sign in sign up
<<
Home , Onion routing

How the Works

Sherri Davidoff, GCFA, GPEN LMG Security www.LMGsecurity.com @LMGSecurity

September 18, 2018 w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 2 w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 3 Roadmap

. Onion Routing & − How WikiLeaks Began . Accessing the Dark Web . Silk Road 3.1 . The Goods − Payment card numbers − Passwords − Hospital records − Hacking tools − & more

w.Mscrt.oCprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 4 Thanks to LMG’s Researchers!

Matt Durrin David Fite

w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 5 Normal Web Surfing

Destination Source

w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 6 Dark Web Surfing ?

Source

Destination

w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 7 Onion Routing

. Anonymous web surfing . Source and destination cannot be seen . Message encrypted in layers . Peeled off at each node . Simplified example

Copyright Sherri Davidoff 2018. All rights reserved. www.LMGsecurity.com8 Asymmetric (“Public ”)

http://www.newtechie.com/2011/09/types-of-encryption-what-is.html

9 Message encrypted in layers

A B C

Source Destination

w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 10 Address of B!

A B C

Source Destination

w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 11 Address of C!

A B C

Source Destination

w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 12 Address of Destination!

A B C

Source Destination

w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 13 Exit

A B C

Source Destination

w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 14 Dark Web Surfing ?

Source

Destination

w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 15 Breaking Anonymity

. Timing attacks . Entering identifying information − Social media − Bank account − address

w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 16 Uses for Onion Routing

. Military and intelligence . Illegal E-Commerce . Bypass censorship . Data Leaks . Learn about sensitive topics . Criminal communications (AIDS, birth control, etc) . Spies . Journalism . Protect children (location) . Anonymous whistleblowing

w.Mscrt.oCprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 17 Tor

Roger Dingledine Paul Syverson Nick Mathewson

w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 18 Julian Assange (founder of WikiLeaks)

Exit

A B C

Source Destination

w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 19 w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 20 WikiLeaks Submissions

w . M s c r t.o CprgtSherri Davidoff 2018. All rights reserved.www.LMGsecurity.comCopyright 21 Visiting The Dark Web Tor Browser

Onion address

w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 23 (We Aren’t Really in Germany) Let’s Find Some Links - Reddit

w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 25 w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 26 w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 27 Silk Road 3.1

w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 28 Silk Road 3.1 w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 30 w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 31 Search Results -

w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 32 Chat Forum

w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 33 Account Security

w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 34 Phishing Prevention

w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 35 PayPal/ Credit Card Accounts w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 38 Dropbox ACcounts Stolen Passwords LinkedIn Passwords

Seller Profile

w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 43 w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 44 Hacked Bank Accounts Seller Profile w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 48 Citizenship for Sale 250k Hospital Records Hospital Records w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 52 Seller Ratings Remote Access to Your Computers w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 55

Phones Hacking Tools (Empire Market) Software to Steal Credentials

w . M s c r t.o CprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 59 Ransomware for Sale Goldeneye Ransomware

Cryptojacking for Sale Botnet & Support Phishing Tools Hire a Freelance Hacker Full Service Fraudsters Solutions: Check Out Our Recorded Cybercrime Spotlights!

. Business email compromise / 04-11-18 . Reduce Your Cybersecurity Costs and Your Risk / 03-20-18 . Protecting Your Data with Encryption / 11-15-17 . Summer Hacking Update / 08-16-17 . How to Set Up Authentication That Works / 05-16-17 . Ransomware Prevention and Response / 06-14-17

w.Mscrt.oCprgtLMG Security 2017. All rights reserved.www.LMGsecurity.comCopyright 69 Questions?

. Sherri Davidoff / LMG Security − Email: [email protected] − Phone: 406-830-3165 . www.LMGsecurity.com . @LMGSecurity

70 Note

Disclaimer The descriptions contained in this communication are for preliminary informational purposes only and should not be taken as legal advice. The product is available on an admitted basis in some but not all US jurisdictions through Beazley Insurance Company, Inc., and is available on a surplus lines basis through licensed surplus lines brokers underwritten by Beazley syndicates at Lloyd’s. The exact coverage afforded by the product described herein is subject to and governed by the terms and conditions of each policy issued. The publication and delivery of the information contained herein is not intended as a solicitation for the purchase of insurance on any US risk. Beazley USA Services, Inc. is licensed and regulated by insurance regulatory authorities in the respective states of the US and transacts business in the State of California as Beazley Insurance Services (License#: 0G55497). CBEM664_US_09/18