Amazon Twitch: Curation, Manipulation, or Exploitation Issues?

August 12, 2019

One of the DarkCyber research team plays games. The rest of the group try to ignore the revolution. Someone at Engadget is into games. We determined this by reading “Ninja Calls Out Twitch after His Dormant Channel Highlights Porn.” “Ninja” is an Internet star who plays games. Ninja had a channel or stream on Amazon Twitch. Ninja left Amazon Twitch for Microsoft’s game streaming service. (No, DarkCyber did not know MSFT was into online games, but obviously with a big star like Ninja, MSFT is more than the red ring of death game console.)

The story is a vector for Ninja’s allegations that Amazon Twitch did a bad game player thing. Ninja’s channel — no longer used by Ninja — became a promotional vehicle for other Twitch gamers. The horror apparently was Hollywood all the way. Plus Amazon Twitch’s quite interesting moderation system allowed Ninja’s dormant channel to be to be used by other Twitchers to stream porn. This is bad, it seems, because the Twitch users wanted to watch Ninja play games, not watch actual humanoid interactions.

The write up points out:

We’ve asked Twitch for comment. Whatever its response, this isn’t a great look for the service. It was no surprise that Ninja’s stream would scale back (Twitch partners aren’t allowed to stream on rival services), many only expected it to remain idle, not become a billboard for other broadcasters. It certainly underscores the significance of Ninja’s switch. His leap to Mixer represented a competitive blow, and Twitch clearly wasn’t happy about it. Update 8/11 5:55PM ET: That was fast — Twitch has already reverted Ninja’s old page to a regular offline screen, including chat (where people are roasting Twitch as we write this).

A couple of questions:

  • Does Amazon Twitch have a method to use unused channels to promote other Twitch streams? If so, what is it? Happenstance, a SageMaker function, or a rule book?
  • What will Amazon change to prevent porn from being displayed to the young people who follow popular gamers like Ninja?
  • Does Amazon monetize questionable content; for example, SweetSaltyPeach now banned and brought back as RachelKay and similar streamers who appeal to teen agers?

Amazon Twitch, in its own way, is behaving in a manner which might/could develop into a formal investigation by an appropriate US government entity.

Stephen E Arnold, August 12, 2019

 

Google Accused of Favoritism by an Outfit with Google Envy?

August 10, 2019

I read in the Jeff Bezos owned Washington Post this story: “YouTube’s Arbitrary Standards: Stars Keep Making Money Even after Breaking the Rules.” The subtitle is a less than subtle dig at what WaPo perceives as the soft, vulnerable underbelly of Googzilla:

Moderators describe a chaotic workplace where exceptions for lucrative influencers are the norm.

What is the story about? The word choice in the headlines make the message clear: Google is a corrupt, Wild West. The words in the headline and subhead I noted are:

arbitrary

money

breaking

chaotic

exceptions

lucrative

norm.

Is it necessary to work through the complete write up? I have the frame. This is “real news”, which may be as problematic as the high school management methods in operation at Google.

Let’s take a look at a couple of examples of “real news”:

Here’s the unfair angle:

With each crisis, YouTube has raced to update its guidelines for which types of content are allowed to benefit from its powerful advertising engine — depriving creators of those dollars if they break too many rules. That also penalizes YouTube, which splits the advertising revenue with its stars.

Nifty word choice: crisis, race, powerful, dollars, break, and the biggie “advertising revenue.”

That’s it. Advertising revenue. Google has. WaPo doesn’t. Perhaps, just perhaps, Amazon wants. Do you think?

Now the human deciders. Do they decide? WaPo reports the “real news” this way:

But unlike at rivals like Facebook and Twitter, many YouTube moderators aren’t able to delete content themselves. Instead, they are limited to recommending whether a piece of content is safe to run ads, flagging it to higher-ups who make the ultimate decision.

The words used are interesting:

unlike

Facebook

Twitter

aren’t

limited

recommending

higher ups

Okay, that’s enough for me. I have the message.

What if WaPo compared and contrasted YouTube with Twitch, an Amazon owned gaming platform. In my lectures at the TechnoSecurity & Digital Forensics Conference, I showed LE and intel professionals, Twitch’s:

online gambling

soft porn

encoded messages

pirated first run motion pictures

streaming US television programs

Twitch talent can be banned; for example, SweetSaltyPeach. But this star resurfaced with ads a few days later as RachelKay. Same art. Same approach which is designed to appeal the the Twitch audience. How do I know? Well, those pre roll ads and the prompt removal of the ban. Why put RachelKay back on the program? Maybe ad revenue?

My question is, “Why not dive into the toxic gaming culture and the failure of moderation on Twitch?” The focus on Google is interesting, but explaining that problems are particular to Google is interesting.

One thing is certain: The write up is so blatantly anti Google that it is funny.

Why not do a bit of research into the online streaming service of the WaPo’s owner?

Oh, right, that’s not “real news.”

What’s my point? Amazon is just as Googley as Google. Perhaps an editor at the WaPo should check out Twitch before attacking what is not much different than Amazon’s own video service.

Stephen E Arnold, August 10, 2019

DarkCyber for August 6, 2019, Now Available

August 6, 2019

DarkCyber for August 6, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/351872293. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

DarkCyber (August 6, 2019) explores reports about four high-profile leaks of confidential or secret information. Each “leak” has unique attributes, and some leaks may be nothing more than attempts to generate publicity, cause embarrassment to a firm, or a clever repurposing of publicly available but little known information. Lockheed Martin made available in a blog about automobiles data related to its innovative propulsion system. The fusion approach is better suited to military applications. The audience for the “leak” may be US government officials. The second leak explains that the breach of a Russian contractor providing technical services to the Russian government may be politically-motivated. The information could be part of an effort to criticize Vladimir Putin. The third example is the disclosure of “secret” Palantir Technologies’ documents. This information may create friction for the rumored Palantir INITIAL PUBLIC OFFERING. The final secret is the startling but unverified assertion that the NSO Group, an Israeli cyber security firm, can compromise the security of major cloud providers like Amazon and Apple, among others. The DarkCyber conclusion from this spate of “leak” stories is that the motivations for each leak are different. In short, leaking secrets may be political, personal, or just marketing.

Other stories in this week’s DarkCyber include:

A report about Kazakhstan stepped up surveillance activities. Monitoring of mobile devices in underway in the capital city. DarkCyber reports that the system may be deployed to other Kazakh cities. The approach appears to be influenced by China’s methods; namely, installing malware on mobile devices and manipulating Internet routing.

DarkCyber explains that F Secure offers a free service to individuals who want to know about their personal information. The Data Discovery Portal makes it possible for a person to plug in an email. The system will then display some of the personal information major online services have in their database about that person.

DarkCyber’s final story points out that online drug merchants are using old-school identity verification methods. With postal services intercepting a larger number of drug packages sent via the mail, physical hand offs of the contraband are necessary. The method used relies on the serial number on currency. When the recipient provides the number, the “drug mule” verifies that number on a printed bank note.

DarkCyber videos appears each week through the September 30, 2019. A new series of videos will begin on November 1, 2019. Programs are available on Vimeo.com and YouTube.com.

Kenny Toth, August 6, 2019

DarkCyber for July 30, 2019, Now Available

July 30, 2019

DarkCyber for July 30, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/350567599. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

DarkCyber (July 30, 2019) explores China’s aggressive method of dealing with encrypted messaging; Perceptics’ data breach and its consequences; a way to determine email links to other online services; and Palantir’s secret Gotham information exposed.

This week’s lead story concerns Palantir Technologies, a vendor of search and analytic tools for analysts. Founded in 2003, Palantir has draped a cloak of secrecy over one of its flagship products, now more than 16 years’ old. The information about the “secret” document appeared in Vice, an online information service. For those unfamiliar with investigative software, the revelations were of interest to some individuals. Vice’s public records request yielded a user manual written for police with access to the Palantir Gotham “intelware” system. The manual—described as secret and confidential—provides step-by-step instructions for performing certain investigative tasks; for example, how to obtain a profile of a person of interest, how to obtain information about a vehicle, and similar basic investigative questions.

Other stories in the July 23, 2019, program are:

First, China has introduced a very direct method of obtaining access to content on mobile phones and tablets. Citizens and allegedly some visitors have to install software from Xiamen Meiya Pico Information Company. The MFSocket software provides access to images, audio files, location data, call logs, messages, and the phone’s calendar and contacts, including those used in the messaging app Telegram. It is possible that the Meiya Pico organization has a cooperative relationship with the Chinese government. The company allegedly has 40 percent of the Chinese digital forensics market.

Second, a Web service named Deseat.me provides a useful service. Few people know what Web sites and Web services are linked to a person’s email address. Deseat.me makes locating this information easy. The service, at this time, is offered without charge. DarkCyber points out that many modern policeware systems offer a similar functionality for any email address. Deseat, along with a small number of similar services, makes the process of locating these linked sites and services easy and quick.

Finally, Perceptics, a company best known for its license plate identification system, suffered a security breach. Among the items of information compromised were US government data and a range of Perceptics’ proprietary data. The information allegedly included data related to recent border activities, a contentious issue in the United States. Perceptics may find that making sales to the US government more difficult. A loss of contracts would adversely impact the company’s revenue. A larger issue is that the security measures implemented by a company engaged in cyber services failed to deploy systems which guarded high-value data. The cost of a data breach can be high and create a public relations challenge for organizations more comfortable operating in a low-profile way.

DarkCyber videos appears each week through the September 30, 2019. A new series of videos will begin on November 1, 2019. Programs are available on Vimeo.com and YouTube.com.

Kenny Toth, July 30, 2019

YouTube: Keep on Clicking

July 25, 2019

YouTube wants you to watch videos. The more videos you watch, the more advertising space it can sell. In order to keep you engrossed, YouTube recommends videos that its algorithms think will appeal to you based on your viewing history. Sometimes the recommendations score, other times they sink faster than a flash in the pan viral video. Make Use Of explains how you can take control of your YouTube recommendations so they score every time: “YouTube Gives Viewers More Control Over Content.”

YouTube wants to give viewers more control over curating their video experience and they debuted brand new features to put viewers in “the driver’s seat.” YouTube wants to “help viewers find new interests and passions” and this comes from understanding what viewers like. In order for YouTube to know what to recommend, viewers need to tell YouTube so its content algorithms can do their magic. Here is how YouTube is “placing viewers in the driver’s seat” (although it’s really the illusion of control):

Explore Topics on the Homepage and Up Next: YouTube is making it easier to explore topics and related videos. You’ll see these topics both at the top of your homepage (when you scroll up) and on the Up Next section below the video you’re currently watching.

Stop Certain Channels Being Recommended: On the flipside, you can now tell YouTube to stop recommending videos from particular channels. Just tap the three-dot menu next to a video and select “Don’t recommend channel” from the dropdown menu.

Discover Why YouTube Is Recommending Videos: YouTube is also explaining why it’s recommending particular content. When YouTube recommends videos based on what other viewers have watched, you’ll see an information box underneath the video.”

The last feature about “discovering why YouTube recommends a video” is a real show of AI intelligence, unless the algorithm is similar to what Amazon Prime, Netflix, and Hulu use to make similar recommendations. It is neat at first, then becomes passé unless there is flashy cover art. These updates were made, because YouTube’s old algorithms sent viewers down endless rabbit holes. For example, if a viewer watches a single anti-vaccination video, suddenly all of their recommendations were about anti-vaccinations. The only way to wipe out the recommendation was to clear the viewing history or watch a bunch of videos on another topic.

YouTube wants to retain ands gain viewers. Giving its viewers more control and understanding what they like with smarter AI will keep the video platform relevant.

Whitney Grace, July 25, 2019

DarkCyber for July 23, 2019, Now Available

July 23, 2019

DarkCyber for July 23, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/349282829. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s DarkCyber reports about Australia’s use of its anti-encryption law; tools for video piracy, a profile of SearchLight Security’s Cerberus system, and where to get information needed to join a Dark Web forum.

This week’s lead story concern easily findable software to facilitate video piracy and streaming. A report in TorrentFreak presents information from an unnamed source. This individual allegedly has been involved in video piracy and streaming for an extended period of time. The individual provides specific information about some of the software needed to remove digital rights management protections from commercial, copyrighted video content. The DarkCyber research team was able to locate software designed for the same purpose. No Dark Web and Tor were required. More significantly, these programs can be located by anyone with access to a browser and a Web search engine like Bing, Google, or Yandex. DarkCyber’s research has revealed that industrialized crime is now playing a larger role in streaming stolen video content.

Other stories in the July 23, 2019, program are:

First, Australia’s anti encryption law is now being put to use. The new regulations were used in the warrant to obtain content from a journalist. Australia is a member of the Five Eyes confederation. Australia’s law requires companies to cooperate with law enforcement and provide access to encrypted and other secured information. Canada, New Zealand, the United Kingdom, and the United States are likely to have elected officials who will seek to implement similar laws. News organizations in Australia perceive such laws as a threat.

Second, DarkCyber profiles a company founded in 2017 focused on providing law enforcement and intelligence professionals with an investigative tool. The company indexes a range of content, including forums, Dark Web sites and services, and social media content. Plus the company has created an easy-to-use interface which allows an investigator or analyst to search for a person of interest, an entity, or an event. The system then generates outputs which are suitable for use in a legal matter. The company says that use of its system has grown rapidly, and that the Cerberus investigative system is one of the leaders in this software sector.

Finally, DarkCyber provides information about a new report from IntSights, a cyber-intelligence firm. The report includes information which helps an individual to gain access to “cracker” forums and discussion groups which examine topics such as credit card fraud, money laundering, contraband, and similar subjects. The video provides the information required to download this report.

DarkCyber videos appears each week through the September 30, 2019. A new series of videos will begin on November 1, 2019. Programs are available on Vimeo.com and YouTube.com.

A new series of DarkCyber begin in November 2019.

Kenny Toth, July 23, 2019

YouTube Videos with Zero Views

July 18, 2019

DarkCyber does a video news program. But DarkCyber does not watch videos. Some do. What about watching videos no one bothers to watch? Navigate to Astronaut.io. Just click and chill. Interesting content. So far, no DarkCyber researcher has spotted our programs. This service may be the future of search; that is, do nothing. Just watch.

Stephen E Arnold, July 18, 2019

DarkCyber for July 16, 2019, Now Available

July 16, 2019

This week’s program is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/348009146. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: An Australian teen with 20,000 LSD doses; a money laundering operation run within a Florida prison; a how to guide for credit card fraudsters; Facebook’s digital currency triggers domain name land rush; and Interpol smashes a global child sex crime operation.

This week’s lead story talks about Facebook’s digital currency. Regulators in the US have expressed some reservations about what could be considered a sovereign currency. Facebook’s effort to unify its messaging applications and integrate encryption into the service poses one additional hurdle for investigators. The proposed digital currency called Libra may enable seamless, friction free financial transactions within the encrypted Facebook system. Bad actors are likely to test the system to find ways to use Facebook for illegal activities. Messaging apps can provide access to digital content like pirated videos, child pornography, commercial software with its security compromised, and similar digital contraband.

Other stories in the July 16, 2019, program are:

First, an Australian teenager used the Dark Web to purchase LSD, a controlled substance. The Australian Joint Agency Strike Team monitored the teenager’s activity which included setting up a mail drop in the central business district of Adelaide. When police moved in, they seized 20,000 doses or “tabs” of LSD. The contraband had an estimated street value of US$200,000. The legal representative of the alleged drug dealer pointed out that the young man had good family support. The teen also had knowledge of the Dark Web, a mail drop, and the 20,000 LSD tabs.

Second, Terbium Labs issued a new report which provides information about credit card fraud. For security professionals, the report is a concise review of key factors. To an individual looking for a primer explaining credit card fraud or “carding” the Terbium report is an interesting resource. Terbium points out that lesson plans for would be credit card fraudsters are available on the Dark Web. Most of the instructional material and guides cost between $4 and $13. Similar information can be located using Regular Web search engines. DarkCyber reveals that Yandex.com offers both current credit card fraud instruction guides as well as direct links to explanatory videos. This type of information may pose a dilemma for public search engines. For an individual seeking information about how to perform financial fraud, the abundance of available information is remarkable for its scope and its ready availability.

Third, convicted criminals in Pasco Country, Florida, operated a money laundering scheme from their cells. The angle was to obtain stolen credit cards from a Dark Web marketplace and transfer money from the credit card to a prisoner’s personal commissary account. Many US prisons allow inmates to purchase snacks and approved items from this prison store. Once the money was in a prisoner’s account, the ringleader then submitted a request for the prison to transfer the money to the account of an individual who was not in prison. Investigators identified the prisoners involved in the scheme, arrested one person who acted as an accomplice, and identified seven other individuals involved the the operation. A total of $8,000 was stolen in 40 separate transactions.

Finally, DarkCyber reports that Interpol’s Blackwrist investigated a global child sex crime operation. Dozens of individuals were arrested. One pedophile has been sentenced to more than 100 years in a Thailand prison. Others snared in the sweep are allegedly individuals who have abused children, some as young as 15 months. Blackwrist continues its investigations and more arrests are expected.

Kenny Toth, July 16, 2019

DarkCyber for July 9, 2019, Now Available

July 9, 2019

DarkCyber for July 9, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: Amazon’s drone-centric surveillance technology; Mauritania loses Internet access; cyber criminals stumble at the US Post Office; the US develops THOR to kill drone swarms; and cyber crime for vertical markets grows.

This week’s lead story pivots on Amazon’s patent US 10,313,638 “Image Creation for Geo-Fence Data.” This invention makes it possible for an Amazon drone delivering packages or performing some other function like verifying that a driver dropped off an order to perform other functions. The specific example described in the patent is for Amazon to parse drone footage within a specific area and then extract data about a person or other entity. The idea is to geo-fence a front yard, a back door, or some other location and then extract the image and assign metadata to that extracted object. In short, deliveries plus surveillance. The invention makes us of the Amazon Web Services’ suite of services; for example, cross correlation of drone captured data with facial recognition, purchase history, and financial information.

Other stories in the July 9, 2019, program are:

First, Bromium and the Surrey Crime Research Lab in the UK have published information about a new trend in cyber crime. Instead of Dark Web bad actors just offering generic malware, SCRL reports that specialized software has become more widely available. The “vertical” malware is purpose built to attack retail, health care, and financial institutions. The technology needed to compromise an employee’s mobile device and corporate network access has been fine-tuned to deal with the security procedures in place for banking, finance, and credit card providers. Instead of relying on general purpose exploits, malware like Ramnit is bundled with tools able to penetrate hospitals and retail operations. Bromium provides a summary of some of the SCRL results, and DarkCyber provides information necessary to register to obtain this high value report.

Second, the US government, assisted by three commercial enterprises, has develop a system to kill or disable a swam of drones. The technology makes use of a directed beam which interferes with the electronics of a group of drones. The idea is that a swarm of drones can operated in an autonomous and semi-autonomous manner to compromise US security or perform in an offensive manner; for example, deliver poison, explosives, or surveillance devices. The THOR (Tactical High Power Microwave Responder) can be set up by two people in less than three hours. The beam defense is operated with a hand held controller. The technology can be mounted on a variety of platforms, included land based vehicles.

Third, two individuals based in the US shipped more than 25,000 packages containing controlled substances. The duo collected more than $8 million from the sale of narcotics and fake prescription drugs like Adderall. US investigators broke the case because the team used Stamps.com, an online service for postage. One of the bad actors signed up for the service using his real name and home address. Agents purchased four batches of narcotics and then raided the operation. In that raid, a commercial pill press was seized along with other evidence. When arraigned, the duo pleaded “Not guilty.”

Finally, Mauritania, a northwest African nation with a population of four million lost Internet access. An estimated 800,000 citizens had been unable to send email, use Facebook, and other online services. The government took this step in order to help quell political unrest in that country. Other countries in that region’s Internet shut down zone are Ethiopia and Sudan.

Kenny Toth, July 9, 2019

DarkCyber for July 2, 2019, Is Now Available

July 2, 2019

DarkCyber for July 2, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/345294527. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.

This week’s story line up includes: Tor survives another court battle related to a child who overdosed on Dark Web drugs; a newspaper unwittingly provides a road map for undertaking credit card fraud; a profile of DataWalk, a next-generation intelligence platform with a secret sauce; and Recorded Future’s threat intelligence service runs from Amazon’s platform.

This week’s lead story is the revelation that Recorded Future relies on Amazon AWS to serve its new threat intelligence service. Recorded Future was founded in 2009 with initial investors Google and In-Q-Tel, the investment arm of the US Central Intelligence Agency. In May 2019, the predictive analytics company was acquired by Insight Partners, a leading global capital and private equity firm. The purchase price was about $700 million. Recorded Future’s threat intelligence service is in the same product category as FireEye’s information service. Providing threat information in a browser provides easier access to this information. Stephen E Arnold, author of CyberOSINT: Next Generation Information Access, said: “The use of the Amazon AWS platform, not the competing Google service, is significant. Recorded Future joins BAE, Palantir Technology, and a handful of other firms leveraging the AWS infrastructure. Amazon is emerging as the plumbing for law enforcement and intelligence software.”

Other stories for the July 2, 2019, program are:

First, a Utah court decided that Tor, the software bundle required to access the Dark Web, was not liable for a death. The parents of a young person who overdosed on drugs ordered from a online contraband vendor via Tor sued the foundation involved with the anonymizing technology. Other cases have been filed against Tor. The deciding factor in this most recent decision and other cases is the US law which treats online platforms differently from traditional publishers. The court uncovered information that there are about 4,000 people in Utah who use Tor and presumably the Dark Web each day.

Second, a British newspaper published an informational article about online credit card fraud. DarkCyber interpreted the information in the report as a road map for a person who wanted to commit an online crime. The news story provided sufficient information about where to locate “how to” materials to guide an interested individual. Tips for locating sources of stolen credit card data were embedded “between the lines” in the report. The newspaper did omit one important fact. Organized crime syndicates are hiring individuals to commit credit card fraud and other financial crimes.

Finally, DarkCyber profiles a start up called DataWalk. This company provides a next-generation intelligence analysis and investigation platform. Competitors include IBM Analyst’s Notebook and Palantir Technologies Gotham / Titan products. DataWalk, however, has patented its technology which implements the firm’s method of delivering query results from disparate sources of structured an unstructured content. Plus the company can provide an analyst with content from third-party content products such as Thomson Reuters and the specialist publisher Whooster. The service also scales to accommodate data analysis, regardless of the volume of information available to the system. DataWalk’s analytic system operates in near-real time. DataWalk allows a user to perform sophisticated investigative and analytic procedures via a mouse-centric graphical interface. A user can click on an icon and the system automatically generates a “workflow ribbon.” The ribbon can be saved and reused or provided to another member of the investigative team. More information about this firm is available at www.datawalk.com .

Kenny Toth, July 2, 2019

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta