• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

Love Phishing? New Angling Gear to Try

Registrars have long run out of TLDs (top-level domains) aka the endings at the end of websites. TLDs like .com, .net, .org, etc. are hot commodities, but in order to expand their offerings registrars added new endings that are unfortunately a new tool for bad actors says Krebs On Security: “Why Phishers Love New TLDs Like .shop, .top and .xyz“. Phishing attacks increased 40% in 2024, mostly on Web sites that end with .shop, .top., xyz, and other generic TLDs (gTLDs).

Interisle Consulting conducted a study on new gTLDs sponsored y many anti-spam organizations. Interisle discovered that gTLDs accounted for only 11% of the new domain market, but 37% of all cybercrime domains from September 2023 to August 2024.

The golds domains are very inexpensive to purchase. They can then be used on Web sites used for phishing scams and more:

“Spammers and scammers gravitate toward domains in the new gTLDs because these registrars tend to offer cheap or free registration with little to no account or identity verification requirements. For example, among the gTLDs with the highest cybercrime domain scores in this year’s study, nine offered registration fees for less than $1, and nearly two dozen offered fees of less than $2.00. By comparison, the cheapest price identified for a .com domain was $5.91.”

Scammers are very excited because the Internet Corporation for Assigned Names and Numbers (ICANN) is about to drop a boatload of new gTLDs sometime in 2026. Despite all the information about bad actors using the gTlDs, ICANN will press forward. Interisle also found that phishers can avoid paying for gTlDs with subdomain providers like weekly.com, pages.dev, and blogspot.com.

Registrars don’t care as along as they get paid. They don’t ask any questions, slap on anonymity; and collect referral fees until someone shuts the bad actors down.

Whitney Grace, January 6, 2025

Russian Drug Trade Likes That Cryptocurrency

No smart software involved. Just a dinobaby’s work.

High tech innovation meets traditional thuggery in Russia’s expanding drug trade. The Global Initiative Against Transnational Organized Crime summarizes its recent report in, “Breaking Klad: Russia’s Dead Drop Drug Revolution.” The write-up includes links to download the report and a related press release. First up, the innovation:

“There has been a groundbreaking shift in the global drug trade, pioneered in Russia and now spreading globally. Unlike traditional drug trafficking models, this system leverages darknet markets and cryptocurrency for anonymous transactions, allowing buyers to retrieve drugs from hidden physical locations, or ‘dead drops,’ rather than direct exchanges. Driven by large platforms such as Kraken, Mega, and Blacksprut [sic], Russian darknet markets control 93% of the global share, generating approximately $1.5 billion in revenue in 2023 alone. This dominance marks a new era for organized crime, with Russia’s digital drug economy vastly surpassing traditional Western darknet markets in scope and influence.”

We are told this digital shift was prompted by several factors. Increasingly restrictive anti-drug policies and strained trade relations with the West contribute. Also, drug dealers now have the technology to give their clients (and themselves) the convenience and anonymity they desire. Wonderful. The writeup mentions that, within Russia, trade in cheap-to-make synthetic drugs like mephedrone is overtaking traditional imports like cocaine and heroin. Which leads us to the thuggery:

“Youth are drawn into this high-tech drug economy, often working as couriers or ‘kladmen’ for online shops—a job that comes with high risks, including violence, criminal charges, and addiction. Violence has become endemic in the system, with enforcers, known as ‘sportsmen,’ meting out harsh punishments for couriers suspected of theft or negligence. This pervasive violence, combined with the easy availability of highly addictive synthetic drugs, is fueling a public health crisis and contributing to rising incarceration rates among young Russians.”

These young people may find miserable company in a growing number of countries; the report warns this model is spreading beyond Russia’s borders. Authorities must adapt to the new reality. Understanding Russia’s darknet markets will help, advises the report.

Cynthia Murrell, January 3 , 2025

FOGINT: What Do the Most Recent Telegram Function Enhancements Portend for 2025?

This is a report from the FOGINT research team.

For a company without a permanent office with staff who show up everyday, Telegram has been busy in December 2024. One good example is Telegram’s chopping up the video stream from its Gateway Conference held in early November 2024. The individual talks with their unique Telegram / TON Foundation quirkiness are available on YouTube at this link. One can mostly parse some speakers’ content using the Google caption function.

Also, a “real” news service has collected several other Telegram and its ecosystem announcement in “Telegram Rolls Out Third-Party Account Verification, Filters.” For those unfamiliar with Telegram, the service offered a verification process. That service remains, and “has now launched a new project to let already-verified third-party authorities, such as food quality regulators or educational consortiums, verify an account.” The article also points out that Telegram has added “filters” to the baked in search and retrieval service. FOGINT wants to point out that the search service is not very good. Retrieval remains spotty. The only way to find certain content is to monitor specific public and private groups. The content from these groups can then be downloaded or sucked from the service with a well-crafted script tuned to observe Telegram’s quite specific blocks on bulk downloading. According to the cited article, Telegram has added:

• Emoji reactions
• Sending gifts (this is a money generating angle)
• Search filters for private chats, group chats, and channels.

The write up does not ask the question, “What is the direction these features suggest Telegram and its associated entities are heading in 2025?”

Here’s FOGINT’s take on the path Telegram is likely to follow:

1. Freeing Pavel will be a top priority
2. Amping up Telegram and the TON Foundation’s crypto activities. (Telegram is the platform for TON Foundation; the Foundation is the marketing and developer magnet for the TONcoin.)
3. Provide functions and services like third party verification to show the French judiciary and others that Telegram does have “real” users and can provide investigators with some useful information maybe.

But the big priority after the “Free Pavel” action is crypto; specifically, making the Telegram platform the hub for crypto gaming and possibly some allied services like automating the movement of crypto from one coin and wallet to other wallets and coins. Tie ups with the Ku Group and other organizations providing crypto alternatives to traditional and regulated financial systems are on board and rolling out integrated services at this time.

Stephen E Arnold, January 2, 2025

FReE tHoSe smaRT SoFtWarEs!

No smart software involved. Just a dinobaby’s work.

Do you have the list of stop words you use in your NLP prompts? (If not, click here.) You are not happy when words on the list like “b*mb,” “terr*r funding,” and others do not return exactly what you are seeking? If you say, “Yes”, you will want to read “BEST-OF-N JAILBREAKING” by a Frisbee team complement of wizards; namely, John Hughes, Sara Price, Aengus Lynch, Rylan Schaeffer, Fazl Barez, Sanmi Koyejo, Henry Sleight, Erik Jones, Ethan Perez, and Mrinank Sharma. The people doing the heavy lifting were John Hughes (a consultant who does work for Speechmatics and Anthropic) and Mrinank Sharma (an Anthropic engineer involved in — wait for it — adversarial robustness).

The main point is that Anthropic linked wizards have figured out how to knock down the guard rails for smart software. And those stop words? Just whip up a snappy prompt, mix up the capital and lower case letters, and keep sending the query to a smart software. At some point, those capitalization and other fixes will cause the LLM to go your way. Want to whip up a surprise in your bathtub? LLMs will definitely help you out.

The paper has nifty charts and lots of academic hoo-hah. The key insight is what the many, many authors call “attack composition.” You will be able to get the how-to by reading the 73 page paper, probably a result of each author writing 10 pages in the hopes of landing an even more high paying, in demand gig.

Several observations:

1. The idea that guard rails work is now called into question
2. The disclosure of the method means that smart software will do whatever a clever bad actor wants
3. The rush to AI is about market lock up, not the social benefit of the technology.

The new year will be interesting. The paper’s information is quite the holiday gift.

Stephen E Arnold, December 25, 2024

FOGINT: Telegram Gets Some Lipstick to Put on a Very Dangerous Pig

Information from the FOGINT research team.

We noted the New York Times article “Under Pressure, Telegram Turns a Profit for the First Time.” The write up reported on December 23, 2024:

Now Telegram is out to show it has found its financial footing so it can move past its legal and regulatory woes, stay independent and eventually hold an initial public offering. It has expanded its content moderation efforts, with more than 750 contractors who police content. It has introduced advertising, subscriptions and video services. And it has used cryptocurrency to pay down its debt and shore up its finances. The result: Telegram is set to be profitable this year for the first time, according to a person with knowledge of the finances who declined to be identified discussing internal figures. Revenue is on track to surpass $1 billion, up from nearly $350 million last year, the person said. Telegram also has about $500 million in cash reserves, not including crypto assets.

The FOGINT’s team viewpoint is different.

1. Telegram took profit on its crypto holdings and pumped that money into its financials. Like magic, Telegram will be profitable.
2. The arrest of Mr. Durov has forced the company’s hand, and it is moving forward at warp speed to become the hub for a specific category of crypto transactions.
3. The French have thrown a monkey wrench into Telegram’s and its associated organizations’ plans for 2025. The manic push to train developers to create click-to-earn games, use the Telegram smart contracts, and ink deals with some very interesting partners illustrates that 2025 may be a turning point in the organizations’ business practices.

The French are moving at the speed of a finely tuned bureaucracy, and it is unlikely that Mr. Durov will shake free of the pressure to deliver names, mobile numbers, and messages of individuals and groups of interest to French authorities.

The New York Times write up references profitability. There are more gears engaging than putting lipstick on a financial report. A cornered Pavel Durov can be a dangerous 40 year old  with money, links to interesting countries, and a desire to create an alternative to the traditional and regulated financial system.

Stephen E Arnold, December 23, 2024

FOGINT: Big Takedown Coincident with Durov Detainment. Coincidence?

This blog post is the work of an authentic dinobaby. No smart software was used.

In recent years, global authorities have taken down several encrypted communication channels. Exclu and Ghost, for example. Will a more fragmented approach keep the authorities away? Apparently not. A Europol press release announces, “International Operation Takes Down Another Encrypted Messaging Service Used by Criminals.” The write-up notes:

“Criminals, in response to the disruptions of their messaging services, have been turning to a variety of less-established or custom-built communication tools that offer varying degrees of security and anonymity. While the new fragmented landscape poses challenges for law enforcement, the takedown of established communication channels shows that authorities are on top of the latest technologies that criminals use.”

Case in point: After a three-year investigation, a multi-national law enforcement team just took down MATRIX. The service, “by criminals for criminals,” was discovered in 2021 on a convicted murderer’s phone. It was a sophisticated tool bad actors must be sad to lose. We learn:

“It was soon clear that the infrastructure of this platform was technically more complex than previous platforms such as Sky ECC and EncroChat. The founders were convinced that the service was superior and more secure than previous applications used by criminals. Users were only able to join the service if they received an invitation. The infrastructure to run MATRIX consisted of more than 40 servers in several countries with important servers found in France and Germany. Cooperation between the Dutch and French authorities started through a JIT set up at Eurojust. By using innovative technology, the authorities were able to intercept the messaging service and monitor the activity on the service for three months. More than 2.3 million messages in 33 languages were intercepted and deciphered during the investigation. The messages that were intercepted are linked to serious crimes such as international drug trafficking, arms trafficking, and money laundering. Actions to take down the service and pursue serious criminals happened on 3 December in four countries.”

Those four countries are France, Spain, Lithuania, and Germany, with an assist by the Netherlands. Interpol highlights the importance of international cooperation in fighting organized crime. Is this the key to pulling ahead in the encryption arms race?

Cynthia Murrell, December 19, 2024

FOGINT: The Telegram – Visa Tie Up

This blog post is the work of an authentic dinobaby. No smart software was used.

This is Stephen E Arnold. Since the detainment of the Pavel Durov by French authorities, Telegram has ramped up its public disclosures about its crypto ambitions. In November 2024, Telegram linked itself publicly with Holders (a crypto services firm) and Visa, Inc. More information is available in a video is available on YouTube. Its title is “Visa: Building a Bridge between TON and Real World Use Cases.” It is at this url: https://www.youtube.com/watch?v=YhdXeybiG0I. The presenter is Nikola Plecas, who is identified as the senior director, global head of GTM & Product Commercialization, Visa Crypto. The “GTM” means “go to market.” In our lecture yesterday (December 11, 2024) for the CyberSocial Conference, we mentioned this tie up with crypto. By coincidence, the video was posted. We anticipate that this deal will ripen in 2025. Thank you.

Stephen E Arnold, December 18, 2024, 716 am US

FOGINT: Telegram Steps Up Its Cooperation with Law Enforcement

 This short item is the work of the dinobaby. The “fog” is from Gifr.com.

Engadget, an online news service, reported “Telegram Finally Takes Action to Remove CSAM from Its Platform.” France picks up Telegram founder Pavel Durov and explains via his attorney how the prison system works in the country. Mr. Durov, not yet in prison, posted an alleged Euro 5 million with the understanding he could not leave the country. According to Engadget, Mr. Durov is further modifying his attitude toward “free speech” and “freedom.”

The article states:

Telegram is taking a significant step to reduce child sexual abuse material (CSAM), partnering with the International Watch Foundation (IWF) four months after the former’s founder and CEO Pavel Durov was arrested. The French authorities issued 12 charges against Durov in August, including complicity in “distributing, offering or making available pornographic images of minors, in an organized group” and “possessing pornographic images of minors.”

For those not familiar with the International Watch Foundation, the organization serves as a “hub” for law enforcement and companies acting as intermediaries for those engaged in buying, leasing, selling, or exchanging illicit images or videos of children. Since 2013, Telegram has mostly been obstinate when asked to cooperate with investigators. The company has waved its hands and insisted that it is not into curtailing free speech.

After the French snagged Mr. Durov, he showed a sudden interest in cooperating with authorities. The Engadget report says:

Telegram has taken other steps since Durov’s arrest, announcing in September that it would hand over IP addresses and phone numbers in legal requests — something it fought in the past. Durov must remain in France for the foreseeable future.

What’s Telegram going to do after releasing handles, phone numbers, and possibly some of that log data allegedly held in servers available to the company? The answer is, “Telegram is pursuing its next big thing.” Engadget does not ask, “What’s Telegram’s next act?” Surprisingly a preview of Telegram’s future is unfolding in TON Foundation training sessions in Vancouver, Istanbul, and numerous other locations.

But taking that “real” work next step is not in the cards for most Telegram watchers. The “finally” is simply bringing down the curtain of Telegram’s first act. More acts are already on stage.

Stephen E Arnold, December 12, 2024

Telegram: Edging Forward in Crypto

This blog post flowed from the sluggish and infertile mind of a real live dinobaby. If there is art, smart software of some type was probably involved.

Telegram wants to be the one stop app for anonymous crypto tasks. While we applaud those efforts when they related to freedom fighting or undermining bad actors, the latter also uses them and we can’t abide by that. Telegram, however, plans to become the API for crypto communication says Cryptologia in, “DWF Labs’ Listing Bot Goes Live On Telegram.”

DWF Labs is a crypto enterprise capital firm and it is launching an itemizing Bot on Telegram. The Bot turns Telegram into a bitcoin feed, because it notifies users of changes in the ten main crypto exchanges: Binance, HTX, Gate.io, Bybit, OKX, KuCoin, MEXC, Coinbase Alternate, UpBit, and Bithumb. Users can also watch foreign money pairs, launchpad bulletins, and spot and/or futures listings.

DWF Labs is on the forefront of alternative currency and financial options. It is a lucrative market:

“In a latest interview, Lingling Jiang, a Associate at DWF Labs, mentioned DWF Labs’ place on the forefront of delivering liquidity providers and forging alliances with conventional finance. By offering market-making assist and funding, Jiang stated, DWF Labs provides tasks the infrastructure needed to grasp of tokenized belongings. With the launch of the brand new Itemizing Bot, DWF Labs brings market information nearer to the retail consumer, particularly these on the Telegram (TON) community. Following the introduction of HOT, a non-custodial pockets on TON powered by Chain Signature, DWF Labs’ Itemizing Bot is one other welcome addition to the ecosystem, particularly within the mild of the latest announcement of HOT Labs, HERE Pockets and HAPI’s new joint crypto platform.”

What’s Telegram’s game for 2025? Spring Durov? Join hands with BRICS? Become the new Morgan Stanley? Father more babies?

Whitney Grace, December 12, 2024

Dark Web: Clever and Cute Security Innovations

This write up was created by an actual 80-year-old dinobaby. If there is art, assume that smart software was involved. Just a tip.

I am not sure how the essay / technical analysis “The Fascinating Security Model of Dark Web Marketplaces” will diffuse within the cyber security community. I want to highlight what strikes me as a useful analysis and provide a brief, high-level summary of the points which my team and I found interesting. We have not focused on the Dark Web since we published Dark Web Notebook, a complement to my law enforcement training sessions about the Dark Web in the period from 2013 to 2016.

This write up does a good job of explaining use of open source privacy tools like Pretty Good Privacy and its two-factor authentication. The write up walks through a “no JavaScript” approach to functions on the Dark Web site. The references to dynamic domain name operations is helpful as well.

The first observation I would offer is that in the case of the Dark Web site analyzed in the cited article is that the security mechanisms in use have matured and, in the opinion of my research team, advanced to thwart some of the techniques used to track and take down the type of sites hosted by Cyberbunker in Germany. This is — alas — inevitable, and it makes the job of investigators more difficult.

The second observation is that this particular site makes use of distributed services. With the advent of certain hosting providers to offer self managed virtual servers and a professed inability to know what’s happening on physical machines. Certain hosting providers “comply” and then say, “If you try to access the virtual machines, they can fail. Since we don’t manage them, you guys will have to figure out how to get them back up.” Cute and effective.

The third observation is that the hoops through which a potential drug customer has to get through are likely to make a person with an addled brain get clean and then come back and try again. On the other hand, the Captcha might baffle a sober user or investigator as well. Cute and annoying.

The essay is useful and worth reading because it underscores the value of fluid online infrastructures for bad actors.

Stephen E Arnold, December 11, 2024

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Fogint
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month May 2025 April 2025 March 2025 February 2025 January 2025 December 2024 November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • US Cloud Dominance? China Finds a Gap and Cuts a Path to the Middle East
  • Microsoft AI: Little Numbers and Mucho Marketing
  • IBM AI Study: Would The Research Report Get an A in Statistics 202?
  • Google: Making Users Cross Their Eyes in Confusion
  • Waymo Self Driving Cars: Way Safer, Waymo Says

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org