1(630)802-8605 Ravi.das@bn-inc.net

A funny things happened to me this morning.  As I was checking my  email, I got a message from PayPal stating that by June 30th, all web browsers need to be updated or upgraded. This includes all platforms, ranging from wireless to desktop.  So, this would include the likes of Windows, Linux, iOS, Android, as well as all browsers which include Explorer, Firefox, Safari, Chrome, and Edge.

I fact, here is the message below:

————————————————————————————————————————————————————————

If your browser does not meet new security standards for websites (like PayPal) that hold payment data, you’ll need to update it to continue accessing paypal.com after June 30th.

Check your desktop browser to see if it’s up-to-date
Click here to test your browser.

  • If you see a message that says:“PayPal_Connection_OK” your browser is up-to-date and no further action is needed.
  • If you have an outdated browser you’ll see this message: “ERROR! Connection is using TLS version lesser than 1.2. Please use TLS1.2”.

Instructions to update your desktop computer browser
Each browser has different steps required for upgrading. Follow the links below for instructions on updating your browser.

Internet Explorer- https://support.microsoft.com/en-us/help/17621/internet-explorer-downloads

Edge- Microsoft Edge is part of an operating system and can’t be separately updated. It’s updated through regular windows updates.

Mozilla Firefox (Windows & Mac)- https://www.mozilla.org/en-US/firefox/

Chrome (Windows & Mac)- https://www.google.com/chrome/

Sarari (Mac)- https://support.apple.com/downloads/safari

Safari (Windows)- https://support.apple.com/downloads/safari-for-windows

Instructions to update mobile device browsers

Follow the steps below to be sure you have the most up to date mobile browser.

iOS

  1. Open the App Store app on mobile device.
  2. Search for the web browser.
  3. Click Update.

Android

  1. Open Google Play app on your mobile device.
  2. Search for the web browser.
  3. Click Update.

Windows

  1. Open the Microsoft Store app on your mobile device.
  2. Search for the web browser.
  3. Click Update.

————————————————————————————————————————————————————————-At first to me, it looked like a Phishing E-Mail of sorts.  So checked for any misspellings, awkward links, etc.  Everything looked on my end.  I also carefully checked the E-Mail addresses, and that looked OK also.  I was going to give PayPal a call to see if this was truly an authentic message.  I have called them before on numerous occasions, and you can be put on hold literally for hours on end.

So in order to make sure that this E-Mail message was truly genuine, I logged into my account, and lo and behold, there was the exact same message.  So I figured, OK, this has to be real, so I checked my browser, and it seems that all is fine.

The only assurance that I had was that this was real is that PayPal runs their site using the HTTPS network protocol, and nobody else knows my password (well, knock on wood).  Apparently, this action taken by PayPal was to ensure coming into compliance with TLS 1.2, which is mandated by the PCI.

But, this brings up an entire related topic as well, something I have not written about yet.  This is known as the “Dark Web”.  When we use the Internet everyday, we see everything that is publicly available to us, and even private, assuming we have the correct login information (primarily the username/password/challenge and answer, etc.).

But beneath what we see every day in both our professional and personal lives lurks a much more sinister side of the Internet, and this is known as the “Dark Web”.  It can be defined specifically as follows:

“Simply, the Dark Web is the internet. It’s sites and pages on the internet that are hidden from public view . . . It’s where criminals sell illegal drugs, launder money and commit other crimes, often with little or no repercussions. It’s a place where hackers buy your stolen credit card credentials and IDs. The Dark Web is not a place you want to visit without a solid understanding of what it is and what you’re getting yourself into.”  (SOURCE:  https://www.komando.com/tips/402350/what-the-dark-web-is-and-how-to-access-it).

In fact, it is not that hard to access either.  All you need is a couple of downloadable software packages, and access to a Virtual Private Network. Yes, I will share all of this in a future blog (perhaps even this weekend, so stay tuned).  To get more detail and information on the Dark Web, I wrote an article for a client last year about it.  It can be accessed here:

http://biometricnews.net/wp-content/uploads/2017/04/Go_Certify_Dark_Web_Article.pdf

But for the sake of today’s blog, I wanted illustrate just how sinister this thing can get.  Apparently, a 28 year od mother, based out  of France, has reportedly been charged with running “Black Hand”, the notorious site on the dark web where narcotics, weapons and stolen data have been bought and sold. This was one of the largest  market places on the dark web – that put up an entire array  of illegal goods and services for sale for over two years.

The server that actually hosted this site and all of the illegal funds that were generated by this marketplace were also seized by French authorities as well.  The suspect was arrested at her home, in Armentières, near Lille, in France.  Apparently, this woman went by with two different aliases, known as “Anouchka” and “Hades.”  She had no job or criminal record and appeared to live an ordinary life.  There was no evidence what so ever that she was leading a lavish and posh lifestyle.

The woman made on average a cut of 3%-5% of every business transaction that was conducted, and there were also other suspects that have been involved in this scheme, and they all have been arrested as well.  It is also reported that there were more than 3,000 customers that purchased products and services from this website.

These arrests also came on the heel of a massive Dark Web crackdown by French authorities.  Just recently, a 36-year-old Frenchman who went by the alias OxyMonster, pleaded guilty to selling drugs on Dream Market, which was located on the Dark Web as well.

My thoughts on this? When I read this, it totally astounded me.  I knew that the Dark Web existed, and was used for illegal purposes, but I didn’t realize it was to this extent.  Heck, there is probably a more things worse going that we just  don’t about.  This also proves another point – you never know who is a Cyber attacker any more.  For instance, it could be the “plainest of the Plain Janes” out there, as this story illustrates.

But, it drives home something I have written about before . . . always report anything suspicious to the law enforcement officials.  The people who lead Insider Attacks are the least suspecting of individuals whom lead every day, normal lives.