DarkCyber for September 22, 2020, Now Available: Bogus Passports, Chinese Data and Apps, and the Dronut Drone

September 22, 2020

DarkCyber for September 22, 2020, is now available. This week’s program features an update on falsified documents, three stories about China, and a report about the Dronut. You can view the video on YouTube. The video is available via the Beyond Search blog.

Kenny Toth, September 22, 2020

https://youtu.be/AOTJhU4VC9s

TikTok Ticks Along

September 18, 2020

US President Donald Trump allegedly banned Americans from using TikTok, because of potential information leaks to China. In an ironic twist, The Intercept explains “Leaked Documents Reveal What TikTok Shares With Authorities—In The U.S.” It is not a secret in the United States that social media platforms from TikTok to Facebook collect user data as ways to spy and sell products.

While the US monitors its citizens, it does not take the same censorship measures as China does with its people. It is alarming the amount of data TikTok gathers for the Chinese, but leaked documents show that the US also accesses that data. Data privacy has been a controversial topic for years within the United States and experts argue that TikTok collects the same type of information as Google, Amazon, and Facebook. The documents reveal that ByteDance, TikTok’s parent company, the FBI, and Department of Homeland Security monitored the platform.

Law enforcement officials use TikTok as a means to monitor social unrest related to the death of George Floyd. Floyd suffocated when a police officer cut off his oxygen attempting to restrain him during arrest. TikTok users post videos about Black Lives Matter, police protests, tips for disarming law enforcement, and even jokes about the US’s current upheaval. TikTok’s user agreement says it collects information and will share it with third parties. The third parties include law enforcement if TikTok feels there is an imminent danger.

TikTok, however, also censors videos, particularly those the Chinese government dislikes. These videos include political views, the Hong Kong protests, Uyghur internment camps, and people considered poor, disabled, or ugly.

Trump might try to make the US appear as the better country, but:

““The common concern, whether we’re talking about TikTok or Huawei, isn’t the intentions of that company necessarily but the framework within which it operates,” said Elsa Kania, an expert on Chinese technology at the Center for a New American Security. “You could criticize American companies for having an opaque relationship to the U.S. government, but there definitely is a different character to the ecosystem.” At the same time, she added, the Trump administration’s actions, including a handling of Portland protests that brought to mind the police crackdown in Hong Kong, have undercut official critiques of Chinese practices: “At a moment when we’re seeing attempts by the administration to draw a contrast in terms of values and ideology with China, these eerie parallels that keep recurring do really undermine that.”

Where is the matter now? We will have to ask an oracle.

Whitney Grace, September 18, 2020

Quick Bite: Apple Chomps into a Quibi Pro

September 8, 2020

DarkCyber spotted a news version of a quick bite. “Apple Hires Former Hulu/Quibi Hollywood Exec As It Explores Apple TV+ Bundle Deals.” The article highlights a business wizard named Tom Connolly and his Quibi experience. The article says:

… At Hulu, Connolly led negotiations with Spotify to bundle the music service with Hulu at no extra cost to the customer. He also worked on Hulu’s live TV deals and led advertising and partnerships at Quibi.

Quibi was available to DarkCyber because we have a T-Mobile account. No one ever accessed the service. But that’s just the quirky DarkCyber team. The real news outfit The Guardian did and published in the depth of Rona “The Fall of Quibi: How Did a Starry $1.75bn Netflix Rival Crash So Fast?”

The point is that Apple sees value in an executive with Quibi experience. DarkCyber wonders if other quick biters will covert their valuable experience with the quick biters into new opportunities.

Stephen E Arnold, September 8, 2020

DarkCyber for September 8, 2020: Innovation, Black Hat SEO, Drovorub, Sparks Snuffed, and Killer Drones

September 8, 2020

DarkCyber Video News for September 8, 2020, is now available. You can view the video on YouTube, Facebook, and the DarkCyber blog.

The program covers five stories:

First, the Apple-Fortnite dispute has created some new opportunities for bad actors and their customers. The market for stolen Fortnite accounts is robust. Accounts are for sale on the Dark Web and the Regular Web. Some resellers are allegedly generating six figures per month by selling hapless gamers’ accounts.

Second, you can learn how to erode relevance and make a page jump higher in the Google search results lists. Pay $50 and you get information to set up an Amazon or eBay store with little or no investment. No inventory has to be purchased, stored, and shipped. Sound like magic?

Third, the FBI and NSA have published a free analysis of Drovorub malware. If you are responsible for a Linux server, requesting a free copy of the publication may save you time, money, and loss of important data.

Fourth, a team of international law enforcement professionals shut down the Sparks video piracy operation. The impact of the shut down hits pirate sites and torrents. Three of the alleged operators have been identified. Two are under arrest, and the third is fleeing Interpol.

Finally, in this program’s drone report, DarkCyber explains how drug lords are using consumer drones in a novel and deadly way. Consumer-grade drones are fitted with explosives and a detonator. Each drone comes with a radio control unit and a remote trigger for the explosive’s on drone detonator. The purpose is to fly the drone near a target and set off the explosive. To ensure a kill, each of the weaponized drones carries a container of steel ball bearings to ensure the mission is accomplished.

DarkCyber is a production of Stephen E Arnold and the DarkCyber research team.

Kenny Toth, September 8, 2020

Is YouTube Search Broken? Does Anyone Care?

September 5, 2020

The Ultimate List of YouTube Channels to Boost your Web Development and Programming Skills” illustrates one of the ways in which YouTube search does not work. The write up is a compendium of YouTube presenters with information of interest to Web developers. The list consists of more than 80 YouTube “channels” with useful information. The list is curated; that is, one or more individuals dug through the digital swamp to locate content on the topic and of value to the list compilers.

Can this list or an approximation of it be produced using the YouTube search system?

The answer is, “No.”

Before offering some observations, let me offer an illustration the DarkCyber team encountered about eight days ago. One of my group wanted to do a review of free video editing software. She ran into a “dark pattern” problem and ended up trying to contact the company’s technical support, obtain information about fixing the issue, and moving forward with the review. The company  (an outfit called FXHome) finally roused itself and refunded the money. No explanation about the problem was offered.

As part of that interaction, another team member went looking for information about FXHome on Web search engines. One interesting source was YouTube. We quickly learned that the YouTube search engine cannot display a comprehensive list of results with date and time stamps. My researcher reported, “YouTube doesn’t work.”

You may have had your own experiences with YouTube, but I think most people just take what the recommendation system offers.

Observations:

  1. For a company in the search business, YouTube search seems flawed
  2. Locating videos on a topic or by a company is next to impossible
  3. When lists are displayed, vital information about date, time, and running time are not presented.

YouTube generates a ton of money for Alphabet Google. It also opens the door to curated lists like the one cited above. The YouTube search function does generate frustration.

Stephen E Arnold, September 5, 2020

Monoculture and Monopoly Law: Attraction to a Single Point Occurs and Persists

September 2, 2020

Did you hear the alarm clock ring? “Zoom Is Now Critical Infrastructure. That’s a Concern” makes it clear that even the deep sleepers can wake up. What’s the tune on these wizards’ mobile phone? Maybe a fabulous fake of “Still Drowsy after All These Years.” (Sorry, Mr. Simon.)

The write up makes clear that the Brookings community and scholars have been told the following:

  • Zoom is the information superhighway for education
  • Zoom content is visible to Zoom
  • Zoom is fending off the likes of Apple and Facetime, Google Meet and Hangouts, and Microsoft Teams (Skype shoved its hands in the barbeque briquettes, thus making that service less interesting.)
  • Zoom goes down, thus wrecking havoc.

The write up does not suggest that Zoom is up to fancy dancing with authorities from another nation state. The write up does not delve into the tale of the stunning Alex Panos, a human Swiss Army Knife of security. The write up does not articulate this Arnold Law:

A monoculture and a monopoly manifest attraction to a single online point.

A corrolary is:

That single point persists.

In the absence of meaningful oversight, Zoom is, according to the write up:

By contrast, a successful cyber attack targeting Zoom could bring education and an enormous amount of business activity to a complete halt.

And what about the Zoom data? Useful to some perhaps?

Stephen E Arnold, September 2, 2020

DarkCyber for 8-25-20: Andrax Hacker Toolkit, NSO Group PR Push, Tor Under Attack, and Eagle Drone Killer

August 25, 2020

DarkCyber is a video news program produced by Stephen E Arnold, publisher of Beyond Search and DarkCyber. You can view this week’s program on YouTube or Facebook.

The program for August 25, 2020, contains four stories. The first focuses on a hacker’s toolkit called Andrax. The packager of this penetration testing bundle makes some bold claims. Security professionals who use highly-regard pentest systems from ImmunitySec are called “dumbs” and “lamers.” Clever or uninformed marketing? You have to determine the answer for yourself.

The second story summarizes highlights of Massachusetts Institute of Technology’s “Technology Review” interview with the founder of NSO Group. NSO Group–unlike most vendors of specialized software–has been the subject of media scrutiny. In the interview, the founder of NSO Group seems to suggest that he does not understand the intelware market. Even more interesting is MIT’s decision to publish the interview and give NSO Group more media exposure. DarkCyber asks a question others have not posed.

The third story reviews two surprising items of information from a Nusenu study or analysis. (Nusenu may be a security firm, a Web services vendor, or a single individual.) The first interesting revelation in the Nusenu report is that about 25 percent of Tor relay exit servers have been compromised by an unknown third party. The second juicy morsel is the identification of five Internet service providers who may be hosting Tor relay servers and other interesting services.

The final story zooms to a single eagle. The Michigan government learned that an expensive drone was destroyed by an eagle. If you want your own raptor to knock down surveillance drones, DarkCyber provides a company that will provide an organic c-UAS (counter unmanned aerial system).

Kenny Toth, August 25, 2020

 

Modern Technology Reporting: The New York Times Is Now a Pundit Platform

August 14, 2020

I was not sure if I would document my reaction to the August 13, 2020, page B5, as “Instagram Reels? No. Just No” and online under the title “We Tested Instagram Reels, the TikTok Clone. What a Dud.”

I reflected on an email exchange I had with another “real” journalist earlier this week. With plenty of time on my hands in rural Kentucky during the Rona Resurgence, I thought, “Yeah, share your thoughts, you Brontosaurian Boomer. “Real” journalists working for big name outfits need to have a social agenda, insights, wisdom, and expertise no other human possesses. Absolutely.

In my 50 year work career, I worked for three outfits with publishing interests. The first was CRM, the outfit which owned Psychology Today (edited by the interesting T. George Harris), Intellectual Digest, and a number of other properties. I did some project work for a marketing whiz who coined the phrase “Fotomat Where your photo matters” and John Suhler (yeah, the Suhler of Veronis Suhler).  At meetings in Del Mar, Calif., a select group would talk and often drag in a so-called expert to hold forth on various topics. However, the articles which were commissioned or staff-written would not quote those at these meetings. Why? I have no idea. It was not a work practice. For me, it was how a reasonably successful magazine company operated.

Then I worked for Barry Bingham, Jr., who with his family owned most of the Courier-Journal & Louisville Times Company. There were other interests as well; for example, successful radio and TV stations, a direct mail operation, one of the first computer stores in Kentucky, a mail order business, and — believe it or not, the printing plant which cranked out the delightful New York Times Sunday Magazine. Plus, the NYT was then a family-owned operation. In my interactions with the NYT, my recollection is that the New York Times shared many of the old-fashioned work processes in use at the Courier-Journal. Was that the reason the Bingham papers won awards? One example is that the editorial writers wrote editorials. These were opinion pieces, personally vetted each day by Barry Bingham, Jr. The news people covered their beats. The reporters listened, gathered, analyzed, and wrote. No one quoted the man or woman across the desk in the alternately crazy and vacant newsroom. Also, the computer people (some of whom were decades ahead of systems people at other companies) did computery things. The printing people printed. Sure, there were polymaths and renaissance men and women, but people stayed in their lane.

My last publishing experience was in the Big Apple. I am not sure how I ended up on Bill Ziff’s radar, but I knew about him. He was variously described to me as a “publishing genius” and “Satan’s first cousin.” Dorothy Brown, the human resources vice president, eased my transition into the company from the Courier-Journal, telling me, “Just present facts. If Mr. Ziff wants your opinion, he will ask for it.” Good advice, Ms. Brown, good advice. (I heard the same thing when I did some consulting work for K. Wayne Smith, General, US Army.) The point is that management did management, which at Ziff included sponsoring a company race car. Advertising people collected money from advertisers dumped money in front of the building on Park Avenue South who wanted to appear in PC Magazine, Computer Shopper, and properties like PC Week. Once again, like the Ziff racing team, everyone stayed in their lanes. That meant that top flight reporters would report; executives dealt facts like Blackjack dealers in Las Vegas.

In these three experiences, I cannot recall an occasion on which the news people at these organizations interviewed one another.

The New York Times’ Brian X Chan interviewed the New York Times’ Taylor Lorenz. Now that’s interesting. Instead of picking up the phone and calling one of the wizards of punditry at a consulting firm, a firm developing short form video content, or an attorney monitoring Facebook’s interaction with regulators — the two ace reporters of “real” news interviewed themselves. Wow, that’s “real” work! Imagine. Scheduling a Zoom meeting.

It is one thing for a blog writer to take shortcuts. It is another thing for a newspaper which once generally tried to create objective news related to an event or issue to repeat office opinions. Was I annoyed? Nah, I think it is another indication that objectivity, grunting through the process of gathering information, sifting it, and trying to present a word picture that engages, illuminates, and explains is over.

In 2020, the New York Times runs inserts which are like propaganda posters stuck to the walls in my second grade classroom in Oxen Hill, Maryland, in 1950. The failure to present an objective assessment of the new Facebook knock off of TikTok was pure opinion. The reason? The New York Times’ “real” journalists see themselves as experts. Even the arrogant masters of the universe at an investment bank or a blue chip consulting firm try like the devil (maybe Bill Ziff) to get outsiders to provide “input.” A journalist may be a reporter, but the conversion of a reporter into an expert takes more than someone saying, “Wow, you guys know more about short form video than any other person within reach of a Zoom call” is misguided and a variant of what I call the high school science club management method. Yes, you definitely know more about Facebook’s short form video than anyone else within reach of a mobile phone or a Zoom connection.

I want to float a radical idea. Do some digging, some work. I think I can with reasonable confidence assert that John Suhler (my boss for my work at Veronis Suhler), Barry Bingham Jr. (the Courier-Journal owner), or Bill Ziff (the kin of Satan, remember?) would have the same viewpoint.

Just a suggestion, gentle reader: If a person wants me to respect their newspaper work as objective, informed, and professional, don’t replicate the filter-bubble, feedback loop of co-worker lunch room yip-yap: Research, sift, analyze, synthesize, and report.

Just my opinion, of course, but even Brontosauri can snort but that snort takes more effort than the energy expended presenting oneself as a wizard. Sorry, you pros are not in Merlin’s league.

Stephen E Arnold, August 14, 2020

Object Detection AI Offers Deal

August 13, 2020

Object detection AI are currently big projects in the technology community. AI developers are teaching computers using large datasets how to learn and reason like a human infant. It his hard to imagine that AI object detection software is available for consumers, but Product Hunt recently ranked Priceless AI as a number one product of the day.

Priceless AI describes itself as an, “‘all-you-can-eat’ image object detection at a fixed monthly price.” What is astonishing is how cheap Priceless AI is compared to its counterparts AWS Rekognition and Google Cloud Vision. AWS Rekognition starts at $5/month for 10,000 monthly predictions heading all the way to $8,200 for 10,000,000 images predictions. Google Cloud Vision, on the other hand, starts at $20 then goes up to $18,700. These prices are outrageous when Priceless AI stays at a simple $99 for any amount of image predictions a month.

How can they do this?

“How do you offer such a cheaper alternative to AWS Rekognition and Google Cloud Vision?

We do clever low-level optimization allowing us to make a more efficient use of the hardware.”

Priceless AI allows its customers to have more than one concurrent request and they can be used on as many clients/devices as wanted. The devices/clients need to be synchronized, because only the number of concurrent purchases are allowed.

Priceless AI wants to be as transparent as possible with customers, but they do keep some things secret:

“What model are you using to run object detection?

We can’t disclose the exact model, but we can tell you it’s a state-of-the-art deep convolutional neural network.”

Companies do need to try to keep the their secrets.

Whitney Grace, August 13, 2020

DarkCyber for August 11, 2020, Now Available

August 11, 2020

DarkCyber is a video news program about the Dark Web, cyber crime, and lesser known Internet services. The program for August 11, 2020, covers four stories. This week’s program is available on YouTube at this link. [Note below]

Stephen E Arnold, the producer of DarkCyber, illustrates how to jam Alexa’s surveillance components. When a white noise is not enough, Arnold points to a Web site which sells a wide array of jamming equipment. The video features a diagram of how a jamming device can disrupt mobile signals, Wi-Fi, and Bluetooth from a vehicle. If a basic mobile jammer is not suitable, Arnold provides information about a military-grade detection and jamming device with a comprehensive kill chain subsystem. Arnold reminds the viewer that use of some jamming devices can have unexpected consequences.

The second story addresses the TikTok dust up between the US and China. Arnold focuses on the trivializing of the TikTok threat by pundits. These individuals, in Arnold’s opinion, are not assessing the social engineering risks posed by a TikTok-type service. Data from a consumer app can pinpoint an individual who may be susceptible to cash inducements or threats to compromise the security of a workplace. TikTok videos may be silly, but the operators of the services are unlikely to be blind to the value of the data and its utility.

The third story considers iPhone hacking. Software, available via the regular Web, promises to hack an iPhone. If that approach does not work, there are hackers advertising iPhone hacking on the regular Internet. But what if the hack requires more aggressiveness? Arnold provides a link to a Dark Web site which makes clear that its operator will do anything for money. Can the iPhone be hacked? That depends on one’s willingness to believe information published on the Internet.

The final story focuses on the August 2020 Interpol report about cyber crime in the time of Covid. The report is available without charge, and its findings echo those of speakers at the 2020 National Cyber Crime Conference, held in July 2020. Arnold provides the url from which the new report can be downloaded without charge.

I wanted to point out that we will no longer post a copy of the video on Vimeo. That company sent an email demanding that Stephen E Arnold upgrade to a Pro account. Instead of saying, “We are raising prices,” Vimeo threatened Arnold with termination of his account because the free DarkCyber video is a commercial enterprise. Arnold wrote Vimeo twice pointing out that he retired in 2013, produces the video without financial support or sponsorship, and makes the content available to anyone interested in the Dark Web, cybercrime, and lesser known Internet services. Arnold told me,

“Millennial marketers at Vimeo thinks it is doing its job by making false accusations and then ignoring respectful questions about the fee change. Cancel culture to Vimeo, ‘You are history. This is your termination notice.’

We will give Facebook a whirl and include that url if the service allows easy access with a minimum of invasive surveillance, pop ups, and targeted advertising for WhatsApp.

Kenny Toth, August 11, 2020

Next Page »

  • Archives

  • Recent Posts

  • Meta