The and its Ties to

Stefanie Wood Ellis October 22, 2019 Objectives for the Webinar: • Today we will develop a basic understanding of: – the different levels of access of the Internet – the type of information found in each of these areas – & top dark web • We will review Intellectual Property misuse in the Dark Web: – Type of IP found in the Dark Web – Monitoring benefits – Enforcement options • Following today’s session you should be able to evaluate: – Intellectual Property found in the deep or dark web and make a decision on enforcement options Terminology What is the Dark Web and Dark Net? • The dark web is part of the World Wide Web • Dark Web = Content, content that exists on darknets, overlay networks part of the deep web that use the Internet but require specific software, configurations, or authorization to • Dark Net = a network access. configuration • The dark web forms a small part of the deep web, requiring specialized the part of the Web not indexed by web search anonymizing engines, although sometimes the term deep web software to access is mistakenly used to refer specifically to the dark web. Publicly accessible Social Surface Web public websites Media data Accessible & searchable content, websites indexed by Wikipedia, Pastebin, Stack search engines Google, Bing, Yahoo!, etc. Overflow, Github, BitBucket

Deep Web Non-Public Social Media All data behind a login and not indexed by search Corporate Infrastructure, Medical Records engines organizational repositories Legal Files Financial Records, Online Banking Scientific Reports Private databases, requiring a login to access Academic Files

Private Journalist Human Dark Web Research Trafficking Data accessed using anonymizing software, like Hacking Tutorials & (The Onion Router) Drug Trafficking Services for Sale

Hacktivist/Political Protest Private Communications Activity

Illegally Obtained PII/ Illegal Arms Sales, ie Guns & Stolen Data Sales Ammo Sales HISTORY How did we get here? Let’s go way back • In the late 1960’s the Advanced Research Projects Agency Network (ARPANET) created the foundation for the modern Internet, and funded by the Department of Defense • The TCP/IP protocol suite is the technology utilized in developing this networking method, allowing for end-to-end data communication • Networks were created randomly and for various purposes – essentially an early version of a darknet in the form of password- protected data havens. • In the late 90’s this lead to the creation of Napster, Limeware, and other networks. HISTORY Anonymity takes over • In 2000 the first anonymizing software was created, called Freenet, allowing users to access every manner of illegally shared data within a self-contained network.

• The problem with Freenet is users had to operate within the network, and that was too limiting for many

• Freenet is still an option for users today https://freenetproject.org/ DEVELOPMENT OF TOR

• In the 1990’s, concerned about the impact of security protocols and the innate ability to use network communication for surveillance purposes, the pioneers at the U.S. Naval Research Lab tried to identify a way obfuscate communications on the Internet. • They created the concept of “onion routing,” further developed by the Defense Advanced Research Projects Agency (DARPA) & patented by the U.S. Navy in 1998. DEVELOPMENT OF TOR

What is onion routing? • It’s a technique allowing for anonymous online communication/ internet navigation • An “onion network” is layered, like an onion, in levels of encryption limiting tracking of the data packet to only the previous and next communication point for each layer. • This limits the ability to track the origin or final destination of a communication. TOR was created in 2006: https://www.torproject.org/ DEVELOPMENT OF TOR • Users began to access the darknet via TOR, however it wasn’t user friendly • The TOR browser was developed in 2008 • Not created as a haven for criminals • Not created to enable cybercrime • Was created to navigate around censorship, surveillance, government firewalls, with an objective of a free, accessible Internet without regulation • Widely used for legitimate as well as criminal enterprises What happens in the Dark Web?

Licit Uses: Illicit: • Anonymous Research • Stolen data, PII, other IP shared • Whisteblower data sharing or sold • Private communications • Drug Sales • Political/Hacktavist activity • Guns/Ammo Sales planning • Tutorials – making drugs, • Conspiracy websites bombs, etc • Child porn • Human Trafficking What happens in the Dark Web?

Published in 2016 by researchers Daniel Moore and Thomas Rid, Cryptopolitik and the Darknet, studied the value of encryption. In this pursuit, they reviewed Dark Web content and found the following: • 5,205 live sites in the darknet, and 2,723 were successfully classified and active (see chart) • The majority were illicit: drugs, finance, illegal forms of pornography • Drug sales the most prevalent • Bitcoin the preferred payment method • Highly recommend reading the full study

https://www.tandfonline.com/doi/full/10.1080/00396338.2016.1142085 Insert footer Forums & Message Boards

Anonymity can enable uninhibited conversations among strangers – whether suicide, or violence against others, or political activism. There’s safety in anonymity when there’s no fear of censorship. Marketplaces

• Whether drugs, arms, porn, sex, violence, etc., most transactions are initiated from dark web marketplaces • At any given time there are many active marketplaces, however they tend to be unstable with higher outages due to DDOS or law enforcement activity • Sometimes marketplaces don’t come back at all • Require registration, sometimes an invite, and include seller ratings, profiles, and order histories Typical Marketplace Offerings Marketplace: Pirated Software Marketplace: Luxury/Counterfeit Marketplaces: Pharmaceuticals Stolen Credentials for Sale Intellectual Property in the Dark Web Risk assessment: • Financial Institutions should monitor for leaked account information • Assess if hard goods brands are trafficking counterfeits via dark web marketplaces • All Brand owners should: – Determine whether regular monitoring is needed OR • Periodic monitoring due to indicators of a data breach, or an increase in unlawful sales • Evolving area of the Internet – monitoring should be revisited regularly Intellectual Property in the Dark Web • Due to onion routing, practices, anonymity and layers of encryption, enforcement through traditional means is challenging: – Sometimes seller information can be tracked and correlated across the surface, deep & dark web sources – Email addresses may be used to uncover additional information – this is likely limited – May consider test-buys to understand what is being sold: counterfeit, grey market, stolen • For stolen account or credential information best practice is to protect the customer from inside the brand owner’s network • When made aware of intellectual property in the dark web the best practice is to staunch the leak, close the vulnerability, and protect the customer TOR Information Law Enforcement Involvement

Closed Marketplaces: • Agora • • Sheep • AlphaBay Marketplace • Black Market • Reloaded • TheRealDeal • • The Farmer's Market • Silk Road was born in 2011 by Ross Ulbricht, online Silk Road persona: “ Pirate Roberts” • Silk Road is credited as being the first modern marketplace utilizing automated escrow and transaction review systems • Estimated $15 million in transactions annually • Ross Ulbricht was arrested in Oct 2013 with charges of , computer hacking, conspiracy to traffic narcotics, and attempting to have 6 people killed (though no murders actually took place) • $2.6 million in Bitcoin were seized by the FBI from Silk Road. Another $28.5 million was reportedly in Ulbricht’s anonymous “wallet,” and a further $87 million in Bitcoin were found on Ulbricht’s computer https://en.wikipedia.org/wiki/Silk_Road_(marketplace) Bitcoin • Bitcoin is a cryptocurrency, a digital currency, that doesn’t require a centralized bank or primary administration mechanism, and provides for a peer-to-peer payment system. • Via cryptography and a public distributed called , transactions are tracked and verified in association with wallets owned by anonymous entities. • In 2011 one Bitcoin was worth $0.30 . Today one Bitcoin is worth over $10,000 in US currency. • An anonymous payment system, utilized primarily in dark web markets, and Silk Road’s exclusive payment system • Relies upon “Miners” rewarded with Bitcoin to conduct network transactions • Cryptocurrencies created since Bitcoin’s development are generally referred to as “altcoins” – meaning a cryptocurrency that is not Bitcoin Bitcoin

• Decentralized: the is not controlled by any one central authority - every machine that mines Bitcoin and processes transactions makes up a part of the network, and the machines work together • Anonymous: Bitcoin “wallets” are not linked to names, addresses, or other personally identifying information • Fast: money can be sent anywhere and arrives within minutes, as soon as the Bitcoin network processes the payment • Non-Reversible: when are sent, there’s no getting them back, unless the recipient returns them to you – they are gone forever • Blockchain: a public ledger recording all transactions “While we have previously reported a small shift towards more privacy- focused cryptocurrencies such as Monero, Bitcoin remains the currency of choice for both legitimate and criminal use.”

Europol October 2019 report: https://www.europol.europa.eu/activities-services/main- reports/internet-organised-crime-threat-assessment-iocta-2019

Insert footer 28 Other Cryptocurrency Use

• Cryptocurrency used for most C2C transactions, as well as ransom payments or other payments demanded by cybercriminals

• Laundering is often done through mixing services or currencies

• New(er) development: Cryptocurrencies and exchanges are targeted by cybercriminals

• Litecoin is the #2 crypto on the dark web (https://www.investopedia.com/news/litecoin-gains-ground- bitcoin-dark-web/) SUMMARY • Three levels of the Internet: surface web, deep web, and dark web • The dark web was not created to be criminal in nature • Enables criminal activity: illicit goods trafficking, violence, arms, with drugs moved at the highest volumes • IP in the dark web consists of PII from data breaches, counterfeit sales, pharmaceuticals (legal & illegal), hacking services • Monitoring is important though enforcement is challenging • Protecting your client’s network and data is most important Thank you

Stefanie Wood Ellis [email protected] +1 208 685 1801 markmonitor.com

© 2019 Clarivate Analytics. All rights reserved. Republication or redistribution of Clarivate Analytics content, including by framing or similar means, is prohibited without the prior written consent of Clarivate Analytics. MarkMonitor and its logo, as well as all other trademarks used herein are trademarks of their respective owners and used under license.