e-Gold Pleads Guilty To Money Laundering

Posted in IT Security on July 23, 2008 by blackflag

The Internet currency firm e-Gold and three of it’s owners have plead guilty to money laundering. e-Gold is similar to Pay-Pal but in my experience is a bit shadier in it’s operations. It is known to be a destination for “carders” and most everyone who needs to move money around on the sly. I’m not surprised that it is used by a criminal element but I am surprised that the owners of the company were involved to this degree (and that the Dept. of Justice was able to make a case stick).

Why is this important you ask? Because when crackers and organized crime steal credit card information through virus’s and malware they need a place to turn that credit into cash, e-Gold is one of many such places that are abused to make this happen. The 40 million accounts stolen in the Card Systems Hack and the 45 million accounts stolen in the TJX Hack are symbolic of the desire for credit card information by the criminal element online.

FINcen and the United States Secret Service are just a couple of the many organizations that monitor and track electronic fraud in the United States. Even with the assistance of non-governmental organizations, both on the corporate level and non-profits like Shadowserver I still believe the problem is far from being under control. Identity theft (and eFraud) have been continually on the rise, there were an estimated 15 million victims in 2006 with an average of one new victim every two seconds.

It has also been proven that terrorist organizations are using malware, carding and online money laundering to procure funds for battlefield supplies, travel expenses and general funds. Younis Tsouli and his mates are the primary example of using this activity for terrorism financing to date.

The standard for this sort of thing is that the card data gets stolen, mostly “cashed out” (the available funds removed) and then the accounts start trickling into the more common (and easily found) carding channels on the assorted IRC networks. Still not convinced? Go on over to SearchIRC or any other IRC server search engine and search for words like “cashout”, “visa” or anything else to do with credit cards and prepare to be amazed at the blatant fraud.

(Disclaimer: the information above is for educational purposes only, if you go screwing around on IRC in the assorted carder channels you can and will get pwned, you have been warned.)

Cross posted at The Jawa Report.


Ok, I’m back.

Posted in Daily Rant on June 24, 2008 by blackflag

Going to change up the look and feel of the blog a bit and get some information posted regarding my current projects.

While you wait on the updates feel free to enjoy some Clutch.

It’s been two years already?

Posted in Daily Rant on January 17, 2008 by blackflag

On January 31st this blog will be two years old, far older than I expected it ever would be.

I originally created this blog as a place for my “stuff”, mainly links to other sites that I wanted handy and a place to post a bit on IT Security stuff. Stuff I’ve posted here has helped solve technical problems for people that really needed it, I find that very rewarding as giving the advice really didn’t cost me anything at all but time. This blog has always been a casual effort for me, I have no advertisements or sponsors and no effort to make money or gain “fame”. That “crazy blog money” is harder to get than people think and it was never something I was going for. I really appreciate the people who link this site and throw some traffic my way and I’ve always tried to return the favor if I can.

I’ve met a few other bloggers, made a few friends along the way and have actually contributed in a published article or two. The now closed “Clarity & Resolve” was always an inspiration, I owe a thanks to Rusty, Howie and crew from TJR, Aaron at Internet Haganah, Velvet Hammer, Muslihuun, Bugs-n-Gas Gal, 3 Nails Ministries and many many more that I can’t possibly list here. Sorry if I missed you but I don’t want this to be a post full of hyperlinks, I’m sure everyone will understand. Rusty actually gave me an invite to guest blog at Jawa so you may see me pop up over there pretty soon (hey I need to post somewhere).

Now then, you’ve probably noticed that I tend to focus on cyber-crime, security and cyber-terrorism here. What you didn’t know is that I’ve always done other research behind the scenes on these same topics. Because of my training, personal interests and career path security research is only natural for me (I’m a security geek, what can I say). Unfortunately most of this is not stuff people talk about “publicly” that often due to the sensitivity of it all (full disclosure not withstanding). I was privileged enough to have received an invitation,a year or so ago, to do research with The Shadowserver Foundation, this is truly where the “dark arts” are studied and I consider myself very lucky to be able to work with that team of people. Some of my research over there is really starting to take off and I’m very pleased with that and really look forward to watching those efforts develop.

Additionally, I’ve recently made an upward career move and with that comes more responsibility, literally a 24 hour commitment (such is the way of IT staff). My beautiful wife and I are also expecting our second child in a couple of months which brings a set of challenges all it’s own (those of you with children know what I’m getting at here).

That being said, all this blogging and research takes time, lots of time, which I don’t currently have any of, so something has to give. That something is going to be the updating of The Black Flag, I’ll still be around and will always be available by email but updated posts here are going to be a lot less frequent. I have to make a sacrifice somewhere and this is going to be it, my “real life” and my research will continue on. Oh, I’ll still hit this site every day and clean up the comment spam but that’s about it for the next few months until things settle down again.

I check email daily so if you really need to get me thats the best way.

It is what it is, thanks for stopping by.


Merry Christmas All!

Posted in Daily Rant on December 26, 2007 by blackflag

I’d like to wish all of my readers and passersby a Merry Christmas, may you be blessed by the grace of The Lord.


The Jihad Has Failed.

Posted in Counter Terror, Daily Rant, Jihad Denied on November 15, 2007 by blackflag

Via AKI:

A former leader of an armed Islamic group in Libya, Numan Bin Uthman, has written a letter to al-Qaeda second in command Ayman al-Zawahiri telling him that Jihadi groups in Arab countries have failed.

“Dear Doctor Ayman, as I told you during a meeting in Kandahar [in Afghanistan] in 2000, the experience of the Jihadi groups in Arab countries is failed and despite our appeals, the armed groups are divided and will not unite,” he said in the letter, a copy of which was published in the London based pan-Arab daily al-Hayat.

The letter by Uthman, who is based in London, comes after an audio message by al-Zawahiri – an Egyptian medic – was released on Saturday. In it, al-Zawahiri announced that the Libyan Islamic Fighting Group, had joined al-Qaeda. He also called for the ousting of regimes in North Africa.

The Libyan Islamic Fighting Group first announced itself in 1995, vowing to topple the Libyan regime. It is the second organisation to allegedly join al-Qaeda after Algeria’s Salafist Group for Preaching and Combat (GSPC), which changed its name to the al-Qaeda Organisation in the Islamic Maghreb last January.

I ask you and whoever is behind you to review the way you behave because the Jihadi groups are acting very badly towards those who think differently from the way they do,” said Uthman in the letter.

“I aks you to stop the armed operations in the Arab countries, to guarantee the security of Muslims and to retract your threats toward the West, to take away from them the terrorism card used by some Western governments to hate Islam and Muslims,” he said.

Imagine that.

With bonus phunny from Cox & Forkum:

jihad denied

On a side note: I’d be just giddy if the WordPress editor didn’t strip the text formatting off of anything on blockquotes, it really gets on my nerves.

So who say’s I don’t have a sense of humor?

Posted in Daily Rant, IT Security on November 6, 2007 by blackflag

So yesterday someone found my blog while searching the Internet for the term “toe tag”. Evidently their Google search brought them to the post from June of 2006 “Abu Musab al-Zarqawi Takes the Dirt Nap” that I put up when al-Zarqawi was killed by U.S. and Coalition Special forces.

I also noticed a seemingly odd inbound link and decided to go check it out. What I found was a web page called “book review” located on a Rutgers University web server. It seems benign enough but I recognized the photo about halfway down the page in the “Patients and Families Narratives” section. The image is an altered version of the toe tag pic on my post with the text “</John Doe> pwn3d by l337 h4x0r5” and a link back to my blog.

The image is in a pop-up Java field and all I can figured is someone searched up an image specifically for embedding in that field after cracking it. They even left a credit to my blog for the image file… I’ve got to admit it’s nice and subtle, much slicker than the average “replace the index.html” defacement. I wonder if they knew I’d find the link, I bet so, nothing like a hacker with a sense of humor.

I know, it’s nothing special but I got a laugh out of it anyway.


The “Dark Web” Counter Terrorism Project

Posted in Counter Terror, Daily Rant, IT Security, Jihad Denied on October 23, 2007 by blackflag

Now that I’ve slacked off for a few weeks and indulged myself in teasing our terroristic friend Samir Khan, it’s time to get back to some serious work. I’d like to direct your attention to a Counter Terrorism project of truly epic proportions, that being the “Dark Web” Counter Terrorism research project underway at the Artificial Intelligence Lab, University of Arizona. After reading about this project at Dancho Danchevs blog I’ve been spending quite a bit of research time over at the AI project site studying thier methodology.

The stated research goals of this project are as follows:

The AI Lab Dark Web project is a long-term scientific research program that aims to study and understand the international terrorism (Jihadist) phenomena via a computational, data-centric approach. We aim to collect “ALL” web content generated by international terrorist groups, including web sites, forums, chat rooms, blogs, social networking sites, videos, virtual world, etc.

We have developed various multilingual data mining, text mining, and web mining techniques to perform link analysis, content analysis, web metrics (technical sophistication) analysis, sentiment analysis, authorship analysis, and video analysis in our research.

The approaches and methods developed in this project contribute to advancing the field of Intelligence and Security Informatics (ISI). Such advances will help related stakeholders to perform terrorism research and facilitate international security and peace.

It is our belief that we (US and allies) are facing the dire danger of losing the “The War on Terror” in cyberspace (especially when many young people are being recruited, incited, infected, and radicalized on the web) and we would like to help in our small (computational) way.

Now then, at first glance that doesnt seem all that impressive, let’s dig a little deeper. The Dark Web project is not your typical “vigilante” (thanks Mr. Moss) homegrown cyber-terrorism research effort, it is a well funded, long term, counter terrorism project recieving grants from the Department of Homeland Security, the National Science Foundation and others. In short, the project uses web crawlers to gather information from a (large) list of target sites and forums. This data is then indexed and data mined for actionable information. I once considered a similar method of data acquisition but dismissed it for more targetted methods after considering the amount of computational resources it would take. The Dark Web project has been indexing sites for about five years and have the following to show for their efforts.

Claims: Dr. Gabriel Weimann of the University of Haifa has estimated that there are about 5,000 terrorist web sites as of 2006. Based on our actual spidering experience over the past 5 years, we believe there are about 50,000 sites of extremist and terrorist content as of 2007, including: web sites, forums, blogs, social networking sites, video sites, and virtual world sites (e.g., Second Life). The largest increase in 2006-2007 is in various new Web 2.0 sites (forums, videos, blogs, virtual world, etc.) in different languages (i.e., for home-grown groups, particularly in Europe). We have found significant terrorism content in more than 15 languages.

Testbed: We collect (using computer programs) various web contents every 2 to 3 months; we started spidering in 2002. Currently we only collect the complete contents of about 1,000 sites, in Arabic, Spanish, and English languages. We also have partial contents of about another 10,000 sites. In total, our collection is about 2 TBs in size, with close to 500,000,000 pages/files/postings from more than 10,000 sites.

We believe our Dark Web collection is the largest open-source extremist and terrorist collection in the academic world. (We have no way of knowing what the intelligence, justice, and defense agencies are doing.) Researchers can have graded access to our collection by contacting our research center.

Now, that is impressive. Additionally, the Dark Web researchers perform Social Network Analysis on the data gathered to determine the relationships of online content authors. It is important to realize that these researchers are mathmeticians, not counter terrorism agents, they are applying science to the issue of online Terrorism in an attempt to understand the phenomena.

They describe themselves thusly:

A Few Words about Civil Liberties and Human Rights: The Dark Web project is NOT like Total Information Awareness (TIA) (at least we try very hard not to be like it). This is not a secretive government project conducted by spooks. We perform scientific, longitudinal hypothesis-guided terrorism research like other terrorism researchers (who have done such research for 30+ years). However we are clearly more computationally-oriented; unlike other traditional terrorism research that relies on sociology, communications, and policy based methodologies. Our contents are open source in nature (similar to Google’s contents) and our major research targets are international, Jihadist groups, not regular citizens. Our researchers are primarily computer and information scientists from all over the world. We develop computer algorithms, tools, and systems. Our research goal is to study and understand the international extremism and terrorism phenomena. Some people may refer to this as understanding the “root cause of terrorism.”

There is much much more in depth information at the Dark Web Project site, pay special attention to the Journal Articles, Conference Papers and Presentations links at the bottom of the page and you should stay busy for quite some time.

In closing I’ll quote the following:

As an NSF-funded research project, our research team has generated significant findings and publications in major computer science and information systems journals and conferences. However, we have taken great care not to reveal sensitive group information or technical implementation details (specifics). We hope our research will help educate the next generation of cyber/Internet savvy analysts and agents in the intelligence, justice, and defense communities.

It does indeed.