View
703
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Deep and Dark internet Safari, How to hire a hacker. Views on how professional cyber crime organizations are.
Citation preview
Robbrecht van Amerongen
Safari: Dark Internet
2
Robbrecht van Amerongen
AMIS
Business Innovation Manager
Agile Master
https://Linkedin.com/in/robbrecht
0641010286
Safari
4Kwetsbare systemen
5
6
in 2011 Russian-speaking hackers alone
took in roughly $4.5 billion from cybercrime
McAfee: 2014: We estimate that the likely
annual cost to the global economy
from cybercrime is more than $400
billion.
InfoSec Institute 2013: Nearly 80% of
cybercrime acts are estimated to originate
in some form of organized activity. The
diffusion of the model of fraud-as-service
and the diversification of the offerings of
the underground market is also attracting
new actors with modest skills.
7
Stel je voor:
“Ik wil als bedrijf een hacker inhuren. Hoe doe ik dat?”
Cyber-Attack als bedrijf
8
Cyber-Attack als bedrijf
9
• 2000-2004
10Quality and Trust
11
Payment and distribution
12
Contact us?
Contact me at [email protected]
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (MingW32)
mQENBFPhZR8BCACjScBCYxVsMe0orwQ8lFabKrvAVDnxLIoABf8xZ2rhEMXQNWL2
Ly0JKsL/fC166EvtsoIfOoZG1jA3TXCOk57rxW8fFTc2JD/9ccBqpBQjJ3xTfCcw
da0SgwnBzPds9iCa9xl0neNTGmCrB3JzZ8Y1IOHr2PDJjScXq0ai1H1RYoivQgj2
Pg+kRock6MDKBJ5FhfFCd9mgE3/J5GPJ3GhIbjm6gPLs6sOle/hD5F2vjXcU23DD
Yup/HvxY5vLJZgOhudhiQHEvxdUIroeilJWPFmPNYXKRamRu3FwB05ipcqQtt3yE
v3/FNAe0eDJPv8nr3u3ciQSSl8HU3lM+QXcDABEBAAG0H01yLkdyaW0gPG1yLmdy
aW1Ac2FmZS1tYWlsLm5ldD6JATkEEwECACMFAlPhZR8CGw8HCwkIBwMCAQYVCAIJ
CgsEFgIDAQIeAQIXgAAKCRD8KgSBJS5CTtjVB/wMiv3ybVw92Mgz5JUi3LP0iUmu
cUAgkzdD6FlDVbviKDh04EpJ4tvqBvYiz9riLi9qdVyZojvxOZedvNL+RBCTBx+E
FcpD74aQ+2WY8PdzjackA61JNMFGGk9IoA+hP61dtkvjDcdEjn46a0Jf8hpXeEFU
Vug+mRVj5fk7qxmyBFs8Q5WNvKA9N6HY2jFuShuibEQXTdc6jyYQ3wLDQXqkpkIU
4dt+ioHabfmXquLXZbLZi8vd2kbkiubJfYkk1qQX7E3PJ/uEN++3uOP2Z1fEXqu6
GiUuvl1cnly9my9XpLxr1OYus7uLnhJpzUtcQ9QKFyi86IRfLvf3d9VnxAK3
=4LqY
-----END PGP PUBLIC KEY BLOCK-----
13
14
Levels: Deep Web
• Level 1: This is the conventional web we (indexed by Google, Bing, other ). Only need a browser
• Level 2: Content removed by search engines. E.g. movies, books, music , videos. Only need a browser
• Level 3: non-public sites and you need access "Invitation" to and exclusive access content. Need a browser and an account.
• Level 4: real "Deep Web" Need a special browser. Decentralized traffic. "The Hidden Wiki“
• Level 5: Need a special browser and accounts. Purchase Weapons, Drugs, Hackers Services
• Level 6: Unknown: government network and is fully restricted.
15
500 x the Google index
We will literally be shocked, and this is the reaction of those individual who can
understand the existence of the Deep Web, a network of interconnected systems, are
not indexed, having a size hundreds of times higher than the current web, around 500
times.
16
• Dynamic content: dynamic pages which are returned in response to a submitted query or accessed only through a form, especially if open-
domain input elements (such as text fields) are used; such fields are hard to navigate without domain knowledge.
• Unlinked content: pages which are not linked to by other pages, which may prevent Web crawling programs from accessing the content.
This content is referred to as pages without backlinks (or inlinks).
• Private Web: sites that require registration and login (password-protected resources).
• Contextual Web: pages with content varying for different access contexts (e.g., ranges of client IP addresses or previous navigation
sequence).
• Limited access content: sites that limit access to their pages in a technical way (e.g., using the Robots Exclusion Standard, CAPTCHAs, or
no-cache Pragma HTTP headers which prohibit search engines from browsing them and creating cached copies).
• Scripted content: pages that are only accessible through links produced by JavaScript as well as content dynamically downloaded from Web
servers via Flash or Ajax solutions.
• Non-HTML/text content: textual content encoded in multimedia (image or video) files or specific file formats not handled by search engines.
• Text content using the Gopher protocol and files hosted on FTP that are not indexed by most search engines. Engines such as
Google do not index pages outside of HTTP or HTTPS.
17
Deep Internet / Dark Internet
As usually happen, the project was born in military
sector, sponsored the US Naval Research
Laboratory and from 2004 to 2005 it was
supported by the Electronic Frontier Foundation.
A user that navigate using Tor it’s difficult to trace
ensuring his privacy because the data are
encrypted multiple times passing through nodes, Tor
relays, of the network and making is untraceable.
18
TOR, The Onion Router
19
TOR, The Onion Router
20
TOR, The Onion Router
21
CiberCrime: Motivation(Black hat / White hat)
22
Professioneel!!!!
Jan 2014: Blackshades.
The police found that the group was paying
salaries to its staff and had hired a
marketing director to promote its software
to hackers. It even maintained a
customer-support team.
2008 Mpack:
a professionally developed toolkit sold in
the underground economy. Attackers deploy
MPack’s collection of software components
to install malicious code on thousands of
computers around the world and then
monitor the success of the attack through
various metrics on its online management
console.
2008 : Social networking Web
sites are particularly valuable to
attackers since they provide access
to a large number of people, many
of whom trust the site and its
security.
2011 Zeus: We see multi-staged
attacks which consist of an initial
attack that is not intended to
perform malicious activities
immediately, but that is used to
deploy subsequent attacks.
23
Full Cyber-Crime Service provider
Professional, Architecture, Software Lifecycle.
Industry specialization (Logistics, agriculture, manufacturing, financials etc..)
Chain integration (infra, coding, execution, service, banking, money laundering)
Including:
• Cybercrime has their own social networks
• Escrow services
• Malware can now be licensed and gets tech support
• You can now rent botnets by the hour, for your own crime spree
( BotNet as a Service or BaaS)
• Pay-for-play malware infection services that quickly create botnets (automatic
provisioning)
• Quality testing
• No-cure-no-pay for infections, cards, bank accounts…etc..
24
(Sponsored content)
25
June 2013: Prices for “Attacks-as-a-Service” :
• Consulting services such as botnet setup, $350-$400
• Infection/spreading services, under $100 per a thousand installs
• Botnets and rental, Direct Denial of Service (DdoS), $535 for 5 hours a day for one
week, email spam, $40 per 20,000 emails, and Web spam, $2 per thirty posts.
• Blackhat Search Engine Optimization (SEO), $80 for 20,000 spammed backlinks.
• Inter-Carrier money exchange and mule services, 25% commission.
• CAPTCHA breaking, $1 per a thousand CAPTCHAs, done by recruited humans.
• Crimeware upgrade modules: Using Zeus modules as an example, they range
anywhere from $500 to $10,000.
http://securityaffairs.co/
26
Demo The Dark Internet
28
29
30
Passwords
????????
31
Launch code
Permissive Action Link (PAL), basically a small device that ensured that the missile could only be launched with the right code and with the right authority.
Passcode was 8 characters:
00000000
33
34
Costs of Cyber Crime