For Sale: Government Web Sites at a Bargain
December 21, 2016
We trust that government Web sites are safe and secure with our information as well as the data that keeps our countries running. We also expect that government Web sites have top of the line security software and if they did get hacked, they would be able to rectify the situation in minutes. Sadly, this is not the case says Computer World, because they posted an article entitled, “A Black Market Is Selling Access To Hacked Government Servers For $6.”
If you want to access a government server or Web site, all you need to do is download the Tor browser, access the xDedic marketplace on the Dark Web, and browse their catalog of endless government resources for sale. What is alarming is that some of these Web sites are being sold for as little as six dollars!
How did the xDedic “merchants” get access to these supposed secure government sites? It was through basic trial and error using different passwords until they scored a hit. Security firm Kaspersky Lab weighs in:
It is a hacker’s dream, simplifying access to victims, making it cheaper and faster, and opening up new possibilities for both cybercriminals and advanced threat actors,’ Kaspersky said.
Criminal hackers can use the servers to send spam, steal data such as credit card information, and launch other types of attack…Once buyers have done their work, the merchants put the server back up for sale. The inventory is constantly evolving.
It is believed that the people who built the xDedic are Russian-speakers, possibly from a country with that as a language. The Web site is selling mostly government site info from the Europe, Asia, and South America. The majority of the Web sites are marked as “other”, however. Kaspersky track down some of the victims and notified them of the stolen information.
The damage is already done. Governments should be investing in secure Web software and testing to see if they can hack into them to prevent future attacks. The Dark Web scores again.
Whitney Grace, December 21, 2016
Physiognomy for the Modern Age
December 6, 2016
Years ago, when I first learned about the Victorian-age pseudosciences of physiognomy and phrenology, I remember thinking how glad I was that society had evolved past such nonsense. It appears I was mistaken; the basic concept was just waiting for technology to evolve before popping back up, we learn from NakedSecurity’s article, “’Faception’ Software Claims It Can Spot Terrorists, Pedophiles, Great Poker Players.” Based in Isreal, Faception calls its technique “facial personality profiling.” Writer Lisa Vaas reports:
The Israeli startup says it can take one look at you and recognize facial traits undetectable to the human eye: traits that help to identify whether you’ve got the face of an expert poker player, a genius, an academic, a pedophile or a terrorist. The startup sees great potential in machine learning to detect the bad guys, claiming that it’s built 15 classifiers to evaluate certain traits with 80% accuracy. … Faception has reportedly signed a contract with a homeland security agency in the US to help identify terrorists.
The article emphasizes how problematic it can be to rely on AI systems to draw conclusions, citing University of Washington professor and “Master Algorithm” author Pedro Domingos:
As he told The Washington Post, a colleague of his had trained a computer system to tell the difference between dogs and wolves. It did great. It achieved nearly 100% accuracy. But as it turned out, the computer wasn’t sussing out barely perceptible canine distinctions. It was just looking for snow. All of the wolf photos featured snow in the background, whereas none of the dog pictures did. A system, in other words, might come to the right conclusions, for all the wrong reasons.
Indeed. Faception suggests that, for this reason, their software would be but one factor among many in any collection of evidence. And, perhaps it would—for most cases, most of the time. We join Vaas in her hope that government agencies will ultimately refuse to buy into this modern twist on Victorian-age pseudoscience.
Cynthia Murrell, December 6, 2016
Dawn of Blockchain Technology
November 24, 2016
Blockchain technology though currently powers the Bitcoin and other cryptocurrencies, soon the technology might find takers in mainstream commercial activities.
Blockgeeks in an in-depth article guide titled What Is Blockchain Technology? A Step-By-Step Guide for Beginners says:
The blockchain is an incorruptible digital ledger of economic transactions that can be programmed to record not just financial transactions but virtually everything of value.
Without getting into how the technology works, it would be interesting to know how and where the revolutionary technology can be utilized. Due to its inherent nature of being incorruptible due to human intervention and non-centralization, blockchain has numerous applications in the field of banking, remittances, shared economy, crowdfunding and many more, the list is just endless.
The technology will be especially helpful for people who transact over the Web and as the article points out:
Goldman Sachs believes that blockchain technology holds great potential especially to optimize clearing and settlements, and could represent global savings of up to $6bn per year.
Governments and commercial establishment, however, are apprehensive about it as blockchain might end their control over a multitude of things. Just because blockchain never stores data at one location. This also is the reason why Bitcoin is yet to gain full acceptance. But, can a driving force like blockchain technology that will empower the actual users can be stopped?
Vishal Ingole, November 24, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
In Connected World, Users Are Getting Reared as Slaughter Animals
November 22, 2016
Yahoo, Facebook, Google, WhatsApp, Instagram and Microsoft all have one thing in common; for any service that they provide for free, they are harnessing your private data to be sold to advertisers.
Mirror UK recently published an Op-Ed titled Who Is Spying on You? What Yahoo Hack Taught Us About Facebook, Google, and WhatsApp in which the author says:
Think about this for a second. All those emails you’ve written and received with discussions about politics and people that were assumed to be private and meant as inside jokes for you and your friends were being filtered through CIA headquarters. Kind of makes you wonder what you’ve written in the past few years, doesn’t it?
The services be it free email or free instant messaging have been designed and developed in such a way that the companies that own them end up with a humongous amount of information about its users. This data is sugarcoated and called as Big Data. It is then sold to advertisers and marketers who in the garb of providing immersive and customized user experience follow every click of yours online. This is akin to rearing animals for slaughtering them later.
The data is not just for sale to the corporates; law enforcement agencies can snoop on you without any warrants. As pointed out in the article:
While hypocritical in many ways, these tech giants are smart enough to know who butters their bread and that the perception of trust outweighs the reality of it. But isn’t it the government who ultimately ends up with the data if a company is intentionally spying on us and building a huge record about each of us?
None of the tech giants accept this fact, but most are selling your data to the government, including companies like Samsung that are into the hardware business.
Is there are a way that can help you evade this online snooping? Probably no if you consider mainstream services and social media platforms. Till then, if you want to stay below the radar, delete your accounts and data on all mainstream email service providers, instant messaging apps, service providing websites and social media platform.
Vishal Ingole, November 22, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The Trials, Tribulations, and Party Anecdotes Of “Edge Case” Names
May 16, 2016
The article titled These Unlucky People Have Names That Break Computers on BBC Future delves into the strange world of “edge cases” or people with unexpected or problematic names that reveal glitches in the most commonplace systems that those of us named “Smith” or “Jones” take for granted. Consider Jennifer Null, the Virginia woman who can’t book a plane ticket or complete her taxes without extensive phone calls and headaches. The article says,
“But to any programmer, it’s painfully easy to see why “Null” could cause problems for a database. This is because the word “null” is often inserted into database fields to indicate that there is no data there. Now and again, system administrators have to try and fix the problem for people who are actually named “Null” – but the issue is rare and sometimes surprisingly difficult to solve.”
It may be tricky to find people with names like Null. Because of the nature of the controls related to names, issues generally arise for people like Null on systems where it actually does matter, like government forms. This is not an issue unique to the US, either. One Patrick McKenzie, an American programmer living in Japan, has run into regular difficulties because of the length of his last name. But that is nothing compared to Janice Keihanaikukauakahihulihe’ekahaunaele, a Hawaiian woman who championed for more flexibility in name length restrictions for state ID cards.
Chelsea Kerwin, May 16, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Local News Station Produces Dark Web Story
April 22, 2016
The Dark Web continues to emerge as a subject of media interest for growing audiences. An article, Dark Web Makes Illegal Drug, Gun Purchases Hard To Trace from Chicago CBS also appears to have been shared as a news segment recently. Offering some light education on the topic, the story explains the anonymity possible for criminal activity using the Dark Web and Bitcoin. The post describes how these tools are typically used,
“Within seconds of exploring the deep web we found over 15,000 sales for drugs including heroin, cocaine and marijuana. In addition to the drugs we found fake Illinois drivers licenses, credit card and bank information and dangerous weapons. “We have what looks to be an assault rifle, AK 47,” said Petefish. That assault rifle AK 47 was selling for 10 bitcoin which would be about $4,000. You can buy bitcoins at bitcoin ATM machines using cash, leaving very little trace of your identity. Bitcoin currency along with the anonymity and encryption used on the dark web makes it harder for authorities to catch criminals, but not impossible.”
As expected, this piece touches on the infamous Silk Road case along with some nearby cases involving local police. While the Dark Web and cybercrime has been on our radar for quite some time, it appears mainstream media interest around the topic is slowly growing. Perhaps those with risk to be affected, such as businesses, government and law enforcement agencies will also continue catching on to the issues surrounding the Dark Web.
Megan Feil, April 22, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Battlefield Moves Online Forming Cyber Industrial Complex
April 13, 2016
Undoubtedly, in recent decades many processes and products have moved online. Warfare may not be exempt from this migration. Meet The Cyber-Industrial Complex: Private Contractors May Get $7B Windfall From Pentagon’s Cyberwar On ISIS, an article from International Business Times, tells us more. Defense Secretary Ashton Carter recently confirmed U.S. development of digital weapons and training of online soldiers. According to the article,
“Cyberwar threatens to cause havoc worldwide, but it could be good for the U.S. economy and a handful of publicly listed companies. Defense Secretary Ashton Carter, as part of a $582.7 billion budget request to fund his department through 2017, recently said nearly $7 billion of that will be allocated toward improving the military’s ability to develop and deploy offensive cyberweapons. That’s great news for a number of private contractors, who stand to benefit from the spending., and the highly skilled individuals they may end up hiring.”
The article explains these capabilities have been utilized by the U.S. in the past, such as the Kosovo war, but now the U.S. is claiming these tools and tactics. It is an interesting leap to visualize what attacks will evolve to look like on an online battlefield. Equally interesting is the article’s point about conflict being a business opportunity for some; it may also be true to say more problems, more money.
Megan Feil, April 13, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
For Sale: Your Bank Information
March 21, 2016
One of the common commodities for sale on the Dark Web is bank, credit card, social security numbers, and other personal information. This information can sell for a few bucks to hundreds of dollars depending on the quality and quantity of the information. In order to buy personal information, usually the interested parties must journey to the Dark Web, but the International Business Times tells us that “Confidential Bank Details Available For Sale On Easily Found Web Site” is for sale on the general Web and the information is being sold for as little as a couple pounds (or dollars for the US folks). The Web site had a pretty simple set up, interested parties register, and then they have access to the stolen information for sale.
Keith Vaz, chairman of the home affairs select committee, wants the National Crime Agency (NCA) to use its power and fulfill its purpose to shut the Web site down.
“A statement from the NCA said: “We do not routinely confirm or deny investigations nor comment on individual sites. The NCA, alongside UK and international law enforcement partners and the private sector, are working to identify and as appropriate disrupt websites selling compromised card data. We will work closely with partners of the newly established Home Office Joint Fraud Task Force to strengthen the response.”
Online scams are getting worse and more powerful in stealing people’s information. Overall, British citizens lost a total of 670 million pounds (or $972 million). The government, however, believes the total losses are more in the range of 27 billion pounds (or $39.17 billion).
Scams are getting worse, because the criminals behind them are getting smarter and know how to get around security defenses. Users need to wise up and learn about the Dark Web, take better steps to protect their information, and educate themselves on how to recognize scams.
Whitney Grace, March 21, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Facebook Exploits Dark Web to Avoid Local Censorship
March 9, 2016
The article on Nextgov titled Facebook Is Giving Users a New Way to Access It On the ‘Dark Web’ discusses the lesser-known services of the dark web such as user privacy. Facebook began taking advantage of the dark web in 2014, when it created a Tor address (recognizable through the .onion ending.) The article explains the perks of this for global Facebook users,
“Facebook’s Tor site is one way for people to access their accounts when the regular Facebook site is blocked by governments—such as when Bangladesh cut off access to Facebook, its Messenger and Whatsapp chat platforms, and messaging app Viber for about three weeks in November 2015. As the ban took effect, the overall number of Tor users in Bangladesh spiked by about 10 times, to more than 20,000 a day. When the ban was lifted, the number dropped..”
Facebook has encountered its fair share of hostility from international governments, particularly Russia. Russia has a long history of censorship, and has even clocked Wikipedia in the past, among other sites. But even if a site is not blocked, governments can still prevent full access through filtering of domain names and even specific keywords. The Tor option can certainly help global users access their Facebook accounts, but however else they use Tor is not publicly known, and Facebook’s lips are sealed.
Chelsea Kerwin, March 9, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Reviews on Dark Web Email Providers Shared by Freedom Hacker
February 10, 2016
The Dark Web has many layers of sites and services, as the metaphor provided in the .onion extension suggests. List of secure Dark Web email providers in 2016 was recently published on Freedom Hacker to detail and review the Dark Web email providers currently available. These services, typically offering both free and pro account versions, facilitate emailing without any type of third-party services. That even means you can forget any hidden Google scripts, fonts or trackers. According to this piece,
“All of these email providers are only accessible via the Tor Browser, an anonymity tool designed to conceal the end users identity and heavily encrypt their communication, making those who use the network anonymous. Tor is used by an array of people including journalists, activists, political-dissidents, government-targets, whistleblowers, the government and just about anyone since it’s an open-source free tool. Tor provides a sense of security in high-risk situations and is often a choice among high-profile targets. However, many use it day-to-day as it provides identity concealment seamlessly.”
We are intrigued by the proliferation of these services and their users. While usage numbers in this article are not reported, the write-up of the author’s top five email applications indicate enough available services to necessitate reviews. Equally interesting will be the response by companies on the clearweb, or the .com and other regular sites. Not to mention how the government and intelligence agencies will interact with this burgeoning ecosystem.
Megan Feil, February 10, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
