SlideShare a Scribd company logo

Deep and Dark internet Safari, How to hire a hacker? Robbrecht van Amerongen

Download as PPTX, PDF
Getting value from IoT, Integration and Data Analytics
Getting value from IoT, Integration and Data Analytics

Deep and Dark internet Safari, How to hire a hacker. Views on how professional cyber crime organizations are.

1 of 33
Safari: Dark Internet Robbrecht van Amerongen
2 Robbrecht van Amerongen AMIS Business Innovation Manager Agile Master https://Linkedin.com/in/robbrecht Robbrecht@amis.nl 0641010286
Safari
4 Kwetsbare systemen
5
6 McAfee: 2014: We estimate that the likely annual cost to the global economy from cybercrime is more than $400 billion. InfoSec Institute 2013: Nearly 80% of cybercrime acts are estimated to originate in some form of organized activity. The diffusion of the model of fraud-as-service and the diversification of the offerings of the underground market is also attracting new actors with modest skills. in 2011 Russian-speaking hackers alone took in roughly $4.5 billion from cybercrime
7 Stel je voor: Cyber-Attack als bedrijf “Ik wil als bedrijf een hacker inhuren. Hoe doe ik dat?”
8 Cyber-Attack als bedrijf
9 • 2000-2004
Quality and Trust 10
11 Payment and distribution
12 Contact us? Contact me at mr.hacker@Safe-mail.net -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.22 (MingW32) mQENBFPhZR8BCACjScBCYxVsMe0orwQ8lFabKrvAVDnxLIoABf8xZ2rhEMXQNWL2 Ly0JKsL/fC166EvtsoIfOoZG1jA3TXCOk57rxW8fFTc2JD/9ccBqpBQjJ3xTfCcw da0SgwnBzPds9iCa9xl0neNTGmCrB3JzZ8Y1IOHr2PDJjScXq0ai1H1RYoivQgj2 Pg+kRock6MDKBJ5FhfFCd9mgE3/J5GPJ3GhIbjm6gPLs6sOle/hD5F2vjXcU23DD Yup/HvxY5vLJZgOhudhiQHEvxdUIroeilJWPFmPNYXKRamRu3FwB05ipcqQtt3yE v3/FNAe0eDJPv8nr3u3ciQSSl8HU3lM+QXcDABEBAAG0H01yLkdyaW0gPG1yLmdy aW1Ac2FmZS1tYWlsLm5ldD6JATkEEwECACMFAlPhZR8CGw8HCwkIBwMCAQYVCAIJ CgsEFgIDAQIeAQIXgAAKCRD8KgSBJS5CTtjVB/wMiv3ybVw92Mgz5JUi3LP0iUmu cUAgkzdD6FlDVbviKDh04EpJ4tvqBvYiz9riLi9qdVyZojvxOZedvNL+RBCTBx+E FcpD74aQ+2WY8PdzjackA61JNMFGGk9IoA+hP61dtkvjDcdEjn46a0Jf8hpXeEFU Vug+mRVj5fk7qxmyBFs8Q5WNvKA9N6HY2jFuShuibEQXTdc6jyYQ3wLDQXqkpkIU 4dt+ioHabfmXquLXZbLZi8vd2kbkiubJfYkk1qQX7E3PJ/uEN++3uOP2Z1fEXqu6 GiUuvl1cnly9my9XpLxr1OYus7uLnhJpzUtcQ9QKFyi86IRfLvf3d9VnxAK3 =4LqY -----END PGP PUBLIC KEY BLOCK-----
13
14 Levels: Deep Web • Level 1: This is the conventional web we (indexed by Google, Bing, other ). Only need a browser • Level 2: Content removed by search engines. E.g. movies, books, music , videos. Only need a browser • Level 3: non-public sites and you need access "Invitation" to and exclusive access content. Need a browser and an account. • Level 4: real "Deep Web" Need a special browser. Decentralized traffic. "The Hidden Wiki“ • Level 5: Need a special browser and accounts. Purchase Weapons, Drugs, Hackers Services • Level 6: Unknown: government network and is fully restricted.
15 500 x the Google index We will literally be shocked, and this is the reaction of those individual who can understand the existence of the Deep Web, a network of interconnected systems, are not indexed, having a size hundreds of times higher than the current web, around 500 times.
16 • Dynamic content: dynamic pages which are returned in response to a submitted query or accessed only through a form, especially if open-domain input elements (such as text fields) are used; such fields are hard to navigate without domain knowledge. • Unlinked content: pages which are not linked to by other pages, which may prevent Web crawling programs from accessing the content. This content is referred to as pages without backlinks (or inlinks). • Private Web: sites that require registration and login (password-protected resources). • Contextual Web: pages with content varying for different access contexts (e.g., ranges of client IP addresses or previous navigation sequence). • Limited access content: sites that limit access to their pages in a technical way (e.g., using the Robots Exclusion Standard, CAPTCHAs, or no-cache Pragma HTTP headers which prohibit search engines from browsing them and creating cached copies). • Scripted content: pages that are only accessible through links produced by JavaScript as well as content dynamically downloaded from Web servers via Flash or Ajax solutions. • Non-HTML/text content: textual content encoded in multimedia (image or video) files or specific file formats not handled by search engines. • Text content using the Gopher protocol and files hosted on FTP that are not indexed by most search engines. Engines such as Google do not index pages outside of HTTP or HTTPS.
17 Deep Internet / Dark Internet As usually happen, the project was born in military sector, sponsored the US Naval Research Laboratory and from 2004 to 2005 it was supported by the Electronic Frontier Foundation. A user that navigate using Tor it’s difficult to trace ensuring his privacy because the data are encrypted multiple times passing through nodes, Tor relays, of the network and making is untraceable.
18 TOR, The Onion Router
19 TOR, The Onion Router
20 TOR, The Onion Router
21 CiberCrime: Motivation (Black hat / White hat)
22 Professioneel!!!! Jan 2014: Blackshades. The police found that the group was paying salaries to its staff and had hired a marketing director to promote its software to hackers. It even maintained a customer-support team. 2008 Mpack: a professionally developed toolkit sold in the underground economy. Attackers deploy MPack’s collection of software components to install malicious code on thousands of computers around the world and then monitor the success of the attack through various metrics on its online management console. 2008 : Social networking Web sites are particularly valuable to attackers since they provide access to a large number of people, many of whom trust the site and its security. 2011 Zeus: We see multi-staged attacks which consist of an initial attack that is not intended to perform malicious activities immediately, but that is used to deploy subsequent attacks.
23 Full Cyber-Crime Service provider Professional, Architecture, Software Lifecycle. Industry specialization (Logistics, agriculture, manufacturing, financials etc..) Chain integration (infra, coding, execution, service, banking, money laundering) Including: • Cybercrime has their own social networks • Escrow services • Malware can now be licensed and gets tech support • You can now rent botnets by the hour, for your own crime spree ( BotNet as a Service or BaaS) • Pay-for-play malware infection services that quickly create botnets (automatic provisioning) • Quality testing • No-cure-no-pay for infections, cards, bank accounts…etc..
24 (Sponsored content)
25 June 2013: Prices for “Attacks-as-a-Service” : • Consulting services such as botnet setup, $350-$400 • Infection/spreading services, under $100 per a thousand installs • Botnets and rental, Direct Denial of Service (DdoS), $535 for 5 hours a day for one week, email spam, $40 per 20,000 emails, and Web spam, $2 per thirty posts. • Blackhat Search Engine Optimization (SEO), $80 for 20,000 spammed backlinks. • Inter-Carrier money exchange and mule services, 25% commission. • CAPTCHA breaking, $1 per a thousand CAPTCHAs, done by recruited humans. • Crimeware upgrade modules: Using Zeus modules as an example, they range anywhere from $500 to $10,000. http://securityaffairs.co/
26 Demo The Dark Internet
28
29
30 Passwords
???????? 31 Launch code Permissive Action Link (PAL), basically a small device that ensured that the missile could only be launched with the right code and with the right authority. Passcode was 8 characters: 00000000
32 Hoe sterk is je password?
33
34 Costs of Cyber Crime

Recommended

Online Tours and travel
Online Tours and travelOnline Tours and travel
Online Tours and travelAmit Patil
 
Cryptocurrency Tracker
Cryptocurrency TrackerCryptocurrency Tracker
Cryptocurrency TrackerIRJET Journal
 
Online car parking reservation system 9160262550 dinesh
Online car parking reservation system 9160262550 dineshOnline car parking reservation system 9160262550 dinesh
Online car parking reservation system 9160262550 dineshDinesh Nalluri
 
Airline Reservation system(project report of six week training)-ppt
Airline Reservation system(project report of six week training)-pptAirline Reservation system(project report of six week training)-ppt
Airline Reservation system(project report of six week training)-pptPunjab technical University
 
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan PetitAutomotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan PetitSecurity Innovation
 
Digital Payment Campaign
Digital Payment CampaignDigital Payment Campaign
Digital Payment Campaignpankajkumar3274
 
Airline reservation system
Airline reservation systemAirline reservation system
Airline reservation systemUnsa Jawaid
 
customer preference towards mobile wallet
customer preference towards mobile walletcustomer preference towards mobile wallet
customer preference towards mobile walletPranav Mital
 

Recommended

Online Tours and travel
Online Tours and travelOnline Tours and travel
Online Tours and travelAmit Patil
 
Cryptocurrency Tracker
Cryptocurrency TrackerCryptocurrency Tracker
Cryptocurrency TrackerIRJET Journal
 
Online car parking reservation system 9160262550 dinesh
Online car parking reservation system 9160262550 dineshOnline car parking reservation system 9160262550 dinesh
Online car parking reservation system 9160262550 dineshDinesh Nalluri
 
Airline Reservation system(project report of six week training)-ppt
Airline Reservation system(project report of six week training)-pptAirline Reservation system(project report of six week training)-ppt
Airline Reservation system(project report of six week training)-pptPunjab technical University
 
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan PetitAutomotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan PetitSecurity Innovation
 
Digital Payment Campaign
Digital Payment CampaignDigital Payment Campaign
Digital Payment Campaignpankajkumar3274
 
Airline reservation system
Airline reservation systemAirline reservation system
Airline reservation systemUnsa Jawaid
 
customer preference towards mobile wallet
customer preference towards mobile walletcustomer preference towards mobile wallet
customer preference towards mobile walletPranav Mital
 
Food ordering System
Food ordering SystemFood ordering System
Food ordering SystemArman Ahmed
 
Weather app presentation
Weather app presentationWeather app presentation
Weather app presentationAshfak Mazhar
 
BIS4995 : Web-based Package Tour Reservation System
BIS4995 : Web-based Package Tour Reservation System BIS4995 : Web-based Package Tour Reservation System
BIS4995 : Web-based Package Tour Reservation System Woraphan Atikomtrirat
 
Indonesia online payment gateway - May 2014
Indonesia online payment gateway - May 2014Indonesia online payment gateway - May 2014
Indonesia online payment gateway - May 2014Mercy Setiawan
 
Why indonesia & Why Now
Why indonesia & Why NowWhy indonesia & Why Now
Why indonesia & Why NowRidho Fitrah Hyzkia
 
Weather Display app
Weather Display appWeather Display app
Weather Display appTaresh Khandekar
 
Evolution of e commerce in india
Evolution of e commerce in indiaEvolution of e commerce in india
Evolution of e commerce in indiaShivam Gupta
 
Banking Management System Project documentation
Banking Management System Project documentationBanking Management System Project documentation
Banking Management System Project documentationChaudhry Sajid
 
TOURISM AND TRAVELLING MANAGEMENT SYSTEM
TOURISM AND TRAVELLING MANAGEMENT SYSTEMTOURISM AND TRAVELLING MANAGEMENT SYSTEM
TOURISM AND TRAVELLING MANAGEMENT SYSTEMMoeenuddin Patel
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyb coatesworth
 
GNUCITIZEN Pdp Owasp Day September 2007
GNUCITIZEN Pdp Owasp Day September 2007GNUCITIZEN Pdp Owasp Day September 2007
GNUCITIZEN Pdp Owasp Day September 2007guest20ab09
 
Demystifying the Dark Web
Demystifying the Dark WebDemystifying the Dark Web
Demystifying the Dark WebTom Kranz
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud preventionYury Leonychev
 
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Nicholas Davis
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentalsCloudflare
 
Dark web
Dark webDark web
Dark webSafwan Hashmi
 
cybercrime survival guide
cybercrime survival guidecybercrime survival guide
cybercrime survival guideGary Gray, MCSE
 
Cyber intelligence-services
Cyber intelligence-servicesCyber intelligence-services
Cyber intelligence-servicesCyber 51 LLC
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 
VoxxedDays Luxembourg - Abuse web browsers for fun & profits - Dominique Righ...
VoxxedDays Luxembourg - Abuse web browsers for fun & profits - Dominique Righ...VoxxedDays Luxembourg - Abuse web browsers for fun & profits - Dominique Righ...
VoxxedDays Luxembourg - Abuse web browsers for fun & profits - Dominique Righ...YaJUG
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Stephen Abram
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptschwarz10
 

More Related Content

What's hot

Food ordering System
Food ordering SystemFood ordering System
Food ordering SystemArman Ahmed
 
Weather app presentation
Weather app presentationWeather app presentation
Weather app presentationAshfak Mazhar
 
BIS4995 : Web-based Package Tour Reservation System
BIS4995 : Web-based Package Tour Reservation System BIS4995 : Web-based Package Tour Reservation System
BIS4995 : Web-based Package Tour Reservation System Woraphan Atikomtrirat
 
Indonesia online payment gateway - May 2014
Indonesia online payment gateway - May 2014Indonesia online payment gateway - May 2014
Indonesia online payment gateway - May 2014Mercy Setiawan
 
Evolution of e commerce in india
Evolution of e commerce in indiaEvolution of e commerce in india
Evolution of e commerce in indiaShivam Gupta
 
Banking Management System Project documentation
Banking Management System Project documentationBanking Management System Project documentation
Banking Management System Project documentationChaudhry Sajid
 
TOURISM AND TRAVELLING MANAGEMENT SYSTEM
TOURISM AND TRAVELLING MANAGEMENT SYSTEMTOURISM AND TRAVELLING MANAGEMENT SYSTEM
TOURISM AND TRAVELLING MANAGEMENT SYSTEMMoeenuddin Patel
 

What's hot (9)

Food ordering System
Food ordering SystemFood ordering System
Food ordering System
 
Weather app presentation
Weather app presentationWeather app presentation
Weather app presentation
 
BIS4995 : Web-based Package Tour Reservation System
BIS4995 : Web-based Package Tour Reservation System BIS4995 : Web-based Package Tour Reservation System
BIS4995 : Web-based Package Tour Reservation System
 
Indonesia online payment gateway - May 2014
Indonesia online payment gateway - May 2014Indonesia online payment gateway - May 2014
Indonesia online payment gateway - May 2014
 
Why indonesia & Why Now
Why indonesia & Why NowWhy indonesia & Why Now
Why indonesia & Why Now
 
Weather Display app
Weather Display appWeather Display app
Weather Display app
 
Evolution of e commerce in india
Evolution of e commerce in indiaEvolution of e commerce in india
Evolution of e commerce in india
 
Banking Management System Project documentation
Banking Management System Project documentationBanking Management System Project documentation
Banking Management System Project documentation
 
TOURISM AND TRAVELLING MANAGEMENT SYSTEM
TOURISM AND TRAVELLING MANAGEMENT SYSTEMTOURISM AND TRAVELLING MANAGEMENT SYSTEM
TOURISM AND TRAVELLING MANAGEMENT SYSTEM
 

Similar to Deep and Dark internet Safari, How to hire a hacker? Robbrecht van Amerongen

Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyb coatesworth
 
GNUCITIZEN Pdp Owasp Day September 2007
GNUCITIZEN Pdp Owasp Day September 2007GNUCITIZEN Pdp Owasp Day September 2007
GNUCITIZEN Pdp Owasp Day September 2007guest20ab09
 
Demystifying the Dark Web
Demystifying the Dark WebDemystifying the Dark Web
Demystifying the Dark WebTom Kranz
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud preventionYury Leonychev
 
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Nicholas Davis
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentalsCloudflare
 
cybercrime survival guide
cybercrime survival guidecybercrime survival guide
cybercrime survival guideGary Gray, MCSE
 
Cyber intelligence-services
Cyber intelligence-servicesCyber intelligence-services
Cyber intelligence-servicesCyber 51 LLC
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 
VoxxedDays Luxembourg - Abuse web browsers for fun & profits - Dominique Righ...
VoxxedDays Luxembourg - Abuse web browsers for fun & profits - Dominique Righ...VoxxedDays Luxembourg - Abuse web browsers for fun & profits - Dominique Righ...
VoxxedDays Luxembourg - Abuse web browsers for fun & profits - Dominique Righ...YaJUG
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Stephen Abram
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptschwarz10
 
Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )Monique Jones
 
Cryptojacking - by Vishwaraj101
Cryptojacking - by Vishwaraj101Cryptojacking - by Vishwaraj101
Cryptojacking - by Vishwaraj101v_raj
 
Cloud mz cto_roundtable
Cloud mz cto_roundtableCloud mz cto_roundtable
Cloud mz cto_roundtableeaiti
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hackingSahil Rai
 
Jean pier talbot - web is the battlefield - atlseccon2011
Jean pier talbot - web is the battlefield - atlseccon2011Jean pier talbot - web is the battlefield - atlseccon2011
Jean pier talbot - web is the battlefield - atlseccon2011Atlantic Security Conference
 

Similar to Deep and Dark internet Safari, How to hire a hacker? Robbrecht van Amerongen (20)

Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
 
GNUCITIZEN Pdp Owasp Day September 2007
GNUCITIZEN Pdp Owasp Day September 2007GNUCITIZEN Pdp Owasp Day September 2007
GNUCITIZEN Pdp Owasp Day September 2007
 
Demystifying the Dark Web
Demystifying the Dark WebDemystifying the Dark Web
Demystifying the Dark Web
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud prevention
 
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentals
 
Dark web
Dark webDark web
Dark web
 
cybercrime survival guide
cybercrime survival guidecybercrime survival guide
cybercrime survival guide
 
Cyber intelligence-services
Cyber intelligence-servicesCyber intelligence-services
Cyber intelligence-services
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
 
VoxxedDays Luxembourg - Abuse web browsers for fun & profits - Dominique Righ...
VoxxedDays Luxembourg - Abuse web browsers for fun & profits - Dominique Righ...VoxxedDays Luxembourg - Abuse web browsers for fun & profits - Dominique Righ...
VoxxedDays Luxembourg - Abuse web browsers for fun & profits - Dominique Righ...
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.ppt
 
News Bytes - December 2015
News Bytes - December 2015News Bytes - December 2015
News Bytes - December 2015
 
Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )
 
Cryptojacking - by Vishwaraj101
Cryptojacking - by Vishwaraj101Cryptojacking - by Vishwaraj101
Cryptojacking - by Vishwaraj101
 
ToR - Deep Web
ToR - Deep Web ToR - Deep Web
ToR - Deep Web
 
Cloud mz cto_roundtable
Cloud mz cto_roundtableCloud mz cto_roundtable
Cloud mz cto_roundtable
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hacking
 
Jean pier talbot - web is the battlefield - atlseccon2011
Jean pier talbot - web is the battlefield - atlseccon2011Jean pier talbot - web is the battlefield - atlseccon2011
Jean pier talbot - web is the battlefield - atlseccon2011
 

More from Getting value from IoT, Integration and Data Analytics

More from Getting value from IoT, Integration and Data Analytics (20)

AMIS Oracle OpenWorld en Code One Review 2018 - Blockchain, Integration, Serv...
AMIS Oracle OpenWorld en Code One Review 2018 - Blockchain, Integration, Serv...AMIS Oracle OpenWorld en Code One Review 2018 - Blockchain, Integration, Serv...
AMIS Oracle OpenWorld en Code One Review 2018 - Blockchain, Integration, Serv...
 
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 2: Custom Application ...
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 2: Custom Application ...AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 2: Custom Application ...
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 2: Custom Application ...
 
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 2: SaaS
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 2: SaaSAMIS Oracle OpenWorld en Code One Review 2018 - Pillar 2: SaaS
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 2: SaaS
 
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 1: Data
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 1: DataAMIS Oracle OpenWorld en Code One Review 2018 - Pillar 1: Data
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 1: Data
 
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 1: Cloud Infrastructure
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 1: Cloud Infrastructure AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 1: Cloud Infrastructure
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 1: Cloud Infrastructure
 
10 tips voor verbetering in je Linkedin profiel
10 tips voor verbetering in je Linkedin profiel10 tips voor verbetering in je Linkedin profiel
10 tips voor verbetering in je Linkedin profiel
 
Iot in de zorg the next step - fit for purpose
Iot in de zorg the next step - fit for purpose Iot in de zorg the next step - fit for purpose
Iot in de zorg the next step - fit for purpose
 
Iot overview .. Best practices and lessons learned by Conclusion Conenct
Iot overview .. Best practices and lessons learned by Conclusion Conenct Iot overview .. Best practices and lessons learned by Conclusion Conenct
Iot overview .. Best practices and lessons learned by Conclusion Conenct
 
IoT Fit for purpose - how to be successful in IOT Conclusion Connect
IoT Fit for purpose - how to be successful in IOT Conclusion Connect IoT Fit for purpose - how to be successful in IOT Conclusion Connect
IoT Fit for purpose - how to be successful in IOT Conclusion Connect
 
Industry and IOT Overview of protocols and best practices Conclusion Connect
Industry and IOT Overview of protocols and best practices Conclusion ConnectIndustry and IOT Overview of protocols and best practices Conclusion Connect
Industry and IOT Overview of protocols and best practices Conclusion Connect
 
IoT practical case using the people counter sensing traffic density build usi...
IoT practical case using the people counter sensing traffic density build usi...IoT practical case using the people counter sensing traffic density build usi...
IoT practical case using the people counter sensing traffic density build usi...
 
R introduction decision_trees
R introduction decision_treesR introduction decision_trees
R introduction decision_trees
 
Introduction overviewmachinelearning sig Door Lucas Jellema
Introduction overviewmachinelearning sig Door Lucas JellemaIntroduction overviewmachinelearning sig Door Lucas Jellema
Introduction overviewmachinelearning sig Door Lucas Jellema
 
IoT and the Future of work
IoT and the Future of work IoT and the Future of work
IoT and the Future of work
 
Oracle OpenWorld 2017 Review (31st October 2017 - 250 slides)
Oracle OpenWorld 2017 Review (31st October 2017 - 250 slides)Oracle OpenWorld 2017 Review (31st October 2017 - 250 slides)
Oracle OpenWorld 2017 Review (31st October 2017 - 250 slides)
 
Ethereum smart contracts - door Peter Reitsma
Ethereum smart contracts - door Peter ReitsmaEthereum smart contracts - door Peter Reitsma
Ethereum smart contracts - door Peter Reitsma
 
Blockchain - Techniek en usecases door Robert van Molken - AMIS - Conclusion
Blockchain - Techniek en usecases door Robert van Molken - AMIS - ConclusionBlockchain - Techniek en usecases door Robert van Molken - AMIS - Conclusion
Blockchain - Techniek en usecases door Robert van Molken - AMIS - Conclusion
 
kennissessie blockchain - Wat is Blockchain en smart contracts @Conclusion
kennissessie blockchain - Wat is Blockchain en smart contracts @Conclusion kennissessie blockchain - Wat is Blockchain en smart contracts @Conclusion
kennissessie blockchain - Wat is Blockchain en smart contracts @Conclusion
 
Internet of Things propositie - Enterprise IOT - AMIS - Conclusion
Internet of Things propositie - Enterprise IOT - AMIS - Conclusion Internet of Things propositie - Enterprise IOT - AMIS - Conclusion
Internet of Things propositie - Enterprise IOT - AMIS - Conclusion
 
Omc AMIS evenement 26012017 Dennis van Soest
Omc AMIS evenement 26012017 Dennis van SoestOmc AMIS evenement 26012017 Dennis van Soest
Omc AMIS evenement 26012017 Dennis van Soest
 

Deep and Dark internet Safari, How to hire a hacker? Robbrecht van Amerongen

  • 1. Safari: Dark Internet Robbrecht van Amerongen
  • 2. 2 Robbrecht van Amerongen AMIS Business Innovation Manager Agile Master https://Linkedin.com/in/robbrecht Robbrecht@amis.nl 0641010286
  • 5. 5
  • 6. 6 McAfee: 2014: We estimate that the likely annual cost to the global economy from cybercrime is more than $400 billion. InfoSec Institute 2013: Nearly 80% of cybercrime acts are estimated to originate in some form of organized activity. The diffusion of the model of fraud-as-service and the diversification of the offerings of the underground market is also attracting new actors with modest skills. in 2011 Russian-speaking hackers alone took in roughly $4.5 billion from cybercrime
  • 7. 7 Stel je voor: Cyber-Attack als bedrijf “Ik wil als bedrijf een hacker inhuren. Hoe doe ik dat?”
  • 11. 11 Payment and distribution
  • 12. 12 Contact us? Contact me at mr.hacker@Safe-mail.net -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.22 (MingW32) mQENBFPhZR8BCACjScBCYxVsMe0orwQ8lFabKrvAVDnxLIoABf8xZ2rhEMXQNWL2 Ly0JKsL/fC166EvtsoIfOoZG1jA3TXCOk57rxW8fFTc2JD/9ccBqpBQjJ3xTfCcw da0SgwnBzPds9iCa9xl0neNTGmCrB3JzZ8Y1IOHr2PDJjScXq0ai1H1RYoivQgj2 Pg+kRock6MDKBJ5FhfFCd9mgE3/J5GPJ3GhIbjm6gPLs6sOle/hD5F2vjXcU23DD Yup/HvxY5vLJZgOhudhiQHEvxdUIroeilJWPFmPNYXKRamRu3FwB05ipcqQtt3yE v3/FNAe0eDJPv8nr3u3ciQSSl8HU3lM+QXcDABEBAAG0H01yLkdyaW0gPG1yLmdy aW1Ac2FmZS1tYWlsLm5ldD6JATkEEwECACMFAlPhZR8CGw8HCwkIBwMCAQYVCAIJ CgsEFgIDAQIeAQIXgAAKCRD8KgSBJS5CTtjVB/wMiv3ybVw92Mgz5JUi3LP0iUmu cUAgkzdD6FlDVbviKDh04EpJ4tvqBvYiz9riLi9qdVyZojvxOZedvNL+RBCTBx+E FcpD74aQ+2WY8PdzjackA61JNMFGGk9IoA+hP61dtkvjDcdEjn46a0Jf8hpXeEFU Vug+mRVj5fk7qxmyBFs8Q5WNvKA9N6HY2jFuShuibEQXTdc6jyYQ3wLDQXqkpkIU 4dt+ioHabfmXquLXZbLZi8vd2kbkiubJfYkk1qQX7E3PJ/uEN++3uOP2Z1fEXqu6 GiUuvl1cnly9my9XpLxr1OYus7uLnhJpzUtcQ9QKFyi86IRfLvf3d9VnxAK3 =4LqY -----END PGP PUBLIC KEY BLOCK-----
  • 13. 13
  • 14. 14 Levels: Deep Web • Level 1: This is the conventional web we (indexed by Google, Bing, other ). Only need a browser • Level 2: Content removed by search engines. E.g. movies, books, music , videos. Only need a browser • Level 3: non-public sites and you need access "Invitation" to and exclusive access content. Need a browser and an account. • Level 4: real "Deep Web" Need a special browser. Decentralized traffic. "The Hidden Wiki“ • Level 5: Need a special browser and accounts. Purchase Weapons, Drugs, Hackers Services • Level 6: Unknown: government network and is fully restricted.
  • 15. 15 500 x the Google index We will literally be shocked, and this is the reaction of those individual who can understand the existence of the Deep Web, a network of interconnected systems, are not indexed, having a size hundreds of times higher than the current web, around 500 times.
  • 16. 16 • Dynamic content: dynamic pages which are returned in response to a submitted query or accessed only through a form, especially if open-domain input elements (such as text fields) are used; such fields are hard to navigate without domain knowledge. • Unlinked content: pages which are not linked to by other pages, which may prevent Web crawling programs from accessing the content. This content is referred to as pages without backlinks (or inlinks). • Private Web: sites that require registration and login (password-protected resources). • Contextual Web: pages with content varying for different access contexts (e.g., ranges of client IP addresses or previous navigation sequence). • Limited access content: sites that limit access to their pages in a technical way (e.g., using the Robots Exclusion Standard, CAPTCHAs, or no-cache Pragma HTTP headers which prohibit search engines from browsing them and creating cached copies). • Scripted content: pages that are only accessible through links produced by JavaScript as well as content dynamically downloaded from Web servers via Flash or Ajax solutions. • Non-HTML/text content: textual content encoded in multimedia (image or video) files or specific file formats not handled by search engines. • Text content using the Gopher protocol and files hosted on FTP that are not indexed by most search engines. Engines such as Google do not index pages outside of HTTP or HTTPS.
  • 17. 17 Deep Internet / Dark Internet As usually happen, the project was born in military sector, sponsored the US Naval Research Laboratory and from 2004 to 2005 it was supported by the Electronic Frontier Foundation. A user that navigate using Tor it’s difficult to trace ensuring his privacy because the data are encrypted multiple times passing through nodes, Tor relays, of the network and making is untraceable.
  • 18. 18 TOR, The Onion Router
  • 19. 19 TOR, The Onion Router
  • 20. 20 TOR, The Onion Router
  • 21. 21 CiberCrime: Motivation (Black hat / White hat)
  • 22. 22 Professioneel!!!! Jan 2014: Blackshades. The police found that the group was paying salaries to its staff and had hired a marketing director to promote its software to hackers. It even maintained a customer-support team. 2008 Mpack: a professionally developed toolkit sold in the underground economy. Attackers deploy MPack’s collection of software components to install malicious code on thousands of computers around the world and then monitor the success of the attack through various metrics on its online management console. 2008 : Social networking Web sites are particularly valuable to attackers since they provide access to a large number of people, many of whom trust the site and its security. 2011 Zeus: We see multi-staged attacks which consist of an initial attack that is not intended to perform malicious activities immediately, but that is used to deploy subsequent attacks.
  • 23. 23 Full Cyber-Crime Service provider Professional, Architecture, Software Lifecycle. Industry specialization (Logistics, agriculture, manufacturing, financials etc..) Chain integration (infra, coding, execution, service, banking, money laundering) Including: • Cybercrime has their own social networks • Escrow services • Malware can now be licensed and gets tech support • You can now rent botnets by the hour, for your own crime spree ( BotNet as a Service or BaaS) • Pay-for-play malware infection services that quickly create botnets (automatic provisioning) • Quality testing • No-cure-no-pay for infections, cards, bank accounts…etc..
  • 25. 25 June 2013: Prices for “Attacks-as-a-Service” : • Consulting services such as botnet setup, $350-$400 • Infection/spreading services, under $100 per a thousand installs • Botnets and rental, Direct Denial of Service (DdoS), $535 for 5 hours a day for one week, email spam, $40 per 20,000 emails, and Web spam, $2 per thirty posts. • Blackhat Search Engine Optimization (SEO), $80 for 20,000 spammed backlinks. • Inter-Carrier money exchange and mule services, 25% commission. • CAPTCHA breaking, $1 per a thousand CAPTCHAs, done by recruited humans. • Crimeware upgrade modules: Using Zeus modules as an example, they range anywhere from $500 to $10,000. http://securityaffairs.co/
  • 26. 26 Demo The Dark Internet
  • 27. 28
  • 28. 29
  • 30. ???????? 31 Launch code Permissive Action Link (PAL), basically a small device that ensured that the missile could only be launched with the right code and with the right authority. Passcode was 8 characters: 00000000
  • 31. 32 Hoe sterk is je password?
  • 32. 33
  • 33. 34 Costs of Cyber Crime