The clandestine data hosted within the Dark Web is not secret anymore and has been compromised.

A group affiliated with hacker collective Anonymous has managed to bring down one fifth of Tor-based websites in a vigilante move. The group infiltrated the servers of Freedom Hosting II and took down almost 10,000 websites as they were sharing child porn.

For the unfamiliar, Dark Web is a part of World Wide Web that exists on overlay networks and darknets. Dark Webs uses public Internet but access to it can only be gained through some specific software, authorization codes or a particular configuration.

The Dark Web or Deep Web as some call it, in not listed by search engines and keeps the identity and activity of the user anonymous.

Freedom Hosting II is the single largest host of sites on the Dark Web. The hacker group has managed to breach down the servers of the host and currently, has access to gigabytes of data that they managed to download from the service.

Looks like Freedom Hosting II got pwned. They hosted close to 20% of all dark web sites (previous @OnionScan report) https://t.co/JOLXFJQXiH

— Sarah Jamie Lewis (@SarahJamieLewis) February 3, 2017

Dark Web researcher Sarah Jamie Lewis states that, Freedom Hosting II hosts almost 15 percent to 20 percent of all underground sites on the Dark Web.

“Since OnionScan started in April we have observed FHII hosting between 1500 and 2000 services or about 15-20% of the total number of active sites in our scanning lists,” stated Lewis in her OnionScan 2016 report.

All these underground websites hosted by Freedom Hosting II are .onion and can be accessed through browser Tor.

People visiting the hacked websites were greeted with the message: “Hello, Freedom Hosting II, you have been hacked.”

A petty ransom of 0.1 bitcoin, which is about $100 in today’s exchange rate, has been demanded by the hackers who managed to compromise and download 75 GB of files and 2.6 GB of database from the host servers.

The Anonymous affiliated hackers shared that it decided to attack Freedom Hosting II servers as it learnt that the host was managing child pornography sites and they have zero tolerance for the same. About half of the data downloaded contains child pornography.

The hackers claim they found 10 child pornography sites with almost 30 GB of files and asserts that Freedom Hosting II was aware of these sites and had their content.

“This suggests they paid for hosting and the admin knew of those sites. That’s when I decided to take it down instead,” said the hacker group to Motherboard.

Although it is tough to believe the claims of the hacker group, it does fall in line with past history of the previous Dark Web hosting companies. The original version of Freedom Hosting was prosecuted for child pornography in 2013 by law enforcement officials.

The hackers which took down Freedom Hosting confessed to Motherboard that it was their first hack. The leaked data may now attract law enforcement officials in intervening and it would not be too surprising to hear of arrests since this data could be used in many ways.


Source : http://www.themarshalltown.com/anonymous-attack-thousands-of-websites-on-the-dark-web/19265

Categorized in Deep Web
Washington, Feb 6 (Prensa Latina) The Dark Web, the darkest part of so-called Deep Web, was hacked to expose pages with enormous amounts of children''s pornography to the authorities, Motherboard platform reported Monday.
It is known as Deep Web the pages that carry every content that is not found on superficial Internet or in public nets. It constitutes 90 percent of everything published in the Internet but it cannot be searched by using traditional search engines like GOOGLE, YAHOO or BING.

The hacker responsible for the attack made public the content of more than 10,000 websites hidden in the Internet, which up to now, were only available through a program called THOR.

The action was against a website called Freedom Hosting II, a service to place websites in the Dark Web, which has been involved in polemic issues, linked to child pornography.

According to the hacker, the attack was due to the fact that at least, 50 percent of the files in those servers working for Freedom Hosting II corresponded to child pornography and frauds, through messages that have been shown.

The Deep Web is inaccessible for most of the Internet users, due to the limitations of the public network for access to all the websites; also, the majority of the content in the Deep Web is generated dynamically, so it is difficult to search them through traditional search engines.

That is why many international organizations have qualified the Deep Web as a refuge for criminals and a place to publish illegal content.

According to experts, what is more rampant in this sector of the network are scams, since the only thing that protects users in the Deep Web is common sense.
Categorized in Deep Web

Much of the data of the World Wide Web hides like an iceberg below the surface. The so-called 'deep web' has been estimated to be 500 times bigger than the 'surface web' seen through search engines like Google. For scientists and others, the deep web holds important computer code and its licensing agreements. Nestled further inside the deep web, one finds the 'dark web,' a place where images and video are used by traders in illicit drugs, weapons, and human trafficking. A new data-intensive supercomputer called Wrangler is helping researchers obtain meaningful answers from the hidden data of the public web.

The Wrangler supercomputer got its start in response to the question, can a computer be built to handle massive amounts of I/O (input and output)? The National Science Foundation (NSF) in 2013 got behind this effort and awarded the Texas Advanced Computing Center (TACC), Indiana University, and the University of Chicago $11.2 million to build a first-of-its-kind data-intensive supercomputer. Wrangler's 600 terabytes of lightning-fast flash storage enabled the speedy reads and writes of files needed to fly past big data bottlenecks that can slow down even the fastest computers. It was built to work in tandem with number crunchers such as TACC's Stampede, which in 2013 was the sixth fastest computer in the world.

While Wrangler was being built, a separate project came together headed by the Defense Advanced Research Projects Agency (DARPA) of the U.S. Department of Defense. Back in 1969, DARPA had built the ARPANET, which eventually grew to become the Internet, as a way to exchange files and share information. In 2014, DARPA wanted something new - a search engine for the deep web. They were motivated to uncover the deep web's hidden and illegal activity, according to Chris Mattmann, chief architect in the Instrument and Science Data Systems Section of the NASA Jet Propulsion Laboratory (JPL) at the California Institute of Technology.

"Behind forms and logins, there are bad things. Behind the dynamic portions of the web like AJAX and Javascript, people are doing nefarious things," said Mattmann. They're not indexed because the web crawlers of Google and others ignore most images, video, and audio files. "People are going on a forum site and they're posting a picture of a woman that they're trafficking. And they're asking for payment for that. People are going to a different site and they're posting illicit drugs, or weapons, guns, or things like that to sell," he said.

Mattmann added that an even more inaccessible portion of the deep web called the 'dark web' can only be reached through a special browser client and protocol called TOR, The Onion Router. "On the dark web," said Mattmann, "they're doing even more nefarious things." They traffic in guns and human organs, he explained. "They're basically doing these activities and then they're tying them back to terrorism."

In response, DARPA started a program called Memex. Its name blends 'memory' with 'index' and has roots to an influential 1945 Atlantic magazine article penned by U.S. engineer and Raytheon founder Vannevar Bush. His futuristic essay imagined making all of a person's communications - books, records, and even all spoken and written words - in fingertip reach. The DARPA Memex program sought to make the deep web accessible. "The goal of Memex was to provide search engines the information retrieval capacity to deal with those situations and to help defense and law enforcement go after the bad guys there," Mattmann said.

Karanjeet Singh is a University of Southern California graduate student who works with Chris Mattmann on Memex and other projects. "The objective is to get more and more domain-specific (specialized) information from the Internet and try to make facts from that information," said Singh said. He added that agencies such as law enforcement continue to tailor their questions to the limitations of search engines. In some ways the cart leads the horse in deep web search. "Although we have a lot of search-based queries through different search engines like Google," Singh said, "it's still a challenge to query the system in way that answers your questions directly."

Once the Memex user extracts the information they need, they can apply tools such as named entity recognizer, sentiment analysis, and topic summarization. This can help law enforcement agencies like the U.S. Federal Bureau of Investigations find links between different activities, such as illegal weapon sales and human trafficking, Singh explained.

"Let's say that we have one system directly in front of us, and there is some crime going on," Singh said. "The FBI comes in and they have some set of questions or some specific information, such as a person with such hair color, this much age. Probably the best thing would be to mention a user ID on the Internet that the person is using. So with all three pieces of information, if you feed it into the Memex system, Memex would search in the database it has collected and would yield the web pages that match that information. It would yield the statistics, like where this person has been or where it has been sited in geolocation and also in the form of graphs and others."

"What JPL is trying to do is trying to automate all of these processes into a system where you can just feed in the questions and and we get the answers," Singh said. For that he worked with an open source web crawler called Apache Nutch. It retrieves and collects web page and domain information of the . The MapReduce framework powers those crawls with a divide-and-conquer approach to big data that breaks it up into small pieces that run simultaneously. The problem is that even the fastest computers like Stampede weren't designed to handle the input and output of millions of files needed for the Memex project.

The World Wide Web is like an iceberg, with most of its data hidden below the surface. There lies the 'deep web,' estimated at 500 times bigger than the 'surface web' that most people see through search engines like Google. A innovative

The Wrangler data-intensive supercomputer avoids data overload by virtue of its 600 terabytes of speedy flash storage. What's more, Wrangler supports the Hadoop framework, which runs using MapReduce. "Wrangler, as a platform, can run very large Hadoop-based and Spark-based crawling jobs," Mattmann said. "It's a fantastic resource that we didn't have before as a mechanism to do research; to go out and test our algorithms and our new search engines and our crawlers on these sites; and to evaluate the extractions and analytics and things like that afterwards. Wrangler has been an amazing resource to help us do that, to run these large-scale crawls, to do these type of evaluations, to help develop techniques that are helping save people, stop crime, and stop terrorism around the world."

Singh and Mattmann don't just use Wrangler to help fight crime. A separate project looks for a different kind of rule breaker. The Distributed Release Audit Tool (DRAT) audits software licenses of massive code repositories, which can store hundreds of millions of lines of code and millions of files. DRAT got its start because DARPA needed to audit the massive code repository of its national-scale 100-million-dollar-funded presidential initiative called XDATA. Over 60 different kinds of software licenses exist that authorize the use of code. What got lost in the shuffle of XDATA is whether developers followed DARPA guidelines of permissive and open source licenses, according to Chris Mattmann.

Mattmann's team at NASA JPL initially took the job on with an Apache open source tool called RAT, the Release Audit Tool. Right off the bat, big problems came up working with the big data. "What we found after running RAT on this very large code repository was that after about three or four weeks, RAT still hadn't completed. We were running it on a supercomputer, a very large cloud computer. And we just couldn't get it to complete," Mattmann said. Some other problems with RAT bugged the team. It didn't give status reports. And RAT would get hung up checking binary code - the ones and zeroes that typically just hold data such as video and were not the target of the software audit.

Mattmann's team took RAT and tailored it for parallel computers with a distributed algorithm, mapping the problem into small chunks that run simultaneously over the many cores of a supercomputer. It's then reduced into a final result. The MapReduce workflow runs on top of the Apache Object Oriented Data Technology, which integrates and processes scientific archives.

The distributed version of RAT, or DRAT, was able to complete the XDATA job in two hours on a Mac laptop that previously hung up a 24-core, 48 GB RAM supercomputer at NASA for weeks. DRAT was ready for even bigger challenges.

"A number of other projects came to us wanting to do this," Mattmann said. The EarthCube project of the National Science Foundation had a very large climate modeling repository and sought out Mattmann's team. "They asked us if all these scientists are putting licenses on their code, or whether they're open source, or if they're using the right components. And so we did a very big, large auditing for them," Mattmann said.

"That's where Wrangler comes in," Karanjeet Singh said. "We have all the tools and equipment on Wrangler, thanks to the TACC team. What we did was we just configured our DRAT tool on Wrangler and ran distributedly with the compute nodes in Wrangler. We scanned whole Apache SVN repositories, which includes all of the Apache open source projects."

The project Mattmann's team is working on early 2017 is to run DRAT on the Wrangler supercomputer over historically all of the code that Apache has developed since its existence - including over 200 projects with over two million revisions in a code repository on the order of hundreds of millions to billions of files.

"This is something that's only done incrementally and never done at that sort of scale before. We were able to do it on Wrangler in about two weeks. We were really excited about that," Mattmann said.

Apache Tika formed one of the key components to the success of DRAT. It discerns Multipurpose Internet Mail Extensions (MIME) file types and extracts its metadata, the data about the data. "We call Apache Tika the 'babel fish,' like 'The Hitchhiker's Guide to the Galaxy,'" Mattmann said. "Put the babel fish to your ear to understand any language. The goal with Tika is to provide any type of file, any file found on the Internet or otherwise to it and it will understand it for you at the other end...A lot of those investments and research approaches in Tika have been accelerated through these projects from DARPA, NASA, and the NSF that my group is funded by," Mattmann said.

When data's deep, dark places need to be illuminated

File type breakdown of XDATA. Credit: Chris Mattmann

"A lot of the metadata that we're extracting is based on these machine-learning, clustering, and named-entity recognition approaches. Who's in this image? Or who's it talking about in these files? The people, the places, the organizations, the dates, the times. Because those are all very important things. Tika was one of the core technologies used - it was one of only two - to uncover the Panama Papers global controversy of hiding money in offshore global corporations," Mattmann said.

Chris Mattmann, the first NASA staffer to join the board of the Apache Foundation, helped create Apache Tika, along with the scalable text search engine Apache Lucerne and the search platform Apache Solr. "Those two core technologies are what they used to go through all the leaked (Panama Papers) data and make the connections between everybody - the companies, and people, and whatever," Mattmann said.

Mattmann gets these core technologies to scale up on supercomputers by 'wrapping' them up on the Apache Spark framework software. Spark is basically an in-memory version of the Apache Hadoop capability MapReduce, intelligently sharing memory across the compute cluster. "Spark can improve the speed of Hadoop type of jobs by a factor of 100 to 1,000, depending on the underlying type of hardware," Mattmann said.

"Wrangler is a new generation system, which supports good technologies like Hadoop. And you can definitely run Spark on top of it as well, which really solves the new technological problems that we are facing," Singh said.

Making sense out of  guides much of the worldwide efforts behind 'machine learning,' a slightly oxymoronic term according to computer scientist Thomas Sterling of Indiana University. "It's a somewhat incorrect phrase because the machine doesn't actually understand anything that it learns. But it does help people see patterns and trends within data that would otherwise escape us. And it allows us to manage the massive amount and extraordinary growth of information we're having to deal with," Sterling said in a 2014 interview with TACC.

One application of machine learning that interested NASA JPL's Chris Mattmann is TensorFlow, developed by Google. It offers  commodity-based access to very large-scale machine learning. TensorFlow's Inception version three model trains the software to classify images. From a picture the model can basically tell a stop sign from a cat, for instance. Incorporated into Memex, Mattmann said Tensorflow takes its web crawls of images and video and looks for descriptors that can aid in "catching a bad guy or saving somebody, identifying an illegal weapon, identifying something like counterfeit electronics, and things like this."

"Wrangler is moving into providing TensorFlow as a capability," Mattmann said. "One of the traditional things that stopped a regular Joe from really taking advantage of large-scale machine learning is that a lot of these toolkits like Tensorflow are optimized for a particular type of hardware, GPUs or graphics processing units." This specialized hardware isn't typically found in most computers.

"Wrangler, providing GPU-types of hardware on top of its petabyte of flash storage and all of the other advantages in the types of machines it provides, is fantastic. It lets us do this at very large scale, over lots of data and run these machine learning classifiers and these tool kits and models that exist," Mattmann said.

What's more, Tensorflow is compute intensive and runs very slowly on most systems, which becomes a big problem when analyzing millions of images looking for needles in the haystack. "Wrangler does the job," Singh said. Singh and others of Mattmann's team are currently using Tensorflow on Wrangler. "We don't have any results yet, but we know that - the tool that we have built through Tensorflow is definitely producing some results. But we are yet to test with the millions of images that we have crawled and how good it produces the results," Singh said.

"I'm appreciative," said Chris Mattmann, "of being a member of the advisory board of the staff at TACC and to Niall Gaffney, Dan Stanzione, Weijia Xu and all the people who are working at TACC to make Wrangler accessible and useful; and also for their listening to the people who are doing science and research on it, like my group. It wouldn't be possible without them. It's a national treasure. It should keep moving forward."

Source : https://phys.org/news/2017-02-deep-dark-illuminated.html

Categorized in Deep Web

There is no law enforcement presence in the Dark Web. 80% of its hits are reportedly connected to child pornography

The Internet is massive. Millions of web pages, databases and servers all run 24 hours a day, seven days a week. But the so-called “visible” Internet — sites that can be found using search engines like Google and Yahoo — is just the tip of the iceberg. Below the surface is the Deep Web, which accounts for approximately 90 per cent of all websites. In fact, this hidden Web is so large that it is impossible to discover exactly how many pages or sites are active at any given time. This Web was once the province of hackers, law enforcement officers and criminals. However, new technology like encryption and the anonymisation browser software, Tor, now makes it possible for anyone to dive deep if they are interested.

What is the Dark Web?

There are a number of terms surrounding the non-visible Web, but it is worth knowing how they differ if you are planning to browse off the beaten path. The ‘Dark Web’ refers to sites with criminal intent or illegal content, and ‘trading’ sites where users can purchase illicit goods or services. In other words, the Deep covers everything under the surface that is still accessible with the right software, including the Dark Web. There is also a third term, “Dark Internet” that refers to sites and databases that are not available over public Internet connections, even if you are using Tor. Often, Dark Internet sites are used by companies or researchers to keep sensitive information private.

How is it accessed?

Most people who wish to access the Deep Web use Tor, a service originally developed by the United States Naval Research Laboratory. Think of Tor as a Web browser like Google Chrome or Firefox. The main difference is that, instead of taking the most direct route between your computer and the deep parts of the Web, the Tor browser uses a random path of encrypted servers, also known as “nodes.” This allows users to connect to the Deep Web without fear of their actions being tracked or their browser history being exposed. Sites on the Deep also use Tor (or similar software such as I2P) to remain anonymous, meaning you will not be able to find out who is running them or where they are being hosted.

Many users now leverage Tor to browse both the public Internet and the Deep. Some simply do not want government agencies or even Internet Service Providers (ISPs) to know what they are looking at online, while others have little choice — users in countries with strict access and usage laws are often prevented from accessing even public sites unless they use Tor clients and virtual private networks (VPNs). The same is true for government critics and other outspoken advocates who fear backlash if their real identities were discovered. Of course, anonymity comes with a dark side since criminals and malicious hackers also prefer to operate in the shadows.

Use and misuse

For some users, the Deep Web offers the opportunity to bypass local restrictions and access TV or movie services that may not be available in their local areas. Others go deep to download pirated music or grab movies that are not yet in theatres. At the dark end of the Web, meanwhile, things can get scary, salacious and just plain...strange. As noted by The Guardian, for example, credit card data is available on the Dark Web for just a few dollars per record, while ZDNet notes that anything from fake citizenship documents to passports and even the services of professional hitmen are available if you know where to look. Interested parties can also grab personal details and leverage them to blackmail ordinary Internet users. Consider the recent Ashley Madison hack — vast amounts of account data, including real names, addresses and phone numbers — ended up on the Dark Web for sale.

This proves that, even if you do not surf the murky waters of the Dark Web, you could be at risk of blackmail (or worse) if sites you regularly use are hacked.

Illegal drugs are also a popular draw on the Dark Web. As noted by Motherboard, drug marketplace Silk Road — which has been shut down, replaced, shut down again and then rebranded — offers any type of substance in any amount to interested parties. Business Insider, meanwhile, details some of the strange things you can track down in the Deep, including a DIY vasectomy kit and a virtual scavenger hunts that culminated in the “hunter” answering a NYC payphone at 3 am.

What are the real risks of the Dark Web?

Thanks to the use of encryption and anonymisation tools by both users and websites, there is virtually no law enforcement presence down in the Dark. This means anything — even material well outside the bounds of good taste and common decency — can be found online. This includes offensive, illegal “adult” content that would likely scar the viewer for life. A recent Wired article, for example, reports that 80 per cent of Dark Web hits are connected to paedophilia and child pornography. Here, the notion of the Dark as a haven for privacy wears thin and shores up the notion that if you do choose to go Deep, always restrict access to your Tor-enabled device so that children or other family members are not at risk of stumbling across something no one should ever see. Visit the Deep Web if you are interested, but do yourself a favour: do not let kids anywhere near it and tread carefully — it is a long way down.

Altaf Halde is Managing Director, Kaspersky Lab — South Asia, and is an industry veteran in cyber security.


Source : http://www.dnaindia.com/analysis/column-the-secrets-of-the-dark-web-2296778

Categorized in Deep Web

In today’s data-rich world, companies, governments and individuals want to analyze anything and everything they can get their hands on – and the World Wide Web has loads of information. At present, the most easily indexed material from the web is text. But as much as 89 to 96 percent of the content on the internet is actually something else – images, video, audio, in all thousands of different kinds of nontextual data types.

Further, the vast majority of online content isn’t available in a form that’s easily indexed by electronic archiving systems like Google’s. Rather, it requires a user to log in, or it is provided dynamically by a program running when a user visits the page. If we’re going to catalog online human knowledge, we need to be sure we can get to and recognize all of it, and that we can do so automatically.

How can we teach computers to recognize, index and search all the different types of material that’s available online? Thanks to federal efforts in the global fight against human trafficking and weapons dealing, my research forms the basis for a new tool that can help with this effort.

Understanding what’s deep

The “deep web” and the “dark web” are often discussed in the context of scary news or films like “Deep Web,” in which young and intelligent criminals are getting away with illicit activities such as drug dealing and human trafficking – or even worse. But what do these terms mean?

The “deep web” has existed ever since businesses and organizations, including universities, put large databases online in ways people could not directly view. Rather than allowing anyone to get students’ phone numbers and email addresses, for example, many universities require people to log in as members of the campus community before searching online directories for contact information. Online services such as Dropbox and Gmail are publicly accessible and part of the World Wide Web – but indexing a user’s files and emails on these sites does require an individual login, which our project does not get involved with.

The “surface web” is the online world we can see – shopping sites, businesses’ information pages, news organizations and so on. The “deep web” is closely related, but less visible, to human users and – in some ways more importantly – to search engines exploring the web to catalog it. I tend to describe the “deep web” as those parts of the public internet that:

  1. Require a user to first fill out a login form,
  2. Involve dynamic content like AJAX or Javascript, or
  3. Present images, video and other information in ways that aren’t typically indexed properly by search services.

What’s dark?

The “dark web,” by contrast, are pages – some of which may also have “deep web” elements – that are hosted by web servers using the anonymous web protocol called Tor. Originally developed by U.S. Defense Department researchers to secure sensitive information, Tor was released into the public domain in 2004.

Like many secure systems such as the WhatsApp messaging app, its original purpose was for good, but has also been used by criminals hiding behind the system’s anonymity. Some people run Tor sites handling illicit activity, such as drug traffickingweapons and human trafficking and even murder for hire.

The U.S. government has been interested in trying to find ways to use modern information technology and computer science to combat these criminal activities. In 2014, the Defense Advanced Research Projects Agency (more commonly known as DARPA), a part of the Defense Department, launched a program called Memex to fight human trafficking with these tools.

Specifically, Memex wanted to create a search index that would help law enforcement identify human trafficking operations online – in particular by mining the deep and dark web. One of the key systems used by the project’s teams of scholars, government workers and industry experts was one I helped develop, called Apache Tika.

The ‘digital Babel fish’

Tika is often referred to as the “digital Babel fish,” a play on a creature called the “Babel fish” in the “Hitchhiker’s Guide to the Galaxy” book series. Once inserted into a person’s ear, the Babel fish allowed her to understand any language spoken. Tika lets users understand any file and the information contained within it.

When Tika examines a file, it automatically identifies what kind of file it is – such as a photo, video or audio. It does this with a curated taxonomy of information about files: their name, their extension, a sort of “digital fingerprint. When it encounters a file whose name ends in ”.MP4,“ for example, Tika assumes it’s a video file stored in the MPEG-4 format. By directly analyzing the data in the file, Tika can confirm or refute that assumption – all video, audio, image and other files must begin with specific codes saying what format their data is stored in.

Once a file’s type is identified, Tika uses specific tools to extract its content such as Apache PDFBox for PDF files, or Tesseract for capturing text from images. In addition to content, other forensic information or "metadata” is captured including the file’s creation date, who edited it last, and what language the file is authored in.

From there, Tika uses advanced techniques like Named Entity Recognition (NER) to further analyze the text. NER identifies proper nouns and sentence structure, and then fits this information to databases of people, places and things, identifying not just whom the text is talking about, but where, and why they are doing it. This technique helped Tika to automatically identify offshore shell corporations (the things); where they were located; and who (people) was storing their money in them as part of the Panama Papers scandal that exposed financial corruption among global political, societal and technical leaders.

Tika extracting information from images of weapons curated from the deep and dark web. Stolen weapons are classified automatically for further follow-up.

Identifying illegal activity

Improvements to Tika during the Memex project made it even better at handling multimedia and other content found on the deep and dark web. Now Tika can process and identify images with common human trafficking themes. For example, it can automatically process and analyze text in images – a victim alias or an indication about how to contact them – and certain types of image properties – such as camera lighting. In some images and videos, Tika can identify the people, places and things that appear.

Additional software can help Tika find automatic weapons and identify a weapon’s serial number. That can help to track down whether it is stolen or not.

Employing Tika to monitor the deep and dark web continuously could help identify human- and weapons-trafficking situations shortly after the photos are posted online. That could stop a crime from occurring and save lives.

Memex is not yet powerful enough to handle all of the content that’s out there, nor to comprehensively assist law enforcement, contribute to humanitarian efforts to stop human trafficking and even interact with commercial search engines.

It will take more work, but we’re making it easier to achieve those goals. Tika and related software packages are part of an open source software library available on DARPA’s Open Catalog to anyone – in law enforcement, the intelligence community or the public at large – who wants to shine a light into the deep and the dark.

Author : Christian Mattmann

Source : http://theconversation.com/searching-deep-and-dark-building-a-google-for-the-less-visible-parts-of-the-web-58472

Categorized in Deep Web

The large amount of leaked patient records stolen and posted for sale to the dark web in recent months has caused prices for most of those records to drop, according to new research provided to CyberScoop and conducted by the Institute for Critical Infrastructure Technology and cybersecurity firms Flashpoint and Intel Security.

In the face of exceeding supply, stagnant demand and increased law enforcement attention, it’s becoming increasingly difficult for criminals to make a living selling partial healthcare records, according to James Scott, a senior fellow at ICIT.

While the quality, quantity and sometimes origin of such electronic records will help dictate the price of any specific package for sale, average prices are largely trending downwards for individual, non-financial files, new research shows. The value of similar healthcare records that sold last year for roughly $75 to $100 dollars can now be found for around $20 to $50 dollars, Scott said.

Image via ICIT of TheRealDeal stolen record package Image via ICIT of TheRealDeal stolen record package

“The volume of medical data for sale in the criminal underground is increasing, leading to very low prices for individual records,” Vitali Kremez, a senior analyst focused on cyber intelligence at Flashpoint, told CyberScoop.

A majority of stolen healthcare patient records sold on the dark web come from U.S.-based institutions that have been breached, according to Intel Security.

The average price for a single complete electronic health record — described as a “fullz” in underground markets — typically tagged with financial information and supporting documents like utility bills or insurance receipts, currently hovers around $50, World Privacy Forum founder Pam Dixon recently estimated.

Image via ICIT of TheRealDeal stolen record package Image via ICIT of TheRealDeal stolen record package

In broad strokes, an electronic healthcare record is rarely worth very much unless it is converted into a “complete ID kit,” which combineslong form healthcare records, additional documents and are authorized via a breached government registration database, explained Scott.

Even so, because healthcare records contain vast personal information, these document offer scammers a stepping stone to more comprehensive fraud schemes.

Dixon told Healthcare IT News that decreasing prices are a general conclusion of easier access to sensitive personal records. One component of this eased access, based upon data gathered by ICIT and Intel Security, is the growing sale of hacking-as-a-service on the dark web — which enables those without technical backgrounds to hack into systems by relying on paid mercenaries.

Laying the groundwork for a further discordant dark web economy in some part, according to Kremez and Intel Security vice president Raj Samani, is also the ambiguous rise of prominent, dedicated healthcare hackers. Two of these mysterious actors, known simply by their vendor usernames “earthbound11” and “thedarkoverlord,” have been flooding the market with medical fullz in recent months, thereby dictating the price for other smaller resellers.

A hacker’s underground reputation is typically one of the leading factors leading to the valuation and eventual sale of any records package they post, research shows.

Screen Shot 2016-10-24 at 1.59.05 PMImage via Intel Security Report – shows alleged healthcare hacker DarkOverlord advertising a breach

“The larger trend in the trade of compromised personal healthcare information is toward larger breaches affecting more data,” said Kremez, “cybercriminals themselves have realized that the value of their stolen medical data is much lower than once expected.”

Though it remains unclear how a recent fall in Dark Web prices have and now continue to influence hackers’ attack behavior towards the healthcare industry, several experts who spoke with CyberScoop believe it will ultimately lead to a spike in overall network intrusions at hospitals — the counterintuitive thinking here being that larger data dumps will help dark web vendors recoup recent profit losses.

“After the 2015 breach of 100 million medical records from Anthem, Premera Blue Cross, and Excellus Health Plan, let alone the numerous smaller networks compromised in 2015 and 2016, the annual rate of medical identity theft could easily increase to be ten or twenty times greater than the 2014 rate,” an extensive, recent Dark Web report from ICIT reads. 

Unlike stolen credit card details and other payment information sold online, however, a cloud of uncertainty looms over leaked healthcare records because cause and effect is difficult to decipher, said Samani. According to an April 2014 FBI bulletin, electronic healthcare record theft is also more difficult to detect, taking almost twice as long to spot as normal identity theft.

In most cases, the data necessary to draw a conclusive connection between a leaked patient record and relevant case of identity fraud, for example, is neither readily available nor visible The result is an environment where targeted data breaches occur but security researchers cannot definitely say how some, if not most, of the leaked information is being used, explained Samani.

“The impact of stolen payment cards are felt almost immediately whereas other forms of data the impact could be longer term,” said Samani, “indeed we can determine a direct correlation between a breach, and the pain felt when cards are declined.[But] it is not so easy to determine the origin of fraud with other forms of data.”

Author : Chris Bing

Source : https://www.cyberscoop.com/dark-web-health-records-price-dropping/

Categorized in Deep Web

A recently revealed a dark web scanning service was launched in the UK. The service is called OwlDetect and is available for £3,5 a month. It allows users to scan the dark web in search for their own leaked information. This includes email addresses, credit card information and bank details.

The service reportedly uses online programs and a team of trained experts to scan hundreds of thousands of dark web websites in order to look for their customers’ data. If any personal data is found, the company helps its users act in order to keep themselves safe. It was launched in an attempt to remove reliance on big companies, as users usually only know they were hacked after these companies make it public.

In a few cases, however, the information is revealed a long time after users are hacked. Earlier this year, Yahoo confirmed that, at least 500 million user accounts were compromised by what they believed to be a “state-sponsored actor”. The breach reportedly occurred in 2014, so it took users two years to know they were hacked.

Chairman of the National Cyber Management Centre, and member of OwlDetect’s advisory team, Professor Richard Benham said:

Today the risk of having your personal information compromised is greater than ever. From messaging apps to online shopping and dating websites, we trust a huge number of companies with our details, and there are endless opportunities for those details to fall into the wrong hands.

Crawling the Deep Web

The deep web is, as we all know, beyond the reach of regular search engines. That may be about to change in the future, as more and more tools keep on claiming to be able to crawl it in search for specific information.

According to their website, this new service has a database of stolen data. This database was created over the past 10 years, presumably with the help of their software and team. A real deep web search engine does exist, however.

A few days ago, Hacked.com reported how the Department of Defense’s deep web search engine was to be enhanced by a recent acquisition. This search engine, named Memex, is reportedly able to crawl 90 to 95% of the deep web, presenting its search results in sophisticated infographics.

Source : https://hacked.com/this-tool-lets-you-scan-the-dark-web-for-personal-data/

Categorized in Deep Web

Coffee lovers will travel far and wide to seek out new blends to satisfy their craving – but would you venture into the murky world of the Dark Web to get your hands on an exclusive bag of beans?

For anyone wanting to buy Chernyi Black – a unique blend from Russia – the only place you'll be able to find it is through the same nefarious internet back alleys infamously associated with those anonymously browsing underworld marketplaces for drugs and illegal weapons.

This black market brew, however, is not illegal. Actually, it's not even rare or insanely expensive (roughly £12 a bag), but it won't be easy to find – and that's the appeal. Its creators, the Chernyi Cooperative, a Moscow-based coffee shop, brewed up the idea because they are attempting to make coffee even trendier, and wanted to tap into an exclusive audience.

"We faced a difficult challenge — to attract the attention of trendsetters who already have access to plenty of interesting content," Maxim Fedorov, social media director of Possible Moscow, told AdWeek.

"That is why we chose Tor. The target audience of 'Black' is familiar with anonymous marketplaces. They know how the purchase process is organised and are aware of the subtleties in attaining what they desire."

Interestingly, Digital Trends explains that in Russia it is generally regarded that coffee is harmful and shouldn't be consumed daily – something that's a far cry from the culture seen in other caffeine-fuelled cities around the world. The Chernyi Cooperative therefore devised the idea to sell its blend via the Dark Web as to thumb its nose at the notion. They also claim to want to change perceptions on how the Dark Web is used. "People are happy to see that the darknet doesn't only exist to service what some may term 'undesirables'. This project demonstrates it can be used by anyone looking for a secure and private connection."

If this has hit your hipster weak spot then Tor awaits. Anyone wanting to buy the $12 bag of coffee will have to download the anonymous browsing tool and locate its onion site cherniyx23pmfane.onion. The creators of the marketing gimmick have not held back either – they even consulted an ex-police officer who specialised in the darknet to deliver a cryptic website for a fully authentic flavour of the whole internet underworld.

Those who manage to navigate the site can buy the coffee using bitcoin or a contactless payment system in-store – the address of which is provided in suitably clandestine fashion in the form of coordinates.

Auhtor : James Billington

Source : http://www.ibtimes.co.uk/black-market-brew-coffee-you-can-only-buy-dark-web-1589781

Categorized in Deep Web

Over the past few years we have seen a surge in cyber attacks against well-known organizations, each seemingly larger than the last. As cybercriminals look for innovative ways to penetrate corporate infrastructures, the challenges for brand owners to protect their IP has steadily grown. Fraudsters will stop at nothing to profit from a corporate entity’s security vulnerabilities, and the data they steal can fetch a hefty price in underground online marketplaces.

Whether it is a company with a large customer base that accesses and exchanges financial or personal information online, or a small brand that has IP assets to protect, no company is exempt. While banking and finance organizations are the most obvious targets, an increasing number of attacks are taking place on companies in other industries, from healthcare and retail to technology, manufacturing and insurance companies. Data breaches can have a damaging impact on a company’s internal IT infrastructure, financial assets, business partners and customers, to say nothing of the brand equity and customer trust that companies spend years building.

Battlegrounds: Deep Web and Dark Web

A common analogy for the full internet landscape is that of an iceberg, with the section of the iceberg above water level being the surface web, comprised of visible websites that are indexed by standard search engines. It is what most people use every day to find information, shop and interact online, but it accounts for only about four percent of the Internet.

The remaining sites are found in the Deep Web, which includes pages that are unindexed by search engines. A large proportion of this content is legitimate, including corporate intranets or academic resources residing behind a firewall.

However, some sites in the Deep Web also contain potentially illegitimate or suspicious content, such as phishing sites that collect user credentials, sites that disseminate malware that deliberately try to hide their existence, websites and marketplaces that sell counterfeit goods, and peer-to-peer sites where piracy often takes place. Consumers may unknowingly stumble upon these and are at risk of unwittingly releasing personal information or credentials to fraudulent entities.

Deeper still is the Dark Web, a collection of websites and content that exist on overlay networks whose IP addresses are completely hidden and require anonymizer software, such as Tor, to access. While there are a number of legitimate users of Tor, such as privacy advocates, journalists and law enforcement agencies, its anonymity also makes it an ideal foundation for illicit activity. Vast quantities of private information, such as log-in credentials, banking and credit card information, are peddled with impunity on underground marketplaces in the Dark Web.

Waking up to the Threats

The Deep Web and Dark Web have been in the public eye for some time, but in recent years, fraudsters and cybercriminals have been honing their tactics in these hidden channels to strike at their prey more effectively and minimize their own risk of being caught. The anonymity in the Dark Web allows this medium to thrive as a haven for cybercriminals, where corporate network login credentials can be bought and sold to the highest bidder, opening the door to a cyberattack that most companies are unable to detect or prevent.

While Deep Web sites are not indexed, consumers may still stumble upon them, unaware they have been redirected to an illegitimate site. The path to these sites are many: typosquatted pages with names that are close matches to legitimate brands; search engine ads for keywords that resolve to Deep Web sites; email messages with phishing links; or even mobile apps that redirect.

Moreover, as a higher volume of users learn the intricacies of Tor to access and navigate the Dark Web, the greater the scale of anonymity grows. More points in the Dark Web’s distributed network of relays makes it more difficult to identify a single user and track down cybercriminals. It’s like trying to find a needle in a haystack when the haystack continues to get larger and larger.

The Science and Strategy Behind Protection

Brands can potentially mitigate abuse in the Deep Web, depending on the site. If a website attempts to hide its identity from a search engine, there are technological solutions to uncover and address the abuse. Conventional tools commonly used by companies to protect their brands can also tackle fraudulent activity in the Deep Web, including takedown requests to ISPs, cease and desist notices and, if required, the Uniform Domain-Name Dispute-Resolution Policy (UDRP).

As for the Dark Web, where anonymity reigns and the illicit buying and selling of proprietary and personal information are commonplace, companies can arm themselves with the right technology and threat intelligence to gain visibility into imminent threats. Actively monitoring fraudster-to-fraudster social media conversations, for example, enables companies to take necessary security precautions prior to a cyberattack, or to prevent or lessen the impact of a future attack. In the event of a data breach where credit card numbers are stolen, threat intelligence can help limit the financial damage to consumers by revealing stolen numbers before they can be used and have them cancelled by the bank.

Technology can even help identify and efficiently infiltrate cybercriminal networks in the Dark Web that might otherwise take a considerable amount of manual human effort by a security analyst team. Access to technology can significantly lighten the load for security teams and anchor a more reliable and scalable security strategy.

In light of so many cyber threats, it falls to organizations and their security operations teams to leverage technology to identify criminal activity and limit financial liability to the company and irreparable damage to the brand.

Key Industries at Risk

A growing number of industries are now being targeted by cybercriminals, but there are tangible steps companies can take. For financial institutions, visibility into Dark Web activity yields important benefits. Clues for an impending attack might potentially be uncovered to save millions of dollars and stop the erosion of customer trust. Improved visibility can also help companies identify a person sharing insider or proprietary information and determine the right course of action to reduce the damage.

In the healthcare industry, data breaches can be especially alarming because they expose not only the healthcare organization’s proprietary data, but also a vast number of people’s medical information and associated personal information. This could include images of authorized signatures, email addresses, billing addresses and account numbers. Cybercriminals who use information like this can exploit it to compromise more data, such as social security numbers and private medical records. Credentials could even potentially lead to identities being sold.


Most organizations have implemented stringent security protocols to safeguard their IT infrastructure, but conventional security measures don’t provide the critical intelligence needed to analyze cyberattacks that propagate in the Deep Web and Dark Web. It is fundamentally harder to navigate a medium where web pages are unindexed and anonymity can hide criminal activity.

Meanwhile, cyberattacks on organizations across a wider number of sectors continue to surge, putting proprietary corporate information, trade secrets and employee network access credentials at risk. Businesses need to be aware of all threats to their IP in all areas of the Internet. Leveraging every available tool to monitor, detect and take action where possible is vital in addressing the threats that these hidden regions of the internet pose.

Author:  Charlie Abrahams

Source:  http://www.ipwatchdog.com/2016/12/14/brand-protection-deep-dark-web/id=75478

Categorized in Deep Web

When companies are hacked and their data is stolen, that data often appears for sale on the so-called darknet. Earlier this year, for example, user data from both the mega-hack of Yahoo (500 million accounts) and the uTorrent breach (400,000 accounts) showed up on the darknet’s illicit marketplaces. As InformationWeek recently put it, the darknet is “where your stolen identity goes to live.” Think of it as mass e-commerce for the black market (here’s a good primer).

And it isn’t a problem just for consumers. Valuable corporate assets — from intellectual property to pirated software to stolen code bases and other digital products — appear for sale on these marketplaces more and more. The darknet is enabling criminals to more easily profit from failures of corporate cybersecurity.

To better protect both their businesses and their users, company leaders need to familiarize themselves with the darknet and its threats and opportunities.

What Is the Darknet?

When many people think of “the internet” — websites, message boards, marketplaces, and so on — what they’re actually thinking of is the open web, or surface web. The open web is what you see when you start up a web browser and use a search engine to find what you’re looking for. Sites on the open web are accessible to anyone.

The darknet as a whole is much like the open web. It consists of websites, message boards, and marketplaces. But the darknet’s sites can’t be found with search engines, and they can only be accessed through anonymizing software such as Tor, which obscures the user’s IP address. This is useful for people who don’t want to give away their location and identity to internet service providers or other parties, such as government agencies, that can track network activity.

Of primary interest to corporate leaders is darknet marketplaces (DNMs). The first DMN to hit mainstream awareness was Silk Road, the black market for illegal drugs that was shut down by the FBI as part of a multiagency effort in 2013. New, more robust DMNs immediately took its place, and research indicates that DNMs continue to grow and thrive.

DNMs sell their products and services to an effectively anonymous clientele, who often buy with Bitcoin for even greater anonymity. The combination of Tor and Bitcoin has helped DNMs’ popularity explode.

Where the Darknet May Be Headed

As the darknet becomes mainstream, more people may decide to actively split their online activities between a public face on the open internet and a private face on the darknet. Our lives have become permeated with personalized services and technology, allowing strangers to see intimate details of our lives through social media and search engines. The kinds of anonymous environments provided by the darknet may offer an appealing escape.

As a result, HR and legal teams will need to come to terms with the fact that employees may have obscured digital identities. Facebook, LinkedIn, and Twitter profiles will contain nothing but inoffensive content and activity; any kind of controversial thought and digital engagement will move to “dark” spaces. Employers will have to adapt to the new reality that employee online activity will be harder to monitor, control, or enforce. The sunny days of getting a full picture of someone through their social media profiles may disappear into a darknet night.

Easy access to the darknet will also make it easier for anyone to sell corporate access and critical information without exposing themselves directly to the criminal underground. For example, it seems inevitable that insider information will become available on the darknet. How might corporations or executives be put under suspicion when sensitive information made available on the darknet moves stock prices in a way that benefits insiders?

How Can Businesses Limit Their Exposure to Darknet Risks?

Companies, already taxed with controlling access to systems, defending against cyberattacks, and keeping mission-critical systems online, need to start monitoring the darknet and DNMs. A corporation can be hit with a denial-of-service attack, even one initiated by a nontechnical person renting botnet time through a darknet market, at any time. And any employee with access to the Tor browser can solicit anonymous bids for sensitive corporate data, code, or access. The bar to accessing criminal technology and digital capabilities has never been lower.

Fortunately, as a consequence of the open-but-anonymous nature of DNMs, it is now easier for businesses to monitor the cyber criminal underground and react to potential threats and stolen assets. Which is exactly what happened, for example, when proprietary source code for PilotFish, a health care software vendor, appeared for sale on the DNM AlphaBay and was detected by the underground research team at infosec firm Infoarmor.

Here are the key points for companies about dealing with corporate darknet threats:

  • Use strong encryption on all sensitive data and keep the encryption approach up to date. Yesterday’s encryption methods quickly become obsolete, so make sure your IT department has an encryption strategy in place.

  • Build or hire a strong cyberthreat monitoring and reaction ability. Detecting an intrusion is critical to dealing with threats before they get out of control.

  • Monitor DNMs and the darknet in general for corporate-specific threats. There are firms emerging that specialize in identifying and reacting to darknet activity or that include darknet monitoring as part of their cybersecurity offerings.

  • Monitor employee hardware and network use and investigate darknet access.

  • Put a response plan in place to guide the corporate response to sensitive data or IP appearing on the darknet. Consider how you will deal with customers , legal issues, and stakeholders in the event of a breach.

Going forward, business leaders will need to think about darknet monitoring and analysis in a range of departments, from IT to legal to HR to marketing. As more corporations begin to take darknet issues seriously, information security firms dedicated to darknet analysis and monitoring will thrive and new business models will emerge to control, document, and react to threats either emerging from or facilitated by darknet technology. Business leaders take note: You live in interesting times.

Source : https://hbr.org

Auhtor : Andrew Delamarter

Categorized in Deep Web


World's leading professional association of Internet Research Specialists - We deliver Knowledge, Education, Training, and Certification in the field of Professional Online Research. The AOFIRS is considered a major contributor in improving Web Search Skills and recognizes Online Research work as a full-time occupation for those that use the Internet as their primary source of information.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.