THE DARK WEBA THREAT

TO YOUR BUSINESS?
Jayson Ferron, CEO, Interactive Security Training

20 April 2017

2017 ISACA. All Rights Reserved

WELCOME

Audio is streamed over your computer Use the Papers tab to find the following:

Dial in numbers and codes are on the left PDF Copy of todays presentation

To receive your CPE credit: CPE job aid

1. Complete 3 checkpoints Have a question for the speaker? Access

the Q&A tab
- or -
Technical issues? Access the Help tab
2. Watch the recorded version from the
beginning to the very end Questions or suggestions?
Visit https://support.isaca.org
Dont forget to take the survey!

2017 ISACA. All Rights Reserved

TODAYS SPEAKER

Jay Ferron
CEHi, CISSP, CHFIi, C)PTEi, CRISC, CSXp
Trainer, CVEi, MCITP, MCSE, MCT, MVP, NSA
Past President ISACA Greater Hartford Chapter
Blog: Blog.mir.net

2017 ISACA. All Rights Reserved

PROBLEMS

By 2020 there will be somewhere between 26 and 30 billion

devices connected to the Internet.
Most organizations have no concept of data classification, let
alone understand WHERE their data resides.
How many of YOU know what your vendor, your partner, your
supplier is doing with YOUR data? In the CLOUD?
How is your data being transmitted?
Wired?
Wireless?
SatCom?
SneakerNet?
Or Press Enter and Pray?

2017 ISACA. All Rights Reserved

THE BAD GUYS

2017 ISACA. All Rights Reserved

WARNED ALREADY

2017 ISACA. All Rights Reserved

WHO CARES ABOUT ME?

Manufacturing Real-Estate
Software Utilities & Energy
Financial Media
Construction Non-Profit
Government & Defense E-Commerce
Education ALL experienced increases
Healthcare in both general AND
Retail targeted attacks in 2015
Transportation
Telecom

2017 ISACA. All Rights Reserved

CYBER INTELLIGENCE PROGRAM

2017 ISACA. All Rights Reserved

IOT MEDICAL DEVICES

Wearables
Home Health Monitoring Devices
Talking Devices appealing to all ages
Cloud Based
Wireless transmission capable
Cheaper infrastructure for users and
care providers

2017 ISACA. All Rights Reserved

WHY IS CYBERSPACE DANGEROUS?

Availability Of Personal Information

Interests, hobbies, hangouts, schools, teams
Names, addresses, phone numbers
Financial information
Friends, family
Pictures.

10

2017 ISACA. All Rights Reserved

WHAT DO YOU DO ONLINE?

Education
Email
Online classes
Research
Collaboration

Communication
Email
Instant messenger
Social networks

11

2017 ISACA. All Rights Reserved

 POOR SELECTION OF ONLINE NAMES
Screen Names, Social Media names & Email Addresses
Are poor when they contain names, schools, locations, or identifying numbers or descriptive terms

EXAMPLES:
proctorChrLdr
ClintonBball#22
RFAGoalie
NthUticaJIM
SylvanSally
BikiniBabe
HPDiver
NHHottie

12

2017 ISACA. All Rights Reserved

 POOR PASSWORDS
Passwords should be something not easily guessed
Like screen names: poor passwords contain names, schools, locations, or identifying and
descriptive terms
Pets names, favorite songs, books or movies
Passwords should not be written down

BAD EXAMPLES:
SpongeBob
Pink
BTRFan
volleyball
Scruffy
Strough

13

2017 ISACA. All Rights Reserved

CYBER PREDATORS

GATHER INFORMATION ABOUT VICTIMS

Social Networks
Instant Messenger Profiles and Directories
AOL Profiles
Screenames (Handles)
Publicly Available Information

UTILIZE SOCIAL ENGINEERING TRICKS

Find common interests
Target users with low self-esteem
Masquerade as a peer, often of the opposite sex
Masquerade as other individual the person may be interested in meeting

14

2017 ISACA. All Rights Reserved

SOCIAL NETWORKING

Social networking allows people to network, interact and collaborate to

share information, data and ideas without geographic boundaries.

15

2017 ISACA. All Rights Reserved

DATA PERSISTENCE

16

2017 ISACA. All Rights Reserved

HARASSMENT & CYBERSTALKING

17

2017 ISACA. All Rights Reserved

 SOCIAL SCAMS

Profile Viewers and Profile Phishing Attempts to Steal

Blockers Your Login Info

Free technology Bogus Chat Messages

(iPad/iPhone/Xbox etc)
Shocking Headlines
Free Game Credits
Fake Celebrity Stories
Free Items, Gift Cards &
Tickets Help Im Stranded and Need
Money
Breaking News Stories

18

2017 ISACA. All Rights Reserved

BEING SAFE ONLINE?

Think before you click

If something looks too good to be true it probably is, free
usually isnt actually free!
Should anything online make you uncomfortable
TELL SOMEONE!
Dont post things online you wouldnt posted on the bulletin
board at your school or your refrigerator
Information you post can last longer than you think, be careful
NEVER share your password with anybody but your parents!
You are not alone - Tell a friend, tell a parent, tell a teacher, tell
a policeman

19

2017 ISACA. All Rights Reserved

SO YOU THINK YOU ARE READY FOR THE UNKNOWN?

20

2017 ISACA. All Rights Reserved

LAYERS OF THE INTERNET

Everyday The Google,Bing,Yahoo

Users Internet Online ecommerce, etc.

Semi-bad Adult / illegal Sites

guys/advanced Deep Web Scams
users Script Kiddies

Organized crime, Hard

Threat actors Core hackers, Illicit
Nation States DarkNet activities
Really Bad Guys Human trafficking,
Drugs, Weapons

21

2017 ISACA. All Rights Reserved

 DARKNET- IRC

Been around for years

Mostly chat rooms and file transfer
Some of the largest IRC servers:
Freenode
IRCNet
Quakenet
Efnet
Undernet
Rizon

22

2017 ISACA. All Rights Reserved

PURCHASE PASSPORTS

23

2017 ISACA. All Rights Reserved

WEAPONS FOR SALE

24

2017 ISACA. All Rights Reserved

FURTHER RESEARCH CONT

25

2017 ISACA. All Rights Reserved

MALWARE CODE

26

2017 ISACA. All Rights Reserved

CREDIT CARD FRAUD

27

2017 ISACA. All Rights Reserved

CREDIT CARD ADVERTISEMENT

28

2017 ISACA. All Rights Reserved

BITCOIN EXCHANGES

29

2017 ISACA. All Rights Reserved

BITCOIN MIXER

30

2017 ISACA. All Rights Reserved

DRUG MARKET - GRAMS

31

2017 ISACA. All Rights Reserved

DARKNET CLIENTS

32

2017 ISACA. All Rights Reserved

TOR BROWSER

The Onion Router (TOR)

Firefox based connects to TOR proxies
Purpose is to hide YOUR identity
Bounces connection to MANY proxies

33

2017 ISACA. All Rights Reserved

TOR BROWSER

34

2017 ISACA. All Rights Reserved

TOR CIRCUIT

35

2017 ISACA. All Rights Reserved

OTHER DARKNET

DarkNet-Peer-to-Peer (P2P)
Nodezilla
Vuze
Morpheus
Luckywire

36

2017 ISACA. All Rights Reserved

DARKNET-INVISIBLE INTERNET PROJECT (I2P)

Invisible Internet Project (I2P) adds another layer to normal internet based traffic. Similar to the
TOR network, I2P uses computers and servers running as an I2P node. Once you have installed the
I2P client software, it automatically adds your system to the known node list for others to relay
through, but you can control how many systems your computer is allowed to relay for

37

2017 ISACA. All Rights Reserved

THREAT INTELLIGENCE

What the bad Guys know about YOU

Before we go further, Be warned you are about to dive into the depths of
the DeepWeb and DarkNet
If you do it please do it securely
Never, ever do this on a government or corporate asset
Laptop
PDA
Tablet
Smartphone
Regardless of OS and security precautions
Only do this on personal devices, that have been secured
As in dont infect a machine that your children may log onto when you are at work

38

2017 ISACA. All Rights Reserved

SECURITY FIRST/WHAT YOU NEED

Secure Laptop/Tablet
Fully Patched, AV,AntiMalware all up to date
Install Timefreeze on the host (Free,Do not enable it yet)

Download VMWare Player Free

https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmw
are_workstation_player/12_0
Install another OS (preferably different than your host)
Secure,Patch the VM

Inside the VM
Install Sandboxie
http://www.sandboxie.com/index.php?DownloadSandboxie

39

2017 ISACA. All Rights Reserved

SECURITY FIRST/WHAT YOU NEED (CONTINUED)

Install TOR browser

https://www.torproject.org/

Almost done

Now go back to the host and enable Timefreeze

Be warned that while Timefreeze is enabled nothing will be able to write to the host
system OS or HDD. If you go to work on it later and shutdown, ALL of your work will be gone!!

Find the TOR browser icon on your desktop

Right Click on the icon, and select Run in Sandbox

40

2017 ISACA. All Rights Reserved

YOUR SETUP

Semi-Secure Setup

41

2017 ISACA. All Rights Reserved

ALTERNATIVES

Boot system on removable media (Thumb drive/DVD)

Good Alternatives
Kali Linux https://www.kali.org/downloads/
AnonymOS http://sourceforge.net/projects/anonym-os/

42

2017 ISACA. All Rights Reserved

YOUR FIRST SEARCH

43

2017 ISACA. All Rights Reserved

STARTPAGE

44

2017 ISACA. All Rights Reserved

LIST OF ONION SITES

45

2017 ISACA. All Rights Reserved

PROBLEMS WITH KEEPING DATA SECURE
By 2020 there will be somewhere between 26 and 30 billion devices
connected to the Internet.

Most organizations have no concept of data classification, let alone

understand WHERE their data resides.

How many of YOU know what your employees, vendor, partner, or your
supplier is doing with YOUR data? In the CLOUD?

How is your data being transmitted?

Wired?
Wireless?
SatCom?
SneakerNet?
Or Press Enter and Pray?

46

2017 ISACA. All Rights Reserved

YOU HAVE BEEN WARNED
most attacks against American companies have been
attempts to obtain confidential information, steal trade secrets
and gain competitive advantage. By contrast, the new attacks
seek to destroy data or to manipulate industrial machinery
and take over or shut down the networks that deliver energy
or run industrial processes. - New York Times

Port security used to be all about guns, guards and gates.

Now, operations at large ports are controlled entirely through
computers, modern technologies like GPS, WiFi towers, and
Internet connections. - US Coast Gd.

By the time we get to what we think is the proper level of

security, well learn about 10 more new things that expose us
to risks, said Eppinger. This is a journey where we never get
to the finish line. - IHS quoting Gary Eppinger,
Carnival Corporation

47

2017 ISACA. All Rights Reserved

DANGEROUS

From here you know enough to be dangerous

Just because of precautions taken doesn't mean that:
You wont download malware
Hackers cant get into your system
Law enforcement cant track you
P.S. if you end up in jail Jay said you could do it will get
you nowhere
P.S.S. And dont send me links to classified material on the
Net to my corporate email address, or any email address
for that matter.

48

2017 ISACA. All Rights Reserved

BUSINESS THREAT INTELLIGENCE
Business threat intelligence is very popular these days
Look up data and information on competitors
Look up information on employees
Hiring andFiring
Determine if employees or partners are leaking proprietary or confidential corporate
information
Determine if Hackers have already breached your defenses and selling corporate or customer
information (PII, CCdata, Health records)

49

2017 ISACA. All Rights Reserved

BUSINESS INTELLIGENCE

Many tools
Many services
Many Companies claiming to do it better than anyone else
Very few Actually are

Very Simple, to catch a Hacker you have to think like one. To catch a

Hacker, you have to know where he lives

To find your Corporate Data, you have to know where they put it The DarkNet

50

2017 ISACA. All Rights Reserved

WHAT IS THE TORNADO?
Collection Big Data User Interface
Analytics
Analyst Tools
Deep Internet Hadoop Elastic
Client Reports
Crawl Search Engine
ThreatAlerting

Index of TOR/Onion/DarkNet Data Sources for actionable threat intelligence.

All content in the Secure DB is collected exclusively by the OSINT Platform.
Collection activities are automated and continuous 24/7/365, crawling and indexing approximately 850,000
DarkNet websites and forums daily in 33 languages.
Content is captured anonymously using thousands of proxies and TOR nodes, and is viewed safely and securely via
the OSINT Platform Professional Tools Application in near-real time.
Crawlers focus on TOR, I2P, P2P websites, forums, and IRC channels in the Dark Net, but also capture high-interest
websites on the open Internet.
Content is indexed as unstructured data that includes body text or chat log text, as well as metadata (where
available) such as file size, IP address, country, and HTTP headers. Images, video, and audio files are not indexed.

51

2017 ISACA. All Rights Reserved

SECURE OSINT DARKNET DB
Capable of searching entire Internet
(Google,Yahoo,TOR, unregistered DNS systems)
Can search specific search terms
SSN:SSN
Top Secret ~10 (Top Secret within 10 words)
CCCount: [100 TO 1000] CC from 100 per pageto 1000
URL:IRC* ANDdhs
DHS OR "Department of Homeland Security")AND
("FOUO" OR "for official use only
"Fund The Islamic Struggle Without Leavinga Trace
https://blockchain.info/address/13Pcmh4dKJE8
Aqrhq4ZZwmM1sbKFcMQEEV

Can limit search to TOR networks only

52

2017 ISACA. All Rights Reserved

WHATS OUT THERE?

This individual has been posting his internal configurations all over the forum, internal IP
architecture etc. Needless to say the data has been replicated on several areas on the DarkNet.
(Those were traced back to this example)

53

2017 ISACA. All Rights Reserved

THIS IS JUST THE TIP OF THE ICEBERG

54

2017 ISACA. All Rights Reserved

Questions?

55

2017 ISACA. All Rights Reserved

THIS TRAINING CONTENT (CONTENT) IS PROVIDED TO YOU WITHOUT WARRANTY, AS IS AND WITH ALL
FAULTS. ISACA MAKES NO REPRESENTATIONS OR WARRANTIES EXPRESS OR IMPLIED, INCLUDING
THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR PERFORMANCE, AND NON-
INFRINGEMENT, ALL OF WHICH ARE HEREBY EXPRESSLY DISCLAIMED.
YOU ASSUME THE ENTIRE RISK FOR USE OF THE CONTENT AND ACKNOWLEDGE THAT: ISACA HAS
DESIGNED THE CONTENT PRIMARILY AS AN EDUCATIONAL RESOURCE FOR IT PROFESSIONALS AND
THEREFORE THE CONTENT SHOULD NOT BE DEEMED EITHER TO SET FORTH ALL APPROPRIATE
PROCEDURES, TESTS, OR CONTROLS OR TO SUGGEST THAT OTHER PROCEDURES, TESTS, OR
CONTROLS THAT ARE NOT INCLUDED MAY NOT BE APPROPRIATE; ISACA DOES NOT CLAIM THAT USE OF
THE CONTENT WILL ASSURE A SUCCESSFUL OUTCOME AND YOU ARE RESPONSIBLE FOR APPLYING
PROFESSIONAL JUDGMENT TO THE SPECIFIC CIRCUMSTANCES PRESENTED TO DETERMINING THE
APPROPRIATE PROCEDURES, TESTS, OR CONTROLS.

Copyright 2017 by the Information Systems Audit and Control Association, Inc. (ISACA). All rights reserved. This
webinar may not be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval system, or
transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise).
56

2017 ISACA. All Rights Reserved

THANK YOU
FOR ATTENDING THIS
WEBINAR

2017 ISACA. All Rights Reserved