Top Banner
Demystifying Cyber Security: The Darknet (Deep Web) 1 PD Unit
26

Darknet (ec)

Jan 08, 2017

Download

Education

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Darknet (ec)

Demystifying Cyber Security: The Darknet

(Deep Web)

1 PD Unit

Page 2: Darknet (ec)

BRADLEY WDEACON

Session SpeakerBradley W Deacon

Bradley is a former Federal Agent and was one of the first members of the Australian Federal Police Computer Crime Unit Sydney where in 1995 his team was successful in having the first jail sentence imposed on a computer hacker.

Bradley is a qualified non practising lawyer focussing on the law around Cyber Space & Social Media with degrees in criminal justice, law, and postgraduate studies in Criminology and Law. Additionally Bradley has a Postgraduate Certificate in Distance Ed specialising in Digital Delivery from Penn State University. Bradley also has a Masters in National Security with his thesis centred around digital technology: “Evolving Digital Technology Terrorist Financing & The Threat To U.S National Security”

As a cyber bullying and stalking advocate, Bradley was approached by VCAT in 2014 to design and facilitate delivery of a social media awareness package in 2015 for Victorian Court Staff and the Judiciary and was recently a keynote speaker at the Say No 2 Bullying Conference on the Gold Coast.

Bradley lectures at several Australian Universities and colleges in a variety of Cyber Law related units and justice units and is about to undertake a PhD in Social Media by ‘publication’.

On-Demand Professional Development Academy

Page 3: Darknet (ec)

Session OutlineLearning Outcomes

• Background of Darknet (DeepWeb)

• Ramifications of staff accessing Darknet

• Cyber security education development

• White Hat, Black Hat & Grey Hat hackers

On-Demand Professional Development Academy

Page 4: Darknet (ec)

Background of the Darknet

The Darknet aka Deep Web

• Hidden websites started appearing in 2004 • The TOR network original intention was for

anonymous communication within Military to keep messages encrypted and secret

On-Demand Professional Development Academy

Page 5: Darknet (ec)

Background of the Darknet

The Darknet aka Deep Web

On-Demand Professional Development Academy

• TOR stands for the ‘Onion Router’ and will generally have an extension .onion

• TOR is slow as it bounces around several ‘volunteer’ computers around the world to keep original location it was sent from and the place it is going ‘anonymous’

Page 6: Darknet (ec)

Background of the Darknet

Released As Open Source

• In 2004 TOR was as freeware ‘open source’ to the public

• The .onion extension represents the multiple layers similar to an onion in that when you cook an onion you peel off layers

On-Demand Professional Development Academy

Page 7: Darknet (ec)

Background of the Darknet

Released As Open Source

• .Onion is used because the websites you are visiting are deeper and harder to find

• .Onion websites are deeper and harder to find as they are behind layers of anonymity

On-Demand Professional Development Academy

Page 8: Darknet (ec)

Background of the Darknet

Deep Web

• The Deep Web includes many web pages that are encrypted with passwords or documents in formats that cannot be indexed

• Therefore, the Darknet is part of the Deep Web, but the Deep Web is a much broader term than the Darknet.

On-Demand Professional Development Academy

Page 9: Darknet (ec)

Background of the Darknet

Deep Web • The Darknet has an estimated 200,000 to 400,000

sites, with the exact number impossible to determine.

• Websites are hosted on servers with hidden locations through the veil of encryption and virtual private networks (VPNs).

• As a result, Darknet sites are extremely difficult to shut down as the location of the administrators is virtually untraceable.

On-Demand Professional Development Academy

Page 10: Darknet (ec)

Background of the Darknet

Released As Open Source

• .Onion is used because the websites you are visiting are deeper and harder to find

• .Onion websites are deeper and harder to find as they are behind layers of anonymity

On-Demand Professional Development Academy

Page 11: Darknet (ec)

Background of the Darknet

How Safe Is TOR? ● Like any part of the Internet TOR has its security

threats

● YouTube, Facebook, Google, Email all pose a threat if you do not have good Anti-Virus

● TOR is no different and can be a threat especially if you click a site/link that is unknown

On-Demand Professional Development Academy

Page 12: Darknet (ec)

Background of the Darknet

How Safe Is TOR? ● TOR relies on Peer to Peer reviews and some use

this as an indication to how safe a link is or a download may be

● EXTREME CAUTION MUST BE USED WHEN USING TOR

On-Demand Professional Development Academy

Page 13: Darknet (ec)

RAMIFICATIONS STAFF ACCESSING

TOR & YOUR STAFF • TOR is attractive to staff to use

• TOR is well known amongst ‘Digital Natives’ as the site to download games, movies and TV shows

• Staff need to be educated about TOR

• Your Internet use policy should include a ban on using TOR or any Virtual Private Network (VPN) in the workplace

On-Demand Professional Development Academy

Page 14: Darknet (ec)

RAMIFICATIONS STAFF ACCESSING

TOR & YOUR STAFF • Your IT Security Advisor/Provider Should Block

access to TOR and VPN’s

• Ensure you have systems in place to log all attempts to access TOR and VPN’s

• Ensure Firewalls are installed

• Advise staff of accessing TOR and VPN’s is against the Firms Internet Use Policy & access attempts are logged

On-Demand Professional Development Academy

Page 15: Darknet (ec)

Education Development Education Is The Key • Digital Natives are constantly pushing the Internet

boundary

• Digital Natives want everything yesterday • Digital Natives generally do not see any issue with

copyright infringement for movies, music and the like

• Porn is available all over the Internet from desktop to smartphones with one click

On-Demand Professional Development Academy

Page 16: Darknet (ec)

Education Development

Education Is The Key

• The Darknet provides a marketplace for a wide variety of illegal substances, services, and communications.

• It is more than just a black market-the Darknet also houses the most controversial political debates and sharing of information between dissidents, journalists, whistleblowers, extremists and trolls.

On-Demand Professional Development Academy

Page 17: Darknet (ec)

Education Development

Education Is The Key

• The Darknet via peer group pressure tempts and lures staff to sites

• Education is paramount and annual reinforcement is critical

• Case studies need to be provided of where the use of TOR in the workplace can lead to dismissal

On-Demand Professional Development Academy

Page 18: Darknet (ec)

Cyber security education development

On-Demand Professional Development Academy

Page 19: Darknet (ec)

The Darket Brings Out The Scammers

On-Demand Professional Development Academy

Page 20: Darknet (ec)

The Darket Brings Out The Scammers

On-Demand Professional Development Academy

The bravado I have witnessed as one of the founding Federal Agents in the Computer Crime Section in the mid 1990's, where we obtained Australia's first Jail sentence for a computer 'hacker' and now as a Cyber Law educator and consultant never ceases to amaze me.

Most seem to have this 'untouchable' attitude where they believe that they have outsmarted law enforcement and intelligence agencies and large private sector IT security companies, only to eventually face the harsh reality that justice almost always prevails.

Page 21: Darknet (ec)

White, Black & Grey Hat Hackers

Hacker Groups and Sub-Groups

From experience and over the years, I have observed that hackers fall into three categories or sub-groups:

• White Hats - generally work for security organisations and are assigned the task of improving and securing computer services by identifying and securing security flaws. .

On-Demand Professional Development Academy

Page 22: Darknet (ec)

White, Black & Grey Hat Hackers

On-Demand Professional Development Academy

Black Hats - are a varied group who use their skills to cause problems for others and can be motivated by a range of motivations and skill sets:

Some direct their destructive actions at a targeted company or group and are often referred to as 'angry hackers'

A less skilled group with lower 'hacking' skills who use hacking tools to cause mischief for fun aka known as 'script kiddies' and;

Those that are interested in political and economic upheaval and view technology as the means to accomplishing a goal aka 'agenda hackers'

Page 23: Darknet (ec)

White, Black & Grey Hat Hackers

On-Demand Professional Development Academy

Grey Hats - are independent security experts and consultants who are quite often reformed Black Hats.

● Hacking is quite simply 'unauthorised access and subsequent use of other people's computer systems' and can be correlated with everyday burglars who break into a house where in the world of computers it is a 'computer break in.’

● One must look at how the hacker came about to committing the hack that defines what type of hacker they are.

Page 24: Darknet (ec)

Hactivisim

On-Demand Professional Development Academy

Over time we have seen another hacking term emerge and this is 'hacktivism' a term that denotes hacking for a political or activist purpose where at its worst can even be a 'terrorist attack'.

It is believed that hacktivism emerged by joining hacking with activism where the hacking techniques are against a targets Internet site with the intent of disrupting regular operations such as web sit-ins, virtual blockades, automated email bombs, web hacks, computer break ins, computer viruses and worms.

All of which in legal international and domestic legal instruments are referred to as 'illegal' or 'unauthorised' access and interception.

Page 25: Darknet (ec)

Peace of Mind

Have you got the following covered?

A. Workplace Internet Use Policy?

B. Social Media Policy For The Workplace?

C. Social Media Staff/Firm Reputation

Management Training In Place?

D. IT Security Reviews?

E. Have a ‘White Hat’ Hacker test your staff with

‘Phishing’ attempts to see if they open links?

On-Demand Professional Development Academy

Page 26: Darknet (ec)

Demystifying Cyber Security: The Darknet

(Deep Web)

1 PD Unit