NEW DELHI: While law enforcement agencies are facing new cyber threats every day, they are still gasping to deal with growing criminal activities on the darkweb. The underground digital world which is inaccessible through usual internet search continues to remain a mystery for investigators.
To assist police officers, law enforcement agencies, corporate and students in knowing such crimes better and investigating technical cases, IIT Kanpur incubated Future Crime Research Foundation (FCRF) held an online webinar on – Darkweb investigation & Digital Underworld. The webinar was conducted by top experts from various domains to demystify the underground world of darkweb.
The two-hour-long informative workshop had sessions from Muslim Koser, Cyber Threat Intelligence, Cyber Risk Management and Cybersecurity, Koushik Sivaraman, VP, Cyber Threat Intelligence, CloudSEK, Darshit Ashara, AVP, Cyber Threat Intelligence & Principal Threat Researcher, CloudSEK and Nilay Mistry,Faculty, Digital Forensics & Cyber Security, National Forensic Sciences University, Gandhinagar. The webinar was moderated by Shashank Shekhar, co-founder, FCRF and Ila Longani, CEO, SagePresage Consulting.
WATCH FULL WEBINAR
WHAT IS DARKWEB
Muslim Koser, Cyber Threat Intelligence, Cyber Risk Management and Cybersecurity Expert began by explaining the investigation of crime in the darkweb. “There are two types of net – dark net and clear net. Clearnet is the traditional internet that we are all familiar with. It’s also known as the surface web. Whereas Darknet is nothing more than a network of anonymous proxy servers – sometimes referred to as a ‘secret network’, said Koser.
Explaining the deep web section of the WWW, Kosher said the darkweb refers to the content found on the dark web and overlay networks while the deep web is a section of the World Wide Web that contains content that is not indexed by search engines.
Detailing the difference between clear and darknet, Koser said clear net is based on internet protocol infrastructure and DNS system is required while Darknet has no restrictions. Clearnet is controlled by the government of one or more countries which is not possible in the case of darknet because it is a peer to peer network. Thus, darknet is the favourite place of all criminals.
Tor, zeronet, I2P, and Internet Relay Chat (IRC) are some of the examples of darknet networks. Hacking forums on the darknet discuss topics ranging from actor conversations – which include amusement, hacktivism, financial gain, and state-sponsored attacks (espionage), information sharing, exploits and vulnerabilities, and propaganda, Kosher detailed.
He also added that crimes take place in an asset-centric manner. “We need to take a reactive approach to find criminals on the darknet. Questions that need to be asked are about the tools and techniques that can be used to do the same.
Here are some investigation basics to be looked at –
– Creating a base (presence on various forums, develop a persona, gain respect)
– Operational security (hiding traces, anonymized communication)
– Understanding the adversaries
– Identify the difference between fake and truth
There is a wealth of information on the darknet. From Maharashtra police’s to Chandigarh police’s information, you can find everything on the darknet. Organisations like Dr. Reddy’s, Zee5, Unzo, Vodafone, BSNL, Kingfisher, Hindustan Petroleum, and several others have been compromised – Since everything is sold on the darkweb, no one is safe.
GLOBAL TREND AND INVESTIGATION
Giving out global statistics, Koushik Sivaraman, VP, Cyber Threat Intelligence, CloudSEK said by the end of 2021 cybercrime costed the world $ 6 trillion. By 2025, it will climb to $10.5 trillion. Malware and ransomware continue to remain one of the biggest problems for corporations. In 2021 ransomware industry was worth $14 billion.
Sivaraman said India is also impacted by such cyber threats. Total cost of data breaches in India touched Rs 14 crore in 2020 and the problem is the average time to contain a data breach is only increasing.
The cause behind increasing cases of attack can be attributed to increase in work from home during the covid period. As many people started using personal devices so there was an increased attack. The unemployment rate and discontentment among skilled people also triggered such attacks.
43% of cyberattack targeted SMEs, and MSMEs and 62% of attacks were against healthcare, finance and manufacturing, Sivaraman said.
Giving a live demonstration of darkweb forums, Sivaraman said all kind of access is sold in $20 to $30 and anybody can buy it. Explaining what all are available on the darkweb he showcases ransomware, stock market information, weapon market, drug market etc.
Darshit Ashara, AVP, Cyber Threat Intelligence & Principal Threat Researcher, CloudSEK said people start using their personal email and computer for using darkweb too. This is not correct as it can have severe repercussions because of the criminal that you are trying to track down, who may be connected with a group. If the criminal tracks you down, he might announce a bounty on you and can impact your real life. So for such work anonymity is seriously advised.
Darshit explained Opsec is the process of protecting individuals’ pieces of data that could be grouped together to give the bigger picture. He shared several case studies of past investigations and live demonstrations of forums to explain how the darkweb operates.
In his session, Darshit detailed how the most important parts of the investigation are making notes and gathering the right evidence. The dark web is a whole ecosystem.
DARKWEB FORENSICS AND INVESTIGATION
The last speaker in the webinar, Nilay Mistry, Faculty, Digital Forensics & Cyber Security, National Forensic Sciences University, Gandhinagar highlighted how darkweb forensics is an important tool for investigation.
During his session, he said Telegram has evolved into a secondary darkweb. There are various levels of the internet.
The onion router (TOR) network is based on several hundred relay nodes. Normally, your browser connects to servers on the Internet via your Internet Service Provider. These servers can easily identify who you are based on your IP address and connect with you. This exposure of your IP address is what can inform the target who you are and where you are in the world.
In its most basic form, the Tor network removes that information and just supplies the end-user with an IP address that belongs to the Tor network, not you. As a result, you have effectively disguised yourself from the end website you are visiting or the target person with whom you may be conversing via the Internet.
Mistry said that keywords are very important on darkweb too. Data that can be searched on darkweb includes individual data (key personnel, email, contact, phone number), organizational data (business location, phone number, security policies, social media assets), network data( IP data, internal domain names, name servers, email servers).
He showed live examples by taking the audience through various forums and rooms.
Mistry emphasized that examination of Darkweb can be through:
– Host based Investigation which includes disk forensic, sniffing, memory forensic
– Open source: OSINT, online resources, tools from GitHub like Repo
– Commercial groups: Darktracer, Sixgills, Volon
Those who want to ask questions the experts can send their queries by sending mail on firstname.lastname@example.org .
Follow The420.in on