Internet Watch Fund Teams with Blockchain Forensics Startup
December 29, 2016
A British charity is teaming up with an online intelligence startup specializing in Bitcoin. The Register reports on this in their piece called, Bitcoin child abuse image pervs will be hunted down by the IWF. The Internet Watch Foundation, with the help of a UK blockchain forensics start-up, Elliptic, aims to identify individuals who use Bitcoin to purchase child abuse images online. The IWF will provide Elliptic with a database of Bitcoin addresses and Elliptic takes care of the rest. We learned,
The IWF has identified more than 68,000 URLs containing child sexual abuse images. UNICEF Malaysia estimates two million children across the globe are affected by sexual exploitation every year. Susie Hargreaves, IWF CEO, said, “Over the past few years, we have seen an increasing amount of Bitcoin activity connected to purchasing child sexual abuse material online. Our new partnership with Elliptic is imperative to helping us tackle this criminal use of Bitcoin.” The collaboration means Elliptic’s clients will be able to automatically monitor transactions they handle for any connection to proceeds of child sex abuse.
Machine learning and data analytics technologies are used by Elliptic to collect actionable evidence for law enforcement and intelligence agencies. The interesting piece of this technology, and others like it, is that it runs perhaps as surreptitiously in the background as those who use the Dark Web and Bitcoin for criminal activity believe they do.
Megan Feil, December 29, 2016
Victims of Their Own Foolishness
December 15, 2016
Incidences of law enforcement agencies arresting criminals for selling their services on Dark Web are increasing. However, their success can be attributed to the foolishness of the criminals, rather than technological superiority.
Cyber In Sight in a news report titled IcyEagle: A Look at the Arrest of an Alleged Dark Web Vendor, the reporter says:
the exact picture of how law enforcement has managed to track down and identify Glende remains unclear, the details released so far, provide an interesting behind the scenes view of the cybercrime-related postings we often highlight on this blog.
The suspect in this case inadvertently gave details of his service offerings on AlphaBay. Cops were able to zero on his location and managed to put him under arrest for drug peddling. The report reveals further:
An undercover officer purchased stolen bank account information from IcyEagle in March and April 2016, according to the indictment. Interestingly, Glende was also arrested by local police for selling drugs around the same time. A tip from U.S. Postal Inspectors led to police officers finding a “trove” of drugs at his Minnesota home in March.
It is thus apparent that the criminals, in general, are of the opinion that since they are selling on Dark Web, they are untraceable, which clearly is not the case. The trace, however, was possible only because the suspect handed it over himself. Hackers and real cyber criminals are still out of the ambit of law enforcement agencies, which needs to change soon.
Vishal Ingole, December 15, 2016
How Big a Hurdle Is Encryption Really?
December 12, 2016
At first blush, the recent Wiretap Report 2015 from United States Courts would seem to contradict law enforcement’s constant refrain that encryption is making their jobs difficult. Motherboard declares, “Feds and Cops Encountered Encryption in Only 13 Wiretaps in 2015.” This small number is down from 2014. Isn’t this evidence that law enforcement agencies are exaggerating their troubles? The picture is not quite so simple. Reporter Lorenzo Franceschi-Bicchierai writes:
Both FBI director James Comey, as well as Deputy Attorney General Sally Yates, argued last year that the Wiretap Report is not a good indicator. Yates said that the Wiretap Report only reflects number of interception requests ‘that are sought’ and not those where an investigator doesn’t even bother asking for a wiretap ‘because the provider has asserted that an intercept solution does not exist.
Obtaining a wiretap order in criminal investigations is extremely resource-intensive as it requires a huge investment in agent and attorney time,’ Yates wrote, answering questions from the chairman of the Senate’s Judiciary Committee, Sen. Chuck Grassley (R-IA). ‘It is not prudent for agents and prosecutors to devote resources to this task if they know in advance that the targeted communications cannot be intercepted.
That’s why Comey promised the agency is working on improving data collection ‘to better explain’ the problem with encryption when data is in motion. It’s unclear then these new, improved numbers will come out.
Of course, to what degree encryption actually hampers law enforcement is only one piece of a complex issue—whether we should mandate that law enforcement be granted “back doors” to every device they’d like to examine. There are the crucial civil rights concerns, and the very real possibility that where law enforcement can get in, so too can hackers. It is a factor, though, that we must examine objectively. Perhaps when we get that “better” data from the FBI, the picture will be more clear.
Cynthia Murrell, December 12, 2016
Torrent Anonymously with AlphaReign
December 12, 2016
Peer-to-peer file sharing gets a boost with AlphaReign, a new torrent sharing site that enables registered users to share files anonymously using Distributed Hash Table.
TorrentFreak in an article titled Alphareign: DHT Search Engine Takes Public Torrents Private says:
AlphaReign.se is a new site that allows users to find torrents gathered from BitTorrent’s ‘trackerless’ Distributed Hash Table, or DHT for short. While we have seen DHT search engines before, this one requires an account to gain access.
The biggest issue with most torrent sites is The Digital Millennium Copyright Act (DMCA), which prohibits the sites (if possible) and the search engines from displaying search results on the search engine result page. As content or torrent indexes on AlphaReign are accessible only to registered users, seeders and leechers are free to share files without risking themselves.
Though most files shared through torrents are copyrighted materials like movies, music, software and books, torrents are also used by people who want to share large files without being spied upon.
AlphaReign also manages to address a persistent issue faced by torrent sites:
AlphaReign with new software allows users to search the DHT network on their own devices, with help from peers. Such a system would remain online, even if the website itself goes down.
In the past, popular torrent search engines like YTS, KickAssTorrents, The Pirate Bay, Torrentz among many others have been shut down owing to pressure from law enforcement agencies. However, if AlphaReign manages to do what it claims to, torrent users are going to be the delighted.
Vishal Ingole, December 12, 2016
Associative Semantic Search Is a New Technology, Not a Mental Diagnosis
December 6, 2016
“Associative semantic” sounds like a new mental diagnosis for the DSM-V (Diagnostic and Statistical Manuel of Mental Disorders), but it actually is the name of a search technology that sounds like it amplifies the basic semantic search. Aistemos has the run down on the new search technology in the article, “Associative Semantic Search Technology: Omnity And IP.” Omnity is the purveyor of the “associative semantic search” and it makes the standard big data promise:
…the discovery of otherwise hidden, high-value patterns of interconnection within and between fields of knowledge as diverse as science, medicine, engineering, law and finance.
All of the companies centered on big data have this same focus or something similar, so what does Omnity offer that makes it stand out? It proposes to find connections between documents that do not directly correlate or cite one another. Omnity uses the word “accelerate” to explain how it will discover hidden patterns and expand knowledge. The implications mean semantic search would once again be augmented and more accurate.
Any industry that relies on detailed documents would benefit:
Such a facility would presumably enable someone to find references to relevant patents, technologies and prior art on a far wider scale than has hitherto been the case. The legal, strategic and commercial implications of being able to do this, for litigation, negotiation, due diligence, investment and forward planning are sufficiently obvious for us not to need to list them here.
The article suggests those who would most be interested in Omnity are intellectual property businesses. I can imagine academics would not mind getting their hands on the associative semantic search to power their research or law enforcement could use it to fight crime.
Whitney Grace, December 6, 2016
Social Media Surveillance Now a Booming Business
December 5, 2016
Many know that law enforcement often turns to social media for clues, but you may not be aware how far such efforts have gotten. LittleSis, a group that maps and publishes relationships between the world’s most powerful entities, shares what it has learned about the field of social-media spying in, “You Are Being Followed: The Business of Social Media Surveillance.”
LittleSis worked with MuckRock, a platform that shares a trove of original government documents online. The team identified eight companies now vending social-media-surveillance software to law enforcement agencies across the nation; see the article for the list, complete with links to more information on each company. Writer Aaron Cantú describes the project:
We not only dug into the corporate profiles of some of the companies police contract to snoop on your Tweets and Facebook rants, we also filed freedom of information requests to twenty police departments across the country to find out how, when, and why they monitor social media. …
One particularly well-connected firm that we believe is worth highlighting here is ZeroFOX, which actively monitored prominent Black Lives Matter protesters in Baltimore and labeled some of them, including former Baltimore mayoral candidate DeRay McKesson, ‘threat actors.’ The company reached out to Baltimore officials first, offering it services pro-bono, which ZeroFOX executives painted as a selfless gesture of civic responsibility. But city officials may have been especially receptive to ZeroFOX’s pitch because of the powerful names standing behind it.
Behind ZeroFOX are weighty names indeed, like Mike McConnell, former director of the NSA, and Robert Rodgiguez, who is tied to Homeland Security, the Secret Service, and a prominent security firm. Another company worth highlighting is Geofeedia, because its name appears in all the police-department records the project received so far. The article details how each of these departments have worked with that company, from purchase orders to contract specifications. According to its CEO, Geofeedia grew sevenfold in just the last two years.
Before closing with a call for readers to join the investigation through MuckRock, Cantú makes this key observation:
Because social media incites within us a compulsion to share our thoughts, even potentially illegal ones, law enforcement sees it as a tool to preempt behavior that appears threatening to the status quo. We caught a glimpse of where this road could take us in Michigan, where the local news recently reported that a man calling for civil unrest on Facebook because of the Flint water crisis was nearly the target of a criminal investigation. At its worst, social media monitoring could create classes of ‘pre-criminals’ apprehended before they commit crimes if police and prosecutors are able to argue that social media postings forecast intent. This is the predictive business model to which Geofeedia CEO Phil Harris aspires. [The link goes to a 23-minute interview with Harris at YouTube.]
Postings forecast intent”— because no one ever says anything online they don’t really mean, right? There is a reason the pre-crime-arrest concept is fodder for tales of dystopian futures. Where do details like civilian oversight and the protection of civil rights come in?
Cynthia Murrell, December 5, 2016
Big Data on Crime
December 5, 2016
An analytics company that collects crime related data from local law enforcement agencies plans to help reduce crime rates by using Big Data.
CrimerReports.com, in its FAQs says:
The data on CrimeReports is sent on an hourly, daily, or weekly basis from more than 1000 participating agencies to the CrimeReports map. Each agency controls their data flow to CrimeReports, including how often they send data, which incidents are included.
Very little is known about the service provider. WhoIs Lookup indicates that though the domain was registered way back in 1999, it was updated few days back on November 25th 2016 and is valid till November 2, 2017.
CrimeReports is linked to a local law enforcement agency that selectively shares the data on crime with the analytics firm. After some number crunching, the service provider then sends the data to its subscribers via emails. According to the firm:
Although no formal, third-party study has been commissioned, there is anecdotal evidence to suggest that public-facing crime mapping—by keeping citizens informed about crime in their area—helps them be more vigilant and implement crime prevention efforts in their homes, workplaces, and communities. In addition, there is anecdotal evidence to suggest that public-facing crime mapping fosters more trust in local law enforcement by members of the community.
To maintain data integrity, the data is collected only through official channels. The crime details are not comprehensive, rather they are redacted to protect victim and criminal’s privacy. As of now, CrimeReports get paid by law enforcement agencies. Certainly, this is something new and probably never tried.
Vishal Ingole, December 5, 2016
In Connected World, Users Are Getting Reared as Slaughter Animals
November 22, 2016
Yahoo, Facebook, Google, WhatsApp, Instagram and Microsoft all have one thing in common; for any service that they provide for free, they are harnessing your private data to be sold to advertisers.
Mirror UK recently published an Op-Ed titled Who Is Spying on You? What Yahoo Hack Taught Us About Facebook, Google, and WhatsApp in which the author says:
Think about this for a second. All those emails you’ve written and received with discussions about politics and people that were assumed to be private and meant as inside jokes for you and your friends were being filtered through CIA headquarters. Kind of makes you wonder what you’ve written in the past few years, doesn’t it?
The services be it free email or free instant messaging have been designed and developed in such a way that the companies that own them end up with a humongous amount of information about its users. This data is sugarcoated and called as Big Data. It is then sold to advertisers and marketers who in the garb of providing immersive and customized user experience follow every click of yours online. This is akin to rearing animals for slaughtering them later.
The data is not just for sale to the corporates; law enforcement agencies can snoop on you without any warrants. As pointed out in the article:
While hypocritical in many ways, these tech giants are smart enough to know who butters their bread and that the perception of trust outweighs the reality of it. But isn’t it the government who ultimately ends up with the data if a company is intentionally spying on us and building a huge record about each of us?
None of the tech giants accept this fact, but most are selling your data to the government, including companies like Samsung that are into the hardware business.
Is there are a way that can help you evade this online snooping? Probably no if you consider mainstream services and social media platforms. Till then, if you want to stay below the radar, delete your accounts and data on all mainstream email service providers, instant messaging apps, service providing websites and social media platform.
Vishal Ingole, November 22, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Good Old Sleuthing Can Still Beat Dark Web
November 8, 2016
Undercover investigative work of different agencies in Bergen County, New York resulted in arrest of an 18-year old man who was offering hitman services over the Dark Net.
As reported by Patch.com in news report titled Hitman Who Drove To Mahwah For Meeting Arrested: Prosecutor :
The Mahwah Police Department, Homeland Security Investigations, and the Bergen County Prosecutor’s Office Cyber Crimes Unit investigated Rowling, a Richmondville, New York resident. Rowling allegedly used the dark web to offer his services as a hitman.
Tracking Dark Web participants are extremely difficult, thus undercover agents posing as buyers were scouting hitmen in New York. Rowling without suspecting anything offered his services in return for some cash and a gun. The meeting was fixed at Mason Jar in Mahwah where he was subsequently arrested and remanded to Bergen County Jail.
As per the report, Rowling is being charged with:
In addition to conspiracy to murder, Rowling was charged with possession of a weapon for an unlawful purpose, unlawful possession of a weapon, and possession of silencer, Grewal said.
Drug traffickers, hackers, smugglers of contraband goods and narcotics are increasingly using the Dark Web for selling their goods and services. Authorities under such circumstances have no option but to use old techniques of investigation and put the criminals behind bars. However, most of the Dark Net and its participants are still out of reach of law enforcement agencies.
Vishal Ingole, November 8, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Facial Recognition Fraught with Inaccuracies
November 2, 2016
Images of more than 117 million adult Americans are with law enforcement agencies, yet the rate of accurately identifying people accurately is minuscule.
A news report by The Register titled Meanwhile, in America: Half of adults’ faces are in police databases says:
One in four American law enforcement agencies across federal, state, and local levels use facial recognition technology, the study estimates. And now some US police departments have begun deploying real-time facial recognition systems.
Though facial recognition software vendors claim accuracy rates anywhere between 60 to 95 percent, statistics tell an entirely different story:
Of the FBI’s 36,420 searches of state license photo and mug shot databases, only 210 (0.6 per cent) yielded likely candidates for further investigations,” the study says. “Overall, 8,590 (4 per cent) of the FBI’s 214,920 searches yielded likely matches.
Some of the impediments for accuracy include low light conditions in which the images are captured, lower procession power or numerous simultaneous search requests and slow search algorithms. The report also reveals that human involvement also reduces the overall accuracy by more than 50 percent.
The report also touches a very pertinent point – privacy. Police departments and other law enforcement agencies are increasingly deploying real-time facial recognition. It not only is an invasion of privacy but the vulnerable networks can also be tapped into by non-state actors. Facial recognition should be used only in case of serious crimes, using it blatantly is an absolute no-no. It can be used in many ways for tracking people, even though they may not be criminals. Thus, it remains to be answered, who will watch the watchmen?
Vishal Ingole, November 2, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
