DarkCyber for October 19, 2021: DDoS Takedown, More NSO Group PR, VPN Shift, and Autonomous Kills

October 19, 2021

DarkCyber reports about cyber security, online services, and smart software. You can view this program at this url.

This edition of the program includes four stories:

  1. The US Department of Justice terminated 15 Internet domains involved in denial of service functions. These offered crime as a service and allowed customers to launch DDoS attacks with minimal technical expertise.
  2. The NSO Group captured headlines again. The result of revelations in a British legal proceeding resulted in the Israeli specialized services firm firing one of its Middle Eastern clients.
  3. Roll ups are popular among some financial experts. Aggregation means less competition and greater market reach. Consolidation is underway in the virtual private network sector. Will Kape Technology’s acquisition of Private Internet Access and Express VPN produce benefits for customers?
  4. The final story explores the most innovative facet of Israel’s alleged autonomous termination of a nuclear scientist. The smart software is just part of the story.

DarkCyber is produced by Stephen E Arnold, publisher of Beyond Search.

Kenny Toth, October 19, 2021

Key Words: Useful Things

October 7, 2021

In the middle of nowhere in the American southwest, lunch time conversation turned to surveillance. I mentioned a couple of characteristics of modern smartphones, butjec people put down their sandwiches. I changed the subject. Later, when a wispy LTE signal permitted, I read “Google Is Giving Data to Police Based on Search Keywords, Court Docs Show.” This is an example of information which I don’t think should be made public.

The write up states:

Court documents showed that Google provided the IP addresses of people who searched for the arson victim’s address, which investigators tied to a phone number belonging to Williams. Police then used the phone number records to pinpoint the location of Williams’ device near the arson, according to court documents. 

I want to point out that any string could contain actionable information; to wit:

  • The name or abbreviation of a chemical substance
  • An address of an entity
  • A slang term for a controlled substance
  • A specific geographic area or a latitude and longitude designation on a Google map.

With data federation and cross correlation, some specialized software systems can knit together disparate items of information in a useful manner.

The data and the analytic tools are essential for some government activities. Careless release of such sensitive information has unanticipated downstream consequences. Old fashioned secrecy has some upsides in my opinion.

Stephen E Arnold, October 7, 2021

The Darknet: a Dangerous Place

October 6, 2021

Criminal activity on the Darknet is growing and evolving. One person who has taken it on themselves to study the shadow realm shares some of their experiences and observations with reporter Vilius Petkauskas in, “Darknet Researcher: They Said They’ll Come and Kill Me—Interview” at CyberNews. The anonymous interviewee, who works with research firm DarkOwl, describes a threat to their life, one serious enough to prompt them to physically move their family to a new home. They state:

“There was one specific criminal actor I was going after, trying to figure out where they were operating, who they were involved with, what groups they were affiliated with. I became a target. They turned on me and said, we will find whoever wrote this and come kill them. We will destroy them.”

Yes, poking around the Darknet can be dangerous business. What sorts of insights has our brave explorer found? Recently, there has been a substantial uptick in ransomware, and for good reason. The researcher explains:

“Look at ransomware as a service (RaaS). First and second-generation ransomware lockers were developed by incredibly smart malware developers, cryptologists, and encryption specialists. Those who designed and employed such software were some of the most sophisticated malware developers or ‘elite’ hackers around if you want to label them that. But with the RaaS affiliate model, they’re giving others the chance to ‘rent’ ransomware for as little as a few hundred bucks a year, depending on which strain they’re using. Anyone interested in getting into the business of ransomware can enter the market without necessarily having any prior or expert knowledge of how to conduct an enterprise-level attack against a network. Some of the gangs, like Lockbit 2.0 are nearly entirely automated, and their affiliates don’t need to have the slightest clue what they’re doing. You just push, plug, and play. Identify the victim, drop it onto the network, and the rest is taken care of.”

How convenient. Getting into the target’s network, though, is another matter. For that criminals turn to

initial access brokers (IABs), also located on the Darknet, who help breach networks through vulnerabilities, leaked credentials, and other weaknesses. See the write-up for more of the researchers hard-won observations. They close with this warning—there is more going on here than opportunists looking to make a buck. Espionage and cyber terrorism are also likely involved, they say. We cannot say we are surprised.

Cynthia Murrell, October 6, 2021

Bad Apps: Will There Be a YouTube Video?

September 30, 2021

I read “Fraudulent Mobile Apps Growing in Numbers.” This is another “Who knew?” write up. After app removals, malware app, and apps that phone home, suddenly “real” news. The write up states:

A new report from payment fraud protection specialists Outseer claims that out of all fraudulent attacks that happened in Q2 2021 (of which there were more than 49,000), rogue mobile apps accounted for almost a third (30%).

I like that: Outseer. Very similar to Outsell. I don’t understand that name either.

How does mobile app fraud work? Here’s the explanation:

The process is relatively simple. Fraudsters would create an app that looks almost identical to a genuine mobile app belonging to a bank, and have it placed on a mobile app store (or distribute it via its website, email, or any other means).

Interested in crating a mobile app? There are a number of sites which allow a person to create a mobile app with no coding required. To make it “mal,” more work is required. Microsoft Github has examples to help you on your quest.

News? Nope.

Stephen E Arnold, September 30, 2021

How Much Growth in Ransomware in 12 Weeks? A Lot

September 30, 2021

I read “Security Experts Witnessed a 55,239% Increase in Ransomware Activity in Q2.” Now that’s a nifty percentage. Not even the Google nails 12 week figures like that one. I learned:

In Q2 2021, Nuspire security experts witnessed a 55,239% increase in ransomware activity just a few weeks prior to the Colonial Pipeline Ransomware attack conducted by DarkSide Ransomware group. The reason for the increase is not known and it may not be related to Colonial Pipeline, but one can speculate that the increase could be from the same campaign with Colonial Pipeline.


Other items of note are:

  • Malware up
  • Microsoft software involved
  • Botnets less popular due to enforcement activity.

Stephen E Arnold, September 28, 2021

DarkCyber for September 21, 2021 Now Available

September 21, 2021

DarkCyber for September 21, 2021, reports about the Dark Web, cyber crime, and lesser known Internet services. The program is produced every two weeks. This is the 19th show of 2021. There are no sponsored stories nor advertisements. The program provides basic information about subjects which may not have been given attention in other forums. The program is available at this link.

This week’s program includes five stories.

First, we provide information about two online services which offer content related to nuclear weapons. Neither source has been updated for a number of months. If you have an interest in this subject, you may want to examine the information in the event it is disappeared.

Second, you will learn about Spyfone. DarkCyber’s approach is to raise the question, “What happens when specialized software once considered “secret” by some nation states becomes available to consumers.

Third, China has demonstrated its control of certain online companies; for example, Apple. The country can cause certain applications to be removed from online stores. The argument is that large US companies, like a French bulldog, must be trained in order stay in the Middle Kingdom.

Fourth, we offer two short items about malware delivered in interesting ways. The first technique is put malicious code in a video card’s graphics processing unit. The second summarizes how “free” games have become a vector for compromising network security.

The final story reports that a Russian manufacturer of drones is taking advantage of a relaxed policy toward weapons export. The Russian firm will produce Predator-like drones in countries which purchase the unmanned aerial vehicles. The technology includes 3D printing, specialized software, and other advanced manufacturing techniques. The program includes information about they type of kinetic weapons these drones can launch.

DarkCyber is produced by Stephen E Arnold and his DarkCyber research team. You can download the program from the Beyond Search blog or from YouTube.

Kenny Toth, September 21, 2021

DarkCyber for September 7, 2021 Now Available

September 7, 2021

DarkCyber is a twice-a-month video news program about the Dark Web, cyber crime, and lesser known Internet services. Program 18 includes stories about China’s information war fighting. The program explains three services which allow anyone to find the individual to which a US license plate has been registered. Crypto currency for criminal activities is playing a larger and larger role in illegal activities. How can you determine the level of risk associated with a particular digital currency transaction. DarkCyber points to a service which provides extremely useful information. The US government has released yet another report about facial recognition. Learn the three systems which are relied upon by several US government entities. There’s a great deal of chatter about nation stations which are sponsoring cyber attacks on the US. These stories often overlook the ease with which an insider can be instrumental in providing access to an allegedly secure network. And, finally, we explain how the Hellfire missile equipped with fragmenting blades has sliced and diced its way into Afghani history. DarkCyber is a production of Stephen E Arnold. The program appears every two weeks. This week’s program is available on the Beyond Search blog and on YouTube.

Kenny Toth, September 7, 2021

Tips for Phishers

August 31, 2021

I spotted “AI Analysis Unveils the Most Effective Email Subject Lines for the Holidays.” My hunch is that a “real” news professionals wanted to provide helpful tips to those who engage in email marketing. The write up includes “tips” from professional email marketers. Here’s one example:

email subject lines that are direct or evoke curiosity or friendliness are the most likely to get opened

Gee, I wonder what other group of email marketers might benefit from such advice?

What about phishers? These are the bad actors who seek to compromise a user’s or an organization’s security via malicious email. With some cyber security solutions relying on rules, database look up, or the human recipient for blocking phishing attempts, the write up is likely to be quite useful. Just in time for the holidays: AI-derived tips for getting someone to open an email. Super thinking!

What bad actor can resist taking this advice?

Including empathy in your messages for your customers helps you make them feel that you are on their side.

Helpful, right?

Stephen E Arnold, August 31, 2021

Why Big Tech Is Winning: The UK Admission

August 31, 2021

I read “UK’s FCA Say It Is Not Capable of Supervising Crypto Exchange Binance.” This is a paywalled story, and I am not sure how much attention it will get. As Spotify is learning from locking up the estimable Joe Rogan, paywalls make sense to a tiny slice of one’s potential audience.

The story is an explanation about government helplessness when it comes to fintech or financial technology. The FCA acronym means Financial Conduct Authority. Think about London. Think about the wizards who cooked up some nifty digital currency methods at assorted UK universities less than one hour from the Pickle. Think about the idea that a government agency with near instant access to the wonks at the National Crime Agency, the quiet ones at Canary Wharf, and the interesting folks in Cheltenham. Now consider this passage from the write up:

… the Financial Conduct Authority said that Binance’s UK affiliate had “failed to” respond to some of its basic queries, making it impossible to oversee the sprawling group, which has no fixed headquarters and offers services around the world. The admission underscores the scale of the challenge facing authorities in tackling potential risks to consumers buying frequently unregulated products through nimble crypto currency businesses, which can often circumvent national bans by giving users access to facilities based overseas.

Hello? Rural Kentucky calling, is anyone at work?

Let’s step back. I need to make one assumption; that is, government entities’ have authority and power. What this write up makes clear is that when it comes to technology, the tech outfits have the authority and the power.

Not good in my opinion for the “consumer” and maybe for some competitors. Definitely not good for enforcement authorities.

Who finds sun shining through the clouds after reading this Financial Times’s story? I would wager that tech centric outfits are thinking about a day or more at the beach. No worries. And look. Here comes Snoop Dog handing out free beer. What a day!

Stephen E Arnold, August 31, 2021

Big Tech Vows, Warrants, Commits, Guarantees, and Assures to Make Security Way Way Way Better

August 26, 2021

I had to laugh. I read some of the write ups explaining the pledges of big tech to the White House about security. The US is at or near the bottom when it comes to security. America plays offense. The defense thing is not what George Washington would do.

Here’s a representative write up: “Google, Microsoft Plan to Spend Billions on Cybersecurity after Meeting with Biden.” This triggered a chuckle and a snort:

IBM CEO Arvind Krishna told CNBC ahead of the meeting and outside the White House on Wednesday that cybersecurity is “the issue of the decade.” He said he hoped to see more coordination between the public and private sectors coming out of the meeting and said IBM would do its part to help skill workers in the space.

Why are adversaries of the US running exfiltration, ransomware, and intellectual property theft operations?

Let me count the ways:

  1. Systems from outfits like Apple and Microsoft can be compromised because security is an add on, an afterthought, or a function implemented to protect revenues
  2. Senior managers in many US firms are clueless about security and assume that our employees won’t create problems by selling access, clicking on scammer emails, or working from home on projects funded by bad actors
  3. Customers pay little or no attention to security, often ignoring or working around security safeguards when they exist. Hey, security distracts those folks from scrolling through Facebook or clicking on TikTok videos.

There are other reasons as well; for example, how about the steady flow of one off security gaps discovered by independent researchers. Where are the high end threat intelligence services. If a single person can find a big, gaping security hole, why are the hundreds of smart cyber security systems NOT finding this type of flaw? Oh, right. Well, gee. A zero day by 1,000 evil techies in China or Moldova is the answer. Sorry, not a good answer.

There is a cyber security crisis in America. Yes, Windows may be the giant piece of cheese for the digital rats. Why hack US systems? That’s where there are lots of tasty cheese.

Is there a fix which billions “invested” over five years can fix?


Pipe dreams, empty words, and sheepish acquiescence to a fact that bad actors around the world find enervating.

More stringent action is needed from this day. That’s not happening in my opinion. Who created the cyber security problem? Oh, right the outfits promising do not do it again. Quick action after decades of hand waving. And government regulations, certification, and verification that cyber security systems actually work? Wow, that’s real work. Let’s have a meeting to discuss a statement of work and get some trusted consulting firm on this pronto.

I have tears in my eyes and not from laughing. Nothing funny here.

Stephen E Arnold, August 26, 2021

Next Page »

  • Archives

  • Recent Posts

  • Meta