DarkCyber for March 31, 2020, Now Available
March 31, 2020
DarkCyber video news program interviews Robert David Steele, a former CIA professional, about human trafficking. Among the topics touched upon in the video are:
- Why human trafficking is useful to intelligence operatives
- The mechanics of running an entrapment operation.
- Jeffrey Epstein’s activities
- The role of Ghislaine Maxwell, daughter of Israeli spy Robert Maxwell.
Mr. Steele’s comments reflect his involvement in a book about human trafficking. The video provides a link to a free download of information not widely disseminated.
You can view the program on Vimeo at this link or on YouTube at this link.
Kenny Toth, March 31, 2020
Cellebrite: Low Profile Outfit Shares Some High Value Information
March 27, 2020
Cellebrite, now owned by Japanese interests, is not a household word. That’s good from DarkCyber’s point of view. If you want to know more about this company, navigate to the company’s Web site.
“Cellebrite Unveils the Top Global Digital Intelligence Trends for 2020” provides observations / finds in its Annual Digital Intelligence Industry Benchmark Report for 2020. Our video program will consider some of these findings in the context of cyber intelligence. However, there are four items of interest which DarkCyber wants to highlight in this short article.
Intelligence and other enforcement agencies are slow to adapt. This finding is in line with DarkCyber’s experience. We reported on March 24, 2020, in our DarkCyber video that the Canadian medical intelligence firm Bluedot identified the threat of the corona virus in November 2019. How quickly did the governments of major countries react? How is the US reacting now? The “slowness” is bureaucratic friction. Who wants to be identified as the person who was wrong? In terms of cyber crime, Cellebrite’s data suggest “43 percent of agencies report either a poor or mediocre strategy or no digital intelligence strategy at all.” [emphasis added].
Government agency managers want modernization to help attract new officers. The Cellebrite study reports, “Most agency managers believe police forces that embrace mobile tech to collect digital evidence in the field will help reduce turnover and be significantly more prepared to meet the digital evidence challenges of 2020.” DarkCyber wants to point out that skilled cyber professionals do not grow on trees. Incentives, salaries, and work magnetism are more important than “hopes.”
Budgets are an issue. This is a “duh” finding. DarkCyber is not being critical of Cellebrite. Anyone involved directly or indirectly in enforcement or intelligence knows that bad actors seem to have infinite scalability. Government entities do not. The report says, “With the deluge of digital devices and cloud data sources, examiners face an average 3-month backlog and an average backlog of 89 devices per station. The push for backdoors is not designed to compromise user privacy; it is a pragmatic response to the urgent need to obtain information as close to real time as possible. Cellebrite’s tools have responded to the need for speed, but for many governments’ enforcement and intelligence agencies, a 90 day period of standing around means that bad actors have an advantage.
DarkCyber will consider more findings from this report in an upcoming video news program. Watch this blog for the release date for the program.
Stephen E Arnold, March 27, 2020
Dark Web Search: Specialized Services Are Still Better
March 26, 2020
Free Dark Web search is a hit-and-miss solution. In fact, “free” Dark Web search is often useless. Some experts do not agree with DarkCyber’s view, however. The reason is that these experts may not be aware of the specialized services available to government agencies and qualified licensees.
Here’s a recent example of cheerleading for a limited Dark Web search system.
A search engine does not exist for the Dark Web, until now says Digital Shadows in the article, “Dark Web Search Engine Kilos: Tipping The Scales InFavor Of Cybercrime.” Back in 2017, there used to be a search engine dubbed Grams that specialized in searching the Dark Web. It was taken down when its creator Larry Harmon, supposed operate of Helix the Bitcoin tumbling service. The Dark Web was search engine free, until November 2019 when Kilos debuted.
Kilos piggy backs on the same concept of Grams: using a Google-like search structure to locate illegal goods and services, bad actors, and cybercriminal marketplaces. Kilos has indexed more platforms, search functions, and includes many ways to ensure that users remain anonymous. Grams and Kilos are clearly linked based on the names that are units of measure.
Grams was the prominent search engine to use for the Dark Web, because it searched every where including Dream Market, Hansa, and AlphaBay and users could also hide their Bitcoin transactions via Helix. Grams did not have a powerful structure to crawl and index the Internet. Also it was expensive to maintain. This resulted in it going dark in 2017.
The argument is that Kilos is killing the Dark Web search scene as a more robust and powerful crawler/indexer. It already has indexed Samsara, Versus, Cannazon, CannaHome, and Cryptonia. Plus it has way more search functions to filter search results. Every day Kilos indexes more of the Dark Web’s content and has a unique feature Grams did not:
“Since the site’s creation in November 2019, the Kilos administrator has not only focused on increasing the site’s index but has also implemented updates and added new features and services to the site. These updates and features ensure the security and anonymity of its users but have also added a human element to the site not previously seen on dark web-based search engines, by allowing direct communication between the administrator and the users, and also between the users themselves.”
Kilos is adding more services to keep its users happy and anonymous. Among the upgrades are a CAPTCHA ranking system, faster search algorithm, a new Bitcoin mixer service, live chat, and ways to directly communicate with the administration.
Reading about Kilos sounds like an impressive search application startup, but wipe away the technology and its another tool to help bad actors hurt and break the system.
So what’s the issue? Kilos focuses on Dark Web storefronts, not the higher-value content in other Dark Web, difficult-to-index content pools.
But PR is PR, even in the Dark Web world.
Whitney Grace, March 26, 2020
DarkCyber for March 24, 2020, Now Available
March 24, 2020
DarkCyber for March 24, 2020, covers four stories. You can view the video on YouTube or on Vimeo.
The first story explains that phishing is a contentious issue in many organizations. Managers see phishing one way; information and security professionals often have a different view. The divide can create more vulnerabilities for organizations ignoring the escalating risk from weaponized email.
The second story provides some information about Banjo (a US firm engaged in providing specialized services to law enforcement) and BlueDot (a Canadian company applying advanced analysis to open source and limited access medical information). The story makes clear that the methods of these firms provide excellent insight into how some specialized software systems deliver high value intelligence to law enforcement and intelligence professionals worldwide.
The third story provides information about a Department of Justice report aimed at Dark Web researchers. The document is available without charge from the url provided in the program. Failure to follow the guidelines in the document can convert a researcher into a bad actor.
The final story reviews recent steps taken by the Russian government to exert tighter control over Internet applications. The affected software includes Tor and the Telegram Open Network. Mr. Putin has become Russia’s first digital tsar.
Kenny Toth, March 24, 2020
Need a List of Hacker Handles?
March 17, 2020
Just a quick note. Navigate to Black Hat Pro Tools, and click on “Community,” then “Members.” The site provides a tidy list of several thousand hacker handles. Here’s an example, including three identities associated with “Elite Team”:
What’s the value of these? Some hackers, just like regular people, reuse their online names or portions of those names. With the right investigative tools, one can pinpoint other related and sometimes interested information. Black Hat Pro Tools does not require special software to visit.
Stephen E Arnold, March 17, 2020
DOJ Suggestions for Threat Research and Cyber Intelligence Gathering
March 13, 2020
DarkCyber spotted “Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources.” The Department of Justice has assembled what a mini best practices for those who are gathering certain types of cyber security information; for example, Dark Web fora.
The document states:
The application of federal criminal law to activities occurring online can be complicated.
That should be a yellow warning signal to those who embark on digital journeys into certain parts of the datasphere. The document provides some information about different ways to gather information from online discussion groups.
Online storefronts can appear to provide a way to purchase products or services which, in some jurisdictions, are problematic.
The document is informative and, in DarkCyber’s opinion, a useful contribution to the literature related to obtaining threat intelligence.
Net net: Don’t intentionally or unintentionally become what some authorities would consider a criminal. Plus, any spelunking in certain areas of the datasphere can change a curious eager beaver into a target for bad actors.
Stephen E Arnold, March 13, 2020
Phishing Faces a Tough Competitor
March 13, 2020
DarkCyber spotted a factoid which could be marketing dressed up in factual finery or a datum which is accurate. You will have to figure out which.
Navigate to “Adware Accounts for 72% of Mobile Malware: Avast.” The write up states:
Adware or software that hijacks a device in order to spam the user with unwanted ads now accounts for 72 per cent of all mobile malware, says a new report from cybersecurity firm Avast.
But what about the other 28 percent of digital legerdemain?
The remaining 28 per cent consist of banking Trojans, fake apps, lockers, and downloaders, according to statistics gathered by Avast’s Threat Lab experts.
The write up points out:
Adware often disguises itself in the form of gaming and entertainment apps, or other app types that are trending and therefore are interesting targets with a high potential to spread far. These apps may appear harmless, but once they have infected a device they will surreptitiously click on ads in the background. Sometimes, adware also serves ads with malicious content.
Phishing may lose its pride of place among bad actors.
By the way, the data in the write up, if on the money, does not explain how malware on a mobile phone can perform a number of other useful services for the developer. These services can be helpful to certain types of professionals working in field other than Madison Avenue pursuits.
Stephen E Arnold, March 13, 2020
Russia: Ever the Innovator for Internal Controls
March 12, 2020
DarkCyber tries to ignore Russia. The Fancy Bears, the hackers, and the secretive university research facilities—these give the team a headache. We spotted a headline which caused us to lift our gaze from more interesting innovations in Herliya and Tel Aviv to read “Russia Seeks to Block ‘Darknet’ Technologies, Including Telegram’s Blockchain.” According to the story:
A Russian government agency has requested contractor bids to find ways to block censorship-resistant internet technologies, like mesh networks. The list includes messaging app company Telegram’s yet-to-be-launched blockchain.
The technologies which Russia deems problematic include:
mesh networks, Internet of Things (IoT) protocols and protocols allowing anonymous browsing, including Invisible Internet Project (I2P), The Onion Router (TOR), Freenet, Zeronet, anoNet – and one blockchain, the Telegram Open Network (TON).
Other countries are likely to have similar concerns. Client states are likely to benefit from any Russian innovations which blunt these digital tools.
DarkCyber has a slightly different view:
- The technologies needed to deal with these systems will be developed. How quickly is anyone’s guess. But progress will be made.
- Turnover within research entities and Russia’s dynamic and quite interesting commercial sector is ongoing.
- Certain entrepreneurs apply innovations to what some people might describe as “extra legal” activities. If these individuals and their corporate constructs enjoy the benefit of positive support from some Russian officials, the innovations will find their way into a gray market.
Net net: Censorship is part of the government agenda. The new tools will have an impact outside of the Russian nation states. Censorship and monitoring go hand in hand in some countries.
Stephen E Arnold, March 12, 2020
DarkCyber for March 10, 2020, Now Available
March 10, 2020
DarkCyber for March 10, 2020, includes four stories. The first is a look at how BriefCam’s smart software generates video synopses of surveillance viden. The second presents information about the geotracking capabilities enabled by aggregated data from vendors like Venntel and Oracle, among others. The third story dips bnack into phishing-rich data flows. There’s is a reason why bogus email exploits are increasing. Watch to find out the reason. The final story discloses the Amflyfi and Deep Web Technologies mergers. Is a new intelware giant taking shape. Check out this week’s video to learn what DarkCyber thinks.
Kenny Toth, March 10, 2020
Fighting Cyber Crime: New Approach Described by FBI
March 6, 2020
DarkCyber noted a report from ABC News called “FBI Working to ‘Burn Down’ Cyber Criminals’ Infrastructure.” The report states that “law enforcement agents are working to take out the tools that allow increasingly dangerous cyber criminals to carry out their devastating attacks.”
Some factoids appeared in the write up:
- A 40 percent increase in ransomware attacks between 2018 and 2019
- Ransomware has emerged as a major bad actor method
- Foreign actors are using cyber attacks to steal information from certain vendors in the US.
As DarkCyber points out in the forthcoming March 10, 2020, video program many of the hacker tools are available as open source software. Programming languages widely taught in schools and online courses provide the equivalent of a tabula rasa for bad actors. An often overlooked source of “how to” information are instructional information, code snippets, and technical road maps distributed via online discussion groups. Dark Web resources exist, but there are bad actors advertising their software and expertise available via a standard Web browser. Will the infrastructure focus result in stepped up investigations of hosting providers?
This new approach illustrates a shift in response to the escalating risks associated with online connectivity.
Stephen E Arnold, March 6, 2020
-
- Subscribe to Beyond Search
Feature archive
News archive
-
