The Hidden Face of the DarknetThe Hidden Face of the Darknet
Carl HerbergerCarl Herberger
May 23rd, 2018May 23rd, 2018
Global VP, Security Solutions Global VP, Security Solutions
2 Agenda
• What is the Darknet
• How to access the Darknet
• What can you find
• What can you buy
• Why hackers use the Darknet
4What is the Darknet?
Overlay network
Private and encrypted
Requires specific tools
Origins
1970, Isolated network
from ARPANET
Uses
Email and social media
Hosting and file
sharing
News and Media
E-Commerce
5 Agenda
• What is the Darknet
• How to access the Darknet
• What can you find
• What can you buy
• Why hackers use the Darknet
6How to access the Darknet
TOR I2P
Software The Onion Router Invisible Internet Project
Two Dark-net Types
Anonymity Friend-to-Friend
UsesPrivacy / Hidden
Services File sharing
7Type of Darknet – Friend to Friend – I2P
Data encapsulated in layers
of encryption
Bundling multiple messages
together
Unidirectional tunnels
10Type of Darknet – Anonymity - Tor
Source
Message
Router C
Router B
Router A
Destination
Data encapsulated in layers of
encryption
Each layer reveals the next
relay
Final layer sends data to
destination
Bi-Directional
12Access - Whonix
Two virtual machines
WorkstationGateway
User application have no knowledge of the users ‘real’ IP address
All communications are forced through the Tor network
17Metrics
Around 1.5 – 2 Million relay
users per day
United States has the most
daily users
Just under 100,000 bridge
users per day
Spikes of usage show possible
censorship
18Censorship - Turkey
December 2016 Turkey begins
censoring the internet
Sites like Facebook, Twitter
and YouTube blocked
Arrest over comments on the
internet
Spike in Tor relay users follow
Tor, VPN websites blocked
Increase in bridge users
20 Agenda
• What is the Darknet
• How to access the Darknet
• What can you find
• What can you buy
• Why hackers use the Darknet
22How to access the Darknet
Mirrored news services
Counter censorship &
surveillance
Securely submit information
24Email Services
Tor adds an additional layer of
security
Combats Censorship and
Surveillance
Options
– Tor only service
– Clearnet services with hidden service option
26Hosting Services
Risk Analysis / Trust
High-Privacy hosting
– Bulletproof / Offshore hosting
Option
– Self host on a VPSFreedom Hosting II
30E-Commerce
Black-market of the Internet
Multiple categories
Anonymous payments with
Bitcoin
Escrow services
Legal/Illegal goods and
services
Scams
31Leak Data / Fraud
Hackers collect leaks
Fullz are available
Fraud is rampant
Forums have exclusive and
fresh leaks
32IRC
Internet Relay Chat
Found on both Clearnet and
Darknet
Often a staging area for
Hacktivist operations
33 Agenda
• What is the Darknet
• How to access the Darknet
• What can you find
• What can you buy
• Why hackers use the Darknet
36What can you buy on the Darknet?
DDoS as a Service
Botnet Rental
Malware/Ransomware
Security/Hosting
Undisclosed Exploits
Leaked Data / Fruad
37DDoS as a Service
Developing industry
Services sold on marketplaces
or on private hidden services
Recent growth in stresser
services on the Darknet
Attackers are using Tor to
mask their origin
40Malware
Ransomware as a Service
Sold in Marketplaces
Other malware is also
available
jRAT sells for $29 dollars
– Or you can download educational RATs on Github..
44 Agenda
• What is the Darknet
• How to access the Darknet
• What can you find
• What can you buy
• Why hackers use the Darknet
45Why hackers use the Darknet?
Benefits of the Darknet to an attacker:
Privacy
Obfuscation
Opportunity