The DarkNet is the hidden part of the internet that is not indexed by search engines and requires specialized software to access. It represents 96% of the total internet. Much illegal activity occurs on the DarkNet, including the sale of drugs, weapons, child pornography, and stolen information. While criminals use the DarkNet's anonymity, it is also used by political dissidents and for anonymous communication. Human intelligence is needed to effectively monitor the DarkNet and identify criminal actors and plans, as automated methods cannot synthesize and analyze the unstructured information in the same way.
US mining data from 9 leading internet firms and companies deny knowledgetrupassion
The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track one target or trace a whole network of associates, according to a top-secret document obtained by The Washington Post.
The program, code-named PRISM, has not been made public until now. It may be the first of its kind. The NSA prides itself on stealing secrets and breaking codes, and it is accustomed to corporate partnerships that help it divert data traffic or sidestep barriers. But there has never been a Google or Facebook before, and it is unlikely that there are richer troves of valuable intelligence than the ones in Silicon Valley.
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...Maurice Dawson
Since the last elections in the United States, France, and other nations, fake news has become a tool to manipulate voters. This creation of fake news creates a problem that ripples through an entire society creating division. However, the media has not scrutinized enough on data misuse. Daily it appears that there are breaches causing millions of users to have their personal information taken, exposed, and sold on the Dark Web in exchange of encrypted currencies. Recently, news has surfaced of major social media sites allowing emails to be read without user consent.
US mining data from 9 leading internet firms and companies deny knowledgetrupassion
The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track one target or trace a whole network of associates, according to a top-secret document obtained by The Washington Post.
The program, code-named PRISM, has not been made public until now. It may be the first of its kind. The NSA prides itself on stealing secrets and breaking codes, and it is accustomed to corporate partnerships that help it divert data traffic or sidestep barriers. But there has never been a Google or Facebook before, and it is unlikely that there are richer troves of valuable intelligence than the ones in Silicon Valley.
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...Maurice Dawson
Since the last elections in the United States, France, and other nations, fake news has become a tool to manipulate voters. This creation of fake news creates a problem that ripples through an entire society creating division. However, the media has not scrutinized enough on data misuse. Daily it appears that there are breaches causing millions of users to have their personal information taken, exposed, and sold on the Dark Web in exchange of encrypted currencies. Recently, news has surfaced of major social media sites allowing emails to be read without user consent.
Digital technology has transformed organizational life. Developments in communications, and in information storage and retrieval, to name just two areas, have greatly enhanced the efficiency with which legitimate organizations operate. Unfortunately, the benefits of digital technology are not lost on criminal organizations, which exploit digital technology to enhance the efficiency and effectiveness of their own operations. This paper will discuss the organized criminal exploitation of digital technology, by looking at a number of illustrative cases from Asia and around the world. It will discuss the various types of “conventional†organized crime that can be facilitated by digital technology, as well as terrorism, which itself can be regarded as a special kind of organized criminal activity. One fundamental question that the paper will seek to address is whether the activities of Asian organized crime have become substantively different as a result of technology, or whether traditional organized criminal activities in Asia are merely being conducted on a more efficient and effective basis. The paper will note the transnational nature of much organized criminal activity, and will discuss mechanisms for the control of organized crime in the digital age. Dr. S. Krishnan | Mr Harsh Pratap | Ms Sakshi Gupta "Organised Crime in the Digital Age" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-4 , June 2021, URL: https://www.ijtsrd.compapers/ijtsrd41185.pdf Paper URL: https://www.ijtsrd.comcomputer-science/computer-security/41185/organised-crime-in-the-digital-age/dr-s-krishnan
Digital Leviathan: a comprehensive list of Nation-State Big Brothers (from hu...Priyanka Aash
"In his notorious book Leviathan, the XVII century English philosopher Thomas Hobbes stated that: we should give our obedience to an unaccountable sovereign otherwise what awaits us is a state of nature that closely resembles civil war—a situation of universal insecurity. It looks like a lot of current political leaders have red and found the teachings of Hobbes applicable to modern day online life.
We witness the rise of the Digital Leviathan. The same apps and applications that people use to connect, express opinions and dissatisfaction are used by governments (even democratic ones) to perform surveillance and censorship.
This talk will focus on evidence of Nation-State spying, performing surveillance, and censorship. The aim is to present a systematical approach of data regarding cyber attacks against political targets (NGO/political groups/media outlets/opposition), acquisition and/or use of spywares from private vendors, requested content/metadata from social media/content providers, and blocking of websites/censorship reported by multiple sources.
The findings of the research imply that:
- 25 nations that have already used cyber offensive capabilities against political targets.
- 60 nations acquired/developed spyware.
- 117 nations requested content/metadata from social media/content providers.
- 21 countries perform some level of censorship to online content."
Today's security is that the main downside and every one the work is finished over the net mistreatment knowledge. whereas the information is out there, there square measure many varieties of users who act with knowledge and a few of them for his or her would like it all for his or her gaining data. There square measure numerous techniques used for cover of information however the hacker or cracker is a lot of intelligent to hack the security, there square measure 2 classes of hackers theyre completely different from one another on the idea of their arrange. The one who has smart plans square measure referred to as moral hackers as a result of the ethics to use their talent and techniques of hacking to supply security to the organization. this idea describes concerning the hacking, styles of hackers, rules of moral hacking and also the blessings of the moral hacking. Mukesh. M | Dr. S. Vengateshkumar "Ethical Hacking" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-6 , October 2019, URL: https://www.ijtsrd.com/papers/ijtsrd29351.pdf Paper URL: https://www.ijtsrd.com/engineering/computer-engineering/29351/ethical-hacking/mukesh-m
Ransomware-as-a-Service: The business of distributing cyber attacksΔρ. Γιώργος K. Κασάπης
Ransomware is proving to be a profitable endeavor for cyber criminals. It is also what is fueling a newer trend: the business of offering management of ransomware attacks, or Ransomware-as-a-Service (RaaS).
Fueled in part by the ability to use cryptocurrency to avoid detection, cyber criminals are setting up shop as a managed service provider, helping other cyber criminals conduct business on their platforms for a fee. For that fee, cyber criminal groups get personalize access to platforms, complete with dashboard capabilities, that allow them to easily distribute their ransomware. Also included – technical support. Such full-service offerings mean that nearly anyone with internet access can launch a ransomware attack without any technical knowledge needed.
And why not? The estimated return on investment from ransomware campaigns can easily reach 1400%. The lure of a lucrative return could well attract beginners or anyone with a grudge. For organizations, the threat coming from a well-backed beginner is as damaging as one coming from a career criminal.
Key findings:
Banks became the most attractive target for cybercriminals.
Infections and thefts are becoming automated.
Tools for tapping conversations and intercepting traffic have become more readily available than ever before.
All factors contributing to the growth of the number of attacks
are now in place.
The number of attacks is growing and they are becoming more effective.
The range of threats for brands is expanding.
Hi-Tech Crime Trends 2016 Report is available on http://www.group-ib.com/2016-report.html
If you are headed to Anaheim, California in February for the Combined Sections Meeting, here are our top picks for sessions that will have an outcomes focus.
Digital technology has transformed organizational life. Developments in communications, and in information storage and retrieval, to name just two areas, have greatly enhanced the efficiency with which legitimate organizations operate. Unfortunately, the benefits of digital technology are not lost on criminal organizations, which exploit digital technology to enhance the efficiency and effectiveness of their own operations. This paper will discuss the organized criminal exploitation of digital technology, by looking at a number of illustrative cases from Asia and around the world. It will discuss the various types of “conventional†organized crime that can be facilitated by digital technology, as well as terrorism, which itself can be regarded as a special kind of organized criminal activity. One fundamental question that the paper will seek to address is whether the activities of Asian organized crime have become substantively different as a result of technology, or whether traditional organized criminal activities in Asia are merely being conducted on a more efficient and effective basis. The paper will note the transnational nature of much organized criminal activity, and will discuss mechanisms for the control of organized crime in the digital age. Dr. S. Krishnan | Mr Harsh Pratap | Ms Sakshi Gupta "Organised Crime in the Digital Age" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-4 , June 2021, URL: https://www.ijtsrd.compapers/ijtsrd41185.pdf Paper URL: https://www.ijtsrd.comcomputer-science/computer-security/41185/organised-crime-in-the-digital-age/dr-s-krishnan
Digital Leviathan: a comprehensive list of Nation-State Big Brothers (from hu...Priyanka Aash
"In his notorious book Leviathan, the XVII century English philosopher Thomas Hobbes stated that: we should give our obedience to an unaccountable sovereign otherwise what awaits us is a state of nature that closely resembles civil war—a situation of universal insecurity. It looks like a lot of current political leaders have red and found the teachings of Hobbes applicable to modern day online life.
We witness the rise of the Digital Leviathan. The same apps and applications that people use to connect, express opinions and dissatisfaction are used by governments (even democratic ones) to perform surveillance and censorship.
This talk will focus on evidence of Nation-State spying, performing surveillance, and censorship. The aim is to present a systematical approach of data regarding cyber attacks against political targets (NGO/political groups/media outlets/opposition), acquisition and/or use of spywares from private vendors, requested content/metadata from social media/content providers, and blocking of websites/censorship reported by multiple sources.
The findings of the research imply that:
- 25 nations that have already used cyber offensive capabilities against political targets.
- 60 nations acquired/developed spyware.
- 117 nations requested content/metadata from social media/content providers.
- 21 countries perform some level of censorship to online content."
Today's security is that the main downside and every one the work is finished over the net mistreatment knowledge. whereas the information is out there, there square measure many varieties of users who act with knowledge and a few of them for his or her would like it all for his or her gaining data. There square measure numerous techniques used for cover of information however the hacker or cracker is a lot of intelligent to hack the security, there square measure 2 classes of hackers theyre completely different from one another on the idea of their arrange. The one who has smart plans square measure referred to as moral hackers as a result of the ethics to use their talent and techniques of hacking to supply security to the organization. this idea describes concerning the hacking, styles of hackers, rules of moral hacking and also the blessings of the moral hacking. Mukesh. M | Dr. S. Vengateshkumar "Ethical Hacking" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-6 , October 2019, URL: https://www.ijtsrd.com/papers/ijtsrd29351.pdf Paper URL: https://www.ijtsrd.com/engineering/computer-engineering/29351/ethical-hacking/mukesh-m
Ransomware-as-a-Service: The business of distributing cyber attacksΔρ. Γιώργος K. Κασάπης
Ransomware is proving to be a profitable endeavor for cyber criminals. It is also what is fueling a newer trend: the business of offering management of ransomware attacks, or Ransomware-as-a-Service (RaaS).
Fueled in part by the ability to use cryptocurrency to avoid detection, cyber criminals are setting up shop as a managed service provider, helping other cyber criminals conduct business on their platforms for a fee. For that fee, cyber criminal groups get personalize access to platforms, complete with dashboard capabilities, that allow them to easily distribute their ransomware. Also included – technical support. Such full-service offerings mean that nearly anyone with internet access can launch a ransomware attack without any technical knowledge needed.
And why not? The estimated return on investment from ransomware campaigns can easily reach 1400%. The lure of a lucrative return could well attract beginners or anyone with a grudge. For organizations, the threat coming from a well-backed beginner is as damaging as one coming from a career criminal.
Key findings:
Banks became the most attractive target for cybercriminals.
Infections and thefts are becoming automated.
Tools for tapping conversations and intercepting traffic have become more readily available than ever before.
All factors contributing to the growth of the number of attacks
are now in place.
The number of attacks is growing and they are becoming more effective.
The range of threats for brands is expanding.
Hi-Tech Crime Trends 2016 Report is available on http://www.group-ib.com/2016-report.html
If you are headed to Anaheim, California in February for the Combined Sections Meeting, here are our top picks for sessions that will have an outcomes focus.
Sez in noida 9810000375, office space in sez noidaDeepak Batra
Please call us at 9810000375 for best suitable options for office space for rent in noida, Unitech Infospace SEZ Sector-135, Noida / Unitech Infopark / Brookfield Infospace, sez in noida.
Rehabilitation professionals have quite a few options for outcomes measurement systems, this will help you know what you'd like the system to do for you.
ESSENTIALS OF Management Information Systems 12eKENNETH C..docxdebishakespeare
ESSENTIALS OF
Management Information Systems 12e
KENNETH C. LAUDON AND JANE P. LAUDON
continued
Systems
CHAPTER 4 ETHICAL AND SOCIAL ISSUES IN INFORMATION SYSTEMS
CASE 3 Data Mining for Terrorists and Innocents
SUMMARY This case describes how data mining software, combined with Big Data collection from
the Internet, are used to identify potential terrorists. The PRISM program of the U.S.
National Security Agency (NSA) is an on-going effort to enable such Internet surveillance.
In some cases innocent people have been mistaken for terrorists, while sometimes a
terrorist plot is disrupted. The existence of the PRISM program was a national security
secret until its existence was revealed by Edward Snowden, a former NSA contractor.
There are two videos in this case:
(1) Data Mining for Terrorists and Innocents (L= 5:10)
URL http://www.youtube.com/watch?v=4lKpD7MC22I
(2) How Does the PRISM Program Work? (L=1:59)
URL https://www.youtube.com/watch?v=JR6YyYdF8ho
CASE Anti-terrorism agencies around the world have made effective use of new surveillance tech-
nologies that offer unprecedented abilities to identify and apprehend potential terrorists.
Today’s terrorists are by nature difficult to track, as disconnected groups of individuals can
use the Internet to communicate their plans with lower chance of detection. Anti-terrorist
technology has evolved to better handle this new type of threat.
But there are drawbacks to these new strategies. Often, innocent people may find their
privacy compromised or completely eliminated as a result of inaccurate information.
Surveillance technologies are constantly improving. While this makes it more difficult for
Chapter 4, Case 3 Data Mining for terrorists anD innoCents 2
continued
terrorists and other criminals to exchange information, it also jeopardizes our privacy, on
the Internet and elsewhere, going forward. For instance, it may be necessary to monitor the
phone calls of all American citizens, and visiting foreigners, in order to uncover a terrorist
plot. Is this reason for worry? Are comparisons to Orwell’s 1984 appropriate or overblown?
The first video displays both the positive and negative results of new advances in tech-
nology. The first segment describes a program called the Dark Web Project developed by
a team at the University of Tucson that combs the Internet in search of militant leaders
and their followers. The program creates profiles based on word length, punctuation,
syntax, and content, and displays information about the personality type of an individual
graphically.
The plotting of information on a graph represents whether the user is violent or militant,
inexperienced and seeking advice, or an opinion leader holding sway over many more
people. Programs like this have been adopted by many intelligence agencies worldwide,
who incorporate it into their arsenal of terrorist surveillance technologies.
It’s unclear if this project i.
ESSENTIALS OF Management Information Systems 12eKENNETH C.ronnasleightholm
ESSENTIALS OF
Management Information Systems 12e
KENNETH C. LAUDON AND JANE P. LAUDON
continued
Systems
CHAPTER 4 ETHICAL AND SOCIAL ISSUES IN INFORMATION SYSTEMS
CASE 3 Data Mining for Terrorists and Innocents
SUMMARY This case describes how data mining software, combined with Big Data collection from
the Internet, are used to identify potential terrorists. The PRISM program of the U.S.
National Security Agency (NSA) is an on-going effort to enable such Internet surveillance.
In some cases innocent people have been mistaken for terrorists, while sometimes a
terrorist plot is disrupted. The existence of the PRISM program was a national security
secret until its existence was revealed by Edward Snowden, a former NSA contractor.
There are two videos in this case:
(1) Data Mining for Terrorists and Innocents (L= 5:10)
URL http://www.youtube.com/watch?v=4lKpD7MC22I
(2) How Does the PRISM Program Work? (L=1:59)
URL https://www.youtube.com/watch?v=JR6YyYdF8ho
CASE Anti-terrorism agencies around the world have made effective use of new surveillance tech-
nologies that offer unprecedented abilities to identify and apprehend potential terrorists.
Today’s terrorists are by nature difficult to track, as disconnected groups of individuals can
use the Internet to communicate their plans with lower chance of detection. Anti-terrorist
technology has evolved to better handle this new type of threat.
But there are drawbacks to these new strategies. Often, innocent people may find their
privacy compromised or completely eliminated as a result of inaccurate information.
Surveillance technologies are constantly improving. While this makes it more difficult for
Chapter 4, Case 3 Data Mining for terrorists anD innoCents 2
continued
terrorists and other criminals to exchange information, it also jeopardizes our privacy, on
the Internet and elsewhere, going forward. For instance, it may be necessary to monitor the
phone calls of all American citizens, and visiting foreigners, in order to uncover a terrorist
plot. Is this reason for worry? Are comparisons to Orwell’s 1984 appropriate or overblown?
The first video displays both the positive and negative results of new advances in tech-
nology. The first segment describes a program called the Dark Web Project developed by
a team at the University of Tucson that combs the Internet in search of militant leaders
and their followers. The program creates profiles based on word length, punctuation,
syntax, and content, and displays information about the personality type of an individual
graphically.
The plotting of information on a graph represents whether the user is violent or militant,
inexperienced and seeking advice, or an opinion leader holding sway over many more
people. Programs like this have been adopted by many intelligence agencies worldwide,
who incorporate it into their arsenal of terrorist surveillance technologies.
It’s unclear if this project i ...
Once again, it’s time for Kaspersky to deliver our customary retrospective of the key events that have defined the threat landscape in 2013. Let’s start by looking back at the things we thought would shape the year ahead, based on the trends we observed in the previous year.
Dark Web Kristin Finklea Specialist in Domestic SeOllieShoresna
Dark Web
Kristin Finklea
Specialist in Domestic Security
March 10, 2017
Congressional Research Service
7-5700
www.crs.gov
R44101
Dark Web
Congressional Research Service
Summary
The layers of the Internet go far beyond the surface content that many can easily access in their
daily searches. The other content is that of the Deep Web, content that has not been indexed by
traditional search engines such as Google. The furthest corners of the Deep Web, segments known
as the Dark Web, contain content that has been intentionally concealed. The Dark Web may be
used for legitimate purposes as well as to conceal criminal or otherwise malicious activities. It is
the exploitation of the Dark Web for illegal practices that has garnered the interest of officials and
policymakers.
Individuals can access the Dark Web by using special software such as Tor (short for The Onion
Router). Tor relies upon a network of volunteer computers to route users’ web traffic through a
series of other users’ computers such that the traffic cannot be traced to the original user. Some
developers have created tools—such as Tor2web—that may allow individuals access to Tor-
hosted content without downloading and installing the Tor software, though accessing the Dark
Web through these means does not anonymize activity. Once on the Dark Web, users often
navigate it through directories such as the “Hidden Wiki,” which organizes sites by category,
similar to Wikipedia. Individuals can also search the Dark Web with search engines, which may
be broad, searching across the Deep Web, or more specific, searching for contraband like illicit
drugs, guns, or counterfeit money. While on the Dark Web, individuals may communicate
through means such as secure email, web chats, or personal messaging hosted on Tor. Though
tools such as Tor aim to anonymize content and activity, researchers and security experts are
constantly developing means by which certain hidden services or individuals could be identified
or “deanonymized.”
Anonymizing services such as Tor have been used for legal and illegal activities ranging from
maintaining privacy to selling illegal goods—mainly purchased with Bitcoin or other digital
currencies. They may be used to circumvent censorship, access blocked content, or maintain the
privacy of sensitive communications or business plans. However, a range of malicious actors,
from criminals to terrorists to state-sponsored spies, can also leverage cyberspace and the Dark
Web can serve as a forum for conversation, coordination, and action. It is unclear how much of
the Dark Web is dedicated to serving a particular illicit market at any one time, and, because of
the anonymity of services such as Tor, it is even further unclear how much traffic is actually
flowing to any given site.
Just as criminals can rely upon the anonymity of the Dark Web, so too can the law enforcement,
military, and intellige ...
Cybercrimes in the Darknet and Their Detections: A Comprehensive Analysis and...dannyijwest
Although the Dark web was originally used for maintaining privacy-sensitive communication for business or intelligence services for defence, government and business organizations, fighting against censorship and blocked content, later, the advantage of technologies behind the Dark web were abused by criminals to conduct crimes which involve drug dealing to the contract of assassinations in a widespread manner. Since the communication remains secure and untraceable, criminals can easily use dark web service via The Onion Router (TOR), can hide their illegal motives and can conceal their criminal activities. This makes it very difficult to monitor and detect cybercrimes over the dark web. With the evolution of machine learning, natural language processing techniques, computational big data applications and hardware, there is a growing interest in exploiting dark web data to monitor and detect criminal activities. Due to the anonymity provided by the Dark Web, the rapid disappearance and the change of the uniform resource locators (URLs) of the resources, it is not as easy to crawl the Drak web and get the data as the usual surface web which limits the researchers and law enforcement agencies to analyse the data. Therefore, there is an urgent need to study the technology behind the Dark web, its widespread abuse, its impact on society and the existing systems, to identify the sources of drug deal or terrorism activities. In this research, we analysed the predominant darker sides of the world wide web (WWW), their volumes, their contents and their ratios. We have performed the analysis of the larger malicious or hidden activities that occupy the major portions of the Dark net; tools and techniques used to identify cybercrimes which happen inside the dark web. We applied a systematic literature review (SLR) approach on the resources where the actual dark net data have been used for research purposes in several areas. From this SLR, we identified the approaches (tools and algorithms) which have been applied to analyse the Dark net data, the key gaps as well as the key contributions of the existing works in the literature. In our study, we find the main challenges to crawl the dark web and collect forum data are: scalability of crawler, content selection trade off, and social obligation for TOR crawler and the limitations of techniques used in automatic sentiment analysis to understand criminals’ forums and thereby monitor the forums. From the comprehensive analysis of existing tools, our study summarizes the most tools. However the forum topics rapidly change as their sources changes; criminals inject noises to obfuscate the forum’s main topic and thus remain undetectable. Therefore supervised techniques fail to address the above challenges. Semi-supervised techniques would be an interesting research direction.
Should the ″Dark Web″ be monitored, shut down completely, or left alone?Kimberly Williams
The paper describes about the ″Dark Web,″ should it be monitored, shut down completely, or left alone? Just MLA format 2016 edition with works cited paper 1350 words no in the first, second, third. it should support the dark web needs to be monitored.
Digital Breadcrums: Investigating Internet Crime with Open Source Intelligenc...Nicholas Tancredi
Capstone project for a 12-week online course with the International Association of Crime Analysts. My topic was on how crime and intelligence analysts are using open source intelligence (OSINT) to investigate Internet crime.
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...REVULN
In July 2016, the ATM heist of Taiwan First bank is based on well-known Carberp malware family. The threat of cybercrime is becoming increasingly complex and diverse on putting citizen’s data or money in danger. Cybercrime threats are often originating from trusted, malicious, or negligent insiders, who have excessive access privileges to sensitive data. The analysis of ATM heist threats presents many opportunities for improving the quality and value of digital evidence. This talk will introduce some OSINT methods that can help investigators to perform a cybercrime investigation process in a forensically sound and timely fashion manner. This talk further points out cybercrime investigation, digital forensics, and ICT governance for fighting against cybercrime issues. It requires the sincere examination of all available data volumes at a crime scene or in a lab to present digital evidence in a court of law.
The ClearScore Darkpaper: The danger of the dark web 2020Jayna Mistry
With online fraud cases on the rise, ClearScore's very first Darkpaper explores the UK's attitudes to the dark web and delves into consumers' experiences of online fraud.
Key findings
- A third (33%) of people in the UK have been victims of online fraud.
- Banking details were compromised in 58% of online fraud cases in the UK.
- Online fraud is most likely to cost to individuals between £101 and £500, with 8% of people surveyed losing more than £1,001.
- People in the UK are most likely to only rotate two to three passwords for their online accounts - although nearly a third (29%) have five to ten passwords.
- A quarter of UK residents think some of their data could be for sale on the dark web, although over 55s are most likely not to know (53%).
HOMELAND SECURITY BITCOIN TASK FORCE REVEALED BY DEPARTMENT OF JUSTICE INDICT...Steven Rhyner
Rumour has long been that Homeland Security in the United States has been interested in Bitcoin’s role in the buying and selling of drugs and other illegal goods and services, via the dark web in particular.
1. The DarkNet - Why It Matters to Everyone
Think of the Internet as an iceberg. The Internet we use every
day represents only 4% of the total Internet. The visible part is
indexed and searchable by major search engines like Google
and Bing. Lurking below the surface is the remaining part of the
Internet called the DarkNet or DarkWeb, and it is never seen by
the vast majority of users. This vast, hidden area is where most
illegal activity is transacted. It is in the DarkNet where transactions
involving weapons, bombs, human body parts, assassinations,
drugs, human trafficking, child pornography, malware and stolen
assets take place.
Tor is the most common technology used to access the DarkNet.
The Tor Project defines the DarkNet as, “that portion of the web
which cannot be easily reached from the public Internet, and
usually requires specialized software to access.”1
The DarkNet originally referred to any content that could not
be reached through the open Internet. This changed when users
began sharing files and the DarkNet as we know it today was
born.2
In addition to the criminal underworld, the DarkNet is
also home to political dissidents and anti-surveillance activists.
Ed Alcantara, BLACKOPS Cyber
Chief Cyber Intelligence Officer
64 United States Cybersecurity Magazine
2. There are currently three million Tor users, who use
the DarkNet to support anonymous communication.3
Criminals exploit this anonymity to facilitate the sale
of drugs, counterfeit currency, malware, stolen banking
information, weapons and many other illegal activities.
There is no single definitive source for the size and
scope of the DarkNet but Tor estimates that it’s search
engines have indexed over 350,000 pages so far. Much
of the DarkNet is yet to be indexed and the process is
made difficult because it was not built with the intent
of being indexed.
The DarkNet features online marketplaces offering black
market goods, sometimes sold alongside legal products.
The emergence of several new DarkNet markets after
the take down of the infamous Silk Road demonstrates
how easily the black market commercial void is filled.4
DarkNet markets, the equivalent of an Amazon.com but
in the criminal realm, sell drugs, credit card, banking
information and the malware that enables criminals to
stealpersonal and financial information. The DarkNet is a
driving force behind fraud which can have a devastating
financial impact on companies, families andindividuals.
Child pornography and extortion are the most prevalent
criminal activities found on the DarkNet. According to
THORN, an organization that is dedicated to addressing
online child exploitation, more than 30 percent of searches
on eDonkey, a DarkNet peer-to-peer (P2P) network, are
related to child sexual abuse content and 42 percent of
sextortion victims met their perpetrators online.5
In one
three month period, from January to March 2015, the
FBI intercepted over 60,000 child pornography users
on the DarkNet.6
DarkNet markets cannot be stopped with algorithms
and data mining programs. Human intelligence activity is
required to identify and analyze the markets and collect
data on administrators and users.
Human Interpretation and Success in a
Multi-Faceted, Secretive Online Fight
The importance of the inclusion of human intelligence,
or HUMINT, in successful cyber operations cannot
be overstated. In the detailed and critical review of
information necessary to carry out intelligence operations
against DarkNet actors, human intelligence is necessary
to identify and correlate the links in the intelligence that
made the key difference in each case.
For example, in March 2015, cyber intelligence analysts
monitoring DarkNet criminal activities identified the
existence of certain private marketplaces operated by
Chinese hackers and trafficking in financial information.
The analysts were aware that hackers employed by the
Chinese government had begun penetrating the world’s
financial systems as early as 2006.7
In this context, in early July 2016 the analysts discovered
that UniTeller, a financial services company that services a
network of 87 banks and approximately 32,000 payment
locations worldwide, had been compromised by hackers
who breached its network. In this case, the analysts
correlated the patterns and practices of specific threat
actors to the methodology used in the UniTeller breach
and were able to identify a connection to the Chinese
hacker marketplace. Having made this connection, the
analysts were able to localize their focus within the
DarkNet and target specific individuals with the objective
of collecting actionable information.
Selecting individual cyber actors for targeting and
cultivation is a primary component of an analyst’s
work, and can often determine an operation’s success.
Tradecraft specific to cyber operations is used to gain
entry to sites where the targeted actor is operating.
Once in, an engagement plan is executed. This consists
of social interaction at a level and in a style expected by
site members. This process is continually documented
The DarkNet is a driving force behind fraud
which can have a devastating financial impact on
companies, families and individuals.
Winter 2017 | www.uscybersecurity.net 65
3. and evidence noted and preserved. This Uniteller case
was resolved when the company accepted that it had
been compromised and took its system off line for
remediation.
Similarly, in August 2016, analysts collected intelligence
that assisted UK law enforcement agencies in thwarting
attacks planned on Westminster. Plans called for attacks
during the peak of the tourist season. A cyber analyst
monitoring a Telegram Messenger channel8
was able
to identify the threat actor. Over time, the analyst built
a profile which supported evaluations of the threat’s
credibility and the capacity of the actor to execute.
Once the threat was deemed credible, cyber HUMINT
tradecraft was used to locate the threat device and the
actor. Telegram Messenger channels are controlled by
a host who determines who is and who isn’t granted
admission. It is the analyst’s skill and tradecraft that
that enables him or her to penetrate and maintain a
presence within the channel.
The volume of information created and shared by terrorist
organizations can overwhelm law enforcement and
intelligence resources. Compounding the problems
are obfuscation techniques designed to make the most
important details seem insignificant and the trivial seem
important. Only the critical thinking and discernment of a
seasoned HUMINT analyst can separate signal from noise.
Terrorists are now making use of steganography as
a means of communicating operational information.
Steganography is the practice of concealing a confidential
file, message, image, or video within another, non-
secret file, message, image, or video. The message
may not be literally hidden; rather, it may simply be an
instruction in a graphic form which prevents it from being
detected in an automated manner. Messages range
from operational instructions, data, GPS coordinates
to schedules. Steganography renders the algorithms
and scripts used by data mining programs ineffective.
A HUMINT analyst, on the other hand, can recognize
the visual cues and clues in a steganographic image
that a script cannot.
Finding DarkNet sites, tracking their users, and accessing
the data they store and exchange all require the use of
computer technology. But automated processing cannot
effectively gather, analyze and synthesize intelligence
into actionable information. For example, on September
22, 2016, a terror plot against the Université libre de
Bruxelles, in Belgium was prevented due to information
provided by a cyber HUMINT analyst.
The threat was discovered in a series of tweets posted to
a Jihadist Twitter account. It concerned an imminent plan
to carry out an attack against the university. Dozens of
photoswereposted,oneofwhichrevealedaspecificthreat
and motive: revenge for the US-led coalition’s bombing
of Mosul University. This was an important discovery
because the Twitter account did not follow anyone
and had no followers. It was clearly a communications
channel for jihadists.
The social media account that issued the threat had a
uniquely coded and cryptic account and used images
to avoid data mining script detection.9
The analyst was
able to build a threat actor profile, validate the collected
data and transmit the information to the appropriate
authorities. As a consequence, the U.S. State Department
issued a Travel Alert and Belgian authorities prevented
the attack.
It’s the ability to synthesize disparate and unstructured
data that makes the cyber HUMINT analyst so valuable.
Software operates deterministically; even sophisticated
artificial intelligence has this limitation. Humans can
think outside of their given parameters to change their
own programming, challenge their own protocols and
see what is hidden.
Cyber HUMINT analysts often operate as part of a team
that includes intelligence operatives on the ground.
In October 2016, a cyber HUMINT analyst received
Humans can think outside of their given parameters
to change their own programming, challenge their
own protocols and see what is hidden.
United States Cybersecurity Magazine66
4. information that a cache of 36 rockets capable of being
fitted with chemical warheads had been discovered in
the possession of an ISIS element in Qayyarah, Iraq, just
east of Mosul. The ground source claimed the weapons
were used for mustard gas, and readings showed residue
of blister agent chemical in the area. The cyber HUMINT
analyst correlated photographs and chemical readings
with known ISIS patterns related to the production and
storage of chemical rockets and concluded that the
information was credible. After establishing a location
for the cache, the rockets were secured. Cyber HUMINT
operates in the digital world but its effects can have
immediate impact in the physical world.
In October 2016 the Islamic State Hacking Team was
discovered attempting to access IP-enabled security
cameras around the world. Cyber HUMINT analysts
had been monitoring a pro-ISIS hacking group when
they came across URLs that could be used to access
public cameras. A YouTube video, containing detailed
instructions on how to gain control of the cameras was
being disseminated. Bad actors exerting such control
would be able to conduct remote target surveillance
and deny situational awareness to lawful authorities.
Days later, a Joint Terrorism Task Force (JTTF) arrested
a man in Ohio, near one of the hijacked cameras. He
was allegedly plotting a terror attack on behalf of ISIS.10
Cyber HUMINT analysts employed social engineering and
threat analysis to determine that the Democratic National
Committee (DNC) had been breached. In September
2015 the analysts revealed the existence of a website
from which large databases of stolen emails, usernames,
and passwords related to people connected to major
services providers and other organizations connected
to the DNC could be purchased. The analysts provided
screenshots, chat logs, and video evidence of the traffic
in the stolen information to the press.11
In many cases, the intent of data transactions and online
behavior is obfuscated so as to mask the activity from
automated security systems. Such instances require
the intervention of a trained cyber HUMINT analyst to
discern the truth hiding within what Winston Churchill
called “a bodyguard of lies.”
Non-Stop Vigilance
The Darknet is massive, anonymous and populated with
active threats to global economic interests and physical
safety. The application of cyber human intelligence to
the DarkNet is an essential part of any comprehensive
cybersecurity program. Cyber HUMINT makes penetrating
DarkNet websites and malicious actor communities
possible and enables continuous monitoring for a
broad range of threats. From the classical to the wildly
unconventional, cyber HUMINT is arguably the most
reliable and responsive intelligence collection mechanism
applied to the cyber problem. After all, human
beings and their intentions are behind every action
and every crime.
About the Author
Ed Alcantarafounded the first ever CyberHUMINT™
company. Currently holding position of Chief Cyber
Intelligence Officer (CCIO), at BLACKOPS Cyber,
Inc - BOC. Concurrently he also serves as CCIO,
for BLACKOPS Partners, Corp. Alcantara provides
counter-terrorism support to law enforcement,
military, and government agencies leveraging his proprietary
CyberHUMINT™ tradecraft. Alcantara is a recognized
CyberHUMINT™ and Offensive Counterintelligence (OFCO),
Subject Matter Expert (SME) on Darknet. Alcantara built and
manages the world’s largest CyberHUMINT™ and OFCO army
on the Darknet and surface web.
Sources
1. https://trac.torproject.org/projects/tor/wiki/doc/HowBigIsTheDarkWeb
2. https://www.wilsoncenter.org/sites/default/files/deep_web_report_october_2015.
pdf p.7
3. https://trac.torproject.org/projects/tor/wiki/doc/HowBigIsTheDarkWeb
4. https://www.wilsoncenter.org/sites/default/files/deep_web_report_october_2015.
pdf p.10
5. https://www.wearethorn.org/about-our-fight-against-sexual-exploitation-of-
children/
6. https://motherboard.vice.com/read/the-fbis-unprecedented-hacking-campaign-
targeted-over-a-thousand-computers
7. http://www.theepochtimes.com/n3/1992641-chinas-state-sponsored-hackers-set-
up-business-on-the-darknet/
8. Telegram is an encrypted, cloud based, instant messaging service with a message
self-destruct feature.
9. http://markets.ibtimes.com/ibtimes/news/read/33067868/
10. http://securityaffairs.co/wordpress/53048/terrorism/isis-surveillance-cameras.html
11. http://www.theepochtimes.com/n3/2126828-exclusive-infamous-hacker-detox-
ransome-stole-democrat-databases- in-2015/
Winter 2017 | www.uscybersecurity.net 67