ThrottleNet’s Cybersecurity Manager, Dustin Leefers, takes you on a live tour of the Dark Web. Along with illegal drugs, steroids, fire arms, much more, the dark web may include your company or personal data. We will show you what happens to a company after they have been hit with ransomware or experienced a data breach.
So thanks for having me Chris, looking forward to showing everybody just a quick glimpse of kind of some of the stuff that goes on, on the dark web. So first of all, this is for, you know, educational purposes. I don’t recommend you do this at home, anything like that. I’m using a virtual machine that segmented from my own network and I’m also routing all my traffic through a VPN. Going through Toronto Canada currently. So just a little bit extra protection there.
So again I wouldn’t recommend doing stuff like this at home.
So let’s talk a little bit about tour real quick. So in general a TOR.org you can see they have various different operating systems. It’s a simple installer. You know you download and install it just like any other browser. Here’s the icon for TOR, like Chris mentioned, poor routes all traffic through various nodes. Anyone can actually host a node, like, I could spin up a server and host. A TOR node if I wanted to. So you never really know where your traffic is going through and that that’s a little bit of an issue, but in general, all your traffic gets encrypted multiple times. Usually four or five times and each hop along the way. It peels off one layer of that encryption which is kind of where the onion routing comes from.
So they never know exactly where you’re going. Just You’re coming from in the next top. So there’s there’s many different steps along the way. So I’m going to go ahead and open up the browser in general, and you’ll see I’ve got a bunch of tabs already open that we’re going to go through. So the first thing I want to point out is you can go to normal normal web sites, just like you would from Google Chrome or edge here. I’m on espn.com, I don’t know you guys. So, Bryce Harper got hit in the mouth. He’s all good. Now, against Cardinals last night, but just wanted to point that out.
Doubtful, but there aren’t, there is a search engine, are there several search engine, this one’s called GRAMS, you know, probably a take on drugs, I would assume. And then also you can see it looks just like Google uses the same colors and whatnot as though so that’s kind of interesting and then from there we’re gonna go through a few low level hacking type thing.
So this is this is one site you know the hacker community and they offer up their services, this one looks to be fairly low end, you know, they How many prices or anything? They hack website, servers computers, smart phones, Etc. I thought the funny thing here was be careful your kids out there on the dark web, you know, they’re, they’re taking money to change your grades at school and at college and stuff as well. So, just to get a piece of that, I’m going to go through these fairly quickly because I do have a lot to cover, but I want to just give you an idea of what’s out here.
This is a hacking form here where where they, you know, different hackers are offering up different tools. You know, you can see here’s a fatality hacking set. Master hack pack, you know, there’s some beginners guides. So this might be where some young starting out hackers or starting to get information. And what not, this is where we start to get into a little bit of data leakage and whatnot. I want to talk about this for a minute. So this is again, just a form out on the dark web.
You can see it’s a dot onion address, like Chris had mentioned before And so you can see like this one X bet.com. They’re saying that they have 75,000 leaked email, addresses and passwords. So just just to point out why that’s bad and just practicing good hygiene if you’re using the same credentials across multiple websites and especially if you’re also mixing passwords between your personal stuff and your work stuff, what happens is you might have had an account out here at 1X bet that site gets hacked. T’, that passwords now in this database that anyone can come out here and grab.
So if they see your email address, that’s what the password, they can start trying that combination against multiple things and getting access to various things. That’s why it’s always a good idea to use a password manager and make sure you’re using unique passwords and changing them regularly. So we’re going to start getting into a little bit of the more interesting stuff now. So if you’re familiar with Silk Road, that’s kind of one of the big Market places it does still exists. It’s been back and forth.
I did find it, it requires a log on. This is kind of a knockoff version of Silk Road, if you will AB, or a road, I guess, but they are offering up selling some hacking Services. Chris had mentioned DDOS attacks earlier, you know, say the pizza place down the road, messed up your pizza and you’re upset with them, you can spend 99 bucks and you can knock their, their website offline for four hours, you know, on a Saturday night to get your revenge, obviously, that’s a lie. Legal, and you can end up in jail for that. But just to give you an example, basically, they use a botnet of hacked machines out there. The flood that site in overwhelming and take it offline. The only other thing, I there’s a lot of things here, but I want to point out the custom ransomware. So what we’re seeing is a lot of will lower level hacking groups getting involved in ransomware as well. And they may not have the programming knowledge and whatnot to design their own ransomware, but they Outsource that part of it. And then they can try and take over networks that they may have access to and what not, and kind of even without all the knowledge to do that themselves. They can Outsource that out of it. So now we’re going to move on to a real and fake documents. So this this is pretty interesting, they have a price list here of, you can see, they only produce high quality of passwords or passports and ID. He’s I thought it was pretty interesting to see. You can get a u.s. a driver’s license for $400. There’s a passport on here and obviously any any host of other countries. Some of the interesting stuff on this side is it seems like a lot of times they use real documents and they provide, they find someone close to your same age and obviously your same gender and whatnot and they’ll provide you with the backstory, you know. So you know, your parents real name and they just transplant, your photo onto the dock. It then others, they talk about they actually create new documents from the beginning and they say that for some countries they can actually register those documents in the government database, which means they either have people on the inside or they have access to that as well. So if you’re looking to get a fake ID in a new country, you know, good place to go. Next we got guns, Kristen mentioned guns a bit earlier, so yeah, clearly there’s no background checks. As an example, if you’re a felon and you can’t buy a gun, you can come out here and get one II assume. I didn’t go looking but I assume you can also get them defaced with no serial numbers and things like that. There’s obviously no registration involved here either you just kind of buy it with Bitcoin and send it to a secure location where typically that’s to go through a whole process fake money. I think Chris had mentioned fake money as well. I found various sites. This, this is one that just talks about. This one doesn’t actually have any prices, it’s kind of like contact them but they say that they’re they’re fakes are so good that you can use them in Banks. Even they’ve got the Holograms and the the strips that are in them. I found another one that had access to like money that was marked to be shredded. I guess we destroy a lot of money. Obviously, as it gets old, we take it out of circulation. This place was talking about skimming money. From the money that was supposed to be shredded. So it was actual real US money that they were selling that you could also access. So there’s like there’s a lot of crazy stuff happening some other steroids, obviously, if you need that extra help at the gym, you know, you can just come out here and try something new and then we get into, you know, drugs obviously a cannabis is on here even though that’s legal at a lot of places now, but Various types of cocaine methamphetamine LS D, ecstasy, all of this stuff, you know, done anonymously on the back end and like he said, paid with Bitcoin Etc. So now I’m going to start getting into some of the stuff that’s a bit more, what we’re focused on and what were what we’re worried about. And what we’re trying to help prevent is, you know, businesses being taken advantage of and being ransomware and their data being stolen. In the past, if you would get hit with ransomware, it was you know, if you had good backups, you were good, you get hit with ransomware, you get crypto notes, you know, for just long as you have good backups, you can pretty much ignore all of that and restore your data, you know, and get back to normal and move on. Now these guys have pivoted and what they’re starting to do is they’re starting to try and extort these companies. If you don’t pay the ransom, they Are uploading your data to the internet. And there’s I found you know a host I found at least 10 different sites and there are a bunch more that I didn’t even look at where these various hacking groups all have sites like this. You know, these are all businesses. You know, Caroline and they list out the type of data that they have, you know, databases Bank details. I’m just going to kind of scroll through this and we’ll will pop in and look at a couple of them. So here’s a law firm. You know, these places have been hit. It by these groups and their data stolen and they put it up here and they send the links to competitors and they find anything bad. They go out and they, you know, take it to authorities, Etc. I know, I looked at a couple that were decent example. So, like this Baker and Taylor, you know, here’s all the data that they say and then if you click in here, it’ll take a minute to load. Tour is a bit slower, and that’s why I have all this stuff preloaded. Also, it’s a bit slower. In the normal internet due to all the encryption but you can see here they’re like, hey we downloaded a lot of interesting data from your network. All of your data is fresh will be stored for six months. If you need proof, we are ready to provide them, you know, if you don’t pay, you know, will leak all this data. And then they put screenshots of all the various folders that they got access to. And then this company obviously hasn’t paid The Ransom, you know, they may have recovered from the attack but their data was stolen as well. You know, this place here, one point two, terabytes of data accounting and what? And that’s a lot of data guys, like that’s that’s a lot of data, you know, we’re documents and stuff like that doesn’t take up that much space and they, I like these little descriptions that they type up the Roadies. Fairly interesting. So all date is fresh, you know, you you have several days to resolve this and then again they go through and they list out Everything that they have access to, you know, and they give you a certain amount of time to bounce from that. So this is a different hacking group here and actually, this place had a rule site. And I went into that just to kind of give you an idea, they walk you through the whole process. There are pretty nice about, you know, they walk you through how to make the Bitcoin payment. They want you to only send one Bitcoin payment or one Bitcoin to start with and then after they verify, you can send the rest then they provide you with a decryptor. So you can do Crypt your data and get it back, you know if they’ve had access. So then they walk you through how to do that. They’ll even decrypt to files to let you know that it works. You know, they show you the the data is recoverable. And then this is my favorite part down here, where once we receive payment this is our, this is our Rack in our locker team guarantee. You know, we will delete. All the data, we had will delete all these posts that we’ve made. Like we’ve been looking at will delete any back doors that we have. If one still exists, if you haven’t already find it and will never attack you again. Even if we find new vulnerabilities, there was another one. Oh, yeah. And I’ve seen this happen. We had we had a business contact us and we help them with the ransomware thing. And unfortunately, they didn’t have backups and at the end of it, they literally sent over. You know, it was it was a pretty generic but like a security best practices. This company. So it’s it’s interesting. I want to show you a couple more of these are again, just various sites with data, and I want to be, there was a couple good examples on here. So here’s a police department. If we go in here, of course, let me see if I can get this right. Even on the dark web Dustin. Yeah, have a captcha cracked and man, I failed these all the time. Oh, I think I got it. All right, let me go back to this Police Department one. I thought this. So, this one, you know, this is a police department. I think it was near Allah. Ya De Los Angeles, they put up, you know, I could download these files right now. You know, if I click on that, it’s gonna give me a download and then I can unzip that and see what It is there. And then the the interesting part that I that I saw was this is a dump out of their active directory. That’s what all this is is it’s giving you the machine name and whatnot and it shows the operating system what I’ve found on these that lifts these what I’m always seeing is I’m seeing you know Windows 7 machines and older servers like this place has a lot of Windows 7 machines. I’m going to show you one other here. These guys had some fairly new servers but I guess the point is It is, is you’re only as strong as your weakest link, you know, if you if you’re keeping older machines around, you never know that one of those machines may lead to the compromise, right? And then, there was one other that I saw that I thought was kind of fitting this Morgan County, I just happened to click on it and say, well, you know, it’s Morgan County Missouri, which I looked up, which is just North of Lake of the Ozarks, I guess. So, same with these guys, you know, a bunch of data and then I was Through here and they got Windows 7, they got Windows XP machines, they had some 2003 servers that were down here a bit further. So, just as a reminder, about things like that, but yeah, these guys, you know, they’re vicious, they they were getting screwed out of the ransom too much by people starting to have good backups and now they’re stealing your data in the process, and they’re putting it out there and trying to extort people. So, obviously, Only the best way to avoid that is just preventing it from happening all together but that, you know, I got several of these sites. But that’s that’s basically the gist of what I wanted to show. And I hope that kind of opens. Everybody’s I submit to to what is happening out there on the dark web.