On the occasion of Halloween, I like to give the students in my IS 365 Information Security class at the University of Wisconsin-Madison, a break from the normal course material. Therefore, today, I presented a class lecture on the Deep Web (the hidden, scary and dark side of the Internet) Appropriate for this spooky time of year. While it was intended to be fun, it also sparked good conversation within the class, and they learned some solid concepts about ways in which people try to evade IT security controls, to preserve anonymity.
Spooky Halloween IT Security Lecture -- The Deep Web
1. Scary Halloween Lecture 365/765
The Deep Web—From Spooky to Creepy
Presented by Nicholas Davis, CISSP, CISA
2. This presentation contains explicit content,
which some people may find offensive.
The examples shown do not represent my
views or opinions, and are used for
demonstration only.
I do not endorse the use of the Deep Web
for unethical or illicit activities.
10/28/16 UNIVERSITY OF WISCONSIN 2
3. Session OverviewSession Overview
Introduction and Warning
The Deep Web Defined
Dynamic Content
Unlinked Content
Private Web
Contextual Web
Limited Access Content
Scripted Content
Non-HTML Content
Deep Web Search Engines & Tor Client
Examples of what can found on the Deep Web
Exciting Documentary Video
Question and Answer session
10/28/16 UNIVERSITY OF WISCONSIN 3
4. Some DefinitionsSome Definitions
Deep Web, Deep Net, Invisible Web, or
Hidden Web is not part of the Surface
Web (that which is normally accessed).
Do not confuse it with the Dark Internet,
which refers to computers which can no
longer be reached over the Internet
Some people think that the Deep Web is
a haven for serious criminality, and I
agree with them
10/28/16 UNIVERSITY OF WISCONSIN 4
5. Normal Web SearchNormal Web Search
vs. Deep Web Searchvs. Deep Web Search
Searching on the Internet today can be
compared to dragging a net across the
surface of the ocean: a great deal may be
caught in the net, but there is a wealth of
information that is deep and therefore
missed
10/28/16 UNIVERSITY OF WISCONSIN 5
6. Normal Web SearchNormal Web Search
vs. Deep Web Searchvs. Deep Web Search
Traditional search engines cannot see or
retrieve content in the deep Web—those
pages do not exist until they are created
dynamically as the result of a specific
search. As of 2001, the deep Web was
several orders of magnitude larger than
the surface Web
10/28/16 UNIVERSITY OF WISCONSIN 6
7. Deep Web SizeDeep Web Size
It is impossible to measure
or put estimates onto the
size of the deep web
because the majority of the
information is hidden or
locked inside databases.
Early estimates suggested
that the deep web is 4,000
to 5,000 times larger than
the surface web
10/28/16 UNIVERSITY OF WISCONSIN 7
8. Deep Web ResourcesDeep Web Resources
Dynamic ContentDynamic Content
Dynamic pages which are returned in
response to a submitted query or
accessed only through a form, especially
if open-domain input elements (such as
text fields) are used; such fields are hard
to navigate without domain knowledge.
10/28/16 UNIVERSITY OF WISCONSIN 8
9. Deep Web ResourcesDeep Web Resources
Unlinked ContentUnlinked Content
Unlinked content: pages which are not
linked to by other pages, which may
prevent Web crawling programs from
accessing the content. This content is
referred to as pages without backlinks
(or inlinks).
10/28/16 UNIVERSITY OF WISCONSIN 9
10. Deep Web ResourcesDeep Web Resources
Private WebPrivate Web
Private Web: sites that require
registration and login (password-
protected resources).
10/28/16 UNIVERSITY OF WISCONSIN 10
11. Deep Web ResourcesDeep Web Resources
Contextual WebContextual Web
Contextual Web:
pages with content
varying for different
access contexts (e.g.,
ranges of client IP
addresses or previous
navigation sequence).
10/28/16 UNIVERSITY OF WISCONSIN 11
12. Deep Web ResourcesDeep Web Resources
Limited Access ContentLimited Access Content
Limited access content: sites that limit
access to their pages in a technical way
(e.g., using the Robots Exclusion
Standard or CAPTCHAs, or no-store
directive which prohibit search engines
from browsing them and creating
cached copies
10/28/16 UNIVERSITY OF WISCONSIN 12
13. Deep Web ResourcesDeep Web Resources
Scripted ContentScripted Content
Scripted content: pages that are only
accessible through links produced by
JavaScript as well as content
dynamically downloaded from Web
servers via Flash or Ajax solutions.
10/28/16 UNIVERSITY OF WISCONSIN 13
14. Deep Web ResourcesDeep Web Resources
Non HTML ContentNon HTML Content
Non-HTML/text
content: textual
content encoded
in multimedia
(image or video)
files or specific
file formats not
handled by
search engines.
10/28/16 UNIVERSITY OF WISCONSIN 14
15. Accessing the Deep WebAccessing the Deep Web
While it is not always possible to
discover a specific web server's external
IP address, theoretically almost any site
can be accessed via its IP address,
regardless of whether or not it has been
indexed.
10/28/16 UNIVERSITY OF WISCONSIN 15
16. Accessing the Deep WebAccessing the Deep Web
Certain content is
intentionally hidden from
the regular internet,
accessible only with special
software, such as Tor. Tor
allows users to access
websites using the .onion
host suffix anonymously,
hiding their IP address.
Other such software includes
I2P and Freenet.
10/28/16 UNIVERSITY OF WISCONSIN 16
17. The Onion Router (Tor)The Onion Router (Tor)
Tool For the Deep WebTool For the Deep Web
Tor is software that installs into your
browser and sets up the specific
connections you need to access dark
Web sites. Critically, Tor is an encrypted
technology that helps people maintain
anonymity online. It does this in part by
routing connections through servers
around the world, making them much
harder to track.
10/28/16 UNIVERSITY OF WISCONSIN 17
18. Who Invented Tor?Who Invented Tor?
Oddly enough, Tor is the result of research
done by the U.S. Naval Research
Laboratory, which created Tor for political
dissidents and whistleblowers, allowing
them to communicate without fear of
reprisal.
10/28/16 UNIVERSITY OF WISCONSIN 18
19. Tor Client AvailableTor Client Available
For DownloadFor Download
10/28/16 UNIVERSITY OF WISCONSIN 19
20. Accessing the Deep WebAccessing the Deep Web
.onion.onion
.onion is a pseudo-top-level domain host
suffix designating an anonymous hidden
service reachable via the Tor network.
Such addresses are not actual DNS
names, and the .onion TLD is not in the
Internet DNS root, but with the
appropriate proxy software installed,
Internet programs such as Web
browsers can access sites with .onion
addresses by sending the request
through the network of Tor servers.
10/28/16 UNIVERSITY OF WISCONSIN 20
21. Accessing the Deep WebAccessing the Deep Web
Tor2web
10/28/16 UNIVERSITY OF WISCONSIN 21
22. What Deep Web LinksWhat Deep Web Links
Look LikeLook Like
Deep Web links
appear as a random
string of letters
followed by the .onion
TLD. For example,
http://xmh57jrzrnw6i
nsl followed by .onion,
links to TORCH, the
Tor search engine web
page.
10/28/16 UNIVERSITY OF WISCONSIN 22
23. Searching the Deep WebSearching the Deep Web
To discover content on the
Web, search engines use web
crawlers that follow
hyperlinks through known
protocol virtual port
numbers. This technique is
ideal for discovering
resources on the surface
Web but is often ineffective
at finding Deep Web
resources.
10/28/16 UNIVERSITY OF WISCONSIN 23
24. Give the People What TheyGive the People What They
Came Here For, Tonight!Came Here For, Tonight!
Just like general web search, searching
the Invisible Web is also about looking
for the needle in the haystack. Only
here, the haystack is much bigger. The
Invisible Web is definitely not for the
casual searcher. It is a deep but not dark
because if you know what you are
searching for, enlightenment is a few
keywords away.
10/28/16 UNIVERSITY OF WISCONSIN 24
25. Deep Web SearchDeep Web Search
EnginesEngines
10/28/16 UNIVERSITY OF WISCONSIN 25
26. In mid-2014, a hacker created Grams, the Dark Web’s
first distributed search engine. Grams allows would-be
criminals to search for drugs, guns, and stolen bank
accounts across multiple hidden sites. It even includes
an "I’m Feeling Lucky" button and targeted ads where
drug dealers compete for clicks.
10/28/16 UNIVERSITY OF WISCONSIN 26
27. Grams Sample SearchGrams Sample Search
Crunchy Dutch MoonrocksCrunchy Dutch Moonrocks
10/28/16 UNIVERSITY OF WISCONSIN 27
28. Tools of the TradeTools of the Trade
10/28/16 UNIVERSITY OF WISCONSIN 28
29. Things That Make theThings That Make the
Deep Web WorkDeep Web Work
Cryptocurrency
Digital cash, such as bitcoin and darkcoin, and the
payment system Liberty Reserve provide a convenient
system for users to spend money online while keeping
their real-world identities hidden.
10/28/16 UNIVERSITY OF WISCONSIN 29
30. Things That Make theThings That Make the
Deep Web WorkDeep Web Work
Bulletproof Web-hosting Services
Some Web hosts in places such as Russia or Ukraine welcome all
content, make no attempts to learn their customers’ true
identities, accept anonymous payments in bitcoin, and routinely
ignore subpoena requests from law enforcement.
10/28/16 UNIVERSITY OF WISCONSIN 30
31. Things That Make theThings That Make the
Deep Web WorkDeep Web Work
Cloud Computing
By hosting their criminal
malware with reputable
firms, hackers are much less
likely to see their traffic
blocked by security systems.
A recent study suggested that
16 percent of the world’s
malware and cyberattack
distribution channels
originated in the Amazon
Cloud.
10/28/16 UNIVERSITY OF WISCONSIN 31
32. Things That Make theThings That Make the
Deep Web WorkDeep Web Work
Crimeware
Less skilled criminals can buy
all the tools they need to
identify system
vulnerabilities, commit
identity theft, compromise
servers, and steal data. It was
a hacker with just such a tool
kit who invaded Target’s
point-of-sale system in 2013.
10/28/16 UNIVERSITY OF WISCONSIN 32
33. Things That Make theThings That Make the
Deep Web WorkDeep Web Work
Hackers For Hire
Organized cybercrime
syndicates outsource
hackers-for-hire. The
Hidden Lynx group boasts
up to 100 professional
cyberthieves, some of whom
are known to have
penetrated systems at
Google, Adobe, and
Lockheed Martin.
10/28/16 UNIVERSITY OF WISCONSIN 33
34. Things That Make theThings That Make the
Deep Web WorkDeep Web Work
Multilingual Crime Call
Centers
Employees will play any
duplicitous role you would
like, such as providing job
and educational
references, initiating wire
transfers, and unblocking
hacked accounts. Calls
cost around $10.
10/28/16 UNIVERSITY OF WISCONSIN 34
35. Be Careful of What YouBe Careful of What You
Search For, You Might Just Find ItSearch For, You Might Just Find It
10/28/16 UNIVERSITY OF WISCONSIN 35
38. Deep Web, Dangerous WebDeep Web, Dangerous Web
SteganographySteganography
(ste-g&n-o´gr&-fē) (n.) The art and
science of hiding information by
embedding messages within other,
seemingly harmless messages
10/28/16 UNIVERSITY OF WISCONSIN 38
47. Deep Web VideoDeep Web Video
https://www.youtube.com/watch?v=osYwxy9B4Y4
10/28/16 UNIVERSITY OF WISCONSIN 47
48. Class DiscussionClass Discussion
You love the Internet. However, you favorite sites, such as Facebook,
Amazon, and wisc.edu are just the surface. There is another world out
there: the Deep Web
The Deep Web is where online information is password protected, or
requires special software to access—and it’s massive, yet it’s almost
completely out of sight. The Deep Web contains a hidden world, a
community where malicious actors unite in common nefarious purpose.
Should the government control or forbid certain sites? Why? Do you
think buying the following items on the Internet is possible? If it is
possible, should they be forbidden? How and why?
• Drugs (both prescription and clearly the clearly illegal type)
• Forged identity papers
• Weapons, explosives and ammunition
• Hired assassins
• Human organs
10/28/16 UNIVERSITY OF WISCONSIN 48