CyberOSINT banner

More Variables Than Technology for Enterprise Security to Consider

June 29, 2016

For all the effort enterprises go to in securing data through technological solutions, there are also other variables to consider: employees. Business Insider released an article, 1 in 5 employees are willing to hand over their work passwords for money, that shares survey research from SailPoint. 20 percent of 1,000 respondents, from organizations with over 1,000 employees, would be willing to sell their work passwords. US employees win the “most likely” award with 27 percent followed by Netherlands with 20 percent, and then UK and France at 16 percent. The article tells us,

“Some employees were willing to sell their passwords for as little as $55 (£38) but most people wanted considerably more, with $82,000 (£56,000) being the global average amount required,according to figures cited by Quartz that weren’t in the report. Unauthorised access to a company’s internal systems could provide a treasure trove of valuable data for criminals. They may be targeting individual user accounts, or they could be after intellectual property, or corporate strategy data.”

Undoubtedly, search and/or cybertheft is easier with a password. While the survey reports findings that may be alarming to organizations, we are left with the question, ‘why’. It may be easy to say morality is the dividing line, but I think this article wrestling with the morality question is on the right track pointing to considering sociological implications, for example, employee engagement and satisfaction cannot be discounted as factors in a decision to sell a password.

 

Megan Feil, June 29, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Dark Web Hacking Site Changes Hands

June 29, 2016

Navigating the Dark Web can be a hassle, because many of the Web sites are shut down before you have the chance to learn what nefarious content, services, or goods are available.  Some of these sites go down on their own, but law enforcement had a part in dismantling them as well.  Some Dark Web sites are too big and encrypted to be taken down and sometimes they exchange hands, such as Silk Road and now Hell.  Motherboard explains that “Dark Web Hacking Forum ‘Hell’ Appears To Have New Owners.”

The Real Deal, a computer exploit market, claimed to take ownership of Hell, the hacking forum known for spreading large data dumps and stolen data.  Real Deal said of their acquisition:

“ ‘We will be removing the invite-only system for at least a week, and leave the “vetting” forum for new users,’ one of The Real Deal admins, who also used the handle The Real Deal, told Motherboard in an encrypted chat.  ‘It’s always nice to have a professional community that meets our market’s original niche, hopefully it will bring some more talent both to the market and to the forums,’ the admin continued. ‘And it’s no secret that we as admins would enjoy the benefit of ‘first dibs’ on buying fresh data, resources, tools, etc.’”

The only part of Hell that has new administrators is the forum due to the old head had personal reasons that required more attention.  Hell is one of the “steadier” Dark Web sites and it played a role in the Adult FriendFinder hack, was the trading place for Mate1 passwords, and hosted breaches from a car breathalyzer maker.

Standard news for the Dark Web, until the next shutdown and relaunch.

 

Whitney Grace, June 29, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Is the NSA Is Overwhelmed with Data?

June 28, 2016

US citizens are worried about their civil liberties being compromised by the National Security AgencyZDNet reports they might not need to be worried anymore in the article, “NSA Is So Overwhelmed With Data, It’s No Longer Effective, Says Whistleblower.”

William Binney is a former official from the National Security Agency (NSA) with thirty years under his belt.  Binney has been a civilian for fifteen years, but he is abhorred with the NSA.  He said the NSA is so engorged with data that it has lost its effectiveness and important intelligence is lost in the mess.  This is how the terrorists win.  Binney also shared that an NSA official could run a query and be overwhelmed with so much data they would not know where to start.

” ‘That’s why they couldn’t stop the Boston bombing, or the Paris shootings, because the data was all there,’ said Binney. Because the agency isn’t carefully and methodically setting its tools up for smart data collection, that leaves analysts to search for a needle in a haystack.  ‘The data was all there… the NSA is great at going back over it forensically for years to see what they were doing before that,’ he said. ‘But that doesn’t stop it.’”

The problems are worse across the other law enforcement agencies, including the FBI, CIA, and DEA.  Binney left the NSA one month after 9/11 and reported that the NSA uses an intrusive and expensive data collection system.   The mantra is “to collect it all”, but it is proving ineffective and expensive.  According to Binney, it is also taking away half the Constitution.

Binney’s statements remind me of the old Pokémon games.  The catchphrase for the franchise is “gotta catch ‘em all” and it was easy with 150 Pokémon along with a few cheat codes.  The games have expanded to over seven hundred monsters to catch, plus the cheat codes have been dismantled making it so overwhelming that the game requires endless hours just to level up one character.  The new games are an ineffective way to play, because it takes so long and there is just too much to do.  The NSA is suffering from too many Pokémon in the form of data.

 

Whitney Grace, June 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Hacking Team Cannot Sell Spyware

June 27, 2016

I do not like spyware.  Once it is downloaded onto your computer, it is a pain to delete and it even steals personal information.  I think it should be illegal to make, but some good comes from spyware if it is in the right hands (ideally).  Some companies make and sell spyware to government agencies.  One of them is the Hacking Team and they recently had some bad news said Naked Security, “Hacking Team Loses Global License To Sell Spyware.”

You might remember Hacking Team from 2015, when its systems were hacked and 500 gigs of internal, files, emails, and product source code were posted online.  The security company has spent the past year trying to repair its reputation, but the Italian Ministry of Economic Development dealt them another blow.  The ministry revoked Hacking Team’s “global authorization” to sell its Remote Control System spyware suite to forty-six countries.  Hacking Team can still sell within the European Union and expects to receive approval to sell outside the EU.

“MISE told Motherboard that it was aware that in 2015 Hacking Team had exported its products to Malaysia, Egypt, Thailand, Kazakhstan, Vietnam, Lebanon and Brazil.

The ministry explained that “in light of changed political situations” in “one of” those countries, MISE and the Italian Foreign Affairs, Interior and Defense ministries decided Hacking Team would require “specific individual authorization.”  Hacking Team maintains that it does not sell its spyware to governments or government agencies where there is “objective evidence or credible concerns” of human rights violations.”

Hacking Team said if they suspect that any of their products were used to caused harm, they immediately suspend support if customers violate the contract terms.   Privacy International does not believe that Hacking Team’s self-regulation is enough.

It points to the old argument that software is a tool and humans cause the problems.

 

Whitney Grace, June 27, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Palantir Technologies: Maybe the US Army Should Be Skeptical?

June 20, 2016

I read “How Hired Hackers Got “Complete Control” Of Palantir.” On one hand, Palantir surfed on secrecy as its Hyptokrypto for marketing. The idea that Palantir’s internal network would become a party wave was not part of the 2003-2004 plan. The write up is by a Sillycon Valley observer who may not be invited to a Palantir algorithms meet up.

I am confident that the write up is spot on. If it is not accurate, my hunch is that the Gotham crowd may emulate the feistiness of one of the Palantir founders. Think Hulk Hogan and the estimable publication Gawker.

I noted this passage:

the cybersecurity firm Veris Group concluded that even a low-level breach would allow hackers to gain wide-ranging and privileged access to the Palantir network, likely leading to the “compromise of critical systems and sensitive data, including customer-specific information.”

I circled this statement in true blue:

Their presence [the penetration testers] was finally discovered, the report says, after they broke into the laptops of information security employees — but even then, the intruders were able to monitor the employees’ countermoves in real time, shifting tactics to evade them.

A Hobbit is quoted as saying:

“The findings from the October 2015 report are old and have long since been resolved,” Lisa Gordon, a Palantir spokesperson, said in an emailed statement. “Our systems and our customers’ information were never at risk. As part of our best practices, we conduct regular reviews and tests of our systems, like every other technology company does.”

Gnarly. Palantir seems to have hired a penetration testing outfit. Somehow the report leaked. Secure outfits often try to limit leaks.

Stephen E Arnold, June 20, 2016

Public Opinion of Dark Web May Match Media Coverage

June 17, 2016

A new survey about the Dark Web was released recently. Wired published an article centered around the research, called Dark Web’s Got a Bad Rep: 7 in 10 People Want It Shut Down, Study Shows. Canada’s Center for International Governance Innovation surveyed 24,000 people in 24 countries about their opinion of the Dark Web. The majority of respondents, 71 percent across all countries and 72 percent of Americans, said they believed the “dark net” should be shut down. The article states,

“CIGI’s Jardine argues that recent media coverage, focusing on law enforcement takedowns of child porn sites and bitcoin drug markets like the Silk Road, haven’t improved public perception of the dark web. But he also points out that an immediate aversion to crimes like child abuse overrides mentions of how the dark web’s anonymity also has human rights applications. ‘There’s a knee-jerk reaction. You hear things about crime and its being used for that purpose, and you say, ‘let’s get rid of it,’’ Jardine says.”

We certainly can attest to the media coverage zoning in on the criminal connections with the Dark Web. We cast a wide net tracking what has been published in regards to the darknet but many stories, especially those in mainstream sources emphasize cybercrime. Don’t journalists have something to gain from also publishing features revealing the aspects the Dark Web that benefit investigation and circumvent censorship?

 

Megan Feil, June 17, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Dark Web Drug Sales Go on Despite One Marketplace Down

June 16, 2016

Another Dark Web drug marketplace has gone offline, at least for now. Vice’s Motherboard published an article that reports on this incident and offers insight into its larger implications in their piece, Dark Web Market Disappears, Users Migrate in Panic, Circle of Life Continues. Nucleus market mostly sold illegal drugs such as cocaine and cannabis. Now, the site is unresponsive and has made no announcements regarding downtime or a return. The article hypothesizes about why Nucleus is down,

“At the moment, it’s not totally clear why Nucleus’s website is unresponsive. It could be an exit scam—a scam where site administrators stop allowing users to withdraw their funds and then disappear with the stockpile of bitcoins. This is what happened with Evolution, one of the most successful marketplaces, in March 2015. Other examples include Sheep Marketplace, from 2013, and more recently BlackBank Market. Perhaps the site was hacked by a third party. Indeed, Nucleus claimed to be the targetof a financially motivated attack last year. Or maybe the administrators were arrested, or the site is just suffering some downtime.”

The Dark Web poses an interesting case study around the concept of a business lifecycle. As the article suggests, this graph reveals the brief, and staggered, lifetimes of dark web marketplaces. Users know they will be able to find their favorite vendors selling through other channels. It appears the show, and the sales, must go on.

 
Megan Feil, June 16, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Banks as New Dark Web Educators

June 15, 2016

The Dark Web and deep web can often get misidentified and confused by readers. To take a step back, Trans Union’s blog offers a brief read called, The Dark Web & Your Data: Facts to Know, that helpfully addresses some basic information on these topics. First, a definition of the Dark Web: sites accessible only when a physical computer’s unique IP address is hidden on multiple levels. Specific software is needed to access the Dark Web because that software is needed to encrypt the machine’s IP address. The article continues,

“Certain software programs allow the IP address to be hidden, which provides anonymity as to where, or by whom, the site is hosted. The anonymous nature of the dark web makes it a haven for online criminals selling illegal products and services, as well as a marketplace for stolen data. The dark web is often confused with the “deep web,” the latter of which makes up about 90 percent of the Internet. The deep web consists of sites not reachable by standard search engines, including encrypted networks or password-protected sites like email accounts. The dark web also exists within this space and accounts for approximately less than 1 percent of web content.”

For those not reading news about the Dark Web every day, this seems like a fine piece to help brush up on cybersecurity concerns relevant at the individual user level. Trans Union is on the pulse in educating their clients as banks are an evergreen target for cybercrime and security breaches. It seems the message from this posting to clients can be interpreted as one of the “good luck” variety.

 

Megan Feil, June 15, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

The Job Duties of a Security Analyst

June 15, 2016

The Dark Web is a mysterious void that the average user will never venture into, much less understand than the nefarious reputation the media crafts for it.  For certain individuals, however, not only do they make a lively hood by surfing the Dark Web, but they also monitor potential threats to our personal safety.  The New York Times had the luck to interview one Dark Web security analyst and shared some insights into her job with the article, “Scouring The Dark Web To Keep Tabs On Terrorists.”

Flashpoint security analyst Alex Kassirer was interviewed and she described that she spent her days tracking jihadists, terrorist group propaganda, and specific individuals.  Kassirer said that terrorists are engaging more in cybercrimes and hacking in lieu/addition of their usual physical aggressions.  Her educational background is very impressive with a bachelor’s from George Washington University with a focus on conflict and security, a minor in religious studies, and she also learned some Arabic.  She earned her master’s in global affairs at New York University and interned at Interpol, the Afghan Embassy, and Flashpoint.

She handles a lot of information, but she provides:

“I supply information about threats as they develop, new tactics terrorists are planning and targets they’re discussing. We’ve also uncovered people’s personal information that terrorists may have stolen. If I believe that the information might mean that someone is in physical danger, we notify the client. If the information points to financial fraud, I work with the cybercrime unit here.”

While Kassirer does experience anxiety over the information she collects, she knows that she is equipped with the tools and works with a team of people who are capable of disrupting terroristic plots.

 

Whitney Grace, June 15, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Ransomware as a Service Deals in Bitcoins of Course

June 14, 2016

Countless “as-a-service” models exist online. A piece from SCMagazine, Dark web forums found offering Cerber ‘ransomware as a service’, reveals more information about one such service called ransomware-as-a-service (RaaS), which we’ve heard about now for quite some time. Ransomware injects a virus onto a machine that encrypts the user’s files where they remain inaccessible until the victim pays for a key. Apparently, an Eastern European ransomware, Cerber, has been offering RaaS on Russian Dark Web forums. According to a cyber intelligence firm Sensecy, this ransomware was setup to include “blacklisted” countries so the malware does not execute on computers in certain locations. The article shares,

“Malwarebytes Labs senior security researcher Jerome Segura said the blacklisted geographies – most of which are Eastern European countries – provide “an indication of where the malware originated.” However, he said Malwarebytes Labs has not seen an indication that the ransomware is connected to the famed APT28 group, which is widely believed to be tied to the Russian government. The recent attacks demonstrate a proliferation of ransomware attacks targeting institutions in the U.S. and Western nations, as recent reports have warned. Last week, the Institute for Critical Infrastructure Technology (ICIT) released a study that predicted previously exploited vulnerabilities will soon be utilized to extract ransom.”

Another interesting bit of information to note from this piece is the going ransom is one bitcoin. Segura mentions the value ransomers ask for may be changing as he has seen some cases where the ransomer works to identify whether the user may be able to pay more. Regardless of the location of a RaaS provider, these technological feats are nothing new. The interesting piece is the supposedly untraceable ransom medium supplanting cash.

 

Megan Feil, June 14, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Next Page »