The Deep Web, Dark Web

Christian Back | Jennifer Chien Bich Chu (Evelyn) | Lingman Guo Manpreet Singh

Rolling in the Deep

1 Introduction 1.1 Surface Web, Deep Web, and Dark Web 1.2 The Onion Router (TOR)

2 Benefits of Using the Deep Web

3 Bitcoin

4 Risk of Using the Deep Web

Agenda

Layers of the Web❖ Surface Web: Also known as Visible Web, Clearnet, Indexed Web

- Searchable content with ordinary search engines. Ex: Google It

❖ Deep Web: Also known as the Deepnet, Invisible Web, Hidden web

- Contents not indexed by standard search engines

- Common Uses: Web Mail, Online Banking, Ex: Netflix Video Content

❖ Dark Web: A small part of the DeepWeb

- Available through virtual overlay networks or Onion Networks Ex: Tor,

FreeNet, i2P (Silkroad Example)

Regular Web Browsing

❖ Your assigned IP address gives away your physical location

❖ Many companies collect your digital footprints and personal information for target advertising and much more!

Picture source: cyberbullying.us

Google, Wikipedia, Bing

Banking, Mail, Paid Content

Silkroad, Hidden Wiki

How Google Auto-detect Your Location?

According to Google:

“If you don't set your location, Google shows an approximate location based on the following things to help provide you with the most relevant results:

❖ Your IP address.❖ Your Location History if you

have it turned on. ❖ Google Toolbar's My Location

feature if it’s turned on.❖ Recent locations you’ve

searched for.”

Source: Google.com - change location on Google

Picture source: http://www.ip-address.org

IP Address

Linking Your IP Address to You

Picture source: screenshot - thatsthem.com

Picture source: screenshot - thatsthem.com

U.S. Naval Research Lab

Anonymous communication

The Free Haven Project

Increase freedom of informationThe Onion RouterPicture Source:Torproject.org

How Tor Works❖ Virtual Overlaying Network

❖ Hard to trace the data back to

original user

❖ Uses volunteer nodes to reroute

and conceal user IP address

❖ Envelope encryption example

❖ The riskiest node - Exit node

Picture Source:Infographic

Maps of Tor Nodes Around the World

Picture Source: screenshot of Onionview.com, April 08, 2016.

Leave No Trace: TOR Alternatives

❖ The Invisible Internet Project (I2P) - “A network within a network”

❖ Trails - Linux based live operating system

❖ Freenet - Allows people to share files and communicate anonymously

Who uses TOR?❖ Journalists - Whistleblowers sites & Securedrop

❖ Political Activist

❖ Researchers

❖ Law enforcement - NSA

❖ Hackers

❖ Businesses - HR for background check

❖ Everyday Individuals for privacy enhancement tool

Individual BenefitsAn anonymous and private online experience is of value to many people

❖ Information flow for citizens of highly censored countries Ex: China

❖ Anonymity for anyone searching sensitive information Ex: Disease

❖ Safe haven for activists leaking info. Ex: Snowden

❖ Anonymous transactions Ex: Silkroad, BitCoin

Picture Source: Andy Greenberg, Forbes.com

Picture Source: https://whispersystems.org/

Picture Source: https://leap.se/en

Rolling in the Deep Web

Picture Source: securedrop.propublica.org

❖ Dark Web ❖ The Bright side

Individual Benefit - Freedom of Information

Censored Content: Chinese Government

❖ 18,000 Websites Blocked

❖ 12 of top 100 Global Websites (G-mail)

❖ Taiwanese and Tibetan Independence Movements

❖ Foreign Media Websites (BBC, Bloomberg News, New York

Times)

Individual Benefit - Freedom of Information

❖ Facebook is available through Tor- Oct. 2014

- Ramped-up privacy

- Locked out issues solved

- Used .onion URL

Business Benefits - Enterprise Use

❖ Cyber Security Companies (Digital Shadow)

❖ Media Outlets (Vice & Al Jazeera)

❖ Drug Firms

❖ Consulting Companies (Bright Planet)

Bright Planet

❖ Collect and analyze Deep Web content at Big Data scale

❖ Enrich and harvest data to give customers output that becomes

usable

❖ Beneficiary:

- Pharmaceutical Community

- HR Staffing Company

Google Search v.s. Deep Web Harvesting ❖ Search v.s. Harvesting

- How late is Burger King open?

- Who is selling my products fraudulently online?

❖ Mentions v.s. Page Changes

- Why it matters?

- Monitor and track changes on existing pages

- Receive real time alerts

❖ Define Your Own Dataset

Bitcoin● First described in 1998, first

published in 2009.● New payment method which only

used cryptocurrency.● Decentralized peer-to-peer

payment network.● Nobody owns the Bitcoin

network--all of worldwide users control the network.

Other Crypto Currency

Future cryptocurrency:● Litecoin

Silver vs Gold

Benefits of Using Bitcoin❖ Anonymity

❖ Decentralized digital currency

❖ Public ledger

❖ Audit trail

Bitcoin and Blockchain

Still confused about what is Blockchain?Blockchain-Public Ledger: Everyone on the network keeps a record of the transaction.

Cannot manipulate the transaction value because it would not sync up with everybody else.

Downside❖ Transaction malleability: an attack that lets someone change the unique ID of

a bitcoin transaction before it is confirmed on the bitcoin network.

❖ Use in illegal transaction: Apple ransomware.

❖ Fluctuation wildly in value

Interesting facts

Risks of using the Deep web❖ Unregulated access to criminal

information

❖ Simplifies monetization of Corporate

IP/Personal Identifiable Information

❖ Trade of zero-day Malware

Picture Source: wordpress.org, 2013 SQA

2015: Ashley Madison was Hacked❖ 25gb of company data leaked by a group of hackers known as ‘The Impact

Team’

❖ Credit Card Transaction data, including full names and addresses

❖ GPS Coordinates

❖ Email addresses compromised➢ Lack of email verification lead to public media vilifying massive amounts of .gov and .mil

Example

Personal Identifiable Information

Zero-day Exploits Market

Take-away Message

The Deep Web is a neutral

environment for anonymous

communication,

and its impact on businesses

and societies are defined

the user's intent.

Questions?

ContactsChristian Back (408) 960 - 9037

official.cback@gmail.com

Bich Chu(408) 688 - 6109

bichchu1502@yahoo.com

Jennifer Chien(408) 887 - 7609

jennifer.chien@sjsu.edu

Lingman Guo(650) 666 - 5600

tinaguo1994@gmail.com

Manpreet Singh (408) 881 - 4564

msgillon0@gmail.com

❖ Unidirectional tunnels instead of bidirectional circuits, doubling the number

of nodes a peer has to compromise to get the same information.

❖ Essentially all peers participate in routing for others.

❖ Tunnels in I2P are short lived, decreasing the number of samples that an

attacker can use to mount an active attack with, unlike circuits in Tor, which

are typically long lived.

Appendix: I2p

Appendix:Tails❖ Linux based live operating system that

works on most computers

❖ Tails OS can be booted from most

devices like DVD, USB or SD card

❖ Main benefit of Tails is built-in-

preconfigured applications for web

browsers

❖ It leaves no evidence -- Route all

traffic through Tor

Picture Source: Deepbotweb

Appendix: Mini Deep Web

References

https://www.digitalfirst.com/bitcoin-transform-accounting-know/

https://bitcoin.org/en/faq

http://www.coindesk.com/bitcoin-bug-guide-transaction-malleability/

https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-

secure/1526085754298237ies

https://teksecurityblog.com/blog/2015/04/13/hacked-how-safe-is-your-data-on-adult-social-sites/

http://www.wired.com/2015/04/therealdeal-zero-day-exploits/

http://motherboard.vice.com/read/hell-forum-dark-web-hacking-site

http://darkmatters.norsecorp.com/2015/04/07/a-buyers-guide-to-stolen-data-on-the-deep-web/

https://www.linkedin.com/pulse/look-hacker-landscape-debraj-ghosh-phd-mba

https://geti2p.net/en/comparison/tor

http://cybersecurityventures.com/cybersecurity-market-report/