The document provides an overview of the dark web, including why attackers use it, what is available on it, how it works, and its positives and negatives. The dark web allows for anonymous planning and execution of cyber attacks through secret forums to sell stolen data and hire criminal services. While it provides innovation in security and privacy, it is also used for illegal activities and hacking due to its anonymity.
HTML Injection Attacks: Impact and Mitigation Strategies
Demystifying the Dark Web
1. What is the Dark Web?
A 6point6 Cyber Labs Briefing
2. What is the Dark Web - Overview
• Why should we care about the Dark Web?
• What is the Dark Web?
• How does an attacker use the Dark Web?
• What’s available on there?
• How does it work?
• Demo
• Failings of the Dark Web
• Positives from the Dark Web
• Summary and close
3. Why should we care about the Dark Web?
• Attacks need to be planned and carried out with a high
degree of privacy and secrecy to be able to succeed
• Attackers need:
• A secret environment where they can sell/trade stolen data and
information
• A secret environment where they can hire services (botnets,
identity theft, targeted info attacks)
• Existing networks and forums on the Internet are known
and monitored
• New networks and forums on the Internet are easily
discovered and traced
The Dark Web can be used to address Internet design flaws that hinder cyber attacks
4. What is the Dark Web?
• Like the Internet, the Dark Web is composed of web sites
providing various services
• There are forums, email providers – even search engines
• Unlike the Internet, the Dark Web:
• Needs special client tools to access
• Provides encryption and anonymity as part of it’s access
• Is very difficult to trace and track who owns and operates a site
• There is no one single Dark Web – there are multiple
networks using specific clients
• The two most popular are TOR and I2P
Similar yet Different - Comparison to the regular Internet
5. How does an attacker use the Dark Web?
• Reconnaissance
• Attackers can use forums and search engines to look for (and
share) existing information on their target
• Probes
• Easy to launch probing attacks against a target
• Distraction attacks
• Ideal for launching Denial of Service (DoS) attacks from hired
botnets
• Compromise
• Phishing emails and actual hacks can be launched from Dark
Web hosted servers
• Storage
• Stolen data can be stored, shared and sold on secure Dark Web
markets
The anonymous, difficult to trace capabilities makes it ideal for Cyber attacks
6. What is available on the Dark Web?
• Botnets
• Cryptocurrency (Bitcoin etc.) services
• Legal and Illegal markets
• Hacking groups and services
• Fraud services
• Hoaxes and unverified content
• Phishing and scams
• Puzzles
• Illegal pornography
• Terrorism
• Social media
• Activism
A range of services, many of which have good reason to hide
7. How does the Dark Web work?
We’ll use TOR – The Onion Router – as an example
End User running TOR Client
TOR Nodes
Internet connected
computers running TOR
software
Internet Website
Hidden TOR website
Encrypted traffic
Unencrypted traffic
8. Demo – How to access the Dark Web
• Using the TOR Browser Bundle
• https://www.torproject.org/projects/torbrowser.html.en
• Accessing a Dark Web search engine
• http://xmh57jrzrnw6insl.onion/
• Have a look at DeepMart, a market for cloned cards and
DDoS services
• http://deepmar57fbonfiw.onion/
A quick walk tour
9. The Dark Web doesn’t provide perfect
secrecy
• 2013: The original Dark Web drugs market, Silk Road, was
taken offline by the FBI after the administrator re-used
his login details on a coding help forum:
• https://en.wikipedia.org/wiki/Silk_Road_(marketplace)
• 2017: The FBI working with Interpol to breach AlphaBay,
the largest drugs and hacking marketplace on the Dark
Web, by attacking it’s messaging system:
• https://www.fbi.gov/news/stories/alphabay-takedown
• 2018: Dutch police took down Hansa, a Dark Web drugs
market place – using the same techniques we will show
you later
• https://www.wired.com/story/hansa-dutch-police-sting-
operation/
Coding errors and password re-use cause the hackers problems too
10. Positives from the Dark Web
• A constant source of innovation, providing improvements
in:
• Security
• Privacy
• Encryption
• Fault tolerance
• Returns control of personal data back to individuals
• Pushing improvements in website design and usability
• Sites are more customer friendly while tackling difficult
issues of trust and identity
• What works for criminals also works for law enforcement
and human rights activists: secrecy and security
As with all technology, there are good and bad ways to apply it
11. Summary
• Just another group of services on the open Internet
• Accessed by dedicated tools
• These tools provide privacy and encryption
• Ideal to hide illegal groups and services
• Ideal place for cyber attackers to share data and
communicate
• Has an important role as a Command and Control
channel for hostile cyber actors
The Dark Web is: