the others sides - apdsiapdsi.pt/uploads/news/id1130/01 - luc billot... · luc billot cybersecurity...

Luc Billot

CyberSecurity Architect - Cisco

October 2017

Dark/Deep Net/Web

The Others Sides

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

• Welcome to the Deep Web – the part of the web that is invisible for the systems and search mechanisms in the internet. Social network, file share and photo sharing websites, airline booking systems and all kind of scientific data are inside the web. This hidden content is estimated to represent 94% to 96% of all world wide web which we cannot access from the traditional search engines.

• This Deep Web, with a cloak of invisibility that technology provides, allowed the use and growth of a new internet: decentralized, encrypted, dangerous e far beyond the law.

• While the vast majority of the Deep Web are dangerous websites with useful and relevant information, there is a portion of it that is accessed by the use of a resources called TOR, the darkest place on the internet. It is a collection of websites (with . onion extension), only accessible by this special software. This system is used by all of those that, in their online activity do not want to be traced. To do that, the underlying model allows a retransmission system that sends data between different computers using TOR across the world. In the last decade, it became a famous place for black markets that sell or distribute drugs (as an example, the famous Silk Road), stolen credit card data, porn, illegal media and many more.

• The Deep Web deserves, therefore, to be analysed in order to determine whether we should or not change the way we explore information and online elements. Questions such as privacy and the threats that can arise from it. We should understand what are the opportunities that are available to both organizations and individuals.

Abstract

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

This is what we, the web user, we see… with a Browser


How many of you are still using this …


This is what you can see with another well know browser : TOR


But there is another Reality Where is the problem ?


Dark Net Deep Net Dark Web Deep Web

X of the Surface


Deep Web


Deep/Dark Usage

Child pornography

Drugs

Counterfeit goods

Hacking information

Politics

Hardware/Softwareinformation

Art

Other/Unknown

telegraph.co.uk, 22 April 2014


Deep Side vs Dark Side

Deep Label Side :

End Users may use it without

knowing

WEB & Network Engineer

design them

• Overlay Networks

• P2P Networks

• Content Deliver Networks

• InterCloud Networks

Dark Label Side

• Where we have to be extremely careful

• Definition

• Usage

• Net vs Web

• Privacy & Encryption


Tentative Classification Deep WEB Layers


Level 5 Marianas Web

Hypothetical

Levels 6-8

• Where are conspiracy theorists.

• Level 6 : kind of firewall to restrict

user for going deeper.

• Level 7 : “The Fog” or PrimArch

super admin – geek net. Clearly

very dangerous, droppers &

Malwares, etc..

• Level 8 : PrimArch / may be AI

controlled running on quantum

computer.

• Deepest known level of the web

• A parallel naming with deepest Ocean Trench https://en.wikipedia.org/wiki/Mariana_Trench

• Extremely difficult to reach, safest web from a privacy point of view.

• Julian Assange and top-level Wikileaks members are conviced to get access.


What you don’t see with a Web Browser is not always BAD

• API usage for Cloud to

Cloud

• System Alerting & Real

Time Monitoring

• Etc..


API Access (cloud to cloud) – CASB example

ADMIN

OAUTH

ACCESS

Public APIs

Authorized

Cisco NGFW / Umbrella

Managed

Users

Managed

Devices

Managed

Network

Unmanaged

Users

Unmanaged

Devices

Unmanaged

Network


Cloud Web application usage – Monitoring


• Dedicated patched PC

• Advanced Malware Protection

• Virtual Machine

• Browser Plug-In

• TOR or others

• Not a Safe Place

Acces Deep Web


• Deep Web may have higher quality articles than the surface web (3 to 1 quality ration - BrightPlanet)

• DarkSearch / ipl2 / Infomine : Deep Web search engines

• https://thehiddenwiki.org/

• Information about past and present experiments and research

• Learn & know your enemy : hacking/virus creation tutorials / large hackers community & script kiddies/geek to learn from.

Art of War & Ethical Usage


https://www.torproject.org/index.html.en

The Onion Router

• U.S. Navy

• Communications

• Data Transmission

• Security through layers

of encrypted

communication between

nodes.

TOR


Access Through The Onion Router

• Build on a Firefox browser

• Simple, anyone can get it

• Host machine is untraceable

• Can stay anonymous

• Can access Darknet

• Can see .onion extensions

• Doesn’t protect against vulnerabilities

TOR CORE

TOR : Simplified WorkFlow (1)

TOR Directory

Toby’s TOR

Client get a

TOR Nodes list

from a TOR

directory server

TOR CORE

TOR : Simplifed WorkFlow (2)

TOR Directory

Toby’s TOR

client choose a

random path to

destination

server

Encrypted

Clear Text

TOR CORE

TOR : Simplifed WorkFlow (3)

TOR Directory

Toby’s TOR

Client will

choose another

random path

to the next

destination

server

Encrypted

Clear Text

Toby’s TOR

Client selected

HTTPS


The .Onion Domain


Real or Gov Agencies ?

TOR CORE

Fighting CyberCrime

ILLEGAL SITE

Security Agencies TOR is a key technology in the fight against organized crime on the internet

Agency IP Address Hidden from Site owner

ExiT Node Sniffing

Compromised TOR Node


Visibility on DeepWeb Traffic CTA : Cisco Threat Analysis Distinguishes TOR by time, sequences, and recognition of hidden IP’s

28


Others Tools and Virtual Networks


I2P : “Invisible Internet Project”

FREEnet

https://freenetproject.org/fr/index.html

https://geti2p.net/en/

Messages encrypted

Outbound and Inbound tunnels

Data exchange

First request have to be to I2P network’s

“database”

Distributed hash table


Don’t get Malware when looking at the deep dark side

• Keep monitoring Threat Intelligence to be up to date

• Trace File on your devices

the others sides - apdsiapdsi.pt/uploads/news/id1130/01 - luc billot... · luc billot cybersecurity...

Documents