CyberOSINT banner

The Force of the Dark Web May Not Need Sides

April 14, 2016

The name “Dark Web” has sensational language written all over it. Such a label calls for myth-busting articles to be published, such as the recent one from Infosecurity Magazine, The Dark Web — Is It All Bad?. This piece highlights the opinions of James Chappell, CTO and Co-founder of Digital Shadows, who argues the way the Dark Web is portrayed in the media pigeonholes sites accessible by Tor as for criminal purposes. Chappell is quoted,

“Looking at some of the press coverage you could be forgiven for thinking that the Dark Web is solely about criminality,” he told Infosecurity. “In reality, this is not the case and there are many legitimate uses alongside the criminal content that can be found on these services. Significantly – criminality is an internet-wide problem, rather than exclusively a problem limited to just the technologies that are labelled with the Dark Web.”

The author’s allusion to Star Wars’ divided force, between supposed “good” and “bad” seems an appropriate analogy to the two sides of the internet. However, with a slightly more nuanced perspective, could it not be argued that Jedi practices, like those of the Sith, are also questionable? Binaries may be our preferred cultural tropes, as well as the building blocks of computer software programming, but let’s not forget the elements of variability: humans and time.

 

Megan Feil, April 14, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Cybercriminal Talent Recruitment Moves Swiftly on the Dark Web

April 8, 2016

No matter the industry, it’s tough to recruit and keep talent. As the Skills shortage hits hackers published by Infosecurity Magazine reports, cybercriminals are no exception. Research conducted by Digital Shadows shows an application process exists not entirely dissimilar from that of tradition careers. The jobs include malware writers, exploit developers, and botnet operators. The article explains how Dark Web talent is recruited,

“This includes job ads on forums or boards, and weeding out people with no legitimate technical skills. The research found that the recruitment process often requires strong due diligence to ensure that the proper candidates come through the process. Speaking to Infosecurity, Digital

Shadows’ Vice President of Strategy Rick Holland said that in the untrusted environment of the attacker, reputation is as significant as in the online world and if someone does a bad job, then script kiddies and those who have inflated their abilities will be called out.”

One key difference cited is the hiring timeline; the Dark Web moves quickly. As you might imagine, apparently only a short window of opportunity to cash in stolen credit cards. The sense of urgency related to many Dark Web activities suggests speedier cybersecurity solutions are on the scene. As cybercrime-as-a-service expands, criminals’ efforts and attacks will only be swifter.

 

Megan Feil, April 8, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Forget World Population, Domain Population Is Overcrowded

April 5, 2016

Back in the 1990s, if you had a Web site without a bunch of gobbidly-gook after the .com, you were considered tech savvy and very cool.  There were plenty of domain names available in those days and as the Internet became more of a tool than a novelty, demand for names rose. It is not as easy anymore to get the desired Web address, says Phys.org in the article, “Overcrowded Internet Domain Space Is Stifling Demand, Suggesting A Future ‘Not-Com’ Boom.”

Domain names are being snapped up fast, so quickly, in fact, that Web development is being stunted.  As much as 25% of domains are being withheld, equaling 73 million as of summer 2015 with the inability to register domain names that would drive Internet traffic.

“However, as the Internet Corporation for Assigned Names and Numbers (ICANN) has begun to roll out the option to issue brand new top-level domains for almost any word, whether it’s dot-hotel, dot-books or dot-sex – dubbed the ‘not-coms’ – the research suggests there is substantial untapped demand that could fuel additional growth in the domain registrations.”

One of the factors that determine prime Internet real estate is a simple, catchy Web address.  With new domains opening up beyond the traditional .org, .com, .net, .gov endings, an entire new market is also open for entrepreneurs to profit from.  People are already buying not-com’s for cheap with the intention to resale them for a pretty penny.  It bears to mention, however, that once all of the hot not-com’s are gone, we will be in the same predicament as we are now.  How long will that take?

 

Whitney Grace, April 5, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Secure Email on the Dark Web

April 1, 2016

Venturing safely onto the Dark Web can require some planning. To that end, FreedomHacker shares a “List of Secure Dark Web Email Providers in 2016.” The danger with Tor-accessible email providers, explains reporter Brandon Stosh, lies in shady third parties. He writes:

“It’s not that finding secure communications on Tor is a struggle, but it’s hard to find private lines not run by a rogue entity. Below we have organized a list of secure dark web email providers. Please remember that no email provider should ever be deemed secure, meaning always use encryption and keep your opsec to its highest level….

“Below we have listed emails that are not only secure but utilize no type of third-party services, including any type of hidden Google scripts, fonts or trackers. In the list below we have gone ahead and pasted the full .onion domain for verification and added a link to any services who also offer a clearweb portal. However, all communications sent through clearweb domains should be presumed insecure unless properly encrypted, then still it’s questionable.”

The list of providers includes 10 entries, and Stosh supplies a description of each of the top five: Sigaint, Rugged Inbox, Torbox, Bitmessage, and Mail2Tor; see the article for these details, and to view the other five contenders. Stosh wraps up by emphasizing how important email security is, considering all the sensitive stuff most of us have in our inboxes. Good point.

 

Cynthia Murrell, April 1, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

For Sale: Your Bank Information

March 21, 2016

One of the common commodities for sale on the Dark Web is bank, credit card, social security numbers, and other personal information.  This information can sell for a few bucks to hundreds of dollars depending on the quality and quantity of the information.   In order to buy personal information, usually the interested parties must journey to the Dark Web, but the International Business Times tells us that “Confidential Bank Details Available For Sale On Easily Found Web Site”  is for sale on the general Web and the information is being sold for as little as a couple pounds (or dollars for the US folks).  The Web site had a pretty simple set up, interested parties register, and then they have access to the stolen information for sale.

Keith Vaz, chairman of the home affairs select committee, wants the National Crime Agency (NCA) to use its power and fulfill its purpose to shut the Web site down.

“A statement from the NCA said: “We do not routinely confirm or deny investigations nor comment on individual sites. The NCA, alongside UK and international law enforcement partners and the private sector, are working to identify and as appropriate disrupt websites selling compromised card data. We will work closely with partners of the newly established Home Office Joint Fraud Task Force to strengthen the response.”

Online scams are getting worse and more powerful in stealing people’s information.  Overall, British citizens lost a total of 670 million pounds (or $972 million).  The government, however, believes the total losses are more in the range of 27 billion pounds (or $39.17 billion).

Scams are getting worse, because the criminals behind them are getting smarter and know how to get around security defenses.  Users need to wise up and learn about the Dark Web, take better steps to protect their information, and educate themselves on how to recognize scams.

 

Whitney Grace, March 21, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

DtSearch in the Cloud

January 18, 2016

Enterprise- and developer-search firm dtSearch now offers a platform for the cloud. PR.com informs us, “New .NET Solution Uses dtSearch with Microsoft Azure Files and RemoteApp.”  The solution allows users to run the dtSearch engine entirely online with Microsoft Azure, ensuring their security with Microsoft’s RemoteApp. The press release elaborates:

“The solution enables cloud operation of all dtSearch components, leveraging Microsoft’s new Azure Files feature for dtSearch index storage. Searching (including all 25+ dtSearch search options) runs via Microsoft’s RemoteApp. Using RemoteApp gives the search component the ‘look and feel’ of a native application running under Windows, Android, iOS or OS/X. Developers using dtSearch’s core developer product, the dtSearch Engine, can find the solution on CodeProject, including complete Visual Studio 2015 .NET sample code.”

See the thorough write-up for many details about the product, including supported formats, search and classification options, and their terabyte indexer. We note, for example, the capacities for concurrent, multithreaded search and for federated searches with their dtSearch Spider.

Founded in 1991, dtSearch supplies search software to firms in several fields and to numerous government agencies around the world. The company also makes its products available for incorporation into other commercial applications. dtSearch has distributors worldwide, and is headquartered in Bethesda, Maryland.

 

Cynthia Murrell, January 18, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Score One for Yandex

December 21, 2015

Russian search powerhouse Yandex has successfully sued Google, we learn from re/code’s article, “Meet the Russian Company that Got Its Antitrust Watchdog to Bite Google.” Reporter Mark Bergen interviewed Yandex’s Roman Krupenin, who has led this legal campaign. In his intro, Bergen relates:

“In October, Russia’s antitrust authority ruled that Google’s practice of bundling its services on Android handsets violated national law. The case’s lead complainant was Yandex, an 18-year old Web search and advertising company. It’s not a global name, but is big in Russia. Last quarter, Yandex raked in $233.1 million in revenue. (For context, Google averaged about $179 million in sales a day over the same period.) Most Russians use Yandex for Internet searches — an estimated 57 percent in the last quarter, though that share has slipped in recent years. The culprit? According to Yandex, it’s the favored position of Google’s apps, including its search one and its browser, on Android smartphones, which outnumber iPhones in Russia considerably. To fight it off, Yandex has pushed to cut handset agreements of its own: It finalized one with Lenovo last year, and paired with Microsoft last month to make Yandex’s homepage and search results the Russian default for Windows 10.”

Furthermore, we’re reminded, Yandex is also taking part in the EU’s latest antitrust investigation. Naturally, Google is appealing the decision. See the article for text of the interview, where Krupenin discusses the focus on Android over Search, the unique factors that made for victory over the notoriously slippery company, and the call for an end to Google’s service-bundling practices.

 

Cynthia Murrell, December 21, 2015

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

New Patent for a Google PageRank Methodology

December 18, 2015

Google recently acquired a patent for a different approach to page ranking, we learn from “Recalculating PageRank” at SEO by the Sea. Though the patent was just granted, the application was submitted back in 2006. Writer Bill Slawski informs us:

“Under this new patent, Google adds a diversified set of trusted pages to act as seed sites. When calculating rankings for pages. Google would calculate a distance from the seed pages to the pages being ranked. A use of a trusted set of seed sites may sound a little like the TrustRank approach developed by Stanford and Yahoo a few years ago as described in Combating Web Spam with TrustRank (pdf). I don’t know what role, if any, the Yahoo paper had on the development of the approach in this patent application, but there seems to be some similarities. The new patent is: Producing a ranking for pages using distances in a Web-link graph.”

The theory behind trusted pages is that “good pages seldom point to bad ones.” The patent’s inventor, Nissan Hajaj, has been a Google senior engineer since 2004. See the write-up for the text of the patent, or navigate straight to the U.S. Patent and Trademark Office’s entry on the subject.

 

Cynthia Murrell, December 18, 2015

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Hack a Scholarly Journal

December 7, 2015

Scholarly journals and other academic research are usually locked down under a copyright firewall that requires an expensive subscription to access.  Most of the people who want this content are researchers, writers, scientists, students, and other academics.  Most people who steal content usually steal movies, software, books, and material related to pop culture or expensive to buy elsewhere.   Scholarly journals fall into the latter category, but Science Mag shares a new trend for hackers, “Feature: How To Hijack A Journal.”

Journal hacking is not new, but it gaining traction due to the multimillion-dollar academic publishing industry.  Many academic writers pay to publish their papers in a journal and  the fees range in hundreds of dollars.  What happens is something called Web site spoofing, where hackers buy a closely related domain or even hack the actual journal’s domain a create a convincing Web site.  The article describes several examples where well-known journals were hijacked, including one he did himself.

How can you check to see if an online journal is the real deal?

“First, check the domain registration data online by performing a WHOIS query. (It’s not an acronym, but rather a computer protocol to look up “who is” behind a particular domain.) If the registration date is recent but the journal has been around for years, that’s the first clue. Also suspicious is if the domain’s country of registration is different from the journal’s publisher, or if the publisher’s name and contact information are kept anonymous by private domain registrars.”

Sadly, academic journals will be at risk for some time, because many of the publishers never adapted to online publishing, sometimes someone forgets to pay a domain name bill, and they rely on digital object identifiers to map Web addresses to papers.

Scholarly journals are important for academic research, but their publishing models are outdated anyway.  Maybe if they were able to keep up the hacking would not happen as often.

Whitney Grace, December 7, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Expect Disruption from Future Technology

November 13, 2015

A dystopian future where technology has made humanity obsolete is a theme older than the Industrial Revolution.  History has proven that while some jobs are phased out thanks to technology more jobs are created by it, after all someone needs to monitor and make the machines.  As technology grows and makes computing systems capable of reason, startups are making temporary gigs permanent jobs, and 3D printing makes it possible to make any object, the obsolete humanity idea does not seem so far-fetched.  Kurzweilai shares a possible future with “The SAP Future Series: Digital Technology’s Exponential Growth Curve Foretells Avalanche Of Business Disruption.”

While technology has improved lives of countless people, it is disrupting industries.  These facts prove to be insightful into how disruptive:

  • In 2015 Airbnb will become the largest hotel chain in the world, launched in 2008, with more than 850,000 rooms, and without owning any hotels.
  • From 2012 to 2014, Uber consumed 65% of San Francisco’s taxi business.
  • Advances in artificial intelligence and robotics put 47% of US employment — over 60 million jobs — at high risk of being replaced in the next decade.
  • 10 million new autonomous vehicles per year may be entering US highways by 2030.
  • Today’s sensors are 1 billion times better — 1000x lighter, 1000x cheaper, 1000x the resolution — than only 40 years ago. By 2030, 100 trillion sensors could be operational worldwide.
  • DNA sequencing cost dropped precipitously — from $1 billion to $5,000 —  in 15 years. By 2020 could be $0.01.
  • In 2000 it took $5,000,000 to launch an internet start-up. Today the cost is less than $5,000.

Using a series of videos, SAP explains how disruption will change the job market, project management, learning, and even predicting future growth.  Rather than continuing the dystopia future projections, SAP positions itself to offer hope and ways to adapt for your success.  Humanity will be facing huge changes because of technology in the near future, but our successful ability to adapt always helps us evolve.

3DWhitney Grace, November 13, 2015

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

 

Next Page »