UN Addresses Dark Web Drug Trade
December 16, 2016
Because individual nations are having spotty success fighting dark-web-based crime, the United Nations is stepping up. DeepDotWeb reports, “UN Trying to Find Methods to Stop the Dark Web Drug Trade.” The brief write-up cites the United Nation’s Office on Drugs and Crime’s (UNODC’s) latest annual report, which reveals new approaches to tackling drugs on the dark web. The article explains why law-enforcement agencies around the world have been having trouble fighting the hidden trade. Though part of the problem is technical, another is one of politics and jurisdiction. We learn:
Since most of the users use Tor and encryption technologies to remain hidden while accessing dark net marketplaces and forums, law enforcement authorities have trouble to identify and locate their IP addresses. …
Police often finds itself trapped within legal boundaries. The most common legal issues authorities are facing in these cases are which jurisdiction should they use, especially when the suspect’s location is unknown. There are problems regarding national sovereignties too. When agencies are hacking a dark net user’s account, they do not really know which country the malware will land to. For this reason, the UNODC sees a major issue when sharing intelligence when it’s not clear where in the world that intelligence would be best used.
The write-up notes that the FBI has been using tricks like hacking Dark Net users and tapping into DOD research. That agency is also calling for laws that would force suspects to decrypt their devices upon being charged. In the meantime, the UNODC supports the development of tools that will enhance each member state’s ability to “collect and exploit digital evidence.” To see the report itself, navigate here, where you will find an overview and a link to the PDF.
Cynthia Murrell, December 16, 2016
How Big a Hurdle Is Encryption Really?
December 12, 2016
At first blush, the recent Wiretap Report 2015 from United States Courts would seem to contradict law enforcement’s constant refrain that encryption is making their jobs difficult. Motherboard declares, “Feds and Cops Encountered Encryption in Only 13 Wiretaps in 2015.” This small number is down from 2014. Isn’t this evidence that law enforcement agencies are exaggerating their troubles? The picture is not quite so simple. Reporter Lorenzo Franceschi-Bicchierai writes:
Both FBI director James Comey, as well as Deputy Attorney General Sally Yates, argued last year that the Wiretap Report is not a good indicator. Yates said that the Wiretap Report only reflects number of interception requests ‘that are sought’ and not those where an investigator doesn’t even bother asking for a wiretap ‘because the provider has asserted that an intercept solution does not exist.
Obtaining a wiretap order in criminal investigations is extremely resource-intensive as it requires a huge investment in agent and attorney time,’ Yates wrote, answering questions from the chairman of the Senate’s Judiciary Committee, Sen. Chuck Grassley (R-IA). ‘It is not prudent for agents and prosecutors to devote resources to this task if they know in advance that the targeted communications cannot be intercepted.
That’s why Comey promised the agency is working on improving data collection ‘to better explain’ the problem with encryption when data is in motion. It’s unclear then these new, improved numbers will come out.
Of course, to what degree encryption actually hampers law enforcement is only one piece of a complex issue—whether we should mandate that law enforcement be granted “back doors” to every device they’d like to examine. There are the crucial civil rights concerns, and the very real possibility that where law enforcement can get in, so too can hackers. It is a factor, though, that we must examine objectively. Perhaps when we get that “better” data from the FBI, the picture will be more clear.
Cynthia Murrell, December 12, 2016
Online Drugs Trade Needs Surgical Strikes
October 25, 2016
Despite shutdown of Silk Road by the FBI in 2013, online drug trade through Dark Net is thriving. Only military-precision like surgical strikes on vendors and marketplaces using technological methods can solve this problem.
RAND Corporation in its research papaer titled Taking Stock of the Online Drugs Trade says that –
Illegal drug transactions on cryptomarkets have tripled since 2013, with revenues doubling. But at $12-21 (€10.5-18.5) million a month, this is clearly a niche market compared to the traditional offline market, estimated at $2.3 (€2) billion a month in Europe alone.
The primary goal of the research paper was to determine first, the size and scope of cryptomarkets and second, to device avenues for law enforcement agencies to intervene these illegal practices. Though the report covered the entire Europe, the role of Netherlands, in particular, was studied in this report. This was owing to the fact that Netherlands has the highest rate of consumption of drugs acquired using cryptomarkets.
Some interesting findings of the report include –
- Though revenues have doubled, drug cryptomarkets are still niche and generate revenues of $21 million/month as compared to $2.1 billion in offline trade.
- Cannabis still is the most in demand followed by stimulants like cocaine and ecstasy-type drugs
- Vendors from US, Australia, Canada and Western Europe dominate the online marketplace
Apart from following the conventional methods of disrupting the drug trade (dismantling logistics, undercover operations, and taking down marketplaces), the only new method suggested includes the use of Big Data techniques.
Cryptomarkets are going to thrive, and the only way to tackle this threat is by following the money (in this case, the cryptocurrencies). But who is going to bell the cat?
Vishal Ingole, October 25, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Law Enforcement Utilizes New and Traditional Methods for Dark Web Matters
September 15, 2016
While the Dark Web may be thought of as a home to drug dealers, several individuals have been apprehended by law enforcement. Edinburgh News published a report: FBI Helps Catch Edinburgh Man Selling Drugs on ‘Dark Web’. David Trail was convicted for creating a similar website to eBay, but on the Dark Web, called Topix2. Stolen credit card information from his former employer, Scotweb were found in the search of his home. The article states,
Detective Inspector Brian Stuart, of the Cybercrime Unit, said: ‘Following information from colleagues in FBI, Germany’s West Hessen Police and the UK’s National Crime Agency, Police Scotland identified David Trail and his operation and ownership of a hidden website designed to enable its users to buy and sell illegal drugs anonymously and beyond the reach of law enforcement. His targeting of a previous employer, overcoming their security, almost had a devastating effect on the company’s ability to remain in business.
As this piece notes, law enforcement used a combination of new and traditional policing techniques to apprehend Trail. Another common practice we have been seeing is the cooperation of intelligence authorities across borders — and across levels of law enforcement. In the Internet age this is a necessity, and even more so when the nature of the Dark Web is taken into account.
Megan Feil, September 15, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark Web meet up on September 27, 2016.
Information is at this link: https://www.meetup.com/Louisville-Hidden-Dark-Web-Meetup/events/233599645/
Is the NSA Is Overwhelmed with Data?
June 28, 2016
US citizens are worried about their civil liberties being compromised by the National Security Agency. ZDNet reports they might not need to be worried anymore in the article, “NSA Is So Overwhelmed With Data, It’s No Longer Effective, Says Whistleblower.”
William Binney is a former official from the National Security Agency (NSA) with thirty years under his belt. Binney has been a civilian for fifteen years, but he is abhorred with the NSA. He said the NSA is so engorged with data that it has lost its effectiveness and important intelligence is lost in the mess. This is how the terrorists win. Binney also shared that an NSA official could run a query and be overwhelmed with so much data they would not know where to start.
” ‘That’s why they couldn’t stop the Boston bombing, or the Paris shootings, because the data was all there,’ said Binney. Because the agency isn’t carefully and methodically setting its tools up for smart data collection, that leaves analysts to search for a needle in a haystack. ‘The data was all there… the NSA is great at going back over it forensically for years to see what they were doing before that,’ he said. ‘But that doesn’t stop it.’”
The problems are worse across the other law enforcement agencies, including the FBI, CIA, and DEA. Binney left the NSA one month after 9/11 and reported that the NSA uses an intrusive and expensive data collection system. The mantra is “to collect it all”, but it is proving ineffective and expensive. According to Binney, it is also taking away half the Constitution.
Binney’s statements remind me of the old Pokémon games. The catchphrase for the franchise is “gotta catch ‘em all” and it was easy with 150 Pokémon along with a few cheat codes. The games have expanded to over seven hundred monsters to catch, plus the cheat codes have been dismantled making it so overwhelming that the game requires endless hours just to level up one character. The new games are an ineffective way to play, because it takes so long and there is just too much to do. The NSA is suffering from too many Pokémon in the form of data.
Whitney Grace, June 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
FBI Runs Child Porn Website to Take down Child Porn Website
April 12, 2016
The article on MotherBoard titled How The FBI Located Suspected Administrator of the Dark Web’s Largest Child Porn Site provides a comprehensive overview of the events that led to the FBI being accused of “outrageous conduct” for operating a child pornography site for just under two weeks in February of 2015 in order to take down Playpen, a dark web child porn service. The article states,
“In order to locate these users in the real world, the agency took control of Playpen and operated it from February 20 to March 4 in 2015, deploying a hacking tool to identify visitorsof the site. The FBI hacked computers in the US, Greece, Chile, and likely elsewhere.
But, in identifying at least two high ranking members of Playpen, and possibly one other, the FBI relied on information provided by a foreign law enforcement agency (FLA), according to court documents.”
Since the dial-up era, child pornographers have made use of the Internet. The story of comedian Barry Crimmins exposing numerous child pornographers who were using AOL’s early chat rooms to share their pictures is a revealing look at that company’s eagerness to turn a blind eye. In spite of this capitulation, the dark web is the current haven for such activities, and the February 2015 hacking project was the largest one yet.
Chelsea Kerwin, April 12, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
==
How Sony Was Hacked
March 15, 2016
Remember when Sony was gearing up to release the controversial flick The Interview starring James Franco and Seth Rogen and how the CIA recruited them to kill Kim Jong-un, when suddenly their system was hacked? The people who hacked Sony called themselves “God’sApstls” and demanded the production company pay them an undisclosed amount of money or else they would “be bombarded as a whole.” Sony Pictures ignored the threat and the studio was taken offline for weeks, resulting in $35 million IT damages.
Motherboard investigated the current status of the Sony attack, it took place in 2014, which the company is still reeling from, “These Are The Cyberweapons Used To Hack Sony.” The FBI officially stated that the hackers were on the North Korean pay roll and still going about their business. A security researcher coalition thinks they can expose the hackers’ extensive malware arsenal.
“Andre Ludwig, the senior technical director at Novetta Research and Interdiction Group, said that the investigation started from four hashes (values that uniquely identify a file) that the Department of Homeland security published after the attack. With those few identifying strings, and after months of sleuthing, the researchers found 2,000 malware samples, both from online malware portal VirusTotal, as well as from antivirus companies. Of those, they manually reviewed and catalogued 1,000, and were able to identify 45 unique malware strains, revealing that the Sony hackers had an arsenal more sophisticated and varied than previously thought.”
The goal is to disrupt the hacker group often enough that they have to use their time, resources, and energy to rebuild their defenses and even lose some of their capabilities. They also might lose access to their past victims. There is good suspicion, however, to believe the hackers were not North Koreans:
“As it turns out, the hackers’ arsenal contains not only malware capable of wiping and destroying files on a hard disk like the Sony hack, but also Distributed Denial of Service (DDoS) tools, tools that allow for remotely eavesdropping on a victim’s computer, and more, according to the report. The researchers tracked some of this tools in cyberattacks and espionage operations that go as far as back as 2009, perhaps even 2007, showing the hackers that hit Sony have a long history.”
What the data reveals is that the hackers have been around for a long, long time (perhaps the North Korean government simply hired them?) and have had years to build up their arsenal. The counteroffensive, however, has built up its own and learned from the Sony hack job, pitting the hackers’ tools against them in hopes they will not be as effective in the future.
Warriors…er…coders, hackers, developers, etc. learn from each other to build stronger and better tools. The old adage, “the enemy of my enemy is my friend,” so who is the hackers’ enemy-other than the obvious USA?
Whitney Grace, March 15, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Social Media Still a Crime Hub
March 14, 2016
It seems that most crime is concentrated on the hidden Dark Web, especially with news of identity thief and potential threats to national security making the news over the latest social media hotspot. Social media is still a hot bed for Internet crime and Motherboard has a little tale tell about, “SocioSpyder: The Tool Bought By The FBI To Monitor Social Media.” Social media remains a popular crime hub, because of the amount of the general public that use it making them susceptible to everything from terroristic propaganda to the latest scam to steal credit card numbers.
Law enforcement officials are well aware of how criminals use social media, but the biggest problem is having to sift through the large data stockpile from the various social media platforms. While some law enforcement officials might enjoy watching the latest cute kitten video, it is not a conducive use of their time. The FBI purchased SocioSpyder as their big data tool.
“ ‘SocioSpyder,’ as the product is called, ‘can be configured to collect posts, tweets, videos and chats on-demand or autonomously into a relational, searchable and graphable database,” according to the product’s website. SocioSpyder is made by Allied Associates International, a US-based contractor for government and military clients as well as other private companies, and which sells, amongst other things, software.
This particular piece of kit, which is only sold to law enforcement or intelligence agencies, allows an analyst to not only keep tabs on many different targets across various social networks at once, but also easily download all of the data and store it. In short, it’s pretty much a pre-configured web scraper for social media.”
SocioSpyder maps relationships within the data and understand how the user-generated content adds up to the bigger picture. Reportedly, the FBI spent $78,000 on the SocioSpyder software and the US Marshals bought a lesser version worth $22,500. SocioSpyder is being used to gather incriminating evidence against criminals and avoid potential crimes.
My biggest question: where can we get a version of SocioSpyder to generate reports for personal use?
Whitney Grace, March 14, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The FBI Uses Its Hacking Powers for Good
March 4, 2016
In a victory for basic human decency, Engadget informs us, the “FBI Hacked the Dark Web to Bust 1,500 Pedophiles.” Citing an article at Vice Motherboard, writer Jessica Conditt describes how the feds identified their suspects through a site called (brace yourself) “Playpen,” which was launched in August 2014. We learn:
Motherboard broke down the FBI’s hacking process as follows: The bureau seized the server running Playpen in February 2015, but didn’t shut it down immediately. Instead, the FBI took “unprecedented” measures and ran the site via its own servers from February 20th to March 4th, at the same time deploying a hacking tool known internally as a network investigative technique. The NIT identified at least 1,300 IP addresses belonging to visitors of the site.
“Basically, if you visited the homepage and started to sign up for a membership, or started to log in, the warrant authorized deployment of the NIT,” a public defender for one of the accused told Motherboard. He said he expected at least 1,500 court cases to stem from this one investigation, and called the operation an “extraordinary expansion of government surveillance and its use of illegal search methods on a massive scale,” Motherboard reported.
Check out this article at Wired to learn more about the “network investigative technique” (NIT). This is more evidence that, if motivated, the FBI is perfectly capable of leveraging the Dark Web to its advantage. Good to know.
Cynthia Murrell, March 4, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Anonymity Not Always Secured for Tor and Dark Web Users
January 28, 2016
From the Washington Post comes an article pertinent to investigative security technologies called This is how the government is catching people who use child porn sites. This piece outlines the process used by the FBI to identify a Tor user’s identity, despite the anonymity Tor provides. The article explains how this occurred in one case unmasking the user Pewter,
“In order to uncover Pewter’s true identity and location, the FBI quietly turned to a technique more typically used by hackers. The agency, with a warrant, surreptitiously placed computer code, or malware, on all computers that logged into the Playpen site. When Pewter connected, the malware exploited a flaw in his browser, forcing his computer to reveal its true Internet protocol address. From there, a subpoena to Comcast yielded his real name and address.”
Some are concerned with privacy of the thousands of users whose computers are also hacked in processes such as the one described above. The user who was caught in this case is arguing the government’s use of such tools violated the Fourth Amendment. One federal prosecutor quoted in the article describes the search processes used in this case as a “gray area in the law”. His point, that technology is eclipsing the law, is definitely one that deserves more attention from all angles: the public, governmental agencies, and private companies.
Megan Feil, January 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
