exploring the darknet
DESCRIPTION
A survey of the TOR Darknet (The Onion Router). The kinds of vile criminality that you will find in the Darknet and a brief discussion of the threats and opportunities presented by TOR.TRANSCRIPT
EXPLORING THE DARKNET 1
Exploringthe Darknet
Michael McDonnellGCIA, GCWN, MLISlinkedin.com/in/itpromichael
EXPLORING THE DARKNET 2
What is the “Darknet”?AKA THE ONION ROUTER (TOR)?
EXPLORING THE DARKNET 3
There are many Darknets
1. The Onion Router (TOR)◦ This is THE Darknet
2. I2P◦ Anonymous Peer-to-Peer Network◦ Regular services run over a “secure” network layer
3. Freenet◦ Distributed data store
4. anoNET◦ Pseudo-anonymous “Friend to Friend” (F2F) network◦ using VPNs and BGP
EXPLORING THE DARKNET 4
TOR History 1995 Development began on “Onion Routing” (ONR)
1997 Funded by DARPA High Confidence Networks Program
1998 13 nodes created: 1 in Canadian Ministry of Defence
2001 More DARPA funding
2002 US Naval Research Lab releases ONR v2 (aka TOR)
2003 More DARPA funding
2004 Hidden Services introduced: Hidden Wiki Setup
2014 Sponsors include SRI, US Dept. of State, NSF, Radio Free Asia, The Ford Foundation, Google, EFF, 4300 individuals.
EXPLORING THE DARKNET 5
What TOR Does
Anonymous Internet Access
“Hidden Services”
Bypass Filters
EXPLORING THE DARKNET 6
Mauritania, 2008Tor was useful not only to dissidents, but to the wider public as well.As mirror sites slipped away into the filters, Weddady worked to ensurethe greater public awareness of Tor. Cybercafes were the mainpoint of Internet access at the time for most Mauritanians, thus Weddadycirculated information to them. Tor allowed the average Internet userto access opposition and news sites that hadn’t escaped the filters.
After the failed attempt to filter the Internet, the government stoppedmost, if not all, filtering activities. Weddady says, Tor renderedthe government’s efforts completely futile. They simply didn't havethe know-how to counter that move. Ironically, we felt even more securebecause we learned an invaluable lesson: encrypt and anonymize. �
-- November 2008 Interview with Nasser Weddady by Jillian C. York
EXPLORING THE DARKNET 7
How TOR Works
EXPLORING THE DARKNET 8
Tor Routing
Source: (Blackhat, 2007) “Securing the Tor Network”
EXPLORING THE DARKNET 9
The Arab Spring
EXPLORING THE DARKNET 10
Syria, 2013
EXPLORING THE DARKNET 11
A Den of Vile Criminality
TOR is fine, in theory.
‘Cept it’s slow, full of viruses, hackers, paedophiles, and murderers…
-- Sablicious, ATS Forum
EXPLORING THE DARKNET 12
TOR: Hidden Servicesaka The Darknet
Example Address: zqktlwi4fecvo6ri.onion
EXPLORING THE DARKNET 13
How does one access the Darknet?
1. TAILS: The Amnesiac Internet System
◦ Use TAILS
2. TOR Browser Bundle◦ Compromised by FBI◦ OK for casual use
3. TOR Client Alone◦ NOT RECOMMENDED
4. Whonix◦ Requires two hosts, a
gateway and a client◦ A better design, but…
EXPLORING THE DARKNET 14
Freedom Hosting, 2013
EXPLORING THE DARKNET 15
TorMail SeizedAccording to court documents that recently surfaced, the FBI have cloned the entire email database while investigating Freedom Hosting…. now the FBI is mining the information from that database to track cyber criminals.
-- Wang Wei, The Hacker News
EXPLORING THE DARKNET 16
The Silk Road, 2013
EXPLORING THE DARKNET 17
The Silk Road
EXPLORING THE DARKNET 18
Robert Ulbrichtalk Dread Pirate Roberts
EXPLORING THE DARKNET 19
And the arrests continue…
EXPLORING THE DARKNET 21
ExploringWHAT CAN YOU SEE IN THE DARK?
EXPLORING THE DARKNET 22
TOR Starting Pages
EXPLORING THE DARKNET 23
TOR Search Engines
EXPLORING THE DARKNET 24
Archives“NoReason”
EXPLORING THE DARKNET 25
Archives“NoReason”
EXPLORING THE DARKNET 26
Forums“Intel Exchange”
EXPLORING THE DARKNET 27
Beneath Virginia Tech
EXPLORING THE DARKNET 28
What’s a Darknet without a DJ?
EXPLORING THE DARKNET 29
Conspiracy Theories
EXPLORING THE DARKNET 30
WikiLeaks
EXPLORING THE DARKNET 31
DOX and DOXing
EXPLORING THE DARKNET 32
DOXing Example
EXPLORING THE DARKNET 33
DOX Example
EXPLORING THE DARKNET 34
“The Secret Files” DOXing Famous People
EXPLORING THE DARKNET 35
Hacker Forums & Zines“HTP Hack the Planet”
EXPLORING THE DARKNET 36
Need a Passport?
EXPLORING THE DARKNET 37
Canadian Passports: $US800
EXPLORING THE DARKNET 38
Need a Drivers License?
EXPLORING THE DARKNET 39
Need a Drivers License?
EXPLORING THE DARKNET 40
Selling Money“Counterfeit USD”
EXPLORING THE DARKNET 41
Selling Money“Wall Street”
EXPLORING THE DARKNET 42
Selling Money“Wall Street”
EXPLORING THE DARKNET 43
Selling Money (Credit Cards)“Black & Yellow”
EXPLORING THE DARKNET 44
Selling Money (Credit Cards)
EXPLORING THE DARKNET 45
Selling Money (Credit Cards)“TOR Carding Forums”
EXPLORING THE DARKNET 46
Selling Money (Credit Cards)“Original Skimmed Cards”
EXPLORING THE DARKNET 47
Stealing MoneyATMs & Skimmers
EXPLORING THE DARKNET 48
Guns
EXPLORING THE DARKNET 49
iPhones
EXPLORING THE DARKNET 50
Hacker Forums“TorChan”
EXPLORING THE DARKNET 51
Hacker Forums“TorChan”
EXPLORING THE DARKNET 52
Hacker Forums“TorChan”
EXPLORING THE DARKNET 53
Hacker Forums“IntelExchange”
EXPLORING THE DARKNET 54
Hacker Forums“Tor Carding Forums”
EXPLORING THE DARKNET 55
Hacker Forums“Overchan”
EXPLORING THE DARKNET 56
Hacker Forums“HackBB”
EXPLORING THE DARKNET 57
Hacker Forums“HackBB”
EXPLORING THE DARKNET 58
Hacker Forums“HackBB” Wiki
EXPLORING THE DARKNET 59
Your Private Army“TorChan”
EXPLORING THE DARKNET 60
Killers“Hitman Network” $US10,000
EXPLORING THE DARKNET 61
Killers“Unfriendlysolution”
EXPLORING THE DARKNET 62
Been Shot? Need a “Fixer”?
EXPLORING THE DARKNET 63
Chloroform (Note: Email Address)
EXPLORING THE DARKNET 64
Image Hosting Services
EXPLORING THE DARKNET 65
The Really Sick Stuff There is no reasonable legal or ethical way to access this or show it to you. Here look at this kitten… this is the complete opposite of what you’ll find in the really DARK part of the Darkweb.
EXPLORING THE DARKNET 66
Terrorism (or a trap for supporters)
EXPLORING THE DARKNET 67
Risks, Threats, & Opportunities
EXPLORING THE DARKNET 68
Bad Actors on Your Network
EXPLORING THE DARKNET 69
Malware Using TOR
EXPLORING THE DARKNET 70
Attackers Using TOR
EXPLORING THE DARKNET 71
Threat Intelligence
EXPLORING THE DARKNET 72
Threat IntelligenceHacker Forums
EXPLORING THE DARKNET 73
Threat IntelligenceChat
EXPLORING THE DARKNET 74
Risks to TOR Users
EXPLORING THE DARKNET 75
“Tor Stinks” (NSA Presentation)
EXPLORING THE DARKNET 76
JavaScript is the Enemy
EXPLORING THE DARKNET 77
BlackHat TOR Talk Cancelled
Researchers from the CERT division of Software Engineer Institute (SEI) at Carnegie Mellon University… were set to give a talk purporting to demonstrate a way to deanonymize Tor users at Black Hat USA.
-- Andrea Peterson,
The Washington Post
EXPLORING THE DARKNET 78
My Hidden Service Experiment