DarkCyber for January 22, 2019, Now Available
January 22, 2019
DarkCyber for January 22, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/312358055. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.
This week’s story line up includes… a report about a cyber crime volunteer program in the Netherlands … a profile of the intelware company Numerica… a new Europol report about the hidden Web… and a Los Angeles’ online service points the finger at Craigslist with drug related allegations.
DarkCyber’s first story reports that Dutch police have begun a cyber crime volunteer program. Individuals with an interest in assisting law enforcement in researching Dark Web and related topics can participate in the new program. Skills required by the police include advanced mathematics and physics. More than 200 people have stepped forward to assist. An initial group of 14 individuals has been selected. One volunteer holds down a full time job but wants to contribute to the government’s efforts to reduce cyber crime.
The second story presents information about Numerica, a company which provides intelligence software or intelware to the US Department of Defense and law enforcement organizations. The Numerica approach relies on advanced technology and intuitive, easy-to-use interfaces for its products. The Lumen product allows jurisdictions to share data about incidents and suspects from a desktop computer or a mobile phone. The system can generate maps with geo-locations marked, brief “bubble gum” card summaries of suspects, and reports which include event and time information. The company is listed on the GSA schedule, which speeds procurement of the company’s solutions.
DarkCyber reviewed a 2018 Europol report about hidden Internet services. The report contains useful information about the relationship among digital currency, hidden Internet sites, and drug sales. Plus, the report identifies chat services as one communication channel which bad actors are using more frequently. The reason is that government efforts to shut down Tor centric Dark Web sites are forcing bad actors to find other means of hiding their activities. One of the chilling findings is that modern distributed services create more challenges for government authorities. Many hidden Internet services do not have a single focal point.
The final story reviews allegations by LA Taco, an online information service, that Craigslist is listing drugs in its online advertising service. The report alleges that Craigslist does not filter ad listings for code words used to allow insiders to locate certain drugs like fentanyl. According to LA Taco, dealers describe drugs as “white china plates.” The savvy drug buyer contacts the seller of what appears to be dinnerware and buys the controlled substances. These are serious allegations, but filtering for common words can delete many legitimate listings from the online service. No easy solution exists in the view of the DarkCyber research team.
A new blog Dark Cyber Annex is now available at www.arnoldit.com/wordpress. Cyber crime, Dark Web, and company profiles are now appearing on a daily basis.
Kenny Toth, January 22, 2019
DarkCyber for January 15, 2019, Now Available
January 15, 2019
DarkCyber for January 15, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/311054042 . The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cyber crime, and lesser known Internet services.
The first story discusses Discord, an in-game and chat service. The system takes a somewhat hands-off approach to monitoring user messages. Discord features what are called “magic emojis.” These emojis, when used among those who are members of a specific social group within Discord, can convey messages. Some potential bad actors–for example, white supremacists–allegedly have been using the services as a communications channel.
The second story explores an allegation that Facebook WhatsApp makes it possible for those interested in child pornography to locate this type of content. Third party apps provide finder services. Facebook is introducing electronic payments within WhatsApp. The likelihood for bad actors to use WhatsApp as a mechanism to exchange objectionable content is high. Facebook’s content policies are likely to undergo scrutiny from government authorities in 2019.
The third story profiles Gamalon, a company which develops software for the Defense Advanced Research Projects Agency and commercial enterprises. The key to Gamalon system is that it uses advanced statistical procedures to identify and extract ideas from source content. The company’s technology makes use of Bayesian methods in order to create automatically machine learning models. The models can then create new models to deal with new ideas expressed in the source data processed by the system.
The fourth story reports on Spain’s 36 month effort to slow or halt the trade of weapons in the country via the Dark Web. Authorities have arrested more than 200 individuals and seized hand guns and automatic weapons. The investigation continues.
The final story points to a study which provides facts and figures about the hidden Internet. Some of the data in the study sponsored by a star of the hit cable television program Shark Tank is quite remarkable. To cite one example, the number of hidden sites on the Internet is 32 times the number of stars in the galaxy. That a very large number and difficult to match with DarkCyber’s research data.
Kenny Toth, January 15, 2019
Stolen Identities Affordable and Available from a Few Dark Web Vendors
January 8, 2019
This is quite the bargain for bad actors—Kodos Blog reports, “Hackers Charging £10 for Stolen UK Identities.” Writer Ali Raza tells us recent studies show packages of data required to usurp a victim’s identity can be found for as little as £10, or about 12 and a half bucks. We learn:
“On the dark web, these information packages are called fullz (full IDs), and they can be found on numerous black markets. They often contain things such as names, addresses, bank data, online passwords, and more. Researchers believe that a number of high profile hacks that occurred recently are keeping the markets filled with this type of data. Hundreds of millions of internet users have had their data stolen in 2018 alone. Some of the most famous hacks from the last few months include several Facebook incidents, the hack of British Airways, Marriott hotel, and more. Stolen information then gets posted on the hidden part of the web, known as the dark web.”
We presume in order to create more clients, vendors of such data also offer instruction in how to open loans and credit cards in the victims’ names. Not for free, of course; such a guide runs about £6. The article adds:
“[One] seller also offered a sample of stolen information, currently being in their possession. The data includes names, occupation, addresses, and even date of birth and similar information. The sample itself belongs to a Bristol-based Polish-born woman. Researchers have described this type of stolen information as ‘key to online fraud’. As the internet has become a large part of most peoples’ everyday life, demand for this type of info is constantly on the rise.”
And yet, Raza reports, most consumers have no idea how pervasive these data hacks are. In fact, says one expert, most of us already have had our data stolen and sold on the Dark Web—it’s just a question of how often. One can check whether their email address is believed to have been compromised at several websites, the most famous of which may be Have I Been Pwned. To prevent identity theft, users should follow best practices, like using separate, hard-to-guess passwords for different accounts and taking advantage of two-factor authentication where offered.
Cynthia Murrell, January 8, 2019
DarkCyber for January 8, 2019, Now Available
January 8, 2019
DarkCyber for January 8, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/309717457 . The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.
The lead story is a profile of Sintelix, an Australian company developing software for law enforcement and intelligence professionals. The system can acquire content from the hidden Internet, the Surface Web, third-party sources, and content repositories in an organization; for example, arrest records. Sintelix provides IBM Analyst’s Notebook user with a streamlined, modern interface without giving up the unique features of the IBM Analyst’s Notebook. The three key features of the Sintelix technology are its speed of document and content processing. Hundreds of thousands of documents can be analyzed and indexed on a standard office desktop computer in a few hours. Sintelix also includes an application programming interface. This API makes it possible to use Sintelix with a wide range of third party solutions. Also, the system incorporates robust timeline features. Ana analyst can examine events over a month and then zoom into look at activities in an hour on a specific day.
The second story addresses a way to reduce the complexity of the Tor software bundle, which is required to access Dark Web sites, Many Tor users find the bundle confusing, which can lead to careless errors. . A number of user-induced errors can lead to the user’s loss of the privacy which the Tor software appears to offer. The fix is to use a hardware device which can run the Tor software. DarkCyber reports on an older system called PORTAL as well as a new Raspberry Pi approach. Will these devices provide a way to surf the Web in anonymity. Unlikely, but if properly configured, the devices may prevent some types of operator errors.
The third story discusses India’s legislation which mandates that technology companies provide access to encrypted content. Like Australia, India’s action is helpful to law enforcement and intelligence professionals. However, the mandatory decryption may increase the likelihood that bad actors will find a way to exploit the backdoor. The regulations require that a technology company like Apple or Facebook would have to respond to the government request within a day or two. Even with automated decryption technology, the time limit may prove difficult for some companies.
The final story describes a novel type of punishment for child abuse. The UK has begun deporting abusers to their country of origin and stripping the individual of his or her UK citizenship. So far one Indian who amassed 23 counts of child abuse have been flagged for deportation. Three abusers from Pakistan are likely to be deported as well. Once in their home country, authorities may take punitive action against the abusers.
A new blog Dark Cyber Annex will be available at www.arnoldit.com/wordpress. Cyber crime, Dark Web, and company profiles are now appearing on a daily basis.
Kenny Toth, January 8, 2019
TruthFinder: Dark Web Scan Reseller
January 3, 2019
TruthFinder, founded in late 2014 or early 2015, provides background check services. We wanted to document that the firm offers Dark Web scans.
The company states:
Our new Dark Web Monitoring feature is an indispensable tool for people who want to protect their identity from data breaches. You can monitor your sensitive personal information — like your name, phone number, and even credit card number — and receive an instant notification if your data is found on the Dark Web. Cybercriminals buy and sell personal information on the Dark Web every day, but with TruthFinder, you can reduce your chances of becoming a victim of identity theft.
According to the company’s Web site, these services are provided by Experian. DarkCyber believes that Experian obtains Dark Web scanning services from another third party.
The firm also provides public records data to its customers. The services are provided on a fee basis.
In an interview published by Superbcrew, TruthFinder stated:
TruthFinder is also an essential resource for online daters and those who routinely interact with strangers online. With just a quick search, online daters can make sure they’re talking to a real person and not getting catfished. People can also use this service to see if people have prior criminal records, which is one of the many ways TruthFinder helps people stay safe in the real world.
Note: A “catfish” is someone who pretends to be someone else online. The idea is that an individual adopts a persona in order to mask his or her actual identity.
A customer can search by name, phone number, email address, or physical address. The company offers reverse address lookup (who lives at this address?) and reverse phone look up (who has this phone number?).
A TruthFinder report is assembled from the data the company pulls from various data sources. A report, presumably generated by the TruthFinder system, typically offers:
- Personal Information: Your name, known aliases, and date of birth
- Possible Photos: TruthFinder crawls images from various social media profiles, including those you may have forgotten existed
- Jobs and Education: A list of places you have worked and studied, including relevant dates
- Possible Relatives: View the name, age, and location of people who may be related to you
- Related Links: Related links may include blogs, relevant news stories, and additional social profiles
- Contact Information: View landlines, cell phone numbers, and email addresses associated with your name
- Location History: A list of places you have lived, including the date you were last seen at the location
- Criminal Records: TruthFinder reports may include arrest details, the outcome of the case, and prison status, when available
- Sex Offenders: View a map of nearby sex offenders, details of their crime, and links to view their full background report
- Social Media Profiles: Uncover social media profiles associated with your name, including accounts you may have forgotten
- Assets
- Evictions
- Business associates.
DarkCyber wants to point out that Dark Web scanning is now an item on a punch list, not a rarified service available only to law enforcement and intelligence professionals. TruthFinder’s help section states that reports begin at about $30. An annual subscription runs about $280 per year.
Kenny Toth, January 3, 2019
Voter Data on the Dark Web
January 2, 2019
Sixgill, an Israeli company, says that voter data are for sale on the Dark Web. “Who Controls Your Vote? Sixgill Sheds Some Light on the Dark Web” states:
Sixgill, the cybersecurity leader which analyzes the Dark Web to detect and defuse cyber attacks, discovered that the U.S. voter database tracing back to the 2008 Vermont election was being offered for sale on a top-tier forum on the Dark Web.
The article reports:
Sixgill gained access to the breached database of the most recent elections and noted that the information enclosed seemed to be authentic. Among the list of credentials are those of Vermont Senators Patrick Leahy and Bernie Sanders. The Dark Web investigator noted that the stolen credentials contain 476,560 records, numbers that align with recent official data published by Vermont’s Secretary of State. For each individual record in the database, one can see sensitive personal information belonging to individual voters, including their full name, legal and mailing addresses, year of birth, and even their past voting history.
The BestTechie article did not suggest ways to protect these data nor remediation methods.
Kenny Toth, January 2, 2018
DarkCyber for December 25, 2018, Is Now Available
December 25, 2018
DarkCyber for December 25, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.
This week’s story line up includes… Australia legislates the unlocking of encryption backdoors… Dark Web counterfeiting ring kept unencrypted customer lists… which operating system provides online anonymity Tails or Qubes… and Dunkin Donuts loyalty points on the Dark Web just in time for the holidays.
First, Australia has become the first country to legislate that technology companies must assist law enforcement in decrypting encrypted messages. The law is controversial and has trigger expressions of concern from privacy advocates. DarkCyber reports that as a member of the Five Eyes organization, the Australian action may increase the resolve of the US, UK, Canada, and New Zealand to seek similar measures in 2019. Amendments to the new legislation are likely, but the Australian action is a significant development for law enforcement which is flying blind among the rapidly rising storm of encrypted communications which thwart many investigations.
Second, Austrian police cracked a Dark Web counterfeiting ring. Police seized fake euros and a list of customers. The names, shipping addresses, and other details were stored in an unencrypted form on computers and on paper. Austrian officials provided the information to Europol, which organized a series of coordinated operations in more than a dozen countries. Hundreds of arrests were made and the police are continuing their sweep. Dark Web criminals may use Tor for anonymity, but their understanding of operational security is poor.
Third, which secure operating is better for online anonymity? Tails is one of the systems used by many individuals. The system ships with Tor and other tools, including encrypted chat capabilities. Qubes is another system used by some individuals for increased security. Qubes, however, requires that the user set up the system, which relies on virtual machines. There are other options as well; for example, Whonix, JohnDo, and ImprediaOS, among others. The answer is that a person must understand the strengths and weaknesses of each option and choose a solution that fits one’s specific needs.
The final story reports that some Dark Web ecommerce vendors are selling Dunkin Donuts loyalty points. A customer with the Dunkin Donuts app and the stolen loyalty points can order donuts and other Dunkin Donuts products with minimal security checks. Discount sweets via the Dark Web have arrived just in time for the holidays.
Watch for information about our new blog (information service) DarkCyber. We will report the location of the service in Beyond Search.
Kenny Toth, December 25, 2018
Facebook: WhatsApp and In App Payment
December 22, 2018
I noted two developments which Facebook may roll out.
The first is the story in Newsweek “WhatsApp Child Porn Groups Exposed.” WhatsApp is an encrypted messaging service. As pressure on “old school” Dark Web sites continues to escalate, bad actors are looking for new, easy ways to communicate, share, and locate information that is of interest to them. Encryption, according to many investigators, allows bad actors to go dark. The authorities are, therefore, blind to potentially useful information. The write up suggests that Facebook is taking some action. The article said:
Facebook said working with police may be their best option to combat the material.
The second item concerns transacting, buying, and selling within WhatsApp. I noted “Facebook Explores Blockchain Tech For WhatsApp Money Transfers.” According to the write up:
In an effort to help WhatsApp users transfer money, Facebook is reportedly creating a digital currency. Unnamed sources told Bloomberg that the company is at work on a stablecoin, which is a cryptocurrency tied to the value of the U.S. dollar, and is reportedly eyeing India’s remittance market.
How quickly will bad actors interested in salacious or illegal content embrace Facebook’s vision of seamless buying and selling?
I would suggest quickly if the system sort of works.
With Facebook’s record of fine tuning its digital compass, WhatsApp could become the new Dark Web.
On the other hand, maybe Facebook will create a positive, uplifting union of services. Yep, maybe.
Stephen E Arnold, December 22, 2018
DarkCyber for December 18, 2018 Now Available
December 18, 2018
DarkCyber for December 18, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/306639675 .
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.
This week’s story line up includes… an informal agreement among Dark Web drug dealers to cut off sales of fentanyl… NSO, a provider of intelware to governments, is back in the news… Devicesavers can unlock any phone for $4,000… and a father and son Dark Web scheme leads directly to five years in prison.
First, some Dark Web ecommerce vendors are voluntarily cutting off sales of the synthetic opioid fentanyl. The reason is not going straight. The vendors are wary of stepped up police action in order to take down Dark Web sites selling the potent drug. DarkCyber notes that the actions of Dark Web ecommerce vendors are not likely to curtail the sale of the drug. Vendors move their transactions to encrypted chat sessions or private messaging groups on social media systems. Furthermore China prohibits the manufacture of fentanyl, but not some of its analogs.
Second, DarkCyber reports that the vendor of software for government agencies is back in the news. Reports link NSO with Saudi Arabia and allege that the Kingdom used NSO’s Pegasus tool to monitor Omar Abdulaziz and the slain journalist Jamal Khashoggi. Companies like NSO shun the spotlight. Now NSO finds itself allegedly linked to a high profile news story and the subject of increased attention from the Canadian Lab, an independent research group.
The third story reports that Drivesavers has a proprietary method for unlocking iPhones and Android devices. Apple took steps to eliminate a USB vulnerability which some firms were using to unlock iPhones. Drivesavers technique requires the law enforcement send the iPhone to the Drivesavers’ lab, where the phone is unlocked and its data copied to an external storage device. Drivesavers does not provide details about how its method works, but DarkCyber believes the approach is similar to that used by Cellebrite’s mobile device unlocking service. Drivesavers, DarkCyber reports, is listed on the GSA schedule which means US federal agencies can make use of the service with a minimum of bureaucratic
The final story recounts the fate of a father and son duo. The father hit upon the idea of selling his extra doctor prescribed painkillers on the Internet. When that did not work, he enlisted his son for help in setting up a Dark Web business. Federal agents spotted the ads and made an authorized drug buy. The father and son team were arrested and computing devices, text messages, and narcotics were seized. One of the text messages was from a customer who overdosed on the duo’s product. The message, sent from the hospital where the addict was recovering, wanted to set up another drug buy. The father and son team are now serving five years in prison.
DarkCyber is released each week on Tuesday. The next program will be available on December 25, 2018. In 2019, DarkCyber will introduce a Web log covering the stories in the weekly news program plus additional law enforcement related subjects.
Kenny Toth, December 18, 2018
DarkCyber for December 11, 2018 Now Available
December 11, 2018
DarkCyber for December 11, 2018, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.
This week’s story line up includes… a detailed report about weapons sales on the Dark Web … ThomsonReuters sells driving and personal data to ICE… and The outlines of Dark Web Version 2 become visible.
First, an information packed study about Dark Web weapons sales reveals that Glocks are the most popular illegal hand gun. How much is an illegal weapon? Prices range from $200 to more than $10,000. But fully automatic weapons are the most expensive. Cyber weapons cost a fraction of the price of a physical weapon. The information has been assembled by the RAND Corporation, and the report makes clear that despite the shut down of many Dark Web eCommerce sites, unregistered weapons are available via Tor and the Dark Web. The video provides the information needed to obtain a copy of this useful collection of hard to find data.
Second, DarkCyber reports that ThomsonReuters along with a handful of less well known companies are selling personal data to the US government. ThomsonReuters, according to a source available to DarkCyber, sells information related to driving; for example, data about license tags and information derived from surveillance cameras. With these types of data, government investigators are able to examine travel routes and may be able to pinpoint the location of vehicles. The value of proprietary data is that the accuracy and timeliness of the information can accelerate certain investigations.
The final story reveals that private group chats and encrypted instant messaging may be the future of the Dark Web. Instead of relying on special software to make online behavior anonymous, message oriented applications allow bad actors to work on the public Internet, safe from the eyes of investigators. Stephen E Arnold, author of CyberOSINT: Next Generation Information Access, said: “Encryption is an issue. DarkCyber anticipates that the US, Canada, the UK, New Zealand, and Australia will aggressively seek back doors. The time and cost of traditional decryption are prohibitive as the volume of encrypted messages goes up.”
DarkCyber is released each week on Tuesday. The next program will be available on December 25, 2018.
Kenny Toth, December 11, 2018
-
- Subscribe to Beyond Search
Feature archive
News archive
-
