1

Exploring the DarknetsSession 186, March 7, 2018

Stephen Heath, VP – Security, Intrinium

2

Stephen Heath

Has no real or apparent conflicts of interest to report.

Conflict of Interest

3

Agenda• What is the Darknet?

• How do you get on the Darknet?

• What can you find on the Darknet?

• How do Darknet criminals get caught?

• Q&A

4

Learning Objectives• Recognize how cyber-criminals operate within the marketplaces of

the darknet

• Contrast the reality of the darknet versus the urban legend created by sensationalized headlines

• Evaluate the risk of darknet usage within your organization

• Illustrate how stolen PHI and other PII is bought and sold

5

6

7

Tor• “The Onion Router”

• Distributed Network of relays around the world

• Encrypts communications

• Protects against surveillance and analysis

8

9

10

11

12

13

Disclaimer• This is the part where I start talking about criminal activity

• HIMSS actively discourages, and its employees are prohibited from, engaging in any illegal activity

• I (nor my employer/sponsors/etc.) do not condone this activity

• Topics discussed may be offensive to some people

• If you go on the darknet, you may see things you never wanted to see

• Do not do illegal stuff

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

How to criminals get caught?• Attacks against Tor

• 0-day attacks

• Bad OpSec / Metadata leaks

32

33

34

35

36

37

38

Protecting your networks• NextGen Firewalls

– Application control

– SSL Decrypt

• If you detect Tor activate Incident Reponse

– Employee is doing something they shouldn’t, or…

– Something/someone is in your network

39

Questions• Stephen Heath, VP, Security

• Intrinium.com

• Email: stephen.heath@Intrinium.com

• Twitter: @hackerhiker