Trump May Have Been ‘WireTapped’ Through His Samsung Smartphone

And I’m not the only one who’s made this observation. One of the members of the hacking group, Anonymous, made the following comment on Trump’s smartphone of choice, the Samsung Galaxy S3.


Whatever you may think about members of Anonymous, the statement is fundamentally correct. However, if you don’t trust anything coming from a member of Anonymous, cybersecurity expert, Bruce Schneier, remarked that, “His (Trump’s) off-the-shelf Android could potentially become a room bug without his knowledge and an attacker could certainly hijack his apps.”

samsung galaxy

The Samsung Galaxy 3

Trump’s smartphone could easily be infected by a RAT; a Remote Access Trojan. This type of malware allows an attacker to take complete control of a device from a remote location using internet connectivity. The attacker can turn on the microphone, the camera, and the GPS. With the built in keylogger, they can gather all of the victim’s usernames and passwords. They can, then, take over the victim’s email accounts and send any message they wish to any contacts. In short, they can pretend to be the user. How hard is it to get one of these programs? Not hard at all. Some are offered for free and come with complete instructions. In fact, you can watch Youtube videos on how to install and use them.

The problem is getting the victim to install the malware on their device. If I were going to attack Trump’s smartphone, I would not do so directly. I would try to compromise one of his family members or a trusted friend. Then, I could send a message from their compromised email or some app with an attachment for him to open. It could even be a valid attachment like a picture from some event that both of them had attended. Clicking on the attachment would install the malware. If it was good malware, especially a zero-day exploit, it would not be easily detectable. Trump would assume all was well because the phone would continue to operate as usual. However, he would continually be giving information to those controlling his device. Cybersecurity experts know that he continued to use the Samsung phone to send tweets until early this month. What we don’t know is if the phone had been upgraded to make it more secure. In late January, President Trump gave Fox’s Sean Hannity a tour of the Oval Office and showed him his desk which seemed to have a smartphone on it.

trump desk hannity

If we assume that Trump’s Samsung phone was hacked, the next question should be, who would hack it? Here, we are not short of suspects. Almost any nation-state would be interested in learning what the President of the United States was up to. If a nation-state hacked Trump’s phone, it wouldn’t be with off-the-shelf malware. It would probably be with a zero-day exploit that would remain well hidden. Although Russia is the cyber-attack darling of the moment, it is highly unlikely that they would gather and then leak any sensitive information. And it’s the leaking that’s important here. Someone or some entity was hacking and then leaking the information to the New York Times, the Washington Post, and the Associated Press.

If we eliminate nation-states as the source of the leaks, we are left with those actors who would benefit from shining a negative light on the executive branch. The fact that the leaks were given to members of the media associated with anti-Trump leanings points towards those who share these leanings. As Louis Clark, executive director of the Government Accountability Project, pointed out, these leaks seem to be made with the sole purpose of harming the president and his reputation. “There has been an extraordinary amount of leaking from this administration in just the first month.”

Trump initially blamed the intelligence community for some of the leaks. “It was disgraceful, disgraceful that the intelligence agencies allowed [out] any information that turned out to be so false and fake.” It is no secret that a hostile environment existed between the Trump administration and the intelligence community, but would they, or someone within it leak information? If this was the case, or if Trump was under investigation by some branch of the intelligence community, those responsible for securing Trump’s smartphone may not have pushed to have him stop using it. After all, it would be giving away one of the best sources for information. If Trump or his administration was being investigated for ties with Russia, for example, it is unlikely that the intelligence community would impede such an investigation by removing Trump’s smartphone from the loop. However, leaking information to the press would be counterproductive and would undermine their secrecy. Such leaks could only come from a rogue employee who had some political axe to grind.

The recent announcement from House Intelligence Chairman Rep. Devin Nunes disclosed that the intelligence community had incidentally collected information on Trump and the Trump administration while pursuing other investigations. Nunes was particularly upset in finding that members of the Trump administration and possibly Trump himself had been ‘unmasked’. Their identity was not protected even though the information was gathered incidentally. But it is no longer true that this need be the case if one of 16 government intelligence agencies is investigating someone within the administration. New legislation was quietly signed off on by then Attorney General, Loretta Lynch, just before leaving office that allows such unmasking to occur. According to the New York Times, agencies can now “ask the N.S.A. for access to specific surveillance feeds, making the case that they contain information relevant and useful to their missions.” In other words, if Trump, or members of his administration, are being investigated by the FBI, that agency can request any intelligence gathered on them by the NSA, even if it has been incidentally gathered. The original document (PROCEDURES FOR THE AVAILABILTY OR DISSEMINATION OF RAW SIGNALS INTELLIGENCE INFORMATION BY THE NATIONAL SECURITY AGENCY UNDER SECTION 2.3 OF EXECUTIVE ORDER 12333) can be viewed here.

So was Trump’s Samsung smartphone hacked and, if so, was it the source for many of the leaks? I think the real revelation would be if his smartphone was not hacked. As for the leaks, the ability of 16 intelligence agencies to share data would expose that data to more individuals, some of whom may want to discredit the Trump administration and who are willing to risk leaking this information to do so. In fact, the new legislation makes it easier to leak documents because, with so many people having access to the classified information, the risk of being caught is reduced. In short, we can not only expect such leaks to continue, we should expect the number of leaks to increase.




Posted in Uncategorized | Tagged , , | Leave a comment

Are You Being Spied On?

So, Wikileaks releases its CIA documents and the one thing that everyone loses their minds over is learning that their TVs can be used as eavesdropping devices. Really? Where have you all been for the last 5 years? This isn’t even news. Check out an article I wrote on spying devices some years back, When Appliances Attack, and you’ll see what I mean.

Our main concern should be whether or not we, the average citizen, should worry about the government spying on us. These leaks demonstrated the vast array of tools that the CIA has to spy on everyone. Can they install malware that will turn your TV or other connected devices into eavesdropping devices or worse? Yes, they can, but, according to the law, they cannot do so without a court order based on probable cause. That said,  law enforcement could, in the course of their investigations, stumble across one of your devices. Yes, they could gather data from that device by accident, but it would not, in this case, be admissible in court.

It didn’t help the surge in paranoia when  FBI director, James Comey, was widely quoted as saying, “There is no such thing as absolute privacy in America; there is no place outside of judicial reach.” And “Even our communications with our spouses, with our clergy members, with our attorneys are not absolutely private in America.”  Furthermore, he claimed that “Even our memories are not absolutely private in America.”

All of this has been quoted out of context to make it appear as if the government has some supreme right to spy on anyone it has a whim to spy on. In fact, what Comey was saying was that the right to privacy disappears for those who participate in criminal behavior. Thus, “absolute privacy”, privacy for all, no matter what, does not exist. You may make the argument that the concept of probable cause can be stretched too far, but, legally, the government cannot spy on you without good reason.

But what about spying done by those outside of law enforcement? What are the chances that these bad agents are spying on you? Well, that depends largely on your profile and how you define ‘spying’. If you appear to have something that would pique the interest of certain parties, you will decidedly increase your risk. What are these factors? According to one source, if you

have an important, responsible, or secretive job,

have to attend confidential interviews or meetings,

are a scientist/politician/journalist/attorney/judge/police officer/local government official,

have a jealous partner or spouse who believes you are having an affair,

are getting divorced,

are a suspected activist,

are interested in conspiracies and frequent certain websites,

have a neighbor who hates you,

were arrested for, but never convicted of, a terrorist-related crime,

have a friend, neighbor, or relative who is under suspicion,

have recently made a substantial insurance claim,

are very wealthy,

are a celebrity, or

are the victim of a stalker

your chances of being spied on increase.

Yeah, there are a lot of good reasons to be paranoid and, for the most part, you can assume you are being spied on. Why? Because if you use Google, Facebook, Yahoo, or many other websites, you have given them the right to spy on you. Didn’t you read the privacy statement when you checked the ‘Accept’ box? Sure, few people do. Basically, you’ve given these sites the freedom to build a profile of you by watching you while you browse the internet and do other online activities. Yes, both Google and Yahoo can legally read your emails because you told them they could. They are trying to ‘enhance your online browsing experience’ by targeting you with ads that you will, hopefully, find more interesting. They learned what you are interested in by reading your email. But what if you joked about being a terrorist? Hmm, that’s when problems could begin. The government can always compel these companies to hand over your emails. They can also read your emails without you ever knowing about it. You can stop some of this spying by adjusting your privacy settings on Google and Yahoo, but you’ll never be completely free.

google spy

Smartphones are perfectly made to spy on you. They have GPS information, cameras, and microphones. With the proper spyware, (which can be downloaded for free) all of these can be turned on remotely by those who are interested in your behavior. They can film you, listen to you and your calls, and see where you are and where you’ve been. They can harvest your passwords, take over your email, and send messages to all of your contacts. In short, they can pretend to be you.

android spy

How do you know if your phone has been compromised? Well, if the spies use good malware, you may never know. However, if your battery appears to be running low faster than it used to, it may be an indication that your phone is doing something that you haven’t given it permission to do. If you’re not sure, you can download an app that will give you a record of your battery activity.

Sometimes spyware will turn your phone on without you being anywhere near it. Be suspicious if you see this happening. Snowden supposedly put his phone in a microwave oven or refrigerator to stop it from being accessed by unwanted agents or sending out radio signals. He has since designed a special case to prevent such behavior. Of course, the best prevention is to take out the phone’s batteries when the phone is not in use.

If you hear a strange background noise or clicking sounds while you’re speaking on your phone, your call might be being monitored. And, of course, look at your monthly phone bill to see if anything unusual has been going on. Also, keep in mind that the NSA can listen to any call you make to a location or receive from a location outside of the US.


Chances are your TV is not being used as a spying device. Yes, it can be hacked into to listen to you or, for those sets with built in cameras, watch you. The current CIA leak focused on malware called, Weeping Angel, which targets certain Samsung smart TVs. The malware can make it appear as if your TV is turned off when, in fact, it is not. It is secretly listening to you. This malware specifically targets Samsung TVs from 2012 (UNES8000F, E8000GF plasma, and UNES7550F) and 2013 (UNF8000 series, F8500 plasma, UNF7500 series, and UNF7000 series). You can tell if your TV has been compromised by looking behind it and seeing if a blue LED is on while the TV is supposed to be off. Unless you are a particularly high profile target, I wouldn’t worry much about this. It is far more likely that your smart TV could become part of a botnet rather than an eavesdropping device, though I’m not sure this will necessarily give you much more psychological  comfort.

Just remember that anything that is connected to the internet has the potential to be compromised. Your refrigerator won’t be watching what you eat because it doesn’t, at least for now, have a camera. It can, however, read your Gmail. What? How is that possible? Well, it’s not possible for all refrigerators, but one developed by Samsung linked the device to a user’s Gmail Calendar so as to put this information on the refrigerator’s display. In so doing, it compromised the user’s Gmail account. Using a man-in-the-middle technique, hackers were able to lurk in the calendar and capture the owner’s username and password, thus, gaining full control of the user’s account. This is a somewhat unique attack method which has probably never been used to any great extent. Most compromised connected refrigerators are used to send non-edible spam. Just remember that what is true of refrigerators is true for all your connected devices. But, as the old saying goes, if you can’t trust your refrigerator, what can you trust?



Posted in Uncategorized | Tagged , , , | Leave a comment

Snapchat: The Best App for Those Having an Affair or Hiding Bad Behavior… Or Is It?

I have never seen an app so overrated as Snapchat. I have no idea why it is valued at $24 billion. My only guess is that there is either too much extra money floating around or that speculation has become dangerously optimistic.

The key selling point to Snapchat is its disappearing messages and photos. It’s meant to keep your communications secret. But Snapchat is to secrecy as Twitter is to informative discussion. In principle, both are possible. In practice, both fail at their goals.

Because it supposedly leaves no evidence, Snapchat is the first choice for those engaged in bad behavior, like having an affair. Why Snapchat and not Facebook? Let’s look at a few statistics. 41% of people caught having affairs say that they were caught because of what they posted on Facebook, and 66% of divorce lawyers claimed they used evidence from Facebook to advance their cases. The fear of getting caught is the main reason people give for not having affairs. 75% of men and 60% of women said that they would have an affair if they knew they wouldn’t get caught. You might wonder why these people simply don’t ratchet up their Facebook privacy settings. Well, maybe they don’t know how to. You can’t rule out ignorance when it comes to cyber security. However, even if they do lock down their Facebook page to just friends, it doesn’t stop the dedicated investigator from using a fake profile to get befriended by the targeted individual. So wouldn’t it be better just to use an app that includes the service of automatically making messages disappear? It is no wonder, then, that those involved in bad behavior, especially behavior that they expect to engage in over an extended period of time, choose Snapchat to stay safe from prying eyes. In fact, a site known as “The Affair Handbook (Learn how to cheat without getting caught!)” points out some “clever ways” you can use Snapchat with “your affair partner”. It’s at the point where simply seeing Snapchat on your partner’s smartphone should make you suspicious. Parents should also be concerned about their children in the same way.

This being the case, users of the app need to be assured that it does what it says it will do; keep their communications secret. There must be no way for disappearing messages to suddenly reappear. Well, in most cases and for most people, Snapchat will do the job. However, for those dedicated to saving chats and photos, there are ways to circumvent the disappearing message conundrum. For example, the person who receives your secret chat could take a screenshot of your photo or message. This is handy if, for example, you receive a photo of something you’d like to save, like a recipe or bus schedule. However, if the receiver does choose to take a screenshot of what was sent them, the sender will be notified that this action has taken place. It’s too late to take the photo back, but the sender would probably be wary of sending any compromising photos in the future.

But there are other, more devious, ways to save chats and messages that do not inform the sender of what is really happening. At the most basic level, the person could just take a regular photo of the phone screen. It’s a bit primitive and probably not so easy to do, but it is effective. A phone, tablet, or camera could be used to take a continuous video of the Snapchat screen during a session and then this video could be saved thereafter.

There are apps and workarounds that do much of the same thing but within the phone itself. Many of these apps have been sued by Snapchat and taken off Google Play and Apple app stores. Still they continue to pop up. Often, they are the same apps but with different names. Some apps are not specifically designed to capture Snapchat sessions but can be programmed to do just that. There are various screen capture apps that are said to work in capturing Snapchat sessions. However, even though some of these apps continue to be offered on Google Play, they have had to change their modus operandi. In the past, Apowersoft Android Recorder, could be used to save Snapchat sessions. However, the app now notifies Snapchat message senders that it is being used. It is not clear if another screen recorder, AZ Screen Recorder, is still working with Snapchat, but it used to. The point here is that there will always be apps popping up that will compromise Snapchat’s secrecy, at least until they are blocked.

There are also some workarounds which take advantage of the Snapchat app itself. Some, such as the airplane mode hack, still seem to be working. This basically turns off connectivity to the Snapchat session which leaves the photo/message/video screen locked and available to saving. If the app and phone are subsequently turned off and, then, connectivity is restored, the sender will not be notified that their information has been saved. You can see a video on this workaround here.

But you may not even need a workaround. According to some comments on Google Play, sometimes the messages won’t automatically delete.

“They do not delete any texts or pics or videos you send in the chats. Even with the clear conversation nothing gets deleted. My cousin hasn’t saved any texts either. Nothing deletes.”

And at other times the screen freezes on its own, even without using the airplane mode.

“I hate this app the video chat sucks make it a good quality chat I can’t look at the screen for more than 5 seconds without it freezing 6 seconds if I’m lucky but PLZ fix it.”

snap homer

Snapchat is not without its rivals, some of which are more reliable in keeping your conversations secret. A number of them even offer more features. In other words, Snapchat, as a messaging app, may be now having its temporary moment in the sun. Even its arch rival, Instagram, has reasserted itself. In fact, one assessment shows that Instagram has gained the advantage.

snap instagram

Instagram now offers a delete-after-24-hours feature and, recently, WhatsApp has offered the same. Apparently, that’s been a big hit. “Facebook Live and Instagram Stories have been a runaway hit and the Instagram feature, in particular, has stolen a large chunk of Snapchat’s user base. A similar feature on WhatsApp — which, with a user base of over a billion, dwarves both Instagram and Snapchat in number of daily users — will probably spell doom for the company that came up with the idea in the first place.”   According to one report, “there’s been an average decline in Snapchat Stories views of 20 to 30 percent from August until mid-January”. It now looks like Snapchat is using the IPO to shore up the company until some better idea comes along.

views per snap

It may be that Snapchat can solve its problems or come up with something more innovative. The teenagers I’ve talked to, who use Snapchat as a regular messenger and not simply to hide their behavior, say that the interface is easier to use than the other social apps. They like the disappearing message/photo feature because they don’t have to worry about cleaning up storage space later on. They were not aware of the new disappearing message feature in WhatsApp and Instagram, however.

Snapchat does include a cash transfer feature called, Snapcash, which the company may be banking on. Some have expressed alarm at this cash transfer app being included in a messaging app that is most popular with children and teens. Others claim that the app’s lack of good security practices leaves it vulnerable to hacking, similar to the hack that occurred in 2014.

At the beginning of this post I said that, “I have never seen an app so overrated as Snapchat”, and I’ll stand by that conclusion no matter how much of a darling the stock may be at the beginning of its IPO offering.

Posted in Uncategorized | Tagged , , , | Leave a comment

Ukraine Braces for an All-Out Cyber Attack on its Infrastructure

Nir Giller, co-founder and CTO of cybersecurity firm, CyberX, suspects that Russia is behind new malware that has been found lying in wait in key infrastructure, banks, media, and scientific research sites throughout Ukraine. However, a member of CyberX contacted me and indicated that they have no direct evidence that this is true.

 The main purpose of this new malware, dubbed, BugDrop, is reconnaissance. It is designed to turn on the microphones of specifically targeted devices so as to let the operators listen in on sensitive conversations. The conversations are saved as sound files and then surreptitiously uploaded to Dropbox. Although eavesdropping seems to be its main purpose, the malware is also capable of scanning computers/devices for documents,  passwords, and grabbing screenshots. Since there is no way for the malware to determine which conversations are valuable and which are not, it appears to require a large network of humans who can analyze the immense amount of uploaded data coming in from numerous sources. This requirement for human support, with the expense that this would incur, plus the sophistication of the malware indicate that it must have been developed and deployed by a nation-state.

 The real sophistication in this malware is in the methods it uses to remain undetected. Here are some of the ways CyberX discovered  BugDrop uses to remains hidden.


In addition, the malware encrypted the file in which all of the stolen data was stored, so, if found, it could not be identified.

 Keep in mind that much malware only needs to infect one device, such as a smartphone, to spread throughout a network. To no surprise, the initial infection begins with a well-designed phishing email which includes an appropriately named Microsoft Office document as an attachment. However, when the victim tries to open the document, they receive what appears to be a legitimate message which looks like this.


The message is in Russian, but translates as, “The file was created in a newer version of Microsoft Office programs. You must enable macros to correctly display the contents of the document”. If the victim subsequently enables macros, as suggested, the malware is released.

 It may not seem as if this malware is very threatening. After all, the malware developers only seem to have a network of reconnaissance devices. No harm seems to have been done. However, it is well-known that reconnaissance is the first stage of a more serious attack, such as the attack that took down part of the Ukrainian power grid in December, 2015. In other words, the attackers have a far more sinister goal in mind and, given the extent of the surveillance, whatever the attack will be, it is sure to be highly organized, precisely targeted, and extensive. It is probably being planned as you read this. With that, let me introduce BlackEnergy and Telebots.

 It is quite clear that if an all out cyber attack occurs, it will probably be based on the malware that brought down part of the Ukrainian power grid in 2015, BlackEnergy 3. BlackEnergy has been around for a while, but its newer models come with Stuxnet-like capabilities as they can target any computer-dependent industrial controls that, for example, are necessary for the proper operation of most machinery. Although the latest malware found in the infrastructure has been named Telebots, ESET, the cybersecurity firm that discovered it, believes it to be just another upgrade of BlackEnergy.

 Similar to the attack vector outlined above, the Telebots group uses spearphishing email with a fake Microsoft Excel document as the malware-releasing attachment. The malware can compromise other computers not connected to the internet by employing a tunneling tool. They can also, when they are finished with their attack, employ KillDisk, which is basically a hard drive erasing tool. It can be set to begin its destruction at a particular date or to target particular files. Look at it this way. If you wanted to disrupt a network, you would first steal all the important data that you could, then, you could make the computers operating that network, or machinery connected to it, unusable.

 To begin the attack, the reconnaissance performed with BugDrop would be analyzed to discover the weak points in the target country’s infrastructure. The subsequent attack would simultaneously bring down those weak points in a specified manner, the purpose of which would be to spread chaos. Needless to say, since many institutions and businesses are interconnected and, thus, dependent on one another, the attackers would not have to infect all aspects of the country’s infrastructure with malware to bring the entire nation to the point of complete collapse, but the developers probably already know this.

 The assault on the Ukrainian power grid in 2015 can be considered as a test; a proof of concept. The fact that that test succeeded led to phase two; a comprehensive reconnaissance program. The final assault, phase three, will likely use an even more sophisticated malware which can be installed by initiating an upgrade of pre-existing malware already residing in the infrastructure. It is important to note that the Telebots malware contains an automatic malware updater. In my opinion, the chaos resulting from a full scale cyber attack would most likely be coordinated with, phase 4, the final, physical, military assault. Under these conditions, the ensuing battle would be overwhelmingly one-sided.

 But Ukraine will not give up without a fight. They have some of the best hackers of all shades, and some of them have probably used BlackEnergy as a template to develop infrastructure-destroying malware of their own. In other words, a serious infrastructure attack on Ukraine will probably trigger a counterattack against Russia. Did the Russian trial cyber attack in 2015 trigger a counterattack? It’s possible. According to one source, Russia suffered a 50% increase in cyber attacks on power companies in 2016, with 350 total attempts. The US government is also getting nervous. They are also preparing for an infrastructure attack, and, in anticipation of it, they have invested $4 million in the Chess Master Project aimed at protecting critical infrastructure. Tests of Ukraine’s response capabilities may continue to ramp up to the point at which Russia may feel enough confidence to launch a more serious attack. If an attack occurs, other nations may be wittingly or unwittingly drawn into it. This is why the situation must be closely monitored. I will update this post if more information becomes available.

Posted in Uncategorized | Tagged , , | Leave a comment

Are You Sure Your Employee Accidentally Clicked on that Phishing Link? Insider Trading on the Deep Web

The problem of inside information being sold on the deep web is not a new one, but it’s certainly one that major corporations need to begin to take more seriously. This is chiefly because more deep web sites are popping up which are making insider trading a cooperative venture. For the promise of anonymity and security, these sites allow select members to share and profit from the information that they give to each other.

The two main insider information trading sites on the deep web are The Stock Insiders and KickAss Marketplace. Both try to limit their members to an exclusive group. Both use extensive screening, but KickAss also charges a monthly fee, and a steep one at that. First, here’s how The Stock Insiders operates.


The Stock Insiders’ goal is “to create a long-term and well-selected community of gentlemen who confidently exchange insider information about publicly traded companies”. The administrator of the site claims to be “a former successful (originally European) IT entrepreneur living in the U.S.” who is “also an active trader and has inside access to the several publicly traded companies.” He is clearly not a native English speaker, so his foreign origins seem to check out. He guarantees security which is achieved by enabling “access to the forum only to a small number of the well-proven members.”

Kickass Markets goes a step further.

kickass-logoFor those who simply want to go from newbie to pro, you’ll first have to pay $250 a month in Bitcoins. That will eliminate many potential members right off. You also are told to do the following.


And, if you’re lucky enough to pass this test, you get to pay $1,000 a month.

What do you get? According to the administrator, members get insider information that is carefully analyzed by a team of experts. Members are not allowed to post information directly. The site does employ hackers (“They obtain information relating to a potential movement in the market”), so they apparently leak whatever the hackers may have ‘uncovered’ in their ‘investigations’. Members are given advice on when to invest to take most advantage of the leaked information. “Customer service is key, and we wish to deliver quality information.” What members make in profit is dependent on how they use the site’s advice and the amount they risk investing in it. According to information given in an interview last year, the site had members from 15 investment firms. If true, that’s a surprising and troubling fact. It begs the question: Do you still think stock investment has a level playing field?

According to information from a report on insider trading by cybersecurity firms RedOwl and InSights, insider trading on the deep web doubled last year.


To be sure, these sites are worrying, but far more dangerous is the fact that The Stock Insiders administration or rogue members of the group are selling information directly to interested investors, bypassing the site’s vetting filter. Here is an example.

“I am a member of an Insider Stock Market group: If you’re not insider yourself, but would like to profit off inside information – this is your chance. All inside stock trading groups require you to post continually or suspend your membership. We have a trade about every 5-8 days, and I am allowing you to be a part of it. I understand I need to build trust, and this will take time. I will message you details of when the trade will occur and be complete, and you will have your money back in a week or less. My occupation is trading options for a large hedge fund. I have clients who occasionally provide me tips on major announcements or earnings coming up. I exchange this type of information within the Stock Insider forum. I use my knowledge of options trading, and the insider forum to make trades. I am looking to grow my own personal wealth by trading with others money. I have a separated broker account setup, and I’m working to grow this through trades on inside information. My service; I am offering interested clients 15% return on each trade I make, which averages to 1/trade every 8-10 days. Upon purchase, I will provide the date of the trade, and when your funds + 15% will be returned. The trades made from my insider broker account yield high returns (sometimes over 200%). I keep any profit above the 15% paid to the customers. I am willing to negotiate the return rate for higher deposits. Please message me for details. I hope we can do business together. I look forward to add to my ever growing list of clients.”

This appears to be someone trying to profit from inside information. He, being a member of a trading firm, would not be able take the risk of investing himself. However, he could secretly sell his information to others. On the surface, it would look like any other trader-client relationship. The client’s  risk would be minimal and the trader secretly gets his 15% cut of any profits. Anyone investigating the transaction, even if it was connected to this insider employee, would be unable to prove that anything was out of order. It would only look like this was a regular client who happened to get lucky.

Here is a bit of a different and somewhat more dangerous approach.

“Normally: $99 SPECIAL SALE PRICE: $15 This tip is a [HIGH QUALITY] leak with [94%] Confidence and [MEDIUM-HIGH] profit potential. These tips have been harvested from compromised executive email accounts at major companies as well as from keylogged bank and law firm employees. The tips have also been stolen from hacking communities and hedge funds.”

 Is it possible that the emails of major corporate CEOs have been hacked and insider information harvested from them? Unfortunately, it is highly likely. In a post I wrote on CEO email scams, I explained how such scams operate and why they have successfully bagged over $3 billion for the hackers. Most CEO scams trick company employees into wiring money into an account that the employee believes to be valid. In the scenario above, it appears that the hackers may have found another way to get money, selling the insider information that they accidentally stumbled across during their CEO hacking.

But there is more frightening information here. It appears these hackers have had keyloggers installed on employee devices to gather information from bank and law firm networks. This is something that would take a certain amount of hacking skill to do. More than likely, they would have had to penetrate the banks’ cyber defenses by tricking an employee into downloading a file in a phishing email or clicking on a link that would eventually lead the victim to installing malware on their device. It’s a hit and miss strategy that succeeds in direct proportion to the ignorance of the employees and the quality of a firm’s cybersecurity defenses. Well-educated, vigilant employees within relatively secure networks make this strategy highly inefficient.

This is where the scariness reaches another level. The RedOwl report shows that hacking groups, or even Stock Insiders members, have actively recruited bank and corporate employees. In one instance, they wanted bank employees to give them access to computers that make money transfers. The hackers promised to pay them “7 figures on a weekly basis” for every week that they continue to have access to these computers. Here is a conversation between one hacker and a bank employee uncovered by RedOwl.


Some hackers will pay employees to install malware on a bank or corporate network, but this requires the employee to have some hacking skills and there is a real risk that the attempt will be detected.

Far better, in my opinion, would be for a hacker to arrange for an employee to ‘accidentally’ open an attachment or click on a bad link in a phishing email that the hacker sends them. This would enable the hacker to have remote-access malware installed on a key device through which they would infiltrate the network, getting what it is they are looking for. They would not have to worry about relying on or training a technologically-challenged employee. They would not have to teach them hacking techniques and the employee would not have to endanger themselves by making an inept move.

Even if caught in such an arranged scam, the employee could simply claim ignorance. If the planned phishing email was well designed, such a plea of ignorance might seem valid. The employee would simply suffer some reprimand. At worse, the employee would be fired. However, if the money they made in the fraud scam was anything like the numbers mentioned above, they may not even worry about losing their jobs. In fact, a good hacker with good malware would be able to erase all evidence relating to the intrusion so the employee’s complicity could not be proved.

The weak point here is the hacker’s payment of the insider. That’s where the deep web comes in. Deep web deals are held in escrow by the administrator until both sides are satisfied. In other words, if the hacker agrees that the employee has done the job, the administrator will release payment to the insider. My guess would be that this payment would have to be close to a yearly salary as an employee would, even if not proven to be involved in the hack, be at risk of losing their job due to incompetence. There are other cases of insiders being blackmailed into working with the hackers.

So do you have insiders working for hackers in your company or bank? Have you been suspicious of an employee who compromised your firm by ‘accidentally’ installing malware? Look for the usual danger signs. Was the employee already disgruntled? Did they suddenly find themselves in financial straits? Are they buying expensive things, like cars, that they shouldn’t really be able to afford? The problem with this type of attack is that education will not help. A company can do all the cybersecurity awareness training that it wants, but it can never be absolutely sure that a particular employee simply forgot the training and made a stupid decision. Sadly, such insider training is nearly foolproof and, because of this, may embolden employees to work with deep web sites and hackers. Participation in deep web markets by legitimate trading firms has the potential to become an expected, if secret, part of any trading firm’s tactics. It may even be that any firm that does not use the deep web for an investment edge will be considered behind the times.


The WorkPlay Solution: Ultra-secure, hardware separation, which puts two or more, non-communicating operating systems on any endpoint device (smartphone, tablet, laptop) will prevent insider coercion from accessing sensitive company data. The end user can even install malware on their device, but, it will not be able to cross the hardware barrier and access the corporate network.

Posted in Uncategorized | Leave a comment

The State of the Deep Web 2017: Part 2: The State of the Deep Web Markets

 Before the story on AlphaBay broke (see my last post), I had concluded that the deep web markets had improved since my last report on them in early 2016. At that time, I found that the deep web was operating, but not as well as it had been in the past. Yes, there were sites that were up, but there was a lot of paranoia about them being infiltrated by law enforcement. There was also the fear that these relatively new markets might pull an ‘exit scam’: suddenly closing and taking everyone’s money with them. This is what happened when the Evolution Marketplace suddenly disappeared overnight. Paranoia will always be a by-product of the deep web, but it seemed to have subsided a little over the course of 2016. It is now, after the AlphaBay hack, back in full.

 Before I continue this discussion on deep web markets, let me restate my working definition of the deep and dark web. In my opinion, any site that is accessible through normal browsers, including those that require passwords to enter, are really in the normal web. Those sites that can only be accessed by special, secure browsers, like Tor, I refer to as deep web sites. Within this deep web region, there are dark web sites. These are sites that are dedicated to illegal activities which victimize people. These include child pornography sites, human trafficking sites, hackers-for-hire sites, and any site that will accept money for harming individuals. I do not include in the dark web those victimless, though technically illegal, sites such as drug-selling or weapon-selling sites. Anyway, that’s the definition that I will be working within here.

 In this post, I want to focus mainly on what you can purchase on deep web sites. As has always been the case, drugs are the main item purchased in deep web markets. Markets still depend largely on trust scores given by buyers and there are a variety of methods used to make deals secure and keep customers satisfied. For those who want to know the details on purchasing and delivery, see my previous posts.

 Vendors selling guaranteed-working credit card information are in abundance. A working card will cost you around $10 (in Bitcoins) but with a discount offered for those buying more cards. If you want a physical credit card, you can get that if you pay for shipping. If, for some reason, the card information you purchase doesn’t work, it will be replaced for free. No vendor wants to get their trust rating lowered. Keep in mind that two-thirds of cards are in the form of information that can be used for purchasing items on legitimate websites, such as Amazon. Only a third of cards bought on deep web markets are physical cards.

 You can buy any type of fake document including passports from almost any country, drivers licenses (every US state and many countries), and even fake degrees from Ivy League schools. Counterfeit money sites are also popular, with some clearly offering a better product than others. Some sites will sell you loads of personal information like the, somewhat disturbing, site below.


 Guns don’t seem as popular as they once were, even though there are vendors that specialize in selling them. This may be because guns are relatively easy to purchase in the US and the risk of having a gun sent to you overseas may simply be too great. That said, some, like the one below, are still available.


 Some fraudsters target certain retailers and, among these, Amazon continues to be their main target. Here is one of the more comprehensive attacks.


And here’s a similar assault on McDonald’s.


I don’t know how valid these are. I’m only using them as examples of what is being sold in these markets. The trust scores seem to indicate that most customers are satisfied. 

There continues to be a lot of malware for sale on these deep web sites. Some are more scary then others. This site seems suspiciously like information offered by The Shadow Brokers, the allegedly Russian hacking group that hacked the NSA. However, on closer inspection, the tools that it makes available are really re-packaged, free tools that can be downloaded on the regular internet, so be careful what you’re paying for. The low trust scores show that most hackers realized this.


 There are far more troubling sites than this on the deep web. Among these, are two sites that are selling insider trading information: The Stock Insiders and KickAss Marketplace. From time to time, individuals selling insider information appear on deep web market sites in an effort to profit from secrets that they know. The difference here is that these two sites are trying to form an exclusive community of insiders who work together to benefit from each other’s inside trading tips. It is organized crime at the corporate level as all informants/members must be connected to publicly traded companies. Both of these sites are concerned with being infiltrated and, thus, have a careful vetting process. To be allowed on The Stock Insiders, you must give up some information that checks out and you must continue doing so to keep your membership. The KickAss Marketplace has an even more extensive (and somewhat bizarre) vetting process that also involves participants paying a steep monthly fee.

The scary part is that both sites claim to have legitimate trading firms and employees of publicly traded companies as members. The potential danger of these markets cannot be underrated and I will write a more extensive post on them in the near future.

 For now, this is about as dark as the deep web gets. Of course, the dark web is far more evil, and the two do share some tenuous connections. Selling drugs, credit cards, and weapons can lead to or involve more serious criminal activity, and it is seems that some vendors serve as circuitous portals to more sinister dark web sites. That said, and despite all the risks inherent in purchasing in these markets, deep web markets will continue to thrive. Individual markets will come and go, Law enforcement will occasionally make high profile closures of certain markets to discourage their use. They may even infiltrate these markets to use them for gathering information on the buyers and sellers. Even if they don’t, they would like the participants to believe that this is possible. For these reasons,  paranoia will continue to exist. However, paranoia has never been enough to close these markets in the past and it won’t in the future. Like it or not, it has come to the point where deep web markets have become an established business model.



Posted in Uncategorized | Leave a comment