SlideShare a Scribd company logo

Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia

Introduction Deep Web Tor and it's working Hidden Services Transaction method Breaking the anonymity of TOr Users and HSes

1 of 42
Download to read offline
Who am I
 3rd
Year Engineering Student in Northern India Engineering College,
IP University
 Currently interning in Main Brain Tech, funded startup operarting out
of Hyderabad and Bangalore
 Former intern in EY, Microsoft AFs, and 3 other firms
 Primary interest in corporate cyber security, ranging from black box
testing to the strategy incorporation in ASOCs
 Secondary interests in mobile security, package reverse
engineering, android malware, analysis using A.R.E.
 6 years of exposure to cyber security
 Other skills include public speaking, graphic design, website design
and deployment (backend and frontend),
Darknet
Darknets - Introduction &  Deanonymization of Tor Users By Hitesh Bhatia
Introduction - Darknet
 Most frequently refers to an area of the Internet only accessible by
using an encryption tool called The Onion Router (Tor)
 Aimed at those desiring privacy online, although frequently attracts
those with criminal intentions
 Ability to host websites anonymously and with a degree of impunity
 Tor makes it difficult for governments to censor sites or content that
may be hosted elsewhere in the world
 Critical mass of users averaging 2.5 million per day as of June 2016
(Tor Project 2016 statistics)
 Frequently cited as one of the key tools against government
surveillance
 Is a part of the Deepweb (sites that are not indexed by search
engines)
 https://www.torproject.org/
Softwares used to
access the Deep
Web
The Onion Router (Tor) is an open-
source software program that allows users
to protect their privacy and security
against a common form of Internet
surveillance known as traffic analysis. Tor
was originally developed for the U.S.
Navy in an effort to protect government
communications. The name of the
software originated as an acronym for
the Onion Router, but Tor is now the
official name of the program. 
It is the most used software, due to the
services it hosts, in addition to its reliability
over the years.
Softwares used to
access the Deep
Web
Invisible Internet Project(I2P) is an
anonymous network, exposing a simple
layer that applications can use to
anonymously and securely send
messages to each other. The network
itself is strictly message based (a la IP),
but there is a library available to allow
reliable streaming communication on top
of it (a la TCP). All communication is end
to end encrypted (in total there are four
layers of encryption used when sending a
message), and even the end points
("destinations") are cryptographic
identifiers (essentially a pair of public
keys).
It is the most used software, due to the
services it hosts, in addition to its reliability
over the years.
It is lesser known than Tor, and therefore
less prone to deanonymization attacks.

Recommended

Tor the onion router
Tor  the onion routerTor  the onion router
Tor the onion routerAshly Liza
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityAbhimanyu Singh
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and PrivacyBrian Pichman
 
The Dark Web
The Dark WebThe Dark Web
The Dark WebJan Siy
 

More Related Content

What's hot (20)

ABOUT DARK WEB
ABOUT DARK WEB ABOUT DARK WEB
ABOUT DARK WEB
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark Web
 
Dark net
Dark netDark net
Dark net
 
Dark wed
Dark wedDark wed
Dark wed
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
 
Onion protocol
Onion protocolOnion protocol
Onion protocol
 
Tor Network
Tor NetworkTor Network
Tor Network
 
The Deep and Dark Web
The Deep and Dark WebThe Deep and Dark Web
The Deep and Dark Web
 
Dark web
Dark webDark web
Dark web
 
The dark web
The dark webThe dark web
The dark web
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
 
Deep Web - what to do and what not to do
Deep Web - what to do and what not to do	Deep Web - what to do and what not to do
Deep Web - what to do and what not to do
 
Rolling in the Deep. ISACA.SV.2016
Rolling in the Deep. ISACA.SV.2016Rolling in the Deep. ISACA.SV.2016
Rolling in the Deep. ISACA.SV.2016
 
Darknet
DarknetDarknet
Darknet
 
Ali shahbazi khojasteh - deep web
Ali shahbazi khojasteh - deep webAli shahbazi khojasteh - deep web
Ali shahbazi khojasteh - deep web
 
Cybersecurity and the DarkNet
Cybersecurity and the DarkNetCybersecurity and the DarkNet
Cybersecurity and the DarkNet
 
The dark web
The dark webThe dark web
The dark web
 
Deep web and Dark web
Deep web and Dark webDeep web and Dark web
Deep web and Dark web
 
Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar ancha
 

Viewers also liked

Hacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh MishraHacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh MishraOWASP Delhi
 
DFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar YadavDFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar YadavOWASP Delhi
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and ChallengesOWASP Delhi
 
OWASP top 10-2013
OWASP top 10-2013OWASP top 10-2013
OWASP top 10-2013tmd800
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGSCrowdStrike
 
OWASP Top 10 2013
OWASP Top 10 2013OWASP Top 10 2013
OWASP Top 10 2013markstory
 
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...OWASP Delhi
 
Minority business solutions
Minority business solutionsMinority business solutions
Minority business solutionsJack740
 
The art of android hacking by Abhinav Mishra (0ctac0der)
The art of  android hacking by Abhinav Mishra (0ctac0der)The art of  android hacking by Abhinav Mishra (0ctac0der)
The art of android hacking by Abhinav Mishra (0ctac0der)OWASP Delhi
 
[Webinar] - 6 steps guide to select a business phone system
[Webinar] - 6 steps guide to select a business phone system[Webinar] - 6 steps guide to select a business phone system
[Webinar] - 6 steps guide to select a business phone systemTaraSpan
 
Thetexaslawyer
ThetexaslawyerThetexaslawyer
ThetexaslawyerJack740
 
νεο λυκειο
νεο λυκειονεο λυκειο
νεο λυκειοelpitheo
 

Viewers also liked (17)

Hacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh MishraHacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh Mishra
 
DFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar YadavDFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar Yadav
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and Challenges
 
Deep web
Deep webDeep web
Deep web
 
OWASP top 10-2013
OWASP top 10-2013OWASP top 10-2013
OWASP top 10-2013
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGS
 
OWASP Top 10 2013
OWASP Top 10 2013OWASP Top 10 2013
OWASP Top 10 2013
 
How TOR works?
How TOR works?How TOR works?
How TOR works?
 
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
 
Minority business solutions
Minority business solutionsMinority business solutions
Minority business solutions
 
J1 shen xiao hui
J1 shen xiao huiJ1 shen xiao hui
J1 shen xiao hui
 
The art of android hacking by Abhinav Mishra (0ctac0der)
The art of  android hacking by Abhinav Mishra (0ctac0der)The art of  android hacking by Abhinav Mishra (0ctac0der)
The art of android hacking by Abhinav Mishra (0ctac0der)
 
[Webinar] - 6 steps guide to select a business phone system
[Webinar] - 6 steps guide to select a business phone system[Webinar] - 6 steps guide to select a business phone system
[Webinar] - 6 steps guide to select a business phone system
 
A London Tale of Gin and Sin
A London Tale of Gin and SinA London Tale of Gin and Sin
A London Tale of Gin and Sin
 
Roca bathroom
Roca bathroomRoca bathroom
Roca bathroom
 
Thetexaslawyer
ThetexaslawyerThetexaslawyer
Thetexaslawyer
 
νεο λυκειο
νεο λυκειονεο λυκειο
νεο λυκειο
 

Similar to Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia

Similar to Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia (20)

Dark Web.pptx
Dark Web.pptxDark Web.pptx
Dark Web.pptx
 
Cyber crime- a case study
Cyber crime- a case studyCyber crime- a case study
Cyber crime- a case study
 
Invisible Web
Invisible Web Invisible Web
Invisible Web
 
Dark Web
Dark WebDark Web
Dark Web
 
Tor: The Second Generation Onion Router
Tor: The Second Generation Onion RouterTor: The Second Generation Onion Router
Tor: The Second Generation Onion Router
 
Presentation darknet
Presentation darknetPresentation darknet
Presentation darknet
 
Dw communication
Dw communicationDw communication
Dw communication
 
Dark Web.pptx
Dark Web.pptxDark Web.pptx
Dark Web.pptx
 
Darknet
DarknetDarknet
Darknet
 
.Onion
.Onion.Onion
.Onion
 
(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk   anonymous network concepts and implementation(130727) #fitalk   anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation
 
Hacking Tor ( How does Tor work ?)
Hacking Tor ( How does Tor work ?)Hacking Tor ( How does Tor work ?)
Hacking Tor ( How does Tor work ?)
 
Deep web
Deep webDeep web
Deep web
 
Research in the deep web
Research in the deep webResearch in the deep web
Research in the deep web
 
Dark Net
Dark NetDark Net
Dark Net
 
Deep web
Deep webDeep web
Deep web
 
seminar PowerPoint Presentation.pptx
seminar  PowerPoint Presentation.pptxseminar  PowerPoint Presentation.pptx
seminar PowerPoint Presentation.pptx
 
Tor Project and The Darknet
Tor Project and The DarknetTor Project and The Darknet
Tor Project and The Darknet
 
Understanding The Basis Of The Dark Web
Understanding The Basis Of The Dark WebUnderstanding The Basis Of The Dark Web
Understanding The Basis Of The Dark Web
 
Deeplight Intelliagg
Deeplight IntelliaggDeeplight Intelliagg
Deeplight Intelliagg
 

More from OWASP Delhi

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesOWASP Delhi
 
Securing dns records from subdomain takeover
Securing dns records from subdomain takeoverSecuring dns records from subdomain takeover
Securing dns records from subdomain takeoverOWASP Delhi
 
Effective Cyber Security Report Writing
Effective Cyber Security Report WritingEffective Cyber Security Report Writing
Effective Cyber Security Report WritingOWASP Delhi
 
Data sniffing over Air Gap
Data sniffing over Air GapData sniffing over Air Gap
Data sniffing over Air GapOWASP Delhi
 
Demystifying Container Escapes
Demystifying Container EscapesDemystifying Container Escapes
Demystifying Container EscapesOWASP Delhi
 
Automating WAF using Terraform
Automating WAF using TerraformAutomating WAF using Terraform
Automating WAF using TerraformOWASP Delhi
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat IntelligenceOWASP Delhi
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOWASP Delhi
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriOWASP Delhi
 
Cloud assessments by :- Aakash Goel
Cloud assessments  by :- Aakash GoelCloud assessments  by :- Aakash Goel
Cloud assessments by :- Aakash GoelOWASP Delhi
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanOWASP Delhi
 
IETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit BatraIETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit BatraOWASP Delhi
 
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraMalicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraOWASP Delhi
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraOWASP Delhi
 

More from OWASP Delhi (20)

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
 
Securing dns records from subdomain takeover
Securing dns records from subdomain takeoverSecuring dns records from subdomain takeover
Securing dns records from subdomain takeover
 
Effective Cyber Security Report Writing
Effective Cyber Security Report WritingEffective Cyber Security Report Writing
Effective Cyber Security Report Writing
 
Data sniffing over Air Gap
Data sniffing over Air GapData sniffing over Air Gap
Data sniffing over Air Gap
 
UDP Hunter
UDP HunterUDP Hunter
UDP Hunter
 
Demystifying Container Escapes
Demystifying Container EscapesDemystifying Container Escapes
Demystifying Container Escapes
 
Automating WAF using Terraform
Automating WAF using TerraformAutomating WAF using Terraform
Automating WAF using Terraform
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit Giri
 
DMARC Overview
DMARC OverviewDMARC Overview
DMARC Overview
 
Cloud assessments by :- Aakash Goel
Cloud assessments  by :- Aakash GoelCloud assessments  by :- Aakash Goel
Cloud assessments by :- Aakash Goel
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit Ranjan
 
IETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit BatraIETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit Batra
 
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraMalicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
 

Recently uploaded

DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
Reactive programming with Spring Webflux.pptx
Reactive programming with Spring Webflux.pptxReactive programming with Spring Webflux.pptx
Reactive programming with Spring Webflux.pptxJoão Esperancinha
 
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...Prometix Pty Ltd
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
ConFoo 2024 - Need for Speed: Removing speed bumps in API Projects
ConFoo 2024  - Need for Speed: Removing speed bumps in API ProjectsConFoo 2024  - Need for Speed: Removing speed bumps in API Projects
ConFoo 2024 - Need for Speed: Removing speed bumps in API ProjectsŁukasz Chruściel
 
WAN-IFRA: World Press Trends Outlook 2023-2024
WAN-IFRA: World Press Trends Outlook 2023-2024WAN-IFRA: World Press Trends Outlook 2023-2024
WAN-IFRA: World Press Trends Outlook 2023-2024Damian Radcliffe
 
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solution
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solutionConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solution
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solutionŁukasz Chruściel
 
Biometrics Technology Intresting PPT
Biometrics Technology Intresting PPTBiometrics Technology Intresting PPT
Biometrics Technology Intresting PPTPraveenKumarThota7
 

Recently uploaded (8)

DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
Reactive programming with Spring Webflux.pptx
Reactive programming with Spring Webflux.pptxReactive programming with Spring Webflux.pptx
Reactive programming with Spring Webflux.pptx
 
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
ConFoo 2024 - Need for Speed: Removing speed bumps in API Projects
ConFoo 2024  - Need for Speed: Removing speed bumps in API ProjectsConFoo 2024  - Need for Speed: Removing speed bumps in API Projects
ConFoo 2024 - Need for Speed: Removing speed bumps in API Projects
 
WAN-IFRA: World Press Trends Outlook 2023-2024
WAN-IFRA: World Press Trends Outlook 2023-2024WAN-IFRA: World Press Trends Outlook 2023-2024
WAN-IFRA: World Press Trends Outlook 2023-2024
 
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solution
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solutionConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solution
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solution
 
Biometrics Technology Intresting PPT
Biometrics Technology Intresting PPTBiometrics Technology Intresting PPT
Biometrics Technology Intresting PPT
 

Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia

  • 1. Who am I  3rd Year Engineering Student in Northern India Engineering College, IP University  Currently interning in Main Brain Tech, funded startup operarting out of Hyderabad and Bangalore  Former intern in EY, Microsoft AFs, and 3 other firms  Primary interest in corporate cyber security, ranging from black box testing to the strategy incorporation in ASOCs  Secondary interests in mobile security, package reverse engineering, android malware, analysis using A.R.E.  6 years of exposure to cyber security  Other skills include public speaking, graphic design, website design and deployment (backend and frontend),
  • 4. Introduction - Darknet  Most frequently refers to an area of the Internet only accessible by using an encryption tool called The Onion Router (Tor)  Aimed at those desiring privacy online, although frequently attracts those with criminal intentions  Ability to host websites anonymously and with a degree of impunity  Tor makes it difficult for governments to censor sites or content that may be hosted elsewhere in the world  Critical mass of users averaging 2.5 million per day as of June 2016 (Tor Project 2016 statistics)  Frequently cited as one of the key tools against government surveillance  Is a part of the Deepweb (sites that are not indexed by search engines)  https://www.torproject.org/
  • 5. Softwares used to access the Deep Web The Onion Router (Tor) is an open- source software program that allows users to protect their privacy and security against a common form of Internet surveillance known as traffic analysis. Tor was originally developed for the U.S. Navy in an effort to protect government communications. The name of the software originated as an acronym for the Onion Router, but Tor is now the official name of the program.  It is the most used software, due to the services it hosts, in addition to its reliability over the years.
  • 6. Softwares used to access the Deep Web Invisible Internet Project(I2P) is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other. The network itself is strictly message based (a la IP), but there is a library available to allow reliable streaming communication on top of it (a la TCP). All communication is end to end encrypted (in total there are four layers of encryption used when sending a message), and even the end points ("destinations") are cryptographic identifiers (essentially a pair of public keys). It is the most used software, due to the services it hosts, in addition to its reliability over the years. It is lesser known than Tor, and therefore less prone to deanonymization attacks.
  • 7. Other softwares part of the Deep Web  Freenet  Subgraph os  Freepto  iprediaOS  JonDo Live-CD (combination of TOR and other commonly used darknet applications)  Whonix  Tails  Tox (encryped IM and video/audio calls, with voice modulation)
  • 8. History in Brief  1995 - Development began on “Onion Routing” (ONR)  1997 – Funded by DARPA High Confidence Networks Program as part of the Memex project was to invent better methods for interacting with and sharing information, so users can quickly and thoroughly organize and search subsets of information relevant to their individual interests. The technologies developed in the program would provide the mechanisms for improved content discovery, information extraction, information retrieval, user collaboration and other key search functions.  1998 – 13 nodes created, 1 in Canadian Ministry of Defence  2001 – More DARPA funding  2003 - US Naval Research Lab releases ONR v2 (aka TOR)  2004 - Hidden Services introduced  2014 - Sponsors include SRI, US Department of State. NSF, Radio Free Asia, The Ford Foundation, Google, EFF, 4300 individuals
  • 9. Other softwares used to access parts of the Darknet  Freenet is a popular darknet (friend-to-friend) by default; since version 0.7 it can run as a "opennet" (peer nodes are discovered automatically).  RetroShare can be run as a darknet (friend-to-friend) by default to perform anonymous file transfers if DHT and Discovery features are disabled.  GNUnet is a darknet if the "F2F (network) topology" option is enabled.  Zeronet is open source software aimed to build an internet-like computer network of peer-to-peer users of Tor.  Syndie is software used to publish distributed forums over the anonymous networks of I2P, Tor and Freenet.  OneSwarm can be run as a darknet for friend-to-friend file-sharing.  Tribler can be run as a darknet for file-sharing.
  • 13. How it works  Volunteers run thousands of “relays,” a server that any other user can ask to route traffic through  Observer can see traffic entering and leaving the relay, but they cannot determine which user is visiting which site because the traffic is encrypted  When a user visits any sites through a relay, his traffic appears to come from the relay rather than the user’s computer. Thus, the user remains anonymous to the site itself  How it works Relay Site A Site B Site C User A User B User C Observer
  • 15. Hidden Services (HSes) in Tor  It is the ability to host a website (or Internet service) anonymously. In this case, both the visitor and the site are anonymous to each other.  Analogous to websites on the internet  Also allows the possibility of criminally oriented material to be hosted with a degree of impunity  2016 study estimated that there were 43,000 HSes at any one time  Services use .onion as a domain name instead of .com etc
  • 16. Different HSes offered  Hidden Wiki (like Wikipedia)  Torfind (Like Bing)  Grams (Like Google)  The Pirate Bay (Famous piracy p2p magnet site)  Assassination Market (Hire hitmen to assassinate people of interest)  Rent-A-Hacker (Hacking for money) (BlackHat ONLY)  TorCarding Forum (Trading of identities, hacking info, requires 50 USD for purchase)  Intel Exchange  HackBB (Advanced hacking tutorials)  SilkRoad 2.0 (Full fledged blackmarket for all kinds of recreational drugs)
  • 17. Different HSes offered (Contd.)  Agora (Same as Silk Road, online drugs marketplace and other illicit items)  Fake US driver licences  Fake Passports/Drivers Licences of other countries
  • 19. Transaction Methods in Darknet  Bitcoin is the only method of transactions on TOR.  Transfer BTC to wallet on any marketplace account, then use like any normal E-commerce website  Ship to pick-up location, home, anywhere else  BTC (or any cryptocurrency) boils down to a global transaction ledger maintained by the computational power of a P2P network.
  • 21. Bitcoins  Bitcoins are not physical currency; the currency itself depends on transactions and no actual money changes hands  Cryptocurrency is extremely hard to track, since Bitcoin accounts are alphanumeric strings, instead of normal names  It is therefore viable for anonymous transactions i.e. for the exchange of illegal services for bitcoins ( like hacking ranging from lone wolf to full black box attacks, to assassinations, obtaining federal intelligence, stalking, compromised credit card and email details)
  • 22. Considerations for TOR  Tor can in some cases reveal your true identity  If someone owns both an entry and exit node, they can correlate between the two (this is known as a correlation attack)  Browser exploits like JavaScript Engine, XSS and pingbacks over non Tor connections  BTC is not fully anonymous, the block chain is made available to the public
  • 23. Alternative to TOR – I2P (Invisible Internet Project)  The “Invisible Internet Project”  Messages encrypted  Outbound and Inbound tunnels  Data exchange  1st query must be made to I2P network’s “database”  Acts like a distributed hash table
  • 24. Content on the Darknet  Abuse: sites where the title indicates some form of sexual abuse (typically minors)  Anonymity: sites aimed at promoting (or teaching) the use of anonymity tools or anonymous culture  Bitcoin: currency exchange from a mainstream currency to bitcoin, but more often money-laundering services  Blog: personal or topical blog, often covering topics such as hacktivism  Books: ebook service typically offering copyrighted material for free  Chat: web-based chat service, excluding services such as Jabber and Internet Relay Chat  Counterfeit: sites offering counterfeit items; notable fake currency, such as notes, or fake passports/ identity documents  Directory: site offering links to other sites within the Dark Net, often used for discovering other sites
  • 25. Content on the Darknet (Contd.)  Drugs: the sale or purchase of narcotics; typically, marketplaces connecting buyers and sellers  Forum: web-based forum whose primary purpose does not fit into another category; for example, generalist forum  Fraud: sites attempting to obtain a pecuniary advantage by deception  Gambling: any site that promotes/supports gambling. Bitcoin gambling services were most prevalent here, whereby users would first convert their fiat currency to bitcoin  Guns: sites exclusively aimed at selling guns  Hacking: site providing instructional information on illegal computer hacking  Hosting: Dark Net hosting service allowing users to host another Dark Net site  Mail: Dark Net web-based email or messaging service; examples include Mail2Tor and the now defunct TorMail
  • 26. Content on the Darknet (Contd.)  Market: a marketplace selling items other than drugs or services covered in other categories  News: news service such as current affairs or news specific to the Dark Net  Porn: Pornography sites that carry material that would be legal in most Western jurisdictions  Search: site providing a search engine-type service; one example is Ahmia  Whistleblower: sites typically operated by journalists for whistleblowers to submit documents. The GlobaLeaks platform (Hermes Center for Transparency and Digital Human Rights 2014) and SecureDrop platform (Freedom of the Press Foundation 2014) were prominently featured in this category.
  • 28. Breaking the anonymity of Tor Users and HSes  In reality, any suitably resourced entity can launch attacks with high success rates while maintaining a minimal risk of detection  A typical user may send millions of bytes and an observer can see the precise time they were sent and received. It is therefore easy to confirm with high probability that two parties are communicating.  No cases whereby a deanonymization attack alone has been used to seek a conviction  Therefore this process involves guesswork
  • 29. Breaking the anonymity of Tor Users and HSes  When visitors accessed a website, the FBI deployed a network investigative technique (NIT) – a hacking tool – and used a single warrant to uncover 1,300 IP addresses, tracing these addresses back to actual individuals, in the case of Playpen.  When visitors accessed the website, although their traffic might have been encrypted, a Flash application was secretly installed on the user's computer that quietly sent important data about the user straight to the FBI so that it did not pass through the Tor network at all.
  • 30. Case Studies – 1(Harvard)  Eldo Kim made a bomb threat to Harvard's student newspaper and some other Harvard officials  The reasons under the sun to do something like this his was that he wanted to get out of a final exam  He used tor to send the threat via email  He connected to TOR through his student account  Because of this fact and the fact that he was the only one connected to TOR at the time the email was sent it was easy for them to correlate that he may have sent the threat. As if that wasn't enough, Eldo puts the final nail in his own coffin by actually admitting that he was the one who made the bomb threat.
  • 31. Lessons Learned  Don't be the only person using Tor on a monitored network at a given time  Use a bridge  DON'T ADMIT ANYTHING  Correlation attacks are a bitch
  • 32. Case Studies – 2 (Citizen of the US)  Hector (Sabu) was already being watched by the FBI. However, his mistake was that he became careless  Slipping up, he connected to IRC without tor, when he normally would. This allowed the FBI to get his home IP address.  Jeremy( sup_g ), when speaking with Hector on IRC spoke carelessly of places he had previously been arrested and other groups that he was involved with. The FBI used this information to narrow their suspect pool and allowed them to obtain a court order to monitor his internet traffic.  Once again correlation proves to be a bitch say this because although the FBI did not exploit tor to bust Jeremy, they were, however, able to correlate the times 'sup_g' spoke with 'Sabu' on IRC with when Jeremy was at home using his computer.
  • 33. Lessons Learned  Use Tor consistently  Don't give personal information  Correlation attacks are still a b!$%*%!
  • 34. Case Studies – 3 (Freedom hosting)  Freedom Hosting was known for hosting child pornography. This is enough to make you a mark for all sorts. In fact, Freedom had already been under attack from Anonymous during Op Darknet because of the child porn.   The FBI was able to compromise Freedom because they were using an outdated version, 17 ESR, of tor browser. This allowed the FBI to exploit bug CVE-2013-1690.  Freedom Hosting did not update their version of the TOR browser.  The FBI used a payload called Magneto that gave them Freedom's IP address, MAC address, and Windows host name with the unique serial number that ties a user to a site visit (Cookie malware!!)
  • 35. Lessons Learned  Don't host Captain Picard or Julian Bashir  Patch, patch, patch  Follow the money  Leave encrypted laptops in a powered down state when not in use!
  • 36. Case Studies – 4 (Silk Road)  Famous drug acquisition site - Ross Ulbricht (Dread Pirate Roberts)  To market his site [The Silk Road] he would post around in clear net forums (reddit, HF.net etc.)  The FBI claims the former physics and engineering student even publicly alluded to his alleged criminal enterprise on his LinkedIn profile  He put his links on his G+ account and regularly posted that he was using Ubuntu on the actual Hses  He would go as far as the neighborhood Starbucks or library, which was just around the corner from his house, to logon to and administrate his Silk Road onion
  • 37. Lessons Learned  Don’t do drugs, drugs are bad  Keep online identities separate  Have a consistent story  Don't talk about personal interests  Don't volunteer information!
  • 38. Blocking Of Tor  Since the list of relays (known as the consensus) is public, anyone is able to download the list and block access to all of them. The user would then be unable to connect to the first hop and into the network  An individual can block a single site by launching several relays and ensuring they occupy the positions in the DHT of the responsible relays for that service. If someone comes to the relay asking for the descriptor, the individual can simply deny it  Operators of Tor relays could themselves choose to block the content by patching their relays to deny requests to these sites. This would require the cooperation of a large percentage of relay operators to be effective, but it would be a decentralized blocking mechanism requiring some consensus
  • 39. Examples of TOR Relay Lists  https://torstatus.blutmagie.de/ - Common list of approximately 7000 routers being used as Onion relays  https://atlas.torproject.org/#/top10 - Top 10 relays in order of bandwidth provided ( remember that a TOR network is only as fast as its slowest router, depending upon bandwidth as well as latency)  https://www.dan.me.uk/tornodes - List of entry and exit nodes updated every 30 minutes. Commonly used in the EU to ban entry to the TOR network.  https://onionview.com/ - Provides a visual map of entry, exit and internal relays around the globe.
  • 40. Legalities involved with relevance to Darknet as a whole  India has NO laws that deal with accessing the Darknet, using Tor or other softwares, using TAILS or other operating systems that either promise, claim or guarantee anonymity. Torrents are legal in India, depending on what is being downloaded using a P2P connection (keeping in mind the International Intellectual Property Law)  Almost all Western countries, China and Russia have implemented defenses against the Darknet, however Tor is a state sponsored resource that is used by the public for concerns of privacy  Need is to build cyber laws that can tackle illicit transactions/trade/barter on the internet as well as the Darknet.
  • 41. Conclusion  Socio-cultural forces are involved in the “generation and sustainability” of criminal entities that use the Darknet. For example, some countries do not have functioning or sufficient markets in legal goods, a context in which the Darknet may actually facilitate increased social welfare and economic efficiency.  The Deep Web and the Darknet are attractive to many because of the prosecution, regulation, and national security surveillance efforts of states in the physical world and Surface Web. Illicit activity is being driven below the electronic thermocline of common search engines and usual investigative techniques, and states must be willing to dive beneath it to gather information and take action.  The transnationality of these networks frustrates eradication, regulatory, and prosecution efforts of any one state, creating cooperation, collective action, and law harmonization problems for state actors attempting to work together to counter illicit use of the Internet.