my darkweb-presentation
TRANSCRIPT
![Page 1: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/1.jpg)
Husband, father, blogger, marketerNearly 20 years in online marketingMarketing Technologist (Capgemini)Master of Science in IT (CMU)Lobbied against Child Pornography
Paul Wilson(Charlotte, NC)
Follow me on Twitter
@PaulWilsonVisit me at
http://mymarketer.net
![Page 2: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/2.jpg)
THE FORCE vs THE DARK SIDE
The Deep Dark Web
![Page 3: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/3.jpg)
We will Discuss: The Landscape The Force The Dark Side A Deeper Look
![Page 4: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/4.jpg)
Understanding the Landscape of the Dark Web
![Page 5: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/5.jpg)
The REAL Web
![Page 6: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/6.jpg)
Created by the US Office of Naval Research Laboratory in the 1990s & perfected by DARPA TOR is an Open Source Non Profit Organization running out of an YWCA in Cambridge, Massachusetts
33 Full Time EmployeesTOR’s hosted by 1000s of Volunteers around the world
TOR Backstory
![Page 7: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/7.jpg)
Over 60.000 Users DailyApprox. 3500 Routers and GrowingCurrently 6 Million+ users Worldwide of the Dark Web9x of web pages are in the Deep & Dark Web!Media is wrong when they say that the only way to access the dark web is through TOR
Up & Running
![Page 8: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/8.jpg)
The Dark Web’s Currency: BitcoinsBitcoins are based on solving an encryption formula which requires extreme amounts of computing power.Websites like Deepbit.net help you set up the mining formula.Only 21 million Bitcoins will ever existTotal Bitcoins in circulation 15,432,075 (as of April 10, 2016)
![Page 9: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/9.jpg)
Using the Onion RouterRequires a ClientMany sites require pre- registration Anonymous Email Addresses strongly recommended.onion-URLs are used to identify hidden servicesAddresses 16-character alpha-semi-numeric hashes which are automatically generated based on a public key when the hidden service is configuredYou can use the visual web to view .onion sites, but you give up your privacy (e.g. .tor2web.org)
![Page 10: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/10.jpg)
Potential Flaws in the Onion!Timing AttackEntry MonitoringIntersection AttackDdos AttackPredecessor Attack (Replay)Exit node Sniffing
![Page 11: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/11.jpg)
TOR: The Force or The Dark Side?
![Page 12: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/12.jpg)
How The Force Uses TOR
![Page 13: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/13.jpg)
Providing a Voice for the Oppressed
![Page 14: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/14.jpg)
Freedom from having communications monitoredFreedom of the press on dangerous and sensitive topicsUsed by government embassies for sending of confidential emailsUseful in accessing blocked Internet sites where restrictions are enforced i.e. The UK, Saudi Arabia, China etc.
![Page 15: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/15.jpg)
The Jedi User
Home Users: protect themselves when online
Activists: anonymously report abuses from danger zones
Whistleblowers: safely report on corruption
Journalists: protect their research and sources online
Military and law enforcement: protect communications, investigations, and
intelligence
![Page 16: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/16.jpg)
How The Dark Side Uses TOR
![Page 17: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/17.jpg)
Providing a Voice for the Criminals
![Page 18: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/18.jpg)
The Deep Dark Web
Anonymous and unindexed area of the internet used for serious criminal activityRumored to contain more than 500 times the size of the traditional web The average life of a .onion site is 265 days Law Enforcement Agencies and “Dark Angels” aggressively work in bringing down criminal .onion sites
FBI hosting child porn sharing site as a sting site
![Page 19: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/19.jpg)
The Sith UserDrug Dealers: Controlled substance
marketplaces
Arm Dealer: selling all kinds of weapons
Pedifiler: Child pornography
Traitor: Unauthorized leaks of sensitive information
Thief: Money laundering and Credit Card Fraud
Plagiarist: Copyright infringement
![Page 20: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/20.jpg)
Exploring the Dark Web
![Page 21: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/21.jpg)
![Page 22: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/22.jpg)
![Page 23: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/23.jpg)
![Page 24: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/24.jpg)
![Page 25: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/25.jpg)
![Page 26: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/26.jpg)
![Page 27: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/27.jpg)
Comments
![Page 28: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/28.jpg)
![Page 29: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/29.jpg)
The Extras…
![Page 30: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/30.jpg)
Potential Flaws in the Onion
![Page 31: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/31.jpg)
Potential Flaws in the Onion!Multi Hopping = Slower ConnectionsConfusion between unlinkability with anonymityWhile using Tor leaks can occur via Flash plug-in’s & other media add-onsDarknet Heavily Monitored by Law Enforcement AgenciesNSA & GCHQ Installing hundreds of OR’s in order to capture & analyze trafficMany Honeypot Sites Exist in order to catch criminals
![Page 32: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/32.jpg)
An anonymous communication technique Messages constantly encrypted and sent through several onion routers which creates a circuit of nodes using random domain namesEach OR removes a layer of encryption with its symmetric key to reveal routing instructions, and sends the message to the next router where process is repeated Thus the analogy “onion router.” Prevents these intermediary nodes from knowing the origin, destination, and contents of the message
What is a Onion Router?
![Page 33: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/33.jpg)
Onion Routing: How it Works
![Page 34: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/34.jpg)
Variants (Other Anonymizing Technologies)
Tor (anonymity network)Garlic RoutingAnonymous P2PThe Amnesic Incognito Live SystemDegree of anonymityChaum mixesBitblinderJava Anonymous Proxy
![Page 35: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/35.jpg)
Onion Routing: How it Works
TOR Node
Encrypted
Alice
Bob
Jane
Unencrypted
•Each OR maintains a connection to every other OR•Users run an onion proxy (OP) to fetch directories, establish circuits across the network•Each OR maintains a long & short term onion identity key (10 mins)
Port 9001Port 9090Port 443
![Page 36: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/36.jpg)
Onion Routing: How it Works
TOR Node
Encrypted
Alice
Dave
Bob
Jane
UnencryptedStep 1: Alice’s TOR Client obtains a list of TOR Clients from a directory server
Port 9001Port 9030
![Page 37: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/37.jpg)
Onion Routing: How it Works TOR Node
Encrypted
Alice
Dave
Bob
Jane
Unencrypted
Step 2: Alice’s TOR Client picks a random path to a destination server. Green links are encrypted, red links are in the clear
Port 443
Port 80
![Page 38: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/38.jpg)
Onion Routing: How it Works TOR Node
Encrypted
Alice
Dave
Bob
Jane
Unencrypted
Step 3: If at a later time Alice connects to a different resource then a different, random route is selected. Again Green links are encrypted, red links are in the clear
Port 80
Port 443
![Page 39: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/39.jpg)
Fighting Internet Crime
TOR Node
Encrypted
Unencrypted
Security Agencies TOR is a key technology in the fight against organized crime on the internet
Illegal Site
Agency IP Address Hidden from Site owner
![Page 40: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/40.jpg)
Timing analysisAdversary could determine whether a node is transmitting by correlating when messages are sent by a server and received by a nodeTor, and any other low latency network, is vulnerable to such an attackCounter Measure: A Node can defeat this attack by sending dummy messages whenever it is not sending or receiving real messages (Not currently part of the Tor threat model)
![Page 41: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/41.jpg)
Entry Node SniffingTOR Node
Encrypted
Bob
Unencrypted
Criminal posts anonymous content out to Compromised Server
Compromised Node
Police
Law Enforcement Monitor suspects client machine (Entry Point)
![Page 42: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/42.jpg)
Exit Node SniffingTOR Node
Encrypted
Target
Unencrypted
Criminal posts anonymous content onto Server Compromised
Node
Infected with malicious code
Police
Law Enforcement Monitors Target client machine (Exit Point)
• An exit node has complete access to the content being transmitted from the sender to the recipient
• If the message is encrypted by SSL, the exit node cannot read the information, just as any encrypted link over the regular internet
![Page 43: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/43.jpg)
Intersection AttacksTOR Node
Encrypted
Bob
Unencrypted
Criminal posts anonymous content out to Compromised Server
Compromised Node
Police
Network AnalysisNodes periodically fail of the network; any chain that remains functioning cannot have been routed through either the nodes that left or the nodes that recently joined the network, increasing the chances of a successful traffic analysis
Offline Node
![Page 44: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/44.jpg)
Predecessor attacks (Replay)Compromised Nodes can retain session information as it occurs over multiple chain reformations
Chains are periodically torn down and rebuiltIf the same session is observed over the course of enough reformationsThe compromised node connects with the particular sender more frequently than any other node Increasing the chances of a successful traffic analysis
![Page 45: My darkweb-presentation](https://reader035.vdocuments.mx/reader035/viewer/2022070513/5889095d1a28ab4a5c8b48bb/html5/thumbnails/45.jpg)
Ddos Attack
DoS and TorTor is vulnerable to DoS attacks because users can consume more network resources than allowed or render the network unusable for other users.
Tor deals with these attacks with
Puzzle solving: At beginning of TLS handshake or accepting create cells, this limits the attack multiplier.Limiting rates: Limits rates of accepting of create cell and TLS connections so the computational work of processing them doesn’t disrupt the symmetric cryptography operations that allow cells to flow.