This webcast originally aired February 20, 2025.
Join us for this one-hour Black Hills Information Security webcast with Joseph – Security Analyst, as he shares with you what he’s discovered and learned about the Dark Web, so you never ever ever have to go there for yourself. But, if you are going to go there, he’ll show you how to navigate from place to place. It’s not safe to go alone, here… take this knowledge with you.
Highlights
Full Video
Transcript
Deb Wigley
All right, Joseph, thank you so much for joining us and everyone else who is watching, thank you for joining us today for this Black Hills Information Security webcast with Joseph. he’s going to be talking about the Light at the End of the Dark Web.
He actually is in the Dark Web right now coming to us from the Dark Web. So Joseph, take it away.
Joseph
All right, fantastic. Welcome everybody. This is going to be about a, 40 minute, just visual representation of, the Dark Web, the origins of the Dark Web.
It’s about ransomware. I’ve got a cool interview with someone incredibly smart. Lots of cool stuff here. there’s going to be no slides, no PowerPoints. It’s not going to be technical. So, with that being said, take it easy, relax, enjoy the show.
Joseph (Voiceover)
Foreign a hidden layer of the Internet that may be mysterious to some.
Beyond the reach of your typical web browser and favorite e commerce sites lies a network where anonymity is king and secrets thrive.
There is good, there is, there’s bad. A digital underworld that few explore. Welcome to Light at the End of the Dark Web.
In this journey, we are going to peel back some of the layers of Tor or the Onion Router. We’re going to discuss the good and the bad.
So where did the Dark Web, originate from? Back in the 90s, the Navy understood that the lack of security on the Internet, as most of us know it, had some serious security flaws.
The Navy wanted a version of their own Internet that was anonymous in its earliest days. The pioneers of Tor knew the network needed to be decentralized, meaning it should be controlled by many instead of one.
In late 2002, the Tor network was deployed and quickly took off. It took off so quickly, in fact, that the Electronic Frontier foundation began funding the project.
And Shortly thereafter, in 2008, a browser specifically for the Dark Web was released. Nowadays, Tor is decentralized and controlled by thousands of relays set up by a series of volunteers.
Some may think the Dark Web is a dangerous place, full of illegal activities. Others say it’s about privacy, it’s about human rights. We’ll let you be the judge.
You might not be familiar with different parts of the Internet and what they all mean. To put it simply, you have the Surface Web, which is visible, it’s searchable to everyone on the Internet that we use every day.
We also have the Deep Web, which is not necessarily indexed by any search engines, and it might require user and password, or it might even be restricted by where you are in the world.
and finally, we have The Dark Web or the Onion router. Tor, similar to the Deep Web Accepted, focuses primarily on anonymity.
And in order to access it, you need a special browser or special software. There’s even operating systems devoted entirely to letting you access Tor.
Why does everyone have a big fear of the Dark Web? Is it because it’s unknown? People are scared of what they don’t know about.
New things scare people. If you look at the news just recently, people are terrified of drones. It’s newly mainstream and people aren’t aware of how common drones are becoming.
It’s engaging content. Is it some hobbyist flying things around, or is it something from outer space? With the Dark Web, the fear really started with online marketplaces selling anything from exotic animal parts, drugs, even ransomware.
You name it, it was sold. If you think about what an interesting story this was back in the early 2000 and tens, you have a few different things.
One, a marketplace openly selling illegal things. Two, the marketplace was on the Dark Web or Tor, which was almost like digital alchemy.
And finally, the way that you had to pay for these illegal things on this weird network that’s hard to access was through a type of currency that most people were ignorant on.
when Bitcoin was a hundred dollars per coin going back to 110 BC, the first big marketplace was the Silk Road.
Named after the lucrative material dating back thousands of years, the Silk Road facilitated trade between the Eastern and Western worlds and made many, many people rich.
The Silk Road was so important that China even extended the Great Wall of China to better protect those trade routes.
Of course, it wasn’t just silk that was traded. Other commodities such as tea, perfume, porcelain and gunpowder were also sought after.
Fast forward to 2011 A.D. a new marketplace was formed, also called the Silk Road. Named after the predecessor.
Ross Ulbricht, a former bookstore owner and libertarian wanted to give people the option to buy whatever they wanted and circumvent authorities.
It began with what some people think of generally as recreational drugs. The Silk Road then slowly but surely introduced more and more until the invisible line was crossed and live and let live attitude began to change when things such as firearms were beginning to be sold.
Add shady characters, more money and law enforcement to that equation. As time went on, law enforcement did have a breath of fresh air when they were able to link the username Altoid to Ulbricht while he was trying to promote the site on a normal website.
Ultimately, the fresh Breath Ulbricht was charged with seven crimes and sentenced to two life sentences. The lure of money Was even too much for some law enforcement to handle.
DEA agent Carl Force and Secret Service agent NSA agent Sean Bridges stole hundreds of thousands of dollars worth of bitcoin.
They went to great lengths to launder bitcoin and convert it into traditional currency. Interestingly enough, Donald Trump stated in mid-2024 that he would commute the sentence of, old brick.
Did this stop Darknet marketplaces? The short answer is no. Other variations of the Silk Road were launched by former moderators.
Other entirely new marketplaces such as AlphaBay began to pop up. Now if you think that Silk road was big, AlphaBay was much larger.
With Silk Road paving the way, disrupting the market for illegal commodities and a massive growth in cryptocurrency. At that time, AlphaBay Exponentiated Silk Road’s earnings while operating for less time than Silk Road itself.
Alphabay became so big so fast, to no surprise it garnered the attention of multiple law enforcement agencies. Similar to the OPSEC fail of Albert, the founder of AlphaBay, Alpha02 left a personal email address and forum posts on AlphaBay.
He also did not take the time to mask his source IP address when logging in as an administrator, allowing authorities to trace activity back to Thailand.
What does the evolution of these contraband marketplaces look like? Interestingly enough, they aren’t too far off from a normal e commerce site other than the products that they sell.
A quick look at currently operating Dark web marketplace Venus shows discount codes and even live chats to help customers. So how does law enforcement identify and shut down these operations?
It’s not easy. The rapid changes in technology over the past 15 years have been nothing short of monumental. The government has to adopt entirely new methods to catch criminals.
Tracking cryptocurrency transactions, patterns of those transactions, monitoring packages at postal facilities and performing control deliveries.
Even placing tracking code inside of messages that may reveal maybe a residential IP address, potentially circumventing your connection to Tor.
It’s a complex cat and mouse game that is ever evolving. There are also plenty of scams on the Dark web, such as Hitman for hire websites.
While these sites could be run by authorities, they are certainly monitored by authorities. In the case of Christy Lynn Falcons, a woman charged in a murder for hire plot, Christie paid 12 Bitcoin $5,000 at the time and over $1,000,000 today.
Thousands of messages were sent back and forth about the planning of this crime. Discussing workplace scheduling methodology, and possibly the most disturbing part of it proved that the job was done.
The assumed Hitman was an undercover FBI agent. Christie was charged and sentenced to Five years in prison, not exactly on the dark Web.
But in 2023, an airman in the Air National Guard was arrested for applying to a hitman website that was a parody. Authorities were alerted, and again, an undercover FBI agent made a deal.
After multiple attempts to dissuade the airman from going through with the job, the airman was charged and is facing up to 10 years.
He was sentenced on February 7, just a couple of weeks before this webcast. And while it’s reasonable to assume a hitman site would be monitored by authorities, thousands of orders still went through and still go through these sites.
Jealous lovers, disgruntled business partners, and even devastated gamblers. M Ransomware and malware is big business on the dark web.
You can pay for it as a service. You can buy the software all by itself. You can even buy access to a network to perform malicious actions from the context of an employee, potentially even an employee with privileges.
Now, you might be wondering, where did ransomware originate? Well, back in the late 1980s, a Trojan horse called AIDS would monitor the number of times your computer would boot.
Once your computer booted, 90 times. The files in your hard drive would be hidden and then encrypted. Oddly enough, the inventor of the first ransomware was a biologist with a PhD from Harvard who was also studying AIDS.
Another interesting fact is that to distribute this ransomware, it had to be mailed by snail. If you didn’t want to lose your life’s work, you had to pay $189 to a P.O.
box in Panama. Talk about a disgruntled employee. He was arrested in Amsterdam’s Schiffle Airport and charged with multiple counts of blackmail.
A very cool thing about the story is the humanity that was involved. Jim Bates, who published in detail how to decrypt the ransomware so that users could get their data back.
I truly feel like that is the cybersecurity community of today. Helping others and sharing knowledge. Now, in the 2020s, ransomware distribution is far more sophisticated.
There are as many ways to execute malware as there are ways to make a pizza. Another interesting trend that I’ve personally seen over the past six years is, is the businesslike function of ransomware groups.
These groups had official playbooks for compromise. They even use project management software like Jira.
A little bit about my past. Back in the late 2010s, I was entrenched in all of these different red team certifications, physical security certifications, trying to become the best I could be with all the different C sharp assemblies.
It did Post exploitation within a command and control framework. I actually made my own playbook and even had a public GitHub project that, attempted to automate certain enumeration and exploitation tasks so that all commands aside from the variables such as maybe a user or a computer name, would be consistent and you wouldn’t get errors when executing these tools, potentially ruining your own Red Team operation.
And during that time, while performing some Purple Team engagements, which are collaborative projects between hackers and defenders, I was given some direct ttps from a very expensive threat intel source who was concerned with the impact of a ransomware attack and what ransomware operators were performing.
And their playbooks were so similar to the, commands and the tools that I was using during Red Teams. I thought I was looking at my own notes from Red Team courses.
And it made me think, how many of these bad actors are in the same classrooms I’ve been in or studying the same thing I m am.
What kind of money can you make from a ransomware attack? Well, a lot more than dimebags on the Venus market place. Let’s talk about. Seemed like the year 2021 was rife with ransomware attacks, almost a golden age for attackers.
A lot of companies were rolling out their own security operations centers and EDR. However, many were not quite there yet. In 2021, CNA Financial paid out $40 million to a ransomware group believed to be linked to the criminal group Evil Corp, using a, variant of the Hades ransomware called Phoenix.
This ransomware appeared to be a browser update. CNA employees were locked out of the network for approximately two weeks, simply ignoring the hackers and trying to recover the data on their own.
Defenders who analyzed the ransomware came to the conclusion that it was definitely a variant of, a different type of ransomware Hades.
These days, modifying code, sometimes even a singular byte, could allow an attacker to use a, highly functional code base that’s detected statically, meaning just on disk, not running, and get around those detections.
Sanctions were ultimately brought against the Russian group Evil Corp. Also in 2021, a ransomware attack on the Colonial Pipeline affected more than just a business.
But had Americans panicked that gas stations would just stop working, people couldn’t get to their hot yoga classes, or worse, that an explosion would happen and casualties would be involved.
The payout from this attack amounted, into $4.4 million. This did cause some fuel shortages on the east coast, but luckily half of this ransom paid was actually recovered.
How the FBI recovered the Bitcoin is unknown. The interesting thing about this is The FBI just had a private key to a bitcoin wallet with this money in it.
Very interesting. Also in 2021, JBS Foods, one of the largest meat companies in the world, who processes approximately 20% of beef and pork in the United States, was hit by ransomware.
The group responsible for the attack was our evil, a Russian linked ransomware group. This ransomware attack caused five large plants in the US to be shut down.
This caused mass fear of meat shortages and price spikes. $11 million worth of Bitcoin were paid to get the data back and resume operations.
Our Evil really hit the FO button. As both the President and the FBI were investigating the attack, they worked with Russian authorities who were kicking in doors.
And the FBI seized their infrastructure to include payment portals and data leak sites. Going back a little bit further, in 2019, the Spring Hill Medical center in Mobile, Alabama was affected by a ransom ransomware.
This attack caused business disruptions and as a result the newborn baby suffered severe brain injuries and died shortly after. And this was due to monitoring equipment being inoperable during the ransomware attacks.
Otherwise medical professionals would have been able to identify the issues with the baby and resolve them. In 2020 at Dusseldorf University Hospital in Germany, a woman who needed emergency care during a ransomware attack was diverted to a hospital not affected by ransomware and died as a result of this due to the fact she needed immediate care.
Oil and gas pipelines, supply chain disruptions for food, innocent women and children dying because of a ransomware cash grab have been real life consequences of of these attacks so far.
Fast forward to 2024. According to National Security Advisor Anne Neuberger, nine telecommunication companies and dozens of other companies have been compromised by China.
Phone calls can be recorded, metadata can be stolen and high value targets could possibly be geolocated. So what is the solution to this?
The guidance was just simply address cybersecurity gaps, nothing concrete. Now let me give a shameless plug and some guidance on how to address certain cybersecurity gaps.
Watch BHIS content. Companies that follow our guidance and get pen tests make life so hard for pen testers and red teamers. It might not protect against a zero day necessarily.
I mean it is a zero day, but if you keep patching up to date, perform vulnerability scans, you have mfa, you enforce least privilege, you have edr, all of that good stuff, you will make it tougher.
If you log all of the things that you can log and you still get compromised, that information could be valuable to other organizations and defenders trying to help.
And it may Help them not to go through what you go through. It is the official stance of the FBI and CISA not to pay ransomware, but this is not necessarily a cut and dry decision.
A few of the obvious reasons not to pay ransomware is. Well, paying a ransom, does not necessarily guarantee that you will get your data back.
It also does not guarantee that an attacker won’t create and maintain some type of persistence to compromise you in the future or even just sell access to your environment to another ransomware group.
Access as a service is a real thing. And finally, paying a ransom, it does further encourage other threat actors to, to continue these attacks.
A couple of things that you might want to think about and why it’s not necessarily a cut and dry question, and answer is, hey, how much money does the downtime of a network cost compared to the ransomware cost?
Are there safety issues involved? Healthcare systems, aviation, chemical plants. I sat down with a top level incident responder who has been dealing with ransomware and other attacks for almost a decade.
I worked with him once upon a time, and I have to say, this guy is the real deal. His name and voice have been changed due to the fact it’s right after Christmas and he should actually be putting away decorations instead of having lunch and doing interviews with his hacker friends.
Friends.
AI John Wayne
Welcome.
Joseph
Thanks for coming out here. Tell me, how did you get started doing cyber security?
AI John Wayne
Well, thank you for having me. it started kind of like my acting career. Completely by accident, but with a dash of flare. Folks started getting pushed around by no good varmints.
Cyber ones, that is. I reckon I wasn’t going to stand by while these outlaws wreaked havoc. So I saddled up, learned the ropes, and started cleaning up this digital frontier.
Turns out it was a whole new world from that point on. I, was hooked. Cybersecurity is a bit like being the sheriff in a town full of outlaws.
You’ve gotta be sharp, fast, and always one step ahead. It ain’t glamorous, but someone’s gotta do it. Protecting folks and their livelihoods, that’s the kind of job worth doing.
Joseph
Can you tell me a little bit about the first major incident that you worked?
AI John Wayne
Well, let me tell you, my first major incident was a real doozy, like a bar fight where nobody told me which side I was on. It started with the company’s entire system locking up faster than a bad carburetor on a rainy day.
Turned out they’d been hit with ransomware. And not the cheap kind either. It was the high end stuff. I rolled in with all the swagger I could muster, but inside I was sweating bullets.
We had to figure out where it started, stop the spread, and see if we could save their data. All without tipping off the attackers. It was chaotic, a little terrifying, and more than a little exhilarating.
In the end, we got the systems back online. What did I learn? Always back up your data and never underestimate the value of a cool head and a good team.
Joseph
What are some of the significant trends that you’ve seen in ransomware attacks lately?
AI John Wayne
Well, these ransomware cowboys aren’t playing by the old rules anymore. They’ve upped the ante with double and triple extortion. These ransomware folks aren’t just locking you out of your own files anymore.
They’re stealing your data and threatening to spill your secrets if you don’t pay up. And if that’s not enough, they’ve started targeting your customers or partners too, adding even more pressure to cough up.
It’s like a hostage situation with a side of blackmail. It’s like handing out guns in a saloon. Suddenly everyone’s dangerous and the volume of attacks is shot through the roof.
Supply chain attacks. Why break into one bank when you can hijack the armored train? Attackers are going after vendors and partners, spreading their ransomware through the supply chain like wildfire.
AI, and automation. These bad actors are getting smarter and faster. They’re using AI to sniff out vulnerabilities and automate their dirty work. From phishing campaigns to brute force attacks.
It’s like giving a bandit a rocket launcher instead of a six shooter. Targeting critical infrastructure. Healthcare, energy, transportation, you name it, they’re going after the systems.
We can’t live without knowing the downtime here has catastrophic consequences. It’s a calculated play to hit us where it hurts the most.
Joseph
Do you think that there is a type of organization that is at the highest risk of being attacked? Or would you say it’s more of an opportunistic attack?
AI John Wayne
You’d think they’d go after the big fish. Sure, healthcare and critical infrastructure are prime targets. They’ve got no room for downtime. But let’s not kid ourselves. These days, they’re hitting anyone who leaves the door unlocked.
Small businesses, hospitals, schools, you name it. If you’ve got something they can financially squeeze, you’re a target. It’s less like a sniper and more like a shotgun blast hitting anything in range.
High risk sectors. Healthcare, education and critical infrastructure. Due to limited cybersecurity budgets and and high stakes for operational continuity SMBs.
Small to medium businesses often lack robust cybersecurity defenses, making them attractive targets. Opportunistic attacks. Attackers often deploy ransomware opportunistically, using automated scans for vulnerabilities, meaning any organization with a weak point can be a target.
Joseph
How do attackers typically gain initial access for ransomware deployment? And how can defenders close these gaps?
AI John Wayne
They’ve got a bag of dirty tricks. Phishing emails, weak passwords, unpatched systems. It’s like leaving your car running with the keys in it. If you want to stop them, you’ve got to lock the doors.
Multi factor authentication patches and for heaven’s sake, stop clicking on links from that Nigerian prince. 1. Opportunistic phishing emails delivering malicious links or attachments.
2. Exploiting vulnerabilities, unpatched software or misconfigured systems. During 2023 and 2024, there was a huge race to compromise organizations with exposed VPN appliances that are Internet facing.
3. Compromised credentials through brute force or stolen credentials from prior breaches. Another component of the ransomware business model is initial access.
Brokers will solicit access to organizations on underground forums. Implement multi factor authentication for all critical systems.
Regularly patch and update software to address vulnerabilities. Use network segmentation to limit lateral movement. Monitor for unusual activity with endpoint detection and response.
EDR tools conduct regular training to educate employees about phishing and social engineering.
Joseph
Can you walk us through the first 24 hours of responding to a ransomware incident?
AI John Wayne
First, you circle the wagons, quarantine the infected systems. Then you figure out what you’re up against. Call in the cavalry if you need to. there’s no shame in asking for help from third parties that specialize in forensics and incident response.
And remember, don’t go deleting anything. That evidence might be your lifeline. 1. Detect and assess. Identify affected systems and confirm the ransomware attack.
Isolate infected devices to prevent spread. If detection and visibility gaps are found, then deploy EDR by XDR tool to affected endpoints.
2. Contain. Disconnect network segments if necessary. disable accounts that show unusual activity. 3.
Notify internal stakeholders and engage incident response teams. Contact external experts, cybersecurity firms, legal counsel. 4.
Preserve evidence. Avoid deleting files or logs. They may aid in investigation and decryption. Perform live triage of forensic data on impacted systems.
Forensics performed on disk should be focused on critical systems impacted or patient zero due to cost time to analyze.
5. Response planning. Decide on a negotiation stance, for example ransom payment with leadership and legal advice. Start backup Restoration if backups are unaffected.
6. Engage law enforcement. Report the incident to local authorities and or federal agency.
Joseph
What advice do you have? Have for leadership teams to prepare for ransomware scenarios most effectively.
AI John Wayne
Plan for trouble before it rides into town. Have a response plan. Keep your backups in a safe place and don’t skimp on training your team when the chips are down.
Preparation is what’ll keep you standing. Develop an incident response plan. Include ransomware specific scenarios and practice through tabletop exercises.
Invest in cybersecurity. Implement robust tools like edr, siem, and firewall protections. Ensure regular cybersecurity training for employees.
Backup and recovery. Maintain frequent immutable backups and test restoration processes. crisis communication. have a communication plan ready for internal teams, customers and regulators in case of an incident.
Cyber insurance. Consider policies covering ransomware.
Joseph
Which policies or regulations would you like to see implemented to combat ransomware? At a more broad level, I’d,
AI John Wayne
Like to see tougher laws on these ransomware gangs and some international cooperation to bring them to justice. And how about rewarding companies for doing things right? You fight the good fight by making it easier for folks to do the right thing.
Mandatory reporting. Require organizations to disclose ransomware attacks to government authorities for better tracking and response coordination.
Cryptocurrency oversight. Enforce stricter regulation and traceability for crypto transactions used in ransom payments. Global cooperation.
Establish international agreements to prosecute ransomware gangs operating across borders. Cyber security standards. Mandate minimum cyber security standards for critical industries and SMBs.
Ross crackdown. Actively target and dismantle ROSS infrastructure and forums facilitating cybercrime.
Joseph
What has been your most challenging experience in defending against ransomware? And what did you learn from it?
AI John Wayne
The toughest part about fighting ransomware is how they’ve twisted cryptography, the very thing meant to protect us, into a weapon against us. Security’s all about sharing data safely, keeping it confidential and secure.
But these crooks have flipped the script. Using encryption to lock us out of our own systems. It’s like hiring a guard dog only to have it turn on you. And that brings up a tricky question.
Should we give law enforcement and other groups the keys to bypass these safeguards? It’s a slippery slope. You start making exceptions, and pretty soon you’re wondering if the lock’s even worth having.
It’s a fine line to walk between protecting privacy and stopping the bad guys.
Joseph
Finally, what motivates you to stay ahead of the curve and the fight against ransomware and threat actors?
AI John Wayne
Just as the Duke stood for protecting the vulnerable and standing tall in the face of adversity. I’m motivated by the knowledge that every effort to outsmart ransomware threats, threat actors protects individuals, organizations and communities from harm.
Oh, and a little bit of money doesn’t hurt either.
Joseph
Thank you so much for giving us an idea what it’s like to work in an incident response role dealing with ransomware. And thank you for sharing the experiences that you’ve gained with that.
Hopefully anyone watching can take some insight from this if they ever experience a breach themselves. Now let’s talk about some good intentions from the dark web away from, the shiny illegal marketplaces and big ransomware incidents.
Some countries, including China, have robust monitoring of all data coming in and out of the country. Censorship does wonders for keeping people as sheeple Censorship has been around since the beginning of the Internet.
Sometimes it’s used to control the narrative of events. If human rights are violated, opposing political views are increasing.
On the inverse. Some censorship is meant to protect against things like hate speech or prevent things like distribution of copyright material.
One instance of this was the Arab Spring wave of protests in 2010 until 2012 in the Middle east and North Africa.
During these protests, people’s identity was protected and they were able to access social media websites and communicate online where they may have otherwise been blocked.
Rulers were deposed, most notably Muammar Gaddafi. Protests did eventually fade in 2012 due to violence from authorities at these protests.
There’s also hacktivists such as the group Anonymous. I’ll assume since you are on this webcast, who they are. Well, they actually declared war against ISIS in 2015, which is an Islamic extremist group.
The weapon of choice being denial of service and shutdown of social media accounts and jihadist forums. An interesting fact about censorship in 2022 the Shutdown Tracker Optimization product, otherwise known as Stop a Tracker, which documents and contextualizes Internet shutdown based on the magnitude, the scope and the causes of the shutdown, noted 187 shutdowns across 35 countries.
More than just political restrictions, countries disallow the ability to practice religions. A bit difficult to comprehend. The depth and weight of this while living in the United States, countries such as Afghanistan, North Korea, Somalia, Yemen and Nigeria, to name a few.
There are even Bibles on the dark web imagining extreme consequences up to death for reading a book that you can find in almost every hotel in America is frightening.
Have you ever been scared to say what needs to be said? More importantly, have you ever been scared that if you do say what needs to be said, you could do serious prison time or Worse, Secure Drop, an open source whistleblower system, helps with that.
A secure way to share files with media outlets on Tor. Originally designed by Aaron Swartz and Kevin Paulson under the name Dead Drop, SecureDrop is now managed by the Freedom of the Press Foundation.
SecureDrop was launched in May of 2013. Some notable orgs that use securd Secure Drop are the New York Times and Associated Press.
Let’s go over a few examples where SecureDrop was used to communicate information between someone involved in a situation and journalists that were trying to get coverage and disseminate the information to the public.
one of those is the Flint water crisis. So back in 2014, Flint, Michigan was facing a financial crisis.
And in order to cut costs from this financial crisis, Flint switched its water source from Detroit’s water system to the Flint River.
the water, it was very cool, corrosive, and the water treatment plant failed to properly treat it. This caused a lot of severe health problems, particularly in children.
And thousands of residents were exposed to lead to other toxins. And the residents immediately noticed changes in the water’s color and the taste and the odor.
And initially officials just downplayed or outright dismissed the concerns. Water was ultimately switched back to Detroit’s water system.
However, damage to the pipes had already been done. Multiple officials faced charges for their roles in the crisis. Some, even including manslaughter, spent the last 30 minutes exploring the good and the bad of the Dark Web.
We’ve seen how it can be a tool for privacy, free speech, even legitimate research and journalism. But also how it harbors criminal activity, illicit marketplaces, and dangers that can impact both individuals and businesses alike.
The truth is, the Dark Web isn’t inherently good or evil. It’s simply a tool. like any powerful tool, its impact depends on who’s using it and what purpose they are using that for.
if there is a need for you to access the Dark Web, go for it. But be aware of what you could get into. It’s a place that champions anonymity, so you will want to make sure you’re anonymous.
We aren’t going to to go into the detail about what the best way to access the Dark Web is. There are many ways to do it. Emulators, virtual machines, even browsers with extensions.
The level of operational security needed is pretty simple. The higher the risk of what you do, the higher level of anonymity you are going to need.
Network Chuck has a video. John Hammond has a video. There are many others that you can find just by going to YouTube or some other similar place and just typing in how to access the dark red.
With that being said, thank you so much for joining.
Deb Wigley
Yeah, that was. I was not expecting John Wayne. Be honest. It was wonderful.
Joseph
Thank you.
Deb Wigley
Any, final. Were you going to talk a little bit more? Did you want to do live Q and A?
Joseph
Yeah, sure. People have some questions. I’d be glad to answer what I can answer.
Deb Wigley
Cool. Awesome. Very, very new. It’s new for us. I liked it very much. It was awesome.
Joseph
Yes.
Deb Wigley
Well done. And if you have any questions for Joseph or any of us, go ahead and put it into the live chat in Discord or in Zoom, and we will try to answer all the questions that you have.
M. They would love to know about the workflow for making this.
Joseph
Yeah, so, everything was done in canva. I’m very flattered that people thought my scripting, and everything else like that was through AI.
It was not. I promise it was me. I actually had a couple flubs with the things that I said. the A.I. was. So we use CANVA to put together everything.
So that includes the audio that you hear on the tracks, the videos that you see. the backgrounds that you see were done through, a couple different things that have demonetized, or whatever.
Free, sounds, and visuals. looks like a lot of people were kind of interested in the, AI For John Wayne as well as myself.
That’s pretty simple. there’s a tool called 11 Labs, which is great for voices, and there’s another tool called Hydra, which is, for faces and, the lip sync and all that kind of stuff.
So, yeah, put it all together. Just a bunch of research, a bunch of toying around with what things sound like and how everything is, yeah, everything in canva, some AI, for the, faces and the voices and all that kind of stuff.
And just, a lot of research is very cool.
Deb Wigley
Very cool. we have one question. Isn’t the Dark Web still all TCP ip? So how does it require Tor?
Joseph
So basically, where is that question here? Yeah, it’s a series of nodes that are put together by a bunch of volunteers that agree to be, TOR nodes.
And you just have to. Generally you have to have a special kind of software. if you all are curious about going on to, Tor, there are a couple of easy ways that I’ll go over really quick.
so one way is there’s a virtual machine. This is the way that I kind of prefer, is an Operating system called Hunix. And that’s W H O N I X.
you can just go to whonix.org if you just want to do it kind of easily and you’re not too worried about the computer that you’re on. there is Brave.
browser actually has a Tor extension. So kind of like on your Microsoft Edge, you can go to in private browsing with Tor or with Brave, you can actually open up a browser in Tor.
so that’s, that’s kind of how it works. Yeah, yeah. Who next is a good route? Needs virtualbox. so that’s kind of how it works. A bunch of nodes that are set up by other people and the way to do it.
Yeah, Brave browser, Whonix is a good one. Yes. John Hammond. that is a great resource to see how to actually access the dark web.
Kelli Tarala
Hey, Joseph, we have another question from the audience as well.
Joseph
Sure, what’s up?
Kelli Tarala
One of our folks have asked, if you can explain how ransomware demands have changed as the price of cryptocurrency has changed. What’s the relationship between the two?
Joseph
I wish John Wayne was here to sort of answer that. how. That is a really good question. Let’s see here.
is this in Discord Kelly?
Kelli Tarala
no, this actually is in the Q A in Zoom.
Joseph
Okay.
Kelli Tarala
There’s looking at it came in about 144.
Joseph
Okay, let me see here. so I, I have kind of seen that, the, the price of ransoms have gone down a little bit.
don’t quote me on that, but just through conversations that I had, when my buddy came over, we had lunch and we talked about all kinds of different ransomware stuff.
a lot of ransoms can kind of get paid for like, cheaper than some of the other ones is, is one thing that I’ve noticed.
but, as far as how ransom demands change with the changes in prices of cryptocurrency over the last decade. Yeah, that’s, that’s a really good question.
I don’t, I don’t have a great answer for it.
Kelli Tarala
yeah, Joseph, I think the question really is has the price of ransomware changed, according to the price of Eggs.
Deb Wigley
Too Soon?
Joseph
so, so I’ve been, I’ve been privy to a few, to a few ransomware incidents. And you have the big ones where a big supply chain attack happened and yeah, supply chain attack and all these different attacks that I talk about with the bigger numbers, JBL and, and everything else.
But I do know that there, there are cheap ransomware, ransoms that can be paid. So, 10, 20, $30,000.
I think really, I think it really just depends on the sophistication of the ransomware actor or the ransomware group. For instance, if you have a very sophisticated ransomware group and they compromise someone with a lot of valuable assets and they actually know what they’re looking at when they get access to a network, and they know that the net worth of whoever is compromised is a very high net worth, your, your ransomware price is going to be really high.
However, I, would assume that if you were to purchase like, access as a service or, you were able to find some kind of breach credentials and get in somewhere and you bought some ransomware.
So you’re kind of a hodgepodge, ad hoc ransomware group. If you want a couple of buddies, you’ll probably be fine with asking for a lower price.
I would also assume this is kind of going sideways. I would assume that, the methods of payment may change. Ransomware groups may want a, more anonymous type of, cryptocurrency, as opposed to Bitcoin, which, can be traced.
I know that you can purchase certain types of Bitcoin or, sorry, certain types of, of crypto that is untraceable. I think, was it Monero is one of them.
so that’s. That’s kind of my answer on that. I don’t have a great. I don’t have like a, a Gantt chart of ransomware prices on every single time someone’s been ransomed.
Deb Wigley
So, someone from the audience said ransomware are going to start charging by egg dozen instead of Bitcoin, which sounds very.
Hopefully that’s a joke.
Kelli Tarala
Deb, we have another question from Mama Sugar Cake, and she’s asking, for Joseph, do you anticipate or already see organizations purchasing cyber insurance and then becoming more laxed with their security posture?
Great question.
Joseph
I can’t really speak on that. As a matter of fact, I think that people buying cyber insurance are getting more secure. And here’s why I say that. The reason that I say that is because if you pay a certain amount of money for cyber insurance, there are benefits, right?
Like if you have car insurance and you haven’t gotten into a wreck in several years, your car insurance goes down, right? If you have safety features, your car insurance goes down. With cyber insurance, it’s very similar.
You can get actual discounts for, if if you’re an organization with no red team and no penetration testing team, you can actually get discounts on cyber insurance by having pen testers and vulnerability assessments in red.
So I do know people who work at organizations, and they literally were hired and their program was stood up simply because the organization wanted, wanted cheaper cyber insurance.
and now that those folks have been into the organization as an internal penetration testing team, performing that type of work, they have gotten more secure and they are hardened.
also when you have your own internal penetration testing team, red team, et cetera, it’s a lot easier for an organization to perform those on the fly checks.
So if it’s Friday afternoon at 4pm and someone wants to drop a zero day and the source code for it, then you can have somebody who’s a penetration tester for that organization perform that check, see the exploits, see what the risk of the vulnerability is, and then test that and potentially patch it themselves, or pass it off to a vulnerability assessment team as opposed to calling BHIS for a pen test getting scheduled a month or two out after all the exploit code is released in your poem.
So in my opinion, the people that I know and my experiences and conversations, people that get cyber insurance actually in some cases do become more secure.
AI John Wayne
Let’s see.
Deb Wigley
How about any resources for blue teams that are trying to stay ahead of their org credentials data, being offered for sale on the Dark Web?
Joseph
Yeah, absolutely. so there’s actually services now with intel and you don’t even have to access Tor or the Dark Web to get this information.
You can actually see if you’ve been breached. one of the easiest ways to probably do that is maybe sign up for have I been pwned? That’s been around for a very long time to see if you’ve been pwned.
Create something. If you [email protected] you can do regular searches for any credentials that match bhis.com.
there’s also penetration testing firms, like BHIS, that actually look for things like that on a pretty frequent basis. if you are ad hoc, you work in a SOC somewhere, you don’t want to pay for a service or anything like that, like a pen test or anything.
There’s I would suggest exploring it yourself, figure figuring out a risk model for accessing Tor and doing the research yourself.
so looking through forums and other things of that nature for breach credentials. I was on a lot of different ransomware sites and they literally say they’re like, hey, here.
And they actually have data on there. I’m not going to go into the Onion addresses. but if you’re just kind of curious, I would suggest if you’re curious and you don’t want to pay, I would suggest, getting on, getting on tour and doing the research yourself.
The hidden wiki is a good place. There’s also, top 50 tourist, sites that you can go to, and it literally has different lists of places you can go.
Look through those ransomware sites and, kind of do some research for yourself.
Deb Wigley
Perfect. Kelly, did you see anything else?
Kelli Tarala
Oh, there’s a juicy one. I’ll pitch it Joseph and let you, take a swing at it. This came in, in the Q and A in Zoom.
it’s From Joseph, about 150. And the question is, do you consider the recent events in the government, I’m assuming the United States, a prelude to a cyber attack? Wait, using dark web and crypto as escape routes?
Joseph
Oh, it’s not a prelude. It’s already happening. So, like, in the middle of my talk, I talk about all the different telecom companies that have been hacked. I know that there’s been links, and I, may be wrong.
Please correct me if I am wrong. but I know they were talking about, some North Korea. Some folks in North Korea were caught and they were planting malware somewhere and, basically using it to ransom and make money for that, for that country.
yeah, crypto is big. It’s not a prelude. The cyber attacks have not only happened, but it’s public. And Ann Neuberger talks about all the different telecommunication companies that have been hacked already.
Last I checked, it was nine. So it may be more now. And, how they have been hacked is, It’s. It’s really unknown.
it sounds like whatever sort of, network protocols or protocols to. To interact with the compromised machines. Who, who knows how sophisticated that is, might, be so sophisticated.
There aren’t really, There aren’t really monitoring and logging for those types of attacks. And that’s also why I said in the webcast that said, hey, even if you are compromised, even if you don’t know what’s going on, try to log everything.
That way you can go out and help everybody, even if you’re compromised. If you log everything and pass that information on to someone who can, the, the wizards out there.
but, yeah, it’s not a prelude. It’s Already happening in my opinion, so.
Kelli Tarala
And Joseph, just to clarify, you’re talking about Salt Typhoon, right?
Joseph
Yes.
Joseph
Yep, yep.
Kelli Tarala
Deb, do you have any questions?
Deb Wigley
I, I mean, I have a lot of questions, but. Okay, Mama Sugar cake. I love that username. Do you have any recommendations for people whose online info has been found on the Dark Web?
Do you suggest abandoning that info if possible? And it’s in Discord.
Joseph
It’s in Discord.
Deb Wigley
Yeah. Like it for you?
Joseph
Yeah, yeah, absolutely. If, if your information is compromised, I would definitely suggest changing all your passwords. Make sure that you have mfa.
if you think it’s your computer itself that has been compromised, you might actually want to actually just completely reimage the computer itself and put a new operating system on it.
but yeah, if you’re, if your info has been found on the Dark Web, yeah, absolutely. Change your passwords, make it a super long password. I also suggest that if you have a computer that you have fun with, you’re on these Discord chats and you’re on these other little, fun places to be, maybe separate that machine, from a machine that you’re accessing your bank accounts with.
Just sort of keep that stuff completely separate. but yeah, definitely abandon change of passwords, mfa, separate, things that may have access to your money, etc.
However, yeah, there’s, there’s not always stuff you can do about it. Sometimes it’s an organization that gets popped with your password.
Also, don’t reuse passwords.
Deb Wigley
Mhm. yeah, great answer. Kelly, do you want to take the credit, card processing question?
Kelli Tarala
I misplaced it.
Deb Wigley
Why is it that visa, American Express, MasterCard won’t provide credit card processing, authorization, clearing and settlement to the authorities for these ransomware transactions that are paid via, credit cards?
No, it’s in Discord. It’s also in Zoom as well.
Joseph
Did you direct that to Kelly?
Deb Wigley
no, it was to everyone. Kelly, you can answer it if you’d like.
Kelli Tarala
I don’t. I think that’s a Joseph question.
Joseph
Yeah, okay. okay, so, so why is it that credit card provide.
Kelli Tarala
I have to go back and read it myself?
Joseph
Yeah, I’m not sure. Yeah, that is a good question.
Joseph
Provide credit card processing. Yeah, I’m not sure, but I mean, a lot of the settlement stuff is not through your typical send it to this account number and, and everything else it’s, hey, give us, Give, us crypto.
Send crypto to this wallet. So, actually I don’t even know if. I’d be really curious to know if any ransomware attacks have been paid through a typical Visa, Amex, MasterCard.
I would be very curious to know. because if, if they are, then I feel like. I feel like that would be a really easy way to get caught.
Deb Wigley
Seems a little short sighted.
Joseph
Yeah, yeah, yeah.
Deb Wigley
Yes. I, think we got them all. you can keep asking, answering questions or asking questions in the discord and in Zoom, and we’ll kind of wrap it up with Joseph’s final thoughts.
And then we’ll stay around for a little, a little bit more Q A, if you have any. So, Joseph, you could sum up everything, video, every, everything, everything, everything in life and 41.
Sir, what? Final thoughts? Final thoughts with Joseph.
Joseph
Final thoughts. I kind of gave some already. please, if you want to go. If you’re a blue teamer and you want to check for ransomware and you want to check for breach credentials, I encourage you to do so.
however, I would like to caution everyone that it is a place that, covets anonymity and prioritizes anonymity. So please, when you do, access it, try to be on a segregated computer from your network.
Try to use a VPN when you are doing it. be careful when you are on it. please don’t do a bunch of silly, stuff like pay Bitcoin for hits.
and, yeah, yeah, go explore it. It’s a really fun place. I think it was, what’s his name? I forget. But he was talking about the hidden wiki.
Maybe go there, check that out, see what you can get into. Have fun. I know there’s even social media sites on the Dark Web, that are completely anonymous.
but, yeah, final thoughts.
Deb Wigley
The Dark Web is a fun place, Joseph.
Joseph
Yeah, it’s interesting. It’s interesting.
Kelli Tarala
We did have another question that I’d love to hear your thoughts on, Joseph. And that was from, Aztec. I think I’m saying that right. What is the best way to determine if an individual’s info is actually out there on the Dark Web?
I don’t want to go looking for myself, but how can I verify that?
Joseph
I would say probably the easiest place to go is just haveibeenpwned.com.
Deb Wigley
Yeah.
Joseph
so if you go there, it’s just regular web. Last, time I checked that place, you didn’t need any kind of login or anything like that. You can just type in an email address or some kind of information about yourself and it’ll tell you if your passwords have been, identified in any past data breaches.
however, I haven’t seen where it tells you which breaches. So you don’t necessarily get information on whether it’s your corporate, corporate login information that has access to a lot or if it’s just, your, your Fitbit reach or something like that.
But yeah, if you don’t want to go on the dark web, you don’t want to do all that stuff. HaveIBeenPwned.com super easy. You can just go in and type in your information. type in your, your family members information.
I’m sure everybody here that does it is probably some kind of IT professional for their family, maybe help them out, check that out if they.
Kelli Tarala
Want to be or not.
Deb Wigley
I know, very true. All right, with that we’ll wrap up. Thank you guys for joining us again for another Black Hills Information Security webcast. where to find us.
We’re in all the normal places. And Joseph, thank you. Thank you again.
Joseph
That’s awesome.
Deb Wigley
Perfect. We’ll just, we’ll just kill it with fire. Ryan or Megan. You gonna let Megan do it? Yeah, Megan, kill it. Yeah, just fire. Kill it with fire.
Ready to learn more?
Level up your skills with affordable classes from Antisyphon!
Available live/virtual and on-demand
