Things

now browsing by tag

 
 

The Debate Over How to Encrypt the Internet of Things

Source: National Cyber Security – Produced By Gregory Evans Internet-connected gadgets like lightbulbs and fitness trackers are notorious for poor security. That’s partly because they’re often made cheaply and with haste, which leads to careless mistakes and outsourcing of problematic parts. But it’s also partly due to the lack of computing power in the first […] View full post on AmIHackerProof.com

#deepweb | Dark web websites: 10 things you should know

Source: National Cyber Security – Produced By Gregory Evans

Back in the 1970s, “darknet” wasn’t an ominous term: it simply referred to networks that were isolated from the mainstream of ARPANET for security purposes. But as ARPANET became the internet and then swallowed up nearly all the other computer networks out there, the word came to identify areas that were connected to the internet but not quite of it, difficult to find if you didn’t have a map.

The so-called dark web, a catch-all phrase covering the parts of the internet not indexed by search engines, is the stuff of grim legend. But like most legends, the reality is a bit more pedestrian. That’s not to say that scary stuff isn’t available on dark web websites, but some of the whispered horror stories you might’ve heard don’t make up the bulk of the transactions there.

We spoke to some security pros who offered to give us a bit of a guided tour of the web’s nether regions. Hopefully it will demystify things a bit.

Here are ten things you might not know about the dark web.

New dark web sites pop up every day…

A 2015 white paper from threat intelligence firm Recorded Future examines the linkages between the Web you know and the darknet. The paths usually begin on sites like Pastebin, originally intended as an easy place to upload long code samples or other text but now often where links to the anonymous Tor network are stashed for a few days or hours for interested parties. 

While searching for dark web sites isn’t as easy as using Google—the point is to be somewhat secretive, after all—there are ways to find out what’s there.  The screenshot below was provided by Radware security researcher Daniel Smith, and he says it’s the product of “automatic scripts that go out there and find new URLs, new onions, every day, and then list them. It’s kind of like Geocities, but 2018″—a vibe that’s helped along by pages with names like “My Deepweb Site,” which you can see on the screenshot.

fresh onions Daniel Smith

…and many are perfectly innocent

Matt Wilson, chief information security advisor at BTB Security, says that “there is a tame/lame side to the dark web that would probably surprise most people. You can exchange some cooking recipes—with video!—send email, or read a book. People use the dark web for these benign things for a variety of reasons: a sense of community, avoiding surveillance or tracking of internet habits, or just to do something in a different way.”

It’s worth remembering that what flourishes on darknet is material that’s been banned elsewhere online. For example, in 2015, in the wake of the Chinese government cracking down on VPN connections through the so-called “great firewall,” Chinese-language discussions started popping up on the darknet — mostly full of people who just wanted to talk to each other in peace.

Radware’s Smith points out that there are a variety of news outlets on the dark web, ranging from the news website from the hacking group Anonymous to the New York Times, shown in the screenshot here, all catering to people in countries that censor the open internet.

nytimes Daniel Smith

Some spaces are by invitation only

Of course, not everything is so innocent, or you wouldn’t be bothering to read this article. Still, “you can’t just fire up your Tor browser and request 10,000 credit card records, or passwords to your neighbor’s webcam,” says Mukul Kumar, CISO and VP of Cyber Practice at Cavirin. “Most of the verified ‘sensitive’ data is only available to those that have been vetted or invited to certain groups.”

How do you earn an invite into these kinds of dark web sites? “They’re going to want to see history of crime,” says Radware’s Smith. “Basically it’s like a mafia trust test. They want you to prove that you’re not a researcher and you’re not law enforcement. And a lot of those tests are going to be something that a researcher or law enforcement legally can’t do.”

There is bad stuff, and crackdowns means it’s harder to trust

As recently as last year, many dark web marketplaces for drugs and hacking services featured corporate-level customer service and customer reviews, making navigating simpler and safer for newbies. But now that law enforcement has begun to crack down on such sites, the experience is more chaotic and more dangerous.

“The whole idea of this darknet marketplace, where you have a peer review, where people are able to review drugs that they’re buying from vendors and get up on a forum and say, ‘Yes, this is real’ or ‘No, this actually hurt me’—that’s been curtailed now that dark marketplaces have been taken offline,” says Radware’s Smith. “You’re seeing third-party vendors open up their own shops, which are almost impossible to vet yourself personally. There’s not going to be any reviews, there’s not a lot of escrow services. And hence, by these takedowns, they’ve actually opened up a market for more scams to pop up.”

Reviews can be wrong, products sold under false pretenses—and stakes are high

There are still sites where drugs are reviewed, says Radware’s Smith, but keep in mind that they have to be taken with a huge grain of salt. A reviewer might get a high from something they bought online, but not understand what the drug was that provided it.

One reason these kinds of mistakes are made? Many dark web drug manufacturers will also purchase pill presses and dyes, which retail for only a few hundred dollars and can create dangerous lookalike drugs. “One of the more recent scares that I could cite would be Red Devil Xanax,” he said. “These were sold as some super Xanax bars, when in reality, they were nothing but horrible drugs designed to hurt you.”

The dark web provides wholesale goods for enterprising local retailers…

Smith says that some traditional drug cartels make use of the dark web networks for distribution—”it takes away the middleman and allows the cartels to send from their own warehouses and distribute it if they want to”—but small-time operators can also provide the personal touch at the local level after buying drug chemicals wholesale from China or elsewhere from sites like the one in the screenshot here. “You know how there are lots of local IPA microbreweries?” he says. “We also have a lot of local micro-laboratories. In every city, there’s probably at least one kid that’s gotten smart and knows how to order drugs on the darknet, and make a small amount of drugs to sell to his local network.”

xanax Daniel Smith

…who make extensive use of the gig economy

Smith describes how the darknet intersects with the unregulated and distributed world of the gig economy to help distribute contraband. “Say I want to have something purchased from the darknet shipped to me,” he says. “I’m not going expose my real address, right? I would have something like that shipped to an AirBnB—an address that can be thrown away, a burner. The box shows up the day they rent it, then they put the product in an Uber and send it to another location. It becomes very difficult for law enforcement to track, especially if you’re going across multiple counties.”

Not everything is for sale on the dark web

We’ve spent a lot of time talking about drugs here for a reason. Smith calls narcotics “the physical cornerstone” of the dark web; “cybercrime—selling exploits and vulnerabilities, web application attacks—that’s the digital cornerstone. Basically, I’d say a majority of the darknet is actually just drugs and kids talking about little crimes on forums.”

Some of the scarier sounding stuff you hear about being for sale often turns out to be largely rumors. Take firearms, for instance: as Smith puts it, “it would be easier for a criminal to purchase a gun in real life versus the internet. Going to the darknet is adding an extra step that isn’t necessary in the process. When you’re dealing with real criminals, they’re going to know someone that’s selling a gun.”

Specific niches are in

Still, there are some very specific darknet niche markets out there, even if they don’t have the same footprint that narcotics does. One that Smith drew my attention to was the world of skimmers, devices that fit into the slots of legitimate credit and ATM card readers and grab your bank account data.

And, providing another example of how the darknet marries physical objects for sale with data for sale, the same sites also provide data manual sheets for various popular ATM models. Among the gems available in these sheets are the default passwords for many popular internet-connected models; we won’t spill the beans here, but for many it’s the same digit repeated five times.

atm skinners Daniel Smith

It’s still mimicking the corporate world

Despite the crackdown on larger marketplaces, many dark web sites are still doing their best to simulate the look and feel of more corporate sites. 

elude Daniel Smith

The occasional swear word aside, for instance, the onion site for the Elude anonymous email service shown in this screenshot looks like it could come from any above-board company.

One odd feature of corporate software that has migrated to the dark web: the omnipresent software EULA. “A lot of times there’s malware I’m looking at that offers terms of services that try to prevent researchers from buying it,” he says. “And often I have to ask myself, ‘Is this person really going to come out of the dark and trying to sue someone for doing this?”https://www.csoonline.com/”

And you can use the dark web to buy more dark web

And, to prove that any online service can, eventually, be used to bootstrap itself, we have this final screenshot from our tour: a dark web site that will sell you everything you need to start your own dark web site.

docker Daniel Smith

Think of everything you can do there—until the next crackdown comes along.

Copyright © 2018 IDG Communications, Inc.

Source link
——————————————————————————————————

The post #deepweb | <p> Dark web websites: 10 things you should know <p> appeared first on National Cyber Security.

View full post on National Cyber Security

International Conference on Smart Grid and Internet of Things (SGIoT)

General Cybersecurity Conference

 July 11 – 13, 2018 | Ontario, Canada

Cybersecurity Conference Description

The IoT is a grand vision as it ascribes the concept of millions of interconnected intelligent devices that can communicate with one another, and thereby control the world around us. Technically speaking, the smart grid can be considered to be an example of the IoT composed of embedded machines, which sense and control the behavior of the energy world. The IoT-driven smart grid is currently a hot area of research boosted by the global need to improve electricity access, economic growth of emerging countries, and the worldwide power plant capacity additions. GlobalData, a renowned consulting firm, forecasted that the global power transformer market is anticipated to increase from $10.3 billion in 2013 to $19.7 billion in 2020, with an astounding compound annual growth rate of 9.6 percent due to the phenomenal rise in energy demand in China, India and the Middle East. Therefore, it is the perfect time to invest research initiative, e.g., through our event, in the IoT-dominated smart grid sector.

In addition to its timeliness, the event comprises a broad range of interests. The theme invites ideas on how to achieve more efficient use of resources based largely on the IoT-based machine-to-machine (M2M) interactions of millions of smart meters and sensors in the smart grid specific communication networks such as home area networks, building area networks, and neighborhood area networks. The smart grid also encompasses IoT technologies, which monitor transmission lines, manage substations, integrate renewable energy generation (e.g., solar or wind), and utilize hybrid vehicle batteries. Through these technologies, the authorities can smartly identify outage problems, and intelligently schedule the power generation and delivery to the customers. Furthermore, the smart grid should teach us a valuable lesson that security must be designed in from the start of any IoT deployment. Since there is an alarming lack of standards to address the protection of the secret keys and/or the life-cycle security of the embedded smart grid devices, intruders could use conventional attack techniques to breach the security just as in any other IoT deployment.

advertisement:

The post International Conference on Smart Grid and Internet of Things (SGIoT) appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Internet of Things National Institute

Source: National Cyber Security News

General Cybersecurity Conference

 May 9 – 10, 2018 | Washington DC, United States

Cybersecurity Conference Description 

The Internet of Things (IOT) is defined as billions of vehicles, buildings, process control devices, wearables, medical devices, drones, consumer/business products, mobile phones, tablets, and other “smart” objects that are wirelessly connecting to and communicating with each other. This new top law practice area is raising unprecedented legal and liability issues.

As one of the most transformative and fast-paced technology developments in recent years, IoT will require businesses, policymakers, and lawyers (M&A, IP, competition, litigation, health law, IT/outsourcing, and privacy/cybersecurity) to identify and address the escalating legal risks of doing business in a connected world.

Attend this institute to:

  • Discover why corporate, law firm, government, university, and other attendees gave the last two IoT Institutes rave reviews, calling it “magical,” “eye-opening,” with “rock star” speakers, and overall “a grand slam.”
  • Gain insights and practical guidance on the latest legal, legislative, regulatory, and liability issues of the IoT transformation—a game-changer for businesses, policymakers, and lawyers that’s generating hundreds of billions of dollars in spending globally.
  • Explore need-to-know IoT hot topics: big data/ privacy, cybersecurity, litigation/mitigation, cloud/artificial intelligence, connected healthcare, ethics, global IoT product development and sales, insurance risk allocation, and homeland/national security.

    Read More….

advertisement:

View full post on National Cyber Security Ventures

Malicious Software and Hardware in Internet of Things (Mal-IoT)

Source: National Cyber Security News

General Cybersecurity Conference

 May 8, 2018 | Ischia, Italy

Cybersecurity Conference Description

Cyber-physical and smart embedded systems, already highly networked, will be even more connected in the near future to form the Internet of Things, handling large amount of private and safety critical data. The pervasive diffusion of these devices will create several threats to privacy and could open new possibilities for attackers, since the security of even large portions of the Internet of Things could be harmed by compromising a reduced number of components. The possibility of securely updating devices should be guaranteed and it should be possible to verify and assert the root of trust of components. With respect to this context we expect contributions in different areas of security in Internet of Things. Topics of the workshop include but are not limit to:

– Malicious firmware design and detection
– Malware in Internet of Things applications
– Hardware root of trust
– Privacy issues of smart-home systems and complex systems
– Hardware Trojans and their effects on systems
– Hardware authentication and IP protection
– Secure communication and key-management
– Implementation attacks and countermeasures
– Emerging threats and attack vectors in the Internet of Things
– Supply chain security

Read More….

advertisement:

View full post on National Cyber Security Ventures

The #internet of #things: Why it #matters

The #internet of #things: Why it #mattersSource: National Cyber Security – Produced By Gregory Evans The iPod, Facebook, “smart” televisions: the 21st century has seen a host of innovations that have transformed the way we live. The rise of the so called internet of things, or IoT, is another technological development that is starting to become an increasingly common presence in our […] View full post on AmIHackerProof.com | Can You Be Hacked?

Five cool things happening for National Cyber Security Awareness Month

Source: National Cyber Security – Produced By Gregory Evans

National Cyber Security Awareness Month (NCSAM) is in full swing. The month and its events have become top of mind for people and businesses in recent years, given the staggering number of recent data breaches and global ransomware attacks. The Equifax data breach, WannaCry ransomware and Petya/NotPetya attacks have dominated the news headlines. So, where…

The post Five cool things happening for National Cyber Security Awareness Month appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Good Hackers Can Do Bad Things, Too

Source: National Cyber Security – Produced By Gregory Evans

Famed white hat hacker Marcus Hutchins—better known as “MalwareTech”—was arrested by the FBI yesterday while trying to fly home to the United Kingdom from Las Vegas. The 22-year-old security researcher gained mainstream fame earlier this year as the guy who stopped the destructive WannaCry ransomware from spreading, and had been…

The post Good Hackers Can Do Bad Things, Too appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Police warn of hacking threat via our online fridges and kettles as fears are raised over the ‘internet of things’

Source: National Cyber Security – Produced By Gregory Evans

Household appliances which connect to the internet will increasingly be hacked by criminals seeking to steal your identity, rob your home or bank accounts, a police chief has warned. Durham chief constable Mike Barton warned about the danger of the ‘internet of things’ as more ordinary household items such as…

The post Police warn of hacking threat via our online fridges and kettles as fears are raised over the ‘internet of things’ appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

ICS Companies Are Worried About Cybersecurity, But Are They Worried About the Right Things?

Source: National Cyber Security – Produced By Gregory Evans

ICS Companies Are Worried About Cybersecurity, But Are They Worried About the Right Things?

Companies operating Industrial Control Systems (ICS) have a special set of challenges to deal with. Which is the state of the art? The equipment was expected to be installed and left alone for a long time. Pressures to reduce operating costs led to this equipment being connected, and the easiest…

The post ICS Companies Are Worried About Cybersecurity, But Are They Worried About the Right Things? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures