Scammers Have Better Technology But Not New Ideas

September 30, 2020

Scammers are opportunists. They use anything and everything to con people out of their valuables and the Internet is the best tool in a scammer’s toolbox. Scammers might be armed with advanced technology, but their scam ideas are not. Because scammers are not original, they are predictable but sophisticated. The Journal of Cyber Policy wrote about scammers in “New Techniques, Same Old Phone Scams.”

A classic scam technique are “too good to be true offers” such as free vacations or investment opportunities. Scam artists make robocalls with these offers and they used to be detectable because they were from out of state numbers. Spoof technology, however, makes these robocalls using local area numbers, making it harder to detect the scams. In 2019, the Federal Trade Commission reported that people $667 million to scammers, mostly they were paid with gift cards.

Scammers’ sophistication levels are rising too. There are entire call centers in Asia and Africa dedicated to making scam calls. These call centers masquerade as reputable businesses such as Apple, Amazon, PayPal, banks, etc., and attempt to convince people that an account has been breached, late on payments, or their identity (ironically) was stolen. Companies and banks never randomly email or call asking to confirm sensitive information. They advise people to delete the emails or hang up on callers.

Another new scam is calling people claiming that a relative is facing legal action. This scam calls entire members of a family and when the person in question calls the scammer it turns out they need to share their social security number and date of birth. It is an excellent tactic, because it questions people’s reputation and makes them believe they are in legal trouble.

Scammers are using the same tactics as they have for centuries, but being wise to their ways prevents theft:

“As phone scams continue to evolve, it is helpful to know the warning signs. Always be wary of unsolicited callers, even if you are familiar with the company from which they claim to be calling. Scammers will use the threat of jail time or a fine to induce the victim into a state of fear — pressuring the victim into handing over sensitive information. If the caller requests financial or other sensitive information, hang up and call the company back directly (through a number you can verify) to inquire about this issue. The FCC Tip Card is a brief, yet valuable, resource that provides information on spoofing scams. It would also be wise to register your phone number with the National Do No Call Registry. Afterward, you shouldn’t receive telemarketing calls, and if you do, there’s a good chance they are a scam. As we continue to interact in this ever-evolving virtual world, we must remain on high alert against the deception of persistent fraudsters who are using new techniques for the same old phone scams.”

This is why it is important to read and watch the news, so you are aware of potential threats.

Whitney Grace, September 30, 2020

Pastebin: And Its Purpose Is?

September 29, 2020

DarkCyber noted  “Pastebin Adds Burn After Read and Password Protected Pastes to the Dismay of the Infosec Community.”

Here’s the passage one of the DarkCyber researchers noted before sending the item to me:

Named “Burn After Read” and “Password Protected Pastes,” the two new features allow Pastebin users to create pastes (pieces of text) that expire after a single read or pastes that are protected by a password.

“And the purpose of pastesites is?” is a question the write up does not answer. On the surface, sharing snips of text seems innocent enough.

The write up notes:

While some people use it to host pieces of code or text they wanted to share with a colleague, over the past decade, Pastebin has also turned into a de-facto hosting service for malicious code.

There are some other interesting use cases too. Years ago, DarkCyber learned about pastesite flexibility in information provided by Recorded Future, the predictive analytics outfit. Among the more interesting functions of Pastebin in particular and the dozens of other text hosting outfits was providing ONION addresses for unusual and interesting Dark Web destinations, among other types of content.

There’s a common sense suggestion in the write up too: Block pastesites.

Some law enforcement and intelligence professionals have a passing interest in Pastebin and similar sites. Pastebin has an Abuse Management and Threat Analysis team ready to assist LE and intel professionals with their requests. Sometimes the requests require documents, authorizations, and explanations. Speedy response is possible. But how “speedy” is speedy? That’s another good question ignored by the write up.

Stephen E Arnold, September 29, 2020

US and Cyber Proactivity

September 15, 2020

Kinetic assaults on the United States still pose a great risk, but even greater threats exist in digital spaces. Hacking, malware, viruses, and more could potentially damage the American way of life more than a physical attack. The Star Tribune reports that, “Military’s Top Cyber Official Defends More Aggressive Stance” on attacks taking place in the Internet. General Paul Nakasone defends the more aggressive stance, because the military has become more proactive in order to defeat sophisticated threats.

Nakasone stated that instead of having a “reactive, defensive posture” that military is meeting foreign adversaries online. Instead of waiting to be attacked, the military investigates potential threats and takes necessary action to stop them. Two examples of taking offensive action are:

“As an example, Nakasone cited a mission from last October in which Cyber Command dispatched an elite team of experts to Montenegro to join forces with the tiny Balkan state, which was targeted by Russia-linked hackers. The “hunt forward” mission not only helped defend an ally but was also an opportunity for the U.S. to improve its own cyber defenses before the 2020 election, Nakasone wrote. Cyber Command and NSA worked before the 2018 U.S. midterm election to protect against Russian meddling, he said, creating a task force that shared information about potential compromises and other threats, including how to counter trolls on social media.”

Arguably this prevented interferences in the US midterm elections and the plans are to prevent more possible threats for the 2020 presidential election.

Cyber Command was established in 2010 to defend against cyber attacks on the Department of Defense’s classified and unclassified networks. Cyber Command’s offensive strategy has changed from its original purpose to “proactively hunt for adversary malware on our own networks rather than simply waiting for an intrusion to be identified.” Cyber Command also shares information on malware as its discovered so its less of a threat.

Inaction often leads to attacks that could be avoided. If Cyber Command does nothing, then when an attack occurs people are upset. However, if Cyber Command is on the offensive it is seen as unnecessary aggression by certain parties. It is a catch-22, but also not.

Whitney Grace, September 15, 2020

DarkCyber for 8-25-20: Andrax Hacker Toolkit, NSO Group PR Push, Tor Under Attack, and Eagle Drone Killer

August 25, 2020

DarkCyber is a video news program produced by Stephen E Arnold, publisher of Beyond Search and DarkCyber. You can view this week’s program on YouTube or Facebook.

The program for August 25, 2020, contains four stories. The first focuses on a hacker’s toolkit called Andrax. The packager of this penetration testing bundle makes some bold claims. Security professionals who use highly-regard pentest systems from ImmunitySec are called “dumbs” and “lamers.” Clever or uninformed marketing? You have to determine the answer for yourself.

The second story summarizes highlights of Massachusetts Institute of Technology’s “Technology Review” interview with the founder of NSO Group. NSO Group–unlike most vendors of specialized software–has been the subject of media scrutiny. In the interview, the founder of NSO Group seems to suggest that he does not understand the intelware market. Even more interesting is MIT’s decision to publish the interview and give NSO Group more media exposure. DarkCyber asks a question others have not posed.

The third story reviews two surprising items of information from a Nusenu study or analysis. (Nusenu may be a security firm, a Web services vendor, or a single individual.) The first interesting revelation in the Nusenu report is that about 25 percent of Tor relay exit servers have been compromised by an unknown third party. The second juicy morsel is the identification of five Internet service providers who may be hosting Tor relay servers and other interesting services.

The final story zooms to a single eagle. The Michigan government learned that an expensive drone was destroyed by an eagle. If you want your own raptor to knock down surveillance drones, DarkCyber provides a company that will provide an organic c-UAS (counter unmanned aerial system).

Kenny Toth, August 25, 2020


Me Too, Me Too: Password Matching

August 7, 2020

Digital Shadows, founded in 2011, offered its Searchlight service. Terbium Labs, founded in 2013, offers its Matchlight services. Enzoic, founded in 2016, offered its password matching service. Scattered along the information highway are other cyber security firms offering variations on looking for compromised information on the Regular Web, the Dark Web, and in any other online source which the crawlers can reach. I mention these companies and their similar matching services because DarkCyber spotted “LogMeIn Introduces New Lastpass Security Dashboard and Dark Web Monitoring, Delivering a Complete Command Center for Managing Digital Security.” The write up states:

In addition to displaying weak and reused passwords, the new Security Dashboard now gives all LastPass users, regardless of tier, a full picture of their online security, providing complete control over their digital life and peace of mind that accounts are protected.

What’s interesting is that the capability to perform this type of LastPass check has been around for many years. Progress. People seeing the “light”? Some bad actors simply brute force passwords because many individuals prefer passwords from this list. The fact that strong passwords are not widely used contributes to bad actors’ success.

Stephen E Arnold, August 7, 2020

Messaging: Pushing the Envelope

July 31, 2020

In my lectures for the 2020 National Cyber Crime Conference, I discussed messaging as a rapidly evolving mechanism. Simple text has morphed into a viable alternative to a traditional Dark Web site. Via encrypted messaging services, individuals can join groups, locate products and services, and pay for them often with bitcoin or other digital currency. Although it is possible to compromise encrypted messages, the volume poses a significant problem for law enforcement. I pointed out that the developers of Telegram reached an agreement with Russia in order to prevent their messaging service from being blocked.

Another messaging service warrants some attention. The service is called Element. Element was formerly known as Riot and Vector, according to some individuals. The system is based on Matrix; that is, an open source protocol for real time communication. Element, like other modern messaging systems, encrypts data.

In an email from an individual who wishes to remain anonymous, the Element messaging service can interact with with other services, including the aforementioned Telegram. Is Element an alternative to Slack and similar programs like Microsoft Teams?

The answer is, “Could be.”

Slack and Teams are widely known and engaged in what may become an interesting legal tussle. Facebook, however, continues to push toward a unified messaging platform, offering features that make finding, buying, selling, and communicating a mostly one click process.

Element has the potential to become an open source alternative to encrypted messaging solutions from vendors like Facebook and Telegram.

In light of the capabilities of the US National Security Agency and the continuing efforts of the European Union to force providers to allow instream decryption, the resolution is likely to be political.

Until users of encrypted messaging services demand government respect for privacy, which is a Fourth Amendment issue in the US, governments will continue to pressure and possibly resort to what some may characterize as blackmail. The pressure may be unconstitutional in some countries and unwarranted in others.

Encrypted messaging has become the “new” Dark Web if the DarkCyber research team’s analysis is accurate. The issue is yet another one to add to the pile of contentious services for ubiquitous mobile devices.

For more information about the chat service, navigate to the Element information page.

Stephen E Arnold, July 31, 2020

DarkCyber for July 28, 2020, Now Available

July 28, 2020

The July 28, 2020, DarkCyber is now available. You can view the program on YouTube or on Vimeo.

DarkCyber reports about online, cyber crime, and lesser known Internet services. The July 28, 2020, program includes six stories. First, DarkCyber explains how the miniaturized surveillance device suitable for mounting on an insect moves its camera. With further miniaturization, a new type of drone swarm becomes practical. Second, DarkCyber explains that the value of a stolen personal financial instrument costs little. The vendors guarantee 80 percent success rate on their stolen personally identifiable information or fullz. Third, SIM card limits are in place in South Africa. Will such restrictions on the number of mobile SIM cards spread to other countries or are the limits already in place, just not understood. Fourth, Coinbase bought a bitcoin deanonymization company. Then Coinbase licensed the technology to the US Secret Service. Twitter denizens were not amused. Fifth, Microsoft released a road map to a specific type of malware. Then two years later the story was picked up, further disseminating what amounts to a how to. DarkCyber explains where to download the original document. The final story presents DarkCyber’s view of the management lapses which made the Twitter hack a reality. Adult management is now imperative at the social media company doing its best to create challenges for those who value civil discourse and an intact social fabric.

The delay between our June 9, 2020, video about artificial intelligence composing “real” music and today’s program is easy to explain. Stephen E Arnold, the 76 year old wobbling through life, had the DarkCyber and Beyond Search team working on his three presentations at the US National Cyber Crime Conference. These programs are available via the NCC contact point in the Massachusetts’ Attorney General Office.

The three lectures were:

  1. Amazon policeware, which we pre-recorded in the DarkCyber format
  2. A live lecture about investigative software
  3. A live lecture about Dark Web trends in 2020.

Based on data available to the DarkCyber team, the septuagenarian reached about 500 of the 2000 attendees. Go figure.

Kenny Toth, July 28, 2020

A Survey of Prices from the Dark Web

July 21, 2020

The Dark Web may not be the giant repository of badness that some popularizers of sci-fi assert, but it is a challenge for some enforcement professionals.

As important as our personal and financial information is to each of us, it can come as a surprise how cheaply some hacked data can be purchased on the Dark Web. After considerable research, Privacy Affairs illustrates this point in its “Dark Web Price Index 2020.” Reporter Miguel Gomez writes:

“The privacy offered by software such as TOR creates an environment where criminals can sell their wares on the dark web without the worry of law enforcement. What’s more, many will have heard the horror stories of people’s bank accounts being cleaned out, or their identity stolen and turning up in custody in Mexico. Again, not unjustified horror. You might be asking yourself, just how easy is it to obtain someone else’s personal information, documents, account details? We certainly were. Whilst there are many marketplaces on the dark web, there are even more forum posts warning of scammers. This makes verified prices difficult to obtain without ordering the items to find out, which of course we didn’t. Our methodology was to scan dark web marketplaces, forums, and websites, to create an index of the average prices for a range of specific products. We were only interested in products and services relating to personal data, counterfeit documents, and social media.”

The researchers compiled eye-opening lists of products and going rates; interested readers should navigate there to view the entire roster. A few examples: credit card details for an account with a balance of up to $5,000 for just 20 bucks; a hacked Twitter account for $49; a 24-hour-long DDoS attack against an unprotected website, at 10-50k requests per second, for $60. Considerably more expensive, though, are passports from the US, Canada, or Europe at $1,500 or quality malware attacks at 1,000 for $1,400 – $6,000.

The article includes a few interesting details alongside the prices, like the fact that vendors usually guaranteed 8 out of 10 stolen credit cards would pay off as advertised. Also, PayPal account details were very common and cheap, but actual transfers from a hacked account were more pricy. And apparently counterfeit bills are extremely common, with the highest quality ones costing about 30% of their fake value. They even come with a “UV pen test guarantee.” See the write-up for more curious, if concerning, details.

Cynthia Murrell, July 21, 2020

DarkCyber for May 26, 2020 Now Available

May 26, 2020

DarkCyber for May 26, 2020, is an online video program focusing on cyber crime, intelligence, and lesser known Internet services. This week’s stories include NSO Group in the PR spotlight, Covid 19 phishing, Germany limits intel services scope of action, a source for bad actor hackers, as a job hunter’s game preserve, and four new drones for surveillance and kinetic action. (Kinetic means explosive munitions.)

The program is a production of Stephen E Arnold and the DarkCyber research team.

In addition to our news programs, we have begun adding special videos. You can view the most recent interview segments with a CIA professional is DarkCyber Exclusive: Litigation Likely for Short Selling.

More special video features are in the works. Remember. DarkCyber contains no demeaning “begging for dollars” pleas, no content marketing, and no subscription fees. As a result, DarkCyber videos and blog posts deliver information that may be difficult to locate and analysis that can cause consternation.

This week’s program is at

Kenny Toth, May 26, 2020

Dark Web Marketplace Bans Fake Vaccine Sales

April 30, 2020

As the Internet’s underbelly, the dark web sells illegal drugs and weapons, child pornography, and one can even hire hit men. The dark web operates more on profit than a conscience. Inside Bitcoins, however, explains that there is one white knight out there: “Notable Dark Web Marketplace Bans COVID-19 Vaccine Sale.”

During the COVID-19 pandemic, governments have cracked down on brick and mortar as well as online retailers who jack up prices on important supplies: PPE, soap, hand sanitizer, bleach, disposable gloves, face masks, etc. They have also banned the sale of any so-called “cure” or “vaccine” for COVID-19. According to current health care news, there is not a cure for COVID-19. Health care professionals are actively researching for the cure, but it has not been discovered yet.

That does not mean people will not be fooled.

Monopoly Market is a popular dark web marketplace and it has banned the sale of any COVID-19 vaccines or cures. Since a cure does not exist right now, people could be buying and ingesting dangerous substances from the dark web. Other dark web marketplaces are not so ethical. So-called COVID-19 cures and vaccines are selling for hundreds of dollars.

It is nice to know that some black hat hackers are ethical:

“However, it’s also worth noting that Monopoly Market isn’t the only entity that has taken a stand against using the coronavirus to make money. Last month, popular cybersecurity blog Bleeping Computer confirmed that it had contacted seven ransomware operators concerning their plans for the virus. Two of those reportedly wrote back and confirmed that they won’t be targeting hospitals during the pandemic.”

While there are a few white knights, the majority of black hat hackers and dark web sellers do not care who they hurt as long as they can profit. Bad actors are bad actors, but one good act does not absolve them.

Whitney Grace, April 30, 2020

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta