NSO Group: More Lumens Added to the PR Spotlight
February 1, 2020
DarkCyber noted this Thomson Reuters’ story: “FBI Probes Use of Israeli Firm’s Spyware in Personal and Government Hacks.” This is an exclusive story from “sources.” The write up reports:
The FBI is investigating the role of Israeli spyware vendor NSO Group Technologies in possible hacks on American residents and companies as well as suspected intelligence gathering on governments.
Our view is that companies purpose built to serve the needs of government agencies may find themselves struggling to break through a revenue ceiling made of Level 1 bullet resistant acrylic sheet. That may be an issue. Also, some of the specialized tools may be used for extracurricular activities which may not be monitored or authorized.
Why?
- Developing and maintaining the efficacy of special purpose software is expensive. Think in terms of more demand for certain engineers than there are engineers. Think in terms of the time required to figure out how to perform certain tasks.
- Investors have many, many choices of cyber security ventures in which to invest. The companies which have been around for several years may not provide the potential “lift” a funding source requires. (It doesn’t matter if these Borges-like dreams are possible. Dreams about big payoffs are just more interesting. Otherwise, a fund could buy stock in Verint.)
- There are a finite number of really big specialized software buyers. This means that price pressure on licensing fees exists for most of the companies.
- Numerous “me too” services are pushing down prices of specialized tools; possibly Sixgill, another firm based in Israel, with the tag line “deep, dark, and beyond.
- There are unexpected competitors; for example, some specialized tools can be located using off the grid services located via WhatsApp groups, i2p services, or the on-again, off-again Dark Web.
A changing market with more companies facing a need to make sales may push specialized software vendors to look for other sources of revenue. And there may be some enterprise customers who could be repurposing certain systems and methods. Some software may be so useful it can punch holes in that acrylic ceiling.
Net net: What is clear that change is afoot.
Stephen E Arnold, February 1, 2020
DarkCyber for January 14, 2020, Now Available
January 14, 2020
The DarkCyber for January 14, 2020, is now available. The program includes stories about ToTok, cyber trends in 2020, and information about the new Amazon Blockchain Policeware report. You can view the video on Vimeo at this link: https://vimeo.com/384343454.
We want to thank the people who commented on our interview with Robert David Steele. We posted this video on December 31, 2019. If you missed that program, you can view it at this link: https://vimeo.com/382165736.
Kenny Toth, January 14, 2020
Black Friday On The Dark Web
December 9, 2019
This sounds newsy.
Black Friday not only affects retailers, but it also occurs on the Dark Web. Uazmi reports that “Drug Dealers Offer Black Friday Deals On the Black Web.” Drug dealers want their own slice of Black Friday sales. Digital Shadows, a cyber risk form, discovered 1,600 posts about Black Friday 2019 sales.
Drug dealers on the Dark Web are offering 30% discounts and even more discounts for buyers who spend more than $2,000. People who buy illegal drugs are always looking for ways to leave more green in the their pockets for next hit and sellers are willing to take advantage of that in the spirit of the season.
“‘People are always on the lookout for deals, regular consumer and cyber criminal alike. This is why towards the beginning of November, users on dark web forums typically flock to create threads dedicated to finding and sharing the best Black Friday deals,’ Digital Shadows research analyst Alex Guirakhoo told The Independent.
‘On dark web marketplaces, Black Friday is an excellent opportunity for site operators to increase sales and attract new buyers. Attracting new customers is particularly important, as consistent law enforcement action and repeated exit scams on popular marketplaces have thrown the ecosystem into disarray.’”
At least Dark Web drug dealers do not have to deal with mad mobs of people hoping to buy the hottest toy or fight over a flat screen TV. Black Friday sales on the Dark Web might bring new customers, but it also brings new law enforcement officials looking to catch more bad actors.
Whitney Grace, December 9, 2019
Dark Web Search: Beating a Small, Nearly Dead Horse
October 28, 2019
Despite popular opinion, search engines do not yield all the information on the Internet. Albrecht Ude recycles tips in Global Investigative Journalism Network’s article, “How To Become A Deep Web Super Sleuth” that only 4% of Internet content is shown in search results. The key to discovering information hidden on the Internet is not search for specific details, instead search for where that information should be. For example, if you are searching for someone’s email address, but cannot find it search instead for organizations related to the person. Digging through content and searching for clues is how to find the gold (aka the desired information).
The article also offers some advice how to become a super deep web sleuth. These tips are helpful for any type of information search, not only those linked to specific organizations or their databases usually not listed in search results.
Figure out who runs the database or organization, these will usually be individuals who would invest funds or stand to make a profit from the information. Interestingly enough databases can also be “hacked:”
‘Find databases by searching for your topic with “database OR directory OR catalogue OR registry” on a search engine. If you want some privacy, Dutch company www.startpage.com runs searches for you on Google, without giving the tech giant your information.”
As millions of students know, while you cannot use Wikipedia as a research tool, you can use the information they cite in their articles. Check out the external links in the bottom of articles as well as search for lists of academic or online databases. Do not forget to search Wikipedia in other languages for more diverse results.
Take advantage of what is available at your public or university library. Public and university libraries pay subscriptions for databases. They can be accessed on site or via a library card, generally these are free to local residents. The Wayback Machine and Archive.today are also great sources for Web site history, because sites disappear as quickly as they are made, but these archives store them.
Relying solely on search engines for research is a lazy move. Lazy.
Whitney Grace, October 28, 2019
DarkCyber for August 27, 2019, Now Available
August 27, 2019
DarkCyber for August 20, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/.
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: Amazon AWS as an attack launch pad for bad actors; obtaining fake paper and passports; cyber warriors have side gigs; adversarial fashions are for sale; and information about the new DarkCyber series about policeware starting in November 2019.
The feature story this week is reports that some bad actors are integrating Amazon Web Services into their phishing and malware activities. The reason is that the platform is widely available, easy to use, and has an excellent reputation. Many phishing attacks use multiples services, and AWS is becoming a resource that is gaining acceptance among bad actors.
Other stories in this week’s program are:
Jeffrey Epstein, accused of human trafficking activity, had several passports in his home at the time of his arrest. Passports and other documents like a driver’s license can be purchased on the Dark Web and via other channels. Valid passports are available from a number of countries, including Greece. The valid passport from St. Kitts and Nevis cost between $150,000 and $400,000 and up. The lower charge is for a donation to the country’s sustainable growth fund. The $400,000 is the minimum required for a real estate purchase on the island. Crossing a border with fake paper or multiple passports can invite the question, “Why do you have these documents?” Unsatisfactory answers can result in denied entry, fines, or incarceration.
DarkCyber reports that Chinese cyber warriors have discovered how to operate side gigs. The idea is that these individuals use their hacking skills to compromise financial accounts. Another approach is to obtain digital products which can be sold to online game enthusiasts. Gamers will pay for game cheats and special powers to obtain an in game advantage.
For individuals who are concerned about facial recognition, a new fashion trend may be building up steam. Adversarial Fashion has developed clothing which uses designs and colors that can confuse facial recognition systems and license plate optical character recognition readers. DarkCyber provides information about where to order these T shirts, jackets, and other items. Plus, DarkCyber gives the viewer instructions for downloading a report about the technological weaknesses in surveillance systems.
DarkCyber is a weekly production of Stephen E Arnold. The currency series of videos ends with the August 27, 2019, program. The new series of DarkCyber videos begins on November 5, 2019. The new series will focus on policeware with an emphasis on Amazon’s products and services for law enforcement, intelligence professionals, and regulatory authorities in the US, Canada, Australia, New Zealand, and the United Kingdom.
DarkCyber programs are available on Vimeo.com and YouTube.com.
Kenny Toth, August 27, 2019
DarkCyber for August 20, 2019, Now Available
August 20, 2019
DarkCyber for August 20, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/354476523 .
The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
The story line up this week includes a feature about Anduril Technologies’ surveillance system for border monitoring. The show also includes a critique of a public report about robocalling and a comment about the increasingly loud calls for backdoors to mobile phones and encrypted messages by law enforcement in the US and other countries.
The feature story this week is about Anduril Industries, the company which is developing systems for the Department of Defense’s Project Maven. The company was founded in 2017 by Palmer Luckey. After creating the virtual reality product Oculus Rift, Luckey sold the company to Facebook. He then founded Anduril to develop next generation surveillance products and systems. His clients include US government agencies like the Department of Homeland Security. Anduril’s innovations allow software to monitor, analyze, and make decisions. These decisions can be taken without human involved, take place automatically, or employ human-machine interactions. The system can process data from digital cameras and specialized devices. These data are then federated and analyzed by the firm’s proprietary algorithms. The system can, for example, identify a herd of cattle as well as a group of people approaching a border. Anduril, however, is able to differentiate between the animals and the humans. If detection occurs at an Anduril monitoring tower, Anduril drones can also scan the area. If multiple Anduril drones are deployed in the area in which the anomaly was detected, the resolution of the system increases. In effect, Anduril has developed a way for surveillance to deliver detection, analysis, and increased resolution. An operator can immerse himself or herself in a virtual reality presentation of what the drones and the monitoring devices “see”. Anduril’s approach to US government work stands in direct contrast to that of Google. Google refused to work on Project Maven yet funded an educational artificial intelligence center in mainland China. Anduril welcomes US government work. One of the investors in Anduril suggested that Google’s attitude toward the US government could be interpreted as treasonous.
Two other stories round out this week’s episode.
Law enforcement agencies in the US and other Five Eyes member countries continue their call for a way for government agencies to access devices and messages by persons of interest. The “growing dark” problem in the US made headlines. Law enforcement investigating the Dayton, Ohio, killings have been unable to access the alleged shooter’s mobile phone data. DarkCyber anticipates increasingly loud calls for legislation to make it mandatory for technology companies to cooperate with law enforcement when courts permit access to mobile devices.
DarkCyber calls attention to an article which provides a road map for an individual who wants to run a robocall operation. The details of the method are reviewed. Plus, DarkCyber names two services which allow a robocall spammer to set up an operation with a few clicks online. One of these services includes a “press one feature” which allows the robocaller to charge the individual who happens to answer the telephone. DarkCyber finds these types of “how to” articles somewhat troubling. The information may encourage some individuals to launch a robocall business and runs scams anonymously.
A new multi part series about Amazon policeware initiative begins on November 5, 2019. DarkCyber programs are available on Vimeo.com and YouTube.com.
Note that DarkCyber will begin a new series of programs on November 5, 2019. The current series or “season” ends on August 27, 2019. We are developing the new series now. It’s about everyone favorite online bookstore with an emphasis on policeware and intelware.
Kenny Toth, August 20, 2019
DarkCyber for August 6, 2019, Now Available
August 6, 2019
DarkCyber for August 6, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/351872293. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
DarkCyber (August 6, 2019) explores reports about four high-profile leaks of confidential or secret information. Each “leak” has unique attributes, and some leaks may be nothing more than attempts to generate publicity, cause embarrassment to a firm, or a clever repurposing of publicly available but little known information. Lockheed Martin made available in a blog about automobiles data related to its innovative propulsion system. The fusion approach is better suited to military applications. The audience for the “leak” may be US government officials. The second leak explains that the breach of a Russian contractor providing technical services to the Russian government may be politically-motivated. The information could be part of an effort to criticize Vladimir Putin. The third example is the disclosure of “secret” Palantir Technologies’ documents. This information may create friction for the rumored Palantir INITIAL PUBLIC OFFERING. The final secret is the startling but unverified assertion that the NSO Group, an Israeli cyber security firm, can compromise the security of major cloud providers like Amazon and Apple, among others. The DarkCyber conclusion from this spate of “leak” stories is that the motivations for each leak are different. In short, leaking secrets may be political, personal, or just marketing.
Other stories in this week’s DarkCyber include:
A report about Kazakhstan stepped up surveillance activities. Monitoring of mobile devices in underway in the capital city. DarkCyber reports that the system may be deployed to other Kazakh cities. The approach appears to be influenced by China’s methods; namely, installing malware on mobile devices and manipulating Internet routing.
DarkCyber explains that F Secure offers a free service to individuals who want to know about their personal information. The Data Discovery Portal makes it possible for a person to plug in an email. The system will then display some of the personal information major online services have in their database about that person.
DarkCyber’s final story points out that online drug merchants are using old-school identity verification methods. With postal services intercepting a larger number of drug packages sent via the mail, physical hand offs of the contraband are necessary. The method used relies on the serial number on currency. When the recipient provides the number, the “drug mule” verifies that number on a printed bank note.
DarkCyber videos appears each week through the September 30, 2019. A new series of videos will begin on November 1, 2019. Programs are available on Vimeo.com and YouTube.com.
Kenny Toth, August 6, 2019
DarkCyber for July 30, 2019, Now Available
July 30, 2019
DarkCyber for July 30, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/350567599. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
DarkCyber (July 30, 2019) explores China’s aggressive method of dealing with encrypted messaging; Perceptics’ data breach and its consequences; a way to determine email links to other online services; and Palantir’s secret Gotham information exposed.
This week’s lead story concerns Palantir Technologies, a vendor of search and analytic tools for analysts. Founded in 2003, Palantir has draped a cloak of secrecy over one of its flagship products, now more than 16 years’ old. The information about the “secret” document appeared in Vice, an online information service. For those unfamiliar with investigative software, the revelations were of interest to some individuals. Vice’s public records request yielded a user manual written for police with access to the Palantir Gotham “intelware” system. The manual—described as secret and confidential—provides step-by-step instructions for performing certain investigative tasks; for example, how to obtain a profile of a person of interest, how to obtain information about a vehicle, and similar basic investigative questions.
Other stories in the July 23, 2019, program are:
First, China has introduced a very direct method of obtaining access to content on mobile phones and tablets. Citizens and allegedly some visitors have to install software from Xiamen Meiya Pico Information Company. The MFSocket software provides access to images, audio files, location data, call logs, messages, and the phone’s calendar and contacts, including those used in the messaging app Telegram. It is possible that the Meiya Pico organization has a cooperative relationship with the Chinese government. The company allegedly has 40 percent of the Chinese digital forensics market.
Second, a Web service named Deseat.me provides a useful service. Few people know what Web sites and Web services are linked to a person’s email address. Deseat.me makes locating this information easy. The service, at this time, is offered without charge. DarkCyber points out that many modern policeware systems offer a similar functionality for any email address. Deseat, along with a small number of similar services, makes the process of locating these linked sites and services easy and quick.
Finally, Perceptics, a company best known for its license plate identification system, suffered a security breach. Among the items of information compromised were US government data and a range of Perceptics’ proprietary data. The information allegedly included data related to recent border activities, a contentious issue in the United States. Perceptics may find that making sales to the US government more difficult. A loss of contracts would adversely impact the company’s revenue. A larger issue is that the security measures implemented by a company engaged in cyber services failed to deploy systems which guarded high-value data. The cost of a data breach can be high and create a public relations challenge for organizations more comfortable operating in a low-profile way.
DarkCyber videos appears each week through the September 30, 2019. A new series of videos will begin on November 1, 2019. Programs are available on Vimeo.com and YouTube.com.
Kenny Toth, July 30, 2019
DarkCyber for July 23, 2019, Now Available
July 23, 2019
DarkCyber for July 23, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/349282829. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s DarkCyber reports about Australia’s use of its anti-encryption law; tools for video piracy, a profile of SearchLight Security’s Cerberus system, and where to get information needed to join a Dark Web forum.
This week’s lead story concern easily findable software to facilitate video piracy and streaming. A report in TorrentFreak presents information from an unnamed source. This individual allegedly has been involved in video piracy and streaming for an extended period of time. The individual provides specific information about some of the software needed to remove digital rights management protections from commercial, copyrighted video content. The DarkCyber research team was able to locate software designed for the same purpose. No Dark Web and Tor were required. More significantly, these programs can be located by anyone with access to a browser and a Web search engine like Bing, Google, or Yandex. DarkCyber’s research has revealed that industrialized crime is now playing a larger role in streaming stolen video content.
Other stories in the July 23, 2019, program are:
First, Australia’s anti encryption law is now being put to use. The new regulations were used in the warrant to obtain content from a journalist. Australia is a member of the Five Eyes confederation. Australia’s law requires companies to cooperate with law enforcement and provide access to encrypted and other secured information. Canada, New Zealand, the United Kingdom, and the United States are likely to have elected officials who will seek to implement similar laws. News organizations in Australia perceive such laws as a threat.
Second, DarkCyber profiles a company founded in 2017 focused on providing law enforcement and intelligence professionals with an investigative tool. The company indexes a range of content, including forums, Dark Web sites and services, and social media content. Plus the company has created an easy-to-use interface which allows an investigator or analyst to search for a person of interest, an entity, or an event. The system then generates outputs which are suitable for use in a legal matter. The company says that use of its system has grown rapidly, and that the Cerberus investigative system is one of the leaders in this software sector.
Finally, DarkCyber provides information about a new report from IntSights, a cyber-intelligence firm. The report includes information which helps an individual to gain access to “cracker” forums and discussion groups which examine topics such as credit card fraud, money laundering, contraband, and similar subjects. The video provides the information required to download this report.
DarkCyber videos appears each week through the September 30, 2019. A new series of videos will begin on November 1, 2019. Programs are available on Vimeo.com and YouTube.com.
A new series of DarkCyber begin in November 2019.
Kenny Toth, July 23, 2019
DarkCyber for July 16, 2019, Now Available
July 16, 2019
This week’s program is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/348009146. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
This week’s story line up includes: An Australian teen with 20,000 LSD doses; a money laundering operation run within a Florida prison; a how to guide for credit card fraudsters; Facebook’s digital currency triggers domain name land rush; and Interpol smashes a global child sex crime operation.
This week’s lead story talks about Facebook’s digital currency. Regulators in the US have expressed some reservations about what could be considered a sovereign currency. Facebook’s effort to unify its messaging applications and integrate encryption into the service poses one additional hurdle for investigators. The proposed digital currency called Libra may enable seamless, friction free financial transactions within the encrypted Facebook system. Bad actors are likely to test the system to find ways to use Facebook for illegal activities. Messaging apps can provide access to digital content like pirated videos, child pornography, commercial software with its security compromised, and similar digital contraband.
Other stories in the July 16, 2019, program are:
First, an Australian teenager used the Dark Web to purchase LSD, a controlled substance. The Australian Joint Agency Strike Team monitored the teenager’s activity which included setting up a mail drop in the central business district of Adelaide. When police moved in, they seized 20,000 doses or “tabs” of LSD. The contraband had an estimated street value of US$200,000. The legal representative of the alleged drug dealer pointed out that the young man had good family support. The teen also had knowledge of the Dark Web, a mail drop, and the 20,000 LSD tabs.
Second, Terbium Labs issued a new report which provides information about credit card fraud. For security professionals, the report is a concise review of key factors. To an individual looking for a primer explaining credit card fraud or “carding” the Terbium report is an interesting resource. Terbium points out that lesson plans for would be credit card fraudsters are available on the Dark Web. Most of the instructional material and guides cost between $4 and $13. Similar information can be located using Regular Web search engines. DarkCyber reveals that Yandex.com offers both current credit card fraud instruction guides as well as direct links to explanatory videos. This type of information may pose a dilemma for public search engines. For an individual seeking information about how to perform financial fraud, the abundance of available information is remarkable for its scope and its ready availability.
Third, convicted criminals in Pasco Country, Florida, operated a money laundering scheme from their cells. The angle was to obtain stolen credit cards from a Dark Web marketplace and transfer money from the credit card to a prisoner’s personal commissary account. Many US prisons allow inmates to purchase snacks and approved items from this prison store. Once the money was in a prisoner’s account, the ringleader then submitted a request for the prison to transfer the money to the account of an individual who was not in prison. Investigators identified the prisoners involved in the scheme, arrested one person who acted as an accomplice, and identified seven other individuals involved the the operation. A total of $8,000 was stolen in 40 separate transactions.
Finally, DarkCyber reports that Interpol’s Blackwrist investigated a global child sex crime operation. Dozens of individuals were arrested. One pedophile has been sentenced to more than 100 years in a Thailand prison. Others snared in the sweep are allegedly individuals who have abused children, some as young as 15 months. Blackwrist continues its investigations and more arrests are expected.
Kenny Toth, July 16, 2019
-
- Subscribe to Beyond Search
Feature archive
News archive
-
