Amazon Policeware: Fraud Detection
August 4, 2020
We spotted “Fraud Detector Launched on AWS Platform.” As one pre pandemic, face-to-face conference organizer told me, “No one cares about Amazon policeware. The future is quantum computing.”
Yeah, okay.
Amazon does not buy big booths at law enforcement and intelligence conferences. For now, that’s the responsibility of its partners. No booth, no attention at least for one super charged quantum cheerleader.
The write up states:
With Amazon Fraud Detector, customers use their historical data of both fraudulent and legitimate transactions to build, train, and deploy machine learning models that provide real-time, low-latency fraud risk predictions. To get started, customers upload historical event data (e.g. transactions, account registrations, loyalty points redemptions, etc.) to Amazon Simple Storage Service (Amazon S3), where it is encrypted in transit and at rest and used to customize the model’s training. Customers only need to provide any two attributes associated with an event (e.g. logins, new account creation, etc.) and can optionally add other data (e.g. billing address or phone number). Based upon the type of fraud customers want to predict, Amazon Fraud Detector will pre-process the data, select an algorithm, and train a model.
And what does an Amazon person whom remains within the Amazon box with the smile on the side say? The write up reports:
Customers of all sizes and across all industries have told us they spend a lot of time and effort trying to decrease the amount of fraud occurring on their websites and applications. By leveraging 20 years of experience detecting fraud coupled with powerful machine learning technology, we’re excited to bring customers Amazon Fraud Detector so they can automatically detect potential fraud, save time and money, and improve customer experiences—with no machine learning experience required.
Several observations:
- Combined with “other” financial data available within the AWS system, Amazon’s fraud detection system may be of interest to some significant financial services firms.
- The technology provides a glimpse of what AWS can support; for example, matching tax returns to “other” financial signals in order to flag interesting returns.
- The technical widgets in the AWS structure makes it possible for a clever partner to reinvent a mostly unknown financial task: Identification or flagging of medical financial data for fraud. Subrogation with the point-and-click Amazon interface? Maybe.
To sum up, we offer a one hour lecture about Amazon’s policeware initiative. I know “free” is compelling, but this lecture costs money. For details write darkcyber333 at yandex dot com. Note: The program is different from our Amazon lecture for the 2020 US National Cyber Crime Conference.
No, it is not about the Quantum Computer Revolutions, but we do discuss Amazon’s Quantum Ledger Database. It works. Some quantum computing demonstrations do not.
Stephen E Arnold, August 4, 2020
Tech Downturn May Boost the Spirits of Criminal Combines
August 4, 2020
DarkCyber noted “Developer, Data Science Jobs: US Tech Is Taking a Worse Hit Than Other Sectors.” The write up reports:
New US tech job postings started to fall behind other sectors in mid-May and have slowed down even more since then, according to Indeed. Overall job postings, as expected are down too, but only by 21% year on year versus 36% for the tech sector.
DarkCyber wants to point out that when legitimate technology jobs disappear, the technical professionals turn to gig sites to drum up business.
However, the unsuspecting professional seeking a job in networking, cyber security, or video streaming may accept a project from a company outside the US. That job, however, may be for an illegal video streaming operation run out of a store front in another country.
How does a US technical professional avoid doing work which may be ultimately to the benefit of a bad actor? Research and judgment.
Stephen E Arnold, August 4, 2020
European Union: Yes, Russia Warrants Some Attention
August 4, 2020
With so many smart people wrestling with the Google and cage fighting with England, I was surprised to read “EU, in First Ever Cyber Sanctions, Hits Russian Intelligence.” The allegedly accurate write up states:
Four members of Russia’s GRU military intelligence agency were singled out. The EU accuses them of trying to hack the wifi network of the Netherlands-based Organization for the Prohibition of Chemical Weapons, which has probed the use of chemical weapons in Syria. The 2018 attack was foiled by Dutch authorities.
In addition, two individuals described as “Chinese nationals” found themselves in the sanction target area.
There are several ways to look at this action. First, the Google is a bigger deal than the EU’s friend to the East. Second, the Brexit fishing rights thing distracted EU officials from mere intelligence and trans-national security matters. Third, maybe someone realized that cyber espionage and cyber attacks are something to think about. A couple of years or more seems pretty snappy compared to other EU projects.
Stephen E Arnold, August 3, 2020
Quantexa: A Better Way to Nail a Money Launderer?
July 29, 2020
We noted the Techcrunch article “Quantexa Raises $64.7M to Bring Big Data Intelligence to Risk Analysis and Investigations.” There were a number of interesting statements or factoids in the write up; for example:
Altogether, Quantexa has “thousands of users” across 70+ countries, it said, with additional large enterprises, including Standard Chartered, OFX and Dunn & Bradstreet.
We also circled in true blue marker this passage:
As an example, typically, an investigation needs to do significantly more than just track the activity of one individual or one shell company, and you need to seek out the most unlikely connections between a number of actions in order to build up an accurate picture. When you think about it, trying to identify, track, shut down and catch a large money launderer (a typical use case for Quantexa’s software) is a classic big data problem.
And lastly:
Marria [the founder] says that it has a few key differentiators from these. First is how its software works at scale: “It comes back to entity resolution that [calculations] can be done in real time and at batch,” he said. “And this is a platform, software that is easily deployed and configured at a much lower total cost of ownership. It is tech and that’s quite important in the current climate.”
Some “real time” systems require time consuming and often elaborate configuration to produce useful outputs. The buzzwords take precedence over the nuts and bolts of installing, herding data, and tuning the outputs of this type of system.
Worth monitoring how the company’s approach moves forward.
Stephen E Arnold, July 29, 2020
DarkCyber for July 28, 2020, Now Available
July 28, 2020
The July 28, 2020, DarkCyber is now available. You can view the program on YouTube or on Vimeo.
DarkCyber reports about online, cyber crime, and lesser known Internet services. The July 28, 2020, program includes six stories. First, DarkCyber explains how the miniaturized surveillance device suitable for mounting on an insect moves its camera. With further miniaturization, a new type of drone swarm becomes practical. Second, DarkCyber explains that the value of a stolen personal financial instrument costs little. The vendors guarantee 80 percent success rate on their stolen personally identifiable information or fullz. Third, SIM card limits are in place in South Africa. Will such restrictions on the number of mobile SIM cards spread to other countries or are the limits already in place, just not understood. Fourth, Coinbase bought a bitcoin deanonymization company. Then Coinbase licensed the technology to the US Secret Service. Twitter denizens were not amused. Fifth, Microsoft released a road map to a specific type of malware. Then two years later the story was picked up, further disseminating what amounts to a how to. DarkCyber explains where to download the original document. The final story presents DarkCyber’s view of the management lapses which made the Twitter hack a reality. Adult management is now imperative at the social media company doing its best to create challenges for those who value civil discourse and an intact social fabric.
The delay between our June 9, 2020, video about artificial intelligence composing “real” music and today’s program is easy to explain. Stephen E Arnold, the 76 year old wobbling through life, had the DarkCyber and Beyond Search team working on his three presentations at the US National Cyber Crime Conference. These programs are available via the NCC contact point in the Massachusetts’ Attorney General Office.
The three lectures were:
- Amazon policeware, which we pre-recorded in the DarkCyber format
- A live lecture about investigative software
- A live lecture about Dark Web trends in 2020.
Based on data available to the DarkCyber team, the septuagenarian reached about 500 of the 2000 attendees. Go figure.
Kenny Toth, July 28, 2020
2020: Reactive, Semi-Proactive, and Missing the Next Big Thing
July 27, 2020
I wanted to wrap up my July 28, 2020, DarkCyber this morning. Producing my one hour pre recorded lecture for the US National Cyber Crime Conference sucked up my time.
But I scanned two quite different write ups AFTER I read “Public Asked To Report Receipt of any Unsolicited Packages of Seeds.” Call me suspicious, but I noted this passage in the news release from the Virginia Department of Agriculture and Consumer Services:
The Virginia Department of Agriculture and Consumer Services (VDACS) has been notified that several Virginia residents have received unsolicited packages containing seeds that appear to have originated from China. The types of seeds in the packages are unknown at this time and may be invasive plant species. The packages were sent by mail and may have Chinese writing on them. Please do not plant these seeds.
And why, pray tell. What’s the big deal with seeds possibly from China, America’s favorite place to sell soy beans? Here’s the key passage:
Invasive species wreak havoc on the environment, displace or destroy native plants and insects and severely damage crops. Taking steps to prevent their introduction is the most effective method of reducing both the risk of invasive species infestations and the cost to control and mitigate those infestations.
Call me suspicious, but the US is struggling with the Rona or what I call WuFlu, is it not? Now seeds. My mind suggested from parts unknown that perhaps, just perhaps, the soy bean buyers are testing another bio-vector.
As the other 49 states realize that they too may want to put some “real” scientists to work examining the freebie seeds, I noted two other articles.
I am less concerned with the intricate arguments, the charts, and the factoids and more about how I view each write up in the context of serious thinking about some individuals’ ability to perceive risk.
The first write up is by a former Andreessen Horowitz partner. The title of the essay is “Regulating Technology.” The article explains that technology is now a big deal, particularly online technology. The starting point is 1994, which is about 20 years after the early RECON initiatives. The key point is that regulators have had plenty of time to come to grips with unregulated digital information flows. (I want to point out that those in Mr. Evans’ circle tossed accelerants into the cyberfires which were containable decades ago.) My point is that current analysis makes what is happening so logical, just a half century too late.
The second write up is about TikTok, the Chinese centric app banned in India and accursed of the phone home tricks popular among the Huawai and Xiaomi crowd. “TikTok, the Facebook competitor?’s” point seems to be that TikTok has bought its way into the American market. The same big tech companies that continue to befuddle analysts and regulators took TikTok’s cash and said, “Come on down.” The TikTok prize may be a stream of free flowing data particularized to tasty demographics. My point is that this is a real time, happening event. There’s nothing like a “certain blindness” to ensure a supercharged online service will smash through data collection barriers.
News flash. The online vulnerabilities (lack of regulation, thumb typing clueless users, and lack of meaningful regulatory action) are the old threat vector.
The new threat vector? Seeds. Bio-attacks. Bio-probes. Bio-ignorance. Big, fancy thoughts are great. Charts are wonderful. Reformed Facebookers’ observations are interesting. But the now problem is the bio thing.
Just missing what in front of their faces maybe? Rona masks and seed packets. Probes or attacks? The motto may be a certain foreign power’s willingness to learn the lessons of action oriented people like Generals Curtis LeMay or George Patton. Add some soy sauce and stir in a cup of Sun Tzu. Yummy. Cheap. Maybe brutally effective?
So pundits and predictive analytics experts, analyze but look for the muted glowing of threat vector beyond the screen of one’s mobile phone.
Stephen E Arnold, July 27, 2020
The Cloud Becomes the New PC, So the Cloud Becomes the Go To Attack Vector
July 24, 2020
Cloud providers are not Chatty Cathies when it comes to some of their customers’ more interesting activities. Take malware, for example. Bad actors can use cloud services for a number of activities, including a temporary way station when deploying malware, delivering bogus or spoofed Web sites as part of a social engineering play, or just launching phishing emails. Major cloud providers are sprawling operations, and management tools are still in their infancy. In fact, management software for cloud operators are in a cat-and-mouse race. Something happens, and the cloud provider responds.
“Hackers Found Using Google Cloud to Hide Phishing Attacks” provides some information about the Google and its struggles to put on a happy face for prospects and regulators while some Googlers are reading books about dealing with stressful work.
The article reports:
Researchers at cybersecurity firm Check Point on Tuesday cited an instance when hackers used advanced features on Google Cloud Platform to host phishing pages and hide them. Some of the warning signs that users generally look out for in a phishing attack include suspicious-looking domains, or websites without a HTTPS certificate. However, by using well-known public cloud services such as Google Cloud or Microsoft Azure to host their phishing pages, the attackers can overcome this obstacle and disguise their malicious intent, improving their chances of ensnaring even security-savvy victims…
What’s the fix?
Obviously vendors of cloud management software, hawkers of smart cyber security systems, and bright young PhD track cyber specialists have ideas.
The reality may be that for now, there is no solution. Exposed Amazon S3 buckets, Google based endeavors, and Microsoft (no, we cannot update Windows 10 without crashing some machines) Azure vectors are here to stay.
Perhaps one should tweet this message? Oh, right, Twitter was compromised. Yeah.
Stephen E Arnold, July 24, 2020
Russian Hacker: Maybe a Tattoo and New Opportunities for Friendship?
June 29, 2020
In my Dark Web 2020 lecture in July for the “now virtual” US National Cyber Crime Conference, I will review some of the information my study team has gathered about Russian digital crime factories. Some of these are hidden in plain sight. Others are less visible. In this interesting world, surprises are not uncommon. “Russian Cybercrime Boss Burkov Gets 9 Years” describes how “a well connected Russian hacker once described as an asset of supreme importance” booked a one-way ticket to prison. The write up explains that:
Aleksei Burkov of St. Petersburg, Russia admitted to running CardPlanet, a site that sold more than 150,000 stolen credit card accounts, and to being a founder of DirectConnection — a closely guarded underground community that attracted some of the world’s most-wanted Russian hackers.
Mr. Burkov (kopa to his Dark Web and hacker colleagues) operated DirectConnection (now offline). If you are interested in the legal explanation of Mr. Burkov’s activities, the indictment was online as of June 29, 2020, at this link. Some documents return cheerful 404 errors, and DarkCyber understands your pain.
Will Mr. Burkov share some of his knowledge about Russian cyber crime, a type of wrong doing that has been ignored by some authorities in Mr. Putin’s government? DarkCyber surmises that he may become a chatty Kathie once he experiences the delights of a sojourn in America.
Stephen E Arnold, June 29, 2020
Criminals Want Cash? An Astounding Insight for Whom Exactly?
June 15, 2020
Why is it so hard for some people to understand a concept? Cyber criminals break laws not because it is fun (some might get a kick out of it), but to steal money. The old adage “money makes the world go around” is the goal for cyber criminals, because with money they can live their desired lifestyle. Security Brief delves into a report about cyber criminal activities in: “Cybercriminals After Money More Than Anything Else-Verizon Report.”
Security Brief read the Verizon Business 2020 Data Breach Investigations Report, where there 32,000 breaches were analyzed. Of that 3950 were from eighty-one countries and 86% of the breaches were related money. When broken down by continents, 91% were in North America, 70% in Europe, Africa, and the Middle East, and 63% in Asia.
Most financially related organizations are taking precautions to protect their clients and fewer than one in twenty breaches exploit vulnerabilities. Other types of crumbier crime include:
“Other common cyber attacks include web application attacks, as threat actors go after cloud-based data. According to the report, more than 20% of attacks were against web application and used stolen credentials in some way. The report notes that the trend is worrying as more organizations shift business-critical workloads to the cloud.
Credential theft, phishing, business email compromise and other social engineering attacks caused more than 67% of breaches. Specifically, 37% of credential theft breaches used stolen or weak credentials, 25% involved phishing, and 22% involved human error.
Amongst malware incidents, ransomware was involved in 27% of cases, and 18% of organizations blocked at least one piece of ransomware in the last year.”
The article recommends businesses and users education themselves about common cyber crime attacks to prevent breaches. It is also a good idea to have a decent cyber security system that is regularly updated. Most breaches in North America involved stolen credentials, phishing/pretexting.
Money motivates cyber criminals? Why does that even need to be stated?
Whitney Grace, June 15, 2020
Brave Browsing Sniping
June 9, 2020
DarkCyber noted “The Brave Web Browser Is Hijacking Links, and Inserting Affiliate Codes.” The write up explains that the Brave browser is behaving in a way that is unseemly. The point is that a free Web browser is pitching privacy and at the same time performs some underhanded actions to generate revenue. The explanation of the digital sleight of hand is interesting and illustrates that those “gee, stuff is free” online users assume one thing and may find something different. The write up includes this list and suggestions for accessing Web sites in a non-Brave way. We quote:
There is no good reason to use Brave. Use Chromium — the open-source core of Chrome — with the uBlock Origin ad blocker. [Chromium download, uBO Chrome]
Or use Firefox with uBlock Origin — ‘cos it blocks more ads than the Chromium framework will let anything block. [uBO Firefox]
Or, if you want a really cleaned-out Chrome — ungoogled-chromium, with uBlock Origin. [GitHub]
If you’re on Android, use Firefox with uBlock Origin, or the new Firefox Focus browser. [Mozilla]
Brave is a browser for suckers who want to keep getting played — so it’s a 100% crypto enterprise. As Eich’s pinned tweet still tells us: “Who gets paid? If not you, then you’re ‘product’.” [Twitter]
DarkCyber is not sure if this comment is as ominous as it sounded to one DarkCyber researcher:
Brendan Eich has responded to this post by claiming “David lies about us all the time.” I have pointed out that this is a prima facie defamatory statement, and asked him to detail these claimed lies. [Twitter, archive]
Mr. Eich is the alleged perpetrator of the Brave misdeeds. Online marketing and advertising are fascinating disciplines.
Stephen E Arnold, June 8, 2020
-
- Subscribe to Beyond Search
Feature archive
News archive
-
