SlideShare une entreprise Scribd logo

Cybercrime In The Deep Web

Trend Micro
Trend Micro

All content not indexed by traditional web-based search engines is known as the DeepWeb. Wrongly been associated only with the Onion Routing (TOR), the DeepWeb's ecosystem comprises a number of other anonymous and decentralized networks. The Invisible Internet Project (I2P), FreeNET, and Alternative Domain Names (like Name.Space and OpenNic) are examples of networks leveraged by bad actors to host malware, high-resilient botnets, underground forums and bitcoin-based cashout systems (e.g., for cryptolockers). We designed and implemented a prototype system called DeWA for the automated collection and analysis of the DeepWeb, with the goal of quickly identifying new threats as soon they appear. In this talk, we provide concrete examples of how using DeWA to detect, e.g., trading of illicit and counterfeit goods, underground forums, privacy leaks, hidden dropzones, malware hosting and TOR-based botnets.

Technologie
1  sur  67
Télécharger pour lire hors ligne
Cybercrime In The Deep Web Marco Balduzzi, Vincenzo Ciancaglini Black Hat Europe 2015 1
Dr. Vincenzo CIANCAGLINI ◎ M.Sc. in Telecommunication Engineering ◎ Ph.D. in Computer Networking, Peer to peer networks and next generations protocols ◎ 10+ years experience in R&D ◎ Sr. Research Scientist for Trend Micro ◎ Development of novel proof of concepts and complex systems About us Dr. Marco BALDUZZI ◎ MSc in Computer Engineering ◎ Ph.D. in System Security with ~15 peer-reviewed papers ◎ 13+ years experience in IT Security -- Consultant, engineer and researcher ◎ Turned my hobby into my profession ◎ Sr. Research Scientist for Trend Micro ◎ Bridge scientific research and industry needs ◎ Veteran speaker in major conferences with 50+ talks 2
Roadmap ◎Introduction ◎Deep Web Analyzer (DeWA) ○ Data collection ○ Data enrichment ○ Storage and indexing ◎Illegal Trading ◎Data Analysis ◎Malware ◎Conclusions 3
◎Deep Web: Internet not indexed by traditional search engines. ◎Dark Net: Private overlay network. ◎Dark Web: WWW hosted on Dark Nets. 4
“ The Deep Web is vast. Thousands of times larger than the surface web. Alex Winter, Deep Web Documentary, 2015 5
“ The Deep Web is vast. Thousands of times larger than the surface web. Alex Winter, Deep Web Documentary, 2015 6
◎ Infrastructure resilient to LE takedowns ◎ Marketplaces for cybercrime goods ◎ Safe haven for information exchange and coordination Our research focus Dark Web • TOR • I2P • Freenet Custom DNS • Namecoin • Emercoin Rogue TLDs • Cesidian Root • OpenNIC • NewNations • … 7
TOR ◎ First alpha in 2002 ◎ Initially used to browse anonymously the Surface Web ◎ Hidden services -> effective Dark Web ◎ Onion routing: multihop routing with with host key encryption. 8
◎ First beta in 2003 ◎ Full Dark Net, no anonymous browsing to the Surface Web ◎ Garlic routing: multiple encrypted tunnels, multiple layers of encryption (transport, tunnel, path) I2P 9
◎ Oldest one: summer of 1999 (father of I2P) ◎ Content distribution and discovery, no service hosting ◎ Gossip protocol to lookup a resource (i.e. web page) Freenet 10
Namecoins, Emercoins ◎Blockchain-based domain name server ◎Think bitcoins, but instead of payment transactions, DNS registrar transaction ◎Distributed ◎Decentralised ◎No regulating institution 11
RogueTLDs & PrivateDNSes Plain old DNS, but with custom servers Custom registrars Custom domains 12
Roadmap ◎Introduction ◎Deep Web Analyzer (DeWA) ○ Data collection ○ Data enrichment ○ Storage and indexing ◎Illegal Trading ◎Data Analysis ◎Malware ◎Conclusions 13
System Overview 14
Data Sources User data Pastebin sites Twitter (1% feed) Reddit URL listing sites TOR gateways I2P host files Scouting feedback 15
Deep Web Gateway Privoxy + TOR anonymizer Squid transparent proxy Polipo + TOR 64 instances I2P Freenet Custom DNS resolver Namecoin DNS rogueTLD DNS Cesidian root Opennic NameSpace … 16
Page Scouting Headless browser HAR Log Page DOM Screen shot Title Text Metadata Raw HTML Links Email Bitcoin Wallets 17
Headless Browser ◎ Scrapinghub's Splash ◎ QTWebkit browser ◎ Dockerized ◎ LUA scriptable ◎ Full HTTP traces ◎ Crawler based on Python's Scrapy + multiprocess + Splash access ◎ Headers rewrite ◎ Shared queue support ◎ Har log -> HTTP redirection chain ◎ Extract links, emails, bitcoin wallets 18
Data Enrichment Embedded links classification (WRS) •Surface Web links •Classification and categorisation Page translation •Language detection •Non-English to English Significant wordcloud •Semantic clustering •Custom algorithm 19
Significant Wordcloud Page text Tokenization Filtering Semantic distance matrix Hierarchical clustering Cluster label and popularity Word cloud Scrap text from HTML, clean up, strip spaces… Create list of (word, frequency) pairs Keep only substantives How “far” are words from one another? Group similar words Label clusters, sum frequencies Draw using summed frequencies 20
Example: Russian Forum 21
Collected Data ◎Running since 11/2013 (2 years) ◎40.5 M Events ◎611,000 URLs ◎20,500 domains 22
“ Demo time! 23
Roadmap ◎Introduction ◎Deep Web Analyzer (DeWA) ○ Data collection ○ Data enrichment ○ Storage and indexing ◎Illegal Trading ◎Data Analysis ◎Malware ◎Conclusions 24
Guns 25
Drugs! Drugs! Drugs! 26
Passports and Fake IDs 27
Counterfeit Money 28
Credit Cards 29 ◎ Higher balance = higher price
Paypal & Ebay Stolen Accounts 30
Doxing 31
Assassins 32
Crowdfunding evil 33
Roadmap ◎Introduction ◎Deep Web Analyzer (DeWA) ○ Data collection ○ Data enrichment ○ Storage and indexing ◎Illegal Trading ◎Data Analysis ◎Malware ◎Conclusions 34
◎ By publicly sourced URLs Protocols (no HTTP/S) 35 172 17 7
Active Portscan 36 IRC IRCS SSH 49 31 855 #freeanons 15 [+Cnt] This channel is created to support arrested Anons and act with solidarity in Anons. No MoneyFags, No Famefags, No PowerManiacs, No LeaderFags! Another Anons was arrested in France: http://www.ladepeche. fr/article/2015/10/10/2194982-enquete-de-la-dgsi-sur-du-piratage-informatique.html * - We are based on anarchistic control so nobody haz power certainly not power over the servers or * - domains who ever says that this or that person haz power here, are trolls and mostly agents of factions * - that haz butthurt about the concept or praxis where the CyberGuerrilla Anonymous Nexus stands for.
Languages per domain 37
Languages per domain (2) 38
http://wyzn2fvcztadictl.onion:80/viewtopic.php?pid=16452 French forum: Weapon sale 39
Pages Embedding Suspicious Links 40
Email Identification 41
bankofamerica@mail2tor 42
Exilio forum 1/2 43 http://ogatl57cbva6tncg.onion:80/index.php ?t=msg&th=833&goto=4445&#msg_4445
Exilio forum 2/2 44
Automated Bitcoin Identification 1200+ bitcoin wallets found in our data (not counting the obfuscated ones) 45
http://tumbly5lisxnjozd.onion:80/ Bitcoin Tumblers 46
http://tfsux6hiihj7qvxh.onion:80/ Bitcoin Multiplier 1/2 47
Bitcoin Multiplier 2/2 48
Roadmap ◎Introduction ◎Deep Web Analyzer (DeWA) ○ Data collection ○ Data enrichment ○ Storage and indexing ◎Illegal Trading ◎Data Analysis ◎Malware ◎Conclusions 49
Malware: Its adoption in the Deep Web ◎ Modern malware is network-dependent ◎ @ infection-time: Exploit kits ◎ @ propagation-time: 2nd stage malware ◎ @ operational-time: C&C servers ◎ Goals : ◎ Make botnets resilient against LEA operations, e.g. takedowns ◎ Conceal payment pages ◎ Untraceable money transfers ◎ Additional readings: ◎ Brown in Defcon 18 ◎ Hunting Down Malware on the Deep Web (infosec institute) 50
SkyNet ◎ Malware with DDoS, bitcoin mining and banking capabilities (©G-Data/Rapid7) ◎ ZeuS bot ◎ Bitcoin mining tool (CGMiner) ◎ GPU libraries for hash cracking ◎ TOR client per Windows ◎ Use /gate.php as landing page to store the harvested credentials ◎ Path monitoring …. 51
SkyNet: Dynamic TOR-based C&Cs 52
Dyre Banking Trojan ◎ BHO that MiTMs online-banking pages at browser-level ◎ Back-connects from victim to attacker (kind-of reverse-shell approach) ◎ DGA generation of C&C domains on Clearnet ◎ Use I2P as backup option (:80/443) ◎ nhgyzrn2p2gejk57wveao5kxa7b3nhtc4saoonjpsy65mapycaua.b32.i2p (already known to SecureWorks on 17 December 2014) ◎ oguws7cr5xvl5jlrhyxjktcdi2d7k5cqeulu4mdl75xxfwmhgnsq.b32.i2p ◎ 4nhgyzrn2p2gejk57wveao5kxa7b3nhtc4saoonjpsy65mapycaua.b32.i2p 53
Dyre’s Infection Evolution 54
Vawtrack Banking Trojan 55 ◎ Spreads via phishing emails ◎ C&C servers (IPs) are retrieved by downloading the ‘favicon.ico’ icon-file from websites hosted on the TOR network ◎ IPs are steganographically hidden
Vawtrack Banking Trojan (cont.) ◎ Runs ‘openresty/1.7.2.1’ as web-server ◎ Return code on ‘favicon.ico’ is 403 Forbidden ◎ `ws=‘openresty1.7.2.1’ && ∃(‘favicon.ico’) && retcode=403` returns a list of 23: 56
Vawtrack Banking Trojan (cont.) 57
Ransomware in the Deep Web ◎ Ransomware seem to love the Deep Web ◎ It provides a hidden and robust “framework” for cashouts and illicit money transfers 58
59 TorrentLocker ◎ A variant of cryptolocker ◎ Payment page hosted in the Deep Web ◎ Cashout via Bitcoins
TorrentLocker (cont.) ◎ Malware generates univocal IDs ◎ wzaxcyqroduouk5n.onion/axdf84v.php/ user_code=qz1n2i&user_pass=9019 ◎ wzaxcyqroduouk5n.onion/o2xd3x.php/user_code=8llak0&user_pass=6775 ◎ Tracking on specific query string’s parameters ◎ path=’/[a-z0-9]{6}.php/user_code=[a-z0-9]{6}&user_pass=[0-9]{4}’ 60
Breakdown by victims and country 61
NionSpy ◎ Steals confidential information like keystrokes, passwords and private documents ◎ Records video and audio, suitable for espionage programs ◎ Detection Feature: ◎ Popularity in the number of values associated to parameters (in the query string) 62
Automated Detection 63
NionSpy: GET’s query string analysis ◎ xu experienced a quick surge in popularity: 1700+ values ◎ si.php?xu=%e0%ee%a8%e5%f2%e9%e5%e4%f2[...] ◎ URL-encoded binary blob representing the leaked data ◎ si.php?xd={“f155”:“MACHINE_IP”, “f4336”: “MACHINE_NAME”,“f7035”:“5.9.1.1”,“f1121”: “windows”,“f2015”:“1”} ◎ Reports a new infection 64
NionSpy: New victims and leakages ◎ Blue (xd): # of new victims / day ◎ Green (xu): amount of leaked information (bytes) 65
Black Hat Sound Bytes ◎ We built a system for data collection and analysis in the Deep Web. ◎ We used it to quickly identify cybercriminal activities, such as trading of illegal goods, underground marketplaces, scams and malware infrastructures. ◎ We run it operationally and automatically to detect new threats. 66
Thanks! Q&A time... Marco Balduzzi -- @embyte Vincenzo Ciancaglini -- @ziovic 67

Recommandé

Deep web and Dark web
Deep web and Dark webDeep web and Dark web
Deep web and Dark webParvez Hossain
 
Dark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developmentsDark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developmentsAndres Baravalle
 
The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?Pierluigi Paganini
 
The dark web
The dark webThe dark web
The dark webBella M
 
Introduction To Dark Web
Introduction To Dark WebIntroduction To Dark Web
Introduction To Dark WebAdityakumar Yadav
 
Cybersecurity and the DarkNet
Cybersecurity and the DarkNetCybersecurity and the DarkNet
Cybersecurity and the DarkNetJames Bollen
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark WebMiteshWani
 
Dark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniDark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniPraneshKulkarni22
 

Recommandé

Deep web and Dark web
Deep web and Dark webDeep web and Dark web
Deep web and Dark webParvez Hossain
 
Dark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developmentsDark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developmentsAndres Baravalle
 
The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?Pierluigi Paganini
 
The dark web
The dark webThe dark web
The dark webBella M
 
Introduction To Dark Web
Introduction To Dark WebIntroduction To Dark Web
Introduction To Dark WebAdityakumar Yadav
 
Cybersecurity and the DarkNet
Cybersecurity and the DarkNetCybersecurity and the DarkNet
Cybersecurity and the DarkNetJames Bollen
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark WebMiteshWani
 
Dark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniDark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniPraneshKulkarni22
 
The Deep and Dark Web
The Deep and Dark WebThe Deep and Dark Web
The Deep and Dark WebSwecha | స్వేచ్ఛ
 
The Dark Web
The Dark WebThe Dark Web
The Dark WebSuraj Jaundoo
 
Deep web
Deep webDeep web
Deep webAbu Kaisar
 
Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchavinod kumar
 
The Dark Web
The Dark WebThe Dark Web
The Dark Webjamiecornista
 
Dark web
Dark webDark web
Dark webaakshidhingra
 
Dark web
Dark webDark web
Dark webNikki Noveno
 
Deep web
Deep webDeep web
Deep webMayank Chaudhari
 
The Dark side of the Web
The Dark side of the WebThe Dark side of the Web
The Dark side of the WebPaula Ripoll Cacho
 
Deep web power point presentation
Deep web power point presentationDeep web power point presentation
Deep web power point presentationalbafg55
 
The Dark Web
The Dark WebThe Dark Web
The Dark WebJan Siy
 
Dark Web
Dark WebDark Web
Dark WebKunalDas889957
 
Deep Web - what to do and what not to do
Deep Web - what to do and what not to do Deep Web - what to do and what not to do
Deep Web - what to do and what not to do Cysinfo Cyber Security Community
 
Deep and Dark Web
Deep and Dark WebDeep and Dark Web
Deep and Dark WebMd. Nazmus Shakib Robin
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
PPT dark web
PPT dark webPPT dark web
PPT dark webjitiyaashwin
 
Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?Anshu Prateek
 
Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep webKhaled Sany
 
Dark wed
Dark wedDark wed
Dark wedAraVind Pillai
 
Dark web
Dark webDark web
Dark webSafwan Hashmi
 
Cyber-crime and attacks in the dark side of the web - Marco Balduzzi - Codemo...
Cyber-crime and attacks in the dark side of the web - Marco Balduzzi - Codemo...Cyber-crime and attacks in the dark side of the web - Marco Balduzzi - Codemo...
Cyber-crime and attacks in the dark side of the web - Marco Balduzzi - Codemo...Codemotion
 
Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...
Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...
Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...Codemotion
 

Contenu connexe

Tendances

Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchavinod kumar
 
Deep web power point presentation
Deep web power point presentationDeep web power point presentation
Deep web power point presentationalbafg55
 
The Dark Web
The Dark WebThe Dark Web
The Dark WebJan Siy
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?Anshu Prateek
 
Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep webKhaled Sany
 

Tendances (20)

The Deep and Dark Web
The Deep and Dark WebThe Deep and Dark Web
The Deep and Dark Web
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
 
Deep web
Deep webDeep web
Deep web
 
Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar ancha
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
 
Dark web
Dark webDark web
Dark web
 
Dark web
Dark webDark web
Dark web
 
Deep web
Deep webDeep web
Deep web
 
The Dark side of the Web
The Dark side of the WebThe Dark side of the Web
The Dark side of the Web
 
Deep web power point presentation
Deep web power point presentationDeep web power point presentation
Deep web power point presentation
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
 
Dark Web
Dark WebDark Web
Dark Web
 
Deep Web - what to do and what not to do
Deep Web - what to do and what not to do Deep Web - what to do and what not to do
Deep Web - what to do and what not to do
 
Deep and Dark Web
Deep and Dark WebDeep and Dark Web
Deep and Dark Web
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
 
PPT dark web
PPT dark webPPT dark web
PPT dark web
 
Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?
 
Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep web
 
Dark wed
Dark wedDark wed
Dark wed
 
Dark web
Dark webDark web
Dark web
 

Similaire à Cybercrime In The Deep Web

Cyber-crime and attacks in the dark side of the web - Marco Balduzzi - Codemo...
Cyber-crime and attacks in the dark side of the web - Marco Balduzzi - Codemo...Cyber-crime and attacks in the dark side of the web - Marco Balduzzi - Codemo...
Cyber-crime and attacks in the dark side of the web - Marco Balduzzi - Codemo...Codemotion
 
Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...
Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...
Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...Codemotion
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDebra Baker, CISSP CSSP
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksCyphort
 
CrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising DeckCrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising DeckCrowdSec
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityAbhimanyu Singh
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...OpenDNS
 
Security Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against ThemSecurity Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against ThemMartin Vigo
 
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerDEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerFelipe Prado
 
78751355 cryptomorphosis
78751355 cryptomorphosis78751355 cryptomorphosis
78751355 cryptomorphosisP-e-t-a-r
 
CSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha KranjacCSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha KranjacNCCOMMS
 
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Mender.io
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyb coatesworth
 
Conclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleGuardicore
 
Jesse Burke RDPwned HackMiami7
Jesse Burke RDPwned HackMiami7Jesse Burke RDPwned HackMiami7
Jesse Burke RDPwned HackMiami7Jesse Burke
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
HITCON 2015 - DGAs, DNS and Threat Intelligence
HITCON 2015 - DGAs, DNS and Threat IntelligenceHITCON 2015 - DGAs, DNS and Threat Intelligence
HITCON 2015 - DGAs, DNS and Threat IntelligenceJohn Bambenek
 

Similaire à Cybercrime In The Deep Web (20)

Cyber-crime and attacks in the dark side of the web - Marco Balduzzi - Codemo...
Cyber-crime and attacks in the dark side of the web - Marco Balduzzi - Codemo...Cyber-crime and attacks in the dark side of the web - Marco Balduzzi - Codemo...
Cyber-crime and attacks in the dark side of the web - Marco Balduzzi - Codemo...
 
Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...
Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...
Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value Attacks
 
CrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising DeckCrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising Deck
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet Anonymity
 
Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
 
Security Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against ThemSecurity Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against Them
 
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerDEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
 
78751355 cryptomorphosis
78751355 cryptomorphosis78751355 cryptomorphosis
78751355 cryptomorphosis
 
CSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha KranjacCSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
 
Honeypot Project
Honeypot ProjectHoneypot Project
Honeypot Project
 
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
 
Conclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at Scale
 
Jesse Burke RDPwned HackMiami7
Jesse Burke RDPwned HackMiami7Jesse Burke RDPwned HackMiami7
Jesse Burke RDPwned HackMiami7
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
HITCON 2015 - DGAs, DNS and Threat Intelligence
HITCON 2015 - DGAs, DNS and Threat IntelligenceHITCON 2015 - DGAs, DNS and Threat Intelligence
HITCON 2015 - DGAs, DNS and Threat Intelligence
 

Plus de Trend Micro

Industrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, VulnerabilitiesIndustrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, VulnerabilitiesTrend Micro
 
Investigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeInvestigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeTrend Micro
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Trend Micro
 
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Trend Micro
 
Skip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSSkip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSTrend Micro
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Trend Micro
 
Mobile Telephony Threats in Asia
Mobile Telephony Threats in AsiaMobile Telephony Threats in Asia
Mobile Telephony Threats in AsiaTrend Micro
 
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)Trend Micro
 
HBR APT framework
HBR APT frameworkHBR APT framework
HBR APT frameworkTrend Micro
 
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsCaptain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsTrend Micro
 
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryTrend Micro
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksTrend Micro
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest Texas[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest TexasTrend Micro
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesTrend Micro
 
Threat predictions 2011
Threat predictions 2011 Threat predictions 2011
Threat predictions 2011 Trend Micro
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryAssuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryTrend Micro
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 

Plus de Trend Micro (20)

Industrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, VulnerabilitiesIndustrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, Vulnerabilities
 
Investigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeInvestigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at Large
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
 
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
 
Skip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSSkip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWS
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
 
Mobile Telephony Threats in Asia
Mobile Telephony Threats in AsiaMobile Telephony Threats in Asia
Mobile Telephony Threats in Asia
 
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
 
HBR APT framework
HBR APT frameworkHBR APT framework
HBR APT framework
 
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsCaptain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
 
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep Discovery
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted Attacks
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
 
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest Texas[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
 
Threat predictions 2011
Threat predictions 2011 Threat predictions 2011
Threat predictions 2011
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep security
 
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryAssuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryption
 

Dernier

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 

Dernier (20)

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 

Cybercrime In The Deep Web

  • 1. Cybercrime In The Deep Web Marco Balduzzi, Vincenzo Ciancaglini Black Hat Europe 2015 1
  • 2. Dr. Vincenzo CIANCAGLINI ◎ M.Sc. in Telecommunication Engineering ◎ Ph.D. in Computer Networking, Peer to peer networks and next generations protocols ◎ 10+ years experience in R&D ◎ Sr. Research Scientist for Trend Micro ◎ Development of novel proof of concepts and complex systems About us Dr. Marco BALDUZZI ◎ MSc in Computer Engineering ◎ Ph.D. in System Security with ~15 peer-reviewed papers ◎ 13+ years experience in IT Security -- Consultant, engineer and researcher ◎ Turned my hobby into my profession ◎ Sr. Research Scientist for Trend Micro ◎ Bridge scientific research and industry needs ◎ Veteran speaker in major conferences with 50+ talks 2
  • 3. Roadmap ◎Introduction ◎Deep Web Analyzer (DeWA) ○ Data collection ○ Data enrichment ○ Storage and indexing ◎Illegal Trading ◎Data Analysis ◎Malware ◎Conclusions 3
  • 4. ◎Deep Web: Internet not indexed by traditional search engines. ◎Dark Net: Private overlay network. ◎Dark Web: WWW hosted on Dark Nets. 4
  • 5. “ The Deep Web is vast. Thousands of times larger than the surface web. Alex Winter, Deep Web Documentary, 2015 5
  • 6. “ The Deep Web is vast. Thousands of times larger than the surface web. Alex Winter, Deep Web Documentary, 2015 6
  • 7. ◎ Infrastructure resilient to LE takedowns ◎ Marketplaces for cybercrime goods ◎ Safe haven for information exchange and coordination Our research focus Dark Web • TOR • I2P • Freenet Custom DNS • Namecoin • Emercoin Rogue TLDs • Cesidian Root • OpenNIC • NewNations • … 7
  • 8. TOR ◎ First alpha in 2002 ◎ Initially used to browse anonymously the Surface Web ◎ Hidden services -> effective Dark Web ◎ Onion routing: multihop routing with with host key encryption. 8
  • 9. ◎ First beta in 2003 ◎ Full Dark Net, no anonymous browsing to the Surface Web ◎ Garlic routing: multiple encrypted tunnels, multiple layers of encryption (transport, tunnel, path) I2P 9
  • 10. ◎ Oldest one: summer of 1999 (father of I2P) ◎ Content distribution and discovery, no service hosting ◎ Gossip protocol to lookup a resource (i.e. web page) Freenet 10
  • 11. Namecoins, Emercoins ◎Blockchain-based domain name server ◎Think bitcoins, but instead of payment transactions, DNS registrar transaction ◎Distributed ◎Decentralised ◎No regulating institution 11
  • 12. RogueTLDs & PrivateDNSes Plain old DNS, but with custom servers Custom registrars Custom domains 12
  • 13. Roadmap ◎Introduction ◎Deep Web Analyzer (DeWA) ○ Data collection ○ Data enrichment ○ Storage and indexing ◎Illegal Trading ◎Data Analysis ◎Malware ◎Conclusions 13
  • 15. Data Sources User data Pastebin sites Twitter (1% feed) Reddit URL listing sites TOR gateways I2P host files Scouting feedback 15
  • 16. Deep Web Gateway Privoxy + TOR anonymizer Squid transparent proxy Polipo + TOR 64 instances I2P Freenet Custom DNS resolver Namecoin DNS rogueTLD DNS Cesidian root Opennic NameSpace … 16
  • 17. Page Scouting Headless browser HAR Log Page DOM Screen shot Title Text Metadata Raw HTML Links Email Bitcoin Wallets 17
  • 18. Headless Browser ◎ Scrapinghub's Splash ◎ QTWebkit browser ◎ Dockerized ◎ LUA scriptable ◎ Full HTTP traces ◎ Crawler based on Python's Scrapy + multiprocess + Splash access ◎ Headers rewrite ◎ Shared queue support ◎ Har log -> HTTP redirection chain ◎ Extract links, emails, bitcoin wallets 18
  • 19. Data Enrichment Embedded links classification (WRS) •Surface Web links •Classification and categorisation Page translation •Language detection •Non-English to English Significant wordcloud •Semantic clustering •Custom algorithm 19
  • 20. Significant Wordcloud Page text Tokenization Filtering Semantic distance matrix Hierarchical clustering Cluster label and popularity Word cloud Scrap text from HTML, clean up, strip spaces… Create list of (word, frequency) pairs Keep only substantives How “far” are words from one another? Group similar words Label clusters, sum frequencies Draw using summed frequencies 20
  • 22. Collected Data ◎Running since 11/2013 (2 years) ◎40.5 M Events ◎611,000 URLs ◎20,500 domains 22
  • 24. Roadmap ◎Introduction ◎Deep Web Analyzer (DeWA) ○ Data collection ○ Data enrichment ○ Storage and indexing ◎Illegal Trading ◎Data Analysis ◎Malware ◎Conclusions 24
  • 29. Credit Cards 29 ◎ Higher balance = higher price
  • 30. Paypal & Ebay Stolen Accounts 30
  • 34. Roadmap ◎Introduction ◎Deep Web Analyzer (DeWA) ○ Data collection ○ Data enrichment ○ Storage and indexing ◎Illegal Trading ◎Data Analysis ◎Malware ◎Conclusions 34
  • 35. ◎ By publicly sourced URLs Protocols (no HTTP/S) 35 172 17 7
  • 36. Active Portscan 36 IRC IRCS SSH 49 31 855 #freeanons 15 [+Cnt] This channel is created to support arrested Anons and act with solidarity in Anons. No MoneyFags, No Famefags, No PowerManiacs, No LeaderFags! Another Anons was arrested in France: http://www.ladepeche. fr/article/2015/10/10/2194982-enquete-de-la-dgsi-sur-du-piratage-informatique.html * - We are based on anarchistic control so nobody haz power certainly not power over the servers or * - domains who ever says that this or that person haz power here, are trolls and mostly agents of factions * - that haz butthurt about the concept or praxis where the CyberGuerrilla Anonymous Nexus stands for.
  • 45. Automated Bitcoin Identification 1200+ bitcoin wallets found in our data (not counting the obfuscated ones) 45
  • 49. Roadmap ◎Introduction ◎Deep Web Analyzer (DeWA) ○ Data collection ○ Data enrichment ○ Storage and indexing ◎Illegal Trading ◎Data Analysis ◎Malware ◎Conclusions 49
  • 50. Malware: Its adoption in the Deep Web ◎ Modern malware is network-dependent ◎ @ infection-time: Exploit kits ◎ @ propagation-time: 2nd stage malware ◎ @ operational-time: C&C servers ◎ Goals : ◎ Make botnets resilient against LEA operations, e.g. takedowns ◎ Conceal payment pages ◎ Untraceable money transfers ◎ Additional readings: ◎ Brown in Defcon 18 ◎ Hunting Down Malware on the Deep Web (infosec institute) 50
  • 51. SkyNet ◎ Malware with DDoS, bitcoin mining and banking capabilities (©G-Data/Rapid7) ◎ ZeuS bot ◎ Bitcoin mining tool (CGMiner) ◎ GPU libraries for hash cracking ◎ TOR client per Windows ◎ Use /gate.php as landing page to store the harvested credentials ◎ Path monitoring …. 51
  • 53. Dyre Banking Trojan ◎ BHO that MiTMs online-banking pages at browser-level ◎ Back-connects from victim to attacker (kind-of reverse-shell approach) ◎ DGA generation of C&C domains on Clearnet ◎ Use I2P as backup option (:80/443) ◎ nhgyzrn2p2gejk57wveao5kxa7b3nhtc4saoonjpsy65mapycaua.b32.i2p (already known to SecureWorks on 17 December 2014) ◎ oguws7cr5xvl5jlrhyxjktcdi2d7k5cqeulu4mdl75xxfwmhgnsq.b32.i2p ◎ 4nhgyzrn2p2gejk57wveao5kxa7b3nhtc4saoonjpsy65mapycaua.b32.i2p 53
  • 55. Vawtrack Banking Trojan 55 ◎ Spreads via phishing emails ◎ C&C servers (IPs) are retrieved by downloading the ‘favicon.ico’ icon-file from websites hosted on the TOR network ◎ IPs are steganographically hidden
  • 56. Vawtrack Banking Trojan (cont.) ◎ Runs ‘openresty/1.7.2.1’ as web-server ◎ Return code on ‘favicon.ico’ is 403 Forbidden ◎ `ws=‘openresty1.7.2.1’ && ∃(‘favicon.ico’) && retcode=403` returns a list of 23: 56
  • 58. Ransomware in the Deep Web ◎ Ransomware seem to love the Deep Web ◎ It provides a hidden and robust “framework” for cashouts and illicit money transfers 58
  • 59. 59 TorrentLocker ◎ A variant of cryptolocker ◎ Payment page hosted in the Deep Web ◎ Cashout via Bitcoins
  • 60. TorrentLocker (cont.) ◎ Malware generates univocal IDs ◎ wzaxcyqroduouk5n.onion/axdf84v.php/ user_code=qz1n2i&user_pass=9019 ◎ wzaxcyqroduouk5n.onion/o2xd3x.php/user_code=8llak0&user_pass=6775 ◎ Tracking on specific query string’s parameters ◎ path=’/[a-z0-9]{6}.php/user_code=[a-z0-9]{6}&user_pass=[0-9]{4}’ 60
  • 61. Breakdown by victims and country 61
  • 62. NionSpy ◎ Steals confidential information like keystrokes, passwords and private documents ◎ Records video and audio, suitable for espionage programs ◎ Detection Feature: ◎ Popularity in the number of values associated to parameters (in the query string) 62
  • 64. NionSpy: GET’s query string analysis ◎ xu experienced a quick surge in popularity: 1700+ values ◎ si.php?xu=%e0%ee%a8%e5%f2%e9%e5%e4%f2[...] ◎ URL-encoded binary blob representing the leaked data ◎ si.php?xd={“f155”:“MACHINE_IP”, “f4336”: “MACHINE_NAME”,“f7035”:“5.9.1.1”,“f1121”: “windows”,“f2015”:“1”} ◎ Reports a new infection 64
  • 65. NionSpy: New victims and leakages ◎ Blue (xd): # of new victims / day ◎ Green (xu): amount of leaked information (bytes) 65
  • 66. Black Hat Sound Bytes ◎ We built a system for data collection and analysis in the Deep Web. ◎ We used it to quickly identify cybercriminal activities, such as trading of illegal goods, underground marketplaces, scams and malware infrastructures. ◎ We run it operationally and automatically to detect new threats. 66
  • 67. Thanks! Q&A time... Marco Balduzzi -- @embyte Vincenzo Ciancaglini -- @ziovic 67