Robbrecht van Amerongen

Safari: Dark Internet

2

Robbrecht van Amerongen

AMIS

Business Innovation Manager

Agile Master

https://Linkedin.com/in/robbrecht

Robbrecht@amis.nl

0641010286

Safari

4Kwetsbare systemen

5

6

in 2011 Russian-speaking hackers alone

took in roughly $4.5 billion from cybercrime

McAfee: 2014: We estimate that the likely

annual cost to the global economy

from cybercrime is more than $400

billion.

InfoSec Institute 2013: Nearly 80% of

cybercrime acts are estimated to originate

in some form of organized activity. The

diffusion of the model of fraud-as-service

and the diversification of the offerings of

the underground market is also attracting

new actors with modest skills.

7

Stel je voor:

“Ik wil als bedrijf een hacker inhuren. Hoe doe ik dat?”

Cyber-Attack als bedrijf

8

Cyber-Attack als bedrijf

9

• 2000-2004

10Quality and Trust

11

Payment and distribution

12

Contact us?

Contact me at mr.hacker@Safe-mail.net

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: GnuPG v2.0.22 (MingW32)

mQENBFPhZR8BCACjScBCYxVsMe0orwQ8lFabKrvAVDnxLIoABf8xZ2rhEMXQNWL2

Ly0JKsL/fC166EvtsoIfOoZG1jA3TXCOk57rxW8fFTc2JD/9ccBqpBQjJ3xTfCcw

da0SgwnBzPds9iCa9xl0neNTGmCrB3JzZ8Y1IOHr2PDJjScXq0ai1H1RYoivQgj2

Pg+kRock6MDKBJ5FhfFCd9mgE3/J5GPJ3GhIbjm6gPLs6sOle/hD5F2vjXcU23DD

Yup/HvxY5vLJZgOhudhiQHEvxdUIroeilJWPFmPNYXKRamRu3FwB05ipcqQtt3yE

v3/FNAe0eDJPv8nr3u3ciQSSl8HU3lM+QXcDABEBAAG0H01yLkdyaW0gPG1yLmdy

aW1Ac2FmZS1tYWlsLm5ldD6JATkEEwECACMFAlPhZR8CGw8HCwkIBwMCAQYVCAIJ

CgsEFgIDAQIeAQIXgAAKCRD8KgSBJS5CTtjVB/wMiv3ybVw92Mgz5JUi3LP0iUmu

cUAgkzdD6FlDVbviKDh04EpJ4tvqBvYiz9riLi9qdVyZojvxOZedvNL+RBCTBx+E

FcpD74aQ+2WY8PdzjackA61JNMFGGk9IoA+hP61dtkvjDcdEjn46a0Jf8hpXeEFU

Vug+mRVj5fk7qxmyBFs8Q5WNvKA9N6HY2jFuShuibEQXTdc6jyYQ3wLDQXqkpkIU

4dt+ioHabfmXquLXZbLZi8vd2kbkiubJfYkk1qQX7E3PJ/uEN++3uOP2Z1fEXqu6

GiUuvl1cnly9my9XpLxr1OYus7uLnhJpzUtcQ9QKFyi86IRfLvf3d9VnxAK3

=4LqY

-----END PGP PUBLIC KEY BLOCK-----

13

14

Levels: Deep Web

• Level 1: This is the conventional web we (indexed by Google, Bing, other ). Only need a browser

• Level 2: Content removed by search engines. E.g. movies, books, music , videos. Only need a browser

• Level 3: non-public sites and you need access "Invitation" to and exclusive access content. Need a browser and an account.

• Level 4: real "Deep Web" Need a special browser. Decentralized traffic. "The Hidden Wiki“

• Level 5: Need a special browser and accounts. Purchase Weapons, Drugs, Hackers Services

• Level 6: Unknown: government network and is fully restricted.

15

500 x the Google index

We will literally be shocked, and this is the reaction of those individual who can

understand the existence of the Deep Web, a network of interconnected systems, are

not indexed, having a size hundreds of times higher than the current web, around 500

times.

16

• Dynamic content: dynamic pages which are returned in response to a submitted query or accessed only through a form, especially if open-

domain input elements (such as text fields) are used; such fields are hard to navigate without domain knowledge.

• Unlinked content: pages which are not linked to by other pages, which may prevent Web crawling programs from accessing the content.

This content is referred to as pages without backlinks (or inlinks).

• Private Web: sites that require registration and login (password-protected resources).

• Contextual Web: pages with content varying for different access contexts (e.g., ranges of client IP addresses or previous navigation

sequence).

• Limited access content: sites that limit access to their pages in a technical way (e.g., using the Robots Exclusion Standard, CAPTCHAs, or

no-cache Pragma HTTP headers which prohibit search engines from browsing them and creating cached copies).

• Scripted content: pages that are only accessible through links produced by JavaScript as well as content dynamically downloaded from Web

servers via Flash or Ajax solutions.

• Non-HTML/text content: textual content encoded in multimedia (image or video) files or specific file formats not handled by search engines.

• Text content using the Gopher protocol and files hosted on FTP that are not indexed by most search engines. Engines such as

Google do not index pages outside of HTTP or HTTPS.

17

Deep Internet / Dark Internet

As usually happen, the project was born in military

sector, sponsored the US Naval Research

Laboratory and from 2004 to 2005 it was

supported by the Electronic Frontier Foundation.

A user that navigate using Tor it’s difficult to trace

ensuring his privacy because the data are

encrypted multiple times passing through nodes, Tor

relays, of the network and making is untraceable.

18

TOR, The Onion Router

19

TOR, The Onion Router

20

TOR, The Onion Router

21

CiberCrime: Motivation(Black hat / White hat)

22

Professioneel!!!!

Jan 2014: Blackshades.

The police found that the group was paying

salaries to its staff and had hired a

marketing director to promote its software

to hackers. It even maintained a

customer-support team.

2008 Mpack:

a professionally developed toolkit sold in

the underground economy. Attackers deploy

MPack’s collection of software components

to install malicious code on thousands of

computers around the world and then

monitor the success of the attack through

various metrics on its online management

console.

2008 : Social networking Web

sites are particularly valuable to

attackers since they provide access

to a large number of people, many

of whom trust the site and its

security.

2011 Zeus: We see multi-staged

attacks which consist of an initial

attack that is not intended to

perform malicious activities

immediately, but that is used to

deploy subsequent attacks.

23

Full Cyber-Crime Service provider

Professional, Architecture, Software Lifecycle.

Industry specialization (Logistics, agriculture, manufacturing, financials etc..)

Chain integration (infra, coding, execution, service, banking, money laundering)

Including:

• Cybercrime has their own social networks

• Escrow services

• Malware can now be licensed and gets tech support

• You can now rent botnets by the hour, for your own crime spree

( BotNet as a Service or BaaS)

• Pay-for-play malware infection services that quickly create botnets (automatic

provisioning)

• Quality testing

• No-cure-no-pay for infections, cards, bank accounts…etc..

24

(Sponsored content)

25

June 2013: Prices for “Attacks-as-a-Service” :

• Consulting services such as botnet setup, $350-$400

• Infection/spreading services, under $100 per a thousand installs

• Botnets and rental, Direct Denial of Service (DdoS), $535 for 5 hours a day for one

week, email spam, $40 per 20,000 emails, and Web spam, $2 per thirty posts.

• Blackhat Search Engine Optimization (SEO), $80 for 20,000 spammed backlinks.

• Inter-Carrier money exchange and mule services, 25% commission.

• CAPTCHA breaking, $1 per a thousand CAPTCHAs, done by recruited humans.

• Crimeware upgrade modules: Using Zeus modules as an example, they range

anywhere from $500 to $10,000.

http://securityaffairs.co/

26

Demo The Dark Internet

28

29

30

Passwords

????????

31

Launch code

Permissive Action Link (PAL), basically a small device that ensured that the missile could only be launched with the right code and with the right authority.

Passcode was 8 characters:

00000000

32

Hoe sterk is je password?

33

34

Costs of Cyber Crime