DOCSLIB.ORG

Krawisz-Mastersreport-2017

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Krawisz-Mastersreport-2017 DISCLAIMER: This document does not meet current format guidelines Graduate School at the The University of Texas at Austin. of the It has been published for informational use only. Copyright by Daniel Gregory Krawisz 2017 The Report Committee for Daniel Gregory Krawisz Certifies that this is the approve version of the following report! "nonymity in Bit$oin and Bitmessage "%%R&'(D B) *+%(R',*,-G C&..,TT((! */pervisor! Vijay Garg William Bard "nonymity in Bit$oin and Bitmessage by Daniel Gregory Krawisz, B1"12.1"1 Report Presented to the Faculty of the Graduate School of The University of Texas at Austin in Partial Fulfillment of the Requirements for the Degree of .aster of Science in Engineering The University of Texas at A/stin .ay 2017 Dedication Dedicated to my cat, Lemon. "$knowledgements I thank Adnan Aziz, my first supervisor, for putting up with me I thank Vijay Garg and William Bard for supervising this proje!t I thank the people at "onetas and #tash, who supported my work on bmd, and the people at "y!elium, who supported my work on Shufflepuff. I thank my mother, Jane Kennedy, for her help and support. v ththth "bstract "nonymity in Bit$oin and Bitmessage Daniel Gregory Krawisz, M.S.E. The University of Texas at Austin, 2017 Supervisor: Vijay Garg )his report des!ribes two proje!ts !reated $y the author whi!h are based on ideas whi!h originate from the Bit!oin !ommunity )he first, bmd, is a re*implementation of the Bitmessage proto!ol in go. Bitmessage is an anonymous and se!ure messaging system invented $y 'onathan Warren, who was inspired $y the design of Bit!oin's p2p network. [WA../0 )he se!ond is #hufflepuff, an implementation of a protocol !alled CoinShuffle-.233/0 whi!h allows several people to !onstruct a Bit!oin transa!tion with an input and an output for ea!h parti!ipant without any parti!ipant knowing who owns whi!h output CoinShuffle was invented $y )im .uffing et al, and it is an upgrade of a protocol !alled CoinJoin, invented $y Gregory "axwell )his paper dis!usses the ba!kground, properties, appli!ations, and design of bmd and #hufflepuff. )here is also a report of a performance analysis on bmd. vi ththth Table of Contents 6ist of Figures i5 Chapter 1 Fundamental Concepts / Anonymity / 7roof-of-Work , Chapter 2 Prior Work 8 Comparison to PG7 8 Comparison to Freenet 9 Comparison to Bit!oin : Chapter 3 Justifi!ation /< 2ses of Bitmessage /< =igital Cash and Open Transa!tions // >pen Transa!tion Voting Pools // Chapter 4 Engineering /A )he Bitmessage Protocol /A Bitmessage and IMA7 /8 =esign of bmd /9 bmd and bt!d /: Chapter 5 Performance Analysis of bmd /B Chapter 6 Shuflepuff ,, Anonymity in Bit!oin ,, vii ththth Bit!oin Tumblers ,; 'oin Transa!tions in Bit!oin ,? =es!ription of CoinShuffle ,A )he TakerD"aker Model ,8 )heoreti!al Contributions ,9 Chapter 7 Artifi!ial Intelligence and Priva!y ,B Conclusion ;/ .eferences ;, viii ththth 5ist of Tables )able 1: "emory Usage of bmd ,8 i5 ththth Chapter 1! Fundamental Concepts "-&-).,TY In !omputer networking, anonymity means that it is infeasi$le for a passive atta!ker to link any two messages together as a single identity Anonymity is a subje!t whi!h is both poorly*understood and di4!ult to provide properly )he reason it is so di4!ult is that no one !an hide in a va!!uumF one must hide among other people Anonymity as a servi!e must therefore be provided $y many people to one another, all of whom wish to be anonymous It is inherently a social phenomenon, and therefore it is inherently compli!ated.[DIAG, S@.'] )he first person to publish a!ademi! papers on anonymity in a !omputer networking !onte5t was =avid Chaum-1H1, 1H,0 His two !lassi! papers are very different from one another and together they provide a good !onceptual overview of anonymity. His first paper, I)he =ining Cryptographers 7roblemJ, showed that a network !ould provide a maximal level of anonymity with a synchronized protocol that allowed one bit to be transmitted anonymously per round. He showed that it was possi$le for one member in a group to broadcast a message without leaking any information about who it was 3or an outside observer, the sender !annot be distinguished among n people, and for a parti!ipating observer, the sender is hidden among n-1 people (be!ause he knows if he is the sender). )his is the maximum degree of anonymity that !ould be a!hieved with n people Be!ause this protocol is synchronized, it is not pra!ti!al for real*world networks )his is unfortunate be!ause the author doubts that it is possible for a non-synchronized / network to avoid leaking some information. )hus, for larger networks, the problem be!omes one of leaking the least amount possible rather than leaking none in a way that is prova$le beforehand. )hus, real*world anonymity to serve many people appears to be much more about engineering than mathemati!s )he general strategy of any anonymity network is to spread any information enough that no node is likely to be a$le to re!onstruct the behavior of any identity on the network. ChaumMs other paper[CH,0 was about a much more pra!ti!al system that !ould provide anonymity allowing a lot of nodes to randomly mi5 signals It !ontained no mathemati!sF it simply argued that if a message is routed through a random set of a large number of servers, the message ought to be very di4!ult to tra!e )his is the basis for the )or network, whi!h is a large non-synchronized anonymity network, e5!ept that Tor routes I7 conne!tions rather than email only -=ING0 )his paper is about two proje!ts !reated $y the author whi!h are designed to provide anonymity >ne of them, #hufflepuff, e5ists to provide anonymity in Bit!oin transa!tions It uses a synchronized protocol !alled CoinShuffle, whi!h means that it !an provide strong guarantees of anonymity, but is limited to networks with fewer people. )he se!ond of these, bmd, implements a messaging protocol !alled Bitmessage-WA../0 Bitmessage is not a synchronized protocol, so it is !apable of serving a much larger network. PROOF-OF-WORK "ost of the ideas in this paper grew out of ideas originally proposed $y the Cypherpunks, a mailing list whi!h was a!tive from the late /B:<s to the early ,<<<s )he Cypherpunks were individualists who wanted to evade government oversight =avid Chaum is !onsidered to be their progenitor 7roof-of-work was an idea originally , proposed on the Cypherpunk mailing list $y Adam Ba!k.[BA1(/0 )he idea of proof-of- work is to show an expended cost in a cryptographi!ally se!ure way. A !ost function is a function that takes a !ost parameter 5 and a message m and produces a message mM that has a verifiable expe!ted !ost !K5L to !reate from m 3or e5ample, suppose that H is some cryptographi! hash function and m’ ≅ nOm, where n is a nonce whi!h is !hosen so that H(mML is less than a given value 5 )his is the simplest way to implement a !ost function. Be!ause a !ryptographi! hash function is supposed to a!t like a one-way function whose output is indistinguishable from a random string, a !omputer that re!eives message mM !an !onclude that it !ould not have been produced without trying nonces until one was found that produced a valid hash value By adjusting the cost parameter, one can make a valid nonce more or less di4!ult to find. )he appli!ation originally proposed for !ost functions was as a spam filter A given email address would have a !ertain di4!ulty associated with it, and any email whi!h did not have a suffi!iently di4!ult proof-of-work atta!hed would be automati!ally dis!arded without being read. A sender who was not suffi!iently interested in attra!ting the attention of the re!ipient to evaluate the work function would simply not send an email in the first pla!e A spammer depends on being able to send large numbers of emails !heaply in order to benefit from the small fra!tion of people who read them A tiny individualized per*message !ost would affe!t him a lot more than it would affe!t someone who only wanted to send personalized messages A proof-of-work filter is an appli!ation of the handi!ap principle-GA1], whi!h is an idea that !omes out of evolutionary theory It says that a believa$le message must !ome at a verifiable !ost to the sender )his idea has been tested mainly in mating ; displays, though its theoreti!al appli!ations are potentially much greater )here are game* theoreti! models that show this to be a sta$le strategy under !ertain !ircumstances -GRA3/0 Bitmessage uses proof-of-work for spam prevention. Be!ause anonymity and !onfidentiality are design goals of Bitmessage, the nodes must !ommuni!ate without knowing much about one another and therefore !annot automati!ally expe!t reliable information from one another A bitmessage node must be able to limit the !omputational power it expends to the messages most likely to be meaningful, but it !annot look at the !ontent of the majority of the messages )herefore, Bitmessage nodes transmit the messages they re!eive based on the proof-of-work string atta!hed to them >nly those messages worth the !ost to the senders are sent into the network.
Load more

Recommended publications
  • A Decentralized Private Marketplace: DRAFT 0.1
    A Decentralized Private Marketplace: DRAFT 0.1 Ido Kaiser1 Abstract— The online services we use are increasingly de- structure provided by the Bitcoin blockchain but is equally manding more of our personal data, a disturbing trend that applicable to any of it derivatives, meaning the marketplace threatens the privacy of users on a global scale. Entities such as is indifferent about the underlying cryptocurrency used for Google, Facebook and Yahoo have grown into colossal, seem- ingly unaccountable corporations by monetizing their users’ payments. personal data. These entities are charged with keeping said data secure and, in the case of social and economic interactions, II. HIGH LEVEL OVERVIEW safeguarding the privacy of their users. Centralized security The overview consists of two main components: a models are not applicable to the new generation of technologies blockchain and a data storage network. Technically speaking such as Bitcoin. This paper discusses a system which combines these networks can operate over the same set of nodes. But a Bitmessage-style network with anonymous payment schemes to create a privacy-centric marketplace. Furthermore we apply for clarity we separate them to highlight that it does not have a multi-signature escrow technique involving insurance deposits to be the same set. should which deter fraudulent actors from participating in trades, given that their incentive is to make a profit. A. Blockchain The blockchain is typically tasked with processing pay- I. INTRODUCTION ments but for our purpose it will also be storing the market- Satoshi Nakamoto, the visionary and creator of Bitcoin[1], place index and the identities.
    [Show full text]
  • January 2020 Zillman Column
    2020 Guide to Online Privacy Resources and Tools By Marcus P. Zillman, M.S., A.M.H.A. Executive Director - Virtual Private Library http://www.VirtualPrivateLibrary.org The January 2020 Zillman Column features the 2020 Guide to Online Privacy Resources and Tools and is a very comprehensive listing of Internet and Web privacy resources, sources and sites on the Internet for the latest competent sources and research. The below list of sources is taken partially from my Subject Tracer™ white paper titled Privacy Resources 2020 and is constantly updated with Subject Tracer™ bots at the following URL: http://www.PrivacyResources.info/ http://www.StealthMode.info/ These resources and sources will help you to discover the many pathways available through the Internet to find the latest Internet and web search and discovery research, resources, sources and sites. As this site is constantly updated it would be to your benefit to bookmark and return to the above URL frequently. Figure 1: 2020 Guide to Online Privacy Resources and Tools 1 January 2020 Zillman Column – 2020 Guide to Online Privacy Resources and Tools http://www.zillmancolumns.com/ [email protected] eVoice: (800) 858-1462 © 2020 Marcus P. Zillman, M.S., A.M.H.A. 2020 Guide to Online Privacy Resources and Tools: 10 Best Security and Privacy Apps for Smartphones and Tablets http://drippler.com/drip/10-best-security-privacy-apps-smartphones-tablets 10 Minute Mail http://10minutemail.com/10MinuteMail/index.html 10 Privacy Gadgets To Help You Keep a Secret http://www.popsci.com/keep-your-secrets-a-secret
    [Show full text]
  • 5.Sustainability
    P2Pvalue More than 95% of the cases surveyed use centralized servers to store the users’ data. Over the whole population of cases this would be lower, as less than 88% has a centralized architecture allowing for central storage. Index infrastructure provision On a scale of 1 to 9, half of the cases have less than 3, and 84.1% of the cases are at the intermediate level of the index (between 4 and 5). None of the cases are at the highest range of the index. 5.Sustainability Regarding the question of profitability versus non profitability character of infrastructure provision, what results from the data on the legal type of infrastructure provision (see table above as part of infrastructure provision section) is that non-profit organizations make up the majority of cases (57%), something that makes sense with the voluntary dimension of the majority of CBPP experiences. Nevertheless, we consider it important to highlight that 28.9% of the cases are for profit organizations, something that is closely related to the diffusion of hybrid cases in CBPP. The data on the type of organization connected to the case (see table at section infrastructure provider) notes that 25.1% of the cases are businesses, which is the second type of most common organization. What we highlight about this data concerning the main strategies to achieve economic sustainability is the high level of importance that is given to the non- monetary contributions. For instance, 51% of respondents assign a value of 10 to non-monetary contributions. Instead, when we analyze all the other strategies of sustainability, the median is very low.
    [Show full text]
  • Considering PGP
    Security Now! Transcript of Episode #418 Page 1 of 38 Transcript of Episode #418 Considering PGP Description: This week, Steve and Leo continue covering the consequences of the Snowden leaks and, with that in mind, they examine the Pretty Good Privacy (PGP) system for securely encrypting eMail and attachments. High quality (64 kbps) mp3 audio file URL: http://media.GRC.com/sn/SN-418.mp3 Quarter size (16 kbps) mp3 audio file URL: http://media.GRC.com/sn/sn-418-lq.mp3 SHOW TEASE: It's time for Security Now!. Steve Gibson, our security guru, is here. This is a show everybody has to watch. In fact, share it with your friends, your neighbors, your colleagues: Using PGP to protect your email. Steve talks about it next on Security Now!. Leo Laporte: This is Security Now! with Steve Gibson, Episode 418, recorded August 21st, 2013: Considering PGP. It's time for Security Now!, the show that covers your security, your privacy, your safety online with this man here, the 'Splainer in Chief, Steven Gibson at GRC.com. Hey, Steverino. Steve Gibson: Hey, Leo. Great to be with you for Show No. 1 of Year No. 9. Leo: Wow. Steve: We begin our ninth year. Leo: Wow. Episode 418, and you've only missed one, and that was because we made you. Steve: Yeah. So we're not going to do that again. That was not pretty. There was an uprising among the natives. Security Now! Transcript of Episode #418 Page 2 of 38 Leo: Well, you've got to fight it out with Lisa because I don't - I never had the cojones to stop you, but she does.
    [Show full text]
  • Unveiling the I2P Web Structure: a Connectivity Analysis
    Unveiling the I2P web structure: a connectivity analysis Roberto Magan-Carri´ on,´ Alberto Abellan-Galera,´ Gabriel Macia-Fern´ andez´ and Pedro Garc´ıa-Teodoro Network Engineering & Security Group Dpt. of Signal Theory, Telematics and Communications - CITIC University of Granada - Spain Email: [email protected], [email protected], [email protected], [email protected] Abstract—Web is a primary and essential service to share the literature have analyzed the content and services offered information among users and organizations at present all over through this kind of technologies [6], [7], [2], as well as the world. Despite the current significance of such a kind of other relevant aspects like site popularity [8], topology and traffic on the Internet, the so-called Surface Web traffic has been estimated in just about 5% of the total. The rest of the dimensions [9], or classifying network traffic and darknet volume of this type of traffic corresponds to the portion of applications [10], [11], [12], [13], [14]. Web known as Deep Web. These contents are not accessible Two of the most popular darknets at present are The Onion by search engines because they are authentication protected Router (TOR; https://www.torproject.org/) and The Invisible contents or pages that are only reachable through the well Internet Project (I2P;https://geti2p.net/en/). This paper is fo- known as darknets. To browse through darknets websites special authorization or specific software and configurations are needed. cused on exploring and investigating the contents and structure Despite TOR is the most used darknet nowadays, there are of the websites in I2P, the so-called eepsites.
    [Show full text]
  • A Security Analysis of Email Communications
    A security analysis of email communications Ignacio Sanchez Apostolos Malatras Iwen Coisel Reviewed by: Jean Pierre Nordvik 2 0 1 5 EUR 28509 EN European Commission Joint Research Centre Institute for the Protection and Security of the Citizen Contact information Ignacio Sanchez Address: Joint Research Centre, Via Enrico Fermi 2749, I - 21027 Ispra (VA), Italia E-mail: [email protected] JRC Science Hub https://ec.europa.eu/jrc Legal Notice This publication is a Technical Report by the Joint Research Centre, the European Commission’s in-house science service. It aims to provide evidence-based scientific support to the European policy-making process. The scientific output expressed does not imply a policy position of the European Commission. Neither the European Commission nor any person acting on behalf of the Commission is responsible for the use which might be made of this publication. All images © European Union 2015, except: Frontpage : © bluebay2014, fotolia.com JRC 99372 EUR 28509 EN ISSN 1831-9424 ISBN 978-92-79-66503-5 doi:10.2760/319735 Luxembourg: Publications Office of the European Union, 2015 © European Union, 2015 Reproduction is authorised provided the source is acknowledged. Printed in Italy Abstract The objective of this report is to analyse the security and privacy risks of email communications and identify technical countermeasures capable of mitigating them effectively. In order to do so, the report analyses from a technical point of view the core set of communication protocols and standards that support email communications in order to identify and understand the existing security and privacy vulnerabilities. On the basis of this analysis, the report identifies and analyses technical countermeasures, in the form of newer standards, protocols and tools, aimed at ensuring a better protection of the security and privacy of email communications.
    [Show full text]
  • Secure Messaging1
    SoK: Secure Messaging1 Nik Unger∗, Sergej Dechandy Joseph Bonneauzx, Sascha Fahl{, Henning Perl{ Ian Goldberg∗, Matthew Smithy ∗ University of Waterloo, y University of Bonn, z Stanford University, x Electronic Frontier Foundation, { Fraunhofer FKIE Abstract—Motivated by recent revelations of widespread state of this paper, the academic research community is also failing surveillance of personal communication, many solutions now to learn some lessons from tools in the wild. claim to offer secure and private messaging. This includes both a Furthermore, there is a lack of coherent vision for the future large number of new projects and many widely adopted tools that have added security features. The intense pressure in the past two of secure messaging. Most solutions focus on specific issues years to deliver solutions quickly has resulted in varying threat and have different goals and threat models. This is com- models, incomplete objectives, dubious security claims, and a lack pounded by differing security vocabularies and the absence of of broad perspective on the existing cryptographic literature on a unified evaluation of prior work. Outside of academia, many secure communication. products mislead users by advertising with grandiose claims In this paper, we evaluate and systematize current secure messaging solutions and propose an evaluation framework for of “military grade encryption” or by promising impossible their security, usability, and ease-of-adoption properties. We con- features such as self-destructing messages [7]–[10]. The recent sider solutions from academia, but also identify innovative and EFF Secure Messaging Scorecard evaluated tools for basic promising approaches used “in-the-wild” that are not considered indicators of security and project health [11] and found many by the academic literature.
    [Show full text]
  • Identikey: a Distributed Social Network
    Identikey: A Distributed Social Network Dept. of CIS - Senior Design 2015-2016∗ Drew Fisher Jacob Henner Vamsi Jandhayala drewfi[email protected] [email protected] [email protected] Univ. of Pennsylvania Univ. of Pennsylvania Univ. of Pennsylvania Philadelphia, PA Philadelphia, PA Philadelphia, PA ABSTRACT There are several computers (routers) between the user Online social networks | such as Facebook and Twitter | and the network's server that have access to data and meta- have become an essential tool for communication. Their data communicated between the user and the network. There ease-of-use and the associated network effect have made them are also additional links between the network's web servers, ubiquitous. Unfortunately, they often do little to protect user its file servers, its database servers, etc. privacy. Instead, they frequently sell user information to Unfortunately, this model is inadequate to protect user advertisers, and provide it to governments when requested. privacy. An adversary, whether a \hacker", cyber-criminal, They comply with government requests for censorship, and abusive government, or other abusive regime, can attack this in authoritarian states, they may be blocked entirely. This network at several points: is clearly unacceptable, especially since the communication 1. Between the user and the network's web servers | the these networks facilitate often inspires needed social change. adversary can either eeveesdrop on the connection be- We propose Identikey, an encrypted and distributed social tween the user and the network, or launch an active network. Instead of the conventional model | where user man-in-the-middle (MITM) attack. In both cases, the data is stored by a central entity (e.g.
    [Show full text]
  • You Gotta Fight for Your Right to Party
    You gotta fightgotta You for your right foryour to party to V 0. 150129 Cologne Jochim Selzer [email protected] https://cryptoparty.in/cryptopartykbn a57a 4e28 a59d 0385 d33d 6301 763d ce1b 65f4 c445 It's my party and I crypt if I want to Privatsphäre ist ein Grundrecht. Wir müssen es nicht begründen. Wir müssen es nicht entschuldigen. Wir müssen es einfordern und verteidigen. Pleased to meet you Cryptoparty ● Digitaler Erste-Hilfe-Kurs ● Frei wie „freie Rede“ ● Frei wie „Freibier“ ● Überparteilich ● Unterwegs Trouble, set me free Am I just paranoid? Am I just stoned? ● Mailverschlüsselung mit GnuPG ● Chatverschlüsselung mit OTR ● Datenträgerverschlüsselung mit TCnext ● Anonymisierung mit Tor ● Passworverwaltung mit Keepass und reichlich neue Programme zum Ausprobieren Ende-zu-Ende- Verschlüsselung Remember Mama's golden rules 1.HTTPS benutzen 2.Mails verschlüsseln. Immer 3.Lokale Daten verschlüsseln 4.Viele und starke Passworte benutzen 5.Tracker im Browser blockieren 6.Persönlichkeit aufspalten 7.In offenen WLANs besonders vorsichtig sein 8.Software aktuell halten 9.Vor einer Installation zweimal nachdenken . Es kann keine perfekte Sicherheit geben. Sicherheit ist ein Vorgehen, kein Werkzeug. My baby just wrote me a letter ● https://www.mozilla.org/thunderbird ● http://www.gpg4win.org/ ● https://gpgtools.org/ ● https://enigmail.mozdev.org You belong with me https://truecrypt.ch And it's hard to hold on to what you've found When what comes around always goes around https://www.torproject.org/ I can't remember http://keepass.info/ Automatic For The People https://tails.boum.org/ Somewhere over the rainbow ● Skype-Ersatz http://tox.im/ ● P2P-Messenger https://pond.imperialviolet.org/ ● Anonymes-IM http://www.bitmessage.org/ ● PGP im Browser https://lavaboom.com/ ● Truecrypt-Nachfolger http://veracrypt.codeplex.com/ ● Crypto-IM https://www.cameonet.de/ ● Crypto-IM https://www.peerio.com/ Never can say goodbye https://cryptoparty.in/cryptopartykbn .
    [Show full text]
  • Instant Messaging
    Click to edit Master title style •InstantClick to Messaging edit Master Security text styles and Privacy • Second level Chat and• Third more level while safeguarding your privacy • Fourth level • Fifth level Klaus Möller WP8-T1 Webinar, 24th of September 2020 Public www.geant.org 1 | www.geant.org 24/09/20 1 Instant Messaging (IM) Introduction • Other names: Mobile Messaging or simply Online Chat • Originally: Sending (small) text messages to other users – First: on the same computer, later: world wide – User (person) had to be online to receive message ● Some systems allow delivery from server later ● Or use Chat-Bots (workaround in the beginning) • Not limited to text anymore – Photos, Sounds, Video – File transfer between users • Additional feature of Voice-/Videoconferencing systems 2 | www.geant.org Google Talk (discontinued) Tlen.pl (discontinued) WhatsApp Kik Customized Cryptocat (uses modified prosody) Google Hangouts Instant Messaging Protocols Snapchat (?) nk.pl LiveJournal Talk Gizmo5 WP Spik (discontinued) Tipic IM XMPP ● Wide variety, some notable mentions IBM Lotus Sametime Bitmessage Customized ProtonMail ● AIM Gmail ICQ Gateway Email Outlook HTTP(s) OSCAR (discontinued) Bonjour Apple mail MobileMe Yahoo! mail – As part of WebRTC or REST APIs SIMPLE Yandex.mail Skype for Business HipChat Ring AQQ SIP – MSRP Google Wave Federation Protocol (discontinued) Discord, … Libon Jingle FaceTime IRC DCC Gadu-Gadu Facebook Messenger ● SIP (Telephony) MSNP14 (discontinued) YMSG (Yahoo! Messenger) IM MQTT LINE Steam Friends protocols
    [Show full text]
  • Cyberextortion, a Growing Industry 22/02/2016
    CyberThreats_ Telefónica Cyberextortion, a Growing Industry 22/02/2016 Cyberextortion, a Growing Industry. 22/02/2016 Major findings There is an increasing tendency towards aggression in numerous cyber-attacks, notably those using some method of extortion in particular. In this sense, the conclusions on the methods carried out which are having the greatest impact are as follows: . Extortion via DDoS attacks is being firmly established. The modus operandi of the DD4BC group could give rise to more attackers impersonating them without the need for a great infrastructure and extensive technical knowledge. On the other hand, possible money outflows with the aim of laundering returned to the source of the extortion are the online gaming and trading platforms. Security breaches are assuming a way of extortion based on the sensitivity of filtered information. Currently, two ways are being opted to monetise the attacks, either to sell the database or to extort it directly to users. The payment method required is usually Bitcoin. A growing trend is sexual extortion, also known as sextortion. The sharing of files using peer-to-peer networks remains the main platform for access to child abuse material and for its distribution in a non-commercial manner. In the same way, other anonymous networks and platforms such as Tor are considered as a threat in this area. However, what worries Security Authorities and Bodies the most is the live streaming of child abuse due to the difficulty to detect and investigate it since criminals tend not to store a copy of the material. Since 2015, the threat of ransomware has increased by 165%.
    [Show full text]
  • Anonymous Operations and Techniques
    Anonymous Operations and Techniques The story of Anonymous: How to go from ultra-coordinated motherfuckery to uncoordinated dumbfuckery in less than 3 years Speaker Introduction •Flanvel •Viz The Beginning • 2003-2006 • 4chan 2006-2007 • Habbo raids • July 6th 2006 • THE POOL IS CLOSED • Hao’s moderators were racial profiling dark-skinned avatars • Habbo Hotel raided by blockading entrances of popular areas • Exploiting a technical issue that ould’t allow avatars to walk through each other when entering and exiting premises. 2006-2007 • Harold Charles "Hal" Turner (born March 15, 1962) is an American white nationalist, Holocaust denier and blogger from North Bergen, New Jersey. • Turner claimed that in December 2006 and January Anonymous took Turner's website offline, costing him thousands of dollars in bandwidth bills. • Turner sued 4chan and other websites for copyright infringement. • Turner failed to respond and the judge dismissed the case in December 2007. 2006-2007 • Chris Forcand arrest • Members of Anonymous had been researching Forcand and had posted online several chatlogs. • Pretended to be under aged girls, most notably a supposed 13 year old named Jessica. • The conversations were forwarded to the members of his church. • Toronto PD arrested him on December 5, 2007 after an undercover investigation. • Charged with two counts of luring a child under the age of 14, attempt to invite sexual touching, attempted exposure, possessing a dangerous weapon, and carrying a concealed weapon. 2008 • Project Chanology (Operation Chanology) was a protest movement against the practices of the Church of Scientology • Response to the Church of Scientology's attempts to remove material from a highly publicized interview with Tom Cruise from the Internet.
    [Show full text]