Dark Web Marketplaces Are Getting Customer Savvy
November 17, 2016
Offering on Dark Web marketplaces are getting weirder by the day. Apart from guns, ammo, porn, fake identities, products like forged train tickets are now available for sale.
The Guardian in an investigative article titled Dark Web Departure: Fake Train Tickets Go on Sale Alongside AK-47s reveals that:
At least that’s the impression left by an investigation into the sale of forged train tickets on hidden parts of the internet. BBC South East bought several sophisticated fakes, including a first-class Hastings fare, for as little as a third of their face value. The tickets cannot fool machines but barrier staff accepted them on 12 occasions.
According to the group selling these tickets, the counterfeiting was done to inflict financial losses on the operators who are providing deficient services. Of course, it is also possible that the fake tickets are used by people (without criminalistics inclinations) who do not want to pay for the full fares.
One school of thought also says that like online marketplaces on Open Web, Dark Web marketplaces are also getting customer-savvy and are providing products and services that the customers need or want. This becomes apparent in this portion of the article:
The academics say the sites, once accessed by invitation or via dark-web search engines (there’ll be no hyperlinks here) resemble typical marketplaces such as Amazon or eBay, and that customer service is improving. “Agora was invitation-only but many of these marketplaces are easily accessible if you know how to search,” Dr Lee adds. “I think any secondary school student who knows how to use Google could get access – and that’s the danger of it.
One of the most active consumer group on Dark Web happens to be students, who are purchasing anything from fake certificates to hacker services to improve their grades and attendance records. Educational institutions, as well as law enforcement officials, are worried about this trend. And as more people get savvy with Dark Web, this trend is going to strengthen creating a parallel e-commerce, albeit a dark one.
Vishal Ingole, November 17, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
AI to Profile Gang Members on Twitter
November 16, 2016
Researchers from Ohio Center of Excellence in Knowledge-enabled Computing (Kno.e.sis) are claiming that an algorithm developed by them is capable of identifying gang members on Twitter.
Vice.com recently published an article titled Researchers Claim AI Can Identify Gang Members on Twitter, which claims that:
A deep learning AI algorithm that can identify street gang members based solely on their Twitter posts, and with 77 percent accuracy.
The article then points out the shortcomings of the algorithm or AI by saying this:
According to one expert contacted by Motherboard, this technology has serious shortcomings that might end up doing more harm than good, especially if a computer pegs someone as a gang member just because they use certain words, enjoy rap, or frequently use certain emojis—all criteria employed by this experimental AI.
The shortcomings do not end here. The data on Twitter is being analyzed in a silo. For example, let us assume that few gang members are identified using the algorithm (remember, no location information is taken into consideration by the AI), what next?
Is it not necessary then to also identify other social media profiles of the supposed gang members, look at Big Data generated by them, analyze their communication patterns and then form some conclusion? Unfortunately, none of this is done by the AI. It, in fact, would be a mammoth task to extrapolate data from multiple sources just to identify people with certain traits.
And most importantly, what if the AI is put in place, and someone just for the sake of fun projects an innocent person as a gang member? As rightly pointed out in the article – machines trained on prejudiced data tend to reproduce those same, very human, prejudices.
Vishal Ingole, November 16, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Most Dark Web Content Is Legal and Boring
November 15, 2016
Data crunching done by an information security firm reveals that around 55% is legal and mundane like the clear or Open Web.
Digital Journal, which published the article Despite its Nefarious Reputation, New Report Finds Majority of Activity on the Dark Web is Totally Legal and Mundane, says that:
What we’ve found is that the dark web isn’t quite as dark as you may have thought,” said Emily Wilson, Director of Analysis at Terbium Labs. “The vast majority of dark web research to date has focused on illegal activity while overlooking the existence of legal content. We wanted to take a complete view of the dark web to determine its true nature and to offer readers of this report a holistic view of dark web activity — both good and bad.
The findings have been curated in a report The Truth About the Dark Web: Separating Fact from Fiction that puts the Dark Web in a new light. According to this report, around 55% of the content on Dark Web is legal; porn makes 7% of content on Dark Web, and most of it is legal. Drugs though is a favorite topic, only 45% of the content related to it can be termed as illegal. Fraud, extremism and illegal weapons trading on the other hand just make 5-7% of Dark Web.
The research methodology was done using a mix of machine intelligence and human intelligence, as pointed out in the article:
Conducting research on the dark web is a difficult task because the boundaries between categories are unclear,” said Clare Gollnick, Chief Data Scientist at Terbium Labs. “We put significant effort into making sure this study was based on a representative, random sample of the dark web. We believe the end result is a fair and comprehensive assessment of dark web activity, with clear acknowledgment of the limitations involved in both dark web data specifically and broader limitations of data generally.
Dark Web slowly is gaining traction as users of Open Web are finding utilities on this hidden portion of the Internet. Though the study is illuminating indeed, it fails to address how much of the illegal activity or content on Dark Web affects the real world. For instance, what quantity of drug trade takes place over Dark Web. Any answers?
Vishal Ingole, November 15, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Shining a Flashlight in Space
November 9, 2016
A tired, yet thorough metaphor of explaining the dark web is shining a flashlight in space. If you shine a flashlight in space, your puny battery-powered beacon will not shed any light on the trillions of celestial objects that exist in the vacuum. While you wave the flashlight around trying to see something in the cosmos, you are too blind to see the grand galactic show hidden by the beam. The University of Michigan shared the article, “Shadow Of The Dark Web” about Computer Science and Engineering Professor Mike Cafarella and his work with DARPA.
Cafarella is working on Memex, a project that goes beyond the regular text-based search engine. Using more powerful search tools, Memex concentrates on discovering information related to human trafficking. Older dark web search tools skimmed over information and were imprecise. Cafarella’s work improved dark web search tools, supplying data sets with more accurate information on traffickers, their contact information, and their location.
Humans are still needed to interpret the data as the algorithms do not know how to interpret the black market economic worth of trafficked people. His dark web search tools can be used for more than just sex trafficking:
His work can help identify systems of terrorist recruitment; bust money-laundering operations; build fossil databases from a century’s worth of paleontology publications; identify the genetic basis of diseases by drawing from thousands of biomedical studies; and generally find hidden connections among people, places, and things.
I would never have thought a few years ago that database and data-mining research could have such an impact, and it’s really exciting,’ says Cafarella. ‘Our data has been shipped to law enforcement, and we hear that it’s been used to make real arrests. That feels great.
In order to see the dark web, you need more than a flashlight. To continue the space metaphor, you need a powerful telescope that scans the heavens and can search the darkness where no light ever passes.
Whitney Grace, November 9, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Google May Be Edging Out Its Competitors Surreptitiously
November 9, 2016
Leading secure email service provider ProtonMail mysteriously vanished from Google’s search results for 10 long months. Though the search engine giant denies any wrongdoing on its part, privacy advocates are crying foul.
ZDNet in an article titled ProtonMail strikes out at Google for crippling encrypted email service searches says:
ProtonMail has accused Google of hiding the company from search results in what may have been an attempt to suffocate the Gmail competitor. The free encrypted email service, which caters to nearly one million users worldwide, has enjoyed an increasing user base and popularity over the past few years as governments worldwide seek to increase their surveillance powers.
This is not the first time that Google has been accused of misusing its dominant position to edge out its competitors. The technology giant is also facing anti-trust lawsuit in Europe over the way it manipulates search results to retain its dominance.
Though ProtonMail tried to contact Google multiple time, all attempts elicited no response from the company. Just as the secure email service provider vanished from its organic search results, it mysteriously reappeared enabling the email service provider to get back on its feet financially.
As stated in the article:
Once Google issued a “fix,” ProtonMail’s search ranking immediately recovered. Now, the company is ranked at number one and number three for the search terms at the heart of the situation.
What caused the outage is still unknown. According to ProtonMail, it might be a bug in the search engine algorithm. Privacy advocates, however, are of the opinion that ProtonMail’s encrypted email might have been irking Google.
Vishal Ingole, November 9, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Good Old Sleuthing Can Still Beat Dark Web
November 8, 2016
Undercover investigative work of different agencies in Bergen County, New York resulted in arrest of an 18-year old man who was offering hitman services over the Dark Net.
As reported by Patch.com in news report titled Hitman Who Drove To Mahwah For Meeting Arrested: Prosecutor :
The Mahwah Police Department, Homeland Security Investigations, and the Bergen County Prosecutor’s Office Cyber Crimes Unit investigated Rowling, a Richmondville, New York resident. Rowling allegedly used the dark web to offer his services as a hitman.
Tracking Dark Web participants are extremely difficult, thus undercover agents posing as buyers were scouting hitmen in New York. Rowling without suspecting anything offered his services in return for some cash and a gun. The meeting was fixed at Mason Jar in Mahwah where he was subsequently arrested and remanded to Bergen County Jail.
As per the report, Rowling is being charged with:
In addition to conspiracy to murder, Rowling was charged with possession of a weapon for an unlawful purpose, unlawful possession of a weapon, and possession of silencer, Grewal said.
Drug traffickers, hackers, smugglers of contraband goods and narcotics are increasingly using the Dark Web for selling their goods and services. Authorities under such circumstances have no option but to use old techniques of investigation and put the criminals behind bars. However, most of the Dark Net and its participants are still out of reach of law enforcement agencies.
Vishal Ingole, November 8, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Dark Web Is a Double Edged Sword
November 3, 2016
Apart from hackers and criminals of all kind, the Dark Web is also used by whistleblowers and oppressed citizens for communicating. The Dark Web thus is one of the most secure modes of communicating online; more than secure apps like WhatsApp.
The Newsweek in an article titled How the Dark Web Works and What It Looks Like says:
Dark web technologies are robustly built without central points of weakness, making it hard for authorities to infiltrate. Another issue for law enforcement is that—like most things—the dark web and its technologies can also be used for both good and evil.
Despite backdoors and exploits, law enforcement agencies find it difficult to track Dark Web participants. Few technology companies like Facebook, Microsoft, and Google through its messenger apps promise to provide end-to-end encryption to its users. However, the same companies now are harvesting data from these apps for commercial purposes. If that is the case, these apps can no longer be trusted. As pointed out by the article:
And yet some of these same communications companies have been harvesting user data for their own internal processes. Famously, Facebook enabled encryption on WhatsApp, protecting the communications from prying eyes, but could still look at data in the app itself.
Thus, for now, it seems Dark Web is the only form of secure communication online. It, however, needs to be seen how long the formless and headless entity called Dark Web remains invincible.
Vishal Ingole, November 3, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Americans Are Complacent About Online Data Breaches
November 1, 2016
Users of email, social networks, and other online services are aware of possible dangers that data breaches cause, but surprisingly are less concerned about it in 2016, a survey reveals.
Observer recently published a report titled Fears of the Web’s Dark Side—Strangely—Are Not Growing, which reveals:
People’s fears about their email being hacked have receded somewhat since 2014, bizarrely. Across the 1,071 Americans surveyed, that particular worry receded from 69 to 71 percent.
The survey commissioned by Craigconnects also reveals that online users are no longer very concerned about their data getting leaked online that may be used for identity theft; despite large scale breaches like Ashley Madison. Users, as the survey points out have accepted it as a trade-off for the convenience of Internet.
The reason for the complacency setting in probably lies in the fact that people have realized:
The business of social media company is built upon gathering as much information as possible about users and using that information to sell ads,” Michael W. Wellman, CEO of Virgil Security wrote the Observer in an email. “If the service is free, it’s the user that’s being sold.
Nearly 7 percent Americans are victims of identity theft. This, however, has not dissuaded them from taking precautionary measures to protect their identity online. Most users are aware that identity theft can be used for stealing money from bank accounts, but there are other dangers as well. For instance, prescription medication can be obtained legally using details of an identity theft victim. And then there are uses of the stolen data that only Dark Web actors know where such data of millions of victims is available for few hundred dollars.
Vishal Ingole November 1, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Half of the Largest Companies: Threat Vulnerable
October 24, 2016
Compromised Credentials, a research report by Digital Shadows reveals that around 1,000 companies comprising of Forbes Global 2000 are at risk as credentials of their employees are leaked or compromised.
As reported by Channel EMEA in Digital Shadows Global Study Reveals UAE Tops List in Middle East for…
The report found that 97 percent of those 1000 of the Forbes Global 2000 companies, spanning all businesses sectors and geographical regions, had leaked credentials publicly available online, many of them from third-party breaches.
Owing to large-scale data breaches in recent times, credentials of 5.5 million employees are available in public domain for anyone to see. Social networks like LinkedIN, MySpace and Tumblr were the affliction points of these breaches, the report states.
Analyzed geographically, companies in Middle-East seem to be the most affected:
The report revealed that the most affected country in the Middle East – with over 15,000 leaked credentials was the UAE. Saudi Arabia (3360), Kuwait (203) followed by Qatar (99) made up the rest of the list. This figure is relatively small as compared to the global figure due to the lower percentage of organizations that reside in the Middle East.
Affected organizations may not be able to contain the damages by simply resetting the passwords of the employees. It also needs to be seen if the information available is contemporary, not reposted and is unique. Moreover, mere password resetting can cause lot of friction within the IT departments of the organizations.
Without proper analysis, it will be difficult for the affected companies to gauge the extent of the damage. But considering the PR nightmare it leads to, will these companies come forward and acknowledge the breaches?
Vishal Ingole, October 24, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Multiple Vendors Form Alliance to Share Threat Intelligence
October 20, 2016
In order to tackle increasing instances of digital security threats, multiple intelligence threat vendors have formed an alliance that will share the intelligence gathered by each of them.
An article that appeared on Network World titled Recorded Future aligns with other threat intelligence vendors states that stated:
With the Omni Intelligence Partner Network, businesses that are customers of both Recorded Future and participating partners can import threat intelligence gathered by the partners and display it within Intelligence Cards that are one interface within Recorded Future’s platform
Apart from any intelligence, the consortium will also share IP addresses that may be origin point of any potential threat. Led by Recorded Future, the other members of the alliance include FireEye iSIGHT, Resilient Systems and Palo Alto Networks
We had earlier suggested about formation inter-governmental alliance that could be utilized for sharing incident reporting in a seamless manner. The premise was:
Intelligence gathered from unstructured data on the Internet such as security blogs that might shed light on threats that haven’t been caught yet in structured-data feeds
Advent of Internet of Things (IoT) will exacerbate the problems for the connected world. Will Omni Intelligence Partner Network succeed in preempting those threats?
Vishal Ingole, October 20, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
