Malware with Community on the Dark Web
October 14, 2016
While Mac malware is perhaps less common than attacks designed for PC, it is not entirely absent. The Register covers this in a recent article, EasyDoc malware adds Tor backdoor to Macs for botnet control. The malware is disguised as a software application called EasyDoc Converter which is supposed to be a file converter but does not actually perform that function. Instead, it allows hackers to control the hacked mac via Tor. The details of the software are explained as follows,
The malware, dubbed Backdoor.MAC.Eleanor, sets up a hidden Tor service and PHP-capable web server on the infected computer, generating a .onion domain that the attacker can use to connect to the Mac and control it. Once installed, the malware grants full access to the file system and can run scripts given to it by its masters. Eleanor’s controllers also uses the open-source tool wacaw to take control of the infected computer’s camera. That would allow them to not only spy on the victim but also take photographs of them, opening up the possibility of blackmail.
A Computer World article on EasyDoc expands on an additional aspect of this enabled by the Dark Web. Namely, there is a Pastebin agent which takes the infected system’s .onion URL, encrypts it with an RSA public key and posts it on Pastebin where attackers can find it and use it. This certainly seems to point to the strengthening of hacking culture and community, as counterintuitive of a form of community, it may be to those on the outside.
Megan Feil, October 14, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Pindrop: Will It Make Burner Phones Less Attractive to Bad Actors
October 12, 2016
I read “Lloyds to Use Pindrop Tech to Identify Fraudulent Calls.” The company has technology which fingerprints a voice call. The approach considers such factors as “‘location, background noise, number history and call type, among others.” The “others” includes about 140 other items of information the system can extract or generate. The idea is that a fraudulent call can be flagged and appropriate action taken. The company, like Recorded Future, is partially funded by Alphabet Google.
The company was founded in 2011 and uses smart software to provide an early warning system when an in bound call is potentially fraudulent. Each monitored call receives an “audio fingerprint”; that is, a numerical identifier which allows calls to be analyzed. Terbium Labs uses a fingerprinting technique to identify certain types of content on Dark Web and other online sites.
The idea is that a customer service representative can be alerted when a back actor calls to transfer money or request a new credit card.
Can the system identify fraudulent calls from burner phones. These are devices which place calls and use one time SIM cards? What other applications will Pindrop bring to market? What happens if the technology is applied to Google’s new voice actuated home devices?
For more information about Pindrop, navigate to the company’s About page. Presumably Pindrop’s stakeholders can hear a pin drop and may more.
Stephen E Arnold, October 12, 2016
Hacking Federal Agencies Now a Childs Play
October 12, 2016
A potentially dangerous malware called GovRat that is effective in cyber-espionage is available on Dark Web for as low as $1,000.
IBTimes recently published an article Malware used to target US Government and military being sold on Dark Web in which the author states –
The evolved version of GovRat, which builds on a piece of malware first exposed in November last year, can be used by hackers to infiltrate a victim’s computer, remotely steal files, upload malware or compromised usernames and passwords.
The second version of this malware has already caused significant damage. Along with it, the seller is also willing to give away credentials to access US government servers and military groups.
Though the exact identity of the creator of GovRat 2.0 is unknown, the article states:
Several of these individuals are known as professional hackers for hire,” Komarovexplained. He cited one name as ROR [RG] – a notorious hacker who previously targeted Ashley Madison, AdultFriendFinder and the Turkish General Directorate of Security (EGM).
Data of large numbers of federal employees are already compromised and details like email, home address, login IDs and hashed passwords are available for anyone who can pay the price.
InfoArmor a cybersecurity and identity protection firm while scanning the Dark Web forums unearthed this information and has already passed on the details to relevant affected parties. The extent of the damage is unknown, the stolen information can be used to cause further damage.
Vishal Ingole, October 12, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
New EU Legislation on Terrorist Content
October 12, 2016
Balancing counterterrorism with digital rights continues to be a point of discussion. An article, EU parliament pushes ahead with plans to block, remove terrorist content online from Ars Technica reiterates the . Now, national authorities are required to ensure action are taken to remove illegal content hosted from within their territory that “constitutes public incitement to commit a terrorist offence”. If this is not feasible, they may take the necessary measures to block access to such content. Parliament’s chief negotiator, German MEP Monika Hohlmeier’s perspective is shared,
Hohlmeier said that the proposal strikes the right balance between security on the one hand and data protection and freedom of expression on the other. “It’s not so much a question of whether terrorists are using particular ways to hide on the Internet, or encryption, but they very often have perfect propaganda machinery. Our approach is to try to close websites, and if this is not possible to block these Internet websites,” she said. She added that enhanced cooperation was needed between police and justice authorities as well as private actors.
European digital rights organisation EDRi asserts that speed of action is taking undue priority over “legislation fit for the purpose.” Perhaps there is an opportunity for cyber security technology developed by justice authorities and the private sector to hit the mark on balancing the fine line between censorship and counterterrorism.
Megan Feil, October 12, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Need a Low Cost College Degree? Dark Web U Is for You
October 11, 2016
The lawless domain just got murkier. Apart from illegal firearms, passports, drugs and hitmen, you now can procure a verifiable college degree or diploma on Dark Web.
The Next Web in an article Dark Web crooks are selling fake degrees and certifications for the price of a smartphone REPORTS:
Cyber criminals have created a digital marketplace where unscrupulous students can
purchase or gain information necessary to provide them with unfair and illegal
academic credentials and advantages.
The certificates for these academic credentials are near perfect. But what makes this cybercrime more dangerous is the fact that hackers also manipulate the institution records to make the fake credential genuine.
The article ADDS:
A flourishing market for hackers who would target universities in order to change
grades and remove academic admonishments
This means that under and completely non-performing students undertaking an educational course need not worry about low grades or absenteeism. Just pay the hackers and you have a perfectly legal degree that you can show the world. And the cost of all these? Just $500-$1000.
What makes this particular aspect of Dark Web horrifying interesting is the fact that anyone who procures such illegitimate degree can enter mainstream job market with perfect ease and no student debt.
Vishal Ingole, October 11, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Booz Allen: A Race from the Top to the Mid Tier of Consulting
October 8, 2016
(A blog software glitch prevented this story from appearing at 5 13 am on Saturday, October 8, 2016.)
As a former Booz Allen employee, I was surprised to learn about the Snowdon matter. Now Booz Allen finds itself in the spotlight again. To get the big time take on this glitch, navigate to “At Booz Allen, a Vast U.S. Spy Operation, Run for Private Profit.” If you have to pay to view the write up, well, don’t blame me. The Gray Lady needs cash and pronto.
The main idea is that the US government contracts with experts, mavens, and wizards to perform certain types of work. The government trades money for the efforts of folks who might not otherwise labor in the hallowed halls of government-leased buildings.
I learned:
Booz Allen has helped the United Arab Emirates build its own high-tech spy agency.
Busy, busy.
The problem is that another Booz Allen expert has been allegedly taking classified materials from a government facility.
Several observations:
- What’s the vetting process for getting a job at Booz Allen these days? Is that process sort of working?
- What about the security which checks each person when leaving a government facility? The Rubic’s Cube gambit is good video, but real life maybe demands a bit more than bon ami?
- How will the other mid tier consulting firms react to having the equivalent of a college student sent back to grade school?
My former boss at Booz Allen would be acting in a manner which could alter the career paths of the favored few who land jobs with one of the blue chip consulting firms. That gentle soul has moved on, and with the new generation of Booz Allen senior managers, some of my boss’s managerial qualities seem to have departed as well.
Stephen E Arnold, October 8, 2016
Busted Black Marketplace Pops Back Up
October 5, 2016
In June, a vendor of access to hacked servers, xDedic, was taken down. Now, reports intelligence firm Digital Shadows, it has resurrected itself as a Tor domain. Why am I suddenly reminded of the mythical hydra? We learn of the resurgence from SecurityWeek’s article, “Hacked Server Marketplace Returns as a Tor Domain.” The article tells us:
After Kaspersky Lab researchers revealed in mid-June that they counted over 70,000 hacked servers made available for purchase on xDedic, some for as low as just $6, the marketplace operators closed the virtual shop on June 16. However, with roughly 30,000 users a month, the storefront was too popular to disappear for good, and intelligence firm Digital Shadows saw it re-emerge only a week later, but as a Tor domain now.
In an incident report shared with SecurityWeek, Digital Shadows reveals that a user named xDedic posted on 24 Jun 2016 a link to the new site on the criminal forum exploit[.]in. The user, who ‘had an established reputation on the forum and has been previously identified as associated with the site,’ posted the link on a Russian language forum thread titled ‘xDedic ???????’ (xDedic burned).
We’re told that, though the new site looks just like the old site, the user accounts did not tag along. The now-shuttered site was attracting about 30,000 users monthly, so it should not take long to re-build their client list. Researchers are not able to assess the sites traffic, since it is now a Tor domain, but both Digital Shadows and Kaspersky Lab, another security firm, are “monitoring the situation.” We can rest assured they will inform law enforcement when they have more information.
Cynthia Murrell, October 5, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
World-Check Database Leaked by Third Party
October 4, 2016
This is the problem with sensitive data—it likes to wander from its confines. Motherboard reports, “Terrorism Database Used by Governments and Banks Leaked Online.” Security researcher Chris Vickery reported stumbling upon a copy of the World-Check intelligence database from mid-2014 that was made available by a third party. The database maintained by Thomson Reuters for use by governments, intelligence agencies, banks, and law firms to guard against risks. Reporter Joseph Cox specifies:
Described by Thomson Reuters as a ‘global screening solution,’ the World-Check service, which relies on information from all over the world, is designed to give deep insight into financial crime and the people potentially behind it.
We monitor over 530 sanctions, including watch and regulatory law and enforcement lists, and hundreds of thousands of information sources, often identifying heightened-risk entities months or years before they are listed. In fact, in 2012 alone we identified more than 180 entities before they appeared on the US Treasury Office of Foreign Assets Control (OFAC) list based on reputable sources identifying relevant risks,’ the Thomson Reuters website reads.
A compilation of sensitive data like the World-Check database, though built on publicly available info, is subject to strict European privacy laws. As a result, it is (normally) only used by carefully vetted organizations. The article notes that much the U.S.’s No Fly List, World-Check has been known to flag the innocent on occasion.
Though Vickery remained mum on just how and where he found the data, he did characterize it as a third-party leak, not a hack. Thomson Reuters reports that the leak is now plugged, and they have secured a promise from that party to never leak the database again.
Cynthia Murrell, October 4, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Europol Internet Referral Unit Criticized for Methods
October 3, 2016
In July of 2015 Europol launched their Internet Referral Unit (IRU), tasked with identifying extremist propaganda online and asking ISPs to take it down. Now that the group has been operating for a year, it is facing criticism about its methods, we learn from “Europol’s Online Censorship Unit is Haphazard and Unaccountable Says NGO” at ArsTechnica. The NGO referred to in the headline is the international digital rights organization AccessNow.
As of the IRU’s July birthday, the European Commission reports the IRU has examined about 8,000 posts over some 45 platforms and has made about 7,000 removal requests. As of May 2016, the group also has the power to hunt down terrorists; it has begun working with the UK National Counter Terrorism Internet Referral Unit to swiftly pursue those behind dangerous posts.
Not everyone is happy with IRU’s methods. Writer Jennifer Baker reports:
However AccessNow, a global digital rights organization, said Europe’s approach to dealing with online extremism is ‘haphazard, alarming, tone-deaf, and entirely counter-productive.
According to AccessNow, ‘the IRU is outside the rule of law on several grounds. First, illegal content is just that—illegal. If law enforcement encounters illegal activity, be it online or off, it is expected to proceed in dealing with that in a legal, rights-respecting manner.
Second, relegating dealing with this illegal content to a third private party, and leaving analysis and prosecution to their discretion, is both not just lazy—but extremely dangerous. Third, illegal content, if truly illegal, needs to be dealt with that way: with a court order and subsequent removal. The IRU’s blatant circumvention of the rule of law is in direct violation of international human rights standards.
For its part, Europol points to the IRU’s success at removing propaganda, including such worrisome content as bomb-making instructions and inflammatory speeches designed to spur specific acts of violence. Does this mean Europol believes the urgency of the situation calls for discarding the rule of law? Caution is warranted; we’ve been down this road before.
Cynthia Murrell, October 3, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Microsoft Looks Slightly Desperate Paying People to Use Edge and Bing
September 28, 2016
The article on Business Insider titled Microsoft Will Actually Pay You to Use Its Newest Web Browser shows the evolution of Microsoft’s program from using Bing Rewards to their own Microsoft Rewards. Originally, just using Bing could earn users points towards Starbucks, Amazon, and Hulu, to name a few. Microsoft is now rebranding and expanding the program to incentivize users to spend time on Microsoft Edge, the child of Internet Explorer. The article states,
So long as you’re actively using Microsoft Edge — defined as having the Edge window open and actually using it to browse the web…— you’ll accrue points that can be redeemed for prizes, up to 30 hours’ worth a month. While Windows 10 is on over 350 million active devices, the Edge browser hasn’t quite made the splash that Microsoft had hoped for. Current numbers place Edge usage at just over 4.2% of the overall browser market.
The article makes a point of mentioning that for this program to work for users, they can’t just have Microsoft Edge open. They also must use Microsoft Bing as their default search engine. Without that setup, no points for you. Some users might jump at the chance to get paid for doing practically nothing, but others might be less than willing to expose themselves to being tracked by Microsoft. Still others might wince at the idea of giving up their Google default. Microsoft Edge: the broke person’s Google Chrome.
Chelsea Kerwin, September 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
