promising, but it is premature to say how such kind of systems will evolve and most importantly, will be implemented.

Vishal Ingole, January 19, 2017

The Software Behind the Web Sites

January 17, 2017

Have you ever visited an awesome Web site or been curious how an organization manages their Web presence?  While we know the answer is some type of software, we usually are not given a specific name.  Venture Beat reports that it is possible to figure out the software in the article, “SimilarTech’s Profiler Tells You All Of The Technologies That Web Companies Are Using.”

SimilarTech is a tool designed to crawl the Internet to analyze what technologies, including software, Web site operators use.  SimiliarTech is also used to detect which online payment tools are the most popular.  It does not come as a surprise that PayPal is the most widely used, with PayPal Subscribe and Alipay in second and third places.

Tracking what technology and software companies utilize for the Web is a boon for salespeople, recruiters, and business development professionals who want a competitive edge as well as:

Overall, SimilarTech provides big data insights about technology adoption and usage analytics for the entire internet, providing access to data that simply wasn’t available before. The insights are used by marketing and sales professionals for website profiling, lead generation, competitive analysis, and business intelligence.

SimiliarTech can also locate contact information for personnel responsible for Web operations, in other words new potential clients.

This tool is kind of like the mailing houses of the past. Mailing houses have data about people, places, organizations, etc. and can generate contact information lists of specific clientele for companies.  SimiliarTech offers the contact information, but it does one better by finding the technologies people use for Web site operation.

Whitney Grace, January 17, 2016

Royal Mail, Delivering Narcotics Efficiently

January 17, 2017

Unsuspecting Royal Mail postmen are delivering narcotics and drugs ordered over Dark Web to punters and buyers with much efficiency. Taking cognizance of the fact, The Home Office is planning an investment of GBP 1.9 billion over next five years to fight this new face of crime.

The Sun in an article titled Royal Mail Postmen Unknowingly Deliver Drugs Parcels Bought From the Dark Web says:

Royal Mail postmen are unknowingly delivering drug parcels bought from the dark web, it has been revealed. Millions of pounds of drugs are bought online every day via the dark web and shipped to punters anonymously.

The postmen, however, cannot be blamed as they are ill-equipped to find out what’s hidden inside a sealed parcel. Though drug sniffing dogs exist on paper for the Royal Mail, many postmen say they never saw one in their service life. Technology is yet to catch-up with dogs that can sniff out the drugs.

As the postmen are being put at risk delivering these packages, the Home Office in a statement said:

We have committed to spending £1.9bn on cybersecurity over the next five years, including boosting the capabilities of the National Crime Agency’s National Cyber Crime Unit, increasing their ability to investigate the most serious cybercrime.

Law enforcement agencies, including the ones in the US will have to invest in detecting and preventing such crimes. So far the success ratio has been barely encouraging. Till then, unsuspecting people will be used as pawns by cybercriminals, royally!

Vishal Ingole, January 17, 2017

Exploring Dark Web Motivations

January 13, 2017

The Dark Web continues to be under the microscope. Sophos’ blog, Naked Security, published an article, The Dark Web: Just How Dark Is It? questioning the supposed “dark” motivations of its actors. This piece also attempts to bust myths about the complete anonymity of Tor. There is an entry guard, which knows who the user is, and an exit node, which knows the user’s history and neither of these are easy to avoid. Despite pointing out holes in the much-believed argument full anonymity always exists on Tor, the author makes an effort to showcase “real-world” scenarios for why their average readers may benefit from using Tor: 

If you think a web site is legitimate, but you’re not completely sure and would like to “try before you buy,” why not take an incognito look first, shielding your name, your IP number, even your country? If you’re investigating a website that you think has ripped off your intellectual property, why advertise who you are? If you want to know more about unexceptionable topics that it would nevertheless be best to keep private, such as medical issues, lifestyle choices or a new job, why shouldn’t you keep your identity to yourself? Similarly, if you want to offer online services to help people with those very issues, you’d like them to feel confident that you’ll do your best to uphold their privacy and anonymity.

We’re not convinced — but perhaps that is because the article put its foot in its mouth. First, they tell us Tor does not provide full anonymity and then the author attempts to advocate readers use Tor for anonymity. Which is it? More investigation under a different lens may be needed.

Kenny Toth, January 13, 2017

HSDirs Could Be the Key to Dark Web Intelligence

January 12, 2017

An article on Security Affairs called Boffins spotted over 100 snooping Tor HSDir nodes spying on Dark Web sites points to a new tactic that could be useful to companies offering Dark Web intelligence services. Within the inner workings of the Dark Web live at least 100, according to researchers, malicious hidden service directories (HSDirs). These are the relays of the network that allow people to visit hidden services. The author quotes researchers Filippo Valsorda and George Tankersley who presented at the Hack in the Box Security Conference,

When a person wants to host a hidden service, they have to advertise their service on a Tor Onion database, which is a DHT made up of a group of stable relay machines called HSDirs . The person who wants to visit the hidden service has to request information about that service from the database. Therefore, those relays or HSDirs can see who is making the request for a connection and when you want to connect. Therefore, to deanonymize a user’s traffic, an attacker could choose to become the HSDir nodes for the hidden service.

Additionally, researchers from Karlstad University in Sweden found 25 nodes within the The Onion Router (Tor) which showed entities snooping on the supposedly anonymous network. It appears gaps exist. The research shows an unspecified actor from Russia was eavesdropping. Are these snoopers Dark Web intelligence or cybercriminals? We shall stay tuned.

Megan Feil, January 12, 2017

The Sophistication of the Dark Web Criminals of Today

January 11, 2017

Vendors of stolen credit card information on the dark web are now verifying their customers’ identities, we learn from an article at the International Business Times, “The Fraud Industry: Expect to be KYC’d by Criminals When Buying Stolen Credit Cards on the Dark Web.” Yes, that is ironic. But these merchants are looking for something a little different from the above-board businesses that take KYC measures. They want to ensure potential clients are neither agents of law-enforcement nor someone who will just waste their time.  Reporter Ian Allison cites Richard Harris, an expert in fraud detection through machine learning, when he writes:

Harris said some websites begin with a perfunctory request that the buyer produce some stolen card numbers of their own to show they are in the game. ‘There are various websites like that where undercover cops have been caught out and exposed. Like anybody else, they are in business and they take the security of their business seriously,’ he said.

Things have moved on from the public conception of a hacker in a hoodie who might hack the Pentagon’s website one day and steal some credit card details the next. That was 10 or 15 years ago. Today this is a business, pure and simple. It is about money and lots of it, like for instance the recent hit in Japan that saw a criminal gang make off with ¥1.4bn (£8.9m, $13m) from over 1,400 ATMs in under three hours. They simultaneously targeted teller machines located in Tokyo, Kanagawa, Aichi, Osaka, Fukuoka, Nagasaki, Hyogo,Chiba and Nigata. The Japanese police suspect more than 100 criminals were involved in the heist.

Harris is excited about the potential for machine learning to help thwart such sophisticated and successful, criminals. The article continues with more details about today’s data-thievery landscape, such as the dark-web bulletin boards where trade occurs, and the development of “sniffers” — fake wi-fi hubs that entice users with a promise of free connectivity, then snatch passwords and other delectable data. Allison also mentions the feedback pages on which customers review dark-web vendors, and delves into ways the dark web is being used to facilitate human trafficking. See the write-up for more information.

Cynthia Murrell, January 11, 2017

Dark Web Offers Tools for Vengeance to Disgruntled Workers

January 10, 2017

It seems the dark web is now making it easier for disgruntled employees to take their revenge to the next level, we learn from the KrebsOnSecurity article, “Rise of Darknet Stokes Fear of the Insider.” The article cites Gartner analyst Avivah Litan; she reports a steep increase in calls from clients concerned about vindictive employees, current or former, who might expose sensitive information on the dark web.  Not surprisingly, companies with a lot of intellectual property at stake are already working with law-enforcement or private security firms to guard against the threat.

How, exactly, is the dark web making worker retaliation easier than ever before? Writer Brian Krebs explains:

Noam Jolles, a senior intelligence expert at Diskin Advanced Technologies, studies darknet communities. I interviewed her last year in ‘Bidding for Breaches,’ a story about a secretive darknet forum called Enigma where members could be hired to launch targeted phishing attacks at companies. Some Enigma members routinely solicited bids regarding names of people at targeted corporations that could serve as insiders, as well as lists of people who might be susceptible to being recruited or extorted.

Jolles said the proliferation of darkweb communities like Enigma has lowered the barriers to entry for insiders, and provided even the least sophisticated would-be insiders with ample opportunities to betray their employer’s trust.

I’m not sure everyone is aware of how simple and practical this phenomena looks from adversary eyes and how far it is from the notion of an insider as a sophisticated disgruntled employee,’ Jolles said. ‘The damage from the insider is not necessarily due to his position, but rather to the sophistication of the threat actors that put their hands on him.

According to research by Verizon, few vengeful employees turn out to have been in management positions. Most are workers lower on the totem pole who had to be given access to sensitive information to perform their jobs. The Verizon report cheerfully advises, “At the end of the day, keep up a healthy level of suspicion toward all employees.” What fun.

See the article for more about this threat, and how organizations might go about protecting themselves.

Cynthia Murrell, January 10, 2017

Medical Records Are the Hot New Dark Web Commodity

January 10, 2017

From emails to Netflix and Uber account information to other personally identifiable information has long been for sale on the Dark Web. A recent article from Fast Company, On The Dark Web, Medical Records Are A Hot Commodity, shares that medical records are the latest offerings for sale on the Dark Web. Medical records sold in these marketplaces usually include an individual’s name, birthdate, social security number and medical information. They fetch the relatively high price of $60 a piece, in comparison to social security numbers at $15. The article explains more,

On the dark web, medical records draw a far higher price than credit cards. Hackers are well aware that it’s simple enough to cancel a credit card, but to change a social security number is no easy feat. Banks have taken some major steps to crack down on identity theft. But hospitals, which have only transitioned en masse from paper-based to digital systems in the past decade, have far fewer security protections in place.

Cybercrime of medical records is potentially life-threatening because oftentimes during the theft of medical records, data showing allergies and other vital information is erased or swapped. Hopefully, the amount of time it took the medical industry to transition from paper to electronic health records is not representative of the time it will take the industry to increase security measures.

Megan Feil, January 10, 2017

Next Page »