Dark Web – CyberEye

Dan Gavin 30, Sep, 2024

Blog

Sale of the Eiffel Tower and Election Phishing

In 1925, the Eiffel Tower was in a serious state of disrepair and there were rumors that it would be dismantled. Not to let a good rumor go to waste, con artist, Victor Lustig, posed as a government official and invited several scrap metal dealers to a confidential meeting, claiming that the government wanted to sell the Eiffel Tower for scrap. Five dealers responded to his request for a meeting and one dealer, Andre Poisson, made the highest bid for the 15,000-beam structure. Two days later the deal was closed for an undisclosed amount. By the time Poisson discovered he was scammed, Lustig was in Austria.

Con men and scammers have been around for ages. In this digital age, scammers are using technology to add credibility to their scams. Through email and text messaging they can cast a broad net. It is a good day for them even if they only reel in two victims out of one hundred emails or texts. Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. Phishing is the number one entry point for ransomware.

Hackers use whatever topics are current or in the news to entice someone to let their guard down so the victim clicks the link or gives up critical information. As the election is less than two months away, election campaign phishing is on the rise. As I was reviewing dark web reports, I noticed an advertisement selling a phishing platform. They had templated the faux campaign donation emails and would provide the mass email platform. The dark web customer could choose to target either the Harris or Trump voters, or both. Nowadays, criminals don’t have to be technically proficient, they can outsource their evil.

These days I am receiving several text messages a day asking me to donate to or vote for a particular candidate with a link at the end of the message. From the text, it is hard to determine if the message is legitimate. If you are interested, research on the internet for the candidate’s site and learn more. If you are not interested, delete the message and mark it as junk. Whether it’s email or text, don’t click on any links.

Scammers use the same techniques whether it is a text, email, or a phone call. If you receive a phone call, be very careful if you choose to engage the caller. If there is a campaign or a charity that you are interested in supporting, thank the caller for their time and go to a known-good website for that organization. Do not give the caller any financial information like credit card or bank account numbers.

Before donating to any Political Action Committee (PAC), it is a great idea to verify that the organization is legitimate. All PACs must register and report to the Federal Election Committee (FEC). Check out this website from the FEC to verify the organization. www.fec.gov/data/reports/pac-party

What does the sale of the Eiffel Tower and an election have in common? They both have con men and scammers looking for ways to take advantage of unsuspecting victims. Just as Victor Lustig duped the scrap metal magnate, scammers are phishing to see who will take their bait.

Dan Gavin 11, Jan, 2021

Blog

Beware of the Dark Web

Lord of the Flies: Imagine a world where children are left entirely to their own guidance and education. One where the only instruction they ever receive is from peers. What kind of a world would that be?

Internet Born: When the Internet was born, it was called the DARPANET. Initially its creators tried to maintain control over its growth and development, but as it grew, that control became untenable. Eventually, a dark side emerged there.

Surface, Deep, Dark: The Internet can be subdivided into: the Surface Web (that which you can Google), and the Deep Web. You may be surprised to hear that most of you regularly visit the Deep Web. Accounts such as Facebook, Twitter, or your company network that require sign-in credentials are not index by search engines and are a major part of the Deep Web. Estimates put the Deep Web as over 95% of the internet. The Dark Web is a subset of the Deep Web that is intentionally hidden, requiring a specific browse to access. No one really knows the size of the Dark Web, but most estimates put it at around 5% of the total internet.

Dark Web: The Dark Web is best known as a place for illegal and nefarious activities. You can buy drugs, guns, credit card numbers, credentials, and hacked Netflix accounts. You can buy malware or pay hackers to breach your competition for intellectual property. There are even E-Commerce sites. Dark Web commerce sites have the same features as any e-retail operation, including ratings/reviews, shopping carts and forums. However, sellers have been known to suddenly disappear with their customers’ crypto-coins without providing the service. The old saying, “There is no honor among thieves,” applies.

Legal Activities: Not all activities on the Dark Web are illegal. Around half of the Dark Web is used for legitimate activities. It allows political dissidents to communicate anonymously with journalists without fear of persecution. People go to the Dark Web for mundane activities like joining a chess club or to exchange recipes. Facebook even has a presence called BlackBook. The New York Times has a presence. The Dark Web attracts those that are interested in being anonymous.

The Onion Router: The most common way to get on the Dark Web is through an anonymizing browser called a Tor (the onion router). The Tor browser routes your web page requests through a series of proxy servers operated by thousands of volunteers around the globe, rendering your IP address unidentifiable and untraceable. It is difficult to find your way around as there are no indexed search engines. The experience is unpredictable, unreliable, and often incredibly slow.

Why Should I Care: This is all very interesting, but I am not interested in a seedy journey to the Dark Web. Why should I care? The Dark Web is full of Personally Identifiable Information (PII) and password credentials recovered from breaches and sold, or just dumped to a site. Large identity theft companies, like Experian, offer services that search for your information on the Dark Web and notify you of their findings. Companies can look to their trusted security advisor to obtain a Dark Web monitoring service that tracks your company domain. For your own email address, you can check for yourself at www.haveibeenpwned.com. Enter your email address to see if your credentials have been caught in a breach. If so, it is time to change passwords and verify your account information.

Self Governance: In the novel Lord of the Flies, a group of boys is stranded on a deserted island. Their attempt at self-governance is a disaster. A dark side emerged. Civilization eroded and chaos reigned. Kind of like the Internet.