Hundreds of Thousands of Patient Records Offered up on the Dark Web
September 19, 2016
Some of us suspected this was coming, despite many assurances to the contrary. Softpedia informs us, “Hacker Selling 651,894 Patient Records on the Dark Web.” Haughtily going by the handle TheDarkOverlord, the hacker responsible is looking to make over seven hundred grand off the data. Reporter Catalin Cimpanu writes:
The hacker is selling the data on The Real Deal marketplace, and he [or she] says he breached these companies using an RDP (Remote Desktop Protocol) bug. TheDarkOverlord has told DeepDotWeb, who first spotted the ads, that it’s ‘a very particular bug. The conditions have to be very precise for it.’ He has also provided a series of screenshots as proof, showing him accessing the hacked systems via a Remote Desktop connection. The hacker also recalls that, before putting the data on the Dark Web, he contacted the companies and informed them of their problems, offering to disclose the bug for a price, in a tactic known as bug poaching. Obviously, all three companies declined, so here we are, with their data available on the Dark Web. TheDarkOverlord says that all databases are a one-time sale, meaning only one buyer can get their hands on the stolen data.
The three databases contain information on patients in Farmington, Missouri; Atlanta, Georgia; and the Central and Midwest areas of the U.S. TheDarkOverloard asserts that the data includes details like contact information, Social Security numbers, and personal facts like gender and race. The collection does not, apparently, include medical history. I suppose that is a relief—for now.
Cynthia Murrell, September 19, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/
Ancient History Tumblr Hack Still Beats Myspace Passwords Sale
September 19, 2016
Personal information remains a hot ticket item on the darknet. Metro shared an article highlighting the latest breach, More than 65million Tumblr emails sold on the darknet. While the leak happened in 2013, Tumblr has now reported the magnitude of the database that was hacked. As a call to action, the article reports Tumblr’s recommendation for users to change their passwords and look out for phishing attempts. The article reports,
The database includes email addresses and passwords. These are heavily protected by a procedure which makes it extremely difficult to reproduce the passwords. The database has turned up on the darknet marketplace The Real Deal at a price of £102, reports Motherboard.
Troy Hunt, who runs the security research site Have I Been Pwned, said the leak is an example of a ‘historical mega breach’. Users who fear their credentials were involved in the Tumblr hack can find out here.
Let’s not forget the more recent hack of potentially the largest login credentials theft: Hacker offers 427 million MySpace passwords for just $2,800. Many are commenting on the low price tag for such a huge quantity of personal information as a sign of MySpace’s lack of appeal even on the Dark Web. When login information including passwords are stolen, phishing attempts on the site are not the only issue for victims to be concerned with; many individuals use the same login credentials for multiple accounts.
Megan Feil, September 19, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/
Enterprise Technology Perspective on Preventing Security Breaches
September 16, 2016
When it comes to the Dark Web, the enterprise perspective wants solutions to prevent security breaches. Fort Scale released an article, Dark Web — Tor Use is 50% Criminal Activity — How to Detect It, speaking to this audience. This write-up explains the anonymizer Tor as The Onion Router, a name explained by the multiple layers used to hide an IP address and therefore the user’s identity. How does the security software works to detect Tor users? We learned,
There are a couple of ways security software can determine if a user is connecting via the Tor network. The first way is through their IP address. The list of Tor relays is public, so you can check whether the user is coming from a known Tor relay. It’s actually a little bit trickier than that, but a quality security package should be able to alert you if user behaviors include connecting via a Tor network. The second way is by looking at various application-level characteristics. For example, a good security system can distinguish the differences between a standard browser and a Tor Browser because among other things,Tor software won’t respond to certain history requests or JavaScript queries.
Many cybersecurity software companies that exist offer solutions that monitor the Dark Web for sensitive data, which is more of a recovery strategy. However, this article highlights the importance of cybersecurity solutions which monitor enterprise systems usage to identify users connecting through Tor. While this appears a sound strategy to understand the frequency of Tor-based users, it will be important to know whether these data-producing software solutions facilitate action such as removing Tor users from the network.
Megan Feil, September 16, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/
UltraSearch Releases Version 2.1
September 16, 2016
Now, after more than a year, we have a new version of a popular alternative to Windows’ built-in Desktop Search, UltraSearch. We learn the details from the write-up at gHacks.net, “UltraSearch 2.1 with File Content Search.” The application works by accessing a system’s master file table, so results appear almost instantly. Writer Martin Brinkmann informs us:
The list of changes on the official UltraSearch project website is long. While some of them may affect only some users, others are useful or at least nice to have for all. Jam Software, the company responsible for the search program, have removed the advertising banner from the program. There is, however, a new ‘advanced search’ menu option which links to the company’s TreeSize program in various ways. TreeSize is available as a free and commercial program.
As far as functional changes are concerned, these are noteworthy:
- File results are displayed faster than before.
- New File Type selection menu to pick file groups or types quickly (video files, Office files).
- Command line parameters are supported by the program now.
- The drive list was moved from the bottom to the top.
- The export dialog displays a progress dialog now.
- You may deactivate the automatic updating of the MFT index under Options > Include file system changes.
Brinkmann emphasizes that these are but a few of the changes in this extensive update, and suggests Windows users who have rejected it before give it another chance. We remind you, though, that UltraSearch is not your only Windows Desktop Search alternative. Some others include FileSearchEX, Gaviri Pocket Search, Launchy. Locate32, Search Everything, Snowbird, Sow Soft’s Effective File Search, and Super Finder XT.
Launched back in 1997, Jam Software is based in Trier, Germany. The company specializes in software tools to address common problems faced by users, developers, and organizations., like TreeSize, SpaceObserver, and, of course, UltraSearch. Though free versions of each are available, the company makes its money by enticing users to invest in the enhanced, professional versions.
Cynthia Murrell, September 16, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/
Automated Tools for Dark Web Data Tracking
September 15, 2016
Naturally, tracking stolen data through the dark web is a challenge. Investigators have traditionally infiltrated chatrooms and forums in the effort—a tedious procedure with no guarantee of success. Now, automated tools may give organizations a leg up, we learn from the article, “Tools to Track Stolen Data Through the Dark Web” at GCN. Reporter Mark Pomerleau informs us:
“The Department of Veterans Affairs last month said it was seeking software that can search the dark web for exploited VA data improperly outside its control, distinguish between VA data and other data and create a ‘one-way encrypted hash’ of VA data to ensure that other parties cannot ascertain or use it. The software would also use VA’s encrypted data hash to search the dark web for VA content. We learned:
Some companies, such as Terbium Labs, have developed similar hashing technologies. ‘It’s not code that’s embedded in the data so much as a computation done on the data itself,’ Danny Rogers, a Terbium Labs co-founder, told Defense One regarding its cryptographic hashing. This capability essentially enables a company or agency to recognize its stolen data if discovered. Bitglass, a cloud access security broker, uses watermarking technology to track stolen data. A digital watermark or encryption algorithm is applied to files such as spreadsheets, Word documents or PDFs that requires users to go through an authentication process in order to access it.
We’re told such watermarks can even thwart hackers trying to copy-and-paste into a new document, and that Bitglass tests its tech by leaking and following false data onto the dark web. Pomerleau notes that regulations can make it difficult to implement commercial solutions within a government agency. However, government personnel are very motivated to find solutions that will allow them to work securely outside the office.
The article wraps up with a mention of DARPA’s Memex search engine, designed to plumb the even-more-extensive deep web. Law enforcement is currently using Memex, but the software is expected to eventually make it to the commercial market.
Cynthia Murrell, September 15, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/
Law Enforcement Utilizes New and Traditional Methods for Dark Web Matters
September 15, 2016
While the Dark Web may be thought of as a home to drug dealers, several individuals have been apprehended by law enforcement. Edinburgh News published a report: FBI Helps Catch Edinburgh Man Selling Drugs on ‘Dark Web’. David Trail was convicted for creating a similar website to eBay, but on the Dark Web, called Topix2. Stolen credit card information from his former employer, Scotweb were found in the search of his home. The article states,
Detective Inspector Brian Stuart, of the Cybercrime Unit, said: ‘Following information from colleagues in FBI, Germany’s West Hessen Police and the UK’s National Crime Agency, Police Scotland identified David Trail and his operation and ownership of a hidden website designed to enable its users to buy and sell illegal drugs anonymously and beyond the reach of law enforcement. His targeting of a previous employer, overcoming their security, almost had a devastating effect on the company’s ability to remain in business.
As this piece notes, law enforcement used a combination of new and traditional policing techniques to apprehend Trail. Another common practice we have been seeing is the cooperation of intelligence authorities across borders — and across levels of law enforcement. In the Internet age this is a necessity, and even more so when the nature of the Dark Web is taken into account.
Megan Feil, September 15, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/
Is a New Policing Group Needed to Deal with Online Cyber Terrorism?
September 11, 2016
In June 2015, Yahoo News had reported breach of election systems of Illinois an Arizona for possibly stealing the data. According to the Department of Homeland Security, the perpetrators may have been probably were Russian state-sponsored hackers, an easy scapegoat in the run up to the US elections. The attack method allegedly was a Denial of Service (DoS) strategy. But how do hackers get access to network of computers and servers and still remain anonymous?
A report published by ABC Net “Thousands of Australian Computer Log Ins Up for Sale on Dark Web” states that
Computers from a federal research network, a peak sporting body, a school and a local council are among tens of thousands of machines which have been hacked and had their login details put up for sale in a Dark Web marketplace.
And if you think that it would cost hundreds of thousands of Bitcoins on Dark Web to control these hacked network of systems, you are in for a shock. Kaspersky, the anti virus centric security firm, which detected the hack says that
Computers like these can be rented by cyber criminals and used to launch attacks against others for as little as $6.
No wonder cyber terrorists , – whether state sponsored or rogue – are able to launch large scale attacks on federal agencies and American corporations with minimal risk and cost. It is evident from the fact that data breaches are becoming increasingly common. The latest victim being DropBox wherein access credentials of 68 million users were leaked.
The key question here is, “Is an international coordinated agency needed to police cyber crime?” Existing organizations seem to be less and less able to deal with breaches. The rallying cry may once again be, “Let’s create more bureaucracy.”
Vishal Ingole, September 11, 2016
Dark Web: Was Hillary Clinton a Phishing Target?
September 9, 2016
I am not too sure about the information is some British newspapers. Nevertheless, I find some of the stories amusing. A good example of an online frolic is a write up designed to suck in clicks and output blogger and podcast commentaries. Case in point: Beyond Search just helped out the Daily Mail’s traffic. Wikipedia, another always-spot on source of information points to a statement about the newspaper’s “institutional racism.”
The headline which caught my attention was “Hacking Fears over Clinton server: FBI reveal Hillary Was Sent ‘Phishing’ Email with Porn Links and ‘Dark Web Browser’ Was Used to Access Another Account.” I am frightened I guess.
The write up asserts:
An unknown individual used an anonymous web browsing tool often used to access the dark web to get into an email account on the Clinton family server, the FBI revealed [on September 2, 2016].
The Daily Mail explains the bad stuff about the Dark Web. Then there is a leap:
In another incident that raised hacking fears, Clinton received a phishing email, purportedly sent from the personal email account of a State official. She responded to the email: ‘Is this really from you? I was worried about opening it!’.
And for a third cartwheel, the estimable newspaper stated:
In a separate incident, Abedin sent an email to an unidentified person saying that Clinton was worried ‘someone [was] was hacking into her email’. She had apparently received an email from a known associate ‘containing a link to a website with pornographic material’ at the time, but there is no additional information as to why she would believe she had been hacked.
Fascinating. I did not see anyone in the pictures accompanying the write wearing a baseball cap with the phrase:
Make journalism great again.
Everything I read online is accurate. Plus, I believe absolutely everything I read on my computing device’s screen. We try to remain informed about online here in rural Kentucky.
Stephen E Arnold, September 9, 2016
Revolving Door Hires at Google
September 7, 2016
It looks like Google has determined the best way to address its legal challenges in Europe is to infiltrate and influence its governments. The Guardian reports, “Google: New Concerns Raised About Political Influence by Senior ‘Revolving Door’ Jobs.” The personnel-based tactic has apparently worked so well in the U.S. that Google is applying it to the European arena. Writer Jamie Doward cites research by the the Google Transparency Project, a venture of the Campaign for Accountability (CfA), when she writes:
New concerns have been raised about the political influence of Google after research found at least 80 ‘revolving door’ moves in the past decade – instances where the online giant took on government employees and European governments employed Google staff. … The CfA has suggested that the moves are a result of Google seeking to boost its influence in Europe as the company seeks to head off antitrust action and moves to tighten up on online privacy.
The article gets into specifics on who was hired where and when; navigate to it for those details. In sum, Doward writes:
Overall, the research suggests that Google, now part of parent company Alphabet Inc, has hired at least 65 former government officials from within the European Union since 2005.
During the same period, 15 Google employees were appointed to government positions in Europe, gaining what the CfA claims are ‘valuable contacts at the heart of the decision-making process’.
Anne Weisemann, CfA executive director, points to Google’s success influencing the U.S. government as a driving factor in its EU choices. She notes Google spends more to lobby our federal government than any other company, and that Google execs grace the White House more than once a week, on average. Also, CfA points to more than 250 of these “revolving door” appointments Google has made in the U.S.
For its part, Google claims it is just hiring experts who can answer government officials’ many questions about the Internet, about their own business model, and the “opportunity for European businesses to grow online.” There’s no way that could give Google an unfair advantage, right?
The article concludes with a call to reevaluate how government officials view Google—it is now much more than a search engine, it is a major political actor. Caution is warranted as the company works its way into government-run programs like the UK’s National Health Service and school systems. Such choices, ones that can affect the public on a grand scale, should be fully informed. Listening to Google lobbyists, who excel at playing on politicians’ technical ignorance, does not count.
Cynthia Murrell, September 7, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/
Social Media Snooping Site Emerges for Landlord and Employers
September 2, 2016
The promise of unlocking the insights in big data is one that many search and analytics companies make. CNet shares the scoop on a new company: Disturbing new site scrapes your private Facebook and informs landlords, employers. Their website is Score Assured and it provides a service as an intermediary between your social media accounts and your landlord. Through scanning every word you have typed on Facebook, Twitter, LinkedIn or even Tinder, this service will then filter all the words through a neuro-linguistic programming tool to provide a report on your reputation. We learned,
There’s no reason to believe that Score Assured’s “analysis” will offer in any way an accurate portrayal of who you are or your financial wherewithal. States across the country are already preparing or enacting legislation to ensure that potential employers have no right to ask for your password to Facebook or other social media. In Washington, for example, it’s illegal for an employer to ask for your password. Score Assured offers landlords and employers (the employer service isn’t live yet) the chance to ask for such passwords slightly more indirectly. Psychologically, the company is preying on a weakness humans have been displaying for some time now: the willingness to give up their privacy to get something they think they really want.
Scraping and finding tools are not new, but could this application be any more 2016? The author of this piece is onto the zeitgeist of “I’ve got nothing to hide.” Consequently, data — even social data — becomes a commodity. Users’ willingness to consent is the sociologically interesting piece here. It remains to be seen whether the data mining technology is anything special.
Megan Feil, September 2, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
