Rolling in the Deep. ISACA.SV.2016
-
Upload
bich-chu-evelyn -
Category
Documents
-
view
87 -
download
2
Transcript of Rolling in the Deep. ISACA.SV.2016
The Deep Web, Dark Web
Christian Back | Jennifer Chien Bich Chu (Evelyn) | Lingman Guo Manpreet Singh
Rolling in the Deep
1 Introduction 1.1 Surface Web, Deep Web, and Dark Web 1.2 The Onion Router (TOR)
2 Benefits of Using the Deep Web
3 Bitcoin
4 Risk of Using the Deep Web
Agenda
Layers of the Web❖ Surface Web: Also known as Visible Web, Clearnet, Indexed Web
- Searchable content with ordinary search engines. Ex: Google It
❖ Deep Web: Also known as the Deepnet, Invisible Web, Hidden web
- Contents not indexed by standard search engines
- Common Uses: Web Mail, Online Banking, Ex: Netflix Video Content
❖ Dark Web: A small part of the DeepWeb
- Available through virtual overlay networks or Onion Networks Ex: Tor,
FreeNet, i2P (Silkroad Example)
Regular Web Browsing
❖ Your assigned IP address gives away your physical location
❖ Many companies collect your digital footprints and personal information for target advertising and much more!
Picture source: cyberbullying.us
How Google Auto-detect Your Location?
According to Google:
“If you don't set your location, Google shows an approximate location based on the following things to help provide you with the most relevant results:
❖ Your IP address.❖ Your Location History if you
have it turned on. ❖ Google Toolbar's My Location
feature if it’s turned on.❖ Recent locations you’ve
searched for.”
Source: Google.com - change location on Google
U.S. Naval Research Lab
Anonymous communication
The Free Haven Project
Increase freedom of informationThe Onion RouterPicture Source:Torproject.org
How Tor Works❖ Virtual Overlaying Network
❖ Hard to trace the data back to
original user
❖ Uses volunteer nodes to reroute
and conceal user IP address
❖ Envelope encryption example
❖ The riskiest node - Exit node
Picture Source:Infographic
Leave No Trace: TOR Alternatives
❖ The Invisible Internet Project (I2P) - “A network within a network”
❖ Trails - Linux based live operating system
❖ Freenet - Allows people to share files and communicate anonymously
Who uses TOR?❖ Journalists - Whistleblowers sites & Securedrop
❖ Political Activist
❖ Researchers
❖ Law enforcement - NSA
❖ Hackers
❖ Businesses - HR for background check
❖ Everyday Individuals for privacy enhancement tool
Individual BenefitsAn anonymous and private online experience is of value to many people
❖ Information flow for citizens of highly censored countries Ex: China
❖ Anonymity for anyone searching sensitive information Ex: Disease
❖ Safe haven for activists leaking info. Ex: Snowden
❖ Anonymous transactions Ex: Silkroad, BitCoin
Picture Source: Andy Greenberg, Forbes.com
Picture Source: https://whispersystems.org/
Picture Source: https://leap.se/en
Rolling in the Deep Web
Picture Source: securedrop.propublica.org
❖ Dark Web ❖ The Bright side
Individual Benefit - Freedom of Information
Censored Content: Chinese Government
❖ 18,000 Websites Blocked
❖ 12 of top 100 Global Websites (G-mail)
❖ Taiwanese and Tibetan Independence Movements
❖ Foreign Media Websites (BBC, Bloomberg News, New York
Times)
Individual Benefit - Freedom of Information
❖ Facebook is available through Tor- Oct. 2014
- Ramped-up privacy
- Locked out issues solved
- Used .onion URL
Business Benefits - Enterprise Use
❖ Cyber Security Companies (Digital Shadow)
❖ Media Outlets (Vice & Al Jazeera)
❖ Drug Firms
❖ Consulting Companies (Bright Planet)
Bright Planet
❖ Collect and analyze Deep Web content at Big Data scale
❖ Enrich and harvest data to give customers output that becomes
usable
❖ Beneficiary:
- Pharmaceutical Community
- HR Staffing Company
Google Search v.s. Deep Web Harvesting ❖ Search v.s. Harvesting
- How late is Burger King open?
- Who is selling my products fraudulently online?
❖ Mentions v.s. Page Changes
- Why it matters?
- Monitor and track changes on existing pages
- Receive real time alerts
❖ Define Your Own Dataset
Bitcoin● First described in 1998, first
published in 2009.● New payment method which only
used cryptocurrency.● Decentralized peer-to-peer
payment network.● Nobody owns the Bitcoin
network--all of worldwide users control the network.
Still confused about what is Blockchain?Blockchain-Public Ledger: Everyone on the network keeps a record of the transaction.
Cannot manipulate the transaction value because it would not sync up with everybody else.
Downside❖ Transaction malleability: an attack that lets someone change the unique ID of
a bitcoin transaction before it is confirmed on the bitcoin network.
❖ Use in illegal transaction: Apple ransomware.
❖ Fluctuation wildly in value
Risks of using the Deep web❖ Unregulated access to criminal
information
❖ Simplifies monetization of Corporate
IP/Personal Identifiable Information
❖ Trade of zero-day Malware
Picture Source: wordpress.org, 2013 SQA
2015: Ashley Madison was Hacked❖ 25gb of company data leaked by a group of hackers known as ‘The Impact
Team’
❖ Credit Card Transaction data, including full names and addresses
❖ GPS Coordinates
❖ Email addresses compromised➢ Lack of email verification lead to public media vilifying massive amounts of .gov and .mil
Take-away Message
The Deep Web is a neutral
environment for anonymous
communication,
and its impact on businesses
and societies are defined
the user's intent.
ContactsChristian Back (408) 960 - 9037
Bich Chu(408) 688 - 6109
Jennifer Chien(408) 887 - 7609
Lingman Guo(650) 666 - 5600
Manpreet Singh (408) 881 - 4564
❖ Unidirectional tunnels instead of bidirectional circuits, doubling the number
of nodes a peer has to compromise to get the same information.
❖ Essentially all peers participate in routing for others.
❖ Tunnels in I2P are short lived, decreasing the number of samples that an
attacker can use to mount an active attack with, unlike circuits in Tor, which
are typically long lived.
Appendix: I2p
Appendix:Tails❖ Linux based live operating system that
works on most computers
❖ Tails OS can be booted from most
devices like DVD, USB or SD card
❖ Main benefit of Tails is built-in-
preconfigured applications for web
browsers
❖ It leaves no evidence -- Route all
traffic through Tor
Picture Source: Deepbotweb
References
https://www.digitalfirst.com/bitcoin-transform-accounting-know/
https://bitcoin.org/en/faq
http://www.coindesk.com/bitcoin-bug-guide-transaction-malleability/
https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-
secure/1526085754298237ies
https://teksecurityblog.com/blog/2015/04/13/hacked-how-safe-is-your-data-on-adult-social-sites/
http://www.wired.com/2015/04/therealdeal-zero-day-exploits/
http://motherboard.vice.com/read/hell-forum-dark-web-hacking-site
http://darkmatters.norsecorp.com/2015/04/07/a-buyers-guide-to-stolen-data-on-the-deep-web/
https://www.linkedin.com/pulse/look-hacker-landscape-debraj-ghosh-phd-mba
https://geti2p.net/en/comparison/tor
http://cybersecurityventures.com/cybersecurity-market-report/