DOCSLIB.ORG

Van De Laarschot and Rolf Van Wegberg, Delft University of Technology

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Van De Laarschot and Rolf Van Wegberg, Delft University of Technology Risky Business? Investigating the Security Practices of Vendors on an Online Anonymous Market using Ground-Truth Data Jochem van de Laarschot and Rolf van Wegberg, Delft University of Technology https://www.usenix.org/conference/usenixsecurity21/presentation/van-de-laarschot This paper is included in the Proceedings of the 30th USENIX Security Symposium. August 11–13, 2021 978-1-939133-24-3 Open access to the Proceedings of the 30th USENIX Security Symposium is sponsored by USENIX. Risky Business? Investigating the Security Practices of Vendors on an Online Anonymous Market using Ground-Truth Data Jochem van de Laarschot Rolf van Wegberg Delft University of Technology Delft University of Technology Abstract However, there are numerous indications in earlier work that cybercriminals do not always achieve maximum security. Cybercriminal entrepreneurs on online anonymous markets Due to competing business incentives, criminals may turn rely on security mechanisms to thwart investigators in at- to insecure practices that ease transacting illegal products or tributing their illicit activities. Earlier work indicates that – services. Here, we witness an inevitable trade-off between despite the high-risk criminal context – cybercriminals may enhanced security and improved efficiency of operations [42]. turn to poor security practices due to competing business ‘Perfect security’ therefore, is not economically viable. Like incentives. This claim has not yet been supported through in the legitimate economy [54], security in the underground empirical, quantitative analysis on ground-truth data. In this economy comes at a cost [53]. This leads us to wonder how paper, we investigate the security practices on Hansa Mar- prevalent poor security practices (or: “insecure practices”) ket (2015-2017) and measure the prevalence of poor security among online anonymous market vendors actually are. practices across the vendor population (n = 1;733). While in earlier work attempts have been made to quan- We create ‘vendor types’ based on latent profile analysis, tify insecure practices of cybercriminals trading in the un- clustering vendors that are similar regarding their experience, derground economy, these only focus on a single, specific activity on other markets, and the amount of physical and dig- mechanism – e.g., PGP-adoption [49], consistent VPN us- ital items sold. We then analyze how these types of vendors age [50] and the reuse of usernames and/or PGP-keys across differ in their security practices. To that end, we capture their different markets [59]. Moreover, it remains unknown who are password strength and password uniqueness, 2FA usage, PGP behaving insecurely most often and we are left completely in adoption and key strength, PGP-key reuse and the traceability the dark regarding why. All of these security mechanisms are of their cash-out. We find that insecure practices are prevalent designed and implemented to compromise the availability or across all types of vendors. Yet, between them large differ- usefulness of evidence to the forensic process [24]. Here, we ences exist. Rather counter-intuitively, Hansa Market vendors should acknowledge that some market-based security mech- that sell digital items – like stolen credit cards or malware – anisms apply to every vendor. Rules, policies, content mod- resort to insecure practices more often than vendors selling eration, account verification and the mandatory use of cryp- drugs. We discuss possible explanations, including that ven- tocurrencies and Tor-routing are examples of mechanisms that dors of illicit digital items may perceive their risk to be lower are imposed and enforced by the market [2,7, 22, 62]. These than vendors of illicit physical items. mechanisms make up a form of ‘extra-legal governance’ that contributes to a more secure and trustworthy trading environ- 1 Introduction ment [13,34]. Still, not all security mechanisms are introduced by the market administrators. Cybercriminals deploy security mechanisms that are intended In this paper, we focus on specifically these mechanisms, as to hinder investigators in their attribution efforts, making it dif- only unimposed practices can differ between vendors. To be ficult to link cybercriminal activity in the underground econ- precise, we analyze their password strength, password unique- omy to an identity, location or machine [14,64]. Since ‘opera- ness, 2FA-usage, PGP-key adoption and key-strength, reuse tional security’ (OPSEC) techniques are frequently shared in of PGP-keys over multiple markets and the traceability of the underground community [4, 56] and given the increasing their cash-out to bitcoin exchanges. We capture these prac- amount of law enforcement scrutiny [15], we should expect tices on a single market – Hansa Market, which was active that among cybercriminal entrepreneurs on online anonymous from late 2015 to mid 2017. Seized data originating from the markets, poor security practices are rarely present. web server that hosted the market, has been made available USENIX Association 30th USENIX Security Symposium 4079 to us by Dutch law enforcement. We combine the back-end time that Silk Road was active, it made its mark on the ecosys- database with three other data sources to measure the preva- tem as other initiatives successfully copy its business model to lence of poor security practices across the vendor population. this day [49]. A decade later, some industry reports estimate In short, we make the following contributions: the yearly revenue of all online anonymous markets combined, to be more than $790 million worth in cryptocurrencies [6]. • We present the first empirical, quantitative analysis lever- First, predominantly illegal narcotics and prescription drugs aging unique ground-truth data to investigate vendor were transacted on these marketplaces [7]. Nowadays, they security practices on an online anonymous market. also serve as one-stop shops for digital items – ranging from stolen credit cards to ransomware toolkits [58]. • We measure the prevalence of poor security practices across different types of vendors on Hansa Market. For For those offering illicit substances or cybercrime items, instance, we uncover that almost 40% of all vendors online anonymous markets are attractive platforms to conduct (n = 1;733) did not enable 2FA and find that at least their business on. The platforms provide contractual safe- 10% of vendors cash-out directly to mainstream bitcoin guards – like an escrow and review system – and anonymity exchanges. Poor practices are also observed among the enhancing functionalities that are superior to their alterna- most successful vendors. tives [49, 58]. On top of that, vendors can employ additional security practices – ranging from authentication mechanism • We demonstrate that poor security practices do not occur to obfuscating cash-out techniques. But, which practice makes at random. Rather counter-intuitively, vendors on Hansa perfect? Market selling digital cybercrime items are more likely In this paper we aim to investigate which types of vendors to have insecure practices than vendors selling physical pay more attention to their security than others. Thus, the items – e.g., drugs. security practices that the market imposes on all vendors, are not of our interest. Rather, we focus on the security practices • We discuss possible explanations for our findings, includ- that may differ between individuals. Leveraging earlier ing that the perceived risk of transacting illicit digital advances into ‘deviant security’ 1, we take the following six items may be lower than the perceived risk for illicit practices that impact the security of vendors into account. physical items. Later, in Sections5 and7, we will elaborate on the earlier work identifying these practices, and report how we are able We structure the remainder of this paper as follows. Section2 to capture them in the data available to us. identifies the security practices of vendors on online anony- mous markets. Section3 elaborates on the data we analyze and our approach to measure the prevalence of insecure prac- Password strength. Although password authentication tices. In Section4, we identify characteristics of vendors that has been around for decades, people still have a tendency can relate to their security practices and we cluster vendors to choose predictable passwords [16], criminals included. with similar characteristics into distinct ‘vendor types’. Sec- This leaves them open to brute-force attacks that can give tion5 shows how we capture the identified security practices, third-parties – e.g., rivals or law enforcement – access to then we apply these measurements on the data to investigate their accounts. Which in turn, may lead to irreparable harm the security practices across vendor types. We discuss possi- to business continuity. ble explanations for differences in vendors’ security practices as well as limitations and implications of our work in Sec- Password uniqueness. A theoretically complex, but non- tion6.We show how our work connects to related work in unique password can also be easily breached [3,31]. Research Section7. Section8 concludes. suggests that password reuse is common, even among those who are security-aware [18, 61]. Additionally, databases of leaked passwords may include usernames or email 2 Security practices on online anonymous addresses. Thus, password reuse can also lead to compro- markets misability of users that operate on online anonymous markets. Online anonymous marketplaces take
Load more

Recommended publications
  • The Onion Crate - Tor Hidden Service Index Protected Onions Add New
    onion.to does not host this content; we are simply a conduit connecting Internet users to content hosted inside the Tor network.. onion.to does not provide any anonymity. You are strongly advised to download the Tor Browser Bundle and access this content over Tor. For more information see our website for more details and send us your feedback. hide Tor2web header Online onions The Onion Crate - Tor Hidden Service Index Protected onions Add new nethack3dzllmbmo.onion A public nethack server. j4ko5c2kacr3pu6x.onion/wordpress Paste or blog anonymously, no registration required. redditor3a2spgd6.onion/r/all Redditor. Sponsored links 5168 online onions. (Ctrl-f is your friend) A AUTOMATED PAYPAL AND CREDIT CARD MARKET 2222bbbeonn2zyyb.onion A Beginner Friendly Comprehensive Guide to Installing and Using A Safer yuxv6qujajqvmypv.onion A Coca Growlog rdkhliwzee2hetev.onion ==> https://freenet7cul5qsz6.onion.to/freenet:USK@yP9U5NBQd~h5X55i4vjB0JFOX P97TAtJTOSgquP11Ag,6cN87XSAkuYzFSq-jyN- 3bmJlMPjje5uAt~gQz7SOsU,AQACAAE/cocagrowlog/3/ A Constitution for the Few: Looking Back to the Beginning ::: Internati 5hmkgujuz24lnq2z.onion ==> https://freenet7cul5qsz6.onion.to/freenet:USK@kpFWyV- 5d9ZmWZPEIatjWHEsrftyq5m0fe5IybK3fg4,6IhxxQwot1yeowkHTNbGZiNz7HpsqVKOjY 1aZQrH8TQ,AQACAAE/acftw/0/ A Declaration of the Independence of Cyberspace ufbvplpvnr3tzakk.onion ==> https://freenet7cul5qsz6.onion.to/freenet:CHK@9NuTb9oavt6KdyrF7~lG1J3CS g8KVez0hggrfmPA0Cw,WJ~w18hKJlkdsgM~Q2LW5wDX8LgKo3U8iqnSnCAzGG0,AAIC-- 8/Declaration-Final%5b1%5d.html A Dumps Market
    [Show full text]
  • A Market in Dream: the Rapid Development of Anonymous Cybercrime
    Mobile Networks and Applications https://doi.org/10.1007/s11036-019-01440-2 A Market in Dream: the Rapid Development of Anonymous Cybercrime Gengqian Zhou1 · Jianwei Zhuge1 · Yunqian Fan2 · Kun Du1 · Shuqiang Lu1 © Springer Science+Business Media, LLC, part of Springer Nature 2020 Abstract In this paper we have conducted a comprehensive measurement and analysis on the Dream market, an anonymous online market that uses cryptocurrency as transaction currency. We first collect data between October 30th 2018 and March 1st 2019. Then we use decision tree-based approach to classify goods. Following we analyze the category of goods sold in the market, the shipping place of vendors. By analyzing more than 1,970,303 items, we find the goods sold in Dream Market are mainly drugs and digital goods. We estimate the total sales of all vendors, and find that an average monthly income is $14 million during the measurement period, which means that the market commission income is more than $560,000 per month. Based on these data, we use transaction cost theory to analyze the transaction attributes of illegal transactions, which shows that anonymous online market can reduce transaction cost of illegal transactions. We finally discuss the results analyzed and the intervention policy, as well as recent DDoS attacks and future trends of illegal transactions in anonymous online market. Keywords Anonymous online market · Illegal transactions · Cybercrime 1 Introduction on it allow buyers and vendors to hide their identity, making it difficult for law enforcement to tracking them. As a result, Anonymous network initially served as an approach for many prohibited goods such as drugs and privacy data, have browsing Internet anonymously, protecting user privacy.
    [Show full text]
  • The Metropolitan Revolution
    THE METROPOLITAN REVOLUTION Katz-Bradley.indb 1 4/26/13 5:06 PM Katz-Bradley.indb 2 4/26/13 5:06 PM THE METROPOLITAN REVOLUTION How Cities and Metros Are Fixing Our Broken Politics and Fragile Economy BRUCE KATZ and JEnnifer BradlEy BROOKINGS INSTiTUTiOn PRESS Washington, D.C. Katz-Bradley.indb 3 4/26/13 5:06 PM Copyright © 2013 THE BROOKINGS INSTITUTION 1775 Massachusetts Avenue, N.W., Washington, DC 20036. www.brookings.edu All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means without permission in writing from the Brookings Institution Press. Library of Congress Cataloging-in-Publication data TK 9 8 7 6 5 4 3 2 1 Printed on acid-free paper Typeset in Sabon and Univers Composition by Cynthia Stock Silver Spring, Maryland Printed by R. R. Donnelley Harrisonburg, Virginia Katz-Bradley.indb 4 4/26/13 5:06 PM Contents Foreword vii by Judith Rodin Acknowledgments xi 1 A Revolution Unleashed 1 PART I. The Living Laboratory: The Metropolitan Revolution Today 2 New York City: Innovation and the Next Economy 15 3 Denver: The Four Votes 41 4 Cleveland: The Post-Hero Economy 64 5 Houston: El Civics 88 PART II. The Future of the Metropolitan Revolution: Ushering In the Metro Age 6 The Rise of Innovation Districts 111 7 Toward a Global Network of Trading Cities 144 8 Metros as the New Sovereign 171 9 A Revolution Realized 192 Notes 209 Bibliography 245 Index 251 v Katz-Bradley.indb 5 4/26/13 5:06 PM Katz-Bradley.indb 6 4/26/13 5:06 PM Foreword How does one measure a city? By the buildings that fill its skyline? By the efficiency of its rapid transit? Or, perhaps, by what Jane Jacobs called the “sidewalk ballet” of a busy street? Certainly these are the memorable hallmarks of any mod- ern city or metropolitan area.
    [Show full text]
  • India-Canada Collaboration to Curb Digital Black Markets Sameer Patil
    Canada-India Track 1.5 Dialogue Paper No. 2 Partnering for Prosperity: India-Canada Collaboration to Curb Digital Black Markets Sameer Patil Canada-India Track 1.5 Dialogue Paper No. 2 Partnering for Prosperity: India-Canada Collaboration to Curb Digital Black Markets Sameer Patil CIGI Masthead Gateway House Masthead Executive Executive Board President Rohinton P. Medhora Director,Gateway House: Indian Council on Global Relations Neelam Deo Deputy Director, International Intellectual Property Law and Innovation Bassem Awad President, Human Resources, After-Market & Corporate Services & Member, Chief Financial Officer and Director of Operations Shelley Boettger Group Executive Board, Mahindra and Mahindra Ltd. Rajeev Dubey Director of the Global Economy Program Robert Fay President & CEO, The Indian Music Industry Blaise Fernandes Director of the International Law Research Program Oonagh Fitzgerald Executive Director, Morgan Stanley Investment Management Amay Hattangadi Director of the Global Security & Politics Program Fen Osler Hampson Non-Executive Director, Tata Sons Ishaat Hussain Director of Human Resources Laura Kacur Director,Gateway House: Indian Council on Global Relations Satish Kamat Deputy Director, International Environmental Law Silvia Maciunas Executive Director, Gateway House: Indian Council on Global Deputy Director, International Economic Law Hugo Perezcano Díaz Relations Manjeet Kripalani Director, Evaluation and Partnerships Erica Shaw Founding Partner,AZB & Partners Bahram Vakil Managing Director and General Counsel
    [Show full text]
  • Turning Internet of Things(Iot) Into Internet of Vulnerabilities (Iov) : Iot Botnets
    TURNING IOT INTO IOV : IOT BOTNETS 1 Turning Internet of Things(IoT) into Internet of Vulnerabilities (IoV) : IoT Botnets Kishore Angrishi Abstract—Internet of Things (IoT) is the next big evolutionary step in the world of internet. The main intention behind the IoT is to enable safer living and risk mitigation on different levels of life. Home Automation / With the advent of IoT botnets, the view towards IoT devices Smart Home has changed from enabler of enhanced living into Internet of vulnerabilities for cyber criminals. IoT botnets has exposed two Industrial Control Systems different glaring issues, 1) A large number of IoT devices are Smart City accessible over public Internet. 2) Security (if considered at all) is often an afterthought in the architecture of many wide spread Internet of Things (IoT) IoT devices. In this article, we briefly outline the anatomy of Autonomous the IoT botnets and their basic mode of operations. Some of the Vehicles Medical and healthcare major DDoS incidents using IoT botnets in recent times along Smart traffic & parking with the corresponding exploited vulnerabilities will be discussed. control We also provide remedies and recommendations to mitigate IoT Smart Metering & related cyber risks and briefly illustrate the importance of cyber Smart Grids insurance in the modern connected world. Index Terms—DDoS, IoT, IoT Botnets, Mirai Botnet, Cyber Insurance, Security I. INTRODUCTION Fig. 1. Internet of Things (IoT) The Internet of Things (IoT) is key in the digital world of connected living. The futuristic appeal to make life bit more enjoyable in a hectic day-to-day routine is enticing to many.
    [Show full text]
  • Enterprise Performance Management & Physician Practice Management
    The Newsletter of the Massachusetts-Rhode Island Chapter Volume XLV • Number 5 Healthcare Financial Management Association ENTERPRISE PERFORMANCE MANAGEMENT AND PHYSICIAN PRACTICE MANAGEMENT • Medical Scribe Solution: • Salary Negotiation Decrease Physician Burnout and Increase Revenue • HHS Initiatives to Address Massive Backlog of Medicare • Every Organization’s Nightmare Claims: What Hospitals and and Financial Ruin: Data Theft Physicians Should Know and Re-sale on the “Dark Web” x THE MASSACHUSETTS - RHODE ISLAND CHAPTER OF HFMA \ GRATEFULLY ACKNOWLEDGES THE 2017-2018 CORPORATE SPONSORS PLATINUM Bank of America Merrill Lynch • BDO, USA LLP • BESLER Bolder Healthcare Solutions • ClaimAssist, LLC • HBCS • LogixHealth PFM • PROMEDICAL • PwC • TD Bank • Verrill Dana, LLP GOLD Dubraski & Associates • Huron • Latham & Watkins LLP • Parallon Ropes & Gray LLP • * RTR Financial Services SILVER Action Collection Agency of Boston • Advanced Patient Advocacy LLC • Baker Newman Noyes Balanced Healthcare Receivables, LLC • BerryDunn • Deloitte & Touche LLP Gragil Associates, Inc. • Health Management Associates, Inc. • Healthcare Financial, Inc. KPMG LLP • MDS • Medical Record Associates • Phillips DiPisa P.V. Kent & Associates, P.C. • WithumSmith+Brown, PC * Half Year Sponsor On the Cover Advanced Patient Advocacy LLC 13 BerryDunn 15 BESLER 24 Bolder Healthcare Solution 30 ClaimAssist, LLC 26 BDO, USA LLP 18 Deloitte & Touche LLP 25 Dubraski & Associates 6 LogixHealth 9 Conference PROMEDICAL 5 Committee Members P.V. Kent & Associates, P.C. 28 The conference committees, from left to right: PwC 16 Linda Rowe, Kimberly Buser, Richard Russo, RTR Financial Services 29 Krista Katsapetses, Roger Price, Linda Burns, Jonathan Gorski, Miriam Jost, Jonathan Richman TD Bank 17 and Gary Janko Verrill Dana, LLP 7 WithumSmith+Brown, PC 15 2018 - 2019 OFFICERS & DIRECTORS Volume XLV Number 5 President HEALTHCARE FINANCIAL MANAGEMENT ASSOCIATION Garrett Gillespie, Esq.
    [Show full text]
  • Book and Is Not Responsible for the Web: Content of the External Sources, Including External Websites Referenced in This Publication
    2020 12th International Conference on Cyber Conflict 20/20 Vision: The Next Decade T. Jančárková, L. Lindström, M. Signoretti, I. Tolga, G. Visky (Eds.) 2020 12TH INTERNATIONAL CONFERENCE ON CYBER CONFLicT 20/20 VISION: THE NEXT DECADE Copyright © 2020 by NATO CCDCOE Publications. All rights reserved. IEEE Catalog Number: CFP2026N-PRT ISBN (print): 978-9949-9904-6-7 ISBN (pdf): 978-9949-9904-7-4 COPYRIGHT AND REPRINT PERMissiONS No part of this publication may be reprinted, reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the NATO Cooperative Cyber Defence Centre of Excellence ([email protected]). This restriction does not apply to making digital or hard copies of this publication for internal use within NATO, or for personal or educational use when for non-profit or non-commercial purposes, providing that copies bear this notice and a full citation on the first page as follows: [Article author(s)], [full article title] 2020 12th International Conference on Cyber Conflict 20/20 Vision: The Next Decade T. Jančárková, L. Lindström, M. Signoretti, I. Tolga, G. Visky (Eds.) 2020 © NATO CCDCOE Publications NATO CCDCOE Publications LEGAL NOTICE: This publication contains the opinions of the respective authors only. They do not Filtri tee 12, 10132 Tallinn, Estonia necessarily reflect the policy or the opinion of NATO Phone: +372 717 6800 CCDCOE, NATO, or any agency or any government. NATO CCDCOE may not be held responsible for Fax: +372 717 6308 any loss or harm arising from the use of information E-mail: [email protected] contained in this book and is not responsible for the Web: www.ccdcoe.org content of the external sources, including external websites referenced in this publication.
    [Show full text]
  • In Focus Trafficking Over the Darknet
    IN FOCUS TRAFFICKING OVER THE DARKNET CROSS-CUTTING ISSUES: EVOLVING TRENDS AND 4 NEW CHALLENGES 2020 This publication may be reproduced in whole or in part and in any form for educational or non-profit purposes without special permission from the copyright holder, provided acknowledgement of the source is made. The United Nations Office on Drugs and Crime (UNODC) would appreciate receiving a copy of any publication that uses this publication as a source. Suggested citation: In Focus: Trafficking over the Darknet - World Drug Report 2020. No use of this publication may be made for resale or any other commercial purpose whatsoever without prior permission in writing from UNODC. Applications for such permission, with a statement of purpose and intent of the reproduction, should be addressed to the Research and Trend Analysis Branch of UNODC. DISCLAIMER The content of this publication does not necessarily reflect the views or policies of UNODC or contributory organizations, nor does it imply any endorsement. Comments on the report are welcome and can be sent to: Division for Policy Analysis and Public Affairs United Nations Office on Drugs and Crime PO Box 500 1400 Vienna Austria Tel: (+43) 1 26060 0 Fax: (+43) 1 26060 5827 E-mail: [email protected] Website: www.unodc.org/wdr2020 2020 WORLD DRUG REPORT Acknowledgements The World Drug Report 2020 was prepared by the Research and Trend Analysis Branch, Division for Policy Analysis and Public Affairs, United Nations Office on Drugs and Crime (UNODC), under the supervi- sion of Jean-Luc Lemahieu, Director of the Division, and Angela Me, Chief of the Research and Trend Analysis Branch, and the coordination of Chloé Carpentier, Chief of the Drug Research Section.
    [Show full text]
  • The Dark Web As a Phenomenon: a Review And
    The Dark Web as a Phenomenon: A Review and Research Agenda COMP90019: Distributed Computing Project (25 pt) Conventional Research Project Abhineet Gupta - 719080 The University of Melbourne Semester 1, 2018 Supervisors: - Dr. Atif Ahmad - Dr. Sean Maynard Page 1 of 45 Abhineet Gupta COMP90019 719080 S1, 2018 Abstract The internet can broadly be divided into three parts: surface, deep and dark among which the latter offers anonymity to its users and hosts. The dark web has become notorious in the media for being a hidden part of the web where all manner of illegal activities take place. The more restrictions placed upon the free exchange of information, goods and services between people the more likely there exist hidden spaces for it to take place. The ‘black market’ of the internet – the dark web - represents such a hidden space. This review looks at the purposes it is widely used for with an emphasis on cybercrime, and how the law enforcement plays the role of its adversary. The review describes these hidden spaces, sheds light on their history, the activities that they harbour – including cybercrime, the nature of attention they receive, and methodologies employed by law enforcement in an attempt to defeat their purpose. More importantly, it is argued that these spaces should be considered a phenomenon and not an isolated occurrence to be taken as merely a natural consequence of technology. The review is conducted by looking at existing literature in academic journal databases. It contributes to the area of the dark web by serving as a reference document and by proposing a research agenda.
    [Show full text]
  • Crypto-Market Enforcement - New Strategy and Tactics1
    GDPO Situation Analysis June 2018 Crypto-Market Enforcement - New Strategy and Tactics1 2 3 Alois Afilipoaie and Patrick Shortis Subject Between June and July 2017, two law enforcement actions targeted the cryptomarkets AlphaBay and Hansa Market, closed them, and arrested their operators, seizing millions of dollars in assets in the process. These operations, dubbed ‘Operation Bayonet’ (AlphaBay) and ‘Operation GraveSac’ (Hansa) saw a shift in the strategy and tactics that law enforcement agencies are using to target cryptomarket activity on the Tor network.4 By deconstructing the operation, this situational analysis aims to provide pertinent lessons on how law enforcement agencies have adapted their approach towards tackling cryptomarkets. History of the Operations On June 20th, 2017 the Netherlands National High Tech Crime Unit (NHTCU) infiltrated Hansa Market and took over the site’s operations (Operation GraveSac), without alerting users or disrupting illicit sales.5 This was done with the help of private cybersecurity company Bitdefender that supplied information that enabled the NHTCU to compromise a server in the Netherlands. This action led to German authorities arresting the two Hansa Market administrators, who provided information on another server in Germany and the main server’s location in Lithuania. A link was then set up between the servers in Lithuania and the Netherlands that allowed law enforcement to create a real- time copy of the market database within NHTCU jurisdiction. They also obtained the cryptomarket 1 This Situation Analysis was produced as part of a GDPO collaboration with Central European University’s School of Public Policy (see http://gdpo.swan.ac.uk/?p=494 for more information) 2 University of Bradford 3 University of Manchester 4 Europol Press Release.
    [Show full text]
  • Digging in the Dark
    CTI – EU | Bonding EU Cyber Threat Intelligence Digging into the Dark Web Rome – Link Campus University Pierluigi PAGANINI 30-31 October, 2017 Current scenario 2 Bright o Deep Web vs Dark Web clear Web Dark • Deep Web – It represents the part of the web Web that has not yet been indexed by common search engines • Dark Web – Set of publicly accessible content Deep that are hosted on websites whose Web IP address is hidden but to which anyone can access it as long as it knows the address – Set of private content exchanged in a closed network of computers for file sharing Current scenario 3 Dark Web • The Onion Router (TOR) – Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than six thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. • I2P - The Invisible Internet Project – Network “Peer-to-Peer” (P2P) – I2P is an anonymous overlay network - a network within a network, Ordinary services running on a secure network • Freenet - A Distributed Anonymous Information Storage and Retrieval System. • anoNet is a decentralized friend-to-friend network built using VPNs and software BGP routers • ZeroNet - is a new decentralized and open source web platform based on BitTorrent(p2p) technology and BitCoin cryptography. Current scenario 4 Why Tor is so popular in the criminal ecosystem? • Anonymity • TOR provides "hidden services" that could be used for several illegal activities. • Law enforcement face difficulties in de- anonymizing TOR users. • Impossible to conduct monitoring on a large- scale. • Excellent aggregator - It hosts principal underground communities.
    [Show full text]
  • United States Court of Appeals for the SECOND CIRCUIT >> >>
    Case 15-1815, Document 32, 01/12/2016, 1682740, Page1 of 265 15-1815-CR IN THE United States Court of Appeals FOR THE SECOND CIRCUIT >> >> UNITED STATES OF AMERICA, Appellee, v. ROSS WILLIAM ULBRICHT, AKA DREAD PIRATE ROBERTS, AKA SILK ROAD, AKA SEALED DEFENDANT 1, AKA DPR, Defendant-Appellant. On Appeal from the United States District Court for the Southern District of New York (New York City) APPENDIX VOLUME II OF VI Pages A262 to A514 MICHAEL A. LEVY JOSHUA L. DRATEL, P.C. SERRIN A. TURNER Attorneys for Defendant-Appellant ASSISTANT UNITED STATES ATTORNEYS 29 Broadway, Suite 1412 UNITED STATES ATTORNEY’S OFFICE FOR THE New York, New York 10006 SOUTHERN DISTRICT OF NEW YORK 212-732-0707 Attorneys for Appellee 1 Saint Andrew’s Plaza New York, New York 10007 212-637-2346 Case 15-1815, Document 32, 01/12/2016, 1682740, Page2 of 265 Table of Contents Page Volume I District Court Docket Entries ................................................................. A1 Sealed Complaint, dated September 27, 2013 ....................................... A48 Exhibit A to Complaint - Printout of Silk Road Anonymous Market Search ................... A81 Exhibit B to Complaint - Printout of Silk Road Anonymous Market High Quality #4 Heroin All Rock ..................................................... A83 Indictment, entered February 4, 2014 .................................................... A87 Opinion and Order of the Honorable Katherine B. Forrest, dated July 9, 2014 ........................................................................... A99 Superseding Indictment, entered August 21, 2014 ............................... A150 Order of the Honorable Katherine B. Forrest, dated October 7, 2014 .................................................................... A167 Letter from Joshua L. Dratel to the Honorable Katherine B. Forrest, dated October 7, 2014 ................................. A169 Endorsed Letter from Joshua L. Dratel to the Honorable Katherine B.
    [Show full text]