DOCSLIB.ORG

Cybersecurity Threats – “What Every Employer Needs to Know”

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

1/18/2018 Cybersecurity Threats – “What Every Employer Needs To Know” Connecticut Department of Labor Bryan Cassidy, VP / Information Security Officer (CISA, CISSP, CFE) Disclaimers The opinions expressed in this presentation and on the following slides are solely those of the presenter and not necessarily those of Farmington Bank. Farmington Bank does not guarantee the accuracy or reliability of the information provided herein. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by Farmington Bank. 1/18/2018 | page 2 1 1/18/2018 Bad Actor Profiles Organized Nation Hacktivists Fraudsters Crime States Motivation Skill 1/18/2018 | page 3 Hacktivists WikiLeaks Anonymous Lulzsec 1/18/2018 | page 4 2 1/18/2018 Fraudsters Brett Johnson Alexandre Cazes Ross Ulbricht Sanford Wallace (“ GollumFun”) (“ DeSnake”) (“ Dread Pirate Roberts” ) (“ Spam King” ) ShadowCrew AlphaBay Silk Road 1.0 Cyber Promotions Albert Gonzalez Roman Vega Ercan Findikoglu Yarden Bidani (“ CumbaJohnny”) (“ Boa” ) (“ Segate”) (“ applej4ck” ) ShadowCrew CarderPlanet ATM Cash Out vDOS 1/18/2018 | page 5 Blurring of Organized Crime / Nation States Equation Group Deep Panda Cozy Bear Longhorn Black Vine Sofacy DragonOK Fancy Bear Hidden Lynx Shadow Brokers Mofang Syrian Electronic Army OilRig 1/18/2018 | page 6 3 1/18/2018 Why Are They Not Arrested!? PARIS MOSCOW HARTFORD MIAMI DUBAI LAGOS DAR ES SALAAM Geopolitical Challenges Protections Masking Techniques Laws/Regulations Attribution Challenges 1/18/2018 | page 7 Shedding Light On The Dark Web 1/18/2018 | page 8 4 1/18/2018 Surface Web Only 4% of Web content (~8 billion pages) is available via search engines 1 zettabyte Deep Web Approximately - 250 billion 96% of the digital 7.9 universe is DVDs unsearchable or Zettabytes - 36 million password protected years of HD video Dark Web A portion of the “deep web” used by criminals to perform illegal activities 1/18/2018 | page 9 Source: The Deep Web: Semantic Search Takes Innovation to New Depths The Onion Router (TOR) “…free software for enabling anonymous communication…directs traffic through a free overlay network to conceal a user’s location and usage . TOR’s intended use is to help protect personal privacy of users, as well as their freedom and ability to conduct confidential communications…” Wikipedia 1/18/2018 | page 10 5 1/18/2018 The Onion Router (TOR) India Nepal Canada Colorado Vietnam Ohio Brazil Texas Vermont Malaysia Hartford Poland Peru Canada Russia Austria Estonia You Website Spain Utah Russia Yemen Sweden Maine Canada France China Ukraine Entry Guards Exit Nodes The TOR Network Encrypted Unencrypted 1/18/2018 | page 11 Structure of a Dark Web Marketplace Website Payment Methods Parties Sellers Buyers Centralized Vendors Buyers De-Centralized 1/18/2018 | page 12 6 1/18/2018 Products & Services On the Dark Web Products Services Account Credentials Spam Rental Services Drugs & Prescriptions Translation Services Debit/Credit Cards Money Mules Crimeware Kits Re-shippers Human Trafficking Crimeware-as-a-Service DIY Guides “…daily sales were Identification Docs found to fluctuate Exploits between $300,000 and Bank Statements $500,000 per day.” Carnegie Mellon University: “Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem (August 2015). 1/18/2018 | page 13 Cybercrime Pricelist Attack Tools Data • $400 Remote Access Trojan • $3 SSN and DOB Verification • $100 Remote Desktop Control • $150 Credit Report 750+ Score • $400 1 Million Spam Emails • $5 Credit/Debit Card (Online) Services • $10 Credit/Debit Card (Cloned) • $100 Email Account • $5 Bank Account Login • $150 Bulletproof Hosting ( China, • $1 Existing PayPal Account Eastern Europe, etc .) • $100 Email Account • $20 Virtual Private Network • $1 Proxy • $25 Malicious File Encryption • $25 Fake Driver’s License • $25 Digital Copy of Fake Utility Bill or Social Security Card Source: Recorded Future 1/18/2018 | page 14 7 1/18/2018 Carding Shops 1/18/2018 | page 15 Dark Web Distrust – Scammers & Law Enforcement A dark web marketplace owner can perform an ‘ exit scam ’ and take all the digital currency with him/her. A vendor can steal a buyer’s digital currency by never providing a service or shipping a product but risks negative feedback. A vendor can sell fake services/products to a buyer but risks negative feedback. Law enforcement can be impersonating a vendor/buyer in an attempt to identify dark web marketplace owners, vendors, and/or buyers. Law enforcement may have taken full control over a dark web marketplace by possessing the servers, in an attempt to identify vendors and/or buyers. 1/18/2018 | page 16 8 1/18/2018 Law Enforcement Takedown 1/18/2018 | page 17 Law Enforcement Monitoring 1/18/2018 | page 18 9 1/18/2018 Spoofing, Compromise, and Account Takeover 1/18/2018 | page 19 FBI Public Service Announcements January 22, 2015 I-012215-PSA There have been 2,126 victims with an exposed loss amount of $0.2 billion from October 2013 to December 2014. August 27, 2015 I-082715a-PSA There have been 8,179 victims with an exposed loss amount of $0.8 billion from October 2013 to August 2015. June 14, 2016 I-061416-PSA There have been 22,143 victims with an exposed loss amount of $3.1 billion from October 2013 to May 2016. May 4, 2017 I-050417-PSA There have been 40,203 victims with an exposed loss amount of $5.3 billion from October 2013 to December 2016. 1/18/2018 | page 20 10 1/18/2018 Headlines (March 2016 – August 2017) 1/18/2018 | page 21 Wire Fraud Example From : [email protected] Sent : April 2, 2017 10:02am To : [email protected] Hi Sasha, We have to make a payment to Def Company for $123,000 today. Do you have time to process a wire? Thank you, Bryan AB Company 1/18/2018 | page 22 11 1/18/2018 Wire Fraud Example From : [email protected] Sent : April 2, 2017 10:40am To : [email protected] Bryan, I’ll process the wire after lunch and send you the confirmation tomorrow as I’m out of the office. Regards, Sasha AB Company 1/18/2018 | page 23 Wire Fraud Example From : [email protected] Sent : April 2, 2017 10:51am To : [email protected] Great! Please pay them as soon as possible as it is urgent. This is the bank account information for them; BANK NAME: Global Bank BANK ADDRESS: 1 Farm Glen Blvd., Farmington, CT 06032 ACCT NO: 123456789 ROUTING NO: 9515710 BENEFICIARY: ABC Company BENEFICIARY ADDRESS: 32 Main Street, Farmington, CT 06032 Thank you, Bryan AB Company 1/18/2018 | page 24 12 1/18/2018 Wire Fraud Example From : [email protected] Sent : April 3, 2017 8:01am To : [email protected] Hi Bryan, I’ve paid the vendor as requested. Regards, Sasha AB Company 1/18/2018 | page 25 Wire Fraud Example From : [email protected] Sent : April 5, 2017 9:15am To : [email protected] Hi Bryan, We still haven’t received payment yet for the $123,000. Please pay as soon as possible to avoid any late charges. Thanks, Lauren Def Company 1/18/2018 | page 26 13 1/18/2018 Common Phishing/Email Spoofing Fraud Red Flags Poor spelling and/or grammar . Requests for instructions on processing wire/ACH payments. Last minute changes in wire/ACH instructions. Elements of urgency . -“This needs to be completed by today !” Elements of secrecy . -“Don’t tell anyone !” -“This needs to remain confidential !” Avoiding communication - “I can’t talk right now .” - “I’m in a meeting !” 1/18/2018 | page 27 Steps To Help Prevent Becoming a Victim Append a disclaimer for all external emails coming into your network (e.g., “ The below email is from an external source. Please be careful with open attachments or clicking on links .”) Use out of band methods for confirming out of the ordinary requests instead of solely relying on email. Create a culture of cybersecurity awareness to help employees understand threats and red flags. Block foreign IP addresses (if possible ) to prevent attempts from low skilled fraudsters/criminals. Know who to immediately contact at your financial institution to begin the process to recover funds. 1/18/2018 | page 28 14 1/18/2018 Cybersecurity Awareness Training Vendors 1/18/2018 | page 29 Ransomware 1/18/2018 | page 30 15 1/18/2018 What is “Ransomware”? A malware variant that encrypts important file types (.docx, .xlsx, etc.) and demands a “ ransom ” via digital currency to obtain the private key that unlocks your data. of respondents say negligent employees put 58% their company at risk for a ransomware attack. Source: Ponemon Institution: Rise of Ransomware 2017 Common Digital Currencies 1/18/2018 | page 31 FBI - Public Service Announcement “…the FBI does not support paying a ransom to the adversary. Paying a ransom does not guarantee the victim will regain access to their data ; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom. Paying a ransom emboldens the adversary to September 15, target other victims for profit, and could 2016 provide incentive for other criminals to I-091516-PSA engage in similar illicit activities for financial gain. While the FBI does not support paying a ransom, it recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees, and customers .” 1/18/2018 | page 32 16 1/18/2018 Recent High Profile Victims Target Industry Demand Negotiated Payment San Francisco Light Trail Transportation Did Not Pay Transit $73,000 Hollywood Presbyterian Healthcare $17,000 Medical Center $3,600,000 University of Calgary Education $16,000 $16,000 City of Detroit Government $800,000 Did Not Pay Moses Afonso Ryan Ltd.
Recommended publications
  • The Internet and Drug Markets

    The Internet and Drug Markets

    INSIGHTS EN ISSN THE INTERNET AND DRUG MARKETS 2314-9264 The internet and drug markets 21 The internet and drug markets EMCDDA project group Jane Mounteney, Alessandra Bo and Alberto Oteo 21 Legal notice This publication of the European Monitoring Centre for Drugs and Drug Addiction (EMCDDA) is protected by copyright. The EMCDDA accepts no responsibility or liability for any consequences arising from the use of the data contained in this document. The contents of this publication do not necessarily reflect the official opinions of the EMCDDA’s partners, any EU Member State or any agency or institution of the European Union. Europe Direct is a service to help you find answers to your questions about the European Union Freephone number (*): 00 800 6 7 8 9 10 11 (*) The information given is free, as are most calls (though some operators, phone boxes or hotels may charge you). More information on the European Union is available on the internet (http://europa.eu). Luxembourg: Publications Office of the European Union, 2016 ISBN: 978-92-9168-841-8 doi:10.2810/324608 © European Monitoring Centre for Drugs and Drug Addiction, 2016 Reproduction is authorised provided the source is acknowledged. This publication should be referenced as: European Monitoring Centre for Drugs and Drug Addiction (2016), The internet and drug markets, EMCDDA Insights 21, Publications Office of the European Union, Luxembourg. References to chapters in this publication should include, where relevant, references to the authors of each chapter, together with a reference to the wider publication. For example: Mounteney, J., Oteo, A. and Griffiths, P.
  • Into the Reverie: Exploration of the Dream Market

    Into the Reverie: Exploration of the Dream Market

    Into the Reverie: Exploration of the Dream Market Theo Carr1, Jun Zhuang2, Dwight Sablan3, Emma LaRue4, Yubao Wu5, Mohammad Al Hasan2, and George Mohler2 1Department of Mathematics, Northeastern University, Boston, MA 2Department of Computer & Information Science, Indiana University - Purdue University, Indianapolis, IN 3Department of Mathematics and Computer Science, University of Guam, Guam 4Department of Mathematics and Statistics, University of Arkansas at Little Rock, AK 5Department of Computer Science, Georgia State University, Atlanta, GA [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] Abstract—Since the emergence of the Silk Road market in Onymous" in 2014, a worldwide action taken by law enforce- the early 2010s, dark web ‘cryptomarkets’ have proliferated and ment and judicial agencies aimed to put a kibosh on these offered people an online platform to buy and sell illicit drugs, illicit behaviors [5]. Law enforcement interventions such as relying on cryptocurrencies such as Bitcoin for anonymous trans- actions. However, recent studies have highlighted the potential for Onymous, along with exit scams and hacks, have successfully de-anonymization of bitcoin transactions, bringing into question shut down numerous cryptomarkets, including AlphaBay, Silk the level of anonymity afforded by cryptomarkets. We examine a Road, Dream, and more recently, Wall Street [6]. Despite these set of over 100,000 product reviews from several cryptomarkets interruptions, new markets have continued to proliferate. The collected in 2018 and 2019 and conduct a comprehensive analysis authors of [7] note that there appears to be a consistent daily of the markets, including an examination of the distribution of drug sales and revenue among vendors, and a comparison demand of about $500,000 for illicit products on the dark web, of incidences of opioid sales to overdose deaths in a US city.
  • Complaint Apostolos Trovias, and Jury Demand

    Complaint Apostolos Trovias, and Jury Demand

    Case 1:21-cv-05925 Document 1 Filed 07/09/21 Page 1 of 34 Richard R. Best Kristina Littman John O. Enright Victor Suthammanont Morgan B. Ward Doran Jon Daniels SECURITIES AND EXCHANGE COMMISSION New York Regional Office 200 Vesey Street, Suite 400 New York, New York 10281-1022 (212) 336-5674 (Suthammanont) Email: [email protected] UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK SECURITIES AND EXCHANGE COMMISSION, 21 Civ. ____ ( ) Plaintiff, ECF Case -- against -- COMPLAINT APOSTOLOS TROVIAS, AND JURY DEMAND Defendant. Plaintiff Securities and Exchange Commission (“Commission”), for its Complaint against Defendant Apostolos Trovias (“Trovias”) alleges as follows: SUMMARY OF THE ALLEGATIONS 1. From at least December 2016 through February 2021, Trovias—operating under the pseudonymous online avatar “TheBull”—engaged in a deceptive scheme to offer and sell what he called “insider trading tips” on Dark Web marketplaces to purchasers seeking an unfair advantage when trading securities in the public markets. 2. The Dark Web is a part of the internet that requires specialized software to access and is specifically designed to facilitate anonymity by obscuring users’ identities, including by Case 1:21-cv-05925 Document 1 Filed 07/09/21 Page 2 of 34 hiding users’ internet protocol addresses. The anonymity provided by the Dark Web allows users to sell and purchase illegal products and services, including illicit drugs, stolen identities, hacking services, and in this case, “insider trading tips.” 3. Trovias claimed that his tips consisted of order-book data from a securities trading firm—purportedly material, nonpublic information—that was provided to him by an employee of the trading firm.
  • Cybercrime and Other Threats Faced by the Healthcare Industry Mayra Rosario Fuentes Forward-Looking Threat Research (FTR) Team

    Cybercrime and Other Threats Faced by the Healthcare Industry Mayra Rosario Fuentes Forward-Looking Threat Research (FTR) Team

    Cybercrime and Other Threats Faced by the Healthcare Industry Mayra Rosario Fuentes Forward-Looking Threat Research (FTR) Team A TrendLabs Research Paper TREND MICRO LEGAL DISCLAIMER The information provided herein is for general information Contents and educational purposes only. It is not intended and should not be construed to constitute legal advice. The information contained herein may not be applicable to all situations and may not reflect the most current situation. Nothing contained herein should be relied on or acted upon without the benefit of legal advice based on the 4 particular facts and circumstances presented and nothing herein should be construed otherwise. Trend Micro The Security Issue with reserves the right to modify the contents of this document at any time without prior notice. Electronic Health Records Translations of any material into other languages are intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise related to the accuracy of a translation, please refer to the original language official version of the document. Any 9 discrepancies or differences created in the translation are not binding and have no legal effect for compliance or Electronic Health Records enforcement purposes. in the Underground Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro makes no warranties or representations of any kind as to its accuracy, currency, or completeness. You agree that access to and use of and reliance on this document and the content thereof is at your own risk. Trend Micro 13 disclaims all warranties of any kind, express or implied.
  • Drugs and the Internet

    Drugs and the Internet

    DRUGS AND THE INTERNET DRUGS AND THE INTERNET Issue 8, May 2017 Funded by the Australian Government under the Substance Misuse Prevention and Service Improvement Grants Fund Product of: Drugs and New Technologies Recommended Roxburgh, A., Van Buskirk, J., Burns, L., and Bruno, R. (2017). Drugs and the Internet, Citation: Issue 8, May 2017. Sydney: National Drug and Alcohol Research Centre. To date the availability of illicit drugs has largely been examined through; household surveys and interviews with people who use drugs, indicators such as drug seizures and arrests, and analyses of hospital admissions and drug-related deaths. Over the past decade there has been an increasing awareness and interest in online marketplaces as a source for discussion about and purchase of drugs (Walsh, 2011). The advent of the Silk Road in 2011, an online marketplace operating on the ‘darknet’ (marketplaces operating on the ‘darknet’ are known as ‘cryptomarkets’), broadened the availability of new psychoactive substances (NPS) and other more conventional illicit substances (such as cannabis and MDMA). After the closure of the Silk Road in October 2013, multiple new marketplaces emerged to take its place (Van Buskirk et al, 2014). The closure of Silk Road 2.0 and a large international law enforcement operation in November 2014 (dubbed Operation Onymous) have seen major changes in remaining darknet marketplaces. In addition to this, threats such as hacking attacks and exit scams (whereby markets close down taking any bitcoins held in escrow) continue to cause disarray in cryptomarkets. This bulletin is the eighth in a series and provides analysis of trends over time in the availability and type of substances sold via the internet on the darknet.
  • A Market in Dream: the Rapid Development of Anonymous Cybercrime

    A Market in Dream: the Rapid Development of Anonymous Cybercrime

    Mobile Networks and Applications https://doi.org/10.1007/s11036-019-01440-2 A Market in Dream: the Rapid Development of Anonymous Cybercrime Gengqian Zhou1 · Jianwei Zhuge1 · Yunqian Fan2 · Kun Du1 · Shuqiang Lu1 © Springer Science+Business Media, LLC, part of Springer Nature 2020 Abstract In this paper we have conducted a comprehensive measurement and analysis on the Dream market, an anonymous online market that uses cryptocurrency as transaction currency. We first collect data between October 30th 2018 and March 1st 2019. Then we use decision tree-based approach to classify goods. Following we analyze the category of goods sold in the market, the shipping place of vendors. By analyzing more than 1,970,303 items, we find the goods sold in Dream Market are mainly drugs and digital goods. We estimate the total sales of all vendors, and find that an average monthly income is $14 million during the measurement period, which means that the market commission income is more than $560,000 per month. Based on these data, we use transaction cost theory to analyze the transaction attributes of illegal transactions, which shows that anonymous online market can reduce transaction cost of illegal transactions. We finally discuss the results analyzed and the intervention policy, as well as recent DDoS attacks and future trends of illegal transactions in anonymous online market. Keywords Anonymous online market · Illegal transactions · Cybercrime 1 Introduction on it allow buyers and vendors to hide their identity, making it difficult for law enforcement to tracking them. As a result, Anonymous network initially served as an approach for many prohibited goods such as drugs and privacy data, have browsing Internet anonymously, protecting user privacy.
  • Internet-Facilitated Drugs Trade

    Internet-Facilitated Drugs Trade

    Internet-facilitated drugs trade An analysis of the size, scope and the role of the Netherlands Kristy Kruithof, Judith Aldridge, David Décary-Hétu, Megan Sim, Elma Dujso, Stijn Hoorens For more information on this publication, visit www.rand.org/t/RR1607 Published by the RAND Corporation, Santa Monica, Calif., and Cambridge, UK R® is a registered trademark. © 2016 WODC, Ministerie van Veiligheid en Justitie Cover image shared by Jo Naylor via Flickr; CC BY 2.0. RAND Europe is an independent, not-for-profit policy research organisation that aims to improve policy and decisionmaking in the public interest through research and analysis. RAND’s publications do not necessarily reflect the opinions of its research clients and sponsors. All rights reserved. No part of this book may be reproduced in any form by any electronic or mechanical means (including photocopying, recording, or information storage and retrieval) without permission in writing from the sponsor. Support RAND Make a tax-deductible charitable contribution at www.rand.org/giving/contribute www.rand.org www.rand.org/randeurope Preface The potential role of the Internet in facilitating drugs trade first gained mass attention with the rise and fall of Silk Road; the first major online market place for illegal goods on the dark web. After Silk Road was taken down by the FBI in October 2013, it was only a matter of weeks before copycats filled the void. Today, there are around 50 so-called cryptomarkets and vendor shops where vendors and buyers find each other anonymously to trade illegal drugs, new psychoactive substances, prescription drugs and other goods and services.
  • User Names of Illegal Drug Vendors on a Darknet Cryptomarket DOI: 10.34158/ONOMA.50/2015/2

    User Names of Illegal Drug Vendors on a Darknet Cryptomarket DOI: 10.34158/ONOMA.50/2015/2

    Onoma 50 Journal of the International Council of Onomastic Sciences ISSN: 0078-463X; e-ISSN: 1783-1644 Journal homepage: https://onomajournal.org/ User names of illegal drug vendors on a darknet cryptomarket DOI: 10.34158/ONOMA.50/2015/2 Lasse Hämäläinen Finnish Language FI-00014 University of Helsinki [email protected] www.researchgate.net/profile/Lasse_Haemaelaeinen To cite this article: Hämäläinen, Lasse. 2015. User names of illegal drug vendors on a darknet cryptomarket. Onoma 50, 45–71. DOI: 10.34158/ONOMA.50/2015/2 To link to this article: https://doi.org/10.34158/ONOMA.50/2015/2 © Onoma and the author. User names of illegal drug vendors on a darknet cryptomarket Abstract: The illegal drug trade has recently found a new route: darknet cryptomarkets. On these Ebay-like marketplaces, located in an anonymous network, drug sellers and buyers from all over the world make deals without meeting each other in person. Drug vendors are known by their user names, and those names could have a huge financial significance for their owners. This study examines the characteristics of those vendor user names and contrasts them to both other types of user names as well as to real-life commercial names. The data for the study were collected from AlphaBay, which was the largest cryptomarket in early 2017. Many vendors share information of themselves through their user names, referring to their products, home country and whether they work alone or in a group. Names are also used to create various images of vendor’s business. Some vendors try to create an image of a normal, legal business by using company and brand name vocabulary or by plagiarising famous real-life brand names.
  • Demystifying the Dark Web Opioid Trade: Content Analysis on Anonymous Market Listings and Forum Posts

    Demystifying the Dark Web Opioid Trade: Content Analysis on Anonymous Market Listings and Forum Posts

    JOURNAL OF MEDICAL INTERNET RESEARCH Li et al Original Paper Demystifying the Dark Web Opioid Trade: Content Analysis on Anonymous Market Listings and Forum Posts Zhengyi Li1*, MSc; Xiangyu Du1*, MSc; Xiaojing Liao1, PhD; Xiaoqian Jiang2, PhD; Tiffany Champagne-Langabeer2, PhD 1Department of Computer Science, Indiana University Bloomington, Bloomington, IN, United States 2The University of Texas Health Science Center at Houston, Houston, TX, United States *these authors contributed equally Corresponding Author: Xiaojing Liao, PhD Department of Computer Science Indiana University Bloomington 700 N Woodlawn Ave Bloomington, IN United States Phone: 1 8646508137 Email: [email protected] Abstract Background: Opioid use disorder presents a public health issue afflicting millions across the globe. There is a pressing need to understand the opioid supply chain to gain new insights into the mitigation of opioid use and effectively combat the opioid crisis. The role of anonymous online marketplaces and forums that resemble eBay or Amazon, where anyone can post, browse, and purchase opioid commodities, has become increasingly important in opioid trading. Therefore, a greater understanding of anonymous markets and forums may enable public health officials and other stakeholders to comprehend the scope of the crisis. However, to the best of our knowledge, no large-scale study, which may cross multiple anonymous marketplaces and is cross-sectional, has been conducted to profile the opioid supply chain and unveil characteristics of opioid suppliers, commodities, and transactions. Objective: We aimed to profile the opioid supply chain in anonymous markets and forums via a large-scale, longitudinal measurement study on anonymous market listings and posts. Toward this, we propose a series of techniques to collect data; identify opioid jargon terms used in the anonymous marketplaces and forums; and profile the opioid commodities, suppliers, and transactions.
  • Book and Is Not Responsible for the Web: Content of the External Sources, Including External Websites Referenced in This Publication

    Book and Is Not Responsible for the Web: Content of the External Sources, Including External Websites Referenced in This Publication

    2020 12th International Conference on Cyber Conflict 20/20 Vision: The Next Decade T. Jančárková, L. Lindström, M. Signoretti, I. Tolga, G. Visky (Eds.) 2020 12TH INTERNATIONAL CONFERENCE ON CYBER CONFLicT 20/20 VISION: THE NEXT DECADE Copyright © 2020 by NATO CCDCOE Publications. All rights reserved. IEEE Catalog Number: CFP2026N-PRT ISBN (print): 978-9949-9904-6-7 ISBN (pdf): 978-9949-9904-7-4 COPYRIGHT AND REPRINT PERMissiONS No part of this publication may be reprinted, reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the NATO Cooperative Cyber Defence Centre of Excellence ([email protected]). This restriction does not apply to making digital or hard copies of this publication for internal use within NATO, or for personal or educational use when for non-profit or non-commercial purposes, providing that copies bear this notice and a full citation on the first page as follows: [Article author(s)], [full article title] 2020 12th International Conference on Cyber Conflict 20/20 Vision: The Next Decade T. Jančárková, L. Lindström, M. Signoretti, I. Tolga, G. Visky (Eds.) 2020 © NATO CCDCOE Publications NATO CCDCOE Publications LEGAL NOTICE: This publication contains the opinions of the respective authors only. They do not Filtri tee 12, 10132 Tallinn, Estonia necessarily reflect the policy or the opinion of NATO Phone: +372 717 6800 CCDCOE, NATO, or any agency or any government. NATO CCDCOE may not be held responsible for Fax: +372 717 6308 any loss or harm arising from the use of information E-mail: [email protected] contained in this book and is not responsible for the Web: www.ccdcoe.org content of the external sources, including external websites referenced in this publication.
  • In Focus Trafficking Over the Darknet

    In Focus Trafficking Over the Darknet

    IN FOCUS TRAFFICKING OVER THE DARKNET CROSS-CUTTING ISSUES: EVOLVING TRENDS AND 4 NEW CHALLENGES 2020 This publication may be reproduced in whole or in part and in any form for educational or non-profit purposes without special permission from the copyright holder, provided acknowledgement of the source is made. The United Nations Office on Drugs and Crime (UNODC) would appreciate receiving a copy of any publication that uses this publication as a source. Suggested citation: In Focus: Trafficking over the Darknet - World Drug Report 2020. No use of this publication may be made for resale or any other commercial purpose whatsoever without prior permission in writing from UNODC. Applications for such permission, with a statement of purpose and intent of the reproduction, should be addressed to the Research and Trend Analysis Branch of UNODC. DISCLAIMER The content of this publication does not necessarily reflect the views or policies of UNODC or contributory organizations, nor does it imply any endorsement. Comments on the report are welcome and can be sent to: Division for Policy Analysis and Public Affairs United Nations Office on Drugs and Crime PO Box 500 1400 Vienna Austria Tel: (+43) 1 26060 0 Fax: (+43) 1 26060 5827 E-mail: [email protected] Website: www.unodc.org/wdr2020 2020 WORLD DRUG REPORT Acknowledgements The World Drug Report 2020 was prepared by the Research and Trend Analysis Branch, Division for Policy Analysis and Public Affairs, United Nations Office on Drugs and Crime (UNODC), under the supervi- sion of Jean-Luc Lemahieu, Director of the Division, and Angela Me, Chief of the Research and Trend Analysis Branch, and the coordination of Chloé Carpentier, Chief of the Drug Research Section.
  • Crypto-Market Enforcement - New Strategy and Tactics1

    Crypto-Market Enforcement - New Strategy and Tactics1

    GDPO Situation Analysis June 2018 Crypto-Market Enforcement - New Strategy and Tactics1 2 3 Alois Afilipoaie and Patrick Shortis Subject Between June and July 2017, two law enforcement actions targeted the cryptomarkets AlphaBay and Hansa Market, closed them, and arrested their operators, seizing millions of dollars in assets in the process. These operations, dubbed ‘Operation Bayonet’ (AlphaBay) and ‘Operation GraveSac’ (Hansa) saw a shift in the strategy and tactics that law enforcement agencies are using to target cryptomarket activity on the Tor network.4 By deconstructing the operation, this situational analysis aims to provide pertinent lessons on how law enforcement agencies have adapted their approach towards tackling cryptomarkets. History of the Operations On June 20th, 2017 the Netherlands National High Tech Crime Unit (NHTCU) infiltrated Hansa Market and took over the site’s operations (Operation GraveSac), without alerting users or disrupting illicit sales.5 This was done with the help of private cybersecurity company Bitdefender that supplied information that enabled the NHTCU to compromise a server in the Netherlands. This action led to German authorities arresting the two Hansa Market administrators, who provided information on another server in Germany and the main server’s location in Lithuania. A link was then set up between the servers in Lithuania and the Netherlands that allowed law enforcement to create a real- time copy of the market database within NHTCU jurisdiction. They also obtained the cryptomarket 1 This Situation Analysis was produced as part of a GDPO collaboration with Central European University’s School of Public Policy (see http://gdpo.swan.ac.uk/?p=494 for more information) 2 University of Bradford 3 University of Manchester 4 Europol Press Release.