Dark Web Drug Sales Go on Despite One Marketplace Down
June 16, 2016
Another Dark Web drug marketplace has gone offline, at least for now. Vice’s Motherboard published an article that reports on this incident and offers insight into its larger implications in their piece, Dark Web Market Disappears, Users Migrate in Panic, Circle of Life Continues. Nucleus market mostly sold illegal drugs such as cocaine and cannabis. Now, the site is unresponsive and has made no announcements regarding downtime or a return. The article hypothesizes about why Nucleus is down,
“At the moment, it’s not totally clear why Nucleus’s website is unresponsive. It could be an exit scam—a scam where site administrators stop allowing users to withdraw their funds and then disappear with the stockpile of bitcoins. This is what happened with Evolution, one of the most successful marketplaces, in March 2015. Other examples include Sheep Marketplace, from 2013, and more recently BlackBank Market. Perhaps the site was hacked by a third party. Indeed, Nucleus claimed to be the targetof a financially motivated attack last year. Or maybe the administrators were arrested, or the site is just suffering some downtime.”
The Dark Web poses an interesting case study around the concept of a business lifecycle. As the article suggests, this graph reveals the brief, and staggered, lifetimes of dark web marketplaces. Users know they will be able to find their favorite vendors selling through other channels. It appears the show, and the sales, must go on.
Megan Feil, June 16, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Banks as New Dark Web Educators
June 15, 2016
The Dark Web and deep web can often get misidentified and confused by readers. To take a step back, Trans Union’s blog offers a brief read called, The Dark Web & Your Data: Facts to Know, that helpfully addresses some basic information on these topics. First, a definition of the Dark Web: sites accessible only when a physical computer’s unique IP address is hidden on multiple levels. Specific software is needed to access the Dark Web because that software is needed to encrypt the machine’s IP address. The article continues,
“Certain software programs allow the IP address to be hidden, which provides anonymity as to where, or by whom, the site is hosted. The anonymous nature of the dark web makes it a haven for online criminals selling illegal products and services, as well as a marketplace for stolen data. The dark web is often confused with the “deep web,” the latter of which makes up about 90 percent of the Internet. The deep web consists of sites not reachable by standard search engines, including encrypted networks or password-protected sites like email accounts. The dark web also exists within this space and accounts for approximately less than 1 percent of web content.”
For those not reading news about the Dark Web every day, this seems like a fine piece to help brush up on cybersecurity concerns relevant at the individual user level. Trans Union is on the pulse in educating their clients as banks are an evergreen target for cybercrime and security breaches. It seems the message from this posting to clients can be interpreted as one of the “good luck” variety.
Megan Feil, June 15, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The Job Duties of a Security Analyst
June 15, 2016
The Dark Web is a mysterious void that the average user will never venture into, much less understand than the nefarious reputation the media crafts for it. For certain individuals, however, not only do they make a lively hood by surfing the Dark Web, but they also monitor potential threats to our personal safety. The New York Times had the luck to interview one Dark Web security analyst and shared some insights into her job with the article, “Scouring The Dark Web To Keep Tabs On Terrorists.”
Flashpoint security analyst Alex Kassirer was interviewed and she described that she spent her days tracking jihadists, terrorist group propaganda, and specific individuals. Kassirer said that terrorists are engaging more in cybercrimes and hacking in lieu/addition of their usual physical aggressions. Her educational background is very impressive with a bachelor’s from George Washington University with a focus on conflict and security, a minor in religious studies, and she also learned some Arabic. She earned her master’s in global affairs at New York University and interned at Interpol, the Afghan Embassy, and Flashpoint.
She handles a lot of information, but she provides:
“I supply information about threats as they develop, new tactics terrorists are planning and targets they’re discussing. We’ve also uncovered people’s personal information that terrorists may have stolen. If I believe that the information might mean that someone is in physical danger, we notify the client. If the information points to financial fraud, I work with the cybercrime unit here.”
While Kassirer does experience anxiety over the information she collects, she knows that she is equipped with the tools and works with a team of people who are capable of disrupting terroristic plots.
Whitney Grace, June 15, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Ransomware as a Service Deals in Bitcoins of Course
June 14, 2016
Countless “as-a-service” models exist online. A piece from SCMagazine, Dark web forums found offering Cerber ‘ransomware as a service’, reveals more information about one such service called ransomware-as-a-service (RaaS), which we’ve heard about now for quite some time. Ransomware injects a virus onto a machine that encrypts the user’s files where they remain inaccessible until the victim pays for a key. Apparently, an Eastern European ransomware, Cerber, has been offering RaaS on Russian Dark Web forums. According to a cyber intelligence firm Sensecy, this ransomware was setup to include “blacklisted” countries so the malware does not execute on computers in certain locations. The article shares,
“Malwarebytes Labs senior security researcher Jerome Segura said the blacklisted geographies – most of which are Eastern European countries – provide “an indication of where the malware originated.” However, he said Malwarebytes Labs has not seen an indication that the ransomware is connected to the famed APT28 group, which is widely believed to be tied to the Russian government. The recent attacks demonstrate a proliferation of ransomware attacks targeting institutions in the U.S. and Western nations, as recent reports have warned. Last week, the Institute for Critical Infrastructure Technology (ICIT) released a study that predicted previously exploited vulnerabilities will soon be utilized to extract ransom.”
Another interesting bit of information to note from this piece is the going ransom is one bitcoin. Segura mentions the value ransomers ask for may be changing as he has seen some cases where the ransomer works to identify whether the user may be able to pay more. Regardless of the location of a RaaS provider, these technological feats are nothing new. The interesting piece is the supposedly untraceable ransom medium supplanting cash.
Megan Feil, June 14, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Security, Privacy Struggle with Change
June 13, 2016
I read “NSA Looking to Exploit Internet of Things, Including Biomedical Devices, Official Says.” Let’s assume that the information in the write up is accurate. The message the article seems to convey is that “investing” in systems and methods created a problem for investigators.
I read the article as saying, “Hey, this change stuff is a problem.” Perhaps the solution to the privacy and security tug of war is a flood of changes from software and hardware vendors?
Just a thought.
I don’t like change and for good reasons.
Stephen E Arnold, June 13, 2016
The Time Google Flagged Itself for Potentially Malicious Content
June 13, 2016
Did you know Google recently labeled itself as ‘partially dangerous’? Fortune released a story, Google Has Stopped Rating ‘Google.com’ as ‘Partially Dangerous’, which covers what happened. Google has a Safe Browsing tool which identifies potentially harmful websites by scanning URLs. Users noticed that Google itself was flagged for a short time. Was there a rational explanation? This article offers a technology-based reason for the rating,
“Fortune noted that Google’s Safe Browsing tool had stopped grading its flagship site as a hazard on Wednesday morning. A Google spokesperson told Fortune that the alert abated late last night, and that the Safe Browsing service is always on the hunt for security issues that might need fixing. The issue is likely the result of some Google web properties hosting risky user-generated content. The safety details of the warning specifically called out Google Groups, a service that provides online discussion boards and forums. If a user posted something harmful there, Google’s tool would have factored that in when assessing the security of the google.com domain as a whole, a person familiar with the matter told Fortune.”
We bet some are wondering whether this is a reflection of Google management or the wonkiness of Google’s artificial intelligence? Considering hacked accounts alone, it seems like malicious content would be posted in Google Groups fairly regularly. This flag seems to be a flag for more than the “partially dangerous” message spells out. The only question remaining is, a flag for what?
Megan Feil, June 13, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
More Data to Fuel Debate About Malice on Tor
June 9, 2016
The debate about malicious content on Tor continues. Ars Technica published an article continuing the conversation about Tor and the claims made by a web security company that says 94 percent of the requests coming through the network are at least loosely malicious. The article CloudFlare: 94 percent of the Tor traffic we see is “per se malicious” reveals how CloudFlare is currently handling Tor traffic. The article states,
“Starting last month, CloudFlare began treating Tor users as their own “country” and now gives its customers four options of how to handle traffic coming from Tor. They can whitelist them, test Tor users using CAPTCHA or a JavaScript challenge, or blacklist Tor traffic. The blacklist option is only available for enterprise customers. As more websites react to the massive amount of harmful Web traffic coming through Tor, the challenge of balancing security with the needs of legitimate anonymous users will grow. The same network being used so effectively by those seeking to avoid censorship or repression has become a favorite of fraudsters and spammers.”
Even though the jury may still be out in regards to the statistics reported about the volume of malicious traffic, several companies appear to want action sooner rather than later. Amazon Web Services, Best Buy and Macy’s are among several sites blocking a majority of Tor exit nodes. While a lot seems unclear, we can’t expect organizations to delay action.
Megan Feil, June 9, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Websites Found to Be Blocking Tor Traffic
June 8, 2016
Discrimination or wise precaution? Perhaps both? MakeUseOf tells us, “This Is Why Tor Users Are Being Blocked by Major Websites.” A recent study (PDF) by the University of Cambridge; University of California, Berkeley; University College London; and International Computer Science Institute, Berkeley confirms that many sites are actively blocking users who approach through a known Tor exit node. Writer Philip Bates explains:
“Users are finding that they’re faced with a substandard service from some websites, CAPTCHAs and other such nuisances from others, and in further cases, are denied access completely. The researchers argue that this: ‘Degraded service [results in Tor users] effectively being relegated to the role of second-class citizens on the Internet.’ Two good examples of prejudice hosting and content delivery firms are CloudFlare and Akamai — the latter of which either blocks Tor users or, in the case of Macys.com, infinitely redirects. CloudFlare, meanwhile, presents CAPTCHA to prove the user isn’t a malicious bot. It identifies large amounts of traffic from an exit node, then assigns a score to an IP address that determines whether the server has a good or bad reputation. This means that innocent users are treated the same way as those with negative intentions, just because they happen to use the same exit node.”
The article goes on to discuss legitimate reasons users might want the privacy Tor provides, as well as reasons companies feel they must protect their Websites from anonymous users. Bates notes that there is not much one can do about such measures. He does point to Tor’s own Don’t Block Me project, which is working to convince sites to stop blocking people just for using Tor. It is also developing a list of best practices that concerned sites can follow, instead. One site, GameFAQs, has reportedly lifted its block, and CloudFlare may be considering a similar move. Will the momentum build, or must those who protect their online privacy resign themselves to being treated with suspicion?
Cynthia Murrell, June 8, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Emerging Technology May Have Application for Security
June 6, 2016
New technologies for use in security are increasingly receiving attention. An article, Lip-reading technology ‘could capture what people on CCTV say’ claim researchers from Mirror discusses one example. The University of East Anglia in Norwich developed what is called a visual speech recognition technology. The purpose is to identify what people are saying in situations where audio is not good enough to hear. One application mentioned is for videos recorded from security cameras. The post describes more,
“Helen Bear, from the university’s school of computing science, said the technology could be applied to a wide range of situations from criminal investigations to entertainment. She added: “Lip-reading has been used to pinpoint words footballers have shouted in heated moments on the pitch, but is likely to be of most practical use in situations where there are high levels of noise, such as in cars or aircraft cockpits. “Crucially, whilst there are still improvements to be made, such a system could be adapted for use for a range of purposes – for example, for people with hearing or speech impairments.” Some sounds like “P” and “B” look similar on the lips and have traditionally been hard to decipher, the researchers said.”
Whether in real life or online, security and cybersecurity efforts and technologies are making headlines, keeping pace with security threats and breaches. It is interesting that applications for emerging technologies like this have such a range, but this particular technology seems to be rooted in brick-and-mortar security. We think there is a need for more focus on security as it relates to the Dark Web.
Megan Feil, June 6, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
monograph
Google Has Much at Stake in Intel Tax Case
June 3, 2016
In the exciting department of tax activities, 9to5Google reports, “Google Could Effectively Recoup All the Tax it Paid Last Year if Intel Wins Test Case.” Why is Google so invested in a dispute between Intel and the IRS? Writer Ben Lovejoy explains:
“In essence, the case hinges on share compensation packages paid by overseas subsidiaries. The IRS says that the cost of these should be offset against the expenses of the overseas companies; Intel says no, the cost should be deducted by the U.S. parent company – reducing its tax liabilities in its home country. The IRS introduced the rule in 2003. Companies like Google have abided by the rule but reserved the right to reallocate costs if a court ruling went against the IRS, giving them a huge potential windfall.”
This windfall could amount to $3.5 billion for Alphabet, now technically Google’s “parent” company (but really just a reorganized Google). Apparently, according to the Wall Street Journal, at least 20 tech companies, including Microsoft and eBay, are watching this case very closely.
Google is known for paying the fewest taxes it thinks it can get away with, a practice very unpopular with some. We’re reminded:
“Google has recently come under fire for its tax arrangements in Europe, a $185M back-tax deal in the UK being described as ‘disproportionately small’ and possibly illegal. France is currently seeking to claim $1.76B from the company in back taxes.”
So, how much will the world’s tax collectors be able to carve out of the Google revenue pie? I suspect it will vary from year to year, and will keep courts and lawyers around the world very busy.
Cynthia Murrell, June 3, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
