The Dark Web Dan Saba, Connor Schack, Patrick Taylor, Priya Shah 1 - PowerPoint PPT Presentation

The Dark Web Dan Saba, Connor Schack, Patrick Taylor, Priya Shah 1

Outline Int Intro Hi Hist story Te Technologie ies Ma Markets Le Legality Ca Case e Studies es Refe ferences 2

What is the Deep Web? ❖ Unindexed part of the Internet ❖ Examples are: databases, subscription-only content, dynamic web pages ❖ About 4000 to 5000 times larger than indexed, surface web ❖ Includes the Dark Web Surface Deep 3

What is the Dark Web? ❖ Content intentionally hidden ❖ Host to a variety of legal and illegal activities ❖ Accessed with anonymous browsing software ❖ Hosts the Dark Web Markets image source: knowbe4.com 4

What is a Dark Web Market? ❖ Market hosted on the Dark Web ❖ Uses cryptocurrency to trade goods and services ❖ Sells things like drugs, weapons, stolen or counterfeit goods, malware ❖ Dark Web does between $300,000 and $500,000 in sales daily 5

History March 2000: Freenet, “a peer-to-peer platform for censorship-resistant communication”. June 2000: HavenCo, a data hosting for restricted data September 2002: Early version of Tor released January 2009: First Bitcoin mined February 2011: Silk Road launched October 2013: Silk Road shutdown and Ross William Ulbricht arrested 6

Technologies VPN Tor Cryptocurrency PGP Snail Mail 7

VPN ❖ Virtual Private Network ❖ Allows two networks to connect securely ❖ Gives some anonymity while browsing ❖ Creates tunnel through which data is sent, uses encapsulation & encryption ❖ Hides Tor usage from others ❖ Places trust with VPN instead of ISP, VPN could keep logs image source: marketslant.com 8

Tor ❖ Original project: “The Onion Router”, funded by federal government ❖ Strips headers off of packets ❖ Symmetrically encrypts a packet wrapper ❖ Wrapper is sent to volunteer relays which decrypt a layer, like peeling an onion ❖ Relays decrypt until message is unencrypted and sent to destination ❖ Diffie-Hellman 9

Cryptocurrency ❖ Allows peer-to-peer transactions with increased anonymity ❖ Mined or traded for with traditional currency ❖ Blockchain keeps record of transactions ❖ Pseudonymous: address identifies user ❖ Potentially see every transaction made under your address ❖ Laundering services like mixing or tumbling 10

PGP ❖ “Pretty Good Privacy” ❖ Uses asymmetric encryption ❖ Two factor authentication for dark web site using user public key ❖ Communicate sensitive info between buyers and sellers image source: goanywhere.com 11

Snail Mail ❖ Goods need to be exchanged with physical medium ❖ Mail services typically used ❖ Requires disclosure of shipping address from buyer to seller ❖ Customs and Border Protection (CBP) has authority to search international packages entering U.S. without a warrant ❖ Domestic mail not subject to arbitrary search 12

Dark Web Market Agartha Market Homepage (4/28/2019) 13

Dark Web Links ❖ Need to be careful of what sites you visit ❖ Certain subreddits, DeepDotWeb, Hidden Wiki, provide current links or PGP signed mirrors 14

Customer Review System ❖ Essential for trust on unregulated markets ❖ Buyers rely on ratings from other buyers to verify the quality of a product and the reliability of the seller ❖ Sellers provide products for free to trusted verifiers to confirm the purity, in the case of drugs 15

Dark Web Market Products ❖ Stolen credit cards “Service-Catalogue” from a dark website (C’thuthlu) ❖ Drugs ❖ Hitmen ❖ Child pornography ❖ Firearms ❖ Human organs ❖ Uranium ❖ Malware ❖ Human slaves image source: securityaffairs.co 16

Dark Web and Security ❖ Dark Web often used as a forum for hackers to discuss plans; exploit markets sell zero day vulnerabilities ❖ Can be used to sell stolen information, such as credit card information ❖ Malware used in data-breaches can be bought on Dark Web Target 2013: RAM Scraper • 17

Legality ❖ Installing dark web browser and exploring dark web isn’t illegal, even selling zero day exploits is legal Accidentally/intentionally downloading things like child pornography • Buying products and services that would be illegal offline • ❖ Criminals on the dark web are difficult to identify, track, and indict ❖ Case Studies: Silk Road • AlphaBay • 18

Dark Web and Intelligence ❖ Dark Web & Tor used by political dissidents and whistleblowers ❖ Anonymity attractive to terrorist groups, where they can recruit or even raise money using cryptocurrencies ❖ Military can study Dark Web for information on terrorist activities ❖ Department of Defense uses tactics to interfere with plans, ex: DDoSing ❖ Snowden: NSA adds people visiting Tor site to watch-list (XKeyscore) 19

Silk Road ❖ Launched February 2011 by Ross Ulbricht ❖ Generated an estimated $1.2 Billion ❖ Vendors in over 10 countries, 100,000 buyers ❖ Victimless crimes only ❖ Ulbricht arrested October 2013 for money laundering, hacking, drug trafficking, six ‘contracted murder-for-hire allegations’ 20

AlphaBay ❖ Launched September 2014 by Alexandre Cazes ❖ Generated Cazes over $23 Million ❖ One of largest sources for drugs on dark web; 400,000 users ❖ Shut down July 2017 ❖ Cazes found dead in cell days after arrest 21

Conclusion ❖ Individuals attracted to the dark web because of the anonymity it can provide. ❖ Both legal and illegal activities occur, such as securing private communications to selling stolen information. ❖ Difficult to identify malicious actors and advancements in encryption are making it harder. ❖ Dark Web and Dark Markets not going away, new sites launched all the time ❖ Law enforcement and security professionals need to be knowledgeable on the topic to combat things like paid attacks and selling of exploits. 22

References https://www.wired.com/2014/11/hacker-lexicon-whats-dark-web/ https://www.youtube.com/watch?v=DhYeqgufYss https://www.theregister.co.uk/2017/07/20/dark_net_megabust/ https://www.youtube.com/watch?v=wlP1JrfvUo0 https://www.smh.com.au/technology/drugs-bought-with-virtual-cash- https://www.youtube.com/watch?v=QRYzre4bf7I 20110611-1fy0a.html https://www.wired.com/story/bitcoin-drug-deals-silk-road-blockchain/ https://darkwebnews.com/dark-web-market-list/ https://www.justice.gov/opa/press-release/file/982821/download https://www.wired.com/2015/03/evolution-disappeared-Bitcoin-scam-dark- https://www.theverge.com/2019/2/17/18226718/alphabay- web/ takedown-drug-marketplace-federal-arrest https://fas.org/sgp/crs/misc/R44101.pdf https://www.cnet.com/news/nsa-likely-targets-anybody-whos-tor-curious/ https://www.cs.tufts.edu/comp/116/archive/fall2016/cjacoby.pdf https://securityboulevard.com/2019/02/understanding-the-darknet-and-its- impact-on-cybersecurity/ https://www.fbi.gov/news/stories/alphabay-takedown https://wiki.wireshark.org/Tor https://www.tomsguide.com/us/what-is-tor-faq,news-17754.html https://www.deepdotweb.com/marketplace-directory/listing/dream-market/ https://foreignpolicy.com/2013/12/09/the-darknet-a-short-history/ https://blog.radware.com/security/2017/03/cost-of-ddos-attack-darknet/ https://jolt.richmond.edu/2017/10/18/the-dark-web-a-seemingly-endless- market-for-drug-trafficking/ https://www.cigionline.org/sites/default/files/gcig_paper_no6.pdf https://www.computerweekly.com/news/252445554/Dark-web-cyber-crime- markets-thriving https://www.academia.edu/9622433/TERROR_IN_THE_DEEP_AND_DARK_WEB 23

Questions? 24