SlideShare a Scribd company logo

Illuminating the dark web

Download as PPTX, PDF
Jisc
Jisc

A presentation at the Jisc security conference 2019 by Simon Bryden, Fortinet.

1 of 37
1 Illuminating the Dark Web Simon Bryden Consulting Systems Engineer, EMEA
2 Introduction to the dark web The Onion Router and Hidden Services Dark Web Takedowns Protecting yourself from the dark web Illuminating the Dark Web
3 “The iceberg” Surface Web Deep Web Dark Web
4 Protected by authentication layer or paywall Not linked from any other pages Not referenced by search engines Deep Web characteristics
5 Anonymous Special access software Associated with illegal activities Dark Web characteristics
6 Illegal content Illegal marketplaces Cybercrime services Cryptocurrency services What can be found on the Dark Web?
7
8
9
10 Journalism Legal markets Social Media Repressed minorities Legal dark web services
11 The Onion Router
12 • Based on technology developed by the US Naval Research Laboratory in 1990s • Designed to protect US intelligence communications online • Tor project launched in 2002, first public release in 2004 • The Tor Project Inc. launched in 2006 as a non-profit organisation What is Tor?
13 Tor can provide two levels of anonymity: Anonymous access to surface web services • The Tor network provides an anonymous access through the Tor network. • The Tor network “exit node” connects to the surface web server Anonymous access to hidden services • The Tor network provides complete end-to-end anonymity • Hides the identity of both client and server How muchAnonymity does Tor Provide?
14
15
16 How Anonymous? “Alice is using the Tor service” Tor relay nodes are publicly known “Someone is connecting to Bob from the Tor network” “We can see this traffic”
17 How Anonymous? “Alice is using a VPN service” HTTPS VPN Provider “Someone is connecting to Bob from the Tor network”
18 Tor Browser
19 Volunteers. Often universities and other institutions Most people host Relay or Guard (Entry) nodes Nodes cannot become guards unless they are stable, and have at least 2Mbytes/s bandwidth Running an Exit node opens up the potential of receiving abuse complaints Exit nodes are often blocked by providers or website owners Who Owns the Tor Nodes?
20 Where are the relays? Germany UK Netherlands USA France
21 Tor Hidden Services
22 • Hidden services provide anonymity for the server • Servers are identified by an onion address such as 4nrvt5xpejyo27zf.onion • These are not resolved by DNS, rather by the Tor network itself • Most importantly: • There is no link between server name and server address Tor Hidden Services
23 Tor Hidden Service Operation RP
24 Browsing Hidden Sites
Dark Web Take-Down
26 • It’s more than just Tor! • Payment methods • Delivery of goods • All other system tools and applications must be anonymized • Ancillary communications (forgotten passwords, tech support) • Web services platforms (Wordpress, Joomla etc. are full of vulnerabilities) Perfect anonymity is Difficult
27 In 2013, the FBI managed to infiltrate “Freedom Hosting”, a hosting operation serving child pornography sites It inserted an exploit kit which targeted a vulnerability in Firefox 17 (used in Tor browser) This resulted in the download of a file which would report back the identity of the user Resulted in the arrests of the owner, and many of the consumers The Silk Road marketplace was reportedly identified through a non-anonymized captcha Freedom Hosting Silk Road
28 Child sex abuse marketplace More than 8 terabytes of data Used bitcoin – 7,300 recorded transactions from more than 1 million user addresses UK National Crime Agency used BitCoin transaction analysis to identify users Arrests of 337 users made in 38 countries 23 abused children identified and rescued Abusers found, not by using offensive hacking, but by simply tracing bitcoin transactions Welcome To Video
29 Dark Web Markets Silk Road Data leaked via CAPTCHA US DEA and FBI June 2013 Silk Road 2.0 Bitcoin Vulnerability FBI & Europol Nov 2014 AlphaBay Email address leakage July 2017 Dream Market Sustained DDoS Attacks? March 2019 Wall Street Market Careless use of VPN Europol May 2019 Deepdotweb.com Dark web links site Taken down because of links to illegal markets FBI, Europol, NCA May 2019 Hansa Addresses leaked in IRC logs Operation Bayonet (multinational law enforcement)
Detection and Protection
31 Case 1: Employees access dark web sites
32 Case 2: Employees hosting dark web sites
33 Case 3: Anonymous external reconnaisance
34 Several sites provide the list in convenient form: https://check.torproject.org/exit-addresses (exit nodes only) https://www.dan.me.uk/tornodes (exit only, or all relays) http://blutmagie.de (exit only, or all relays) Security vendors often have automatically-updated node lists built in to their solutions. Tor Detection by RelayAddresses
35 Good news: It is possible to detect the Tor protocol Not so good news: Tor provides explicit means to avoid being detected Fortinet has built-in application detection of Tor, I2P, FreeNet, and others, as well as popular proxy applications such as Psiphon and Ultrasurf. Tor does makes it possible to use private relay nodes and personalized transport protocols which can make detection close to impossible. However, in practice, there are many associated difficulties with these techniques. Detection by Protocol
36 • Dark web is more about the technology than the content • Much of the content is legal and legitimate • Tor is by far the most popular access technology • It is very difficult to make a site 100% anonymous • The dark web can present a risk to legitimate users and companies • Simple security measures can deter all but the most determined attackers Key Takeaways
Come and see us at stand 14

Recommended

Dark web presentation
Dark web presentationDark web presentation
Dark web presentation
To Mal
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
Suraj Jaundoo
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
jamiecornista
 
Dark web
Dark webDark web
Dark web
Safwan Hashmi
 
The dark web
The dark webThe dark web
The dark webBella M
 
The Dark side of the Web
The Dark side of the WebThe Dark side of the Web
The Dark side of the Web
Paula Ripoll Cacho
 
Deep and Dark Web
Deep and Dark WebDeep and Dark Web
Deep and Dark Web
Md. Nazmus Shakib Robin
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and Privacy
Brian Pichman
 

Recommended

Dark web presentation
Dark web presentationDark web presentation
Dark web presentation
To Mal
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
Suraj Jaundoo
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
jamiecornista
 
Dark web
Dark webDark web
Dark web
Safwan Hashmi
 
The dark web
The dark webThe dark web
The dark webBella M
 
The Dark side of the Web
The Dark side of the WebThe Dark side of the Web
The Dark side of the Web
Paula Ripoll Cacho
 
Deep and Dark Web
Deep and Dark WebDeep and Dark Web
Deep and Dark Web
Md. Nazmus Shakib Robin
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and Privacy
Brian Pichman
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
Jan Siy
 
Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep web
Khaled Sany
 
Introduction To Dark Web
Introduction To Dark WebIntroduction To Dark Web
Introduction To Dark Web
Adityakumar Yadav
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark Web
MiteshWani
 
Deep Web - what to do and what not to do
Deep Web - what to do and what not to do Deep Web - what to do and what not to do
Deep Web - what to do and what not to do
Cysinfo Cyber Security Community
 
Deep web and dark web
Deep web and dark webDeep web and dark web
Deep web and dark web
Vaishali Misra
 
The Deep and Dark Web
The Deep and Dark WebThe Deep and Dark Web
The Deep and Dark Web
Swecha | స్వేచ్ఛ
 
Dark Web
Dark WebDark Web
Dark Web
KunalDas889957
 
The Dark Web
The Dark WebThe Dark Web
The Dark WebConnor Willer
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet Anonymity
Abhimanyu Singh
 
Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar ancha
vinod kumar
 
Dark wed
Dark wedDark wed
Dark wed
AraVind Pillai
 
The dark web
The dark webThe dark web
The dark webhellboytonmoy
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
Case IQ
 
Dark web
Dark webDark web
Dark web
Nikki Noveno
 
Deep web and Dark web
Deep web and Dark webDeep web and Dark web
Deep web and Dark web
Parvez Hossain
 
dark-web-and-cybercrime.pdf
dark-web-and-cybercrime.pdfdark-web-and-cybercrime.pdf
dark-web-and-cybercrime.pdf
RajanshumanPradhan2
 
Guide to dark web
Guide to dark webGuide to dark web
Guide to dark web
Jspider - Noida
 
Presentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptPresentation on Ethical Hacking ppt
Presentation on Ethical Hacking ppt
Shravan Sanidhya
 
Deep web Seminar
Deep web Seminar Deep web Seminar
Deep web Seminar
Hareendran MG
 
The Dark Web : Hidden Services
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden Services
Anshu Singh
 
Tor Project and The Darknet
Tor Project and The DarknetTor Project and The Darknet
Tor Project and The Darknet
Ahmed Mater
 

More Related Content

What's hot

The Dark Web
The Dark WebThe Dark Web
The Dark Web
Jan Siy
 
Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep web
Khaled Sany
 
Introduction To Dark Web
Introduction To Dark WebIntroduction To Dark Web
Introduction To Dark Web
Adityakumar Yadav
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark Web
MiteshWani
 
Deep Web - what to do and what not to do
Deep Web - what to do and what not to do Deep Web - what to do and what not to do
Deep Web - what to do and what not to do
Cysinfo Cyber Security Community
 
Deep web and dark web
Deep web and dark webDeep web and dark web
Deep web and dark web
Vaishali Misra
 
The Deep and Dark Web
The Deep and Dark WebThe Deep and Dark Web
The Deep and Dark Web
Swecha | స్వేచ్ఛ
 
Dark Web
Dark WebDark Web
Dark Web
KunalDas889957
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet Anonymity
Abhimanyu Singh
 
Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar ancha
vinod kumar
 
Dark wed
Dark wedDark wed
Dark wed
AraVind Pillai
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
Case IQ
 
Dark web
Dark webDark web
Dark web
Nikki Noveno
 
Deep web and Dark web
Deep web and Dark webDeep web and Dark web
Deep web and Dark web
Parvez Hossain
 
dark-web-and-cybercrime.pdf
dark-web-and-cybercrime.pdfdark-web-and-cybercrime.pdf
dark-web-and-cybercrime.pdf
RajanshumanPradhan2
 
Guide to dark web
Guide to dark webGuide to dark web
Guide to dark web
Jspider - Noida
 
Presentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptPresentation on Ethical Hacking ppt
Presentation on Ethical Hacking ppt
Shravan Sanidhya
 
Deep web Seminar
Deep web Seminar Deep web Seminar
Deep web Seminar
Hareendran MG
 

What's hot (20)

The Dark Web
The Dark WebThe Dark Web
The Dark Web
 
Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep web
 
Introduction To Dark Web
Introduction To Dark WebIntroduction To Dark Web
Introduction To Dark Web
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark Web
 
Deep Web - what to do and what not to do
Deep Web - what to do and what not to do Deep Web - what to do and what not to do
Deep Web - what to do and what not to do
 
Deep web and dark web
Deep web and dark webDeep web and dark web
Deep web and dark web
 
The Deep and Dark Web
The Deep and Dark WebThe Deep and Dark Web
The Deep and Dark Web
 
Dark Web
Dark WebDark Web
Dark Web
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet Anonymity
 
Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar ancha
 
Dark wed
Dark wedDark wed
Dark wed
 
The dark web
The dark webThe dark web
The dark web
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
 
Dark web
Dark webDark web
Dark web
 
Deep web and Dark web
Deep web and Dark webDeep web and Dark web
Deep web and Dark web
 
dark-web-and-cybercrime.pdf
dark-web-and-cybercrime.pdfdark-web-and-cybercrime.pdf
dark-web-and-cybercrime.pdf
 
Guide to dark web
Guide to dark webGuide to dark web
Guide to dark web
 
Presentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptPresentation on Ethical Hacking ppt
Presentation on Ethical Hacking ppt
 
Deep web Seminar
Deep web Seminar Deep web Seminar
Deep web Seminar
 

Similar to Illuminating the dark web

The Dark Web : Hidden Services
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden Services
Anshu Singh
 
Tor Project and The Darknet
Tor Project and The DarknetTor Project and The Darknet
Tor Project and The Darknet
Ahmed Mater
 
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptxdarkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
Geetha982072
 
Deep web
Deep webDeep web
Deep web
Mayank Chaudhari
 
Dark Web.pptx
Dark Web.pptxDark Web.pptx
Dark Web.pptx
eliofatjon
 
Анонимность Tor: миф и реальность
Анонимность Tor: миф и реальностьАнонимность Tor: миф и реальность
Анонимность Tor: миф и реальность
CEE-SEC(R)
 
(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation
INSIGHT FORENSIC
 
Dark net
Dark netDark net
Dark net
Mudasser Afzal
 
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh BhatiaDarknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
OWASP Delhi
 
Presentation darknet
Presentation darknetPresentation darknet
Presentation darknet
Dvir Barel
 
Dw communication
Dw communicationDw communication
Dw communication
Arjun Chetry
 
Ali shahbazi khojasteh - deep web
Ali shahbazi khojasteh - deep webAli shahbazi khojasteh - deep web
Ali shahbazi khojasteh - deep web
Ali Shahbazi Khojasteh
 
Darkle Slideshow _ by Slidesgo.pptx
Darkle Slideshow _ by Slidesgo.pptxDarkle Slideshow _ by Slidesgo.pptx
Darkle Slideshow _ by Slidesgo.pptx
JamalAmzil6
 
Demystifying the Dark Web
Demystifying the Dark WebDemystifying the Dark Web
Demystifying the Dark Web
Tom Kranz
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
b coatesworth
 
2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous Communication2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous CommunicationFabio Pietrosanti
 
Tor: The Second Generation Onion Router
Tor: The Second Generation Onion RouterTor: The Second Generation Onion Router
Tor: The Second Generation Onion Router
Mohammed Bharmal
 
Dark web sites - Exploring the Dark Web, Dark Web Sites, and the Elusive Link...
Dark web sites - Exploring the Dark Web, Dark Web Sites, and the Elusive Link...Dark web sites - Exploring the Dark Web, Dark Web Sites, and the Elusive Link...
Dark web sites - Exploring the Dark Web, Dark Web Sites, and the Elusive Link...
Auto Parts Wholesale Online
 
.Onion
.Onion.Onion
.Onion
KajolPatel17
 
Anonymity in the web based on routing protocols
Anonymity in the web based on routing protocolsAnonymity in the web based on routing protocols
Anonymity in the web based on routing protocols
Biagio Botticelli
 

Similar to Illuminating the dark web (20)

The Dark Web : Hidden Services
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden Services
 
Tor Project and The Darknet
Tor Project and The DarknetTor Project and The Darknet
Tor Project and The Darknet
 
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptxdarkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
 
Deep web
Deep webDeep web
Deep web
 
Dark Web.pptx
Dark Web.pptxDark Web.pptx
Dark Web.pptx
 
Анонимность Tor: миф и реальность
Анонимность Tor: миф и реальностьАнонимность Tor: миф и реальность
Анонимность Tor: миф и реальность
 
(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation
 
Dark net
Dark netDark net
Dark net
 
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh BhatiaDarknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
 
Presentation darknet
Presentation darknetPresentation darknet
Presentation darknet
 
Dw communication
Dw communicationDw communication
Dw communication
 
Ali shahbazi khojasteh - deep web
Ali shahbazi khojasteh - deep webAli shahbazi khojasteh - deep web
Ali shahbazi khojasteh - deep web
 
Darkle Slideshow _ by Slidesgo.pptx
Darkle Slideshow _ by Slidesgo.pptxDarkle Slideshow _ by Slidesgo.pptx
Darkle Slideshow _ by Slidesgo.pptx
 
Demystifying the Dark Web
Demystifying the Dark WebDemystifying the Dark Web
Demystifying the Dark Web
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
 
2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous Communication2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous Communication
 
Tor: The Second Generation Onion Router
Tor: The Second Generation Onion RouterTor: The Second Generation Onion Router
Tor: The Second Generation Onion Router
 
Dark web sites - Exploring the Dark Web, Dark Web Sites, and the Elusive Link...
Dark web sites - Exploring the Dark Web, Dark Web Sites, and the Elusive Link...Dark web sites - Exploring the Dark Web, Dark Web Sites, and the Elusive Link...
Dark web sites - Exploring the Dark Web, Dark Web Sites, and the Elusive Link...
 
.Onion
.Onion.Onion
.Onion
 
Anonymity in the web based on routing protocols
Anonymity in the web based on routing protocolsAnonymity in the web based on routing protocols
Anonymity in the web based on routing protocols
 

More from Jisc

Adobe Express Engagement Webinar (Delegate).pptx
Adobe Express Engagement Webinar (Delegate).pptxAdobe Express Engagement Webinar (Delegate).pptx
Adobe Express Engagement Webinar (Delegate).pptx
Jisc
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 
Jisc's value to HE: the University of Sheffield
Jisc's value to HE: the University of SheffieldJisc's value to HE: the University of Sheffield
Jisc's value to HE: the University of Sheffield
Jisc
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
Jisc
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
Jisc
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
Jisc
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
Jisc
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
Jisc
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
Jisc
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
Jisc
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
Jisc
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
Jisc
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
Jisc
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
Jisc
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
Jisc
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
Jisc
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
Jisc
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
Jisc
 

More from Jisc (20)

Adobe Express Engagement Webinar (Delegate).pptx
Adobe Express Engagement Webinar (Delegate).pptxAdobe Express Engagement Webinar (Delegate).pptx
Adobe Express Engagement Webinar (Delegate).pptx
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
Jisc's value to HE: the University of Sheffield
Jisc's value to HE: the University of SheffieldJisc's value to HE: the University of Sheffield
Jisc's value to HE: the University of Sheffield
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
 

Recently uploaded

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 

Illuminating the dark web

  • 1. 1 Illuminating the Dark Web Simon Bryden Consulting Systems Engineer, EMEA
  • 2. 2 Introduction to the dark web The Onion Router and Hidden Services Dark Web Takedowns Protecting yourself from the dark web Illuminating the Dark Web
  • 4. 4 Protected by authentication layer or paywall Not linked from any other pages Not referenced by search engines Deep Web characteristics
  • 5. 5 Anonymous Special access software Associated with illegal activities Dark Web characteristics
  • 6. 6 Illegal content Illegal marketplaces Cybercrime services Cryptocurrency services What can be found on the Dark Web?
  • 7. 7
  • 8. 8
  • 9. 9
  • 10. 10 Journalism Legal markets Social Media Repressed minorities Legal dark web services
  • 12. 12 • Based on technology developed by the US Naval Research Laboratory in 1990s • Designed to protect US intelligence communications online • Tor project launched in 2002, first public release in 2004 • The Tor Project Inc. launched in 2006 as a non-profit organisation What is Tor?
  • 13. 13 Tor can provide two levels of anonymity: Anonymous access to surface web services • The Tor network provides an anonymous access through the Tor network. • The Tor network “exit node” connects to the surface web server Anonymous access to hidden services • The Tor network provides complete end-to-end anonymity • Hides the identity of both client and server How muchAnonymity does Tor Provide?
  • 14. 14
  • 15. 15
  • 16. 16 How Anonymous? “Alice is using the Tor service” Tor relay nodes are publicly known “Someone is connecting to Bob from the Tor network” “We can see this traffic”
  • 17. 17 How Anonymous? “Alice is using a VPN service” HTTPS VPN Provider “Someone is connecting to Bob from the Tor network”
  • 19. 19 Volunteers. Often universities and other institutions Most people host Relay or Guard (Entry) nodes Nodes cannot become guards unless they are stable, and have at least 2Mbytes/s bandwidth Running an Exit node opens up the potential of receiving abuse complaints Exit nodes are often blocked by providers or website owners Who Owns the Tor Nodes?
  • 20. 20 Where are the relays? Germany UK Netherlands USA France
  • 22. 22 • Hidden services provide anonymity for the server • Servers are identified by an onion address such as 4nrvt5xpejyo27zf.onion • These are not resolved by DNS, rather by the Tor network itself • Most importantly: • There is no link between server name and server address Tor Hidden Services
  • 23. 23 Tor Hidden Service Operation RP
  • 26. 26 • It’s more than just Tor! • Payment methods • Delivery of goods • All other system tools and applications must be anonymized • Ancillary communications (forgotten passwords, tech support) • Web services platforms (Wordpress, Joomla etc. are full of vulnerabilities) Perfect anonymity is Difficult
  • 27. 27 In 2013, the FBI managed to infiltrate “Freedom Hosting”, a hosting operation serving child pornography sites It inserted an exploit kit which targeted a vulnerability in Firefox 17 (used in Tor browser) This resulted in the download of a file which would report back the identity of the user Resulted in the arrests of the owner, and many of the consumers The Silk Road marketplace was reportedly identified through a non-anonymized captcha Freedom Hosting Silk Road
  • 28. 28 Child sex abuse marketplace More than 8 terabytes of data Used bitcoin – 7,300 recorded transactions from more than 1 million user addresses UK National Crime Agency used BitCoin transaction analysis to identify users Arrests of 337 users made in 38 countries 23 abused children identified and rescued Abusers found, not by using offensive hacking, but by simply tracing bitcoin transactions Welcome To Video
  • 29. 29 Dark Web Markets Silk Road Data leaked via CAPTCHA US DEA and FBI June 2013 Silk Road 2.0 Bitcoin Vulnerability FBI & Europol Nov 2014 AlphaBay Email address leakage July 2017 Dream Market Sustained DDoS Attacks? March 2019 Wall Street Market Careless use of VPN Europol May 2019 Deepdotweb.com Dark web links site Taken down because of links to illegal markets FBI, Europol, NCA May 2019 Hansa Addresses leaked in IRC logs Operation Bayonet (multinational law enforcement)
  • 31. 31 Case 1: Employees access dark web sites
  • 32. 32 Case 2: Employees hosting dark web sites
  • 33. 33 Case 3: Anonymous external reconnaisance
  • 34. 34 Several sites provide the list in convenient form: https://check.torproject.org/exit-addresses (exit nodes only) https://www.dan.me.uk/tornodes (exit only, or all relays) http://blutmagie.de (exit only, or all relays) Security vendors often have automatically-updated node lists built in to their solutions. Tor Detection by RelayAddresses
  • 35. 35 Good news: It is possible to detect the Tor protocol Not so good news: Tor provides explicit means to avoid being detected Fortinet has built-in application detection of Tor, I2P, FreeNet, and others, as well as popular proxy applications such as Psiphon and Ultrasurf. Tor does makes it possible to use private relay nodes and personalized transport protocols which can make detection close to impossible. However, in practice, there are many associated difficulties with these techniques. Detection by Protocol
  • 36. 36 • Dark web is more about the technology than the content • Much of the content is legal and legitimate • Tor is by far the most popular access technology • It is very difficult to make a site 100% anonymous • The dark web can present a risk to legitimate users and companies • Simple security measures can deter all but the most determined attackers Key Takeaways
  • 37. Come and see us at stand 14