Social Media Still a Crime Hub
March 14, 2016
It seems that most crime is concentrated on the hidden Dark Web, especially with news of identity thief and potential threats to national security making the news over the latest social media hotspot. Social media is still a hot bed for Internet crime and Motherboard has a little tale tell about, “SocioSpyder: The Tool Bought By The FBI To Monitor Social Media.” Social media remains a popular crime hub, because of the amount of the general public that use it making them susceptible to everything from terroristic propaganda to the latest scam to steal credit card numbers.
Law enforcement officials are well aware of how criminals use social media, but the biggest problem is having to sift through the large data stockpile from the various social media platforms. While some law enforcement officials might enjoy watching the latest cute kitten video, it is not a conducive use of their time. The FBI purchased SocioSpyder as their big data tool.
“ ‘SocioSpyder,’ as the product is called, ‘can be configured to collect posts, tweets, videos and chats on-demand or autonomously into a relational, searchable and graphable database,” according to the product’s website. SocioSpyder is made by Allied Associates International, a US-based contractor for government and military clients as well as other private companies, and which sells, amongst other things, software.
This particular piece of kit, which is only sold to law enforcement or intelligence agencies, allows an analyst to not only keep tabs on many different targets across various social networks at once, but also easily download all of the data and store it. In short, it’s pretty much a pre-configured web scraper for social media.”
SocioSpyder maps relationships within the data and understand how the user-generated content adds up to the bigger picture. Reportedly, the FBI spent $78,000 on the SocioSpyder software and the US Marshals bought a lesser version worth $22,500. SocioSpyder is being used to gather incriminating evidence against criminals and avoid potential crimes.
My biggest question: where can we get a version of SocioSpyder to generate reports for personal use?
Whitney Grace, March 14, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
PIN Number Analysis
March 11, 2016
With the interest in four digit security codes, some folks have been thinking about the frequency with which certain four digit combinations appear. If you are interested in this subject, you may want to check out “PIN Analysis.” Do you use a popular and possibly easily hacked PIN code?
The author makes an odd comment. Apparently the reason people chose 2580 is not clear to him. Hint: Look at your keypad. What numbers go right down the center? Yep.
By the way, 1234 is probably not a code to use if the analysis in the write up are accurate.
Stephen E Arnold, March 11, 2016
Open Source Academic Research Hub Resurfaces on the Dark Web
March 11, 2016
Academics are no strangers to the shadowy corners of the Dark Web. In fact, as the The Research Pirates of the Dark Web published by The Atlantic reports, one university student in Kazakhstan populated the Dark Web with free access to academic research after her website, Sci-Hub was shut down in accordance with a legal case brought to court by the publisher Elsevier. Sci-Hub has existed under a few different domain names on the web since then, continuing its service of opening the floodgates to release paywalled papers for free. The article tells us,
“Soon, the service popped up again under a different domain. But even if the new domain gets shut down, too, Sci-Hub will still be accessible on the dark web, a part of the Internet often associated with drugs, weapons, and child porn. Like its seedy dark-web neighbors, the Sci-Hub site is accessible only through Tor, a network of computers that passes web requests through a randomized series of servers in order to preserve visitors’ anonymity.”
The open source philosophy continues to emerge in various sectors: technology, academia, and beyond. And while the Dark Web appears to be a primed for open source proponents to prosper, it will be interesting to see what takes shape. As the article points out, other avenues exist; scholars may make public requests for paywalled research via Twitter and using the hashtag #icanhazpdf.
Megan Feil, March 11, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Organized Cybercrime Continues to Evolves
March 10, 2016
In any kind of organized crime, operations take place on multiple levels and cybercrime is no different. A recent article from Security Intelligence, Dark Web Suppliers and Organized Cybercrime Gigs, describes the hierarchy and how the visibility of top-level Cybercrime-as-a-Service (CaaS) has evolved with heightened scrutiny from law enforcement. As recently as a decade ago, expert CaaS vendors were visible on forums and underground boards; however, now they only show up to forums and community sites typically closed to newcomers and their role encompasses more expertise and less information sharing and accomplice-gathering. The article describes their niche,
“Some of the most popular CaaS commodities in the exclusive parts of the Dark Web are the services of expert webinjection writers who supply their skills to banking Trojan operators.
Webinjections are code snippets that financial malware can force into otherwise legitimate Web pages by hooking the Internet browser. Once a browser has been compromised by the malware, attackers can use these injections to modify what infected users see on their bank’s pages or insert additional data input fields into legitimate login pages in order to steal information or mislead unsuspecting users.”
The cybercrime arena shows one set of organized crime professionals, preying on individuals and organizations while simultaneously being sought out by organized cyber security professionals and law enforcement. It will be most interesting to see how collisions and interactions between these two groups will play out — and how that shapes the organization of their rings.
Megan Feil, March 10, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Germany Launches Malware to Spy on Suspicious Citizens
March 10, 2016
The article titled German Government to Use Trojan Spyware to Monitor Citizens on DW explains the recent steps taken in Germany to utilize Trojans, or software programs, created to sneak into someone else’s computer. Typically they are used by hackers to gain access to someone’s data and steal valuable information. The article states,
“The approval will help officials get access to the suspect’s personal computer, laptop and smartphone. Once the spyware installs itself on the suspect’s device, it can skim data on the computer’s hard drive and monitor ongoing chats and conversations. Members of the Green party protested the launching of the Trojan, with the party’s deputy head Konstantin von Notz saying, “We do understand the needs of security officials, but still, in a country under the rule of law, the means don’t justify the end.”
Exactly whom the German government wants to monitor is not discussed in the article, but obviously there is growing animosity towards not only the Syrian refugees but also all people of Middle Eastern descent. Some of this hostility is based in facts and targeted, but the growing prejudice towards innocent people who share nothing but history with terrorists is obviously cause for concern in Germany, Europe, and the United States as well. One can only imagine how President Trump might cavalierly employ malware to spy on an entire population that he has already stated his distrust of in the most general terms.
Chelsea Kerwin, March 10, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Facebook Exploits Dark Web to Avoid Local Censorship
March 9, 2016
The article on Nextgov titled Facebook Is Giving Users a New Way to Access It On the ‘Dark Web’ discusses the lesser-known services of the dark web such as user privacy. Facebook began taking advantage of the dark web in 2014, when it created a Tor address (recognizable through the .onion ending.) The article explains the perks of this for global Facebook users,
“Facebook’s Tor site is one way for people to access their accounts when the regular Facebook site is blocked by governments—such as when Bangladesh cut off access to Facebook, its Messenger and Whatsapp chat platforms, and messaging app Viber for about three weeks in November 2015. As the ban took effect, the overall number of Tor users in Bangladesh spiked by about 10 times, to more than 20,000 a day. When the ban was lifted, the number dropped..”
Facebook has encountered its fair share of hostility from international governments, particularly Russia. Russia has a long history of censorship, and has even clocked Wikipedia in the past, among other sites. But even if a site is not blocked, governments can still prevent full access through filtering of domain names and even specific keywords. The Tor option can certainly help global users access their Facebook accounts, but however else they use Tor is not publicly known, and Facebook’s lips are sealed.
Chelsea Kerwin, March 9, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
A Place to Express Yourself on the Dark Web
March 7, 2016
For evidence that the dark web is not all about drugs and cybercrime, check out this article at Motherboard: “The Dark Web Now Has a Literary Journal.” As it turns out, anonymity is also good for people who wish to freely explore their creativity and private thoughts.
The new journal, the Torist, was just launched by a professor at the University of Utah, Robert W. Ghel, and a person known simply as GMH. Inspired by the free discussions on their dark-web-based social network, Galaxy, they have seized their chance to create something unexpected. The journal’s preface asks:
“If a magazine publishes itself via a Tor hidden service, what does the creative output look like? How might it contrast itself with its clearweb counterparts? Who indeed will gravitate towards a dark web literary magazine?”
So, why is one of the Torist’s creators anonymous while the other is putting himself out there? Writer Joseph Cox tells us:
Gehl, after being pitched the idea of The Torist by GMH, decided to strip away his pseudonym, and work on the project under his own name. “I thought about that for a while,” Gehl said. “I thought that because GMH is anonymous/pseudonymous, and he’s running the servers, I could be a sort of ‘clear’ liason.”
So while Gehl used his name, and added legitimacy to the project in that way, GMH could continue to work with the freedom the anonymity awards. “I guess it’s easier to explore ideas and not worry as much how it turns out,” said GMH, who described himself as someone with a past studying the humanities, and playing with technology in his spare time.
Gehl and GMH say part of their reasoning behind the journal is to show people that anonymity and encryption can be forces for good. Privacy furthers discussion of controversial, personal, and difficult topics and, according to GMH, should be the default setting for all communications, especially online.
Submissions are currently being accepted, so go ahead and submit that poem or essay if you have something to get off your chest, anonymously. If you dare to venture into the dark web, that is.
Cynthia Murrell, March 7, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Encryption and Rap Lyrics
March 6, 2016
I read “Gang Used Rap Lyrics to Discuss Guns.” According to the write up:
Members of a gang, accused of smuggling automatic weapons into the UK by boat, used lyrics from a song by rapper the Notorious B.I.G. to discuss their arrival, a court has heard.
The write up added:
The Gimme the Loot lyrics were included in a message from Mr Defraine which read: “I’m ready to got this paper g you with me… my pockets looking kinda tight and I’m stressed yo munky let me get the vest”.
Argot can be a challenge for search and content processing. Were those $5,000 teddy bears on eBay really teddy bears?
Nope. Kinda munky maybe?
Stephen E Arnold, March 6, 2016
The FBI Uses Its Hacking Powers for Good
March 4, 2016
In a victory for basic human decency, Engadget informs us, the “FBI Hacked the Dark Web to Bust 1,500 Pedophiles.” Citing an article at Vice Motherboard, writer Jessica Conditt describes how the feds identified their suspects through a site called (brace yourself) “Playpen,” which was launched in August 2014. We learn:
Motherboard broke down the FBI’s hacking process as follows: The bureau seized the server running Playpen in February 2015, but didn’t shut it down immediately. Instead, the FBI took “unprecedented” measures and ran the site via its own servers from February 20th to March 4th, at the same time deploying a hacking tool known internally as a network investigative technique. The NIT identified at least 1,300 IP addresses belonging to visitors of the site.
“Basically, if you visited the homepage and started to sign up for a membership, or started to log in, the warrant authorized deployment of the NIT,” a public defender for one of the accused told Motherboard. He said he expected at least 1,500 court cases to stem from this one investigation, and called the operation an “extraordinary expansion of government surveillance and its use of illegal search methods on a massive scale,” Motherboard reported.
Check out this article at Wired to learn more about the “network investigative technique” (NIT). This is more evidence that, if motivated, the FBI is perfectly capable of leveraging the Dark Web to its advantage. Good to know.
Cynthia Murrell, March 4, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
If You See Something, Say Something Adopts New Cybersecurity Meaning
March 4, 2016
A post-9/11 campaign for increasing security awareness will inform a similar public service announcement campaign to bring cybersecurity top of mind. See something suspicious online? Homeland Security wants to know about it published by NextGov reports on this 2016 Department of Homeland Security initiative. The decision to launch this campaign comes from an IDC recommendation; the US lacks a culture of cybersecurity concern, unlike Israel, according to the article. While $1 million is allotted for this campaign, the article describes bigger future plans,
“Last week, the Obama administration rolled out a new Cybersecurity National Action Plan, which establishes a new public commission on cybersecurity and proposes billions in new funding to upgrade hard-to-secure legacy IT systems in use at federal agencies, among several other steps.”
This year’s cybersecurity public and private sector awareness campaign was modeled after the “If You See Something, Say Something” campaign rolled out after September 11. However, this is not Homeland Security’s first attempt at educating the public about cybersecurity. The department has sponsored October as National Cybersecurity Awareness Month since 2004. As the article mentions, previous educational efforts have not appeared to influence culture. It would be interesting to know what metrics they are using to make that claim.
Megan Feil, March 4, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
