Cybercrime in the Deep Web

Presented at Black Hat Europe 2015, Unknown date/time (Unknown duration)

All content not indexed by traditional web-based search engines is known as the DeepWeb. Wrongly been associated only with the Onion Routing (TOR), the DeepWeb's ecosystem comprises a number of other anonymous and decentralized networks. The Invisible Internet Project (I2P), FreeNET, and Alternative Domain Names (like Name.Space and OpenNic) are examples of networks leveraged by bad actors to host malware, high-resilient botnets, underground forums and bitcoin-based cashout systems (e.g., for cryptolockers).We designed and implemented a prototype system called DeWA for the automated collection and analysis of the DeepWeb, with the goal of quickly identifying new threats as soon they appear.In this talk, we provide concrete examples of how using DeWA to detect, e.g., trading of illicit and counterfeit goods, underground forums, privacy leaks, hidden dropzones, malware hosting and TOR-based botnets.


Presenters:

  • Marco Balduzzi - Trend Micro Research
    Dr. Marco Balduzzi holds a PhD in applied IT security from Télécom ParisTech and a M.Sc. in computer engineering from the University of Bergamo. His interests concern all aspect of computer security, with particular emphasis on real problems that affect systems and networks. Some topics on which he has worked on are web and browser security, code analysis, botnets detection, cybercrime investigation, privacy and threats in social networks, malware, and intrusion detection systems. He has been involved in IT Security for more than 10 years with international experiences in both industrial and academic fields. He previously worked as a Security Consultant and Engineer for different companies, before joining the International Secure Systems Lab and then Trend Micro Research as Senior Research Scientist. His work has been published in top peer-reviewed conferences, e.g. NDSS, RAID and DIMVA, and he has spoke at major security conference like Black Hat, Hack In The Box, and OWASP AppSec. His applied research has been acknowledged and published by important media outlets such as Forbes, The Register, Slashdot, InfoWorld, and DarkReading. He is now part of the review board of different conferences, including OWASP AppSec Research, Hack In The Box, DIMVA and others.
  • Vincenzo Ciancaglini - Trend Micro Research
    Dr. Vincenzo Ciancaglini earned a M.Sc. in Telecommunications Engineering from the Politecnico of Turin and a M.Sc. in Electrical Engineering, Wireless Systems, from the Royal Institute of Technology in Stockholm, Sweden. For several years, he worked as a developer at a travel IT company in Sophia Antipolis, France. During this period, he also took part in the formation of a research and innovation lab within his company, where he was responsible for analysing new upcoming technologies and their potential business developments. From 2009-2013, he obtained his PhD from the National Research Institute in Automation and Computer Science (INRIA) in Sophia Antipolis, with a thesis about peer-to-peer networks interoperability and next-generation internet protocols. Since 2012, he has worked at Trend Micro as a research scientist within the Forward-Looking Threat Research team (FTR), a team distributed all over the world, responsible for performing technological scouting and investigation on cyber-criminal activities, and their potential development in the coming years. His duties on the team go from the development of new data analytics prototypes to identify targeted attacks to the research on new encrypted networks (Darkweb), ad also research on the Internet of Things (IoT).

Links:

Similar Presentations: