Connect with us

Cars

The dark web is nothing fancy: It’s just a different set of protocols – like Tor

Published

on

Dark web criminals are selling tools to help target your firm’s data
Dark web listings of malware aimed at companies are on the rise.

Commonly when surfing the web, Transport Layer Security (TLS) is the cryptographic protocol that provides confidentiality for your communication with the server. The green lock on your URL bar is an assurance, but not a guarantee, that you’re communicating confidentially with the entity you think you are. While TLS is designed to provide confidentiality and identity, dark web protocols are designed to provide confidentiality and anonymity. There are many of these dark net protocols, but Tor is by far the most common, likely because of its use of exit nodes to allow a user to obtain anonymity on the public internet by routing traffic across the Tor network. 

On Anonymous Networks, Reputation Is Everything 

The quality of your collection strategy dictates how confident you can be in your analysis. Garbage in, garbage out. This is an often-ignored part of dark web marketing. Anonymous networks help segment your actual identity from the persona (or avatar) you develop on these dark nets. Because of this, the reputation of your developed persona is the only currency you truly have. Also remember that there’s no guarantee the person behind the persona you are interacting with isn’t a criminal, a threat intel company, or possibly even law enforcement! The story of the Besa Mafia is a great example of criminals scamming criminals, getting hacked themselves, and then law enforcement arresting people who were trying to hire these fake hitmen. It’s also not uncommon when law enforcement takes control of a hidden site only for them to continue hosting it in hopes of deanonymizing the users of the site. Basically, trust nothing. 

I Registered For Access, And All I Got Was This Low-Confidence Assessment 

Developing personas to obtain and, more importantly, maintain access is time-consuming and most of the work involved with good tradecraft on the dark web. Be wary that some “dark web intelligence” offerings skip the hard part and are just using technical collection to scrape information from essentially public markets and forums. To say this is a commodity capability would be a major understatement, as the ability to automate the scraping of websites is as old as the internet, and as we’ve established, dark networks really just reflect a difference in protocol selection. The use of the iceberg metaphor is a clever bit of psychological warfare . . . ahem, marketing . . . to remind you that they have access to all this stuff under the surface that you don’t. As someone who evaluates these vendors, many of them don’t either. 

Any Company Selling You On “Dark Web Intelligence” Is Only Talking About Its Collection Strategy . . . And There’s Big Problems With That 

After collection, the next challenge would be processing and exploitation. Processing is frequently discussed as stripping out things like HTML tags from the raw data that’s been collected. If you think that is a big deal, I have a regular expression (regex) to sell you. Where things get interesting is trying to exploit this data to get something useful on an analyst’s desk. Here’s a few examples: 

  • Very few, if any, public sector vendors have swaths of analysts translating everything on the dark web on a daily basis from languages such as Arabic, Farsi, Spanish, Russian, and Mandarin. How is this being done at the same scale as collection? 

  • How does your translation software handle slang? Without specific knowledge of a particular group, you would have no idea they are using the code name “Iowa” when describing a target in Iran. Keep this in mind if someone mentions they are going to Iowa next month; it might be a lot more exciting than it sounds. 

  • Then there’s something I call “the Target problem.” Target is a retail chain with stores in the United States, Canada, and India — many of you may be familiar with the brand. Now, imagine the data problem created in attempting to parse out relevant chatter about the Target brand from the rest of the noise on the internet. Incidentally, the string “target” appears five times in this blog post and only three times in the context of the retailer. 

A vendor cannot have an appreciation of these problems and not talk about their solution to them. If they are just trying to sell you on their ability to collect data from the dark web and then show you their platform, you don’t need to see the platform. 

Finally, There’s Some Really Bad Stuff On Dark Nets, But They Also Are A Critical Resource For The Oppressed 

I’m going to wrap this blog with a bit of a personal appeal. Anonymous networks are critical to journalists, whistleblowers, survivors of domestic abuse, people with sensitive medical conditions, the politically oppressed, and more. Please consider supporting projects such as the Tor Project or Tails — and if you’re in a decision-making position at an organization where people might assemble or seek to obtain information, please ensure that your site is usable when coming from a Tor exit node with JavaScript turned off. Unlike so much that we do in the cyberdomain, this can actually save lives. 

Must read: Revolutionize your security strategy by applying Zero Trust to your business.        

This blog was written by Senior Analyst Josh Zelonis and originally appeared here. 

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Cars

The Best Features Of The Aston Martin Vulcan

Published

on

Although the Vulcan was specifically designed not to be road legal, one owner decided that they wanted to stick on some license plates and take it on the highway anyway. Except, it was far from that simple, as the conversion process required making some major changes to the car, and cost several hundred thousand dollars on top of the original purchase price (via Motor1). The street conversion was handled by RML Group but had full support from the Aston Martin factory, and after completion, it became the only road-legal Vulcan in existence.

Among the litany of changes required were the addition of windshield wipers, side mirrors, and a central locking system. Michelin road tires were also fitted, and a new set of headlights had to be installed to meet height requirements for British roads. The bladed tail lights were also covered over for safety, and a few of the sharper surface edges around the cabin were smoothed out. Then, the engine was remapped to meet emissions requirements, the suspension was softened, and a lift system was installed to give the car extra clearance for speed bumps. After all that, plus a few final touches, a license plate was fitted and the car was ready to go. Unfortunately, it seems like the owner’s enthusiasm for taking it on the road quickly evaporated, as checking the car’s plates against the British government database shows that its MOT (the annual national roadworthiness test) certificate expired back in January 2022.

Continue Reading

Cars

5 Cars Owned By Bob Seger That Prove He Has Great Taste

Published

on

Pulling into the final spot on the list is a 1969 Shelby Cobra GT350 Fastback. This particular car is unique for a few reasons. First, it was the last “new original” Shelby that Ford would produce. The GT350 and GT500 released in 1970 weren’t actually new or original but re-VIN’d production cars from the previous year. Also, during the summer of ’69, Carrol Shelby ended his association with Ford (via MustangSpecs).

It had one of Ford’s new 351 Windsor V8 engines with a 470 CFM four-barrel Autolite carburetor under the hood that pounded out 290hp and 385 lb-ft of torque. Its 0 – 60 time was a modest 6.5 seconds, and it did the quarter mile in 14.9 seconds (via MustangSpecs).

According to MustangSpecs, it was typically mated to a 4-speed manual transmission, but Seger’s had a Tremec 6-speed stick instead (via Mecum Auctions). Seger’s Candy Apple Red GT350 had Ford’s upgraded interior package, flaunting a landscape of imitation teak wood covering the dash, steering wheel, door accents, and center console trim (via MustangSpecs).

According to Mecum Auctions, Seger’s was number 42 of 935. When it sold at auction in 2013 for $65,000, it noted that it had been displayed at the Henry Ford Museum at the Rock Stars, Cars & Guitars Exhibit.

Continue Reading

Cars

Here’s What Made Volkswagen’s Air-Cooled Engine So Special

Published

on

Engines like the Chevy Small Block, Ford 5.0, Chrysler HEMI, and Toyota 2JZ are known for power, torque, and how quickly they can propel a hunk of steel down the drag strip or around the corners of a track. The Volkswagen air-cooled engine is remembered amongst people who have owned one as reliable, easy to maintain, and as numerous as grains of sand on the beach. VW made literally tens of millions of the engine, including over 21 million in just the Beetle (via Autoweek). 

It’s difficult to nail down specific aspects of the engine’s early history as sources tend to disagree on years. But the engine can be traced back to very early Volkswagen models designed with help from Ferdinand Porsche and built in the late-1930s to early 1940s in Nazi Germany. Official sources from Volkswagen are reluctant to acknowledge use of the engine or even the existence of the Beetle prior to the end of World War II.

Continue Reading

Trending