The Dark Web Overview & Tour
Jim Baird Director of Information Security, IT Auditor 10-D Security About 10-D Security
• Dedicated Information Security Firm • Clients Nationwide, primarily in regulated industries • Services – Penetration Testing – Social Engineering – Vulnerability Scanning – Audits (IT, ACH, BSA, ATM, Password, Wire, HIPAA, etc.) – Web Application Assessment – Incident Response – Education & Training
10-D Security Setting a Higher Level of Excellence in Information Security & Compliance Services ©2019 10-D, Inc. All Rights Reserved. What We Will Cover Today
1. Overview: Surface Web - Deep Web – Dark Web 2. Terminology 3. How the Dark Web operates 4. Dark Web Live Demo
WARNING: The demo will contain some vulgar content. There is also the possibility of disturbing, explicit, or otherwise offensive material that may inadvertently be displayed. Please feel free to step out before the demo if you wish to avoid the risk.
10-D Security Setting a Higher Level of Excellence in Information Security & Compliance Services ©2019 10-D, Inc. All Rights Reserved. A few questions
Is the Dark Web a good thing or a bad thing?
Have you accessed the Dark Web?
Is the Dark Web safe to access (visit)?
10-D Security Setting a Higher Level of Excellence in Information Security & Compliance Services ©2019 10-D, Inc. All Rights Reserved. (not picked up by search engines)
(only accessible with Dark Web browser) Terminology
Carding - The trafficking of credit card, bank account and other personal information online as well as related fraud services. Activities also encompass procurement of details, and money laundering techniques.
Dox – To publicly identify or publish private information about someone, typically with malicious intent. Doxxing is when someone’s personal or identifiable info is made available on the internet, and frequently includes address, phone number, and place of work.
10-D Security Setting a Higher Level of Excellence in Information Security & Compliance Services ©2019 10-D, Inc. All Rights Reserved. Terminology
Dump - An unauthorized copy of information contained in the magnetic strip of an active credit card, created with the intention of illegally making a fake credit card that can be used by cybercriminals to make purchases. Value of a dump increases with the amount of associated information (i.e., track 1 & 2), CVV, ZIP code, DoB, MMN, SS#, PIN, debit vs. credit, etc.)
Fullz - A term used by credit card hackers and data resellers meaning full packages of individuals' identifying information. Fullz usually contain an individual's name, Social Security number, date of birth, account numbers, and other data.
10-D Security Setting a Higher Level of Excellence in Information Security & Compliance Services ©2019 10-D, Inc. All Rights Reserved. Terminology
Tor – (The Onion Router) Is an open-source public project that provides an anonymous, or at least difficult to track, method to communicate on the internet. The Tor browser is used to access public sites anonymously, as well as websites that are only known to the Tor network.
.onion – The “host suffix” on a hidden service (e.g., “zqktlwi4fecvo6ri.onion”). This designates a hidden service or site that is only reachable using Tor. .onion addresses are registered when a hidden service is setup; this is used as another step in concealing the service and the user’s activity.
10-D Security Setting a Higher Level of Excellence in Information Security & Compliance Services ©2019 10-D, Inc. All Rights Reserved. Tor
“… is relied upon by journalists, activists and campaigners in the US and Europe as well as in China, Iran and Syria, to maintain the privacy of their communications and avoid reprisals from government. To this end, it receives around 60% of its funding from the US government, primarily the State Department and the Department of Defense – which houses the NSA.” TheGuardian.com
10-D Security Setting a Higher Level of Excellence in Information Security & Compliance Services ©2019 10-D, Inc. All Rights Reserved. The Tor Project, Inc. is the owner and originator of this content. The Tor Project, Inc. is the owner and originator of this content. The Tor Project, Inc. is the owner and originator of this content. VPN Relay
Using a VPN further protects the anonymity of the user. If the first Tor node is compromised, the IP of Alice’s computer is not disclosed. It may also circumvent some filters.
The Tor Project, Inc. is the source for portions of this content. Tech Minute
Configuration I am using to access the Dark Web: 1. Windows 10 Professional on common laptop 2. VMware Workstation Pro (to create a virtual computer) 3. Linux operating system (Ubuntu 18.04.1 LTS) 4. ExpressVPN (further anonymity, avoid filters) 5. External Wifi adapter (for Ubuntu exclusively) 6. Tor browser 7. An open Wifi network
10-D Security Setting a Higher Level of Excellence in Information Security & Compliance Services ©2019 10-D, Inc. All Rights Reserved. Demo Time!
WARNING: The demo will contain some vulgar content. There is also the possibility of disturbing, explicit, or otherwise offensive material that may inadvertently be displayed. Please feel free to step out before the demo if you wish to avoid the risk.
10-D Security Setting a Higher Level of Excellence in Information Security & Compliance Services ©2019 10-D, Inc. All Rights Reserved.
THANK YOU!!!
Get 10-D Security’s “Weekly Security Tip” at: www.10dsecurity.com/weekly-security-tips
Or contact Mitch Henton [email protected] / 913-717-0148
10-D Security Setting a Higher Level of Excellence in Information Security & Compliance Services ©2019 10-D, Inc. All Rights Reserved.