SlideShare a Scribd company logo

Demystifying the Dark Web

Tom Kranz
Tom Kranz

A talk and live demo I wrote and gave at a number of cyber insurance events, discussing how the Dark Web works, how to access it, who uses it, and it's advantages and disadvantages.

1 of 12
Download to read offline
What is the Dark Web?
A 6point6 Cyber Labs Briefing
What is the Dark Web - Overview
• Why should we care about the Dark Web?
• What is the Dark Web?
• How does an attacker use the Dark Web?
• What’s available on there?
• How does it work?
• Demo
• Failings of the Dark Web
• Positives from the Dark Web
• Summary and close
Why should we care about the Dark Web?
• Attacks need to be planned and carried out with a high
degree of privacy and secrecy to be able to succeed
• Attackers need:
• A secret environment where they can sell/trade stolen data and
information
• A secret environment where they can hire services (botnets,
identity theft, targeted info attacks)
• Existing networks and forums on the Internet are known
and monitored
• New networks and forums on the Internet are easily
discovered and traced
The Dark Web can be used to address Internet design flaws that hinder cyber attacks
What is the Dark Web?
• Like the Internet, the Dark Web is composed of web sites
providing various services
• There are forums, email providers – even search engines
• Unlike the Internet, the Dark Web:
• Needs special client tools to access
• Provides encryption and anonymity as part of it’s access
• Is very difficult to trace and track who owns and operates a site
• There is no one single Dark Web – there are multiple
networks using specific clients
• The two most popular are TOR and I2P
Similar yet Different - Comparison to the regular Internet
How does an attacker use the Dark Web?
• Reconnaissance
• Attackers can use forums and search engines to look for (and
share) existing information on their target
• Probes
• Easy to launch probing attacks against a target
• Distraction attacks
• Ideal for launching Denial of Service (DoS) attacks from hired
botnets
• Compromise
• Phishing emails and actual hacks can be launched from Dark
Web hosted servers
• Storage
• Stolen data can be stored, shared and sold on secure Dark Web
markets
The anonymous, difficult to trace capabilities makes it ideal for Cyber attacks
What is available on the Dark Web?
• Botnets
• Cryptocurrency (Bitcoin etc.) services
• Legal and Illegal markets
• Hacking groups and services
• Fraud services
• Hoaxes and unverified content
• Phishing and scams
• Puzzles
• Illegal pornography
• Terrorism
• Social media
• Activism
A range of services, many of which have good reason to hide

More Related Content

What's hot

The Dark Web by Kenneth Yu
The Dark Web by Kenneth YuThe Dark Web by Kenneth Yu
The Dark Web by Kenneth YuKenny Yu
 
Illuminating the dark web
Illuminating the dark webIlluminating the dark web
Illuminating the dark webJisc
 
Dark web presentation
Dark web presentationDark web presentation
Dark web presentationTo Mal
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark WebMiteshWani
 
Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Marco Balduzzi
 
Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep webKhaled Sany
 
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...EC-Council
 
Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchavinod kumar
 
Rolling in the Deep. ISACA.SV.2016
Rolling in the Deep. ISACA.SV.2016Rolling in the Deep. ISACA.SV.2016
Rolling in the Deep. ISACA.SV.2016Bich (Evelyn) Chu
 
Cyber intelligence-services
Cyber intelligence-servicesCyber intelligence-services
Cyber intelligence-servicesCyber 51 LLC
 

What's hot (20)

Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet? Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet?
 
The Dark Web by Kenneth Yu
The Dark Web by Kenneth YuThe Dark Web by Kenneth Yu
The Dark Web by Kenneth Yu
 
Illuminating the dark web
Illuminating the dark webIlluminating the dark web
Illuminating the dark web
 
Dark web presentation
Dark web presentationDark web presentation
Dark web presentation
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark Web
 
Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)
 
Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep web
 
HTTPS
HTTPSHTTPS
HTTPS
 
Dw communication
Dw communicationDw communication
Dw communication
 
Visual hacking (ec)
Visual hacking (ec)Visual hacking (ec)
Visual hacking (ec)
 
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
 
Scuba diving into The Deep Dark Web
Scuba diving into The Deep Dark WebScuba diving into The Deep Dark Web
Scuba diving into The Deep Dark Web
 
Deep Web
Deep WebDeep Web
Deep Web
 
Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar ancha
 
Darknet
DarknetDarknet
Darknet
 
Rolling in the Deep. ISACA.SV.2016
Rolling in the Deep. ISACA.SV.2016Rolling in the Deep. ISACA.SV.2016
Rolling in the Deep. ISACA.SV.2016
 
Deep web
Deep webDeep web
Deep web
 
Cyber intelligence-services
Cyber intelligence-servicesCyber intelligence-services
Cyber intelligence-services
 
A visit to the darknet
A visit to the darknetA visit to the darknet
A visit to the darknet
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
 

Similar to Demystifying the Dark Web

The Dark Web : Hidden Services
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden ServicesAnshu Singh
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Stephen Abram
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and PrivacyBrian Pichman
 
Dark Web Presentation.pptx
Dark Web Presentation.pptxDark Web Presentation.pptx
Dark Web Presentation.pptxAbhinavRaj219245
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Marcus Leaning
 
2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous Communication2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous CommunicationFabio Pietrosanti
 
Tor the onion router
Tor   the onion routerTor   the onion router
Tor the onion routerJapneet Singh
 
Deep Web and TOR Browser
Deep Web and TOR BrowserDeep Web and TOR Browser
Deep Web and TOR BrowserArjith K Raj
 
Team4_DeepDarkWeb the reality of dark web
Team4_DeepDarkWeb the reality of dark webTeam4_DeepDarkWeb the reality of dark web
Team4_DeepDarkWeb the reality of dark webIkramUlhaq401878
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud preventionYury Leonychev
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014  Internet Anonymity Using TorAcpe 2014  Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorJack Maynard
 

Similar to Demystifying the Dark Web (20)

The Dark Web : Hidden Services
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden Services
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)
 
Deep Web
Deep WebDeep Web
Deep Web
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and Privacy
 
Dark Web.pptx
Dark Web.pptxDark Web.pptx
Dark Web.pptx
 
Dark Web.pptx
Dark Web.pptxDark Web.pptx
Dark Web.pptx
 
Dark Web Presentation.pptx
Dark Web Presentation.pptxDark Web Presentation.pptx
Dark Web Presentation.pptx
 
dark-web-and-cybercrime.pdf
dark-web-and-cybercrime.pdfdark-web-and-cybercrime.pdf
dark-web-and-cybercrime.pdf
 
ToR - Deep Web
ToR -  Deep Web ToR -  Deep Web
ToR - Deep Web
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR
 
2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous Communication2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous Communication
 
Darknet
DarknetDarknet
Darknet
 
Dark net (escalona)
Dark net (escalona)Dark net (escalona)
Dark net (escalona)
 
Tor the onion router
Tor   the onion routerTor   the onion router
Tor the onion router
 
Deep Web and TOR Browser
Deep Web and TOR BrowserDeep Web and TOR Browser
Deep Web and TOR Browser
 
Team4_DeepDarkWeb the reality of dark web
Team4_DeepDarkWeb the reality of dark webTeam4_DeepDarkWeb the reality of dark web
Team4_DeepDarkWeb the reality of dark web
 
How to build corporate size fraud prevention
How to build corporate size fraud preventionHow to build corporate size fraud prevention
How to build corporate size fraud prevention
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014  Internet Anonymity Using TorAcpe 2014  Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using Tor
 
Ali shahbazi khojasteh - deep web
Ali shahbazi khojasteh - deep webAli shahbazi khojasteh - deep web
Ali shahbazi khojasteh - deep web
 

Recently uploaded

Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxLeveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxVotarikari Shravan
 
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31shyamraj55
 
LF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIELF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIEDanBrown980551
 
IT Nation Evolve event 2024 - Quarter 1
IT Nation Evolve event 2024  - Quarter 1IT Nation Evolve event 2024  - Quarter 1
IT Nation Evolve event 2024 - Quarter 1Inbay UK
 
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, GoogleISPMAIndia
 
My Journey towards Artificial Intelligence
My Journey towards Artificial IntelligenceMy Journey towards Artificial Intelligence
My Journey towards Artificial IntelligenceVijayananda Mohire
 
The Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolThe Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolProduct School
 
Dynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineeringDynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineeringMassimo Talia
 
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaBuilding Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaISPMAIndia
 
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...Product School
 
"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor FesenkoFwdays
 
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Product School
 
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes", Volodymyr TsapFwdays
 
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)François
 
Enterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book ReviewEnterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book ReviewAshraf Fouad
 
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)Jay Zhao
 
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions..."How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...Fwdays
 
Act Like an Owner, Challenge Like a VC by former CPO, Tripadvisor
Act Like an Owner,  Challenge Like a VC by former CPO, TripadvisorAct Like an Owner,  Challenge Like a VC by former CPO, Tripadvisor
Act Like an Owner, Challenge Like a VC by former CPO, TripadvisorProduct School
 
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...Product School
 
Battle of React State Managers in frontend applications
Battle of React State Managers in frontend applicationsBattle of React State Managers in frontend applications
Battle of React State Managers in frontend applicationsEvangelia Mitsopoulou
 

Recently uploaded (20)

Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxLeveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
 
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
 
LF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIELF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIE
 
IT Nation Evolve event 2024 - Quarter 1
IT Nation Evolve event 2024  - Quarter 1IT Nation Evolve event 2024  - Quarter 1
IT Nation Evolve event 2024 - Quarter 1
 
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google
 
My Journey towards Artificial Intelligence
My Journey towards Artificial IntelligenceMy Journey towards Artificial Intelligence
My Journey towards Artificial Intelligence
 
The Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolThe Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product School
 
Dynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineeringDynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineering
 
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaBuilding Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
 
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
 
"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko
 
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
 
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
 
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
 
Enterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book ReviewEnterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book Review
 
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
 
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions..."How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
 
Act Like an Owner, Challenge Like a VC by former CPO, Tripadvisor
Act Like an Owner,  Challenge Like a VC by former CPO, TripadvisorAct Like an Owner,  Challenge Like a VC by former CPO, Tripadvisor
Act Like an Owner, Challenge Like a VC by former CPO, Tripadvisor
 
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
 
Battle of React State Managers in frontend applications
Battle of React State Managers in frontend applicationsBattle of React State Managers in frontend applications
Battle of React State Managers in frontend applications
 

Demystifying the Dark Web

  • 1. What is the Dark Web? A 6point6 Cyber Labs Briefing
  • 2. What is the Dark Web - Overview • Why should we care about the Dark Web? • What is the Dark Web? • How does an attacker use the Dark Web? • What’s available on there? • How does it work? • Demo • Failings of the Dark Web • Positives from the Dark Web • Summary and close
  • 3. Why should we care about the Dark Web? • Attacks need to be planned and carried out with a high degree of privacy and secrecy to be able to succeed • Attackers need: • A secret environment where they can sell/trade stolen data and information • A secret environment where they can hire services (botnets, identity theft, targeted info attacks) • Existing networks and forums on the Internet are known and monitored • New networks and forums on the Internet are easily discovered and traced The Dark Web can be used to address Internet design flaws that hinder cyber attacks
  • 4. What is the Dark Web? • Like the Internet, the Dark Web is composed of web sites providing various services • There are forums, email providers – even search engines • Unlike the Internet, the Dark Web: • Needs special client tools to access • Provides encryption and anonymity as part of it’s access • Is very difficult to trace and track who owns and operates a site • There is no one single Dark Web – there are multiple networks using specific clients • The two most popular are TOR and I2P Similar yet Different - Comparison to the regular Internet
  • 5. How does an attacker use the Dark Web? • Reconnaissance • Attackers can use forums and search engines to look for (and share) existing information on their target • Probes • Easy to launch probing attacks against a target • Distraction attacks • Ideal for launching Denial of Service (DoS) attacks from hired botnets • Compromise • Phishing emails and actual hacks can be launched from Dark Web hosted servers • Storage • Stolen data can be stored, shared and sold on secure Dark Web markets The anonymous, difficult to trace capabilities makes it ideal for Cyber attacks
  • 6. What is available on the Dark Web? • Botnets • Cryptocurrency (Bitcoin etc.) services • Legal and Illegal markets • Hacking groups and services • Fraud services • Hoaxes and unverified content • Phishing and scams • Puzzles • Illegal pornography • Terrorism • Social media • Activism A range of services, many of which have good reason to hide
  • 7. How does the Dark Web work? We’ll use TOR – The Onion Router – as an example End User running TOR Client TOR Nodes Internet connected computers running TOR software Internet Website Hidden TOR website Encrypted traffic Unencrypted traffic
  • 8. Demo – How to access the Dark Web • Using the TOR Browser Bundle • https://www.torproject.org/projects/torbrowser.html.en • Accessing a Dark Web search engine • http://xmh57jrzrnw6insl.onion/ • Have a look at DeepMart, a market for cloned cards and DDoS services • http://deepmar57fbonfiw.onion/ A quick walk tour
  • 9. The Dark Web doesn’t provide perfect secrecy • 2013: The original Dark Web drugs market, Silk Road, was taken offline by the FBI after the administrator re-used his login details on a coding help forum: • https://en.wikipedia.org/wiki/Silk_Road_(marketplace) • 2017: The FBI working with Interpol to breach AlphaBay, the largest drugs and hacking marketplace on the Dark Web, by attacking it’s messaging system: • https://www.fbi.gov/news/stories/alphabay-takedown • 2018: Dutch police took down Hansa, a Dark Web drugs market place – using the same techniques we will show you later • https://www.wired.com/story/hansa-dutch-police-sting- operation/ Coding errors and password re-use cause the hackers problems too
  • 10. Positives from the Dark Web • A constant source of innovation, providing improvements in: • Security • Privacy • Encryption • Fault tolerance • Returns control of personal data back to individuals • Pushing improvements in website design and usability • Sites are more customer friendly while tackling difficult issues of trust and identity • What works for criminals also works for law enforcement and human rights activists: secrecy and security As with all technology, there are good and bad ways to apply it
  • 11. Summary • Just another group of services on the open Internet • Accessed by dedicated tools • These tools provide privacy and encryption • Ideal to hide illegal groups and services • Ideal place for cyber attackers to share data and communicate • Has an important role as a Command and Control channel for hostile cyber actors The Dark Web is: