SlideShare uma empresa Scribd logo

The Dark web - Why the hidden part of the web is even more dangerous?

Pierluigi Paganini
Pierluigi Paganini

Bad Actors (cyber criminals, terrorists, foreign spies) and their Tactics, Techniques, and Procedures (TTPS). How is evolving the criminal underground in the Dark Web? The response of the law enforcement.

Tecnologia
1 de 32
Baixar para ler offline
Dublin October 1st, 2015 Pierluigi PAGANINI Dark  web  -­‐  Why  the  hidden  part  of  the  web  is  even  more   dangerous?  
AGENDA The Response of Law Enforcement Law enforcement Current Scenario Cybercrime
Current scenario Deep Web vs Dark Web 3 •  Deep Web –  It represents the part of the web that has not yet been indexed by common search engines •  Dark Web –  Set of publicly accessible content that are hosted on websites whose IP address is hidden but to which anyone can access it as long as it knows the address –  Set of private content exchanged in a closed network of computers for file sharing Deep     Web       Dark   Web   Bright  o   clear  Web  
Current scenario Dark Web 4 •  The Onion Router (TOR) –  Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than six thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis.  •  I2P - The Invisible Internet Project –  Network “Peer-to-Peer” (P2P) –  I2P is an anonymous overlay network - a network within a network, Ordinary services running on a secure network •  Freenet - A Distributed Anonymous Information Storage and Retrieval System. •  anoNet is a decentralized friend-to-friend network built using VPNs and software BGP routers
Current scenario Why  Tor  is  so  popular  in  the  criminal  ecosystem?   5 •  Anonymity •  TOR provides "hidden services" that could be used for several illegal activities. •  Law enforcement face difficulties in de- anonymizing TOR users. •  Impossible to conduct monitoring on a large- scale. •  Excellent aggregator - It hosts principal underground communities. •  TOR allows bypassing Internet Filtering (i.e. Censorship).
Current scenario Bad Actors 6    
“Cybercrime is a fast-growing area of crime. More and more criminals are exploiting the speed, convenience and anonymity of the Internet to commit a diverse range of criminal activities that know no borders, either physical or virtual.” INTERPOL Cyber crimes can be grouped in the following categories: •  Attacks against computer hardware and software •  Financial crimes •  Abuse (i.e. child pornography) Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Cybercrime Dark  Net  as  a  facilitator  for  cybercrime   7 Darknets  are  the  right  place  where  search   for  anything  related  above  crimes  
Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Malware and DarkNets The  offer  of  Darknets   8 •  Darknets are a privileged environment for malware authors and botmasters. •  Hiding C&C infrastructure •  Availability of authenticated hidden services •  Availability of black markets to buy and sells their products.
Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Cybercrime The  offer  of  Darknets   9
2012:  One   C&C  server  for   data   exfiltraHon   (Skynet)   2013:  3  C&C   servers   controlled  a   botnet  of  million   machines   2014:   OnionDuke   Campaign  -­‐  3   C&C  servers   cyber  espionage   2015:  2  C&C   server  in  tor   and  2  on    I2P   (Ransomware)   Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Malware and DarkNets The  offer  of  Darknets   10
Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Malware and DarkNets What’s  about  2015   11 •  A new variant of the popular Zeus banking trojan dubbed was Sphinx is appeared for sale on the black market, it operates entirely through the Tor network. •  Security experts at Sensecy have uncovered ORX-Locker, a Darknet Ransomware-as-a-service platform that could allow everyone to become a cyber criminal.
Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor  Tor network abuse in financial crimes Tor  Anonymity  and  Financial  Frauds   12 •  Dec. 2014 - non-public report realized by the US Treasury Department found that a majority of bank account takeovers exploits the anonymizing the Tor network. •  6,048 suspicious activity reports (SARs) filed by financial organizations between August 2001 and July 2014, focusing for those involving one of more than 6,000 known Tor network nodes. •  975 hits corresponding to reports totaling nearly $24 million in likely fraudulent activity. •  From October 2007 to March 2013, filings increased by 50 percent,” the report observed. “During the most recent period — March 1, 2013 to July 11, 2014 — filings rose 100 percent.”
Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Tor network abuse in financial crimes Tor  Anonymity  and  Financial  Frauds   13
Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Black Markets What’s  about  2015   14 •  Black Markets are places on the web where it is possible to acquire or rent “malicious” services and products. •  Anonymity and virtual currencies. •  Efficient facilitators of criminal activities. •  Most commercialized products are drugs, user’s PII, stolen card data and hacking services. •  The Feedback mechanism and escrowing services increase mutual trust between buyers and sellers. •  Competition (Mr Nice Guy hired a blackmailer to hit TheRealDeal and its competitors. TheRealDeal hacked back.)
Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Black Markets Dark  markets  are  crowded  places   15
Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Black Markets Tor  Black  Markets   16 Black  Markets   Onion  address   Abraxas   abraxasdegupusel.onion   Agora   agorahooawayyfoe.onion     AlphaBay   pwoah7foa6au2pul.onion   Nucleus   nucleuspf3izq7o6.onion   Outlaw   ouIor6jwcztwbpd.onion   Italian  DarkNet  Community   2qrdpvonwwqnic7j.onion   Dream  Market   ltxocqh4nvwkofil.onion   Haven   havenpghmfqhivfn.onion   Middle  Earth   mango7u3rivtwxy7.onion  
Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Black Markets Product  Pricing  List  Sample   17 •  PII record for $1. (Trend Micro) •  PayPal and eBay go up to $300 each. (Trend Micro) •  Bank account offered for a price ranging from $200 and $500 per account (balance, history). •  Document scans from $10 to $35 per document. (Trend Micro) •  Credit card fraud CVVs ($3-$25), Dump ($20-$60), Fullz ($25-$125) [Data Preview -Annual Card Fraud Report IT Ministry of Treasury and Finance] •  Counterfeit documents, including non-US passports, from $200 to $1000. Fake US driver’s licenses run for $100-$150, meanwhile counterfeit Social Security cards run between $250 and $400 on average.
Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Black Markets Services  -­‐  Pricing  List   18 •  Hacking services ü  Social media account hacking $50-$100 (FB, Twitter, etc.) ü  Remote Access Trojan $150-$400 (FB, Twitter, etc.) ü  Banking Malware Customization (i.e. Zeus source code) $900 - $1500 ü  Rent a botnet for DDoS attack (24 hours) $900 - $1500 •  Carding •  Money Laundering Services •  Assassinations services •  Training and Tutorials
Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Black Markets A  successful  Business  Model   19 •  Silk Road realized $22 Million In Annual Sales only related to the drug market. (Carnegie Mellon 2012) •  USD 1.9 million per month Sellers’ Total revenue •  Silk Road operators earned about USD 143,000 per month in commissions. •  Principal Dark 35 marketplaces raked from $300,000 to $500,000 a day. •  About 70% of all sellers never managed to sell more than $1,000 worth of products. Another 18% of sellers were observed to sell between $1,000 and $10,000 but only about 2% of vendors managed to sell more than $100,000 2012   2015  
Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Pedophilia Pedos  in  the  dark   20 •  A study conducted by the University of Portsmouth revealed that over 80% of Tor network visits is related to pedo sites. •  The portion of Tor users who search for child abuse materials is greater that the one that use it to buy drugs or leak sensitive documents to a journalist. •  “Unstable sites that frequently go offline might generate more visit counts. And sites visited through the tool Tor2Web, which is designed to make Tor hidden services more accessible to non- anonymous users, would be underrepresented. All those factors might artificially inflate the number of visits to child abuse sites measured by the University of Portsmouth researchers” said Tor executive director Roger Dingledine.  
Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Pedophilia Pedophilia  in  the  dark   21 •  Trend Micro Research identified 8,707 “suspicious” pages. The analysis of the “Surface Web” sites that those sites linked to revealed that the majority of them fall into the following categories: ü  Disease vector (drive-by download) sites (33.7%). ü  Proxy avoidance sites (31.7%). ü  Child exploitation (26%). •  Diffusion of Pedo material in the Deep Web is anyway serious phenomenon.      
Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Terrorism Terrorists  in  the  Dark  Web   22 •  Propaganda videos and images •  The Dark Web is difficult to monitor for intelligence agencies and it is not so easy to de-anonymize members of terrorist organizations. •  Hidden services used as repository of mobile apps used by the jihadists to communicate securely.
Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Terrorism Terrorists  in  the  Dark  Web   23 •  Donations to fund cells by using virtual currencies (i.e. Bitcoin) •  Law enforcement fear possible abuses of crypto currencies that could facilitate bad actors, including terrorists. •  Bitcoin wa Sadaqat al-Jihad which translates to: “Bitcoin and the Charity of Violent Physical Struggle” that explains how it is possible to buy weapons for the Mujahideen. •  The ISIS released a manual for its militants titled “ How to Tweet Safely Without Giving out Your Location to NSA.”  
We  are  going  in  the  dark The response of the law enforcement. 24 •  “We’re past going dark in certain instances. We are dark,” said Michael Steinbach, assistant director of the FBI’s counter-terrorism division. •  The FBI warned lawmakers there was no way to monitor encrypted online communications exploited by Islamic State militants and sympathizers. (June 2015) •  Michael McCaul, chairman of the committee, confirmed that the inability to monitor communications among members of the ISIS in the dark web represents a “tremendous threat to our homeland.” •  DoJ proposal is trying to legitimate FBI hacking operations against Internet users that make use of any kind of anonymizing technology. (Sept. 2014)    
We  are  going  in  the  dark The response of the law enforcement. 25 •  (Dec. 22nd, 2014) In a court case the investigators were informed about the usage of an FBI’s “Network Investigative Technique” (NIT) to deanonymize suspects while exploiting Tor network. The NIT allowed them to identify the IP address of TOR users. •  Law enforcement relied on the popular Metasploit framework to first de- anonymize operators of child porn websites in the Tor network. •  The operation is coded Operation Tornado and the FBI relied upon an abandoned project of Metaploit dubbed the “Decloaking Engine” to de- anonymized users in the 2012. •  “The NIT was a Flash based application that was developed by H.D.Moore and was released as part of Metasploit. The NIT, or more formally, Metaspolit Decloaking Engine was designed to provide the real IP address of web users, regardless of proxy settings.” states the forensic report.  
“The action aimed to stop the sale, distribution and promotion of illegal and harmful items, including weapons and drugs, which were being sold on online ‘dark’ marketplaces. Operation Onymous, coordinated by Europol’s European Cybercrime Centre (EC3), the FBI, the U.S. Immigration and Customs Enforcement’s (ICE), Homeland Security Investigations (HSI) and Eurojust, resulted in 17 arrests of vendors and administrators running these online marketplaces and more than 410 hidden services being taken down. In addition, bitcoins worth approximately USD 1 million, EUR 180 000 euro in cash, drugs, gold and silver were seized.”reports the Europol.  Operation Onymous The response of the law enforcement. 26
Operation Onymous The response of the law enforcement. 27 •  Operation Onymous (On 5 and 6 November 2014) – Law enforcement and judicial agencies around the globe conducted a joint action against dark markets on Tor networks. •  Over 400 websites were shut down including black markets on Tor network (Silk Road 2.0, Cloud 9 and Hydra). •  The 26-year-old software developer “'Defcon” was arrested in San Francisco and accused of running Silk Road 2.0. •  $1 million in Bitcoin was seized, along with €180,000 in cash, gold, silver and drugs. •  The list of dark markets seized by law enforcement includes Alpaca, Black Market, Blue Sky, Bungee 54, CannabisUK, Cloud Nine, Dedope, Fake Real Plastic, FakeID, Farmer1, Fast Cash!, Flugsvamp, Golden Nugget, Hydra, Pablo Escobar Drugstore, Pandora, Pay Pal Center, Real Cards, Silk Road 2.0, Smokeables, Sol’s Unified USD Counterfeit’s, Super Note Counter, Tor Bazaar, Topix, The Green Machine, The Hidden Market and Zero Squad.
Operation Onymous DeAnonymizing the cyber crime on Tor 28 •  Security experts hypothesized that law enforcement has exploited one of the following scenarios: ü  Lack of Operational Security of hidden services. ü  Exploitation of bugs in the web application. ü  Bitcoin de-anonymization. ü  Attacks on the Tor network (i.e. Traffic Analysis Correlation attacks). •  The number of black markets seized by law enforcement led to speculation that a weakness in the Tor network had been exploited. •  Andrew Lewman, a representative of the not-for-profit Tor project, excluded it by suggesting that execution of traditional police work such as following Bitcoins was more likely.
Intelligence & Deep Web 29 Snowden Revelation Top-secret presentation Tor Stinks leaked by Snowden shows the techniques implemented by the NSA to overwhelm Tor Anonymity with manual analysis. "We will never be able to de-anonymize all Tor users all the time' but 'with manual analysis we can de-anonymize a very small fraction of Tor users'"  
New dedicated cyber units Law enforcement 30 Dec. 2014 - Prime Minister Cameron announced that a newborn cyber unit composed by officials from GCHQ and NCA will fight online pedophiles even in the Deep Web. Interpol’s Cyber Research Lab completed the first training program, as part of the course the participant built its own private “Darknet” network simulating the management of an underground marketplace.
About me 31 About Pierluigi Paganini: Pierluigi Paganini is Chief Information Security Officer at Bit4Id, firm leader in identity management, member of the ENISA ( European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group, he is also a member of the advisory council for The European Centre for Information Policy and Security (ECIPS), Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness lead Pierluigi to find the security blog "Security Affairs" named a Top National Security Resource for US. Pierluigi is a member of the Dark Reading Editorial team and he is regular contributor for some major publications in the cyber security field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “ Digital Virtual Currency and Bitcoin”, coming soon the new book "Spy attack: come aziende, servizi segreti e hacker possono violare la nostra privacy" Ing. Pierluigi Paganini Chief Information Security Officer Bit4id ppa@bit4id.com www.bit4id.com Founder Security Affairs http://securityaffairs.co/wordpress pierluigi.paganini@securityaffairs.co
Thank  you  

Recomendados

Dark wed
Dark wedDark wed
Dark wedAraVind Pillai
 
The Deep and Dark Web
The Deep and Dark WebThe Deep and Dark Web
The Deep and Dark WebSwecha | స్వేచ్ఛ
 
The Dark Web
The Dark WebThe Dark Web
The Dark Webjamiecornista
 
The Dark side of the Web
The Dark side of the WebThe Dark side of the Web
The Dark side of the WebPaula Ripoll Cacho
 
Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchavinod kumar
 
Cybersecurity and the DarkNet
Cybersecurity and the DarkNetCybersecurity and the DarkNet
Cybersecurity and the DarkNetJames Bollen
 
Dark web presentation
Dark web presentationDark web presentation
Dark web presentationTo Mal
 
Dark web by Claudine Impas
Dark web by Claudine ImpasDark web by Claudine Impas
Dark web by Claudine ImpasClaudine Impas
 

Recomendados

Dark wed
Dark wedDark wed
Dark wedAraVind Pillai
 
The Deep and Dark Web
The Deep and Dark WebThe Deep and Dark Web
The Deep and Dark WebSwecha | స్వేచ్ఛ
 
The Dark Web
The Dark WebThe Dark Web
The Dark Webjamiecornista
 
The Dark side of the Web
The Dark side of the WebThe Dark side of the Web
The Dark side of the WebPaula Ripoll Cacho
 
Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchavinod kumar
 
Cybersecurity and the DarkNet
Cybersecurity and the DarkNetCybersecurity and the DarkNet
Cybersecurity and the DarkNetJames Bollen
 
Dark web presentation
Dark web presentationDark web presentation
Dark web presentationTo Mal
 
Dark web by Claudine Impas
Dark web by Claudine ImpasDark web by Claudine Impas
Dark web by Claudine ImpasClaudine Impas
 
Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep webKhaled Sany
 
Deep Web - what to do and what not to do
Deep Web - what to do and what not to do Deep Web - what to do and what not to do
Deep Web - what to do and what not to do Cysinfo Cyber Security Community
 
The dark web
The dark webThe dark web
The dark webBella M
 
Introduction To Dark Web
Introduction To Dark WebIntroduction To Dark Web
Introduction To Dark WebAdityakumar Yadav
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark WebMiteshWani
 
The Dark Web
The Dark WebThe Dark Web
The Dark WebSuraj Jaundoo
 
The Dark Web
The Dark WebThe Dark Web
The Dark WebConnor Willer
 
Cyber Security For Kids by Shounak Ray Chaudhuri
Cyber Security For Kids by Shounak Ray Chaudhuri Cyber Security For Kids by Shounak Ray Chaudhuri
Cyber Security For Kids by Shounak Ray Chaudhuri Moumita Chatterjee
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityAbhimanyu Singh
 
Cyber Crime
Cyber Crime Cyber Crime
Cyber Crime bhavya mohindru
 
Guide to dark web
Guide to dark webGuide to dark web
Guide to dark webJspider - Noida
 
Dark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniDark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniPraneshKulkarni22
 
Dark net
Dark netDark net
Dark netMudasser Afzal
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
Cyber safety tips
Cyber safety tipsCyber safety tips
Cyber safety tipsArunmozhi Ramesh
 
cyber crime
cyber crimecyber crime
cyber crimeMosuud jilani lipon
 
Illuminating the dark web
Illuminating the dark webIlluminating the dark web
Illuminating the dark webJisc
 
Research in the deep web
Research in the deep webResearch in the deep web
Research in the deep webSeth Porter, MA, MLIS
 
Dark web
Dark webDark web
Dark webNikki Noveno
 
Deep Web
Deep WebDeep Web
Deep WebAbishaiDas
 
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Tech and Law Center
 
Dark Net
Dark NetDark Net
Dark NetRiya V
 

Mais conteúdo relacionado

Mais procurados

Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep webKhaled Sany
 
The dark web
The dark webThe dark web
The dark webBella M
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark WebMiteshWani
 
Cyber Security For Kids by Shounak Ray Chaudhuri
Cyber Security For Kids by Shounak Ray Chaudhuri Cyber Security For Kids by Shounak Ray Chaudhuri
Cyber Security For Kids by Shounak Ray Chaudhuri Moumita Chatterjee
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityAbhimanyu Singh
 
Dark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniDark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniPraneshKulkarni22
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
Illuminating the dark web
Illuminating the dark webIlluminating the dark web
Illuminating the dark webJisc
 

Mais procurados (20)

Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep web
 
Deep Web - what to do and what not to do
Deep Web - what to do and what not to do Deep Web - what to do and what not to do
Deep Web - what to do and what not to do
 
The dark web
The dark webThe dark web
The dark web
 
Introduction To Dark Web
Introduction To Dark WebIntroduction To Dark Web
Introduction To Dark Web
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark Web
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
 
Cyber Security For Kids by Shounak Ray Chaudhuri
Cyber Security For Kids by Shounak Ray Chaudhuri Cyber Security For Kids by Shounak Ray Chaudhuri
Cyber Security For Kids by Shounak Ray Chaudhuri
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet Anonymity
 
Cyber Crime
Cyber Crime Cyber Crime
Cyber Crime
 
Guide to dark web
Guide to dark webGuide to dark web
Guide to dark web
 
Dark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniDark web by Pranesh Kulkarni
Dark web by Pranesh Kulkarni
 
Dark net
Dark netDark net
Dark net
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
 
Cyber safety tips
Cyber safety tipsCyber safety tips
Cyber safety tips
 
cyber crime
cyber crimecyber crime
cyber crime
 
Illuminating the dark web
Illuminating the dark webIlluminating the dark web
Illuminating the dark web
 
Research in the deep web
Research in the deep webResearch in the deep web
Research in the deep web
 
Dark web
Dark webDark web
Dark web
 
Deep Web
Deep WebDeep Web
Deep Web
 

Semelhante a The Dark web - Why the hidden part of the web is even more dangerous?

Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Tech and Law Center
 
Dark Net
Dark NetDark Net
Dark NetRiya V
 
The ClearScore Darkpaper: The danger of the dark web 2020
The ClearScore Darkpaper: The danger of the dark web 2020The ClearScore Darkpaper: The danger of the dark web 2020
The ClearScore Darkpaper: The danger of the dark web 2020Jayna Mistry
 
DCB1309 - F2_Dark_Net
DCB1309 - F2_Dark_NetDCB1309 - F2_Dark_Net
DCB1309 - F2_Dark_NetPaul Elliott
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Marcus Leaning
 
Dark Web Kristin Finklea Specialist in Domestic Se
Dark Web Kristin Finklea Specialist in Domestic SeDark Web Kristin Finklea Specialist in Domestic Se
Dark Web Kristin Finklea Specialist in Domestic SeOllieShoresna
 
Cybercrimeppt 160421074211
Cybercrimeppt 160421074211Cybercrimeppt 160421074211
Cybercrimeppt 160421074211Andreaa Viv
 
IoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureIoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureFacundo Mauricio
 
Cyber crime and issues
Cyber crime and issuesCyber crime and issues
Cyber crime and issuesRoshan Mastana
 
Rolling in the Deep. ISACA.SV.2016
Rolling in the Deep. ISACA.SV.2016Rolling in the Deep. ISACA.SV.2016
Rolling in the Deep. ISACA.SV.2016Bich (Evelyn) Chu
 
Deep Web and TOR Browser
Deep Web and TOR BrowserDeep Web and TOR Browser
Deep Web and TOR BrowserArjith K Raj
 

Semelhante a The Dark web - Why the hidden part of the web is even more dangerous? (20)

Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
 
Dark Net
Dark NetDark Net
Dark Net
 
The ClearScore Darkpaper: The danger of the dark web 2020
The ClearScore Darkpaper: The danger of the dark web 2020The ClearScore Darkpaper: The danger of the dark web 2020
The ClearScore Darkpaper: The danger of the dark web 2020
 
Dark Net
Dark NetDark Net
Dark Net
 
DCB1309 - F2_Dark_Net
DCB1309 - F2_Dark_NetDCB1309 - F2_Dark_Net
DCB1309 - F2_Dark_Net
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR
 
Godfather 2.0
Godfather 2.0Godfather 2.0
Godfather 2.0
 
Dark Web Kristin Finklea Specialist in Domestic Se
Dark Web Kristin Finklea Specialist in Domestic SeDark Web Kristin Finklea Specialist in Domestic Se
Dark Web Kristin Finklea Specialist in Domestic Se
 
Rp quarterly-threat-q3-2013
Rp quarterly-threat-q3-2013Rp quarterly-threat-q3-2013
Rp quarterly-threat-q3-2013
 
Dw communication
Dw communicationDw communication
Dw communication
 
Cybercrimeppt 160421074211
Cybercrimeppt 160421074211Cybercrimeppt 160421074211
Cybercrimeppt 160421074211
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
 
IoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureIoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the future
 
Cyber crime and issues
Cyber crime and issuesCyber crime and issues
Cyber crime and issues
 
Cyber Crime Challanges
Cyber Crime ChallangesCyber Crime Challanges
Cyber Crime Challanges
 
Rolling in the Deep. ISACA.SV.2016
Rolling in the Deep. ISACA.SV.2016Rolling in the Deep. ISACA.SV.2016
Rolling in the Deep. ISACA.SV.2016
 
Dark Web.pptx
Dark Web.pptxDark Web.pptx
Dark Web.pptx
 
Deep Web and TOR Browser
Deep Web and TOR BrowserDeep Web and TOR Browser
Deep Web and TOR Browser
 
Dark web
Dark webDark web
Dark web
 

Último

Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 

The Dark web - Why the hidden part of the web is even more dangerous?

  • 1. Dublin October 1st, 2015 Pierluigi PAGANINI Dark  web  -­‐  Why  the  hidden  part  of  the  web  is  even  more   dangerous?  
  • 2. AGENDA The Response of Law Enforcement Law enforcement Current Scenario Cybercrime
  • 3. Current scenario Deep Web vs Dark Web 3 •  Deep Web –  It represents the part of the web that has not yet been indexed by common search engines •  Dark Web –  Set of publicly accessible content that are hosted on websites whose IP address is hidden but to which anyone can access it as long as it knows the address –  Set of private content exchanged in a closed network of computers for file sharing Deep     Web       Dark   Web   Bright  o   clear  Web  
  • 4. Current scenario Dark Web 4 •  The Onion Router (TOR) –  Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than six thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis.  •  I2P - The Invisible Internet Project –  Network “Peer-to-Peer” (P2P) –  I2P is an anonymous overlay network - a network within a network, Ordinary services running on a secure network •  Freenet - A Distributed Anonymous Information Storage and Retrieval System. •  anoNet is a decentralized friend-to-friend network built using VPNs and software BGP routers
  • 5. Current scenario Why  Tor  is  so  popular  in  the  criminal  ecosystem?   5 •  Anonymity •  TOR provides "hidden services" that could be used for several illegal activities. •  Law enforcement face difficulties in de- anonymizing TOR users. •  Impossible to conduct monitoring on a large- scale. •  Excellent aggregator - It hosts principal underground communities. •  TOR allows bypassing Internet Filtering (i.e. Censorship).
  • 7. “Cybercrime is a fast-growing area of crime. More and more criminals are exploiting the speed, convenience and anonymity of the Internet to commit a diverse range of criminal activities that know no borders, either physical or virtual.” INTERPOL Cyber crimes can be grouped in the following categories: •  Attacks against computer hardware and software •  Financial crimes •  Abuse (i.e. child pornography) Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Cybercrime Dark  Net  as  a  facilitator  for  cybercrime   7 Darknets  are  the  right  place  where  search   for  anything  related  above  crimes  
  • 8. Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Malware and DarkNets The  offer  of  Darknets   8 •  Darknets are a privileged environment for malware authors and botmasters. •  Hiding C&C infrastructure •  Availability of authenticated hidden services •  Availability of black markets to buy and sells their products.
  • 9. Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Cybercrime The  offer  of  Darknets   9
  • 10. 2012:  One   C&C  server  for   data   exfiltraHon   (Skynet)   2013:  3  C&C   servers   controlled  a   botnet  of  million   machines   2014:   OnionDuke   Campaign  -­‐  3   C&C  servers   cyber  espionage   2015:  2  C&C   server  in  tor   and  2  on    I2P   (Ransomware)   Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Malware and DarkNets The  offer  of  Darknets   10
  • 11. Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Malware and DarkNets What’s  about  2015   11 •  A new variant of the popular Zeus banking trojan dubbed was Sphinx is appeared for sale on the black market, it operates entirely through the Tor network. •  Security experts at Sensecy have uncovered ORX-Locker, a Darknet Ransomware-as-a-service platform that could allow everyone to become a cyber criminal.
  • 12. Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor  Tor network abuse in financial crimes Tor  Anonymity  and  Financial  Frauds   12 •  Dec. 2014 - non-public report realized by the US Treasury Department found that a majority of bank account takeovers exploits the anonymizing the Tor network. •  6,048 suspicious activity reports (SARs) filed by financial organizations between August 2001 and July 2014, focusing for those involving one of more than 6,000 known Tor network nodes. •  975 hits corresponding to reports totaling nearly $24 million in likely fraudulent activity. •  From October 2007 to March 2013, filings increased by 50 percent,” the report observed. “During the most recent period — March 1, 2013 to July 11, 2014 — filings rose 100 percent.”
  • 13. Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Tor network abuse in financial crimes Tor  Anonymity  and  Financial  Frauds   13
  • 14. Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Black Markets What’s  about  2015   14 •  Black Markets are places on the web where it is possible to acquire or rent “malicious” services and products. •  Anonymity and virtual currencies. •  Efficient facilitators of criminal activities. •  Most commercialized products are drugs, user’s PII, stolen card data and hacking services. •  The Feedback mechanism and escrowing services increase mutual trust between buyers and sellers. •  Competition (Mr Nice Guy hired a blackmailer to hit TheRealDeal and its competitors. TheRealDeal hacked back.)
  • 15. Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Black Markets Dark  markets  are  crowded  places   15
  • 16. Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Black Markets Tor  Black  Markets   16 Black  Markets   Onion  address   Abraxas   abraxasdegupusel.onion   Agora   agorahooawayyfoe.onion     AlphaBay   pwoah7foa6au2pul.onion   Nucleus   nucleuspf3izq7o6.onion   Outlaw   ouIor6jwcztwbpd.onion   Italian  DarkNet  Community   2qrdpvonwwqnic7j.onion   Dream  Market   ltxocqh4nvwkofil.onion   Haven   havenpghmfqhivfn.onion   Middle  Earth   mango7u3rivtwxy7.onion  
  • 17. Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Black Markets Product  Pricing  List  Sample   17 •  PII record for $1. (Trend Micro) •  PayPal and eBay go up to $300 each. (Trend Micro) •  Bank account offered for a price ranging from $200 and $500 per account (balance, history). •  Document scans from $10 to $35 per document. (Trend Micro) •  Credit card fraud CVVs ($3-$25), Dump ($20-$60), Fullz ($25-$125) [Data Preview -Annual Card Fraud Report IT Ministry of Treasury and Finance] •  Counterfeit documents, including non-US passports, from $200 to $1000. Fake US driver’s licenses run for $100-$150, meanwhile counterfeit Social Security cards run between $250 and $400 on average.
  • 18. Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Black Markets Services  -­‐  Pricing  List   18 •  Hacking services ü  Social media account hacking $50-$100 (FB, Twitter, etc.) ü  Remote Access Trojan $150-$400 (FB, Twitter, etc.) ü  Banking Malware Customization (i.e. Zeus source code) $900 - $1500 ü  Rent a botnet for DDoS attack (24 hours) $900 - $1500 •  Carding •  Money Laundering Services •  Assassinations services •  Training and Tutorials
  • 19. Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Black Markets A  successful  Business  Model   19 •  Silk Road realized $22 Million In Annual Sales only related to the drug market. (Carnegie Mellon 2012) •  USD 1.9 million per month Sellers’ Total revenue •  Silk Road operators earned about USD 143,000 per month in commissions. •  Principal Dark 35 marketplaces raked from $300,000 to $500,000 a day. •  About 70% of all sellers never managed to sell more than $1,000 worth of products. Another 18% of sellers were observed to sell between $1,000 and $10,000 but only about 2% of vendors managed to sell more than $100,000 2012   2015  
  • 20. Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Pedophilia Pedos  in  the  dark   20 •  A study conducted by the University of Portsmouth revealed that over 80% of Tor network visits is related to pedo sites. •  The portion of Tor users who search for child abuse materials is greater that the one that use it to buy drugs or leak sensitive documents to a journalist. •  “Unstable sites that frequently go offline might generate more visit counts. And sites visited through the tool Tor2Web, which is designed to make Tor hidden services more accessible to non- anonymous users, would be underrepresented. All those factors might artificially inflate the number of visits to child abuse sites measured by the University of Portsmouth researchers” said Tor executive director Roger Dingledine.  
  • 21. Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Pedophilia Pedophilia  in  the  dark   21 •  Trend Micro Research identified 8,707 “suspicious” pages. The analysis of the “Surface Web” sites that those sites linked to revealed that the majority of them fall into the following categories: ü  Disease vector (drive-by download) sites (33.7%). ü  Proxy avoidance sites (31.7%). ü  Child exploitation (26%). •  Diffusion of Pedo material in the Deep Web is anyway serious phenomenon.      
  • 22. Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Terrorism Terrorists  in  the  Dark  Web   22 •  Propaganda videos and images •  The Dark Web is difficult to monitor for intelligence agencies and it is not so easy to de-anonymize members of terrorist organizations. •  Hidden services used as repository of mobile apps used by the jihadists to communicate securely.
  • 23. Lorem  ipsum  dolor  sit  amet,  consectetur   adipisicing  elit,  sed  do  eiusmod  tempor   Terrorism Terrorists  in  the  Dark  Web   23 •  Donations to fund cells by using virtual currencies (i.e. Bitcoin) •  Law enforcement fear possible abuses of crypto currencies that could facilitate bad actors, including terrorists. •  Bitcoin wa Sadaqat al-Jihad which translates to: “Bitcoin and the Charity of Violent Physical Struggle” that explains how it is possible to buy weapons for the Mujahideen. •  The ISIS released a manual for its militants titled “ How to Tweet Safely Without Giving out Your Location to NSA.”  
  • 24. We  are  going  in  the  dark The response of the law enforcement. 24 •  “We’re past going dark in certain instances. We are dark,” said Michael Steinbach, assistant director of the FBI’s counter-terrorism division. •  The FBI warned lawmakers there was no way to monitor encrypted online communications exploited by Islamic State militants and sympathizers. (June 2015) •  Michael McCaul, chairman of the committee, confirmed that the inability to monitor communications among members of the ISIS in the dark web represents a “tremendous threat to our homeland.” •  DoJ proposal is trying to legitimate FBI hacking operations against Internet users that make use of any kind of anonymizing technology. (Sept. 2014)    
  • 25. We  are  going  in  the  dark The response of the law enforcement. 25 •  (Dec. 22nd, 2014) In a court case the investigators were informed about the usage of an FBI’s “Network Investigative Technique” (NIT) to deanonymize suspects while exploiting Tor network. The NIT allowed them to identify the IP address of TOR users. •  Law enforcement relied on the popular Metasploit framework to first de- anonymize operators of child porn websites in the Tor network. •  The operation is coded Operation Tornado and the FBI relied upon an abandoned project of Metaploit dubbed the “Decloaking Engine” to de- anonymized users in the 2012. •  “The NIT was a Flash based application that was developed by H.D.Moore and was released as part of Metasploit. The NIT, or more formally, Metaspolit Decloaking Engine was designed to provide the real IP address of web users, regardless of proxy settings.” states the forensic report.  
  • 26. “The action aimed to stop the sale, distribution and promotion of illegal and harmful items, including weapons and drugs, which were being sold on online ‘dark’ marketplaces. Operation Onymous, coordinated by Europol’s European Cybercrime Centre (EC3), the FBI, the U.S. Immigration and Customs Enforcement’s (ICE), Homeland Security Investigations (HSI) and Eurojust, resulted in 17 arrests of vendors and administrators running these online marketplaces and more than 410 hidden services being taken down. In addition, bitcoins worth approximately USD 1 million, EUR 180 000 euro in cash, drugs, gold and silver were seized.”reports the Europol.  Operation Onymous The response of the law enforcement. 26
  • 27. Operation Onymous The response of the law enforcement. 27 •  Operation Onymous (On 5 and 6 November 2014) – Law enforcement and judicial agencies around the globe conducted a joint action against dark markets on Tor networks. •  Over 400 websites were shut down including black markets on Tor network (Silk Road 2.0, Cloud 9 and Hydra). •  The 26-year-old software developer “'Defcon” was arrested in San Francisco and accused of running Silk Road 2.0. •  $1 million in Bitcoin was seized, along with €180,000 in cash, gold, silver and drugs. •  The list of dark markets seized by law enforcement includes Alpaca, Black Market, Blue Sky, Bungee 54, CannabisUK, Cloud Nine, Dedope, Fake Real Plastic, FakeID, Farmer1, Fast Cash!, Flugsvamp, Golden Nugget, Hydra, Pablo Escobar Drugstore, Pandora, Pay Pal Center, Real Cards, Silk Road 2.0, Smokeables, Sol’s Unified USD Counterfeit’s, Super Note Counter, Tor Bazaar, Topix, The Green Machine, The Hidden Market and Zero Squad.
  • 28. Operation Onymous DeAnonymizing the cyber crime on Tor 28 •  Security experts hypothesized that law enforcement has exploited one of the following scenarios: ü  Lack of Operational Security of hidden services. ü  Exploitation of bugs in the web application. ü  Bitcoin de-anonymization. ü  Attacks on the Tor network (i.e. Traffic Analysis Correlation attacks). •  The number of black markets seized by law enforcement led to speculation that a weakness in the Tor network had been exploited. •  Andrew Lewman, a representative of the not-for-profit Tor project, excluded it by suggesting that execution of traditional police work such as following Bitcoins was more likely.
  • 29. Intelligence & Deep Web 29 Snowden Revelation Top-secret presentation Tor Stinks leaked by Snowden shows the techniques implemented by the NSA to overwhelm Tor Anonymity with manual analysis. "We will never be able to de-anonymize all Tor users all the time' but 'with manual analysis we can de-anonymize a very small fraction of Tor users'"  
  • 30. New dedicated cyber units Law enforcement 30 Dec. 2014 - Prime Minister Cameron announced that a newborn cyber unit composed by officials from GCHQ and NCA will fight online pedophiles even in the Deep Web. Interpol’s Cyber Research Lab completed the first training program, as part of the course the participant built its own private “Darknet” network simulating the management of an underground marketplace.
  • 31. About me 31 About Pierluigi Paganini: Pierluigi Paganini is Chief Information Security Officer at Bit4Id, firm leader in identity management, member of the ENISA ( European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group, he is also a member of the advisory council for The European Centre for Information Policy and Security (ECIPS), Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness lead Pierluigi to find the security blog "Security Affairs" named a Top National Security Resource for US. Pierluigi is a member of the Dark Reading Editorial team and he is regular contributor for some major publications in the cyber security field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “ Digital Virtual Currency and Bitcoin”, coming soon the new book "Spy attack: come aziende, servizi segreti e hacker possono violare la nostra privacy" Ing. Pierluigi Paganini Chief Information Security Officer Bit4id ppa@bit4id.com www.bit4id.com Founder Security Affairs http://securityaffairs.co/wordpress pierluigi.paganini@securityaffairs.co