DOCSLIB.ORG

Cybersecurity

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cybersecurity CyberLab: Tools for user protection Circumvention technology and its applications 25.04.2016 Bjoern Christian Wolf 1 network • Initial development by U.S. Naval Research Laboratory • Further developed by DARPA • Open source in 2004 • Current development funded by EFF Source: https://www.torproject.org “the King of high secure, low latency Internet anonymity“ NSA internal communication 2013 25.04.2016 Bjoern Christian Wolf 2 25.04.2016 Bjoern Christian Wolf 3 Tails OS Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity, and helps you to: – use the Internet anonymously and circumvent censorship; all connections to the Internet are forced to go through the Tor network; – leave no trace on the computer you are using unless you ask it explicitly; – use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging. 25.04.2016 Bjoern Christian Wolf 4 What is the Darknet? Tor hidden web services are part of the deep web “The Good“ “The Bad“ “The Ugly“ • Crucial role in • Provides digital • Pedophilia content organising uprisings space for various (recently Iran and conventional crimes • Hitman services Egypt) (drugs, counterfit money and • Conventional • Security for passports, stolen weapons whistle-blowers identities and credit (used by Edward cards etc.) • Chemical weapons Snowden) • Financial crime (money laundering, • Enables journalists payments) enabled and diplomats through bitcoin • Not indexed, decentral structure • Partially not accessible with normal browser (onion links) • Location of servers and visitors very hard to determine • Very volatile and quick developments 25.04.2016 Bjoern Christian Wolf 5 Timeline of main marketplaces in the Darknet Dark markets developed in phases First markets Professionalisation and Diverse and well- emerge mass adoption accepted ecosystem 22,000 (Nov 2014) 18,250 Sales per month: $52 million 16,000 listings Total sales: $200 million Various small Silk Road 1 (take-down) Silk Road 2 Evolution Agora Abraxas vendors (take-down) (scam) Sheep BlackBank Feb Oct Nov Marketplace Nov Mar Aug 2011 2013 2013 (take-down) 2014 2015 2015 may other Black Market services Operation Onymous Reloaded 414 services taken down (suspended) Sources: Digital Citizens Alliance Report 2014 http://www.ibtimes.com/silk-roads-demise-spawns-agora-popular-new-online-drug-marketplace-1684550 http://www.wired.com/2014/09/agora-bigger-than-silk-road/ http://www.forbes.com/sites/thomasbrewster/2015/03/18/evolution-market-a-scam-says-site-pr/ 25.04.2016 Bjoern Christian Wolf 6 Effect of market take-downs Takedowns are frequent, but the ecosystem is very flexible 25.04.2016 Bjoern Christian Wolf 7 Central issues and solutions Each aspect of a regular market is replaced with anonymity The reasons why Darknet markets are so resilient Seller Transaction & Trust Logistics Problem Communication Payment Marketplace Social Bitcoin Postal Delivery Solution infrastructure organisation LocalBitcoin, plausible deniability, TOR anonymisation, Rating for quality, Tumblers dead mailboxes, PGP encryption Escrow for delivery Packstation etc. Buyer 25.04.2016 Bjoern Christian Wolf 8 Practical examples: Screenshots of Tor and various darknet websites 25.04.2016 Bjoern Christian Wolf 9 25.04.2016 Bjoern Christian Wolf 10 Source: https://www.wikipedia.org 25.04.2016 Bjoern Christian Wolf 11 Source: https://www.wikipedia.org 25.04.2016 Bjoern Christian Wolf 12 Source: https://www.wikipedia.org 25.04.2016 Bjoern Christian Wolf 13 Source: https://www.wikipedia.org 25.04.2016 Bjoern Christian Wolf 14 Source: https://www.wikipedia.org 25.04.2016 Bjoern Christian Wolf 15 Source: https://www.wikipedia.org 25.04.2016 Bjoern Christian Wolf 16 Source: https://www.wikipedia.org 25.04.2016 Bjoern Christian Wolf 17 Source: https://www.wikipedia.org 25.04.2016 Bjoern Christian Wolf 18 .
Load more

Recommended publications
  • Download (589Kb)
    This is an Open Access document downloaded from ORCA, Cardiff University's institutional repository: http://orca.cf.ac.uk/95227/ This is the author’s version of a work that was submitted to / accepted for publication. Citation for final published version: Décary-Hétu, David and Giommoni, Luca 2017. Do police crackdowns disrupt drug cryptomarkets? a longitudinal analysis of the effects of Operation Onymous. Crime, Law and Social Change 67 (1) , pp. 55-75. 10.1007/s10611-016-9644-4 file Publishers page: http://dx.doi.org/10.1007/s10611-016-9644-4 <http://dx.doi.org/10.1007/s10611- 016-9644-4> Please note: Changes made as a result of publishing processes such as copy-editing, formatting and page numbers may not be reflected in this version. For the definitive version of this publication, please refer to the published source. You are advised to consult the publisher’s version if you wish to cite this paper. This version is being made available in accordance with publisher policies. See http://orca.cf.ac.uk/policies.html for usage policies. Copyright and moral rights for publications made available in ORCA are retained by the copyright holders. 1 Do Police Crackdowns Disrupt Drug Cryptomarkets? A Longitudinal Analysis Of The Effects Of Operation Onymous In recent years, there has been a proliferation of online illicit markets where participants can purchase and sell a wide range of goods and services such as drugs, hacking services, and stolen financial information. Second- generation markets, known as cryptomarkets, provide a pseudo-anonymous platform from which to operate and have attracted the attention of researchers, regulators, and law enforcement.
    [Show full text]
  • An Evolving Threat the Deep Web
    8 An Evolving Threat The Deep Web Learning Objectives distribute 1. Explain the differences between the deep web and darknets.or 2. Understand how the darknets are accessed. 3. Discuss the hidden wiki and how it is useful to criminals. 4. Understand the anonymity offered by the deep web. 5. Discuss the legal issues associated withpost, use of the deep web and the darknets. The action aimed to stop the sale, distribution and promotion of illegal and harmful items, including weapons and drugs, which were being sold on online ‘dark’ marketplaces. Operation Onymous, coordinated by Europol’s Europeancopy, Cybercrime Centre (EC3), the FBI, the U.S. Immigration and Customs Enforcement (ICE), Homeland Security Investigations (HSI) and Eurojust, resulted in 17 arrests of vendors andnot administrators running these online marketplaces and more than 410 hidden services being taken down. In addition, bitcoins worth approximately USD 1 million, EUR 180,000 Do in cash, drugs, gold and silver were seized. —Europol, 20141 143 Copyright ©2018 by SAGE Publications, Inc. This work may not be reproduced or distributed in any form or by any means without express written permission of the publisher. 144 Cyberspace, Cybersecurity, and Cybercrime THINK ABOUT IT 8.1 Surface Web and Deep Web Google, Facebook, and any website you can What Would You Do? find via traditional search engines (Internet Explorer, Chrome, Firefox, etc.) are all located 1. The deep web offers users an anonym- on the surface web. It is likely that when you ity that the surface web cannot provide. use the Internet for research and/or social What would you do if you knew that purposes you are using the surface web.
    [Show full text]
  • Mass Surveillance
    Mass Surveillance Mass Surveillance What are the risks for the citizens and the opportunities for the European Information Society? What are the possible mitigation strategies? Part 1 - Risks and opportunities raised by the current generation of network services and applications Study IP/G/STOA/FWC-2013-1/LOT 9/C5/SC1 January 2015 PE 527.409 STOA - Science and Technology Options Assessment The STOA project “Mass Surveillance Part 1 – Risks, Opportunities and Mitigation Strategies” was carried out by TECNALIA Research and Investigation in Spain. AUTHORS Arkaitz Gamino Garcia Concepción Cortes Velasco Eider Iturbe Zamalloa Erkuden Rios Velasco Iñaki Eguía Elejabarrieta Javier Herrera Lotero Jason Mansell (Linguistic Review) José Javier Larrañeta Ibañez Stefan Schuster (Editor) The authors acknowledge and would like to thank the following experts for their contributions to this report: Prof. Nigel Smart, University of Bristol; Matteo E. Bonfanti PhD, Research Fellow in International Law and Security, Scuola Superiore Sant’Anna Pisa; Prof. Fred Piper, University of London; Caspar Bowden, independent privacy researcher; Maria Pilar Torres Bruna, Head of Cybersecurity, Everis Aerospace, Defense and Security; Prof. Kenny Paterson, University of London; Agustín Martin and Luis Hernández Encinas, Tenured Scientists, Department of Information Processing and Cryptography (Cryptology and Information Security Group), CSIC; Alessandro Zanasi, Zanasi & Partners; Fernando Acero, Expert on Open Source Software; Luigi Coppolino,Università degli Studi di Napoli; Marcello Antonucci, EZNESS srl; Rachel Oldroyd, Managing Editor of The Bureau of Investigative Journalism; Peter Kruse, Founder of CSIS Security Group A/S; Ryan Gallagher, investigative Reporter of The Intercept; Capitán Alberto Redondo, Guardia Civil; Prof. Bart Preneel, KU Leuven; Raoul Chiesa, Security Brokers SCpA, CyberDefcon Ltd.; Prof.
    [Show full text]
  • A Framework for Identifying Host-Based Artifacts in Dark Web Investigations
    Dakota State University Beadle Scholar Masters Theses & Doctoral Dissertations Fall 11-2020 A Framework for Identifying Host-based Artifacts in Dark Web Investigations Arica Kulm Dakota State University Follow this and additional works at: https://scholar.dsu.edu/theses Part of the Databases and Information Systems Commons, Information Security Commons, and the Systems Architecture Commons Recommended Citation Kulm, Arica, "A Framework for Identifying Host-based Artifacts in Dark Web Investigations" (2020). Masters Theses & Doctoral Dissertations. 357. https://scholar.dsu.edu/theses/357 This Dissertation is brought to you for free and open access by Beadle Scholar. It has been accepted for inclusion in Masters Theses & Doctoral Dissertations by an authorized administrator of Beadle Scholar. For more information, please contact [email protected]. A FRAMEWORK FOR IDENTIFYING HOST-BASED ARTIFACTS IN DARK WEB INVESTIGATIONS A dissertation submitted to Dakota State University in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Cyber Defense November 2020 By Arica Kulm Dissertation Committee: Dr. Ashley Podhradsky Dr. Kevin Streff Dr. Omar El-Gayar Cynthia Hetherington Trevor Jones ii DISSERTATION APPROVAL FORM This dissertation is approved as a credible and independent investigation by a candidate for the Doctor of Philosophy in Cyber Defense degree and is acceptable for meeting the dissertation requirements for this degree. Acceptance of this dissertation does not imply that the conclusions reached by the candidate are necessarily the conclusions of the major department or university. Student Name: Arica Kulm Dissertation Title: A Framework for Identifying Host-based Artifacts in Dark Web Investigations Dissertation Chair: Date: 11/12/20 Committee member: Date: 11/12/2020 Committee member: Date: Committee member: Date: Committee member: Date: iii ACKNOWLEDGMENT First, I would like to thank Dr.
    [Show full text]
  • Says a Friend of Benthall's
    54 I At 3:15 P.M. on October 1, 2013, Ross Ulbricht’s career as a drug kingpin came to an end in the science- fiction section of San Francisco’s Glen Park Library. The 29-year- old had walked up the steps just inside the modern stone building, passed the librarian working at the circula- tion desk and taken a seat at a far corner table near a window. It was a sunny day, but the small community library was filled with people. Ulbricht, with his easy smile and thick mop of brown hair, was dressed in blue jeans web of lies_ AN UNDERGROUND, ANONYMOUS INTERNET— THE DEEP WEB—IS THE LAST LAWLESS FRONTIER ON EARTH. BUT NOTHING COULD SAVE ITS KINGPINS FROM THE PAINFUL CONSEQUENCES OF HUMAN ERROR BY JOSHUA HUNT and a T-shirt. The hand- ful of people reading and wandering among rows of novels nearby weren’t dressed much differently, but beneath their shirts and jackets they wore vests that identified them as FBI agents. Until the moment they rushed Ulbricht, pushing him up against a window to handcuff him as other agents seized his laptop before he could lock it down, nobody suspected anything out of place. The cuffs went on and a small crowd gathered, but Ulbricht just looked out at the afternoon sun. Ulbricht was an educated person, with a master’s degree in 55 materials science and engi- neering from Penn State. He was a good son from a good Texas family, an un- likely addition to the list of men who had changed the shape and scale of drug distribution in Amer- ica.
    [Show full text]
  • Technical and Legal Overview of the Tor Anonymity Network
    Emin Çalışkan, Tomáš Minárik, Anna-Maria Osula Technical and Legal Overview of the Tor Anonymity Network Tallinn 2015 This publication is a product of the NATO Cooperative Cyber Defence Centre of Excellence (the Centre). It does not necessarily reflect the policy or the opinion of the Centre or NATO. The Centre may not be held responsible for any loss or harm arising from the use of information contained in this publication and is not responsible for the content of the external sources, including external websites referenced in this publication. Digital or hard copies of this publication may be produced for internal use within NATO and for personal or educational use when for non- profit and non-commercial purpose, provided that copies bear a full citation. www.ccdcoe.org [email protected] 1 Technical and Legal Overview of the Tor Anonymity Network 1. Introduction .................................................................................................................................... 3 2. Tor and Internet Filtering Circumvention ....................................................................................... 4 2.1. Technical Methods .................................................................................................................. 4 2.1.1. Proxy ................................................................................................................................ 4 2.1.2. Tunnelling/Virtual Private Networks ............................................................................... 5
    [Show full text]
  • Collective Dynamics of Dark Web Marketplaces
    www.nature.com/scientificreports OPEN Collective dynamics of dark web marketplaces Abeer ElBahrawy 1,2, Laura Alessandretti 3,4, Leonid Rusnac 2, Daniel Goldsmith2, Alexander Teytelboym5 & Andrea Baronchelli1,6,7* Dark web marketplaces are websites that facilitate trade in illicit goods, mainly using Bitcoin. Since dark web marketplaces are unregulated, they do not ofer any user protection, so police raids and scams regularly cause large losses to marketplace participants. However, the uncertainty has not prevented the proliferation of dark web marketplaces. Here, we investigate how the dark web marketplace ecosystem reorganises itself following marketplace closures. We analyse 24 separate episodes of unexpected marketplace closure by inspecting 133 million Bitcoin transactions among 38 million users. We focus on “migrating users” who move their trading activity to a diferent marketplace after a closure. We fnd that most migrating users continue their trading activity on a single coexisting marketplace, typically the one with the highest trading volume. User migration is swift and trading volumes of migrating users recover quickly. Thus, although individual marketplaces might appear fragile, coordinated user migration guarantees overall systemic resilience. Dark web marketplaces (or “dark markets”) are commercial websites which specialise in trading illicit goods. Tey are accessible via darknets (e.g., Tor) and vary in specialisation, technology, and primary supported lan- guage. Silk Road, the frst modern dark marketplace launched in 2011, limited its sales to drugs while other dark marketplaces allow trading of weapons, fake IDs and stolen credit cards 1,2. Most marketplaces simply facilitate transactions between buyers and sellers of illicit goods, however some marketplaces act as sellers and sell directly to buyers.
    [Show full text]
  • Assessing the Practices and Products of Darkweb Firearm Vendors
    Deviant Behavior ISSN: 0163-9625 (Print) 1521-0456 (Online) Journal homepage: https://www.tandfonline.com/loi/udbh20 Assessing the Practices and Products of Darkweb Firearm Vendors Christopher Copeland, Mikaela Wallin & Thomas J. Holt To cite this article: Christopher Copeland, Mikaela Wallin & Thomas J. Holt (2019): Assessing the Practices and Products of Darkweb Firearm Vendors, Deviant Behavior, DOI: 10.1080/01639625.2019.1596465 To link to this article: https://doi.org/10.1080/01639625.2019.1596465 Published online: 30 Mar 2019. Submit your article to this journal Article views: 29 View Crossmark data Full Terms & Conditions of access and use can be found at https://www.tandfonline.com/action/journalInformation?journalCode=udbh20 DEVIANT BEHAVIOR https://doi.org/10.1080/01639625.2019.1596465 Assessing the Practices and Products of Darkweb Firearm Vendors Christopher Copelanda, Mikaela Wallinb, and Thomas J. Holtb aTarleton State University, Stephenville, Texas, USA; bMichigan State University, East Lansing, MI, USA ABSTRACT ARTICLE HISTORY The development of the Darknet as a parallel network to the Web in the Received 23 July 2018 21st century has facilitated illegal trafficking in small arms, as defined by the Accepted 25 September 2019 United Nations. The authors have used investigative research methodolo- gies to observe six weapon sale sites on the Darknet over a six-month period to identify sellers of firearms, the type and caliber of weapons for sale, manufacturer, price in Bitcoin, and the principle national origins of the firearms. This is the first study of its type to explore the illegal sale of firearms on the Darknet. This evidence can be used by law enforcement to intercept and shut down said sites and provide insight to the nature of the illegal arms trade on the Darknet.
    [Show full text]
  • From Dealer to Doorstep – How Drugs Are Sold on the Dark Net Alois Afilipoaie and Patrick Shortis
    GDPO Situation Analysis June 2015 From Dealer to Doorstep – How Drugs Are Sold On the Dark Net Alois Afilipoaie and Patrick Shortis Subject The growing trade in narcotics being sold over the Tor Dark Net is causing academics, law enforcement and policy makers to reassess the impact of ICT technology on real-world crime. Despite growing media attention there are many misconceptions about the difficulty involved and technical knowledge required to participate in these markets and successfully make a sale or purchase. This Situation Analysis aims to explain some of the common practices that vendors and customers alike undertake in order to conduct a secure purchase or sale. The Common Starting Point: Computer Security Regardless of buying or selling, both parties must first ensure their computer system is properly secure before engaging in illicit activity. An average internet user leaves data trails that law enforcement can follow and therefore understanding how to obfuscate or remove these trails altogether is a constant concern of Dark Net market participants. Tor1, Bitcoin2 and PGP (Pretty Good Encryption) 3 encryption are three key technologies that allow successful participation in Dark Net markets. • Tor - Makes tracking a user via their IP address very difficult by bouncing encrypted data through relays prior to their intended destination. • Bitcoin - Allows members to use a currency that is difficult to trace to a real-world identity and easy to launder online. • PGP - Allows messages that might be intercepted by third parties to remain unreadable by anyone who is not the intended recipient of the message, rendering attempts to intercept and read messages between users extremely difficult.
    [Show full text]
  • Anonymity with Tor: a Survey on Tor Attacks
    Anonymity with Tor: A Survey on Tor Attacks Ishan Karunanayake1,2,*, Nadeem Ahmed1,2, Robert Malaney1,2, Rafiqul Islam1,3, and Sanjay Jha1,2 1Cyber Security Cooperative Research Centre (CSCRC) - Australia 2University of New South Wales (UNSW) - Sydney, Australia 3Charles Sturt University - Albury, Australia *Corresponding author - [email protected] Abstract—Anonymity networks are becoming increasingly pop- their classification. To overcome this issue, we use a common ular in today’s online world as more users attempt to safeguard determiner for every layer of our taxonomy and clearly define their online privacy. Tor is currently the most popular anonymity the scope of each category. Several other survey works [12], network in use and provides anonymity to both users and services (hidden services). However, the anonymity provided by [13], [11], [14], lack details of website fingerprinting attacks Tor is also being misused in various ways. Hosting illegal sites or attacks on hidden services which are very important types for selling drugs, hosting command and control servers for of Tor attacks. botnets, and distributing censored content are but a few such Being an anonymity network, the most common objective of examples. As a result, various parties, including governments and a Tor attack is to de-anonymise its users and services. Since law enforcement agencies, are interested in attacks that assist in de-anonymising the Tor network, disrupting its operations, Tor’s initial deployment, researchers have worked to further and bypassing its censorship circumvention mechanisms. In this strengthen its anonymity objectives. Here, we try to present paper, we survey known Tor attacks and identify currently an extensive list of de-anonymisation attacks and discuss their available techniques that lead to improved de-anonymisation of feasibility in the live Tor network.
    [Show full text]
  • India-Canada Collaboration to Curb Digital Black Markets Sameer Patil
    Canada-India Track 1.5 Dialogue Paper No. 2 Partnering for Prosperity: India-Canada Collaboration to Curb Digital Black Markets Sameer Patil Canada-India Track 1.5 Dialogue Paper No. 2 Partnering for Prosperity: India-Canada Collaboration to Curb Digital Black Markets Sameer Patil CIGI Masthead Gateway House Masthead Executive Executive Board President Rohinton P. Medhora Director,Gateway House: Indian Council on Global Relations Neelam Deo Deputy Director, International Intellectual Property Law and Innovation Bassem Awad President, Human Resources, After-Market & Corporate Services & Member, Chief Financial Officer and Director of Operations Shelley Boettger Group Executive Board, Mahindra and Mahindra Ltd. Rajeev Dubey Director of the Global Economy Program Robert Fay President & CEO, The Indian Music Industry Blaise Fernandes Director of the International Law Research Program Oonagh Fitzgerald Executive Director, Morgan Stanley Investment Management Amay Hattangadi Director of the Global Security & Politics Program Fen Osler Hampson Non-Executive Director, Tata Sons Ishaat Hussain Director of Human Resources Laura Kacur Director,Gateway House: Indian Council on Global Relations Satish Kamat Deputy Director, International Environmental Law Silvia Maciunas Executive Director, Gateway House: Indian Council on Global Deputy Director, International Economic Law Hugo Perezcano Díaz Relations Manjeet Kripalani Director, Evaluation and Partnerships Erica Shaw Founding Partner,AZB & Partners Bahram Vakil Managing Director and General Counsel
    [Show full text]
  • Exploring Tools of Anonymity (Mis)Used by Carders on Cryptomarkets
    Deviating from the cybercriminal script: Exploring tools of anonymity (mis)used by carders on cryptomarkets Authors Gert Jan van Hardeveld, Craig Webber & Kieron O’Hara Abstract This work presents an overview of some of the tools that cybercriminals employ in order to trade securely. It will look at the weaknesses of these tools and how the behaviour of cybercriminals will sometimes lead them to use tools in a non- optimal manner, creating opportunities for law enforcement to identify and apprehend them. The criminal domain this article focuses on is carding, the online trade in stolen payment card details and the consequent criminal misuse of such data. However, these findings could be applied more broadly, as many of the analysed tools are used across (cyber)criminal domains. This paper is a continuation of earlier work (van Hardeveld, Webber & O’Hara, 2016), in which a crime script analysis of 25 carding tutorials presented the tools that cybercriminals use to cash-out stolen payment card details while remaining anonymous. We use these tutorials and an analysis of the literature to identify how they can be used incorrectly and create a typology of potential behavioural and technological pitfalls in these tools. Finally, we conclude that finding pitfalls in the usage of tools by cybercriminals has the potential to increase the efficiency of disruption, interception and prevention approaches. However, in future work, interviews with law enforcement experts and convicted cybercriminals or still active users should be used to analyse the operational security of cybercriminals in more depth. Introduction Online marketplaces on which stolen credit card details are sold have been around since the early 2000s.
    [Show full text]