Tech & Science Security experts reveal secret to catching online scammers and counterfeiters

20:35  04 november  2016
20:35  04 november  2016 Source:   ibtimes.co.uk

Google iOS update lets you get ultra-sneaky with search

  Google iOS update lets you get ultra-sneaky with search Incognito mode comes to Google's iOS app, along with video integration for your secret search sessions.The search engine giant released several updates for its iOS app on Tuesday. One fixes bugs so that the app is twice as reliable, Google said. Another allows in-search YouTube videos.

Using computer blurred effect © iStock Using computer blurred effect

The illicit sale of counterfeit goods and narcotics is not limited to the Dark Web and enterprising criminals are increasingly using the clear-web as a platform for their business. From fashion items to prescription drugs, cheap and easy to set-up websites only bolster this thriving industry.

To counter the problem, Andrew Lewman, chief revenue officer (CRO) at Farsight Security and Stevan Keraudy, chief technology officer (CTO) at CybelAngel, have designed a way of identifying and stopping these criminals using a technique based around real-time DNS analysis.

Which? discovers wide differences in banks' online security systems

  Which? discovers wide differences in banks' online security systems Major banks have big differences in the safeguards used for their online banking systems, research from a consumer group suggests. define("homepageFinanceIndices", ["c.deferred"], function () { var quotesInArticleFormCode = "PRMQAP"; var config = {}; config.indexdetailsurl = "/en-gb/money/indexdetails"; config.stockdetailsurl = "/en-gb/money/stockdetails"; config.funddetailsurl = "/en-gb/money/funddetails"; config.etfdetailsurl = "/en-gb/money/etfdetails"; config.recentquotesurl = "/en-gb/money/getrecentquotes"; config.

Taking to the stage at Black Hat Europe 2016, attended by IBTimes UK, the researchers demonstrated how Passive DNS – a collection of domain names and IP addresses – can be mixed with advanced "web crawling" to create a visualisation of sellers and counterfeiters.

"No-one really cares about DNS [Domain Name System] anymore unless you are into domain generation algorithms and botnets. But nearly every transaction starts with a DNS lookup," explained Lewman.

"You want to find an IP address or Google? It goes back and forth through DNS. If you can watch the initial [DNS] requests you can start to figure out where the first request came from and who has been looking up things over time."

The researcher said that there is a greater need for real-time analysis as the techniques used by cybercriminals are evolving rapidly.

'Emmerdale' Spoiler! Emma Crumbles At James Barton's Funeral - Can She Keep Her Secret Under Wraps?

  'Emmerdale' Spoiler! Emma Crumbles At James Barton's Funeral - Can She Keep Her Secret Under Wraps? ‘Emmerdale’ fans will need the tissues at the ready on Friday (4 November), when the episode featuring James Barton’s funeral airs. However, it won’t just be sadness that looms over the day, as Emma Barton will crumble under pressure, and it looks like she may reveal her own secret.

"We have all seen spearphishing campaigns come and go in less than an hour," he said. "They register the domain, set up the website, target the corporation, get the two or three clicks they are looking for [then] shut the whole thing down."

The main challenge, the researchers explained to a packed room of attendees, is that criminals operating online now have a lot of resources at their disposal for very little effort. These sellers never create just one website – they create thousands.

"The old school way of targeting counterfeiters is to take down the websites one by one," Keraudy said. "It's very costly, taking a website required legal action and can cost a lot of time and money and it's very inefficient because counterfeiters are very well organised.

"They have thousands of websites waiting in line and as soon as you take one of them down they put another one back online within an hour. So it's a lost battle."

Two arrested in Jammu for ‘spying’ on security forces for Pakistan

  Two arrested in Jammu for ‘spying’ on security forces for Pakistan Two people were arrested from the RS Pura sector on the international border in Jammu and Kashmir for allegedly spying for Pakistan.Police received the information that Satvinder Singh and Dadu were in the area along the international border in Suchetgarh sector and were taking pictures of security establishments, a police officer said.

Optimising the takedown

In the talk, titled "Narcos, Counterfeiters, and Scammers: An Approach to Visualize Illegal Markets", Keraudy said the main aim of the tool is to "identify sellers and counterfeiters and how to put them into human readable visualisation in order to optimise the takedown efforts."

"We subscribe to Farsight's Passive DNS and we filter it using keywords," he explained. Using a selection of "brand specific" (Rolex, Channel, Dior) and "generic" search terms, the tool is able to analyse the trove of DNS records and locate potentially illegal activity, the researcher said.

Keyboard light up feature © Jeroen Bennink Keyboard light up feature

Once the websites are identified – CybelAngel's web crawling technology comes into play by automatically scanning the homepage, links, pictures and body of the website "to collect as much information" and identify if the website is active.

It does "Whois" lookups, geolocation searches and "everything that can ID the website," Keraudy said, adding that Google Analytics IDs are also important. He noted: "Counterfeiters are businessmen and when you do business you want to do marketing, and when you do marketing, you use Google Analytics."

Owners’ details leaked in online service video

  Owners’ details leaked in online service video Dealers' e-mail link to video of service isn’t secureAs more aspects of car ownership go digital, there’s more and more information about owners and their cars available. One of the latest tools is video servicing, where garages provide drivers with a short clip of repairs and inspections.

The crawlers can also automatically detect if there is a payment system on the website. The tool will "go through the system and put in some fake data" to follow the process up until the point of purchase. "We do not go through with the payment," Keraudy stressed.

The visualisation tools then make "clusters" of each website and – in a spider web fashion – creates a representation of each website and how they are linked. "We group the websites that belong to the same actor – the same organisation," he said. "You can target directly a whole organisation and not only just a website."

He added: "The clusters represent organisations that run thousands of websites selling illegal goods. Because we also have a traffic estimator we know which clusters to target first. We know which ones drive the most traffic so probably the most revenue. What you want to do is target the centre."

According to Lewman, who was previously a chief executive within the Tor Project, the technique can also prove to be useful for combating Dark Web sellers. He said it "works well" on these markets as "they are often run by the same criminal organisations that run the clear net markets."

The researchers said that – currently – the tool is being targeted towards enterprises over law enforcement. Keraudy told IBTimes UK: "We work with the corporates and they send it to their legal departments to work with law enforcement."

But that's not to say DNS analysis is limited to the business world. "Farsight does work with law enforcement and they use our database to look up past activity – to look up who owned an IP or who hosted what on an IP over time," Lewman acknowledged.

PhotoTAN procedure cracked on Android smartphones .
© Photo: Lukas Schulze / Symbolic picture The transactions could only be manipulated if the banking app and photoTAN app were installed on an Android device. According to a report by the Süddeutsche Zeitung, two IT security researchers have managed to crack the photoTAN method used in mobile banking on manipulated Android smartphones.

—   Share news in the SOC. Networks

Topical videos:

usr: 1
This is interesting!