The Hidden Face of the DarknetThe Hidden Face of the Darknet

Carl HerbergerCarl Herberger

May 23rd, 2018May 23rd, 2018

Global VP, Security Solutions Global VP, Security Solutions

2 Agenda

• What is the Darknet

• How to access the Darknet

• What can you find

• What can you buy

• Why hackers use the Darknet

3What is the Darknet?

4What is the Darknet?

Overlay network

Private and encrypted

Requires specific tools

Origins

1970, Isolated network

from ARPANET

Uses

Email and social media

Hosting and file

sharing

News and Media

E-Commerce

5 Agenda

• What is the Darknet

• How to access the Darknet

• What can you find

• What can you buy

• Why hackers use the Darknet

6How to access the Darknet

TOR I2P

Software The Onion Router Invisible Internet Project

Two Dark-net Types

Anonymity Friend-to-Friend

UsesPrivacy / Hidden

Services File sharing

7Type of Darknet – Friend to Friend – I2P

Data encapsulated in layers

of encryption

Bundling multiple messages

together

Unidirectional tunnels

8

9

10Type of Darknet – Anonymity - Tor

Source

Message

Router C

Router B

Router A

Destination

Data encapsulated in layers of

encryption

Each layer reveals the next

relay

Final layer sends data to

destination

Bi-Directional

11

12Access - Whonix

Two virtual machines

WorkstationGateway

User application have no knowledge of the users ‘real’ IP address

All communications are forced through the Tor network

13

14

15

16Atlas

Learn about current

running Tor Relay

Atlas.torproject.org

17Metrics

Around 1.5 – 2 Million relay

users per day

United States has the most

daily users

Just under 100,000 bridge

users per day

Spikes of usage show possible

censorship

18Censorship - Turkey

December 2016 Turkey begins

censoring the internet

Sites like Facebook, Twitter

and YouTube blocked

Arrest over comments on the

internet

Spike in Tor relay users follow

Tor, VPN websites blocked

Increase in bridge users

19

20 Agenda

• What is the Darknet

• How to access the Darknet

• What can you find

• What can you buy

• Why hackers use the Darknet

21What can you find on the Darknet?

Email services

Hosting service

Forums News sites E-commerce

22How to access the Darknet

Mirrored news services

Counter censorship &

surveillance

Securely submit information

23

24Email Services

Tor adds an additional layer of

security

Combats Censorship and

Surveillance

Options

– Tor only service

– Clearnet services with hidden service option

25Search Engine

Indexed .onion sites

Easier to search for Hidden

Services

26Hosting Services

Risk Analysis / Trust

High-Privacy hosting

– Bulletproof / Offshore hosting

Option

– Self host on a VPSFreedom Hosting II

27

28

29

30E-Commerce

Black-market of the Internet

Multiple categories

Anonymous payments with

Bitcoin

Escrow services

Legal/Illegal goods and

services

Scams

31Leak Data / Fraud

Hackers collect leaks

Fullz are available

Fraud is rampant

Forums have exclusive and

fresh leaks

32IRC

Internet Relay Chat

Found on both Clearnet and

Darknet

Often a staging area for

Hacktivist operations

33 Agenda

• What is the Darknet

• How to access the Darknet

• What can you find

• What can you buy

• Why hackers use the Darknet

34

35

36What can you buy on the Darknet?

DDoS as a Service

Botnet Rental

Malware/Ransomware

Security/Hosting

Undisclosed Exploits

Leaked Data / Fruad

37DDoS as a Service

Developing industry

Services sold on marketplaces

or on private hidden services

Recent growth in stresser

services on the Darknet

Attackers are using Tor to

mask their origin

38Botnet

Hidden C2

Additional layer of security

Requires de anonymization

before take down

39Torshammer

Layer 7 POST attack

Similar to HULK

Anonymized through Tor

40Malware

Ransomware as a Service

Sold in Marketplaces

Other malware is also

available

jRAT sells for $29 dollars

– Or you can download educational RATs on Github..

41Shells

Compromised web servers

Unauthorized access for sale

Remote administration

Relay/C2

42Skimmers

Wireless POS covers

Card Read/Write

Gas Pumps

ATM kits with GSM

43Services

Direct from vendors

Wide range of services

Lacks escrow and review

44 Agenda

• What is the Darknet

• How to access the Darknet

• What can you find

• What can you buy

• Why hackers use the Darknet

45Why hackers use the Darknet?

Benefits of the Darknet to an attacker:

Privacy

Obfuscation

Opportunity

Thank You