Top Banner
g the Darknet Michael McDonnell GCIA, GCWN, MLIS linkedin.com/in/itpromichael EXPLORING THE DARKNET 1
78

Exploring the Darknet

Nov 29, 2014

Download

Internet

A survey of the TOR Darknet (The Onion Router). The kinds of vile criminality that you will find in the Darknet and a brief discussion of the threats and opportunities presented by TOR.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Exploring the Darknet

EXPLORING THE DARKNET 1

Exploringthe Darknet

Michael McDonnellGCIA, GCWN, MLISlinkedin.com/in/itpromichael

Page 2: Exploring the Darknet

EXPLORING THE DARKNET 2

What is the “Darknet”?AKA THE ONION ROUTER (TOR)?

Page 3: Exploring the Darknet

EXPLORING THE DARKNET 3

There are many Darknets

1. The Onion Router (TOR)◦ This is THE Darknet

2. I2P◦ Anonymous Peer-to-Peer Network◦ Regular services run over a “secure” network layer

3. Freenet◦ Distributed data store

4. anoNET◦ Pseudo-anonymous “Friend to Friend” (F2F) network◦ using VPNs and BGP

Page 4: Exploring the Darknet

EXPLORING THE DARKNET 4

TOR History 1995 Development began on “Onion Routing” (ONR)

1997 Funded by DARPA High Confidence Networks Program

1998 13 nodes created: 1 in Canadian Ministry of Defence

2001 More DARPA funding

2002 US Naval Research Lab releases ONR v2 (aka TOR)

2003 More DARPA funding

2004 Hidden Services introduced: Hidden Wiki Setup

2014 Sponsors include SRI, US Dept. of State, NSF, Radio Free Asia, The Ford Foundation, Google, EFF, 4300 individuals.

Page 5: Exploring the Darknet

EXPLORING THE DARKNET 5

What TOR Does

Anonymous Internet Access

“Hidden Services”

Bypass Filters

Page 6: Exploring the Darknet

EXPLORING THE DARKNET 6

Mauritania, 2008Tor was useful not only to dissidents, but to the wider public as well.As mirror sites slipped away into the filters, Weddady worked to ensurethe greater public awareness of Tor. Cybercafes were the mainpoint of Internet access at the time for most Mauritanians, thus Weddadycirculated information to them. Tor allowed the average Internet userto access opposition and news sites that hadn’t escaped the filters.

After the failed attempt to filter the Internet, the government stoppedmost, if not all, filtering activities. Weddady says, Tor renderedthe government’s efforts completely futile. They simply didn't havethe know-how to counter that move. Ironically, we felt even more securebecause we learned an invaluable lesson: encrypt and anonymize. �

-- November 2008 Interview with Nasser Weddady by Jillian C. York

Page 7: Exploring the Darknet

EXPLORING THE DARKNET 7

How TOR Works

Page 8: Exploring the Darknet

EXPLORING THE DARKNET 8

Tor Routing

Source: (Blackhat, 2007) “Securing the Tor Network”

Page 9: Exploring the Darknet

EXPLORING THE DARKNET 9

The Arab Spring

Page 10: Exploring the Darknet

EXPLORING THE DARKNET 10

Syria, 2013

Page 11: Exploring the Darknet

EXPLORING THE DARKNET 11

A Den of Vile Criminality

TOR is fine, in theory.

‘Cept it’s slow, full of viruses, hackers, paedophiles, and murderers…

-- Sablicious, ATS Forum

Page 12: Exploring the Darknet

EXPLORING THE DARKNET 12

TOR: Hidden Servicesaka The Darknet

Example Address: zqktlwi4fecvo6ri.onion

Page 13: Exploring the Darknet

EXPLORING THE DARKNET 13

How does one access the Darknet?

1. TAILS: The Amnesiac Internet System

◦ Use TAILS

2. TOR Browser Bundle◦ Compromised by FBI◦ OK for casual use

3. TOR Client Alone◦ NOT RECOMMENDED

4. Whonix◦ Requires two hosts, a

gateway and a client◦ A better design, but…

Page 14: Exploring the Darknet

EXPLORING THE DARKNET 14

Freedom Hosting, 2013

Page 15: Exploring the Darknet

EXPLORING THE DARKNET 15

TorMail SeizedAccording to court documents that recently surfaced, the FBI have cloned the entire email database while investigating Freedom Hosting…. now the FBI is mining the information from that database to track cyber criminals.

-- Wang Wei, The Hacker News

Page 16: Exploring the Darknet

EXPLORING THE DARKNET 16

The Silk Road, 2013

Page 17: Exploring the Darknet

EXPLORING THE DARKNET 17

The Silk Road

Page 18: Exploring the Darknet

EXPLORING THE DARKNET 18

Robert Ulbrichtalk Dread Pirate Roberts

Page 19: Exploring the Darknet

EXPLORING THE DARKNET 19

And the arrests continue…

Page 20: Exploring the Darknet

EXPLORING THE DARKNET 21

ExploringWHAT CAN YOU SEE IN THE DARK?

Page 21: Exploring the Darknet

EXPLORING THE DARKNET 22

TOR Starting Pages

Page 22: Exploring the Darknet

EXPLORING THE DARKNET 23

TOR Search Engines

Page 23: Exploring the Darknet

EXPLORING THE DARKNET 24

Archives“NoReason”

Page 24: Exploring the Darknet

EXPLORING THE DARKNET 25

Archives“NoReason”

Page 25: Exploring the Darknet

EXPLORING THE DARKNET 26

Forums“Intel Exchange”

Page 26: Exploring the Darknet

EXPLORING THE DARKNET 27

Beneath Virginia Tech

Page 27: Exploring the Darknet

EXPLORING THE DARKNET 28

What’s a Darknet without a DJ?

Page 28: Exploring the Darknet

EXPLORING THE DARKNET 29

Conspiracy Theories

Page 29: Exploring the Darknet

EXPLORING THE DARKNET 30

WikiLeaks

Page 30: Exploring the Darknet

EXPLORING THE DARKNET 31

DOX and DOXing

Page 31: Exploring the Darknet

EXPLORING THE DARKNET 32

DOXing Example

Page 32: Exploring the Darknet

EXPLORING THE DARKNET 33

DOX Example

Page 33: Exploring the Darknet

EXPLORING THE DARKNET 34

“The Secret Files” DOXing Famous People

Page 34: Exploring the Darknet

EXPLORING THE DARKNET 35

Hacker Forums & Zines“HTP Hack the Planet”

Page 35: Exploring the Darknet

EXPLORING THE DARKNET 36

Need a Passport?

Page 36: Exploring the Darknet

EXPLORING THE DARKNET 37

Canadian Passports: $US800

Page 37: Exploring the Darknet

EXPLORING THE DARKNET 38

Need a Drivers License?

Page 38: Exploring the Darknet

EXPLORING THE DARKNET 39

Need a Drivers License?

Page 39: Exploring the Darknet

EXPLORING THE DARKNET 40

Selling Money“Counterfeit USD”

Page 40: Exploring the Darknet

EXPLORING THE DARKNET 41

Selling Money“Wall Street”

Page 41: Exploring the Darknet

EXPLORING THE DARKNET 42

Selling Money“Wall Street”

Page 42: Exploring the Darknet

EXPLORING THE DARKNET 43

Selling Money (Credit Cards)“Black & Yellow”

Page 43: Exploring the Darknet

EXPLORING THE DARKNET 44

Selling Money (Credit Cards)

Page 44: Exploring the Darknet

EXPLORING THE DARKNET 45

Selling Money (Credit Cards)“TOR Carding Forums”

Page 45: Exploring the Darknet

EXPLORING THE DARKNET 46

Selling Money (Credit Cards)“Original Skimmed Cards”

Page 46: Exploring the Darknet

EXPLORING THE DARKNET 47

Stealing MoneyATMs & Skimmers

Page 47: Exploring the Darknet

EXPLORING THE DARKNET 48

Guns

Page 48: Exploring the Darknet

EXPLORING THE DARKNET 49

iPhones

Page 49: Exploring the Darknet

EXPLORING THE DARKNET 50

Hacker Forums“TorChan”

Page 50: Exploring the Darknet

EXPLORING THE DARKNET 51

Hacker Forums“TorChan”

Page 51: Exploring the Darknet

EXPLORING THE DARKNET 52

Hacker Forums“TorChan”

Page 52: Exploring the Darknet

EXPLORING THE DARKNET 53

Hacker Forums“IntelExchange”

Page 53: Exploring the Darknet

EXPLORING THE DARKNET 54

Hacker Forums“Tor Carding Forums”

Page 54: Exploring the Darknet

EXPLORING THE DARKNET 55

Hacker Forums“Overchan”

Page 55: Exploring the Darknet

EXPLORING THE DARKNET 56

Hacker Forums“HackBB”

Page 56: Exploring the Darknet

EXPLORING THE DARKNET 57

Hacker Forums“HackBB”

Page 57: Exploring the Darknet

EXPLORING THE DARKNET 58

Hacker Forums“HackBB” Wiki

Page 58: Exploring the Darknet

EXPLORING THE DARKNET 59

Your Private Army“TorChan”

Page 59: Exploring the Darknet

EXPLORING THE DARKNET 60

Killers“Hitman Network” $US10,000

Page 60: Exploring the Darknet

EXPLORING THE DARKNET 61

Killers“Unfriendlysolution”

Page 61: Exploring the Darknet

EXPLORING THE DARKNET 62

Been Shot? Need a “Fixer”?

Page 62: Exploring the Darknet

EXPLORING THE DARKNET 63

Chloroform (Note: Email Address)

Page 63: Exploring the Darknet

EXPLORING THE DARKNET 64

Image Hosting Services

Page 64: Exploring the Darknet

EXPLORING THE DARKNET 65

The Really Sick Stuff There is no reasonable legal or ethical way to access this or show it to you. Here look at this kitten… this is the complete opposite of what you’ll find in the really DARK part of the Darkweb.

Page 65: Exploring the Darknet

EXPLORING THE DARKNET 66

Terrorism (or a trap for supporters)

Page 66: Exploring the Darknet

EXPLORING THE DARKNET 67

Risks, Threats, & Opportunities

Page 67: Exploring the Darknet

EXPLORING THE DARKNET 68

Bad Actors on Your Network

Page 68: Exploring the Darknet

EXPLORING THE DARKNET 69

Malware Using TOR

Page 69: Exploring the Darknet

EXPLORING THE DARKNET 70

Attackers Using TOR

Page 70: Exploring the Darknet

EXPLORING THE DARKNET 71

Threat Intelligence

Page 71: Exploring the Darknet

EXPLORING THE DARKNET 72

Threat IntelligenceHacker Forums

Page 72: Exploring the Darknet

EXPLORING THE DARKNET 73

Threat IntelligenceChat

Page 73: Exploring the Darknet

EXPLORING THE DARKNET 74

Risks to TOR Users

Page 74: Exploring the Darknet

EXPLORING THE DARKNET 75

“Tor Stinks” (NSA Presentation)

Page 75: Exploring the Darknet

EXPLORING THE DARKNET 76

JavaScript is the Enemy

Page 76: Exploring the Darknet

EXPLORING THE DARKNET 77

BlackHat TOR Talk Cancelled

Researchers from the CERT division of Software Engineer Institute (SEI) at Carnegie Mellon University… were set to give a talk purporting to demonstrate a way to deanonymize Tor users at Black Hat USA.

-- Andrea Peterson,

The Washington Post

Page 77: Exploring the Darknet

EXPLORING THE DARKNET 78

My Hidden Service Experiment

Page 78: Exploring the Darknet

EXPLORING THE DARKNET 79

[email protected]

LINKEDIN.COM/IN/ITPROMICHAEL