DarkCyber for June 29, 2021, Now Available: Operation Trojan Shield Provides an Important Lesson
June 29, 2021
DarkCyber 13 discusses the Operation Trojan Shield sting. You can view the video at this link. The focus is on three facets of the interesting international takedowns not receiving much attention. The wrap up of the program is a lesson which should be applied to other interesting mobile device applications. If you are wondering how useful access to app data and its metadata are, you may find this 11 minute video thought provoking. DarkCyber is a production of Stephen E Arnold, a semi-retired consultant who dodges thumbtypers, marketers, and jargon lovers. Remember: No ads and no sponsors. (No, we don’t understand either but he pays our modest team like clockwork.)
Kenny Toth, June 29, 2021
Smart Devices and Law Enforcement: Yes, the Future
June 28, 2021
I read “Security Robots Expand across U.S., with Few Tangible Results.” The write up highlights Yet Another Security Sales Play or YASSP. The write up states:
Officer Aden Ocampo-Gomez, a spokesman for the Las Vegas Metropolitan Police Department, said that while the complex is no longer in the agency’s top 10 list for most frequent 911 calls in the northeastern part of the Las Vegas Valley, he doesn’t think all the credit should go to Westy. “I cannot say it was due to the robot,” he said.
No surprise. Crime is a result of many factors; some of which make many, many people uncomfortable. A parent loses a job and steals money from an old timer with a cane. A hormone filled young person frustrated with a person staring decides to beat up the clueless person looking for a taxi. A street person needs a snort of Cisco. Many examples, and I have not wandered into the thicket of gangs, vendettas, psychological weirdness, or “hey, it seemed like fun.”
The write up does bump up a reality for vendors of police-related technology. Here’s an interesting passage:
But the finances behind the police robot business is a difficult one. Last year, Knightscope lost more money than ever, with a $19.3 million net loss, nearly double from 2019. While some clients are buying more robots, the company’s overall number of clients fell to 23, from 30, in the past four years. Plus, the number of robots leased has plateaued at 52 from the end of 2018 through the end of last year. The pandemic certainly didn’t help things. Just two months ago, Knightscope told investors that there was “substantial doubt regarding our ability to continue” given the company’s “accumulated deficit,” or debt, of over $69 million as of the end of 2020. Its operating expenses jumped by more than 50 percent, including a small increase on research, and a doubling of the company’s marketing budget. Knightscope itself recently told investors that absent additional fundraising efforts, it will “not be solvent after the third quarter of 2022.”
Earlier this month I gave a talk to a group on the East Coast affiliated with a cyber crime outfit. One question popped up on the Zoom chat:
What’s law enforcement look like in five years?
As I have pointed out many times, if I could predict the future, I would be rolling in Kentucky Derby winnings. I said something to the effect, “More technology.”
That’s what CNBC is missing in its write up about the robot outfit Knightscope: Enforcement agencies worldwide are trying to figure out how to attract individuals who will enforce laws. Australia has explored hiring rehabbed criminals for special roles. Several years ago, I had dinner with one of these individuals, and I came away thinking, “This is a perfect type for undercover work.”
The major TV outlets in my area of the Rust Belt routinely run interviews with government officials who point out that there are employment opportunities in law enforcement.
The problem is that finding employees is not easy. Once a person is an employee, often that individual wants to work on a schedule appropriate to the person, not the organization. If asked to do extra work, the employee can quit or not show up. This issue exists at fast food outfits, manufacturing plants, and government agencies.
What the write up ignores is that robots will work. Using semi smart devices is the future. Turn ‘em on; devices mostly work.
One can’t say that for human counterparts.
Net net: Without enough humans who will actually work, smart devices are definitely the future. I stand by my observation to the cyber crime seminar attendees. What do you want patrolling your subdivision: A smart device or a 22 year old fascinated with thumbtyping who wants a three day work week and doesn’t want to get involved.
Think about it. Knightsbridge, if I can do anything to boost your company, let me know.
Stephen E Arnold, June 28, 2021
DarkCyber for June 15, 2021, Now Available
June 15, 2021
DarkCyber is a video news program issued every two weeks. The June 15, 2021, show includes five stories:
- Pentest tools you can download and use today for free
- A free report that explains Britain’s cyber weaknesses
- Additional information about the E2EE revolution
- Another tip for finding flexible developers and programmers who will do exactly what you want done
- The FireScout, a drone with a 100 mile range and the ability to drop sonobuoys and other devices, perform surveillance, and remain aloft for up to 10 hours.
The DarkCyber video news program contains information presented in Stephen E Arnold’s lectures to law enforcement and intelligence professionals. His most recent lecture was the New Dark Web. He presented his most recent research findings to a group of more than 100 cyber fraud investigators working in Connecticut for a variety of LE and related organizations. The
The June 15, 2021, DarkCyber video program is available from Mr. Arnold’s blog splash page and can be viewed on YouTube. One important note: The video program does not contain advertisements or sponsored content. We know that’s unusual today, but the DarkCyber team prefers to operate without an invisible hand on the controls or an invisible foot on the team’s neck.
Kenny Toth, June 15, 2021
DarkCyber for June 1, 2021, Now Available
June 1, 2021
DarkCyber is a video news program about the Dark Web, cyber crime, and lesser known Internet services. This edition’s story line up includes a bad actor promoting on the regular Internet, a look at Europol’s business process analysis for industrialized cyber crime, a University of Washington research project for a do-it-yourself IMSI sniffer, two free reports about phishing, the go-to method for compromising users’ computer security, and a look at the Gaza, a new drone designed to strike at those who would wrongfully act toward certain groups. DarkCyber is produced by Stephen E Arnold with assistance from the DarkCyber research team. The programs appear twice each month. The videos are available on YouTube. You can view the video via the player on the Beyond Search blog or at https://youtu.be/f1ym19l2Y0I. No ads, no vendor supported posts, nothing but Mr. Arnold commenting on important news stories. How is this possible? No one who thumb typers knows.
Kenny Toth, June 1, 2021
DarkCyber for May 18, 2021 Now Available
May 18, 2021
DarkCyber is a twice-a-month video news program usually available on YouTube at this link. The topics in the May 18, 2021, video include a look at what the Signal subpoena “signals” about advanced US intelware systems. The program also explores ways to spy on a mobile phone. If you want to purchase your own IMSI catcher, you will find a an online ecommerce site ready to respond. (Keep in mind intercepting mobile content can be problematic in some jurisdictions.) Reluctantly we revisit the increasingly embarrassing Microsoft security software and systems. We report that a UK cyber security company has entered into a partnership with Microsoft in order to put the polish on that digital Yugo. The program profiles a not-so-clever trick to smuggle liquid meth into the United States. The scheme included a drug mule, a VW SUV, and a fuel tank available from an auto parts shop. Hint: The ploy did not work. This program’s drone news explains the new features of the UAVTEK bug nano. This is a remarkable device which can operate in swarms, perform surveillance whether in the air or perched in an inconspicuous location. The new version can carry a payload; for example, additional sensors and micro-explosives.
DarkCyber is available at www.arnoldit.com/wordpress and on YouTube. (Sometimes the really smart software used to filter objectionable content becomes irritated with the video news program. Is it because the LE and intel centric content is troublesome? Is it because DarkCyber does not run ads (no big momma ads nor from individual companies), and the content is not sponsored. No wonder videos are objectionable. I mean no ads, no sponsorships, no shilling! Terrible, right?
Kenny Toth, May 18, 2021
PS. This video is available on Facebook (we think). Try this url: https://bit.ly/3wfTnNu
An Algorithm to Pinpoint Human Traffickers
May 4, 2021
We love applications of machine learning that actually benefit society. Here is one that may soon be “Taking Down Human Traffickers Through Online Ads,” reports the Eurasia Review. The algorithm began as a way to spot anomalies (like typos) in data but has evolved into something more. Now dubbed InfoShield, it was tweaked by researchers at Carnegie Mellon University and McGill University. The team presented a paper on its findings at the most recent IEEE International Conference on Data Engineering. We learn:
“The algorithm scans and clusters similarities in text and could help law enforcement direct their investigations and better identify human traffickers and their victims, said Christos Faloutsos, the Fredkin Professor in Artificial Intelligence at CMU’s School of Computer Science, who led the team. ‘Our algorithm can put the millions of advertisements together and highlight the common parts,’ Faloutsos said. ‘If they have a lot of things in common, it’s not guaranteed, but it’s highly likely that it is something suspicious.’”
According to the International Labor Organization, ads for four or more escorts penned by the same writer indicate the sort of organized activity associated with human trafficking. The similarities detected by InfoShield can pinpoint such common authorship. The organization also states that 55% of the estimated 24.9 million people trapped in forced labor are women and girls trafficked in the commercial sex industry. Online ads are the main way their captors attract customers. The write-up continues:
“To test InfoShield, the team ran it on a set of escort listings in which experts had already identified trafficking ads. The team found that InfoShield outperformed other algorithms at identifying the trafficking ads, flagging them with 85% precision.”
The researchers ran into a snag when it came to having peers verify their results. Due to the sensitive nature of their subject, they could neither share their data nor publish examples of the similarities InfoShield identified. Happily, they found a substitute data sample—tweets posted by Twitter bots presented a similar pattern of organized activity. We’re told:
“Among tweets, InfoShield outperformed other state-of-the-art algorithms at detecting bots. Vajiac said this finding was a surprise, given that other algorithms take into account Twitter-specific metrics such as the number of followers, retweets and likes, and InfoShield did not. The algorithm instead relied solely on the text of the tweets to determine bot or not.”
That does sound promising. We hope authorities can use InfoShield to find and prosecute many, many human traffickers and free their victims.
Cynthia Murrell, May 4, 2021
DarkCyber for May 4, 2021, Now Available
May 4, 2021
The 9th 2021 DarkCyber video is now available on the Beyond Search Web site. Will the link work? If it doesn’t, the Facebook link can assist you. The original version of this 9th program contained video content from an interesting Dark Web site selling malware and footage from the PR department of the university which developed the kid-friendly Snakebot. Got kids? You will definitely want a Snakebot, but the DarkCyber team thinks that US Navy Seals will be in line to get duffle of Snakebots too. These are good for surveillance and termination tasks.
Plus, this 9th program of 2021 addresses five other stories, not counting the Snakebot quick bite. These are: [1] Two notable take downs, [2] iPhone access via the Lightning Port, [3] Instant messaging apps may not be secure, [4] VPNs are now themselves targets of malware, and [5] Microsoft security with a gust of SolarWinds.
The complete program is available — believe it or not — on Tess Arnold’s Facebook page. You can view the video with video inserts of surfing a Dark Web site and the kindergarten swimmer friendly Snakebot at this link: https://bit.ly/2PLjOLz. If you want the YouTube approved version without the video inserts, navigate to this link.
DarkCyber is produced by Stephen E Arnold, publisher of Beyond Search. You can access the current video plus supplemental stories on the Beyond Search blog at www.arnoldit.com/wordpress.
We think smart filtering is the cat’s pajamas, particularly for videos intended for law enforcement, intelligence, and cyber security professionals. Smart software crafted in the Googleplex is on the job.
Kenny Toth, May 4, 2021
Ransomware: A Great Lakes of Sitting Ducks
April 29, 2021
I read “No Ransomware Silver Bullet, Crooks Out of Reach.” The explicit point in the write up is that ransomware is a big deal and there’s no fix in sight. The implicit point is that existing cyber security systems don’t work. In the sunshine of SolarWinds, I assumed there was cyber security progress. Yeah, sorry.
The write up states:
The U.S. government now deems ransomware a national security threat. The FBI has just created a task force to tackle it.
The bad actors are slick operators; for example:
Some top ransomware criminals fancy themselves software service professionals. They take pride in their “customer service,” providing “help desks” that assist paying victims in file decryption. And they tend to keep their word. They have brands to protect, after all.
What’s the fix?
Committee meetings, recommendations, legislative action – these are good ideas.
In short, there is a veritable Great Lakes filled with sitting ducks. Have you tried to herd ducks? I have. Tough work. Marketing, reports, and hearings are much easier. Quack, quack, quack.
Stephen E Arnold, April 29, 2021
Cyber Security Quote to Note: Seeing Is Important
April 28, 2021
I read a Washington Post article with a somewhat misleading title. The main point of the write up is that the US Department of Defense began using a large block of IP addresses in January 2021. These reason for the shift from dormant holding to active use of the Internet addresses related to cyber security. That’s the explanation in the write up. In the news story there was an important statement attributed to an anonymous source (a very popular way to report “real” news). Here’s the quote:
If you can’t see it, you can’t defend it.
In my opinion this is accurate. The statement underscores what I have commented upon in this blog and in my DarkCyber bimonthly video program DarkCyber. The SolarWinds and more recent security missteps have been missed by the commercial and governmental systems designed to spot cyber attacks and malware.
Having more traffic to monitor is a good thing. The problem is what I call the 21st century horse and barn situation. Here it is again:
Barn burned. Horses gone. Globus (Russia) retail space constructed where the hay used to be stored.
Better late than never? Yeah, sure.
Stephen E Arnold, April 28, 2021
Signal and Cellebrite: Raising Difficult Questions
April 22, 2021
Signal published an summary of its exploration of the Cellebrite software. Founded in Israel and now owned by the Japanese company Sun Corporation, Cellebrite is a frequent exhibitor, speaker, and training sponsor at law enforcement and intelligence conferences. There are units and subsidiaries of the company, which are not germane to this short blog post. The company’s main business is to provide specialized services to make sense of data on mobile devices. Yes, there are other use cases for the company’s technology, but phones are a magnet at the present time.
“Exploiting Vulnerabilities in Cellebrite UFED and Physical Analyzer from an App’s Perspective” makes clear that Cellebrite’s software is probably neither better nor worse than the SolarWinds, Microsoft Exchange Server, or other vendors’ software. Software has bugs, and once those bugs are discovered and put into circulation via a friendly post on a Dark Web pastesite or a comment in a tweet, it’s party time for some people.
Signal’s trope is that the Cellebrite “package” fell off a truck. I am not sure how many of those in my National Cyber Crime 2021 lectures will find that explanation credible, but some people are skeptics. Signal says:
[Cellebrite’s] products have often been linked to the persecution of imprisoned journalists and activists around the world, but less has been written about what their software actually does or how it works. Let’s take a closer look. In particular, their software is often associated with bypassing security, so let’s take some time to examine the security of their own software.
The write up then points out vulnerabilities. The information may be very useful to bad actors who want to configure their mobile devices to defeat the Cellebrite system and method. As readers of this blog may recall, I am not a big fan of disclosures about specialized software for certain government entities. Others — like the Signal analysts — have a different view point. I am not going to get involved in a discussion of this issue.
What I want to point out is that the Signal write up, if accurate, is another example of a specialized services vendor doing the MBA thing of over promising, overselling, and over marketing a cyber security solution.
In the context of the cyber security threat intelligence services which failed to notice the not-so-trivial SolarWinds, Microsoft Exchange Server, and Pulse Secure cyber missteps — the Signal essay is important.
Let me express my concern in questions:
What if the cyber security products and services are not able to provide security? What if the indexes of the Dark Web are not up to date and complete so queries return misleading results? What if the auto-generate alerts are based on flawed methods?
The cyber vendors and their customers are likely to respond, “Our products are more than 95 percent effective.” That may be accurate in some controlled situations. But at the present time, the breaches and the Signal analysis may form the outlines of a cyber environment in which expensive cyber tools are little more than plastic hammers and saws. Expensive plastic tools which break when subjective to real world work.
Stephen E Arnold, April 22, 2021