The Dark Web
Total Page:16
File Type:pdf, Size:1020Kb
Jason McNew – Founder • 20+ years in the tech sector and IT • Air Force Veteran • 12 years at the White House Communications Agency • 10 years at Camp David • Held “Yankee White” security clearance • CISSP (Certified Information Systems Security Professional) • Master of Professional Studies (MPS) from Penn State – Information Sciences, Cyber Security & Information Assurance © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved What is Cyber Security? Cyber security is the body of technologies, processes and practices designed to protect computers, handheld and other Internet connected devices, networks, programs and data from attack, damage, or unauthorized access. © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved What is Cyber Security? Cyber security is about managing risk. For most businesses, security is a cost center, so security only makes sense to the extent that it reduces business risk or saves money. © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved What is the “Dark Web”? • Underlying concept & core technology developed by U.S. NRL (Naval Research Lab) in 1990’s • Was intended as a way to provide anonymity on the Internet for journalists, human rights activists, etc. who live or operate under censorship • Product of that time period – USSR still existed. Internet version of RFE • Most popular dark network is known as “TOR” (The Onion Router) • TOR is maintained by The Tor Project, Inc – Mass. Based 501c3 © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved What is the “Dark Web”? • TOR code is open source • TOR is not the only anonymizing network in existence • I2P, Freenet, GNUNet, Lantern • This cat is not going back in the bag © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved https://www.torproject.org/about/overview.html.en © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved https://www.torproject.org/about/overview.html.en © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved https://www.torproject.org/about/overview.html.en © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved What does all this mean to me? • Information is commoditized, and then bought and sold on the Dark Web • Identities -- PII • Login accounts, usernames & passwords © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved What does all this mean to me? http://securityaffairs.co/wordpress/66650/data-breach/1-4-billion-data-leak.html © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved What does all this mean to me? http://securityaffairs.co/wordpress/66650/data-breach/1-4-billion-data-leak.html © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved Value Of A Hacked PC https://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/ © Copyright 2018, Stronghold Cyber Security, LLC. All rights reserved Value of stolen data © Copyright 2018, Stronghold Cyber Security, LLC. All rights reserved Value of stolen data © Copyright 2018, Stronghold Cyber Security, LLC. All rights reserved Value of stolen data © Copyright 2018, Stronghold Cyber Security, LLC. All rights reserved © Copyright 2018, Stronghold Cyber Security, LLC. All rights reserved Value of stolen data “Among tens of thousands of records in the Grams data, we were able to identify more than 600 listings for individual identities— some including credit card information, others without. The listings ranged in price from less than $1 to about $450, converted from bitcoin. The median price for someone’s identity was $21.35.” © Copyright 2018, Stronghold Cyber Security, LLC. All rights reserved https://krebsonsecurity.com/2017/12/the-market-for-stolen-account-credentials/ © Copyright 2018, Stronghold Cyber Security, LLC. All rights reserved What do we do? • “Defense in Depth” – cyber security best practices. Create an SSP (System Security Plan) based off NIST CSF (Cybersecurity Framework) or relevant parts of NIST 800 • DO NOT repurpose login information across Internet resources • Use passphrases, and change them regularly • Better yet, use 2FA/MFA © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved “Classify” your passwords by their importance, and your own tolerance for risk https://www.strongholdcybersecurity.com/2017/11/13/the- password-pandemic/ © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved Use long, weird, easy to remember and easy to type passphrases instead of passwords https://www.strongholdcybersecurity.com/2017/12/05/create- awesome-passphrases/ © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved Scan Results for Attendees We found credentials for 10 of the companies in attendance here today on the Dark Web. Please see me after the presentation and I will provide those results to you. © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved Questions? © Copyright 2019, Stronghold Cyber Security, LLC. All rights reserved.