Blog Posts
Learning Bytes - CPE Write-Up #5
Webinar Title: Demystifying the Dark Web
Presenter(s): Audi Houswerth, Jarrod Coulter, Nathan Poissant, Adriana Arteaga Camacho (Aristocrat)
Platform: Brighttalk
Length: 54:43 Minutes
Date of Creation: February 29, 2024
A Brief Description Provided About the Webinar
"The dark web is a part of the internet that allows users to engage in various illegal activities with some level of anonymity. It is often used for the sale of weapons, software and malware, narcotics, digital products, counterfeit items, money laundering, fraud, and other related cybercrimes. Learn more about how the dark web started, how it operates, and ways to protect your organization."
Key Takeaways
This webinar has two sections, a Presentation portion and a Panel portion.
Presentation Portion
This is a very high-level overview of the dark web. And it also goes into what is threat intelligence. There is also a darknet walkthrough of various darknet sites.
There was an unfortunate section near the beginning, in which one of the presenters disappeared and this created an awkward period of time.
"As attackers become more sophisticated, how do we stay informed as a company and able to predict as well as to react?" is the opening question, after introductions are completed. The answer, Audi Houswerth says, is threat intelligence. TI is a cycle that occurs over five stages: 1. Planning & Direction, 2. Collection, 3. Processing, 4. Analysis, and 5. Dissemination & Feedback.
TI gives an organization needed information for them to create a pre-emptive plan against future attack plans. Threat actors purportedly tend to be on the darknet. One of the best and most relevant graphics regarding the darknet is the one of the iceberg and that is the one in the slides. There are basically three portions of the Internet. The first, the surface web (also known as the clear web), contains only around 4% of the internet. The clear web is anything that gets indexed by search engines or is public. The next stage is called the Deep Web. This comprises about 90% of the Internet and is pretty much anything that resides behind a password and a firewall. Pretty much, anything that is NOT indexed by a search engine. Lastly, there is the dark web or darknet. Since it is not easily accessible, there is no concrete numbers for how big the darknet is, but it is estimated to be around 6% of the Internet. You need a special browser to access it, and it is rife with all sorts of illegal activities. It was created to purposefully anonymize the traffic on it.
According to the presenter, the original darknet was created by the U.S. government. (I am not surprised at this.) It was an attempt to build secure military communications in the 90s. All of the websites that are on the darknet end with ".onion", not ".com", etc. TOR, as the Onion Router is known, creates layers of encryption on top of one another to keep communications safe. Not only is the traffic encryption under several layers, it is bounced around through multiple relays, keeping everything anonymous. Allegedly, the relays themselves do not know from where the traffic has come, nor does it know where the traffic is going. TOR users can also volunteer their computer systems to act as a relay. TOR relays are created so that all traffic appears the same to outside eyes.
In many instances, governments will censor or restrict access to data from its citizens. The darknet provides a solution to this, allowing citizens uncensored access to new and also allows them to express themselves. In most countries, it is not illegal to merely be on the dark web. It also hides IP addresses and blocks advertising trackers. The downside to the darknet is that many of the files that are available for download are likely infected with some form of malware or another. Many choose to access the darknet using computers that have specialized software, such as Tails, or something like it. There are many places on the darknet for a person to buy and sell just about anything. These sites accept cryptocurrencies. You can buy and sell just about anything on the darknet, including stolen data, password dumps, and money laundering.
In typical transactions, a person can go to the grocery store to buy their groceries; no middlemen are needed. When it comes to the darknet, this is not the case. A middleman, otherwise known as an escrow agent, facilitates the sales between buyers and sellers. This will ensure that there is no fraud between buyer and seller. Also, since most people cannot trust one another, relationships are instead built on reputation, not trust.
Darknet marketplaces will generally buy and sell anything, using cryptocurrency of some type or another. Trusted marketplaces can develop quite a following. Unfortunately for those buying and selling on a darknet marketplace, law enforcement is also there, setting up honeypot accounts and trying to ensnare criminals. Many on the darknet also offer "aaS", or "as-a-service". This is where just about anything can be offered as a service, such as Malware-as-a-Service, or DDoSaaS, and so forth. Criminals will often model themselves after a legitimate service, including tiers of service and monthly charges.
While the TOR is non-profit and has a great project mission, TOR is being used for bad things. Anonymity = bad behaviors often. However, the darknet can also be good, especially when it is used to protect free speech.
Panel Portion
The other three people introduce themselves, and one person promptly dropped their connection. Some of the audio was not great, so I've attempted to type what I heard to the best of my abilities. The questions for this section are:
Q1: What is the best way to protect yourself once your email address is on the dark web?
Q2: How can you monitor the dark web for your information?
Q3: How does AI contribute to the dark web?
Q4: You touched on the legality of the dark web, can you expand more on that a little bit?
Q5: Can you elaborate on how to protect your home network and PC when exploring the dark web?
Q6: What do you do when the software finds your information on the dark web?
Q7: Is the TOR browser the only way for accessing the dark web, or are there others?
Q8: What risks do you run browsing the dark web?
Q9: Why should a company care about the dark web?
Q10: With so many data breaches occuring globally, the likelihood of our data being on the dark web is high. Have there been any studies showing the value of our data decreasing due to that?
Q11: Does the US government have any back-end tracking on user activity, since the environment was built for the scope for use?
Q12: What are some common misconceptions about the dark web?
Q13: Is it possible to remove your information? Do companies offer this service?
Q14: Besides identity theft, what else does criminals do with your data on the dark net?
Q15: What would a general day of work look for you as a threat intel analyst?
Q16: How secure and anonymous is the dark web?
Q17: What materials, sites or reports would be included in your research?
Q18: Does the majority of threat intelligence come from the dark web? And how much is it linked?
Q19: What can one do if their social security number is found on the darknet?
Q20: Are there ways for a company to monitor for their data on the dark web?
Q21: How do you see the dark web playing a role in our future?
Q22: Aside from social media, what are your top security news sources?
Q23: Is truth social dark web? (Audio was fuzzy)
Q24: What got you started in the field of cybersecurity?
Q25: How can we do dark web forensics?
Q26: Are there any tips to get experience in threat hunting or threat intel other than accessing the dark web?
Q27: Are you required to have a clearance to work in your specialization?
Additional Links/Information
There are additional bonus slides associated with this webinar and can be found on the Bright Talk platform.
The main presentor, Audi Houswerth, recommended the podcast Darknet Diaries.
