‘scary

now browsing by tag

 
 

#deepweb | What it is and why it’s not so scary

Source: National Cyber Security – Produced By Gregory Evans

What you don’t know about the dark web might be exploited by a ‘dark web intelligence’ vendor. Forrester’s Josh Zelonis offers a simple explanation and some helpful pointers.

The dark web is nothing fancy. It’s really just a different series of protocols.

Commonly, when surfing the web, transport layer security (TLS) is the cryptographic protocol that provides confidentiality for your communication with the server. The green lock on your URL bar is an assurance, but not a guarantee, that you’re communicating confidentially with who you think you are.

While TLS is designed to provide confidentiality and identity, dark web protocols are designed to provide confidentiality and anonymity. There are many of these dark net protocols, but Tor is by far the most common, likely because of its use of exit nodes to allow a user to obtain anonymity on the public internet by routing traffic across the Tor network.

Don’t trust anything

The quality of your collection strategy dictates how confident you can be in your analysis – garbage in, garbage out. This is an often-ignored part of dark web marketing.

Anonymous networks help segment your actual identity from the persona (or avatar) you develop on these dark nets. Because of this, the reputation of your developed persona is the only currency you truly have. On anonymous networks, reputation is everything.

Also, remember that there’s no guarantee the person behind the persona you are interacting with isn’t a criminal, a threat intelligence company or possibly even law enforcement. The story of the Besa Mafia is a great example of criminals scamming criminals, getting hacked themselves, and then law enforcement arresting people who were trying to hire these fake hitmen. It’s also not uncommon for law enforcement to take control of a hidden site and continue hosting it in the hope of de-anonymising users.

Basically, trust nothing on the dark web.

‘There is some really bad stuff on dark nets, but they also are a critical resource’

Developing personas to obtain and, more importantly, maintain access is time-consuming and most of the work involved with good tradecraft on the dark web. Be wary that some ‘dark web intelligence’ offerings skip the hard part and are just using technical collection to scrape information from essentially public markets and forums.

To say this is a commodity capability would be a major understatement as the ability to automate the scraping of websites is as old as the internet and, as we’ve established, dark networks really just reflect a difference in protocol selection.

The use of the iceberg metaphor is a clever bit of psychological warfare – I mean, ‘marketing’ to remind you that they have access to all this stuff under the surface that you don’t. As someone who evaluates these vendors, many of them don’t either. You mind find yourself saying, ‘I registered for access and all I got was this low-confidence assessment’.

Intelligence v collection

Any company selling you on dark web intelligence is only talking about its collection strategy, and there are big problems with that.

After collection, the next challenge would be processing and exploitation. Processing is frequently discussed as stripping out things such as HTML tags from the raw data that has been collected. If you think that is a big deal, I have a regular expression (regex) to sell you.

Where things get interesting is trying to exploit this data to get something useful on an analyst’s desk. For example, very few, if any, public sector vendors have swathes of analysts translating everything on the dark web on a daily basis from languages such as Arabic, Farsi, Spanish, Russian and Mandarin. How is this being done at the same scale as collection?

Furthermore, how does your translation software handle slang? Without specific knowledge of a particular group, you would have no idea if they are using the code name ‘Iowa’ when describing a target in Iran.

Then there’s something I call ‘the Target problem’. Target is a retail chain with stores in the US, Canada and India – many of you may be familiar with the brand. Now, imagine the data problem created in attempting to parse out relevant chatter about the Target brand from the rest of the noise on the internet. Incidentally, the string ‘target’ appears five times in this article and only three times in the context of the retailer.

A vendor cannot have an appreciation of these problems and not talk about their solution to them. If they are just trying to sell you on their ability to collect data from the dark web and then show you their platform, you don’t need to see the platform.

The bright side of the dark web

There is some really bad stuff on dark nets, but they also are a critical resource. Anonymous networks are critical to journalists, whistleblowers, survivors of domestic abuse, people with sensitive medical conditions, the politically oppressed and more.

I’m going to wrap this piece with a bit of a personal appeal. Please consider supporting projects such as the Tor Project or Tails. And, if you’re in a decision-making position at an organisation where people might assemble or seek to obtain information, please ensure that your site is useable when coming from a Tor exit node with JavaScript turned off.

Unlike so much that we do in the cyberdomain, this can actually save lives.

By Josh Zelonis

Josh Zelonis is a principal analyst at Forrester serving security and risk professionals by helping them continuously adapt their architecture, policies and processes to evolving threats. His research focuses on threat intelligence, vulnerability assessment and management, malware analysis and incident response.

A version of this article originally appeared on the Forrester blog.

Source link
——————————————————————————————————

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference
_______________________________________________________________________________

The post #deepweb | What it is and why it’s not so scary appeared first on National Cyber Security.

View full post on National Cyber Security

Tinder hacked? #Scary #security #flaws discovered in #raft of popular #dating apps

Source: National Cyber Security – Produced By Gregory Evans

Tinder hacked? #Scary #security #flaws discovered in #raft of popular #dating apps

A bevy of mobile dating apps including the infamous Tinder, have vulnerabilities that could reveal a user’s messages and the people they have viewed in the apps.

Researchers from security firm Kaspersky Lab found that it was very easy to effectively online stalk Tinder, Bumble and Happn users due to the amount of information the apps display about their users, such as jobs and education, as well as linking to easily accessed Instagram accounts.

With this data, the researchers found that in 60% of cases, they were able to find a user’s social media profile on sites such as Facebook and LinkedIn, which reveal the person’s full or real name.

Furthermore, stalkers with a bit of technical nous and plenty of time on their hands can use location based apps like Tinder and Happn to work out a user’s exact location.

“Even though the application doesn’t show in which direction, the location can be learned by moving around the victim and recording data about the distance to them,” the researchers explained.

“This method is quite laborious, though the services themselves simplify the task: an attacker can remain in one place, while feeding fake coordinates to a service, each time receiving data about the distance to the profile owner.”

But more alarming still is that in a clutch of dating apps data flowing between them and the social media sites they connect to in order to authenticate user’s, mainly Facebook, is vulnerable to interception.

Authentication tokens from Facebook can be stolen by hackers and used to gain access to the victim’s dating app account. From there the hackers can access messages and other user-specific content and activities.

“In addition, almost all the apps store photos of other users in the smartphone’s memory. This is because apps use standard methods to open web pages: the system caches photos that can be opened. With access to the cache folder, you can find out which profiles the user has viewed,” the researchers added.

This situation isn’t helped with some of the apps found to be transmitting unencrypted sensitive data, for example Mamba transmits message data in an unencrypted format.

Kaspersky Lab has alerted the app makers, who should move to fix the vulnerabilities, but in the meantime the researchers suggest users of dating apps don’t put their job or place of work on their profiles and avoid unsecured public Wi-Fi networks.

Read more at

The post Tinder hacked? #Scary #security #flaws discovered in #raft of popular #dating apps appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Why Online Dating Will ONLY Work If You Also Do THIS (Sorta Scary) Thing, Too

Are you willing to take the risk? Dating is hard. Even in today’s modern age with so many options for online dating — from simple apps where you swipe to online matchmaking services that use complex algorithms — finding the right person can still be a serious challenge. Some people spend years typing their info into apps and dating sites only to ask, “Does online dating even work?!” In the latest In-Depth video from YourTango Experts, neuroscientist Lucy Brown and biological anthropologist Helen Fisher talk about whether online dating is enough to find love. Read More…. View full post on Dating Scams 101

Streaming Scary Movies for Halloween

View full post on Common Sense Blog – Parenting, media, and everything in between – No name







#pso #htcs #b4inc

Read More

The post Streaming Scary Movies for Halloween appeared first on Parent Security Online.

View full post on Parent Security Online

How to Deal with Scary News About Social Media

View full post on Common Sense Blog – Parenting, media, and everything in between – No name







#pso #htcs #b4inc

Read More

The post How to Deal with Scary News About Social Media appeared first on Parent Security Online.

View full post on Parent Security Online

Wanted teen hacker says it’s ‘scary’ how easily he was able to leave Australia

Source: National Cyber Security – Produced By Gregory Evans

Wanted teen hacker says it’s ‘scary’ how easily he was able to leave Australia

At a time of heightenedSECURITY fears, a teenage hacker has left authorities red-faced and raised serious questions about borderSECURITY. Dylan Wheeler was just 17 when police charged him with being part of a group that allegedly hacked into theCOMPUTERS ofMICROSOFT and the US Army. He ended up fleeing the country, facing a possible 10-year jail sentence, even though he’d been ordered to surrender his passport. Now he’s told Lauren Day he has no regrets and no plans to return. DYLAN WHEELER, HACKER: To be honest, I don’t see it as on the run. I mean, what’s coming out of Australia now, I don’t really want to be associated with the politics. All these draconian laws, I don’t feel comfortable calling myself Australian. Really, I feel a lot better being free. LAUREN DAY, REPORTER: Dylan Wheeler’s not your average opinionated 19-year-old on a gap year. He’s wanted by police and his name is on a Europol list. If found guilty, he faces up to 10 years in jail. DYLAN WHEELER: At this point in time, I don’t plan to return to Australia. This is on the advice of human rights lawyers I’ve spoken to. Basically because I am not guaranteed a […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Wanted teen hacker says it’s ‘scary’ how easily he was able to leave Australia appeared first on National Cyber Security.

View full post on National Cyber Security

We Spoke To A North Korean Defector Who Trained With Its Hackers — What He Said Is Pretty Scary Read more: http://www.businessinsider.com/north-korean-defector-jang-se-yul-trained-with-hackers-2014-12#ixzz3Mw6LRx8J

We Spoke To A North Korean Defector Who Trained With Its Hackers — What He Said Is Pretty Scary  Read more: http://www.businessinsider.com/north-korean-defector-jang-se-yul-trained-with-hackers-2014-12#ixzz3Mw6LRx8J

Whether North Korea was responsible for the Sony hack or not, the consensus is that North Korea has some of the best hackers in the world. There have been some reports recently about North Korea’s special cyber warfare unit, known […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security

Israeli hackers ‘scary talented,’ says security expertNational Cyber Security

nationalcybersecurity.com – Israeli hackers are young and scary — scary talented, that is. That’s the observation of a man who knows what hacking is all about. Antonio Forzieri. EMEA Cyber Security head for security firm Syma…

View full post on Hi-Tech Crime Solutions Weekly

Israeli hackers ‘scary talented,’ says security expert

Israeli hackers ‘scary talented,’ says security expert

Israeli hackers are young and scary — scary talented, that is. That’s the observation of a man who knows what hacking is all about. Antonio Forzieri. EMEA Cyber Security head for security firm Symantec. “I’ve seen hackers at work all […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security