DarkCyber for July 30, 2019, Now Available
July 30, 2019
DarkCyber for July 30, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/350567599. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
DarkCyber (July 30, 2019) explores China’s aggressive method of dealing with encrypted messaging; Perceptics’ data breach and its consequences; a way to determine email links to other online services; and Palantir’s secret Gotham information exposed.
This week’s lead story concerns Palantir Technologies, a vendor of search and analytic tools for analysts. Founded in 2003, Palantir has draped a cloak of secrecy over one of its flagship products, now more than 16 years’ old. The information about the “secret” document appeared in Vice, an online information service. For those unfamiliar with investigative software, the revelations were of interest to some individuals. Vice’s public records request yielded a user manual written for police with access to the Palantir Gotham “intelware” system. The manual—described as secret and confidential—provides step-by-step instructions for performing certain investigative tasks; for example, how to obtain a profile of a person of interest, how to obtain information about a vehicle, and similar basic investigative questions.
Other stories in the July 23, 2019, program are:
First, China has introduced a very direct method of obtaining access to content on mobile phones and tablets. Citizens and allegedly some visitors have to install software from Xiamen Meiya Pico Information Company. The MFSocket software provides access to images, audio files, location data, call logs, messages, and the phone’s calendar and contacts, including those used in the messaging app Telegram. It is possible that the Meiya Pico organization has a cooperative relationship with the Chinese government. The company allegedly has 40 percent of the Chinese digital forensics market.
Second, a Web service named Deseat.me provides a useful service. Few people know what Web sites and Web services are linked to a person’s email address. Deseat.me makes locating this information easy. The service, at this time, is offered without charge. DarkCyber points out that many modern policeware systems offer a similar functionality for any email address. Deseat, along with a small number of similar services, makes the process of locating these linked sites and services easy and quick.
Finally, Perceptics, a company best known for its license plate identification system, suffered a security breach. Among the items of information compromised were US government data and a range of Perceptics’ proprietary data. The information allegedly included data related to recent border activities, a contentious issue in the United States. Perceptics may find that making sales to the US government more difficult. A loss of contracts would adversely impact the company’s revenue. A larger issue is that the security measures implemented by a company engaged in cyber services failed to deploy systems which guarded high-value data. The cost of a data breach can be high and create a public relations challenge for organizations more comfortable operating in a low-profile way.
DarkCyber videos appears each week through the September 30, 2019. A new series of videos will begin on November 1, 2019. Programs are available on Vimeo.com and YouTube.com.
Kenny Toth, July 30, 2019
YouTube: Keep on Clicking
July 25, 2019
YouTube wants you to watch videos. The more videos you watch, the more advertising space it can sell. In order to keep you engrossed, YouTube recommends videos that its algorithms think will appeal to you based on your viewing history. Sometimes the recommendations score, other times they sink faster than a flash in the pan viral video. Make Use Of explains how you can take control of your YouTube recommendations so they score every time: “YouTube Gives Viewers More Control Over Content.”
YouTube wants to give viewers more control over curating their video experience and they debuted brand new features to put viewers in “the driver’s seat.” YouTube wants to “help viewers find new interests and passions” and this comes from understanding what viewers like. In order for YouTube to know what to recommend, viewers need to tell YouTube so its content algorithms can do their magic. Here is how YouTube is “placing viewers in the driver’s seat” (although it’s really the illusion of control):
“Explore Topics on the Homepage and Up Next: YouTube is making it easier to explore topics and related videos. You’ll see these topics both at the top of your homepage (when you scroll up) and on the Up Next section below the video you’re currently watching.
Stop Certain Channels Being Recommended: On the flipside, you can now tell YouTube to stop recommending videos from particular channels. Just tap the three-dot menu next to a video and select “Don’t recommend channel” from the dropdown menu.
Discover Why YouTube Is Recommending Videos: YouTube is also explaining why it’s recommending particular content. When YouTube recommends videos based on what other viewers have watched, you’ll see an information box underneath the video.”
The last feature about “discovering why YouTube recommends a video” is a real show of AI intelligence, unless the algorithm is similar to what Amazon Prime, Netflix, and Hulu use to make similar recommendations. It is neat at first, then becomes passé unless there is flashy cover art. These updates were made, because YouTube’s old algorithms sent viewers down endless rabbit holes. For example, if a viewer watches a single anti-vaccination video, suddenly all of their recommendations were about anti-vaccinations. The only way to wipe out the recommendation was to clear the viewing history or watch a bunch of videos on another topic.
YouTube wants to retain ands gain viewers. Giving its viewers more control and understanding what they like with smarter AI will keep the video platform relevant.
Whitney Grace, July 25, 2019
DarkCyber for July 23, 2019, Now Available
July 23, 2019
DarkCyber for July 23, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/349282829. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s DarkCyber reports about Australia’s use of its anti-encryption law; tools for video piracy, a profile of SearchLight Security’s Cerberus system, and where to get information needed to join a Dark Web forum.
This week’s lead story concern easily findable software to facilitate video piracy and streaming. A report in TorrentFreak presents information from an unnamed source. This individual allegedly has been involved in video piracy and streaming for an extended period of time. The individual provides specific information about some of the software needed to remove digital rights management protections from commercial, copyrighted video content. The DarkCyber research team was able to locate software designed for the same purpose. No Dark Web and Tor were required. More significantly, these programs can be located by anyone with access to a browser and a Web search engine like Bing, Google, or Yandex. DarkCyber’s research has revealed that industrialized crime is now playing a larger role in streaming stolen video content.
Other stories in the July 23, 2019, program are:
First, Australia’s anti encryption law is now being put to use. The new regulations were used in the warrant to obtain content from a journalist. Australia is a member of the Five Eyes confederation. Australia’s law requires companies to cooperate with law enforcement and provide access to encrypted and other secured information. Canada, New Zealand, the United Kingdom, and the United States are likely to have elected officials who will seek to implement similar laws. News organizations in Australia perceive such laws as a threat.
Second, DarkCyber profiles a company founded in 2017 focused on providing law enforcement and intelligence professionals with an investigative tool. The company indexes a range of content, including forums, Dark Web sites and services, and social media content. Plus the company has created an easy-to-use interface which allows an investigator or analyst to search for a person of interest, an entity, or an event. The system then generates outputs which are suitable for use in a legal matter. The company says that use of its system has grown rapidly, and that the Cerberus investigative system is one of the leaders in this software sector.
Finally, DarkCyber provides information about a new report from IntSights, a cyber-intelligence firm. The report includes information which helps an individual to gain access to “cracker” forums and discussion groups which examine topics such as credit card fraud, money laundering, contraband, and similar subjects. The video provides the information required to download this report.
DarkCyber videos appears each week through the September 30, 2019. A new series of videos will begin on November 1, 2019. Programs are available on Vimeo.com and YouTube.com.
A new series of DarkCyber begin in November 2019.
Kenny Toth, July 23, 2019
YouTube Videos with Zero Views
July 18, 2019
DarkCyber does a video news program. But DarkCyber does not watch videos. Some do. What about watching videos no one bothers to watch? Navigate to Astronaut.io. Just click and chill. Interesting content. So far, no DarkCyber researcher has spotted our programs. This service may be the future of search; that is, do nothing. Just watch.
Stephen E Arnold, July 18, 2019
DarkCyber for July 16, 2019, Now Available
July 16, 2019
This week’s program is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/348009146. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: An Australian teen with 20,000 LSD doses; a money laundering operation run within a Florida prison; a how to guide for credit card fraudsters; Facebook’s digital currency triggers domain name land rush; and Interpol smashes a global child sex crime operation.
This week’s lead story talks about Facebook’s digital currency. Regulators in the US have expressed some reservations about what could be considered a sovereign currency. Facebook’s effort to unify its messaging applications and integrate encryption into the service poses one additional hurdle for investigators. The proposed digital currency called Libra may enable seamless, friction free financial transactions within the encrypted Facebook system. Bad actors are likely to test the system to find ways to use Facebook for illegal activities. Messaging apps can provide access to digital content like pirated videos, child pornography, commercial software with its security compromised, and similar digital contraband.
Other stories in the July 16, 2019, program are:
First, an Australian teenager used the Dark Web to purchase LSD, a controlled substance. The Australian Joint Agency Strike Team monitored the teenager’s activity which included setting up a mail drop in the central business district of Adelaide. When police moved in, they seized 20,000 doses or “tabs” of LSD. The contraband had an estimated street value of US$200,000. The legal representative of the alleged drug dealer pointed out that the young man had good family support. The teen also had knowledge of the Dark Web, a mail drop, and the 20,000 LSD tabs.
Second, Terbium Labs issued a new report which provides information about credit card fraud. For security professionals, the report is a concise review of key factors. To an individual looking for a primer explaining credit card fraud or “carding” the Terbium report is an interesting resource. Terbium points out that lesson plans for would be credit card fraudsters are available on the Dark Web. Most of the instructional material and guides cost between $4 and $13. Similar information can be located using Regular Web search engines. DarkCyber reveals that Yandex.com offers both current credit card fraud instruction guides as well as direct links to explanatory videos. This type of information may pose a dilemma for public search engines. For an individual seeking information about how to perform financial fraud, the abundance of available information is remarkable for its scope and its ready availability.
Third, convicted criminals in Pasco Country, Florida, operated a money laundering scheme from their cells. The angle was to obtain stolen credit cards from a Dark Web marketplace and transfer money from the credit card to a prisoner’s personal commissary account. Many US prisons allow inmates to purchase snacks and approved items from this prison store. Once the money was in a prisoner’s account, the ringleader then submitted a request for the prison to transfer the money to the account of an individual who was not in prison. Investigators identified the prisoners involved in the scheme, arrested one person who acted as an accomplice, and identified seven other individuals involved the the operation. A total of $8,000 was stolen in 40 separate transactions.
Finally, DarkCyber reports that Interpol’s Blackwrist investigated a global child sex crime operation. Dozens of individuals were arrested. One pedophile has been sentenced to more than 100 years in a Thailand prison. Others snared in the sweep are allegedly individuals who have abused children, some as young as 15 months. Blackwrist continues its investigations and more arrests are expected.
Kenny Toth, July 16, 2019
DarkCyber for July 9, 2019, Now Available
July 9, 2019
DarkCyber for July 9, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: Amazon’s drone-centric surveillance technology; Mauritania loses Internet access; cyber criminals stumble at the US Post Office; the US develops THOR to kill drone swarms; and cyber crime for vertical markets grows.
This week’s lead story pivots on Amazon’s patent US 10,313,638 “Image Creation for Geo-Fence Data.” This invention makes it possible for an Amazon drone delivering packages or performing some other function like verifying that a driver dropped off an order to perform other functions. The specific example described in the patent is for Amazon to parse drone footage within a specific area and then extract data about a person or other entity. The idea is to geo-fence a front yard, a back door, or some other location and then extract the image and assign metadata to that extracted object. In short, deliveries plus surveillance. The invention makes us of the Amazon Web Services’ suite of services; for example, cross correlation of drone captured data with facial recognition, purchase history, and financial information.
Other stories in the July 9, 2019, program are:
First, Bromium and the Surrey Crime Research Lab in the UK have published information about a new trend in cyber crime. Instead of Dark Web bad actors just offering generic malware, SCRL reports that specialized software has become more widely available. The “vertical” malware is purpose built to attack retail, health care, and financial institutions. The technology needed to compromise an employee’s mobile device and corporate network access has been fine-tuned to deal with the security procedures in place for banking, finance, and credit card providers. Instead of relying on general purpose exploits, malware like Ramnit is bundled with tools able to penetrate hospitals and retail operations. Bromium provides a summary of some of the SCRL results, and DarkCyber provides information necessary to register to obtain this high value report.
Second, the US government, assisted by three commercial enterprises, has develop a system to kill or disable a swam of drones. The technology makes use of a directed beam which interferes with the electronics of a group of drones. The idea is that a swarm of drones can operated in an autonomous and semi-autonomous manner to compromise US security or perform in an offensive manner; for example, deliver poison, explosives, or surveillance devices. The THOR (Tactical High Power Microwave Responder) can be set up by two people in less than three hours. The beam defense is operated with a hand held controller. The technology can be mounted on a variety of platforms, included land based vehicles.
Third, two individuals based in the US shipped more than 25,000 packages containing controlled substances. The duo collected more than $8 million from the sale of narcotics and fake prescription drugs like Adderall. US investigators broke the case because the team used Stamps.com, an online service for postage. One of the bad actors signed up for the service using his real name and home address. Agents purchased four batches of narcotics and then raided the operation. In that raid, a commercial pill press was seized along with other evidence. When arraigned, the duo pleaded “Not guilty.”
Finally, Mauritania, a northwest African nation with a population of four million lost Internet access. An estimated 800,000 citizens had been unable to send email, use Facebook, and other online services. The government took this step in order to help quell political unrest in that country. Other countries in that region’s Internet shut down zone are Ethiopia and Sudan.
Kenny Toth, July 9, 2019
DarkCyber for July 2, 2019, Is Now Available
July 2, 2019
DarkCyber for July 2, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/345294527. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: Tor survives another court battle related to a child who overdosed on Dark Web drugs; a newspaper unwittingly provides a road map for undertaking credit card fraud; a profile of DataWalk, a next-generation intelligence platform with a secret sauce; and Recorded Future’s threat intelligence service runs from Amazon’s platform.
This week’s lead story is the revelation that Recorded Future relies on Amazon AWS to serve its new threat intelligence service. Recorded Future was founded in 2009 with initial investors Google and In-Q-Tel, the investment arm of the US Central Intelligence Agency. In May 2019, the predictive analytics company was acquired by Insight Partners, a leading global capital and private equity firm. The purchase price was about $700 million. Recorded Future’s threat intelligence service is in the same product category as FireEye’s information service. Providing threat information in a browser provides easier access to this information. Stephen E Arnold, author of CyberOSINT: Next Generation Information Access, said: “The use of the Amazon AWS platform, not the competing Google service, is significant. Recorded Future joins BAE, Palantir Technology, and a handful of other firms leveraging the AWS infrastructure. Amazon is emerging as the plumbing for law enforcement and intelligence software.”
Other stories for the July 2, 2019, program are:
First, a Utah court decided that Tor, the software bundle required to access the Dark Web, was not liable for a death. The parents of a young person who overdosed on drugs ordered from a online contraband vendor via Tor sued the foundation involved with the anonymizing technology. Other cases have been filed against Tor. The deciding factor in this most recent decision and other cases is the US law which treats online platforms differently from traditional publishers. The court uncovered information that there are about 4,000 people in Utah who use Tor and presumably the Dark Web each day.
Second, a British newspaper published an informational article about online credit card fraud. DarkCyber interpreted the information in the report as a road map for a person who wanted to commit an online crime. The news story provided sufficient information about where to locate “how to” materials to guide an interested individual. Tips for locating sources of stolen credit card data were embedded “between the lines” in the report. The newspaper did omit one important fact. Organized crime syndicates are hiring individuals to commit credit card fraud and other financial crimes.
Finally, DarkCyber profiles a start up called DataWalk. This company provides a next-generation intelligence analysis and investigation platform. Competitors include IBM Analyst’s Notebook and Palantir Technologies Gotham / Titan products. DataWalk, however, has patented its technology which implements the firm’s method of delivering query results from disparate sources of structured an unstructured content. Plus the company can provide an analyst with content from third-party content products such as Thomson Reuters and the specialist publisher Whooster. The service also scales to accommodate data analysis, regardless of the volume of information available to the system. DataWalk’s analytic system operates in near-real time. DataWalk allows a user to perform sophisticated investigative and analytic procedures via a mouse-centric graphical interface. A user can click on an icon and the system automatically generates a “workflow ribbon.” The ribbon can be saved and reused or provided to another member of the investigative team. More information about this firm is available at www.datawalk.com .
Kenny Toth, July 2, 2019
DarkCyber Video News for June 25, 2019, Now Available
June 25, 2019
DarkCyber for June 25, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/343915592 .
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: Twitch.tv covers of the Hong Kong protests when YouTube did not; Cellebrite technology unlocks any mobile phone; Virsec’s Shadow Broker report; DarkCyber’s new coverage of intelware for government use; and French police shut down a contraband market with 7,000 customers.
This week’s feature is a report about Amazon Twitch.tv’ live coverage of the Hong Kong extradition protest. The free service streamed programs which provided continuous views of official announcements, confrontations between protestors and police, and stunning images of hundreds of thousands of Hong Kong residents protesting. One stream features nine panels of live video. Each panel provided live video of different protest locations. YouTube Live did not stream the event. Queries about the Hong Kong protest returned hits to archived video of protests. DarkCyber reports that Twitch.tv’s coverage of this important event marks a turning point for both Amazon and for Google.
Other stories covered in this week’s DarkCyber video news program are:
Cellebrite, a company specializing in services for law enforcement and intelligence agencies, announced an important technology achievement. The company can now unlock and access information on any Android or Apple iPhone. Cellebrite’s innovation provides access to iPhones running the most recent version of iOS. Plus, with the new technology, cyber labs will be able to unlock these devices on their premises.
With the surge in ransomware and the stepped up attacks on US cities’ networks, the Virsec white paper “How the Shadow Brokers have Permanently Changed the Cybersecurity Landscape” is a timely and important report. DarkCyber highlights the contents of this free document and explains how a person can obtain a copy of the report.
French police continued its crackdown on hidden Web sites selling contraband. In simultaneous raids in Bordeaux, Nice, and other cities, authorities arrested three individuals believed to be the operators of the ecommerce site. The French Deep Web Market sold drugs, weapons, and forged documents. The operation served more than 5,000 customers and relied on about 700 vendors. Police seized data, hardware, and software.
The final story reports that each weekly video will feature intelligence and investigative software. Systems profiled will make it possible for investigators and intelligence professionals to perform functions like geo-fencing via graphical interfaces, no programming by the user will be required. The story highlights a free bundle of policeware gathered by a former FBI professional. DarkCyber explains how to obtain more than 36 software tools without charge.
DarkCyber video news is a weekly program. It contains no advertising, and it is designed for law enforcement, security, and intelligence professionals interested in software, new developments, and investigative innovations. New programs become available on Tuesday of each week. Programs are available via YouTube and Vimeo.
Kenny Toth, June 25, 2019
Twitch Aces YouTube Again
June 21, 2019
I did a quick check of YouTube Live, the finder for live streams available on YouTube. You can locate this dashboard at this link. I scrolled through the results on YouTube at 0630 US Eastern time. I located this video link on the YouTube Live page:
YouTube Live has zero Hong Kong protest streams which are actually “live.” Queries run at 0630 am US Eastern time.
The “Police HQ Blocked” points to a “recent live stream.” That’s okay but the link appears on the YouTube Live page, and there is no live stream of the Hong Kong protest streaming live.
What? A live index pointing to an archived file.
Now contrast that with Twitch.tv, an Amazon property. I entered the query “Hong Kong protest” in the Twitch search box at this link: https://bit.ly/2sRPekp and got hits to actual live streams. Here’s a screen shot taken shortly after my visit to the YouTube Live page.
A Twitch live stream captured about 630 am US Eastern time.
The quality of the video is excellent. None of that low res stuff.
A couple of observations:
- YouTube Live is supposed to provide links to live content. Obviously YouTube does not have live video of the historic Hong Kong protests on June 21, 2019, US time zone, or YouTube chooses not to make these streams available
- Twitch.tv provides live streams of high quality from different Twitch content providers and the Twitch.tv search engine makes the content easy to find. This is a feat that mainstream US media sites cannot achieve.
- The cognitive disconnect of YouTube Live’s listing archived footage as “live” is baffling to me.
Net net: Amazon Twitch continues to provide interesting and often significant content of news value. YouTube looks increasingly arthritic when compared to the more agile Twitch service. Plus Twitch delivers high quality streams. To be fair, Amazon does display some annoying and repetitive advertisements. That’s a small price to pay for feet on the street information about activities in Hong Kong.
Twitch is focused and apparently on the steraming ball. Google is not in the game when it comes to Hong Kong’s protests.
If you were Hong Kong government authorities, which service would you use to track protest activities? Sure, the government’s camera network is a first choice, but right behind might be the Twitch.tv service. YouTube? Probably not.
Stephen E Arnold, June 21, 2019
DarkCyber for June 18, 2019, Now Available
June 18, 2019
DarkCyber for June 18, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/342544814.
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up covers: A next-generation content processing system funded by In-Q-Tel; Dark Web scans for personal information; a new spin on Crime as a Service tuned to steal financial data; Canada’s prisons get a drone detection systems; and the FBI Vault adds additional Clinton email data.
This week’s feature is a review of Forge.ai’s content processing system for law enforcement and intelligence applications. The system converts open source and other data into “structured intelligent event event feeds.” Unlike many commercial content processing and intelligence systems, Forge.ai is designed to handle data flows of virtually any size and perform processing in real time. The company recently received the support of In-Q-Tel, the CIA’s investment unit. Lt. General John Mulholland is accepted a position on Forge.ai’s board of advisers. General Mulholland was the deputy commander of Special Operations command and also served at the CIA.
Other stories in this week’s DarkCyber video news program are:
First, Dark Web scans to find personal information are advertised on television. DarkCyber looks at some of the methods used by vendors who offer free or low-cost scans of the Dark Web for PII or personal identification information. DarkCyber reports that many services do not deliver comprehensive results. There are specialized services available to law enforcement and intelligence professionals, but most of these are not available for public use.
Second, crime-as-a-service or CaaS continues to improve. Malware from two different sources have evolved into a symbiotic relationship. The Gazorp tool makes it easy to customize malware known as Azorult. Despite the odd names, the one-two punch facilitates the use of these tools by an individual or group of individuals without deep technical expertise. Gazorp is offered without charge, but the value of the software opens the door to monetization. Other bad actors are likely to build on the CaaS approach of Gazorp’s and Azorult’s developers and users.
Third, in this week’s drone news, DarkCyber reports that Version 2, a Canadian company, will deploy a drone detection system as six of Corrections Canada’s prisons. Drones have been sued to drop contraband into correctional facilities. Some drone have delivered drugs, mobile phones, and McChicken sandwiches to inmates. Donnacona, one of Canada’s most secure facilities, will be among the first group of institutions to receive the new technology in early 2020.
Finally, DarkCyber provides information so that a viewer can download more than 400 pages of information related to Hillary Clinton’s email. The collection of documents is available in the Federal Bureau of Investigation’s Vault service. Manual review of the documents is recommended. Some media reports have not presented a comprehensive picture of the information in this most recent release of information.
DarkCyber video news is a weekly program. It contains no advertising, and it is designed for law enforcement, security, and intelligence professionals interested in software, new developments, and investigative innovations. New programs become available on Tuesday of each week. Programs are available via YouTube and Vimeo.
Kenny Toth, June 17, 2019
-
- Subscribe to Beyond Search
Feature archive
News archive
-
