© Copyright Fortinet Inc. All rights reserved. 

Into the DarknessAamir Lakhani, Senior Red Team ResearcherFortinet, FortiGuard Labs

Magic Land

This is the wrong OZ

4

Who am I

Senior Researcher – FortiGuard LabsHacker, Ninja, PrinceExpertise in emerging threats 20 years of experience in cyber security

Time Magazine’s Person of the Year 2006…

5

Person of the Year 2006

And so were...

5

6

The Internet Lies

7

The Internet Lies

Hollywood was wrong about hacking

Hacking Devices

10

Who Are Hackers

State Actors Hactivist Script Kiddies Corporate Espionage Researchers

11

The Fight Against Cybercrime

Quality AssuranceCrypters / Packers

Scanners

HostingInfections / Drop Zones

Management

Botnet RentalsInstalls / Spam /

SEO / DDoS

Money MulesAccounts Receivable

Consulting

CRIME SERVICESENABLERS

Exploits

CRIMEWAREPRODUCERSPackers

Special Platforms

Mobile

Senior Developers

Source Code Junior Developers

Bank Accounts

Credentials & Data

Digital Real Estate

VictimsCriminal Organizations

Affiliates

Affiliate ProgramsFakeAV

RansomwareBotnets

Partnerships

Copy & paste

Sales, Licensing, Maintenance

COMPOUNDED CYBERCRIME

12

Russian Mafia

Sergei Mikhailov, head of the Moscow-based Solntsevskaya Organization, with 5000+ members worldwide. Starting with extortion, counterfeiting, drug trafficking, and blackmail, his own organization eventually graduated to arms dealing, money laundering, and infiltration of government and legitimate business. Mikhailov’s Solntsevskaya Organization owns banks, casinos, car dealerships, and even an airport. Solntsevskaya is believed to be behind many cyber-related online crime ventures.

13

Deep WebInvisible web

Hidden web

14

DarkNet Levels

• Indexed By Google Level 0: Common Web

L2-3: Bergie Web

Level 4: Deep Web

Level 5 DarkNet

Level 1: Surface Web• Reddit, Digg, Temp Email, Google Locked Services

• IRC, 4Chan, Newsgroups, Bunny Tube, Streams, FreeHive

• Hacking groups, shelling, banned videos, books, activists community

• Onion Sites, Human trafficking, exploits, markets

15

More than just Tor…

16

17

Connecting

Tor Browser Bundle Tails Operating System

18

Be Careful who you talk to

© Copyright Fortinet Inc. All rights reserved.

Title Title ContinuedPresenterDate

20

Tor Hidden Wiki – Feel the Dark

•Collection of hidden links and .onion sites•How hard is it to find?

22

GHOST MARKETSExample: Wall Street MarketSometimes invite onlyDark Web black marketsChange addresses often

FOR SALEExpertise - malware, exploits, social engineering, coding and programming

Products - social Security numbers, national identification cards, drugs, guns

The Players – criminals, con artists, organized crime, radical factions

23

Agora Market

24

It’s Christmas Time

25

Tracking an attack

26

Medical Databases

27

28

PayPal Accounts

29

Fake Identities

30

Counterfeit Currency

31

Doxing

32

33

34

…or help with a

personal problem?

35

Real or Fake

ScamsSting operationsHoney potsScary stuff exists – not a 5 minute search and find

36

Skill Squatting – How It WorksCriminals

Sound-alike Skill "Name”Sound-alike Skill "Name”

Alexa, open“Skill Name”Alexa, open“Skill Name”

Publish Skill

Publish Skill

User enables"Skill”

User enables"Skill”

37

38

RealReal FakeFake

39

Voice AI Source Code – Darknet ChatterLooking for OffersLooking for Offers

Workflow AutomationWorkflow

Automation

Digital AssistantDigital Assistant

40

Drones – Uses And BenefitsDeliveries

Military Uses

Natural Disasters

41

Drones – Bank Roof Top

Rogue DronesRogue Drones

Credit SuisseCredit Suisse

Acid Drops into Data Center

Acid Drops into Data Center

42

Drones – Darknet ListingNFZ BypassNFZ Bypass

$50$50

Yuneec DronesYuneec Drones

© Copyright Fortinet Inc. All rights reserved.

So What, Now What

44

Advanced ResearchAdvanced Research

Actionable Threat

Intelligence

Actionable Threat

IntelligenceArtificial

IntelligenceArtificial

Intelligence

How do we Succeed?