DOCSLIB.ORG

2020 ROA Conf Darkweb Prime

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

MYTH AND REALITY Of the Deep & Dark webs (net) Deep Web THE DEEP –DARK Dark Web Presents New Insider Threats “Where DRUGS, PORN & MURDER HIDE” FBI ran 23 Dark Web child porn sites to gather visitor info 70% of GLOBAL CITIZENS say SHUT IT DOWN Reality- according to 2016 research SURFACE THE INTERNET: DEEP DARK ❖ The DEEP web are parts of the World Wide Web whose contents are not indexed by standard search engines & NO encryption needed ❖ The DARK web- NON-INDEXED PROTECTED AREAS OF THE INTERNET A collection of >10K websites that use anonymity tools like Tor and addresses ending in “.onion” You can find DRUGS and CHILD PORN Market places, The DARK WEB also allows Whistleblowers, Political Dissidents, Privacy Forums, and many other LEGAL activities, to be conducted privately. SURFACE WEB DEEP web EVERYTHING ELSE The DARK web- NON-INDEXED ENCRYPTED AREAS OF THE INTERNET The DARK web- NON-INDEXED ENCRYPTED AREAS OF THE INTERNET HAVE YOU SURFED THE DEEP WEB? YES you have. _ HOTWIRE U-R HERE HOTWIRE.COM find a room, flight, & car U-R HERE DARK WEB (mystolencard.onion to 3xyz123fgabzd.onion) Results are not available from Google U-R HERE DARK WEB (mystolencard.onion to 3xyz123fgabzd.onion) Now we know the difference Who’s Surfing the DARK WEB? Who's out there on the DARKWEB? Over 3 Million a day Aug-Nov 2017 Dark Web Map https://www.hyperiongray.com/dark-web-map/ WHAT Makes the DARK WEB Work? 42 MONEY, MONEY, AND MORE MONEY INDIVIDUAL MARKET PLACES HAVE CLAIMED MORE THAN $50 MILLION A YEAR. Money Cryptocurrency Digital cash, created and held electronically, such as bitcoin and darkcoin, and the payment system Liberty Reserve provide a convenient system for users to spend money online while keeping their real-world identities hidden. 43 ❖ WHY CRYPTO CURRENCY (BITCOIN) ANONOMOUS: Encrypted networks and hundreds of thousands of nodes provide confidentiality & anonymity. JUDGEMENT FREE: SYSTEM DOESN’T CARE! WHO YOU ARE, WHERE YOU ARE, OR WHAT YOU BUY AND SELL NO BORDERS: Stateless PEER TO PEER PAYMENT = NO MIDDLE MAN. NO COUNTRY NO GOVERNMENT Global, and universal. Banking the Bankless & protecting privacy THE ‘INTEGRITY’OF THE NETWORK IS PARAMOUNT FOR THE INFRASTRUCTURE. produced by people, and increasingly businesses, running computers all around the world, using software that solves mathematical problems. WHY- CRYPTO CURRENCIES Current Central Control BANK LEDGER TRUSTED 3RD PARTY Why Not like this? PUBLIC BANK LEDGER Reality is more like this BLOCKCHAIN BLOCKCHAIN BLOCKCHAIN BLOCKCHAIN BLOCKCHAIN BLOCKCHAIN The primary concern of the network is maintaining the accuracy and integrity of the ledgers Clients & Commodities ❖ Who are the clients? Hackers Terrorist Pornographers Drug dealers Mom, Pop & the kids! 49 Know thy enemy & what motivates them CYBER MOTIVATIONS: OUR ADVERSARIES CAN BE ONE, MANY OR ALL AT THE SAME TIME. (THESE ARE NOT EXCLUSIVE) • Cyber Espionage-sabatoge: Patient, persistent and creative exploitation for strategic economic, political and military advantage • Cyber Crime: Extension of traditional criminal activity, focused on personal and financial datatheft ❖ Cyber Hacktivism: Activist -seeking to influence opinion or reputation for specificcauses • Cyber Warfare: Cyber operations that seek to destroy or degrade a target country’s capabilities • Cyber Terrorism: The convergence of cyberspace and terrorism, causing loss of life or severe economic damage • Cyber Mischief: Arbitrary and / or amateur cyber threat “noise” on the Internet Espionage “APT-1” (PLA 61398) Chinese steal $600 Billion in IP every year. Gen. Alexander, Called it the largest transfer of wealth in history F-35 Aegis combat system Patriot missiles Bio-medical Steel Industry China's Sinovel Indicted in the United States for Stealing AMSC (American Super Conductor) Trade Secrets $1 billion in deliveries and damages. Influence Operations- Russia-China- ? U.S. Responses to China’s Foreign Influence Operations: China’s foreign influence operations have been called ‘sharp power,’ differing from the traditional model of ‘soft power’ because they are covert and coercive. They are based not on China’s inherent attractiveness and persuasiveness, but on the Chinese Communist Party’s ability to control information and suppress criticism and competing ideas Iran and North Korea have growing Cyber Capabilities and motivations. ENCRYPTION AND DARK APPS legal? Patriots? Traitors? Not all of our ENEMIES are Foreign hacktivist LulzSec What is “Law Enforcement“ doing? Nov 2017 Russia Bans VPNs and Anonymizers FBI DIRECTOR COMEY said “ the use of encryption is at the center of the TerroristTrade craft Prime Minister David Cameron spoke out about the danger of allowing smartphone apps that use end-to- end encryption. WhatsApp was banned across Brazil, Saudi,China California and New York state legislators introduced a bills that would ban the retail sale of smartphones with that full-disk encryption feature Feinstein-Burr becomes law, it will be illegal to deploy strong encryption without key escrow maintained by each company. The United Kingdom may soon introducelegislation that will ban encrypted messaging apps What do you think? How do we address Technology like encryption? ❖ SO WHAT? • BORDERLESS - OUR OCEANS DON’T PROTECT US • INVISIBLE - CREATION OF HUGE BOTNET ARMIES UNDETECTED • INSTANTANEOUS – IT HAPPENS OFTEN WITHOUT WARNING • LOW COST – OUR NATIONAL ECONOMY WON THE COLD WAR • STATELESS – NOT JUST NATION STATES • STRATEGIC FRAGILITY – CONNECTING CRITICAL INFRASTRUCTURES • CLUELESS – MOST CITIZENS FROM TOP TO BOTTOM “BLISSFUL” Builds We have things to sell We have clients wanting to buy & We have an acceptable currency How do they all come together? 50 How do they all come together? BROWSER CHROME? DARKWEB FIREFOX? BROWSERS? EXPLORER? 50 TOR BROWSER THE ONION ROUTER TOR BROWSER ❖ encrypts traffic 3 times relay 1 www.anywhere WEBSITE relay 3 relay 2 IP address ❖ List of all public keys For every relay in the Client TOR network & TOR IP address Browser www.anywhere ❖ approximately 8,000 “relays,” which are servers (owned by individuals, universities, and organizations) MY KNOWN DRUG DEALER 101 CRIMINAL LANE ANYTOWN, USA Jane Brown 10 some street New York, NY CD2AEC34XY112330040506 @ ONION ROUTER ANYWHERE IN THE WORLD WE HAVE A BROWSER HOW DO YOU FIND ANYTHING ON THE WEB? WE HAVE A BROWSER HOW DO YOU FIND ANYTHING ON THE WEB? GOOGLE YAHOO GRAMS DUCKDUCKGO AHMIA BING? ONION.TO 50 Careful what you search for You Might Just Find It 51 GRAMS moonrocks ❖ Dark webs first distributed search engine 57 Crunchy Dutch Moonrocks (molly) 58 PROFESSIONAL! Top Black Markets on Internet Markets List & Availability Status ElHerbolario - 97.99% l33TER - 96.7% Top Markets! YourDrug - 90.6% Dream market - 71.02% The Church (JoR) - 94.68% Point / T•chka Free Market - 66.78% RechardSport - 98.7% Wall Street Market - 71.33% Dutch Magic - 95.35% Invite / Referral Markets Stoned100 - 95.64% AERO Market - 22.78% MUSHBUD - 88.76% Libertas Market (Monero Only) - 25.17% QualityKing - 92.93% Markets DutchDrugz - 99.35% The Majestic Garden - 77.24% Discussion Forums (Independent) Sourcery Market - 81.07% Darknet Avengers - 97.07% CGMC - 85.57% The HUB - 91.18% Berlusconi Market - 83.48% OnionLand - 98.33% RsClub Market - 64% Non-English Vendor Shops RuTor (Russian) - 98.14% Gammagoblin - 97.97% IDC (Italian) - 76.93% The French Connection - 98.14% WayAway (Russian) - 99.37% CharlieUK - 94.04% French Freedom Zone - 89.78% ToYouTeam - 92.86% French Deep Web - 98.91% EuroPills - 99.19% HYDRA (Russian) - 98.14% Fight Club - 97.27% Italian Deep Web - 96.05% The Good Guys 62 The Good Guys Aug 2017 FBI unmasks Tor-using suspected child sextortionist on child exploitation site PLAYPEN Charging only 137 of the over 200,000 members! 63 Playpen The Good Guys Privacy groups claim the FBI campaign against the Playpen child EXPLOITATION community violated international law. This site had over 215,000 PAYING members! 63 HACKER GAMES ☺ ❖ Not all DARK Web content is bad or illegal Researchers claim that 50% of the DARK web contents are legal (not necessarily moral) So what are some of these legitimate content in the Dark web? Freedom Of Press- Anonymous drops ❖ Cyber Anonymity The New Yorker’s Strongbox, which allows whistleblowers to securely and anonymously communicate with the magazine - is a Tor Hidden Service. I have nothing to hide I don’t need TOR or encrypted applications PRIVACYhttp://www.informationisbeautiful.net/visualizations/worlds AND IDENTITY -biggest-data-breaches-hacks/ PRIVACY AND IDENTITY can it get worse? So What? So What? Our unfettered adoption of the convenience ushered in by the IoT brings with it the confluence of Cyber Vulnerabilities with real world threats that have catastrophic impacts. PRIVACY AND IDENTITY You are a target. You can no longer comfort yourself hiding in themasses. You now standout in the crowds of hundreds of millions. General Michael Hayden, the former head of the NSA and CIA, stated “America is more secure—America is more safe—with unbreakable end-to-end encryption,” Former NSA/CIA chief,” CNBC, February 23, 2016. ❖ PRIVACY AND IDENTITY Set the privacy settings on your social media sites. Know the capabilities of the IoT you have in your world Educate your family and friends Pay attention. Bootable: OS from Air Force LPS-PUBLIC (SPI.dod.mil) DISA- bootable media (BOOTME) CAC required. Live OS like TAILS (default routes through TOR). Knobbix Kali linux ❖ WRAP UP Adversaries are using encrypted networks Deep Web and Dark Web not the same Crypto currency is anonymous and Stateless Encrypted capabilities are a tool can be used for positive or negative Encrypted applications are strong but not bullet proof What are your questions?.
Recommended publications
  • The Internet and Drug Markets

    The Internet and Drug Markets

    INSIGHTS EN ISSN THE INTERNET AND DRUG MARKETS 2314-9264 The internet and drug markets 21 The internet and drug markets EMCDDA project group Jane Mounteney, Alessandra Bo and Alberto Oteo 21 Legal notice This publication of the European Monitoring Centre for Drugs and Drug Addiction (EMCDDA) is protected by copyright. The EMCDDA accepts no responsibility or liability for any consequences arising from the use of the data contained in this document. The contents of this publication do not necessarily reflect the official opinions of the EMCDDA’s partners, any EU Member State or any agency or institution of the European Union. Europe Direct is a service to help you find answers to your questions about the European Union Freephone number (*): 00 800 6 7 8 9 10 11 (*) The information given is free, as are most calls (though some operators, phone boxes or hotels may charge you). More information on the European Union is available on the internet (http://europa.eu). Luxembourg: Publications Office of the European Union, 2016 ISBN: 978-92-9168-841-8 doi:10.2810/324608 © European Monitoring Centre for Drugs and Drug Addiction, 2016 Reproduction is authorised provided the source is acknowledged. This publication should be referenced as: European Monitoring Centre for Drugs and Drug Addiction (2016), The internet and drug markets, EMCDDA Insights 21, Publications Office of the European Union, Luxembourg. References to chapters in this publication should include, where relevant, references to the authors of each chapter, together with a reference to the wider publication. For example: Mounteney, J., Oteo, A. and Griffiths, P.
  • Fraud and the Darknets

    Fraud and the Darknets

    OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division Fraud And The Darknets Thomas Harper Assistant Special Agent in Charge Technology Crimes Division OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division What is an OIG? • Established by Congress • Independent agency that reports to Congress • Agency head appointed by the President and confirmed by Congress • Mission: protect the taxpayer’s interests by ensuring the integrity and efficiency of the associated agency OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division Technology Crimes Division • Investigate criminal cyber threats against the Department’s IT infrastructure, or • Criminal activity in cyber space that threatens the Department’s administration of Federal education assistance funds • Investigative jurisdiction encompasses any IT system used in the administration of Federal money originating from the Department of Education. OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division Work Examples • Grade hacking • Computer Intrusions • Criminal Forums online selling malware • ID/Credential theft to hijack Student Aid applications • Misuse of Department systems to obtain personal information • Falsifying student aid applications by U.S. government employees • Child Exploitation material trafficking OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division Fraud and the Darknets Special Thanks to Financial Crimes Enforcement Network (FINCEN) OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division Fraud and the Darknets OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division OFFICE OF THE INSPECTOR GENERAL U.S.
  • Social Media Investigations Within the Dark Web About the Presenters

    Social Media Investigations Within the Dark Web About the Presenters

    Social Media Investigations Within the Dark Web About the presenters Joe Church Founder & Owner Digital Shield, Incorporated Ashley Luna Product Manager X1 John Patzakis Executive Chairman X1 Agenda • X1 Overview • Digital Shield Overview • Introduction to the Dark Web • Accessing the Dark Web • Dark Web Collection Demo • Interactive Q&A X1 Social Discovery • Designed for investigative professionals to collect social posts, website content, webmail, and YouTube videos and other social media types all from within a single user interface. • Supports the simultaneous collection of content and metadata • Legally defensible collections that preserve chain of custody. • Build on X1’s patented & proven fast-as-you-type search technology Presenter Background • Joe Church – Digital Shield, Inc. • Prior LE/Federal LE • Private Business • Litigation Support • State/Federal/International Testimony • Case Work • Leading Technology • Course Development • Major Vendors Internet Layers Surface Web • Also called: ▫ World Wide Web ▫ Clearnet ▫ Visible Web • Topmost level of the web, searchable by surface crawlers ▫ Examples: Bing, Google, Yahoo Deep Web • Also called: ▫ Deepnet ▫ Invisible Web ▫ Hidden Web • Second level of the web • Cannot be reached by traditional search engines Dark Web • Also called: ▫ Darknet • Small portion of the Internet that is intentionally hidden ▫ Restricted, encrypted, and not fully indexed ▫ Often associated with criminal activity ▫ Originally developed by US military researches Dark Web • Creates an Overlay Network, a new
  • Open Secrecy: How Police Crackdowns and Creative Problem-Solving Brought Illegal Markets out of the Shadows

    Open Secrecy: How Police Crackdowns and Creative Problem-Solving Brought Illegal Markets out of the Shadows

    Open Secrecy 1 Downloaded from https://academic.oup.com/sf/advance-article-abstract/doi/10.1093/sf/soz140/5805358 by National University of Singapore user on 17 March 2020 March 17 on user Singapore of University National by https://academic.oup.com/sf/advance-article-abstract/doi/10.1093/sf/soz140/5805358 from Downloaded Open Secrecy Open Secrecy: How Police Crackdowns and Creative Problem-Solving Brought Illegal Markets out of the Shadows Isak Ladegaard, University of Illinois at Urbana-Champaign, Monash University an organized illegal activities grow stronger and more advanced in response to legal pressure? In October 2013, the FBI shut down Silk Road, a thriving C e-commerce market for illegal drugs. After the shock, market actors adopted a new identity verification method that enabled mass-migration to other markets, and created websites for information distribution that reduced post-shock uncertainties. The outcome was a decentralized market in which actors could operate in “open secrecy” across multiple websites. With verifiable pseudonyms and securely obfus- cated real-world identities, actors could publicly discuss, plan, and participate in illegal activities. Threats from police and opportunistic criminals persisted but were no longer crippling concerns as buyers and sellers could reasonably expect that their exchange partners would be available for future business; the illegal market could operate more like a legal one. Drawing on quantitative and qualitative data, the author argues that advances in information technology have expanded the opportunity structure for cooperation and creative problem-solving in the underworld, and therefore that shocks did not hinder but rather stimulate development in digital drug markets.
  • An Investigative Study of Cryptocurrency Abuses in the Dark Web

    An Investigative Study of Cryptocurrency Abuses in the Dark Web

    Cybercriminal Minds: An investigative study of cryptocurrency abuses in the Dark Web Seunghyeon Leeyz Changhoon Yoonz Heedo Kangy Yeonkeun Kimy Yongdae Kimy Dongsu Hany Sooel Sony Seungwon Shinyz yKAIST zS2W LAB Inc. {seunghyeon, kangheedo, yeonk, yongdaek, dhan.ee, sl.son, claude}@kaist.ac.kr {cy}@s2wlab.com Abstract—The Dark Web is notorious for being a major known as one of the major drug trading sites [13], [22], and distribution channel of harmful content as well as unlawful goods. WannaCry malware, one of the most notorious ransomware, Perpetrators have also used cryptocurrencies to conduct illicit has actively used the Dark Web to operate C&C servers [50]. financial transactions while hiding their identities. The limited Cryptocurrency also presents a similar situation. Apart from coverage and outdated data of the Dark Web in previous studies a centralized server, cryptocurrencies (e.g., Bitcoin [58] and motivated us to conduct an in-depth investigative study to under- Ethereum [72]) enable people to conduct peer-to-peer trades stand how perpetrators abuse cryptocurrencies in the Dark Web. We designed and implemented MFScope, a new framework which without central authorities, and thus it is hard to identify collects Dark Web data, extracts cryptocurrency information, and trading peers. analyzes their usage characteristics on the Dark Web. Specifically, Similar to the case of the Dark Web, cryptocurrencies MFScope collected more than 27 million dark webpages and also provide benefits to our society in that they can redesign extracted around 10 million unique cryptocurrency addresses for Bitcoin, Ethereum, and Monero. It then classified their usages to financial trading mechanisms and thus motivate new business identify trades of illicit goods and traced cryptocurrency money models, but are also adopted in financial crimes (e.g., money flows, to reveal black money operations on the Dark Web.
  • Monitoring the Dark Web and Securing Onion Services

    Monitoring the Dark Web and Securing Onion Services

    City University of New York (CUNY) CUNY Academic Works Publications and Research Queensborough Community College 2017 Monitoring the Dark Web and Securing Onion Services John Schriner CUNY Queensborough Community College How does access to this work benefit ou?y Let us know! More information about this work at: https://academicworks.cuny.edu/qb_pubs/41 Discover additional works at: https://academicworks.cuny.edu This work is made publicly available by the City University of New York (CUNY). Contact: [email protected] Monitoring the Dark Web Schriner 1 John Schriner Monitoring the Dark Web Contrary to what one may expect to read with a title like Monitoring the Dark Web, this paper will focus less on how law enforcement works to monitor hidden web sites and services and focus more on how academics and researchers monitor this realm. The paper is divided into three parts: Part One discusses Tor research and how onion services work; Part Two discusses tools that researchers use to monitor the dark web; Part Three tackles the technological, ethical, and social interests at play in securing the dark web. Part One: Tor is Research-Driven Tor (an acronym for 'the onion router' now stylized simply 'Tor') is an anonymity network in which a user of the Tor Browser connects to a website via three hops: a guard node, a middle relay, and an exit node. The connection is encrypted with three layers, stripping a layer at each hop towards its destination server. No single node has the full picture of the connection along the circuit: the guard knows only your IP but not where the destination is; the middle node knows the guard and the exit node; the exit node knows only the middle node and the final destination.
  • The Tor Dark Net

    The Tor Dark Net

    PAPER SERIES: NO. 20 — SEPTEMBER 2015 The Tor Dark Net Gareth Owen and Nick Savage THE TOR DARK NET Gareth Owen and Nick Savage Copyright © 2015 by Gareth Owen and Nick Savage Published by the Centre for International Governance Innovation and the Royal Institute of International Affairs. The opinions expressed in this publication are those of the authors and do not necessarily reflect the views of the Centre for International Governance Innovation or its Board of Directors. This work is licensed under a Creative Commons Attribution — Non-commercial — No Derivatives License. To view this license, visit (www.creativecommons.org/licenses/by-nc- nd/3.0/). For re-use or distribution, please include this copyright notice. 67 Erb Street West 10 St James’s Square Waterloo, Ontario N2L 6C2 London, England SW1Y 4LE Canada United Kingdom tel +1 519 885 2444 fax +1 519 885 5450 tel +44 (0)20 7957 5700 fax +44 (0)20 7957 5710 www.cigionline.org www.chathamhouse.org TABLE OF CONTENTS vi About the Global Commission on Internet Governance vi About the Authors 1 Executive Summary 1 Introduction 2 Hidden Services 2 Related Work 3 Study of HSes 4 Content and Popularity Analysis 7 Deanonymization of Tor Users and HSes 8 Blocking of Tor 8 HS Blocking 9 Conclusion 9 Works Cited 12 About CIGI 12 About Chatham House 12 CIGI Masthead GLOBAL COMMISSION ON INTERNET GOVERNANCE PAPER SERIES: NO. 20 — SEPTEMBER 2015 ABOUT THE GLOBAL ABOUT THE AUTHORS COMMISSION ON INTERNET Gareth Owen is a senior lecturer in the School of GOVERNANCE Computing at the University of Portsmouth.
  • Deep Web for Journalists: Comms, Counter-Surveillance, Search

    Deep Web for Journalists: Comms, Counter-Surveillance, Search

    Deep Web for Journalists: Comms, Counter-surveillance, Search Special Complimentary Edition for Delegates attending the 28th World Congress of the International Federation of Journalists * By Alan Pearce Edited by Sarah Horner * © Alan Pearce June 2013 www.deepwebguides.com Table of Contents Introduction by the International Federation of Journalists A Dangerous Digital World What is the Deep Web and why is it useful to Journalists? How Intelligence Gathering Works How this affects Journalists 1 SECURITY ALERT . Setting up Defenses 2 Accessing Hidden Networks . Using Tor . Entry Points 3 Secure Communications . Email . Scramble Calls . Secret Messaging . Private Messaging . Deep Chat . Deep Social Networks 4 Concealed Carry 5 Hiding Things . Transferring Secret Data . Hosting, Storing and Sharing . Encryption . Steganography – hiding things inside things 6 Smartphones . Counter-Intrusion . 007 Apps 7 IP Cameras 8 Keeping out the Spies . Recommended Free Programs . Cleaning Up . Erasing History . Alternative Software Share the Knowledge About the Authors Foreword by the International Federation of Journalists Navigating the Dangerous Cyber Jungle Online media safety is of the highest importance to the International Federation of Journalists. After all, the victims are often our members. The IFJ is the world’s largest organization of journalists and our focus is on ways and means to stop physical attacks, harassment and the killing of journalists and media staff. In an age where journalism – like everything else in modern life – is dominated by the Internet, online safety is emerging as a new front. In this new war, repressive regimes now keep a prying eye on what journalists say, write and film. They want to monitor contacts and they want to suppress information.
  • How Do Tor Users Interact with Onion Services?

    How Do Tor Users Interact with Onion Services?

    How Do Tor Users Interact With Onion Services? Philipp Winter Anne Edmundson Laura M. Roberts Princeton University Princeton University Princeton University Agnieszka Dutkowska-Zuk˙ Marshini Chetty Nick Feamster Independent Princeton University Princeton University Abstract messaging [4] and file sharing [15]. The Tor Project currently does not have data on the number of onion Onion services are anonymous network services that are service users, but Facebook reported in 2016 that more exposed over the Tor network. In contrast to conventional than one million users logged into its onion service in one Internet services, onion services are private, generally not month [20]. indexed by search engines, and use self-certifying domain Onion services differ from conventional web services names that are long and difficult for humans to read. In in four ways; First, they can only be accessed over the Tor this paper, we study how people perceive, understand, and network. Second, onion domains are hashes over their use onion services based on data from 17 semi-structured public key, which make them difficult to remember. Third, interviews and an online survey of 517 users. We find that the network path between client and the onion service is users have an incomplete mental model of onion services, typically longer, increasing latency and thus reducing the use these services for anonymity and have varying trust in performance of the service. Finally, onion services are onion services in general. Users also have difficulty dis- private by default, meaning that users must discover these covering and tracking onion sites and authenticating them. sites organically, rather than with a search engine.
  • From Dealer to Doorstep – How Drugs Are Sold on the Dark Net Alois Afilipoaie and Patrick Shortis

    From Dealer to Doorstep – How Drugs Are Sold on the Dark Net Alois Afilipoaie and Patrick Shortis

    GDPO Situation Analysis June 2015 From Dealer to Doorstep – How Drugs Are Sold On the Dark Net Alois Afilipoaie and Patrick Shortis Subject The growing trade in narcotics being sold over the Tor Dark Net is causing academics, law enforcement and policy makers to reassess the impact of ICT technology on real-world crime. Despite growing media attention there are many misconceptions about the difficulty involved and technical knowledge required to participate in these markets and successfully make a sale or purchase. This Situation Analysis aims to explain some of the common practices that vendors and customers alike undertake in order to conduct a secure purchase or sale. The Common Starting Point: Computer Security Regardless of buying or selling, both parties must first ensure their computer system is properly secure before engaging in illicit activity. An average internet user leaves data trails that law enforcement can follow and therefore understanding how to obfuscate or remove these trails altogether is a constant concern of Dark Net market participants. Tor1, Bitcoin2 and PGP (Pretty Good Encryption) 3 encryption are three key technologies that allow successful participation in Dark Net markets. • Tor - Makes tracking a user via their IP address very difficult by bouncing encrypted data through relays prior to their intended destination. • Bitcoin - Allows members to use a currency that is difficult to trace to a real-world identity and easy to launder online. • PGP - Allows messages that might be intercepted by third parties to remain unreadable by anyone who is not the intended recipient of the message, rendering attempts to intercept and read messages between users extremely difficult.
  • The Zeitgeist of Darknet OWASP Czech Chapter Meeting 14Th November 2018

    The Zeitgeist of Darknet OWASP Czech Chapter Meeting 14Th November 2018

    The Zeitgeist of Darknet OWASP Czech Chapter Meeting 14th November 2018 Ing. Martin Klubal Senior IT Security Specialist [email protected] Content ▪ Terminology ▪ Tor News in 2018 – Next Gen Onion Services – Tor Browser for Android ▪ Statistics ▪ Vulnerabilities ▪ Seizure & Conviction ▪ Popular Hidden Services ▪ DEMO: Tor Real Hacking 14th November 2018 The Zeitgeist of Darknet 2/26 Terminology ▪ Clearnet/Surface web – https://www.google.com/ – http://crdclub.su/ ▪ Darkweb (Darknet) – Hidden Wiki – Silk Road ▪ Deepweb – Invite Only Sites 14th November 2018 The Zeitgeist of Darknet 3/26 Next Gen Onion Services aka prop224 ▪ Better crypto ▪ Improved directory protocol ▪ Better onion address security against impersonation ▪ More extensible introduction/rendezvous protocol ▪ A cleaner and more modular codebase ▪ Onion v3 Addresses – 56 characters long vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion 14th November 2018 The Zeitgeist of Darknet 4/26 Tor Browser for Android ▪ Google Play (Alpha) https://play.google.com/store/apps/details?id=org.torproject.torbrowser_alpha ▪ Alternatives – Orfox (don‘t use anymore) – Onion Browser (iOS) 14th November 2018 The Zeitgeist of Darknet 5/25 Statistics ▪ Atlas – List of relays – https://atlas.torproject.org/ 14th November 2018 The Zeitgeist of Darknet 6/26 Statistics 14th November 2018 The Zeitgeist of Darknet 7/26 Statistics 14th November 2018 The Zeitgeist of Darknet 8/26 Statistics 14th November 2018 The Zeitgeist of Darknet 9/26 Statistics ▪ Top 10 countries by relay users in 2018
  • Classifying Illegal Activities on Tor Network Based on Web Textual Contents Mhd Wesam Al Nabki1,2, Eduardo Fidalgo1,2, Enrique Alegre1,2, and Ivan De Paz1,2

    Classifying Illegal Activities on Tor Network Based on Web Textual Contents Mhd Wesam Al Nabki1,2, Eduardo Fidalgo1,2, Enrique Alegre1,2, and Ivan De Paz1,2

    Classifying Illegal Activities on Tor Network Based on Web Textual Contents Mhd Wesam Al Nabki1,2, Eduardo Fidalgo1,2, Enrique Alegre1,2, and Ivan de Paz1,2 1Department of Electrical, Systems and Automation, University of Leon,´ Spain 2 Researcher at INCIBE (Spanish National Cybersecurity Institute), Leon,´ Spain mnab, eduardo.fidalgo, ealeg, ivan.paz.centeno @unileon.es { } Abstract indexed by the standard search engines, such as Google or Bing. However, despite their existence, The freedom of the Deep Web offers a there is still an enormous part of the web remained safe place where people can express them- without indexing due to its vast size and the lack selves anonymously but they also can of hyperlinks, i.e. not referenced by the other web conduct illegal activities. In this pa- pages. This part, that can not be found using a per, we present and make publicly avail- search engine, is known as Deep Web (Noor et 1 able a new dataset for Darknet active do- al., 2011; Boswell, 2016). Additionally, the con- mains, which we call it ”Darknet Usage tent might be locked and requires human interac- Text Addresses” (DUTA). We built DUTA tion to access e.g. to solve a CAPTCHA or to en- by sampling the Tor network during two ter a log-in credential to access. This type of web months and manually labeled each ad- pages is referred to as ”database-driven” websites. dress into 26 classes. Using DUTA, Moreover, the traditional search engines do not ex- we conducted a comparison between two amine the underneath layers of the web, and con- well-known text representation techniques sequently, do not reach the Deep Web.