MYTH AND REALITY Of the Deep & Dark webs (net)

THE DEEP –DARK Presents New Insider Threats

“Where DRUGS, PORN & MURDER HIDE”

FBI ran 23 Dark Web child porn sites to gather visitor info 70% of GLOBAL CITIZENS say SHUT IT DOWN Reality- according to 2016 research SURFACE THE INTERNET:

DEEP

DARK ❖ The DEEP web are parts of the World Wide Web whose contents are not indexed by standard search engines & NO encryption needed ❖ The DARK web- NON-INDEXED PROTECTED AREAS OF THE INTERNET

A collection of >10K websites that use anonymity tools like and addresses ending in “.onion” You can find DRUGS and CHILD PORN Market places, The DARK WEB also allows Whistleblowers, Political Dissidents, Privacy Forums, and many other LEGAL activities, to be conducted privately. SURFACE WEB DEEP web

EVERYTHING ELSE The DARK web- NON-INDEXED ENCRYPTED AREAS OF THE INTERNET The DARK web- NON-INDEXED ENCRYPTED AREAS OF THE INTERNET HAVE YOU SURFED THE DEEP WEB? YES you have. _ HOTWIRE

U-R HERE HOTWIRE.COM find a room, flight, & car

U-R HERE

DARK WEB (mystolencard.onion to 3xyz123fgabzd.onion) Results are not available from Google

U-R HERE

DARK WEB (mystolencard.onion to 3xyz123fgabzd.onion) Now we know the difference Who’s Surfing the DARK WEB? Who's out there on the DARKWEB?

Over 3 Million a day Aug-Nov 2017 Dark Web Map

https://www.hyperiongray.com/dark-web-map/ WHAT Makes the DARK WEB Work?

42 MONEY, MONEY, AND MORE MONEY

INDIVIDUAL MARKET PLACES HAVE CLAIMED MORE THAN $50 MILLION A YEAR. Money Cryptocurrency Digital cash, created and held electronically, such as bitcoin and darkcoin, and the payment system Liberty Reserve provide a convenient system for users to spend money online while keeping their real-world identities hidden.

43 ❖ WHY CRYPTO CURRENCY (BITCOIN)

ANONOMOUS: Encrypted networks and hundreds of thousands of nodes provide confidentiality & anonymity.

JUDGEMENT FREE: SYSTEM DOESN’T CARE! WHO YOU ARE, WHERE YOU ARE, OR WHAT YOU BUY AND SELL

NO BORDERS: Stateless PEER TO PEER PAYMENT = NO MIDDLE MAN. NO COUNTRY NO GOVERNMENT

Global, and universal. Banking the Bankless & protecting privacy

THE ‘INTEGRITY’OF THE NETWORK IS PARAMOUNT FOR THE INFRASTRUCTURE. produced by people, and increasingly businesses, running computers all around the world, using software that solves mathematical problems. WHY- CRYPTO CURRENCIES Current Central Control

BANK LEDGER

TRUSTED 3RD PARTY Why Not like this?

PUBLIC BANK LEDGER Reality is more like this

BLOCKCHAIN

BLOCKCHAIN

BLOCKCHAIN

BLOCKCHAIN

BLOCKCHAIN BLOCKCHAIN The primary concern of the network is maintaining the accuracy and integrity of the ledgers Clients & Commodities ❖ Who are the clients? Hackers Terrorist Pornographers Drug dealers Mom, Pop & the kids!

49 Know thy enemy & what motivates them

CYBER MOTIVATIONS: OUR ADVERSARIES CAN BE ONE, MANY OR ALL AT THE SAME TIME. (THESE ARE NOT EXCLUSIVE) • Cyber Espionage-sabatoge: Patient, persistent and creative exploitation for strategic economic, political and military advantage • Cyber Crime: Extension of traditional criminal activity, focused on personal and financial datatheft ❖ Cyber Hacktivism:

Activist -seeking to influence opinion or reputation for specificcauses

• Cyber Warfare: Cyber operations that seek to destroy or degrade a target country’s capabilities • Cyber Terrorism: The convergence of cyberspace and terrorism, causing loss of life or severe economic damage

• Cyber Mischief: Arbitrary and / or amateur cyber threat “noise” on the Internet Espionage “APT-1” (PLA 61398) Chinese steal $600 Billion in IP every year. Gen. Alexander, Called it the largest transfer of wealth in history

F-35 Aegis combat system Patriot missiles Bio-medical Steel Industry

China's Sinovel Indicted in the United States for Stealing AMSC (American Super Conductor) Trade Secrets $1 billion in deliveries and damages. Influence Operations- Russia-China- ?

U.S. Responses to China’s Foreign Influence Operations: China’s foreign influence operations have been called ‘sharp power,’ differing from the traditional model of ‘soft power’ because they are covert and coercive. They are based not on China’s inherent attractiveness and persuasiveness, but on the Chinese Communist Party’s ability to control information and suppress criticism and competing ideas

Iran and North Korea have growing Cyber Capabilities and motivations. ENCRYPTION AND DARK APPS legal? Patriots? Traitors? Not all of our ENEMIES are Foreign hacktivist

LulzSec What is “Law Enforcement“ doing?

Nov 2017 Russia Bans VPNs and Anonymizers FBI DIRECTOR COMEY said “ the use of encryption is at the center of the TerroristTrade craft Prime Minister David Cameron spoke out about the danger of allowing smartphone apps that use end-to- end encryption.

WhatsApp was banned across Brazil, Saudi,China California and New York state legislators introduced a bills that would ban the retail sale of smartphones with that full-disk encryption feature Feinstein-Burr becomes law, it will be illegal to deploy strong encryption without key escrow maintained by each company.

The United Kingdom may soon introducelegislation that will ban encrypted messaging apps What do you think?

How do we address Technology like encryption? ❖ SO WHAT?

• BORDERLESS - OUR OCEANS DON’T PROTECT US

• INVISIBLE - CREATION OF HUGE BOTNET ARMIES UNDETECTED

• INSTANTANEOUS – IT HAPPENS OFTEN WITHOUT WARNING

• LOW COST – OUR NATIONAL ECONOMY WON THE COLD WAR

• STATELESS – NOT JUST NATION STATES

• STRATEGIC FRAGILITY – CONNECTING CRITICAL INFRASTRUCTURES

• CLUELESS – MOST CITIZENS FROM TOP TO BOTTOM “BLISSFUL”

Builds We have things to sell We have clients wanting to buy & We have an acceptable currency

How do they all come together? 50 How do they all come together?

BROWSER CHROME? DARKWEB FIREFOX? BROWSERS? EXPLORER?

50 TOR BROWSER THE ONION ROUTER TOR BROWSER ❖ encrypts traffic 3 times

relay 1

www.anywhere WEBSITE relay 3

relay 2 IP address ❖ List of all public keys For every relay in the

Client TOR network & TOR IP address

Browser www.anywhere ❖ approximately 8,000 “relays,” which are servers (owned by individuals, universities, and organizations) MY KNOWN DRUG DEALER 101 CRIMINAL LANE ANYTOWN, USA

Jane Brown 10 some street New York, NY

CD2AEC34XY112330040506 @ ONION ROUTER ANYWHERE IN THE WORLD WE HAVE A BROWSER HOW DO YOU FIND ANYTHING ON THE WEB? WE HAVE A BROWSER HOW DO YOU FIND ANYTHING ON THE WEB? GOOGLE YAHOO DUCKDUCKGO BING? ONION.TO

50 Careful what you search for You Might Just Find It

51 GRAMS

moonrocks

❖ Dark webs first distributed 57 Crunchy Dutch Moonrocks (molly)

58 PROFESSIONAL! Top Black Markets on Internet

Markets List & Availability Status ElHerbolario - 97.99% l33TER - 96.7% Top Markets! YourDrug - 90.6% - 71.02% The Church (JoR) - 94.68% Point / T•chka Free Market - 66.78% RechardSport - 98.7% Wall Street Market - 71.33% Dutch Magic - 95.35% Invite / Referral Markets Stoned100 - 95.64% AERO Market - 22.78% MUSHBUD - 88.76% Libertas Market (Monero Only) - 25.17% QualityKing - 92.93% Markets DutchDrugz - 99.35% The Majestic Garden - 77.24% Discussion Forums (Independent) Sourcery Market - 81.07% Darknet Avengers - 97.07% CGMC - 85.57% - 91.18% Berlusconi Market - 83.48% OnionLand - 98.33% RsClub Market - 64% Non-English Vendor Shops RuTor (Russian) - 98.14% Gammagoblin - 97.97% IDC (Italian) - 76.93% The French Connection - 98.14% WayAway (Russian) - 99.37% CharlieUK - 94.04% French Freedom Zone - 89.78% ToYouTeam - 92.86% French Deep Web - 98.91% EuroPills - 99.19% HYDRA (Russian) - 98.14% Fight Club - 97.27% Italian Deep Web - 96.05% The Good Guys

62 The Good Guys

Aug 2017 FBI unmasks Tor-using suspected child sextortionist on child exploitation site Charging only 137 of the over 200,000 members!

63 Playpen The Good Guys Privacy groups claim the FBI campaign against the Playpen child EXPLOITATION community violated international law. This site had over 215,000 PAYING members!

63 HACKER GAMES ☺ ❖ Not all DARK Web content is bad or illegal Researchers claim that 50% of the DARK web contents are legal (not necessarily moral) So what are some of these legitimate content in the Dark web? Freedom Of Press- Anonymous drops ❖ Cyber Anonymity The New Yorker’s Strongbox, which allows whistleblowers to securely and anonymously communicate with the magazine - is a Tor Hidden Service. I have nothing to hide I don’t need TOR or encrypted applications PRIVACYhttp://www.informationisbeautiful.net/visualizations/worlds AND IDENTITY -biggest-data-breaches-hacks/ PRIVACY AND IDENTITY can it get worse? So What? So What?

Our unfettered adoption of the convenience ushered in by the IoT brings with it the confluence of Cyber Vulnerabilities with real world threats that have catastrophic impacts. PRIVACY AND IDENTITY You are a target. You can no longer comfort yourself hiding in themasses. You now standout in the crowds of hundreds of millions.

General Michael Hayden, the former head of the NSA and CIA, stated “America is more secure—America is more safe—with unbreakable end-to-end encryption,” Former NSA/CIA chief,” CNBC, February 23, 2016. ❖ PRIVACY AND IDENTITY

Set the privacy settings on your social media sites. Know the capabilities of the IoT you have in your world Educate your family and friends Pay attention.

Bootable: OS from Air Force LPS-PUBLIC (SPI.dod.mil) DISA- bootable media (BOOTME) CAC required. Live OS like (default routes through TOR). Knobbix Kali linux ❖ WRAP UP Adversaries are using encrypted networks

Deep Web and Dark Web not the same

Crypto currency is anonymous and Stateless

Encrypted capabilities are a tool can be used for positive or negative

Encrypted applications are strong but not bullet proof What are your questions?