Reputable News Site Now on the Dark Web
March 28, 2016
Does the presence of a major news site lend an air of legitimacy to the Dark Web? Wired announces, “ProPublica Launches the Dark Web’s First Major News Site.” Reporter Andy Greenberg tells us that ProPublica recently introduced a version of their site running on the Tor network. To understand why anyone would need such a high level of privacy just to read the news, imagine living under a censorship-happy government; ProPublica was inspired to launch the site while working on a report about Chinese online censorship.
Why not just navigate to ProPublica’s site through Tor? Greenberg explains the danger of malicious exit nodes:
“Of course, any privacy-conscious user can achieve a very similar level of anonymity by simply visiting ProPublica’s regular site through their Tor Browser. But as Tigas points out, that approach does leave the reader open to the risk of a malicious ‘exit node,’ the computer in Tor’s network of volunteer proxies that makes the final connection to the destination site. If the anonymous user connects to a part of ProPublica that isn’t SSL-encrypted—most of the site runs SSL, but not yet every page—then the malicious relay could read what the user is viewing. Or even on SSL-encrypted pages, the exit node could simply see that the user was visiting ProPublica. When a Tor user visits ProPublica’s Tor hidden service, by contrast—and the hidden service can only be accessed when the visitor runs Tor—the traffic stays under the cloak of Tor’s anonymity all the way to ProPublica’s server.”
The article does acknowledge that Deep Dot Web has been serving up news on the Dark Web for some time now. However, some believe this move from a reputable publisher is a game changer. ProPublica developer Mike Tigas stated:
“Personally I hope other people see that there are uses for hidden services that aren’t just hosting illegal sites. Having good examples of sites like ProPublica and Securedrop using hidden services shows that these things aren’t just for criminals.”
Will law-abiding, but privacy-loving, citizens soon flood the shadowy landscape of the Dark Web.
Cynthia Murrell, March 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
How Sony Was Hacked
March 15, 2016
Remember when Sony was gearing up to release the controversial flick The Interview starring James Franco and Seth Rogen and how the CIA recruited them to kill Kim Jong-un, when suddenly their system was hacked? The people who hacked Sony called themselves “God’sApstls” and demanded the production company pay them an undisclosed amount of money or else they would “be bombarded as a whole.” Sony Pictures ignored the threat and the studio was taken offline for weeks, resulting in $35 million IT damages.
Motherboard investigated the current status of the Sony attack, it took place in 2014, which the company is still reeling from, “These Are The Cyberweapons Used To Hack Sony.” The FBI officially stated that the hackers were on the North Korean pay roll and still going about their business. A security researcher coalition thinks they can expose the hackers’ extensive malware arsenal.
“Andre Ludwig, the senior technical director at Novetta Research and Interdiction Group, said that the investigation started from four hashes (values that uniquely identify a file) that the Department of Homeland security published after the attack. With those few identifying strings, and after months of sleuthing, the researchers found 2,000 malware samples, both from online malware portal VirusTotal, as well as from antivirus companies. Of those, they manually reviewed and catalogued 1,000, and were able to identify 45 unique malware strains, revealing that the Sony hackers had an arsenal more sophisticated and varied than previously thought.”
The goal is to disrupt the hacker group often enough that they have to use their time, resources, and energy to rebuild their defenses and even lose some of their capabilities. They also might lose access to their past victims. There is good suspicion, however, to believe the hackers were not North Koreans:
“As it turns out, the hackers’ arsenal contains not only malware capable of wiping and destroying files on a hard disk like the Sony hack, but also Distributed Denial of Service (DDoS) tools, tools that allow for remotely eavesdropping on a victim’s computer, and more, according to the report. The researchers tracked some of this tools in cyberattacks and espionage operations that go as far as back as 2009, perhaps even 2007, showing the hackers that hit Sony have a long history.”
What the data reveals is that the hackers have been around for a long, long time (perhaps the North Korean government simply hired them?) and have had years to build up their arsenal. The counteroffensive, however, has built up its own and learned from the Sony hack job, pitting the hackers’ tools against them in hopes they will not be as effective in the future.
Warriors…er…coders, hackers, developers, etc. learn from each other to build stronger and better tools. The old adage, “the enemy of my enemy is my friend,” so who is the hackers’ enemy-other than the obvious USA?
Whitney Grace, March 15, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Germany Launches Malware to Spy on Suspicious Citizens
March 10, 2016
The article titled German Government to Use Trojan Spyware to Monitor Citizens on DW explains the recent steps taken in Germany to utilize Trojans, or software programs, created to sneak into someone else’s computer. Typically they are used by hackers to gain access to someone’s data and steal valuable information. The article states,
“The approval will help officials get access to the suspect’s personal computer, laptop and smartphone. Once the spyware installs itself on the suspect’s device, it can skim data on the computer’s hard drive and monitor ongoing chats and conversations. Members of the Green party protested the launching of the Trojan, with the party’s deputy head Konstantin von Notz saying, “We do understand the needs of security officials, but still, in a country under the rule of law, the means don’t justify the end.”
Exactly whom the German government wants to monitor is not discussed in the article, but obviously there is growing animosity towards not only the Syrian refugees but also all people of Middle Eastern descent. Some of this hostility is based in facts and targeted, but the growing prejudice towards innocent people who share nothing but history with terrorists is obviously cause for concern in Germany, Europe, and the United States as well. One can only imagine how President Trump might cavalierly employ malware to spy on an entire population that he has already stated his distrust of in the most general terms.
Chelsea Kerwin, March 10, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
The FBI Uses Its Hacking Powers for Good
March 4, 2016
In a victory for basic human decency, Engadget informs us, the “FBI Hacked the Dark Web to Bust 1,500 Pedophiles.” Citing an article at Vice Motherboard, writer Jessica Conditt describes how the feds identified their suspects through a site called (brace yourself) “Playpen,” which was launched in August 2014. We learn:
Motherboard broke down the FBI’s hacking process as follows: The bureau seized the server running Playpen in February 2015, but didn’t shut it down immediately. Instead, the FBI took “unprecedented” measures and ran the site via its own servers from February 20th to March 4th, at the same time deploying a hacking tool known internally as a network investigative technique. The NIT identified at least 1,300 IP addresses belonging to visitors of the site.
“Basically, if you visited the homepage and started to sign up for a membership, or started to log in, the warrant authorized deployment of the NIT,” a public defender for one of the accused told Motherboard. He said he expected at least 1,500 court cases to stem from this one investigation, and called the operation an “extraordinary expansion of government surveillance and its use of illegal search methods on a massive scale,” Motherboard reported.
Check out this article at Wired to learn more about the “network investigative technique” (NIT). This is more evidence that, if motivated, the FBI is perfectly capable of leveraging the Dark Web to its advantage. Good to know.
Cynthia Murrell, March 4, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
More Hacked US Voter Data Appears on the Dark Web
February 25, 2016
From HackRead comes a piece called More US Voters Data Circulating on the Dark Net, which points to the lack of protection surrounding data on US voters. This data was leaked on the site The Hell on Dark Web. No reports yet suggest how this data was hacked. While no social security numbers or highly sensitive information was released, records include name, date of birth, voter registration dates, voting records, political affiliation and address. Continuing the explanation of implications, the article’s author writes,
“However, it provides any professional hacker substantial information to initiate and plan a phishing attack in the next election which takes place in the US. Recent discoveries, news and speculations have exposed the role of nation-state actors and cyber criminals in planning, instigating and initiating hacking attacks aimed at maligning the upcoming US elections. While social media has emerged as one of the leading platforms adopted by politicians when they wish to spread a certain message or image, cyber criminals and non-state actors are also utilizing the online platform to plan and initiate their hacking attacks on the US election.”
As the article reminds us, this is the not first instance of voter records leaking. Such leaks call into question how this keeps happening and makes us wonder about any preventative measures. The last thing needed surrounding public perception of voting is that it puts one at risk for cyber attacks. Aren’t there already enough barriers in place to keep individuals from voting?
Megan Feil, February 25, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
monograph
Cybercrime as a Service Impacts Hotel Industry and Loyalty Points
February 4, 2016
The marketplaces of the Dark Web provide an interesting case study in innovation. Three types of Dark Web fraud aimed at the hotel industry, for example, was recently published on Cybel Blog. Delving into the types of cybercrime related to the hospitality industry, the article, like many others recently, discusses the preference of cybercriminals in dealing with account login information as opposed to credit cards as detectability is less likely. Travel agencies on the Dark Web are one such way cybercrime as a service exists:
“Dark Web “travel agencies” constitute a third type of fraud affecting hotel chains. These “agencies” offer room reservations at unbeatable prices. The low prices are explained by the fact that the seller is using fraud and hacking. The purchaser contacts the seller, specifying the hotel in which he wants to book a room. The seller deals with making the reservation and charges the service to the purchaser, generally at a price ranging from a quarter to a half of the true price per night of the room. Many sellers boast of making bookings without using stolen payment cards (reputed to be easy for hotels to detect), preferring to use loyalty points from hacked client accounts.”
What will they come up with next? The business to consumer (B2C) sector includes more than hotels and presents a multitude of opportunities for cybertheft. Innovation must occur on the industry side as well in order to circumvent such hacks.
Megan Feil, February 4, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Many Companies Worldwide Underprepared for Cyber Attacks
January 19, 2016
A recent survey from KPMG Capital suggests that only about half the world’s CEOs feel their companies are “fully prepared” to counter a cyber breach in the next three years. One notable exception: businesses in the U.S., where about ninety percent of CEOs feel their companies are ready to fend off hackers. We are not surprised that KPMG is gathering information on in the subject, since it recently took an equity stake in cyber-intelligence firm Norse Corp.
KPMG Australia comments on the survey’s results in its post, “Cyber Security: A Failure of Imagination.” The write-up relates:
“According to the 2015 KPMG CEO Outlook Study [PDF] of more than 1,200 CEOs, one out of five indicated that information security is the risk they are most concerned about. ‘Collectively we sleepwalked into a position of vulnerability when it comes to cyber,’ said Malcolm Marshall, Global Head of Cyber Security at KPMG. ‘This combination of lack of preparedness and concern, from those organizations that are among the best equipped to deal with risks of this magnitude, clearly illustrates cyber security challenges remain severely unaddressed.’”
A lack of skilled cyber-security workers seems to be a large part of the problem, particularly ones who also have management or social-science skills. However, we’re told the root cause here is the “failure to imagine” what hackers can do and might try before they’ve tried it. Clearly, many executives would do well to get themselves up to speed on the subject, before their companies fall victim.
Cynthia Murrell, January 19, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Know Thy Hacker
December 10, 2015
Writer Alastair Paterson at SecurityWeek suggests that corporations and organizations prepare their defenses by turning a hacking technique against the hackers in, “Using an Attacker’s ‘Shadow’ to Your Advantage.” The article explains:
“A ‘digital shadow’ is a subset of a digital footprint and consists of exposed personal, technical or organizational information that is often highly confidential, sensitive or proprietary. Adversaries can exploit these digital shadows to reveal weak points in an organization and launch targeted attacks. This is not necessarily a bad thing, though. Some digital shadows can prove advantageous to your organization; the digital shadows of your attackers. The adversary also casts a shadow similar to that of private and public corporations. These ‘shadows’ can be used to better understand the threat you face. This includes attacker patterns, motives, attempted threat vectors, and activities. Armed with this enhanced understanding, organizations are better able to assess and align their security postures.”
Paterson observes that one need not delve into the Dark Web to discern these patterns, particularly when the potential attacker is a “hactivist” (though one can find information there, too, if one is so bold). Rather, hactivists often use social media to chronicle their goals and activities. Monitoring these sources can give a company clues about upcoming attacks through records like target lists, responsibility claims, and discussions on new hacking techniques. Keeping an eye on such activity can help companies build appropriate defenses.
Cynthia Murrell, December 10, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
How to Search the Ashley-Madison Data and Discover If You Had an Affair Too
August 26, 2015
If you haven’t heard about the affair-promoting website Ashley Madison’s data breach, you might want to crawl out from under that rock and learn about the millions of email addresses exposed by hackers to be linked to the infidelity site. In spite of claims by parent company Avid Life Media that users’ discretion was secure, and that the servers were “kind of untouchable,” as many as 37 million customers have been exposed. Perhaps unsurprisingly, a huge number of government and military personnel have been found on the list. The article on Reuters titled Hacker’s Ashley Madison Data Dump Threatens Marriages, Reputations also mentions that the dump has divorce lawyers clicking their heels with glee at their good luck. As for the motivation of the hackers? The article explains,
“The hackers’ move to identify members of the marital cheating website appeared aimed at maximum damage to the company, which also runs websites such as Cougarlife.com andEstablishedMen.com, causing public embarrassment to its members, rather than financial gain. “Find yourself in here?,” said the group, which calls itself the Impact Team, in a statement alongside the data dump. “It was [Avid Life Media] that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it.”
If you would like to “find yourself” or at least check to see if any of your email addresses are part of the data dump, you are able to do so. The original data was put on the dark web, which is not easily accessible for most people. But the website Trustify lets people search for themselves and their partners to see if they were part of the scandal. The website states,
“Many people will face embarrassment, professional problems, and even divorce when their private details were exposed. Enter your email address (or the email address of your spouse) to see if your sexual preferences and other information was exposed on Ashley Madison or Adult Friend Finder. Please note that an email will be sent to this address.”
It’s also important to keep in mind that many of the email accounts registered to Ashley Madison seem to be stolen. However, the ability to search the data has already yielded some embarrassment for public officials and, of course, “family values” activist Josh Duggar. The article on the Daily Mail titled Names of 37 Million Cheating Spouses Are Leaked Online: Hackers Dump Huge Data File Revealing Clients of Adultery Website Ashley Madison- Including Bankers, UN and Vatican Staff goes into great detail about the company, the owners (married couple Noel and Amanda Biderman) and how hackers took it upon themselves to be the moral police of the internet. But the article also mentions,
“Ashley Madison’s sign-up process does not require verification of an email address to set up an account. This means addresses might have been used by others, and doesn’t prove that person used the site themselves.”
Some people are already claiming that they had never heard of Ashley Madison in spite of their emails being included in the data dump. Meanwhile, the Errata Security Blog entry titled Notes on the Ashley-Madison Dump defends the cybersecurity of Ashley Madison. The article says,
“They tokenized credit card transactions and didn’t store full credit card numbers. They hashed passwords correctly with bcrypt. They stored email addresses and passwords in separate tables, to make grabbing them (slightly) harder. Thus, this hasn’t become a massive breach of passwords and credit-card numbers that other large breaches have lead to. They deserve praise for this.”
Praise for this, if for nothing else. The impact of this data breach is still only beginning, with millions of marriages and reputations in the most immediate trouble, and the public perception of the cloud and cybersecurity close behind.
Chelsea Kerwin, August 26, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
