Hetherington Group © 2017, all rights reserved.

Investigating in an

Asymmetrical Online World

By Cynthia Hetherington

Big Brother’s Little Sister

Cynthia is a…

• OSMOSIS Conference Host

• ACFE Faculty

• ASIS Educator

• Global OSINT presenter

• Author & publisher

• Analyst

• Security Practitioner

• Investigator

• Tech

• Librarian

• Subscriber to over 3,500 sources

Overview

• Introduction• Asymmetrical Warfare

• In an online world

• Dark Web• Define the users of the dark web• Define the problems perpetuated and aggrandized• Define the illegal things happening

• Surface vs. Deep vs. Dark Web• Simple as going undercover?• Guy Fawkes mask and I’m in

• How not to use the dark web• How to use the dark web

Asymmetrical Warfare

Conflicts between nations or groups that have disparate military capabilities and strategies.*

*The Rand Group https://www.rand.org/topics/asymmetric-warfare.html

Online Asymmetry = US vs. Them

US

• Weapons

• Purchase Orders

• Laws

• Ethical boundary

• Soldiers

• Resistance to change

Them

• Cellphones

• Cryptocurrency

• Thieves justice

• Anonymity

• Hackers

• Acceptance of change

How to hack the Navy by Ira Winkler

Surface vs. Deep vs. Dark

DARK Web = approx. 7K pages

Surface Web (aka Clearnet)

• The Surface Web is anything that can be indexed by a typical search engine like Google or Bing.

• The pages delivered are indexed by keyword, and the rankings are returned based on popularity.

• Surface web offers relatively low-base anonymity, with most websites routinely identifying users by their IP address.

Deep Web

• Information buried in databases that cannot be located via search engines.• Databases like Sunbiz.org which hold

the filings for all businesses in the state of Florida

• Or surplus hotel rooms

• Property records

• Airline bookings

• WebMD listings

• Football tickets

Dark Web

• The Dark Web is classified as a small portion of the Web that has been intentionally hidden and is inaccessible through standard web browsers.

• The most famous content that resides on the Dark Web is found in the TOR network. The TOR network is an anonymous network that can only be accessed with a special web browser, called the TOR browser. This is the portion of the Internet most widely known for illicit activities because of the anonymity associated with the TOR network.

Dark web for good

• Communicating from dangerous worlds

• Researching sensitive items

• Arab Spring

• Protesting organizations

• Counter establishment research

Dark Web for bad…

http://homeland.house.gov/hearing/hearing-countering-violent-islamist-extremism-urgent-threat-foreign-fighters-and-homegrown

The media doesn’t know how to handle it.

https://twitter.com/juliebosman

Black Market Online

http://2xscte4bcwthofcs.onion.link/index.html

http://ev3h5yxkjz4hin75.onion/wiki/index.php/Main_Page

State run and funded

Anonymous will take of it

http://www.cbsnews.com/videos/anonymous-declares-cyber-war-on-isis

@TheAnonMessage

#Anonymous has obtained audio files of police dispatch and EMS during the #MikeBrown shooting

Until you piss them off

It’s a Terror Party!

• Cyber caliphate targets U.S. military spouses; Anonymous hits ISIS

• Motorcycle Gangs, Drug Cartels, Sovereign Citizens, Street Gangs are coordinating their efforts.• They all realize… that ISIL is amazing at marketing and Anonymous

is awesome at cyber vigilantism.

• So they are joining.

• Every slimy character that can get away with selling something illegal will.

US

Yup… Still US.

NOT BLENDING

Defcon 2007 and Defcon 2017

Still a bunch of nerds living in your mother’s basement.

Guy Fawkes

• Just because you put a mask on, doesn’t mean your anonymous.

• It may mean you’re a clown.

Bad Clown

How not to use the Dark Web

SLOTH

EGO

GREED

Sloth

• Don’t be stupid

• Tor is a great bit of technology for the right user, but is no match for operators who don't know what they're doing.

• Using Tor, or setting up an anonymous .onion website, does not make you an elite hacker.

Ego

• Don’t make the wrong friends

• In the Dark your website is a beacon of interest that needs to keep out both the bad guys and the good guys.

• With only 7,000 sites, you will draw attention.

• Memex and other government search tools are scouring the dark web.

Greed

• The party is only good the first time around

• Then there is the Dark markets, online forums and various other sites that can only be accessed via the Tor browser as these sites use .onion URL’s instead of the normal .com, .net, and .org.

• Silk Road 2.0 didn’t last long, when it and dozens others, were taken down in a single day following a six month, 17-nation police operation called Operation Onymous

Silkroad takes us to the Market

• Today AlphaBay and Hansa market are the markets that sell illegal goods• AlphaBay, currently the largest but has…

• Questionable status after (maybe) Canadian Alexander Caze killed himself in a Thai prison week.

• Hansa, the next best hansamarket.link

• Oh wait… Hansa was taken down by the European and American law enforcement

Where to find the inside scoop

• With Hansa, Alphabay and Silkroad all history, where do we look for content, ideas, brands and goods?

• The answer is Reddit!

Reddit for dark markets

• https://www.reddit.com/r/DarkNetMarkets/

• Check out /r/DNMParanoia, where a bunch of crackheads are awaiting to assuage your fears that your teenth of meth will arrive safely.

• This sub is a semi-humorous offshoot of /r/DarknetMarkets. If you are looking for real advice regarding a package you are worried about, use the [SERIOUS] tag in your post title tag to flag down some help. If you just want to goof and gaff, posts with the [Belize] tag are what you seek.

So VPN vs. Tor?

• Do not use a VPN as an anonymity solution. If you're looking for a trusted entry into the Tor network, or if you want to obscure the fact that you're using Tor, setting up a private server as a bridge works quite well.

• However, VPNs have a single point of failure: the VPN provider. A technically proficient attacker or a number of employees could retrieve the full identity information associated with a VPN user.

• When you use Tor the IP address you connect to changes at most every 10 minutes, using a three hop circuit path, and often more frequently than that.

How to use the Dark Web

1. Go to torproject.org and read.

• What is Tor

• Why Anonymity Matters

2. Download and install Tor

3. Do not add toolbars are other items you are not familiar with

4. Do not assume all things are safe

5. Make sure your software is updated

6. Make sure your antivirus and malware is updated

7. Start with torhiddenwiki.com or onion.city

You should see this on start up

• Don’t expand your window view size.

• Make sure you see the Congratulations/Configured message.

• Double check for any update messages.

• Go to a safe site to start, onion.link for example

Onion.link

• Since there are 7,000 dark web sites there isn’t much to index, however, some users have applied Google’s API and googlizedwhat they could.

• Using any safe site, go to the onion in the toolbar and make sure you see your circuit moving through multiple countries and areas.

• Select a new circuit if you don’t see your IP address changing.

Pharms & other Bio-shops

http://2xscte4bcwthofcs.onion.link/index.html

Onion.city : Puppies Search

Hidden Wiki has rich topic list

Hansa Market in 9 Easy Steps

• Download Tor Browser or Install Tails (Optional)

• Create and Fund a Bitcoin Wallet Tumble your Bitcoins (Optional)

• Create a Hansa Account

• Login to Hansa Market

• Set up a Refund Address Set up a Multi-Sig Wallet (Optional)

• Search for an Item

• Check Vendor's Feedback

• Make the Purchase Encrypt the Address Manually with PGP (Optional)

• Release Payment Post a Vendor Review on Hansa Subreddit (Optional)

Dark Web Conclusion

• Start with Tor, or another anonymizing search engine

• Search with torhiddenwiki.com, onion.city or onion.link

• Not a place to dabble.

• Don’t download or open files without having a virtual machine (separate cold computer) to view them.

• Have a strong stomach

Recommended Reading Dark and Tor

• https://www.torproject.org/docs/faq.html.en

• https://bitcoin.org/en/getting-started

• http://hansamarket.link (view only in TOR)

• http://www.wired.com/2015/02/darpa-memex-dark-web/

• https://nakedsecurity.sophos.com/2015/08/07/law-enforcement-is-learning-to-navigate-the-dark-web/

• Incognito Toolkit by Rob Robideau

• Tor and the Dark Art of Anonymity by Lance Henderson

Reading on Asymmetrical Warfare

• Dark Territory: The Secret History of Cyber War. Fred Kaplan. 2016.

• Future Crimes: Inside the Digital Underground and the Battle for Our Connected World. Marc Goodman. 2015

• CYBER WAR: The Next Threat to National Security and What to Do About It. Richard Clarke. 2010

• NEUROMANCER. William Gibson. 1984

• FutureShock. Alvin Toffler. 1970

• Watch all Star Trek and Games of Thrones episodes

Questions?

#whoknew!

Hetherington Group © 2017, all rights reserved.

Cynthia Hetherington

www.hetheringtongroup.com

CH@hetheringtongroup.com

CynthiahetheringtonHetheringtonGroup@HetheringtonGrp

Thank you!

Email or call with questions, concerns or if you need assistance anytime!

973-706-7525