DarkCyber for June 18, 2019, Now Available
June 18, 2019
DarkCyber for June 18, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/342544814.
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up covers: A next-generation content processing system funded by In-Q-Tel; Dark Web scans for personal information; a new spin on Crime as a Service tuned to steal financial data; Canada’s prisons get a drone detection systems; and the FBI Vault adds additional Clinton email data.
This week’s feature is a review of Forge.ai’s content processing system for law enforcement and intelligence applications. The system converts open source and other data into “structured intelligent event event feeds.” Unlike many commercial content processing and intelligence systems, Forge.ai is designed to handle data flows of virtually any size and perform processing in real time. The company recently received the support of In-Q-Tel, the CIA’s investment unit. Lt. General John Mulholland is accepted a position on Forge.ai’s board of advisers. General Mulholland was the deputy commander of Special Operations command and also served at the CIA.
Other stories in this week’s DarkCyber video news program are:
First, Dark Web scans to find personal information are advertised on television. DarkCyber looks at some of the methods used by vendors who offer free or low-cost scans of the Dark Web for PII or personal identification information. DarkCyber reports that many services do not deliver comprehensive results. There are specialized services available to law enforcement and intelligence professionals, but most of these are not available for public use.
Second, crime-as-a-service or CaaS continues to improve. Malware from two different sources have evolved into a symbiotic relationship. The Gazorp tool makes it easy to customize malware known as Azorult. Despite the odd names, the one-two punch facilitates the use of these tools by an individual or group of individuals without deep technical expertise. Gazorp is offered without charge, but the value of the software opens the door to monetization. Other bad actors are likely to build on the CaaS approach of Gazorp’s and Azorult’s developers and users.
Third, in this week’s drone news, DarkCyber reports that Version 2, a Canadian company, will deploy a drone detection system as six of Corrections Canada’s prisons. Drones have been sued to drop contraband into correctional facilities. Some drone have delivered drugs, mobile phones, and McChicken sandwiches to inmates. Donnacona, one of Canada’s most secure facilities, will be among the first group of institutions to receive the new technology in early 2020.
Finally, DarkCyber provides information so that a viewer can download more than 400 pages of information related to Hillary Clinton’s email. The collection of documents is available in the Federal Bureau of Investigation’s Vault service. Manual review of the documents is recommended. Some media reports have not presented a comprehensive picture of the information in this most recent release of information.
DarkCyber video news is a weekly program. It contains no advertising, and it is designed for law enforcement, security, and intelligence professionals interested in software, new developments, and investigative innovations. New programs become available on Tuesday of each week. Programs are available via YouTube and Vimeo.
Kenny Toth, June 17, 2019
Amazon and YouTube: The Hong Kong Protests Mark the Day that Twitch.tv Made Clear the Limitations of YouTube
June 16, 2019
I heard there was a small protest underway in Hong Kong. The time is now 6 30 am US Eastern time. I navigated to YouTube, entered the query “Hong Kong protest”, and I saw links to videos from a day ago (today is June 16, 2019). I navigated to the YouTube “Live” page which provides a limited selection of streaming videos on YouTube. If you have not seen that somewhat incomplete index, navigate to https://www.youtube.com/live. No live stream of the Hong Kong protest.
If it’s not on YouTube, then it doesn’t exist, goes some old times’ catchphrase.
Well, not quite.
Navigate to Amazon’s Twitch.tv. Run a query for Hong Kong. Here’s what I saw before I clicked on the live stream of Unable to Breath.
Amazon Twitch.tv search result. The Unable to Breath stream is not one but an aggregate of eight separate feeds from Hong Kong.
Front and center was a link to Unable to Breath, which presents this streaming image:
This is a screen shot of a single screen which is eight different feeds showing different views of the handful of people who are participating in the event. Note: Handful means more than one million.
Notice that three are eight live streams of this modest protest. This is one live stream with eight separate views of the modest demonstration in Hong Kong. Eight in one stream! No registration required. No in stream pop up ads. Just high value intelligence in pretty good streaming video quality.
DarkCyber for June 11, 2019, Now Available
June 11, 2019
DarkCyber for June 11, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/341177540.
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: News about Leidos’ new cyber intelligence system; the risks and vulnerabilities of autonomous smart weapons; and the overlooked factors in the Baltimore ransomware attack.
This week’s feature is a discussion of three facets of the Baltimore ransomware problem. The city was unable to deliver some services and conduct routine business due to malware. With the computers down, Baltimore officials struggled to get its computers back online. Most of the reports ignored three facets of this problem which are as important as the vulnerability of the city. DarkCyber points out that sensitive software must be better protected. Multiple security lapses within US government agency have occurred. The loss of the personnel data from the Office of Personnel Management, the Edward Snowden data theft, and the TSB activity, among other are inexcusable. There is plenty of talk about cyber security, but that talk has not prevented data loss. That’s a problem which endangers lives, national security, and the integrity of Federal institutions. Action is necessary.
Second, cyber security firms offering a mind boggling array of threat intelligence, defensive shields, and specialized procedures are not enough. Perhaps Baltimore could not afford products sold by companies located within the city limits or a short drive down the Baltimore–Washington Parkway. The vendors of cyber security systems have to do a better job. Now. The breezy PowerPoints and the slick demos are obviously falling short.
Finally, the Microsoft Corporation is the vector of an attack which has been available to bad actors for more than two years has dropped the ball. The company’s software has no significant defense, and that too is inexcusable. Microsoft has either been unable or unwilling to address the security flaws which EternalBlue exploits. Should a company receive the Department of Defense JEDI contract worth about $10 billion when its software is vulnerable and being exploited? Microsoft must be held accountable. More than a Congressional hearing is needed. Much more.
Stephen E Arnold, producer of DarkCyber and author of “The Dark Web Notebook,” said in his lecture on June 4, 2019, at the TechnoSecurity & Digital Forensics Conference: “The stakes continue to rise. Cyber professionals have to become more aggressive in their efforts to prevent bad actors from mounting successful attacks.”
Other stories covered in the June 4, 2019, DarkCyber video include:
Leidos (formerly SAIC) has announced developed a new intelligence analysis system known as “Advanced Analytics and Machine Learning Microservices Platform”. The system has been developed to solve one major problem facing analysts; specifically, data that can be useful has been stored on a variety of stovepiped software systems, or in different digital mediums. A manual investigation is impractical due to the different data formats and the volume of historical and real time data. The new system Artificial intelligence and machine learning uses artificial intelligence and machine learning to sort through data and pinpoint the content relevant to their operation.
The final story identifies new research which pinpoints what experts call “normal accidents” in smart, autonomous weapons systems. The problem was identified decades ago when complex processes interact and tiny probabilities trigger a chain of failure.
DarkCyber appears each Tuesday and is available on YouTube, Vimeo, and directly from the DarkCyber news service.
Kenny Toth, June 11, 2019
DarkCyber for June 4, 2019, Now Available
June 4, 2019
DarkCyber for June 4, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/339717881 .
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: A look at SafeSkyHacks; cyber crime data from the Global Drug Survey; bad actors shift to closed chat service; the real threat of GozNym malware; LookingGlass and GoldmanSachs announce cyber intelligence deal.,
This week’s feature is a look at the broader implications of the GozNym malware. This series of attacks netted the bad actors more than $100 million from 41,000 businesses and financial institutions. The malware was a combination of code, operating by deploying numerous exploits. As damaging as GozNym was, it signals a phase change in how modern digital attacks operate. DarkCyber identifies three key characteristics of GozNym. First, it was a multi-national force. Second, the hackers met and communicated via social media and chat. Third, the hackers operated like Amazon the AWS cloud, offering Crime as a Service. Attackers needed little or no technical expertise.
Stephen E Arnold, producer of DarkCyber and author of “The Dark Web Notebook,” said in his lecture on June 4, 2019, at the TechnoSecurity & Digital Forensics Conference: “The law enforcement crackdown on the Dark Web has been effective. The unanticipated consequence has been a shift to decentralized operations delivering Crime as a Service.” Point-and-click is now point-and-attack.”
Other stories covered in the June 4, 2019, DarkCyber video include:
First, a review of the software and services available on a hacker forum available to anyone with a standard browser. SafeSkyHacks provides free information about hacking, stolen data sets, and information about exploits. A members-only section of the Web site makes it possible to locate hackers with specific skills, services, software, and data. The DarkCyber video segment takes a close look at the profile posted by one of SafeSkyHack’s’ members. Hackers offer a number of services which may cross the boundary between general information and illegal activity.
Second, the Global drug survey for 2019 contains a wealth of information about the illegal use of narcotics available from the Dark Web and other sources. DarkCyber extracts items which reveal the countries which are now experiencing sharp increases in the use of controlled substances. The United States, for example, is at the top of the list of countries for opioid abuse. Another significant finding in the 2019 report links drug abuse with sexual assault. Assaults often happen when other people are nearby and reports of these attacks are rarely, if ever, reported to the police.
Third, DarkCyber reports about Stephen E Arnold’s remarks about the technology being adopted by bad actors. With information about distributed system widely available and the willingness of criminal elements to pay as much as $1 million for technical talent, law enforcement faces a new challenge. Services like illegal online gambling and video streaming services are becoming difficult to stop. When authorities seize one server, the bad actors deploy a replacement system at a different hosting location with a different Internet address. The new location for the illegal service is disseminated via closed chat and online forums. Often the access information is available on public content hosting sites like Pastebin.com. In some countries, the technical resources needed to disable an illegal online service structured like Netflix is a new challenge.
The final story is a report about the transfer of GoldmanSachs’ Sentinel cyber security software to LookingGlass, a cyber intelligence firm. Terms of the deal were not disclosed. LookingGlass is likely to integrate the Sentinel system into the LookingGlass services for financial institutions. Sentinel was recognized for excellence by the US Department of Homeland Security.
Kenny Toth, June 4, 2019
Amazon Twitch Shakes Its Digital Fist Which Hits the Bits
May 29, 2019
In my talk on June 4, 2019, I have a couple of comments to make about illegal streaming services. One of my examples of outright copyright violation is Twitch. The DarkCyber team has been tracking popular music streamed during “game related chats” like pole dancing and body stretching exercise sessions. Individuals who play US television shows dubbed in Russian are waving their Fortnite weapons at US television producers. We also have examples of a Russia Today affiliate streaming the more visual incidents associated with yellow jacket protects. There are other examples of how the game streaming system is being manipulated. No Dark Web needed.
Amazon Twitch tries to curtail these activities. Some of them are just futile. There is a streamer from Florida who happily drives and live streams. The “star” often moves the camera around. Distracted driving? No just another example of what gamers can access without doing much more than clicking a link and popping a word or phrase into the Twitch search system.
Now the “real” media has discovered what the young at heart have known for quite a while: Amazon Twitch, like Facebook and YouTube live video, is a bit of a challenge. “Twitch Is Temporarily Suspending New Creators from Streaming after Troll Attack” documents one facet of the “live streaming” problem. From banning BadBunny (a star whom one pays to insult her followers) to SweetSaltyPeach (a star known for wearing interesting clothing and assembling toys), Amazon Twitch needs a rethink. DarkCyber is not sure cursing, soft porn, and stolen content are what some individuals think the service should be delivering. But there’s always the chance that DarkCyber cannot divine the master plan of the Bezos bulldozer.
The write up points out:
Twitch’s statement acknowledged that they “became aware of a number of accounts targeting the Artifact game directory” over the weekend. Twitch’s team also recognized trolls were using the category “to share content that grossly violates our terms of service.” The majority of the accounts that “shared and viewed content were automated.”
Now about Amazon’s Sagemaker system. Is it able to deal with Amazon Twitch? Humans to the bulldozer controls. On the double.
Stephen E Arnold, May 29, 2019
DarkCyber for May 28, 2019, Now Available
May 28, 2019
DarkCyber for May 28, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/338518927. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: The Offensive Community hacking Web site; malware requires no user action to seize mobile phone data; Dutch police deal with prisoner monitoring failure; a snapshot of Cobwebs Technologies’ investigative software; and China’s Great Firewall burns Wikipedia.
This week’s feature provides information about hackers for hire on the regular Internet, no Dark Web surfing required. The Offensive Community Web sites offers a classified advertising service. Hackers can post their capabilities in order to attract customers. The information on the site references a range of exploits which can be used for positive as well as illegal activities. Forums provide information and sources for botnets, keyloggers, remote access controls, specialized scripts, and related functions.
Other stories covered in the May 21, 2019, DarkCyber video include:
First, malware, allegedly developed by a specialist vendor supporting government customers, can compromise a mobile phone. What makes this alleged exploit notable is that the standard way of placing malware on a user’s device is to require that the user click a link or take some other action. That action allows the attacker to place the exploit on the user’s phone. The new approach requires only that the target has Facebook’s WhatsApp installed. The attacker places an in app voice call to the target. The exploit automatically uses a programming error in WhatsApp to compromise the target’s phone. The method was allegedly used to track the journalist Jamal Khashoggi. The fact that this method is no longer secret provides sufficient information to ensure that other bad actors will seek to emulate this technique.
Second, a botched software update in the Netherlands disabled prisoner ankle bracelets. These devices are used to monitor prisoners under house confinement. When these devices go offline, the monitored individual can flee the country or return to his or her pre-arrest activities. The Dutch police experienced a similar outage in 2018 when the mobile phone system used to transmit data went down. The modern ankle bracelet includes the tracking technology, but can also include two-way communications, alcohol level monitoring, and anti-removal technology. There are videos allegedly showing how one removes these devices, but tampering with the devices typically leads to additional charges.
Third, DarkCyber provides a profile of the basic functions available in the investigative software developed by Cobwebs Technologies. This is an Israeli startup which allows a user to extract actionable information from open source content. The tools available include a search and retrieval system and analytics. Data can be displayed in a visual format, including maps. DarkCyber’s overview includes examples of the interface and analytic reports.
Finally, China’s Great Firewall has blocked Wikipedia, the online encyclopedia. The online information service publishes content in numerous languages, and China has blocked every version of the digital encyclopedia. China’s approach to information control is part of a larger effort to maintain order and ensure government control of citizen activity. The process is called “Chinafication,” and the censorship method is influencing other governments’ approach to ensuring civil order.
DarkCyber appears each Tuesday and is available on YouTube, Vimeo, and directly from the DarkCyber news service.
Kenny Toth, May 28, 2019
DarkCyber for May 21, 2019, Now Available
May 21, 2019
DarkCyber for May 21, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/337093968.
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: A new version of Tor; digital bits trigger bombs; highlights from the FBI’s 2018 Cyber Crime Report; more details about the Wall Street Market take down; DeepDotWeb seized; Telegram used to sell weapons; and the size of the Dark Web.
This week’s feature provides more details about the take down of the Dark Web contraband ecommerce site, Wall Street Market. DarkCyber reports that the operation involved law enforcement from several countries, including Germany and the US. One moderator of the site initiated a blackmail scheme as law enforcement prepared to seize the site’s servers and arrest its owners. As part of the takedown, providers of drugs were arrested in the US. The take down revealed millions in cash and digital currency accounts worth more than $14 million. Investigators also seized data and other information, including customer details.
Other stories covered in the May 21, 2019, DarkCyber video include:
First, information about the new release of the Tor software bundle. Firefox is used as the base for the Tor browser. Technical issues with Firefox required some scrambling to address technical issues. The new release is available on the Tor.org Web site. DarkCyber points out that in some countries, downloading Tor is interpreted as an indicator of possible ill intent.
Second, a cyber attack on Israel prompted a kinetic response. The incident marks the first time Israel has responded to an act it regarded as information warfare with a missile strike on the alleged perpetrators’ headquarters. DarkCyber points out that the US may have used force in response to an adversary’s leaking classified and sensitive information on a public Web site. The use of traditional weapons in response to a digital attack is a behavior to monitor.
Third, DarkCyber selects several highlights from the FBI’s report about cyber crime in 2018. Among the key points identified is the data about the most common types of online crime. Most attacks make use of email and use social engineering to obtain personal financial information or user name and password data. The FBI report verifies data from other sources about the risks associated with email, specifically enticing an email recipient into downloading a document with malware or clicking on a link that leads to a spoofed page; for example, a PayPal page operated by the attacker, not the legitimate company. DarkCyber provides information about how to obtain this government report.
Fourth, an international team of law enforcement professionals seized the Sheepdog, an online information service. This site was accessible using a standard browser, no Tor or i2p software was required. The site referred its visitors to Dark Web sites selling drugs and other contraband. The seizure is an indication that Europol, FBI, and other law enforcement agencies are expanding their activities to curtail illegal eCommerce.
Fifth, DarkCyber explains that a story about bad actors using Telegram, an encrypted messaging app, to sell weapons should be viewed with caution. The story originated with a report from MEMRI, the Middle East Media Research Institute. The organization was founded by a former Israeli intelligence offer and has been identified as an organization generating content which may have characteristics of disinformation. DarkCyber provides a link to the MEMRI organization to make it easy for viewers to follow its information stream.
The final story reports that another vendor has sized the scope of the Dark Web. The most recent size estimate comes from Recorded Future. The company reports that it was able to identify 55,000 Dark Web domains. Of that number, only about 8,400 are online. DarkCyber notes that of the active site, a relatively few sites dominate illegal eCommerce, sharing of sensitive information, and other questionable services.
DarkCyber appears each Tuesday and is available on YouTube, Vimeo, and directly from the DarkCyber news service.
Kenny Toth, May 21, 2019
DarkCyber for May 14, Now Available
May 15, 2019
DarkCyber for May 14, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/335676549
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: Free penetration software; how emojis puzzle police and parents; a major Dark Web drug market take down; two chilling cyber threat reports; how to learn what is censored online; and a drug dealer’s surprising security system.
This week’s feature examines the use of emojis (graphic cartoons) to communicate secret messages. With the shift to mobile devices for communicating via text messages, colorful icons are used instead of words. A smiley face signals happiness. A thumbs up conveys agreement. But what does a snowflake mean? What does a filling station pump nozzle convey. For those with inside knowledge, both emojis relate to drugs; for example, the snowflake is a visual signal for cocaine. When bad actors or children want to conceal information, emojis are easily available and often not understood by law enforcement, attorneys, or individuals more accustomed to text. DarkCyber provides information about how to get up-to-date information about these ubiquitous icons. Stephen E Arnold, producer of DarkCyber and author of “The Dark Web Notebook,” said: “Individuals with a desire to hide information can use emojis to create encoded messages. These are often meaningless or nonsense to someone unfamiliar with the hidden meanings assigned to colorful icons. Most text processing systems do not handle these types of ideographs in an effective manner. Emojis pose a new challenge to those involved in investigations or trying to figure out what their teenagers are planning for the weekend.”
The May 14, 2019, program also reports on:
First, FireEye, a cyber security firm, has compiled a collection of more than 120 penetration testing software tools. “Pentest” programs make it possible for investigators to perform certain types of actions in order to obtain access to otherwise secure information. The software is also used to verify the security of an organization’s computing infrastructure. DarkCyber explains how to obtain this collection of high-value software for free.
Second, a major Dark Web drug market was taken down by German police. The system sold a wide range of narcotics and allegedly served more than one million customers. Details about the operation are sparse. The operators of the site posted a notice that the site was down for maintenance. Less than 72 hours after the notice appeared, law enforcement seized the site. Online discussion forums suggested that the owners of the site planned an exit scam in order to steal customers’ money.
Third, two new and somewhat chilling reports about cyber crime have been published. One report originates in England, authored by Darktrace. The other report was written by experts at Neustar Security in Sterling, Virginia. Both reports make clear that online cyber operations are depending on email messages. The use of mass emails and targeted messages are slipping through individual and organizational security mechanisms. In short, email is now a go-to vector for a cyber attack. DarkCyber reveals how to obtain both reports without charge.
Fourth, censorship is increasing, How does an individual keep track of what is online and what is being blocked by different countries. DarkCyber reports that the Web site Netblocks.org provides a convenient way to track current developments in online censorship.
The final story in this week’s DarkCyber provides detail about one drug dealer’s security system. The criminal used a parrot to alert those in the compound when police approached. DarkCyber explains that selecting a parrot may not have been the optimal choice for high-reliability alerts.
Kenny Toth, May 15, 2019
DarkCyber Video News for May 7, 2019, Now Available
May 7, 2019
DarkCyber for May 7, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/334253067.
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: The use of Telegram for ecommerce; phishing with fake email undergoes a renaissance; Cisco Talos explains a serious attack on foundation servers; a review of weapons for sale on the Dark Web; and a look at advanced autonomous drone technology.
This week’s feature examines a new study about the sale of weapons on the Dark Web. The report explains that handguns are long rifles are for sale on some Dark Web sites. The majority of these weapons are handguns. Only a small percentage of the weapons are automatic rifles. The research comes from three academics involved in criminal justice. The data from the Dark Web were collection in 2016. Because information about the type of weapons offered for sale is limited, the report helps fill this data gap. DarkCyber points out that the Dark Web has undergone some significant changes in the last two years. As a result, the study provides information, but some of it may be outdated.
The May 7, 2019, program also reports on:
First, how Telegram, an encrypted messaging application, can be used to promote and sell certain types of contraband products, services, and data. Messaging technology may be “old school” but Telegram’s features create challenges for enforcement agencies.
Second, phishing and spear phishing are methods for stealing users’ credentials with a long history. Now these techniques are gaining more momentum. DarkCyber reports about a “smart” application which can automate phishing and spear phishing attacks. Unlike commercial specialist tools, the Dark Web phishing kit costs a few hundred dollars, and it features a “fill in the blanks” approach to these malicious attacks.
Third, Cisco’s cyber security unit Talos has published a detailed report about a denial of service attack on core Internet systems. There are 13 foundation or core servers which facilitate domain name services. One of these has been the focus of a digital assault by a bad actor, possible supported by a nation state. The denial of service method relies on a series of nested malware programs. The attack makes use of misdirection and several different methods designed to compromise a foundation server. If such an attack is successful, other types of malicious activity is simplified for the bad actors.
Finally, DarkCyber responds to a viewer’s request for an update on advanced autonomous drone technology. DarkCyber provides a look into the future of US drone capabilities.
Kenny Toth, May 7, 2019
Animatronics: The Impact of Digital
May 6, 2019
DarkCyber noted these statements from “Gold Coast Animatronic Marvels Up for Auction, Rendered Redundant by CGI.” The found of Creature Workshop, John Cox, made these observations:
- CGI had reached the point of photo realism.
- Today with some of the effects we are seeing it is very hard to tell what is real and what is computer-generated
- 3D animation and visual effects are now able to create realistic characters, realistic environments, realistic vehicles all created within the computer.
There was one statement which suggests that human actors may be replaced as well.
We are even seeing in some of the big movies now they are de-aging actors, or totally replacing them with a CGI character, so you have to wonder where it will end.
It is a short step from de-aging to replacing. Now about the accuracy of videos. What’s real and what’s fake? Good questions, particularly if asked by a legal eagle when video footage is evidence assumed to be “real” and there are gaps between an event and “finding” relevant video data.
Stephen E Arnold, May 5, 2019