Cybercrime as a Service Drives Cyber Attacks on Uber Accounts and More
January 26, 2016
Several articles lately have shined light on the dynamics at play in the cybercriminal marketplaces of the Dark Web; How much is your Uber account worth?, for example, was recently published on Daily Mail. Summarizing a report from security researchers at Trend Micro for CNBC, the article explains this new information extends the research previously done by Intel Security’s The Hidden Data Economy report. Beyond describing the value hierarchy where Uber and Paypal logins cost more than social security numbers and credit cards, this article shares insights on the bigger picture,
“’Like any unregulated, efficient economy, the cybercrime ecosystem has quickly evolved to deliver many tools and services to anyone aspiring to criminal behavior,’ said Raj Samani, chief technology officer for Intel Security EMEA. ‘This “cybercrime-as-a-service” marketplace has been a primary driver for the explosion in the size, frequency, and severity of cyber attacks.
‘The same can be said for the proliferation of business models established to sell stolen data and make cybercrime pay.’”
Moving past the shock value of the going rates, this article draws our attention to the burgeoning business of cybercrime. Similarly to the idea that Google has expanded the online ecosystem by serving as a connector, it appears marketplaces in the Dark Web may be carving out a similar position. Quite the implications when you consider the size of the Dark Web.
Megan Feil, January 26, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Hackers Opt for Netflix and Uber over Credit Card Theft on Dark Web
January 25, 2016
It is no surprise that credit cards and other account information is sold on the Dark Web but which accounts are most valuable might surprise. Baiting us to click, the article It turns out THIS is more valuable to hackers than your stolen credit card details on the United Kingdom’s Express offers the scoop on the going rate of various logins cybercriminals are currently chasing. Hacked Uber, Paypal and Netflix logins are the most valuable. The article explains,
“Uber rolled-out multi-factor authentication in some markets last year which decreased the value of stolen account details on the Dark Web, the International Business Times reported. According to the Trend Micro study, the price for credit cards is so comparatively low because banks have advanced techniques to detect fraudulent activity.”
The sales of these accounts are under $10 each, and according to the article, they seem to actually be used by the thief. Products and experiences, as consumable commodities, are easier to steal than cash when organizations fail to properly protect against fraudulent activity. The takeaway seems to be obvious.
Megan Feil, January 25, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
A Death of Dark Web Weapons
January 20, 2016
President Obama recently announced some executive orders designed to curb gun violence; one of these moves, according to the U.S. Attorney General, specifically targets weapon purchases through the Dark Web. However, Deep.Dot.Web asks, “Do People Really Buy Weapons from Dark Web Markets?” Not many of them, as it turns out. Reporter Benjamin Vitáris writes:
“Fast Company made an interview with Nicolas Christin, assistant research professor of electrical and computer engineering at Carnegie Mellon University (CMU). The professor is one of the researchers behind a recent deep-dive analysis of sales on 35 marketplaces from 2013 to early 2015. According to him, dark web gun sales are pretty uncommon: ‘Weapons represent a very small portion of the overall trade on anonymous marketplaces. There is some trade, but it is pretty much negligible.’ On the dark net, the most popular niche is drugs, especially, MDMA and marijuana, which takes around 25% of sales on the dark web, according to Christin’s analysis. However, weapons are so uncommon that they were put into the ‘miscellaneous’ category, along with drug paraphernalia, electronics, tobacco, viagra, and steroids. These together takes 3% of sales.”
Vitáris notes several reasons the Dark Web is not exactly a hotbed of gun traffic. For one thing, guns are devilishly difficult to send through the mail. Then there’s the fact that, with current federal and state laws, buying a gun in person is easier than through dark web markets in most parts of the U.S.; all one has to do is go to the closest gun show. So, perhaps, targeting Dark Web weapon sales is not the most efficient thing we could do to keep guns away from criminals.
Cynthia Murrell, January 20, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
They Hid in Plain Sight
December 28, 2015
Those who carried out last November’s attacks in Paris made their plans in the open, but intelligence agencies failed to discover and thwart those plans beforehand. TechDirt reveals “Details of How The Paris Attacks Were Carried Out Show Little Effort by Attackers to Hide Themselves.” To us, that means intelligence agencies must not be making much use of the Dark Web. What about monitoring of mobile traffic? We suggest that some of the marketing may be different from the reality of these systems.
Given the apparent laxity of these attackers’ security measures, writer Mike Masnick wonders why security professionals continue to call for a way around encryption. He cites an in-depth report by the
Wall Street Journal’s Stacy Meichtry and Joshua Robinson, and shares some of their observations; see the article for those details. Masnick concludes:
“You can read the entire thing and note that, nowhere does the word ‘encryption’ appear. There is no suggestion that these guys really had to hide very much at all. So why is it that law enforcement and the intelligence community (and various politicians) around the globe are using the attacks as a reason to ban or undermine encryption? Again, it seems pretty clear that it’s very much about diverting blame for their own failures. Given how out in the open the attackers operated, the law enforcement and intelligence community failed massively in not stopping this. No wonder they’re grasping at straws to find something to blame, even if it had nothing to do with the attacks.”
Is “terrorism” indeed a red herring for those pushing the encryption issue? Were these attackers an anomaly, or are most terrorists making their plans in plain sight? Agencies may just need to look in the right directions.
Cynthia Murrell, December 28, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Top Trends for Cyber Security and Analytics in 2016
December 23, 2015
With the end of the year approaching, people try to predict what will happen in the New Year. The New Year brings on a sort of fortunetelling, because if companies are able to correctly predict what will happen in 2016 then it serves for positive profit margins and a healthier customer base. The IT industry has its own share of New Year soothsayers and the Executive Biz blog shares that “Booz Allen Cites Top Cyber, Analytics Trends In 2016; Bill Stewart Comments” with possible trends in cyber security and data analytics for the coming year.
Booz Allen Hamilton says that companies will want to merge analytical programs with security programs to receive data sets that show network vulnerabilities; they have been dubbed “fusion centers.”
“ ‘As cyber risk and advanced analytics demand increasing attention from the C-suite, we are about to enter a fundamentally different period,’ said Bill Stewart, executive vice president and leader of commercial cyber business at Booz Allen. ‘The dynamics will change… Skilled leaders will factor these changing dynamics into their planning, investments and operations.’”
The will also be increased risks coming from the Dark Web and risks that are associated with connected systems, such as cloud storage. Booz Allen also hints that companies will need skilled professionals who know how to harness cyber security risks and analytics. That suggestion is not new, as it has been discussed since 2014. While the threat from the Internet and vulnerabilities within systems has increased, the need for experts in these areas as well as better programs to handle them has always been needed. Booz Allen is restating the obvious, the biggest problem is that companies are not aware of these risks and they usually lack the budget to implement preemptive measures.
Whitney Grace, December 23, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The Modern Law Firm and Data
December 16, 2015
We thought it was a problem if law enforcement officials did not know how the Internet and Dark Web worked as well as the capabilities of eDiscovery tools, but a law firm that does not know how to work with data-mining tools much less the importance of technology is losing credibility, profit, and evidence for cases. According to Information Week in “Data, Lawyers, And IT: How They’re Connected” the modern law firm needs to be aware of how eDiscovery tools, predictive coding, and data science work and see how they can benefit their cases.
It can be daunting trying to understand how new technology works, especially in a law firm. The article explains how the above tools and more work in four key segments: what role data plays before trial, how it is changing the courtroom, how new tools pave the way for unprecedented approaches to law practice, how data is improving how law firms operate.
Data in pretrial amounts to one word: evidence. People live their lives via their computers and create a digital trail without them realizing it. With a few eDiscovery tools lawyers can assemble all necessary information within hours. Data tools in the courtroom make practicing law seem like a scenario out of a fantasy or science fiction novel. Lawyers are able to immediately pull up information to use as evidence for cross-examination or to validate facts. New eDiscovery tools are also good to use, because it allows lawyers to prepare their arguments based on the judge and jury pool. More data is available on individual cases rather than just big name ones.
“The legal industry has historically been a technology laggard, but it is evolving rapidly to meet the requirements of a data-intensive world.
‘Years ago, document review was done by hand. Metadata didn’t exist. You didn’t know when a document was created, who authored it, or who changed it. eDiscovery and computers have made dealing with massive amounts of data easier,’ said Robb Helt, director of trial technology at Suann Ingle Associates.”
Legal eDiscovery is one of the main branches of big data that has skyrocketed in the past decade. While the examples discussed here are employed by respected law firms, keep in mind that eDiscovery technology is still new. Ambulance chasers and other law firms probably do not have a full IT squad on staff, so when learning about lawyers ask about their eDiscovery capabilities.
Whitney Grace, December 16, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Do Not Go Gently into That Dark Web
November 26, 2015
The article titled Don’t Toy With The Dark Web, Harness It on Infoworld’s DarkReading delves into some of the misconceptions about the Dark Web. The first point the article makes is that a great deal of threats to security occur on the surface web on such well-known sites as Reddit and social media platforms like Instagram. Not only are these areas of the web easier to search without Tor or I2P, but they are often more relevant, particularly for certain industries and organizations. The article also points out the harm in even “poking around” the Dark Web,
“It can take considerable time, expertise and manual effort to glean useful information. More importantly, impromptu Dark Web reconnaissance can inadvertently expose an organization to greater security risks because of unknown malicious files that can infiltrate the corporate network. Additionally, several criminal forums on the Dark Web utilize a “vouching” system, similar to a private members club, that might require an investigator to commit a crime or at least stray into significantly unethical territory to gain access to the content.”
A novice could easily get into more trouble than they bargained for, especially when taking receipt of stolen goods is considered a felony. Leave the security work to professionals, and make sure the professionals you employ have checked out this Dark Web reading series.
Chelsea Kerwin, November 26, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
No Mole, Just Data
November 23, 2015
It all comes down to putting together the pieces, we learn from Salon’s article, “How to Explain the KGB’s Aazing Success Identifying CIA Agents in the Field?” For years, the CIA was convinced there was a Soviet mole in their midst; how else to explain the uncanny knack of the 20th Century’s KGB to identify CIA agents? Now we know it was due to the brilliance of one data-savvy KGB agent, Yuri Totrov, who analyzed U.S. government’s personnel data to separate the spies from the rest of our workers overseas. The technique was very effective, and all without the benefit of today’s analytics engines.
Totrov began by searching the KGB’s own data, and that of allies like Cuba, for patterns in known CIA agent postings. He also gleaned a lot if info from publicly available U.S. literature and from local police. Totrov was able to derive 26 “unchanging indicators” that would pinpoint a CIA agent, as well as many other markers less universal but useful. Things like CIA agents driving the same car and renting the same apartment as their immediate predecessors. Apparently, logistics agents back at Langley did not foresee that such consistency, though cost-effective, could be used against us.
Reporter Jonathan Haslam elaborates:
“Thus one productive line of inquiry quickly yielded evidence: the differences in the way agency officers undercover as diplomats were treated from genuine foreign service officers (FSOs). The pay scale at entry was much higher for a CIA officer; after three to four years abroad a genuine FSO could return home, whereas an agency employee could not; real FSOs had to be recruited between the ages of 21 and 31, whereas this did not apply to an agency officer; only real FSOs had to attend the Institute of Foreign Service for three months before entering the service; naturalized Americans could not become FSOs for at least nine years but they could become agency employees; when agency officers returned home, they did not normally appear in State Department listings; should they appear they were classified as research and planning, research and intelligence, consular or chancery for security affairs; unlike FSOs, agency officers could change their place of work for no apparent reason; their published biographies contained obvious gaps; agency officers could be relocated within the country to which they were posted, FSOs were not; agency officers usually had more than one working foreign language; their cover was usually as a ‘political’ or ‘consular’ official (often vice-consul); internal embassy reorganizations usually left agency personnel untouched, whether their rank, their office space or their telephones; their offices were located in restricted zones within the embassy; they would appear on the streets during the working day using public telephone boxes; they would arrange meetings for the evening, out of town, usually around 7.30 p.m. or 8.00 p.m.; and whereas FSOs had to observe strict rules about attending dinner, agency officers could come and go as they pleased.”
In the era of Big Data, it seems like common sense to expect such deviations to be noticed and correlated, but it was not always so obvious. Nevertheless, Totrov’s methods did cause embarrassment for the agency when they were revealed. Surely, the CIA has changed their logistic ways dramatically since then to avoid such discernable patterns. Right?
Cynthia Murrell, November 23, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Sell Your Soul for a next to Nothing on the Dark Web
October 13, 2015
The article on ZDNet titled The Price of Your Identity in the Dark Web? No More Than a Dollar provides the startlingly cheap value of stolen data on the Dark Web. We have gotten used to hearing about data breaches at companies that we know and use (ahem, Ashley Madison), but what happens next? The article explains,
“Burrowing into the Dark Web — a small area of the Deep Web which is not accessible unless via the Tor Onion network — stolen data for sale is easy to find. Accounts belonging to US mobile operators can be purchased for as little as $14 each, while compromised eBay, PayPal, Facebook, Netflix, Amazon and Uber accounts are also for sale. PayPal and eBay accounts which have a few months or years of transaction history can be sold for up to $300 each.”
According to the Privacy Rights Clearinghouse the most common industries affected by data breaches are healthcare, government, retail, and education sectors. But it also stresses that a high number of data breaches are not caused by hackers or malicious persons at all. Instead, unintended disclosure is often the culprit. Dishearteningly, there is really no way to escape being a target besides living out some Ron Swanson off the grid fantasy scenario. Every organization that collects personal information is a potential breach target. It is up to the organizations to protect the information, and while many are making that a top priority, most have a long way to go.
Chelsea Kerwin, October 13, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Content Matching Helps Police Bust Dark Web Sex Trafficking Ring
September 4, 2015
The Dark Web is not only used to buy and sell illegal drugs, but it is also used to perpetuate sex trafficking, especially of children. The work of law enforcement agencies working to prevent the abuse of sex trafficking victims is detailed in a report by the Australia Broadcasting Corporation called “Secret ‘Dark Net’ Operation Saves Scores Of Children From Abuse; Ringleader Shannon McCoole Behind Bars After Police Take Over Child Porn Site.” For ten months, Argos, the Queensland, police anti-pedophile taskforce tracked usage on an Internet bulletin board with 45,000 members that viewed and uploaded child pornography.
The Dark Web is notorious for encrypting user information and that is one of the main draws, because users can conduct business or other illegal activities, such as view child pornography, without fear of retribution. Even the Dark Web, however, leaves a digital trail and Argos was able to track down the Web site’s administrator. It turned out the administrator was an Australian childcare worker who had been sentenced to 35 years in jail for sexually abusing seven children in his care and sharing child pornography.
Argos was able to catch the perpetrator by noticing patterns in his language usage in posts he made to the bulletin board (he used the greeting “hiya”). Using advanced search techniques, the police sifted through results and narrowed them down to a Facebook page and a photograph. From the Facebook page, they got the administrator’s name and made an arrest.
After arresting the ringleader, Argos took over the community and started to track down the rest of the users.
” ‘Phase two was to take over the network, assume control of the network, try to identify as many of the key administrators as we could and remove them,’ Detective Inspector Jon Rouse said. ‘Ultimately, you had a child sex offender network that was being administered by police.’ ”
When they took over the network, the police were required to work in real-time to interact with the users and gather information to make arrests.
Even though the Queensland police were able to end one Dark Web child pornography ring and save many children from abuse, there are still many Dark Web sites centered on child sex trafficking.
Whitney Grace, September 4, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
