The Sophistication of the Dark Web Criminals of Today
January 11, 2017
Vendors of stolen credit card information on the dark web are now verifying their customers’ identities, we learn from an article at the International Business Times, “The Fraud Industry: Expect to be KYC’d by Criminals When Buying Stolen Credit Cards on the Dark Web.” Yes, that is ironic. But these merchants are looking for something a little different from the above-board businesses that take KYC measures. They want to ensure potential clients are neither agents of law-enforcement nor someone who will just waste their time. Reporter Ian Allison cites Richard Harris, an expert in fraud detection through machine learning, when he writes:
Harris said some websites begin with a perfunctory request that the buyer produce some stolen card numbers of their own to show they are in the game. ‘There are various websites like that where undercover cops have been caught out and exposed. Like anybody else, they are in business and they take the security of their business seriously,’ he said.
Things have moved on from the public conception of a hacker in a hoodie who might hack the Pentagon’s website one day and steal some credit card details the next. That was 10 or 15 years ago. Today this is a business, pure and simple. It is about money and lots of it, like for instance the recent hit in Japan that saw a criminal gang make off with ¥1.4bn (£8.9m, $13m) from over 1,400 ATMs in under three hours. They simultaneously targeted teller machines located in Tokyo, Kanagawa, Aichi, Osaka, Fukuoka, Nagasaki, Hyogo,Chiba and Nigata. The Japanese police suspect more than 100 criminals were involved in the heist.
Harris is excited about the potential for machine learning to help thwart such sophisticated and successful, criminals. The article continues with more details about today’s data-thievery landscape, such as the dark-web bulletin boards where trade occurs, and the development of “sniffers” — fake wi-fi hubs that entice users with a promise of free connectivity, then snatch passwords and other delectable data. Allison also mentions the feedback pages on which customers review dark-web vendors, and delves into ways the dark web is being used to facilitate human trafficking. See the write-up for more information.
Cynthia Murrell, January 11, 2017
Dark Web Offers Tools for Vengeance to Disgruntled Workers
January 10, 2017
It seems the dark web is now making it easier for disgruntled employees to take their revenge to the next level, we learn from the KrebsOnSecurity article, “Rise of Darknet Stokes Fear of the Insider.” The article cites Gartner analyst Avivah Litan; she reports a steep increase in calls from clients concerned about vindictive employees, current or former, who might expose sensitive information on the dark web. Not surprisingly, companies with a lot of intellectual property at stake are already working with law-enforcement or private security firms to guard against the threat.
How, exactly, is the dark web making worker retaliation easier than ever before? Writer Brian Krebs explains:
Noam Jolles, a senior intelligence expert at Diskin Advanced Technologies, studies darknet communities. I interviewed her last year in ‘Bidding for Breaches,’ a story about a secretive darknet forum called Enigma where members could be hired to launch targeted phishing attacks at companies. Some Enigma members routinely solicited bids regarding names of people at targeted corporations that could serve as insiders, as well as lists of people who might be susceptible to being recruited or extorted.
Jolles said the proliferation of darkweb communities like Enigma has lowered the barriers to entry for insiders, and provided even the least sophisticated would-be insiders with ample opportunities to betray their employer’s trust.
I’m not sure everyone is aware of how simple and practical this phenomena looks from adversary eyes and how far it is from the notion of an insider as a sophisticated disgruntled employee,’ Jolles said. ‘The damage from the insider is not necessarily due to his position, but rather to the sophistication of the threat actors that put their hands on him.
According to research by Verizon, few vengeful employees turn out to have been in management positions. Most are workers lower on the totem pole who had to be given access to sensitive information to perform their jobs. The Verizon report cheerfully advises, “At the end of the day, keep up a healthy level of suspicion toward all employees.” What fun.
See the article for more about this threat, and how organizations might go about protecting themselves.
Cynthia Murrell, January 10, 2017
Medical Records Are the Hot New Dark Web Commodity
January 10, 2017
From emails to Netflix and Uber account information to other personally identifiable information has long been for sale on the Dark Web. A recent article from Fast Company, On The Dark Web, Medical Records Are A Hot Commodity, shares that medical records are the latest offerings for sale on the Dark Web. Medical records sold in these marketplaces usually include an individual’s name, birthdate, social security number and medical information. They fetch the relatively high price of $60 a piece, in comparison to social security numbers at $15. The article explains more,
On the dark web, medical records draw a far higher price than credit cards. Hackers are well aware that it’s simple enough to cancel a credit card, but to change a social security number is no easy feat. Banks have taken some major steps to crack down on identity theft. But hospitals, which have only transitioned en masse from paper-based to digital systems in the past decade, have far fewer security protections in place.
Cybercrime of medical records is potentially life-threatening because oftentimes during the theft of medical records, data showing allergies and other vital information is erased or swapped. Hopefully, the amount of time it took the medical industry to transition from paper to electronic health records is not representative of the time it will take the industry to increase security measures.
Megan Feil, January 10, 2017
Yahoo Takes on ISIS, in Its Way
January 9, 2017
The article on VentureBeat titled Yahoo Takes Steps to Remove Content Posted From ISIS and Other Terrorist Groups remarks on the recent changes Yahoo made to its community guidelines. The updated guidelines now specify that any content or accounts involved with terrorist organizations, even those that “celebrate” violence connected to terrorist activity are up for deletion or deactivation. The article speaks to the relevance of these new guidelines that follow hard upon the heels of Orlando and San Bernardino,
Twitter has responded as well, “suspending over 125,000 accounts” related to terrorism. Messaging app Telegram has also blocked 78 channels that engaged in ISIS-related activity. Kathleen Lefstad, Yahoo’s policy manager for trust and safety, wrote that this new category is in addition to other types of content that are flagged, including hate speech, bullying or harassment, and sharing adult or sexualized content of someone without their consent.
ISIS has grown infamous for its social media presence and ability to draw foreign supporters through social media platforms. Yahoo’s crackdown is a welcome sign of awareness that these platforms must take some responsibility for how their services are being abused. Priorities, folks. If Facebook’s machine learning content security can remove any sign of a woman’s nipple within 24 hours, shouldn’t content that endorses terrorism be deleted in half the time?
Chelsea Kerwin, January 9, 2017
Linux Users Can Safely Test Alpha Stage Tor Browser
January 5, 2017
The Tor Project has released the Alpha version of Tor Browser exclusive to Linux that users can test and use in sandboxed mode.
As reported by Bleeping Computer in article titled First Version of Sandboxed Tor Browser Available:
Sandboxing is a security mechanism employed to separate running processes. In computer security, sandboxing an application means separating its process from the OS, so vulnerabilities in that app can’t be leveraged to extend access to the underlying operating system.
As the browser that’s still under development is open to vulnerabilities, these loopholes can be used by competent parties to track down individuals. Sandboxing eliminates this possibility completely. The article further states that:
In recent years, Tor exploits have been deployed in order to identify and catch crooks hiding their identity using Tor. The Tor Project knows that these types of exploits can be used for other actions besides catching pedophiles and drug dealers. An exploit that unmasks Tor users can be very easily used to identify political dissidents or journalists investigating cases of corrupt politicians.
The Tor Project has been trying earnestly to close these loopholes and this seems to be one of their efforts to help netizens stay safe from prying eyes. But again, no system is full-proof. As soon as the new version is released, another exploit might follow suit.
Vishal Ingole, January 5, 2017
Is Your Data up for Sale on Dark Web?
January 4, 2017
A new service has been launched in UK that enables users to find out if their confidential information is up for sale over the Dark Web.
As reported by Hacked in an article This Tool Lets You Scan the Dark Web for Your (Stolen) Personal Data, it says:
The service is called OwlDetect and is available for £3,5 a month. It allows users to scan the dark web in search for their own leaked information. This includes email addresses, credit card information and bank details.
The service uses a supposedly sophisticated algorithm that has alleged capabilities to penetrate up to 95% of content on the Dark Web. The inability of Open Web search engines to index and penetrate Dark Web has led to mushrooming of Dark Web search engines.
OwlDetect works very similar to early stage Google, as it becomes apparent here in the article:
This new service has a database of stolen data. This database was created over the past 10 years, presumably with the help of their software and team. A real deep web search engine does exist, however.
This means the search is not real time and is as good as searching your local hard drive. Most of the data might be outdated and companies that owned this data might have migrated to secure platforms. Moreover, the user might also have deleted the old data. Thus, the service just tells you that were you ever hacked or was your data was even stolen?
Vishal Ingole, January 4, 2017
Legal Clarity Recommended for Understanding Cyberthreat Offense and Defense
January 2, 2017
Recently a conference took place about cybersecurity in the enterprise world. In the Computer World article, Offensive hackers should be part of enterprise DNA, the keynote speaker’s address is quoted heavily. CEO of Endgame Nate Fick addressed the audience, which apparently included many offensive hackers, by speaking about his experience in the private sector and in the military. His perspective is shared,
“We need discontinuity in the adoption cure,” Fick said, “but you can’t hack back. Hacking back is stupid, for many reasons not just that it is illegal.” He argued that while it is illegal, laws change. “Remember it used to be illegal to drink a beer in this country, and it was legal for a kid to work in a coal mine,” he said. Beyond the issue of legality, hacking back is, what Fick described as, climbing up the escalatory ladder, which you can’t do successfully unless you have the right tools. The tools and the power or ability to use them legally has historically been granted to the government.
Perhaps looking toward a day where hacking back will not be illegal, Fick explains an alternative course of action. He advocates for stronger defense and clear government policies around cybersecurity that declare what constitutes as a cyberthreat offense. The strategy being that further action on behalf of the attacked would count as defense. We will be keeping our eyes on how long hacking back remains illegal in some jurisdictions.
Megan Feil, January 2, 2017
Tor Anonymity Not 100 Percent Guaranteed
January 1, 2017
An article at Naked Security reveals some information turned up by innovative Tor-exploring hidden services in its article, “‘Honey Onions’ Probe the Dark Web: At Least 3% of Tor Nodes are Rogues.” By “rogues,” writer Paul Ducklin is referring to sites, run by criminals and law-enforcement alike, that are able to track users through Tor entry and/or exit nodes. The article nicely lays out how this small fraction of sites can capture IP addresses, so see the article for that explanation. As Ducklin notes, three percent is a small enough window that someone just wishing to avoid having their shopping research tracked may remain unconcerned, but is a bigger matter for, say, a journalist investigating events in a war-torn nation. He writes:
Two researchers from Northeastern University in Boston, Massachussets, recently tried to measure just how many rogue HSDir nodes there might be, out of the 3000 or more scattered around the world. Detecting that there are rogue nodes is fairly easy: publish a hidden service, tell no one about it except a minimum set of HSDir nodes, and wait for web requests to come in.[…]
With 1500 specially-created hidden services, amusingly called ‘Honey Onions,’ or just Honions, deployed over about two months, the researchers measured 40,000 requests that they assume came from one or more rogue nodes. (Only HSDir nodes ever knew the name of each Honion, so the researchers could assume that all connections must have been initiated by a rogue node.) Thanks to some clever mathematics about who knew what about which Honions at what time, they calculated that these rogue requests came from at least 110 different HSDir nodes in the Tor network.
It is worth noting that many of those requests were simple pings, but others were actively seeking vulnerabilities. So, if you are doing anything more sensitive than comparing furniture prices, you’ll have to decide whether you want to take that three percent risk. Ducklin concludes by recommending added security measures for anyone concerned.
Cynthia Murrell, January 1, 2017
Internet Watch Fund Teams with Blockchain Forensics Startup
December 29, 2016
A British charity is teaming up with an online intelligence startup specializing in Bitcoin. The Register reports on this in their piece called, Bitcoin child abuse image pervs will be hunted down by the IWF. The Internet Watch Foundation, with the help of a UK blockchain forensics start-up, Elliptic, aims to identify individuals who use Bitcoin to purchase child abuse images online. The IWF will provide Elliptic with a database of Bitcoin addresses and Elliptic takes care of the rest. We learned,
The IWF has identified more than 68,000 URLs containing child sexual abuse images. UNICEF Malaysia estimates two million children across the globe are affected by sexual exploitation every year. Susie Hargreaves, IWF CEO, said, “Over the past few years, we have seen an increasing amount of Bitcoin activity connected to purchasing child sexual abuse material online. Our new partnership with Elliptic is imperative to helping us tackle this criminal use of Bitcoin.” The collaboration means Elliptic’s clients will be able to automatically monitor transactions they handle for any connection to proceeds of child sex abuse.
Machine learning and data analytics technologies are used by Elliptic to collect actionable evidence for law enforcement and intelligence agencies. The interesting piece of this technology, and others like it, is that it runs perhaps as surreptitiously in the background as those who use the Dark Web and Bitcoin for criminal activity believe they do.
Megan Feil, December 29, 2016
Cybersecurity Technologies Fueled by Artificial Intelligence
December 28, 2016
With terms like virus being staples in the cybersecurity realm, it is no surprise the human immune system is the inspiration for the technology fueling one relatively new digital threat defense startup. In the Tech Republic article, Darktrace bolsters machine learning-based security tools to automatically attack threats, more details and context about Darktrace’s technology and positioning was revealed. Founded in 2013, Darktrace recently announced they raised $65 million to help fund their expansion globally. Four products, including their basic cyber threat defense solution called Darktrace, comprise their product suite. The article expands on their offerings:
Darktrace also offers its Darktrace Threat Visualizer, which provides analysts and CXOs with a high-level, global view of their enterprise. Darktrace Antigena complements the core Darktrace product by automatically defends against potential threats that have been detected, acting as digital “antibodies.” Finally, the Industrial Immune System is a version of Darktrace designed for Industrial Control Systems (ICS). The key value provided by Darktrace is the fact that it relies on unsupervised machine learning, and it is able to detect threats on its own without much human interaction.
We echo this article’s takeaway that machine learning and other artificial intelligence technologies continue to grow in the cybersecurity sector. The attention on AI is only building in this industry and others. Perhaps the lack of AI is particularly well-suited to cybersecurity as it’s behind-the-scenes nature that of Dark Web related crimes.
Megan Feil, December 28, 2016
-
- Subscribe to Beyond Search
Feature archive
News archive
-
