Archive for the 'The Deep Web, TOR & Cyber Intel' Category


While cryptocurrencies like Bitcoin and Ethereum have enjoyed meteoric popularity over the past several months, there are still many potential investors who remain skeptical. And one of the reasons for this skepticism is the ongoing concern about cryptocurrency security. Now that a second major hack of Ethereum has taken place within the span of one week, those concerns may have more traction, although it certainly hasn’t stopped many investors from shifting their attention to the digital money space.

Two High-Profile Hacks in Three Days

Ethereum suffered major losses because of two separate hacking incidents that occurred within three days of each other last week, according to a report by PC Gamer.

The second of the two robberies was the more substantial. It exploited a vulnerability in Parity, the digital wallet service popular among many Ethereum miners. Hackers stole about 153,000 Ether, the network’s native currency, with a value of about $34 million. The hackers stole this sum from three different multi-signature Ethereum wallets.

Gavin Wood, founder of Parity, issued a critical security notice in response to the hacking event. “A vulnerability in Parity Wallet’s variant of the standard multi-sig contract has been found,” he explained.

Wood then urged all Parity users to “immediately move assets contained in the multi-sig wallet to a secure address.” Simultaneously, hackers working to defend the network siphoned more than 377,000 additional Ether tokens to a safe space. The White Hat Group explained its actions in a post on Reddit, saying it would re-issue the funds back to owners once the vulnerability could be properly addressed.

CoinDash Exposes Another Entry Point for Hackers

The other hacking event, which occurred last week, exposes another point of concern with regard to crypto security. Hackers stole about $10.3 million in Ether from CoinDash, a popular exchange. In this case, the robbers may have simply replaced wallet addresses with a simple hack.

And yet, in spite of these and a number of other prominent thefts in recent months,

its seem to be showing no signs of slowing down in terms of growth.

The largest currencies, Bitcoin and Ethereum, have appreciated 178% and 2,569%, respectively, so far in 2017, and the overall user base of cryptocurrencies worldwide is expanding at a significant pace. It could be that the risk of hacking and theft is simply not great enough in the minds of potential investors to convince them to stay away from a potentially lucrative investment.

PC Gamer suggests that the downfall of cryptocurrencies, if there is one at any time in the future, would more likely be because of a drop in the values of those currencies than due to concerns over possible theft of assets.

Share

 

AlphaBay,  one of the largest Dark Web marketplaces for drugs, guns, and other illegal goods — that mysteriously went dark earlier this month without any explanation from its admins has reportedly been shut down by the international authorities.

On July 4th, the dark web marketplace suddenly went down without any explanation from its admins, which left its customers who have paid large sums in panic.

Some customers even suspected that the site’s admins had pulled an exit scam to steal user funds.

However, according to the Wall Street Journal, the disappearance of the AlphaBay came after authorities in the United States, Canada, and Thailand collaborated to conduct a series of raids and arrest Alexandre Cazes, who allegedly was one of the AlphaBay’s operators.

Citing_ “people familiar with the matter,”_ the publication claims that Cazes, a resident of Canada, was arrested in Thailand and taken into custody in Bangkok on July 5th, the same day the police executed two raids on residences in Quebec, Canada.

The 26-year-old Canadian citizen was awaiting extradition to the United States when a guard found him hanged in his jail cell on Wednesday, the Chiang Rai Times confirms. Cazes is believed to have hanged himself using a towel.

AlphaBay Market — one of the largest Dark Web marketplaces for drugs, guns, and other illegal goods — that mysteriously went dark earlier this month without any explanation from its admins has reportedly been shut down by the international authorities.

On July 4th, the dark web marketplace suddenly went down without any explanation from its admins, which left its customers who have paid large sums in panic.

Some customers even suspected that the site’s admins had pulled an exit scam to steal user funds.

However, according to the Wall Street Journal, the disappearance of the AlphaBay came after authorities in the United States, Canada, and Thailand collaborated to conduct a series of raids and arrest Alexandre Cazes, who allegedly was one of the AlphaBay’s operators.

Citing_ “people familiar with the matter,”_ the publication claims that Cazes, a resident of Canada, was arrested in Thailand and taken into custody in Bangkok on July 5th, the same day the police executed two raids on residences in Quebec, Canada.

The 26-year-old Canadian citizen was awaiting extradition to the United States when a guard found him hanged in his jail cell on Wednesday, the Chiang Rai Times confirms. Cazes is believed to have hanged himself using a towel.

Cazes had been living in Thailand for nearly 8 years. During his arrest, authorities also seized “four Lamborghini cars and three houses worth about 400 million baht ($11.7 million) in total.”

AlphaBay, also known as “the new Silk Road,” also came in the news at the beginning of this year when a hacker successfully hacked the AlphaBay site and stole over 200,000 private unencrypted messages from several users.

After the disappearance of Silk Road, AlphaBay emerged in 2014 and became a leader among dark web marketplaces for selling illicit goods from drugs to stolen credit card numbers, exploits, and malware.

Unlike dark web market ‘Evolution’ that suddenly disappeared overnight from the Internet, stealing millions of dollars worth of Bitcoins from its customers, AlphaBay Market was shut down by the law enforcement, suffering the same fate as Silk Road.

Silk Road was shut down after the law enforcement raided its servers in 2013 and arrested its founder Ross William Ulbricht, who has been sentenced to life in prison.

The FBI also seized Bitcoins (worth about $33.6 million, at the time) from the site. Those Bitcoins were later sold in a series of auctions by the United States Marshals Service (USMS).

Share

OSINT Framework

Author: Martin Voelk
May 31, 2017

For everyone in need of Open Source Intelligence Gathering. This is an excellent list for intelligence. Also downloadable from Github.

http://osintframework.com 

Share

Google Dorks for Data Mining

Author: Martin Voelk
March 1, 2017

Who doesn’t know the problem. You have a basic LinkedIn account and you want to do business development. Your searches are limited to X numbers, you don’t get the full search interface like Premium users and all that annoying stuff.

To the rescue once again comes Google and shell scripting. Google indexes like no other search engine.

Simple Google searches reveal the prospects you are looking for:

site:linkedin.com intext:”IT Manager” AND “Singapore” -jobs
site:linkedin.com intext:”IT Director” AND “Singapore” -jobs
site:linkedin.com intext:”CISO” AND “Singapore” -jobs
site:linkedin.com intext:”IT Manager” AND “Singapore” -jobs “Healthcare”
site:linkedin.com intext:”IT Manager” AND “Singapore” -jobs “Banking”
site:linkedin.com intext:”IT Manager” AND “Singapore” -jobs “Finance”
site:linkedin.com intext:”IT Manager” AND “Singapore” -jobs “Retail”
site:linkedin.com intext:”IT Manager” AND “Singapore” -jobs “Utilities”

Job titles can be changed, so can be countries and industries.

Now for everyone with a bit of shell / python experience, these dorks can be fully automated and will then report into an Excel sheet in minutes. Business development with Google 🙂

Share

A pictures says more than…

Author: Martin Voelk
February 15, 2016

Forensics are an important part of any investigation. Law enforcement, private detectives as well as Cyber Intelligence companies make use of forensic analysis. We have assisted clients and law enforcement in many cases to track down information about fraudulent activities online. Last year we were involved in numerous investigative cases for clients, where criminals were posting pictures of stolen goods on eBay etc.

More than once we were able to retrieve GPS data from the images along with exact times when the pictures were shot, which cameras have been used, resolution types and in some cases even a digital footprint of the owner of the camera. In our Cyber Intel work we use around 10 different image research tools. Here we would like to introduce 2 of them.

http://fotoforensics.com
http://regex.info//exif.cgi

We wouldn’t be in 2016, if this wouldn’t be cloud based 🙂 Just upload any image you wish to investigate or put the picture URL in. The results are as good or bad as the forensic skills of the picture publishers are. An interesting experience for everyone nonetheless.

Share

OSINT Facebook Intelligence Tool

Author: Martin Voelk
January 14, 2016

Following up from our post the other day, today we want to introduce a little free Cyber Intelligence Tool around Facebook. The tool and the search combinations make it a very powerful asset for background investigations (pre-job screening) or ongoing investigations on a commercial and law enforcement basis alike. Despite Facebook’s privacy efforts a lot of information is publicly available about individuals even though you are not connected or friends with them.

How is this useful?

Use cases:

  • Would you employ individuals who are liking radical terrorist organisations?
  • Would you as a business like to know if some of your employees like certain terrorist organisations?
  • Would you like to know if an employee is attending certain events?
  • Of course Facebook information is also vital to marketeers? Like where are people who like our products etc.

Check it out for yourself. Facebook has become an integral part of investigative work and whilst this tool only scratches the surface of possibilities, it should give individuals a feel for what commercial tools / law enforcement tools are capable of 😉

https://inteltechniques.com/intel/OSINT/facebook.html

Share

Social Media Intelligence Basics

Author: Martin Voelk
January 11, 2016

Social Media Intelligence is important both from a marketing perspective as well as from a Security / Law enforcement perspective. People often have a wrong impression on what’s needed to get started with monitoring social media. Whilst there are tons of free and commercial tools out there, a lot of the investigation just involves the good old friend Google.

Why that easy? Well a lot of people tweet on Twitter and post on Facebook without restricting the audience. In other words, all there posts and tweets are public. Then the Google spider robot comes around and indexes it – ready to be found. Moreover a lot of people intentionally or unintentionally submit full location information with their tweets for example.

Examples

Here are few basic examples on how to search around Facebook.com from Google.com

1.)
site:facebook.com intext:”Works at best buy”
This dork is easy. Looking for open profiles of people working at best buy.

2.)
site:facebook.com intext:”Lives in Austin”
Dork to find people living in Austin

3.)
site:facebook.com “Studied at Harvard”
Dork to find former Harvard students

4.)
site:facebook.com intext:”at Walmart”
Slightly advanced Dork where people say Employed at or Manager at etc. Instead of Works at

5.)
site:facebook.com intext:”Started Working at Olive Garden”
People who started working at Olive Garden in the past.

Those searches can be combined, changed etc. A lot of the intel work is based on thinking out of the box. You will be surprised what people reveal on Facebook.com to the whole world instead of just their friends.

6.) Facebook also allows for GUI search on what people like or have liked. That can give vital clues around all sorts of things….

Twitter Location Tracking

A nice free Web Based tool can be found here: http://geosocialfootprint.com/

If people have location enabled on their devices it shows you where tweets were sent from. This can assist law enforcement during security situations, large scale events etc. Of course there is a lot more to it, but with the above basics anyone can get started in investigating.

Share

Dark Web Search Engines

Author: Martin Voelk
December 16, 2015

So after many months of inactivity, we will resume blogging. Sorry for the absence, but we were just to busy with Pentests and Security work.

Today, we would like to introduce a search engine, which allows to search the dark web from the clear web.

http://www.onion.link

 

Share

April 20, 2015

What is a 0 day exploit? It’s basically an exploit to break into an IT system like any other exploit. The important difference is that those 0 day exploits have not yet been discovered by the vendors (like Microsoft, Apple) or they are know but no patches to fix the flaws are yet available.

For a long time there has been an underground market where security researchers sell exploit to cash rich individuals and governments. Even on the clear web there are numerous companies offering those services. Recently a new 0 day exploit platform has emerged on the Dark Web. Security Analysts however are not in the clear yet on whether it’s genuine exploits being sold there or whether it’s a scam rip off.

The only way to find this out really, would be to buy an exploit. Serious vulnerability zero day exploits are usually traded for sums in the hundreds of thousands, so it’s surprising that an exploit for iTunes is offered a lot cheaper. It may be a scam, but who knows!

http://thehackernews.com/2015/04/underground-exploit-market.html

Share

The dangers of Facebook exposure

Author: Martin Voelk
April 12, 2015

Millions of people use Facebook. It’s a great tool to meet old friends, stay in touch with friends and family and share important and unimportant news.

Regardless what the profession is, people use Facebook. There is nothing wrong with law enforcement people having Facebook or other Social Media profiles, however the problem starts when they start revealing all of their private information and not even locking security options down to friends for example.

Of course we won’t disclose any identities of sample profiles from Facebook, but as we have quite a lot of interested readers from law enforcement on our mailing list, we would like to highlight how to mitigate exposure online. We will not showcase the Google search dorks for this particular example.

Example

An active Police Officer from Europe has the full Facebook profile open to the whole world. No privacy settings whatsoever. Just browsing to this Facebook profile reveals the following information:

  • Full Name
  • Full Agency Name
  • Date of Birth
  • Phone numbers
  • Spouse Details (profile without any security lockdowns either)
  • Full Home Address
  • All Likes and Dislikes whether political or not
  • and a lot more

Now to have all this information being exposed to everyone in the world is a bad thing for any individual, however for an active member of the police this can potentially be a very bad thing. Identity theft, Social Engineering, Blackmailing by criminals etc. all start out with passive information gathering.

To make matters worse, a lot of people upload their wildest party and binge drinking pictures onto their Facebook Profiles. We have seen profiles of people being beyond drunk, uploading half naked pictures and worse! Again, no one should expose themselves like this from a security perspective but if that person works at the police it’s worse.

Tips

  • Lock your Facebook profile so only friends / close friends can see your posts
  • Don’t display your full name (use an Alias)
  • Don’t display home addresses on Facebook
  • Don’t display Phone numbers or other confidential information
  • Don’t tell the world who you work for! Yes if you run your own company or if you are a freelancer it’s good to advertise yourself, but if you work for the police there is no need to display this
  • Remove Metadata tags from pictures and files you upload. Often GPS data is attached to those which allows people to see where exactly those pictures were taken

Same basic pre-cautions help to not expose yourself online or only to the people you know and trust.

Those tips are not just for police officers, but also for lawyers and other people of trust. A potential client would probably not want to be defended by a lawyer who puts pictures on Facebook showing him throwing up. It’s a reputation. Yes, we are all humans and deserve to have a life outside of work, but does the whole world need to know about it? No one would pass the old fashioned family picture Album to a stranger, so why do it on Facebook?

Share