Nitin Pandey at RUSSIAN IT SYNERGY 2019

Transcript

1. None

2. Здравствуйте Chelyabinsk नमस्ते

3. WHO AM I ? NITIN PANDEY CYBER SECURITY PROFESSIONAL CHAIRMAN

   OF NATIONAL INFORMATION SECURITY COUNCIL FOUNDER OF HACKERS DAY CEO & CTO OF CYBERSHRISTI INFOSOLUTIONS

4. CAFÉ AT THE END OF WEB

5. DEEP WEB ?

6. None

7. SURFACE WEB The Surface Web (also called the Visible Web,

   Indexed Web, Indexable Web or Lightnet) is the part of World Wide Web that is readily available to the general public and searchable with standard web search engines. CONTAINS APPROX. 35 TRILLION WEB PAGES

8. DEEP WEB

9. None
10. None

11. GOOGLE’S THEORY SHOW A LIE 100 TIMES TO THE PERSON

    , HE/SHE WILL BELIEVE IT’S TRUE !

12. THE DEEP WEB OR INVISIBLE WEB OR HIDDEN WEB ARE

    PARTS OF THE WORLD WIDE WEB WHOSE CONTENTS ARE NOT INDEXED BY STANDARD SEARCH ENGINES FOR ANY REASON. DEEP WEB

13. IN DEEP > about:deepweb  DEEP WEB CONTAINS AROUND 80%

    OF THE TOTAL WORLD WIDE WEB  REMAINING 20% IS SURFACE WEB (WHICH INCLUDES FACEBOOK , TWITTER , GOOGLE, INSTAGRAM ETC.)  THE MOST POPULAR SEARCH ENGINE GOOGLE CAN SEARCH ONLY 15% OF THE SURFACE WEB

14. DIFFERENCE BETWEEN DEEP WEB, DARK WEB AND DARKNET

15. DARK WEB DARK WEB IS A PART OF DEEP WEB

    WHICH ACTUALLY CONTAINS ILLEGAL DRUGS , RED ROOMS , SPAMMERS, PORN, HITMAN AND HACKING SERVICES ETC.

16. DARK WEB CONTAINS ILLEGAL CONTENT SUCH AS TERRORIST GROUPS &

    FORUMS CYBER CRIME SERVICES ILLEGAL MARKETPLACES CRYPTOCURRENCY SERVICES

17. DARK WEB CONTAINS HITMAN / CONTRACT KILLER

18. DARK WEB ALSO CONTAINS • SPAMMERS / SOCIAL ENGINEERS /

    DOXERS • RED ROOMS / SUICIDAL FORUMS • PEDO FILMS [CHILD PORN] • HITMAN / CONTRACT KILLERS / GUNS • HACKERS • THE MARKET PLACES • DATA LEAKS / 0 DAY EXPLOITS • DOXED INFORMATION

19. DARK NET DARK NETS ARE THE SPECIAL SOFTWARES OR PROXIES

    USED TO CONNECT TO THE DARK WEB.

20. SOME OF THE DARK NETS WE ARE USING TODAY •

    TOR (THE ONION ROUTER) • I2P (INVISIBLE INTERNET PROJECT) • FREENET • ZERONET • HORNET (UPCOMING)

21. USER TOR I2P FREENET / ZERONET PROXIES DEEP WEB DARK

    WEB DARK NET DEEP WEB AND DARK WEB

22. I2P THE INVISIBLE INTERNET PROJECT [I2P] IS AN ANONYMOUS NETWORK

    LAYER THAT ALLOWS FOR CENSORSHIP-RESISTANT, PEER TO PEER COMMUNICATION.

23. • ZERONET IS AN OPEN SOURCE DECENTRALIZED WEB-LIKE NETWORK OF

    PEER-TO-PEER USERS. IT IS BUILT IN PYTHON LANGUAGE. INSTEAD OF HAVING AN IP ADDRESS, SITES ARE IDENTIFIED BY A PUBLIC KEY. • IT PROVIDES SO MANY SERVICES SUCH AS ZEROMAIL, ZEROSITES, ZEROBLOGS ETC. • NO PASSWORD IS REQUIRED! • BROWSE THE SITES YOU'RE SEEDING EVEN WITHOUT INTERNET CONNECTION

24. PEER TO PEER [P2P] IN A P2P [PEER TO PEER]

    NETWORK, THE "PEERS" ARE COMPUTER SYSTEMS WHICH ARE CONNECTED TO EACH OTHER VIA INTERNET. FILES CAN BE SHARED DIRECTLY BETWEEN SYSTEMS ON THE NETWORK WITHOUT THE NEED OF A CENTRAL SERVER

25. TOR ( THE ONION ROUTER ) TOR IS FREE SOFTWARE

    AND AN OPEN NETWORK FOR ENABLING ANONYMOUS COMMUNICATION. TOR WAS ORIGINALLY CALLED "THE ONION ROUTER‖
26. None
27. None

28. TOR INSTALLATION NOTE: TOR IS NOT ABOUT BUYING ILLEGAL DRUGS

    OR WATCHING PEDO FILMS TOR IS ALL ABOUT ANONYMITY AND PRIVACY

29. TOR FLOW DATA FLOW IN THE TOR NETWORK https://torflow.uncharted.software/?source=post_page----- 1482a44bfe8e----------------------#?ML=-

    37.70507812499999,43.26120612479979,3

30. TOR FLOW

31. DISCLAIMER & WARNING I DO NOT ENCOURAGE ACCESSING THE DARK

    WEB SITES IN ANY WAY. IT’S JUST AN EDUCATIONAL GUIDE TO ENLIGHTEN YOU ON THE FACTS ABOUT IT. TO BROWSE DEEP WEB SAFELY, ALWAYS USE VPN SERVICE. NEVER GO WITH FREE SERVICES SINCE THEY DON’T PROVIDE WHAT THEY EXACTLY CLAIM. I WILL PERSONALLY RECOMMEND TO USE NORDVPN WITH TOR BROWSER. IF YOU ARE THINKING YOU ARE BROWSING TOR THEN YOU ARE SAFE. YOU ARE WRONG ! NO! YOU ARE NOT SAFE!! TOR DOESN’T PROVIDE FULL SECURITY AND ANONYMITY. SO FOR SAFE AND ANONYMOUS BROWSING ALWAYS FIRST RUN VPN THEN START TOR BROWSER THEN START SURFING DARK WEB.

32. RISKS OF USING TOR • JAVASCRIPT • VOLUNTEERING AS AN

    EXIT NODE • INTELLIGENCE SERVICES [SUCH AS FBI]

33. JAVA </SCRIPT> • ATTACKERS AND AGENCIES USE JAVASCRIPT TO INJECT

    AND FIND USER’S REAL IP ADDRESS • 80% OF THE TOR USERS USE TOR FOR REGULAR INTERNET USAGE • IN THOSE 80% , 60% DON’T KNOW WHAT IS JAVASCRIPT AND NoScript ADDON • SO TARGETTING TOR USERS BECOME SO EASY BECAUSE OF THESE THREAT CAUSERS • THOUGH REAL TOR USERS ARE NOT AFFECTED

34.  EXIT NODES ARE THE GATEWAYS WHERE ENCRYPTED TOR TRAFFIC

    HITS THE INTERNET. THIS MEANS AN EXIT NODE CAN BE ABUSED TO MONITOR TOR TRAFFIC (AFTER IT LEAVES THE ONION NETWORK)  THIS IS VERY DANGEROUS TO RUN EXIT NODE FROM YOUR HOME  BECAUSE THERE ARE MANY CHANCES TO TAG YOUR IP FOR ALL THE ILLEGAL TRAFFIC RUNNING THROUGH YOUR SERVER  SO IT IS MY RECOMMENDATION NOT TO RUN EXIT NODES FROM YOUR HOME IF THEY CAN’T DECRYPT, THEY WILL ARREST YOU ! VOLUNTEERING AS AN EXIT NODE

35. • MANY CASES REGISTERED BY JUST RUNNING EXIT NODES AND

    GET CAUGHT FOR OTHERS ACTS • EVENTHOUGH YOU ARE JUST RUNNING EXIT NODE AND NOT MAKING ANY ILLEGAL TRAFFIC • FEDS KNOCKING DOOR AT 6 AM WON’T LISTEN TO YOUR STORIES • OLDAGE JUDGE EVEN DOESN’T UNDERSTAND WHAT THE FISH THIS TOR IS CAN CHARGE YOU WITH FINE AND IMPRISONMENT
36. None

37. WHAT TOR CANNOT DO ?? TOR CANNOT PROTECT YOU FROM

    ATTACHMENTS 1. TOR WON'T PROTECT YOU , IF YOU RUN EXECUTABLES LIKE FLASH VIDEOS, CODES, BROWSER EXECUTABLES AND EXE’S 2. YOU NEED TO BE SMART ENOUGH TO KNOW WHAT YOU NEED TO EXECUTE AND WHAT NEED NOT TO BE 3. SOME SAYS IT’S OPTIONAL BUT IT IS NOT! BECAUSE LEARNING RUSSIAN IS COMPULSORY IF YOU ARE GOING TO STAY IN RUSSIA

38. TOR CANNOT CLOAK YOUR IDENTITY 1. TOR PROVIDES ONLY ANONYMITY

    2. YOU ARE RESPONSIBLE FOR YOUR OWN PRIVACY 3. USERS SHOULD NOT REVEAL THEIR ORIGINAL IDENTITY ON TOR 4. USERS SHOULD NOT USE SAME USERNAME AND PASSWORDS ON EVERY FORUM OR SITES THEY VISIT 5. USERS SHOULD NOT USE IDENTITY WHICH IS RELATED TO SURFACE WEB ACCOUNTS

39. LEGAL DARK WEB SERVICES SOCIAL MEDIA LEGAL MARKETS CASE STUDY

    MATERIALS FOR RESEARCH JOURNALISM

40. LEGAL DARK WEB SERVICES WIKILEAKS WHICH SHOCKED THE WHOLE WORLD

    IS AN INTERNATIONAL NON- PROFIT ORGANISATION THAT PUBLISHES NEWS LEAKS AND CLASSIFIED MEDIA PROVIDED BY ANONYMOUS SOURCES. ITS WEBSITE, INITIATED IN 2006 IN ICELAND BY THE ORGANISATION SUNSHINE PRESS, CLAIMED IN 2016 TO HAVE RELEASED ONLINE 10 MILLION DOCUMENTS IN ITS FIRST 10 YEARS.

41. MEDIA ACCORDING TO MEDIA : DARK WEB IS FULL OF

    TERRORISM , PEDO FILMS , RED ROOMS AND DRUGS , BUT IN REALITY MAJOR PART OF DARK WEB ARE ―BLANK PAGES‖

42. REALITY HIDDEN SERVICES TRAFFIC IS ONLY 3% [2016] IMPOSSIBLE THINGS

    MADE POSSIBLE BY MEDIA BEFORE POSTING SOME RANDOM CONTENTS , THEY SHOULD THINK OF THE TECHNOLOGY BEHIND IT

43. ILLEGAL DARK WEB SERVICES

44. None
45. None

46. BUT ON JULY 20, 2017

47. TERRORIST FORUMS & CONVERSATIONS

48. UNIVERSITY OF CALIFORNIA, 2001 1 PETABYTE=1 MILLION GB

49. None

50. HUNDREDS MORE CAME AS REPLACEMENT OF SILK ROAD

51. None

52. HACKERS SELL MALWARES & RANSOMWARES TO MAKE MONEY TOR IS

    AN OPEN SOURCE PROJECT BUT ACCORDING TO THE REPORT OF ―THE GUARDIAN‖ US GOVT IS FUNDING TOR MAIN TARGET WAS TAKING DOWN PEDO FILM SITES

53. SEARCH ENGINES  The Hidden Wiki http://thehiddenwiki.org  Not evil

    https://www.hss3uro2hsxfogfq.onion.ws/  Onion.to  Memex  Surfwax  Freebase  techdeepweb

54. CASE STUDY

55. AL NOOR MOSQUE CHRISTCHURCH NEW ZEALAND ATTACK  ON MARCH

    15, 2019 1:40 PM [NZDT] BRENTON HARRISON TARRANT, A 28-YEAR-OLD AUSTRALIAN MAN ARRIVED AT AL NOOR MOSQUE, CHRISTCHURCH, NEW ZEALAND.  STARTED LIVE STREAMING ON FACEBOOK  BEGAN SHOOTING WORSHIPPERS AND KILLED 51 PEOPLE.  FACEBOOK REMOVED THE VIDEO WITHIN FEW MINUTES AND CLAIMED FEWER THAN 200 PEOPLE WATCHED LIVE BROADCAST.

56. AL NOOR MOSQUE CHRISTCHURCH NEW ZEALAND ATTACK

57. AL NOOR MOSQUE CHRISTCHURCH NEW ZEALAND ATTACK  IF YOU

    GOOGLE OR YOUTUBE ―CHRISTCHURCH MOSQUE ATTACK FULL VIDEO‖  AFTER LOOKING AT SEARCH RESULTS  YOU WON’T FIND THE VIDEO OF THE ATTACK (EXCEPT SOME PICTURES) BECAUSE IT HAS BEEN REMOVED FROM SURFACE WEB.  NEW ZEALAND GOVT EVEN ARRESTED A GUY FOR SHARING THE VIDEO.

58. AL NOOR MOSQUE CHRISTCHURCH NEW ZEALAND ATTACK

59. AL NOOR MOSQUE CHRISTCHURCH NEW ZEALAND ATTACK NOW IF WE

    OPEN TOR BROWSER AND ENTER THIS URL: http://beepedjhffvat3uwij5fxny72vlj7ugqb67ippjebis e6adxf73y3uqd.onion/t/dd8a91290cde56d40930f87 a86580e1d80a07bd0/?lang=en#5c67af5d22f611ea8 b3c7ea063013fc824b2337e

60. DEMO

61. AL NOOR MOSQUE CHRISTCHURCH NZ ATTACK (CASE STUDY)

62. AL NOOR MOSQUE CHRISTCHURCH NZ ATTACK (CASE STUDY)

63. AL NOOR MOSQUE CHRISTCHURCH NZ ATTACK AS WE CAN SEE,

    THE FULL VIDEO IS AVAILABLE ON DARK WEB WHICH IS COMPLETELY REMOVED FROM EVERYWHERE ON SURFACE WEB

64. DARKNET SERVICES

65. None

66. RED ROOMS DICLAIMER I DO NOT ENCOURAGE ACCESSING THE RED

    ROOM IN ANY WAY. IT’S JUST AN EDUCATIONAL GUIDE TO ENLIGHTEN YOU ON THE FACTS ABOUT THE RED ROOM.

67. RED ROOM RED ROOM IS SUCH SITES WHICH DELIVER STREAMING

    LIVE SHOWS, THESE LIVE SHOWS HAVE MIND DISTURBING CONTENTS LIKE AS PREVIOUSLY DEFINE MURDER, RAPE, TORTURES, SNUFF AND SO ON, HERE SITE ADMINS SALE SHOWS ACCESS IN VERY HIGH BITCOIN PRICE. THESE ACCESS PLANS HAVE SPECIFIC ON DEMAND FEATURES, LIKE AS CLIENT CAN REQUEST FOR ANY TYPE ACTIONS LIKE SLAPPING, KILLING, FIGHTING, CUTTING ANY BODY PART OR ANYTHING ELSE.

68. RED ROOM

69. RED ROOM

70. RED ROOM

71. SOME CASES OF RED ROOM 1. ISIS SAID THAT THEY

    WILL BEHEAD THE TURKISH SOLDIER ON SOME SPECIFIC DATE AND SPECIFIC TIME AND IT WILL BE LIVE ! 2. ―THE DAISY DESTRUCTION‖ WHICH SHOOK THE INTERNET WORLD AND IT IS ONE OF THE MOST HORRIFIC CASE UNTIL NOW OF CHILD ABUSE

72. MARIANAS WEB • THE LEGEND OF MARIANA’S WEB APPEARS TO

    GET ITS NAME FROM THE DEEPEST PART OF THE OCEAN, MARIANA’S TRENCH. • IT’S SUPPOSEDLY THE DEEPEST PART OF THE WEB, A FORBIDDEN PLACE OF MYSTERIOUS EVIL OR AT LEAST, THAT’S THE MYTHS A SUBSET OF ONLINE BELIEVERS HAS CULTIVATED. • IT IS ALSO KNOWN AS ZION, DOMAINS USE A .clos DOMAIN & .loky DOMAINS & CAN BE ACCESSED ONLY BY QUANTUM COMPUTING. • INFO ON HOW TO ACCESS THIS PART OF WEB IS VERY DIFFICULT TO FIND, SO LOTS OF PEOPLE DON’T BELIEVE IT.  NOTE: THERE IS NO OFFICIAL CONFIRMATION OF MARIANA’S WEB EXISTENCE!

73. SECURE YOURSELF ―THEY‖ ARE WATCHING

74. IS VISITING DARK WEB ILLEGAL? SURFING DARK WEB IS NOT

    ILLEGAL BUT ALSO IT’S NOT LEGAL ! WHY? BECAUSE: • YOU CAN ACCIDENTALLY GET INVOLVED IN ILLEGAL STUFF • YOU CAN BE TRACED • YOU CAN END UP BEHIND BARS IF YOU TRY TO BUY ILLEGAL STUFF SUCH AS ARMS, DRUGS, ILLEGAL HACKING ACTIVITY, CARDING, CHILD PORN ETC.

75. INTELLIGENCE AGENCIES CASE 1 FREEDOM HOSTING • IN 2013, FBI

    MANAGED TO INFILTRATE ―FREEDOM HOSTING‖, A HOSTING OPERATION SERVING CHILD PORNOGRAPHY SITES. • IT INSERTED AN EXPLOIT KIT WHICH TARGETED A VULNERABILITY IN FIREFOX 17 (USED IN TOR BROWSER) • THIS RESULTED IN THE DOWNLOAD OF A FILE WHICH WOULD REPORT BACK THE IDENTITY OF THE USER. • RESULTED IN THE ARRESTS OF THE OWNER, AND MANY OF THE CONSUMERS

76. INTELLIGENCE AGENCIES CASE 2 WELCOME TO VIDEO • CHILD SEX

    ABUSE MARKETPLACE WITH MORE THAN 8 TERABYTES OF DATA • USED BITCOIN [7300] RECORDED TRANSACTIONS FROM MORE THAN 1 MILLION USER ADDRESSES • NATIONAL CRIME AGENCY USED BITCOIN TRANSACTION ANALYSIS TO IDENTIFY USERS • ARRESTS OF 337 USERS MADE IN 38 COUNTRIES & 23 ABUSED CHILDREN IDENTIFIED AND RESCUED • ABUSERS FOUND!! NOT BY USING OFFENSIVE HACKING, BUT BY SIMPLY TRACING BITCOIN TRANSACTIONS

77. DETECTION CASE 1 EMPLOYEES ACCESS DARK WEB SITES

78. DETECTION CASE 2 EMPLOYEES HOSTING DARK WEB SITES

79. DETECTION CASE 3 TOR DETECTION BY RELAY ADDRESSES EXAMPLE: https://check.torproject.org/exit-addresses

    (exit nodes only)

80. CHALLENGES  STILL TRACING SO MANY HIDDEN ILLEGAL SERVICES RUNNING

    ON DARK WEB IS A BIG CLALLENGE  HORNET – TOR-STYLE NEW ANONYMOUS DARK WEB BROWSER THAT ALLOWS HIGH-SPEED AND MORE ANONYMOUS WEB BROWSING  ETHER – MORE SECURED CYPTOCURRENCY WHICH MAKES AGENCIES MORE DIFFICULT TO TRACE

81. ETHER  ETHER IS A PART OF ETHEREUM WHICH IS

    AN OPEN SOURCE, PUBLIC, BLOCKCHAIN BASED DISTRIBUTED COMPUTING PLATFORM & OPERATING SYSTEM.  ETHER IS MORE SECURED CYPTOCURRENCY GENERATED BY ETHEREUM.  IT IS BASED ON BLOCKCHAIN TECHNOLOGY & HAS ITS OWN VIRTUAL MACHINE [ETHEREUM VIRTUAL MACHINE]  ETHER IS FAST AND MORE SECURED [HARD TO TRACE]  GETS CRITICISM THAT CRIMINALS ARE USING ETHER CYPRO FOR ILLEGAL ACTIVITIES.

82. DARK WEB IS MORE ABOUT THE TECHNOLOGY THAN THE CONTENT

    !

83. GENERAL SECURITY PRECAUTIONS WHEN POSTING ONLINE OR SURFING DARK WEB

84. • ALWAYS USE VPN WHILE SURFING DARK WEB • NEVER

    POST YOUR PERSONAL DETAILS SUCH AS REAL NAME, CONTACT DETAILS, EMAIL ID ETC. ON DARK WEB • DO NOT VISIT ILLEGAL SITES ON DARK WEB • NEVER COMMUNICATE WITH ILLEGAL STUFF SELLERS ON DARK WEB • TRY TO SURF TOR IN VIRTUAL MACHINES • STAY ANONYMOUS AND USE IT FOR GOOD THINGS ONLY

85. CONCLUSION EVEN THOUGH A MAJORITY OF THE WEBSITES ON THE

    DARK WEB DEAL WITH ILLEGAL ACTIVITIES, WEBSITES SUCH AS FACEBOOK, THE INTERCEPT, PROPUBLICA HAVE A VERSION WITH .ONION URL — NOTHING ILLEGAL HAPPENING HERE. JOURNALISTS, WHISTLEBLOWERS AND INTERNET ACTIVISTS USE THE DARK WEB TO CIRCUMVENT RESTRICTIONS AS WELL AS TO MAINTAIN ANONYMITY AND PRIVACY WHILE EXCHANGING INFORMATION. NO TOOL ON THE INTERNET IS BAD IN ESSENCE, BUT IT’S THE REASON IT’S BEING USED FOR THAT MAKES IT SO. SIMILARLY, THE DARK WEB ISN’T COMPLETELY A THING OF EVIL.

86. INDIA LOVE RUSSIA

87. Спасибо NITIN PANDEY +91 8922929191 EMAIL- [email protected] Facebook/ Instagram /Twitter-

    initinpandey LinkedIn- initinpandey1 RUSSIAN IT SYNERGY 2019