Forensics Expo, London 2015

The DarkNet, Investigations & CriminalityProfessor John Walker

HEXFORENSICS LtdShelton Street, Covent Garden, London, WC2H 9JQ

The Technology Explosion – the Opportunity

The race to evolve technology has in itself enabled the world to be a smarter place, and manifested in opportunitiesfor the global community.

It has also enabled the Criminal Community to create a business model that nets billions in illicit revenue.

Add to this the fact that many businesses do not understand the Cyber Threat and you have the Perfect Storm in whichCriminality, Paedophiles, Abusers and their DarkNets may thrive.

Research

According to research &Europol the principal search engines index only a small portion of the overall web content, the remaining part is unknown to the majority of web users.

I concur..

Why DarkNet?

The DarkNet may actually represent anything its creator withies, for whatever purpose:

• Fun• International Terrorism• Criminal Community Support• Copyright Theft• Paedophilia and Distribution of Images• On Line Live Abuse• Hacking•• Anything

What is the DarkNet Made of?

The Construction is down to imagination, ingenuity, and creativity.•

Dynamic URL’s

The Challenge – The Truth

Proxy Server are on offer in Russia [and other places] as an intermediate system to acts as a mediator between a computer and the Internet. These Proxy Servers are used for various purposes, but their main purpose is to support anonymity. Anonymity, in this case, comes from the fact that the destination server sees the IP address of the proxy server and not that of the miscreants system.

The good news is – such services store logs, and do not always provide complete anonymity.

Dynamic Content

Unlinked Content

Private Web

Contextual Web

Scripted Content

Non-HTML/Text Content

The Reality of the Global Threat Landscape

http://hackmageddon.com/2015/04/20/1-15-april-2015-cyber-attacks-timeline/

Here is a list of 49 attacks which took placeUp to and including 14/04/2015!

Evolution - CaaS

TheRealDeal," has opened up for hackers, which focuses on selling Zero-Day exploits — infiltration codes that took advantage of software vulnerabilities for which the manufacturers have released no official software patch.

Consider MS15-034 flaw which has left over 70 million sites vulnerable to Cyber Attack.

The Value of HUMINT

No matter the type of event or security incident, HUMINT [Human Intelligence] can be a double edge sword – • On one hand it can bring high value to the investigation

• On the other – it can represents OoII to Cyber Adversaries

Minority Reporting – The value of TIA

The Cyber Threats-of-the-Age dictate a new way of looking at the unconventional through a new window of defence.

“Digital Forensics has been used in investigations for more than 30 years, however it is nowfacing one of its biggest challenges.”

Professor Andy Jones – De Montfort University

This presentation only considered the environmental facets of a DarNet – it did not consider:

• Acquisition of Artifacts• Reliability of Evidence• Distance Forensic Protocols• The Chain-of-Evidence• Multi Cloud Environment• Locally Stored Keys• Admissibility

This is a new age and thus dictates new protocols of engagement .

Thank You for Listening