Godfather 2.0
ASCL15
1,475 views
94 slides
Mar 11, 2015
Slide 1 of 94
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
About This Presentation
A detailed presentation on how criminals are using the Internet to sell drugs, guns, forgeries & financial information.
Slide Content
Godfather*2.0*
How*criminals*are*using*the*
Internet*to*sell*drugs,*guns,*
forgeries*&*financial*informa<on*
a"LEXCODE"presenta)on"by"
Rohas"Nagpal"
Shinam"Arora"
"
"
"
©"2013"Lexcode"www.lexcode.in"
Version*date:*6
th
*November,*2013*
How*criminals*are*using*the*
Internet*to*sell*drugs,*guns,*
forgeries*&*financial*informa<on*
a"LEXCODE"presenta)on"by"
Rohas"Nagpal"
Shinam"Arora"
"
"
"
©"2013"Lexcode"www.lexcode.in"
Version*date:*6
th
*November,*2013*
The*issues*addressed*in*this*document*may*be*controversial.**
"
The"misuse"of"the"informa)on"in"this"document"can"result"in"legal"liabili)es."The"author"
and"Lexcode"will"not"be"held"liable"in"case"any"person"misuses"the"informa)on"in"this"
document.""
"
This"document"is"for"educa)onal"and"research"purposes"only."Do"not"aEempt"to"violate"
the"law"with"anything"contained"here."Neither"the"author"of"this"material,"nor"anyone"
else"affiliated"in"any"way,"is"liable"for"your"ac)ons."
"
"Sites"or"external"resources"men)oned"in"this"document"are"not"under"the"control"of"the"
author"or"Lexcode.""
"
We"are"providing"these"for"educa)onal"purposes"only."Any"ac)ons"and"or"ac)vi)es"
related"to"the"material"contained"within"this"document"is"solely"your"responsibility."
DISCLAIMER AND TERMS OF USE
"
The"misuse"of"the"informa)on"in"this"document"can"result"in"legal"liabili)es."The"author"
and"Lexcode"will"not"be"held"liable"in"case"any"person"misuses"the"informa)on"in"this"
document.""
"
This"document"is"for"educa)onal"and"research"purposes"only."Do"not"aEempt"to"violate"
the"law"with"anything"contained"here."Neither"the"author"of"this"material,"nor"anyone"
else"affiliated"in"any"way,"is"liable"for"your"ac)ons."
"
"Sites"or"external"resources"men)oned"in"this"document"are"not"under"the"control"of"the"
author"or"Lexcode.""
"
We"are"providing"these"for"educa)onal"purposes"only."Any"ac)ons"and"or"ac)vi)es"
related"to"the"material"contained"within"this"document"is"solely"your"responsibility."
DISCLAIMER AND TERMS OF USE
Incubated"by"Science"&"Technology"Park""
promoted"by"Department"of"Science"and"Technology"
Government"of"India"
Contact*us*at:*
Science"and"Technology"Park,"University"of"Pune,"PuneP7""
Tel:*+91P20P65206029""""Email:*[email protected]""""Web:*hEp://www.lexcode.in"
promoted"by"Department"of"Science"and"Technology"
Government"of"India"
Contact*us*at:*
Science"and"Technology"Park,"University"of"Pune,"PuneP7""
Tel:*+91P20P65206029""""Email:*[email protected]""""Web:*hEp://www.lexcode.in"
Table*of*contents*
What*do*criminals*sell*online?"
Case*1:*Silk*Road"
Case*2:*Darkmarket"
Anatomy*of*a*Financial*Cyber*Crime*Organiza<on"
Tor*–*the*technology*powering*the*hidden*web"
1"
2"
3"
4"
5"
Bitcoin*–*the*powerful*virtual*currency"6"
Conclusions"7"
What*do*criminals*sell*online?"
Case*1:*Silk*Road"
Case*2:*Darkmarket"
Anatomy*of*a*Financial*Cyber*Crime*Organiza<on"
Tor*–*the*technology*powering*the*hidden*web"
1"
2"
3"
4"
5"
Bitcoin*–*the*powerful*virtual*currency"6"
Conclusions"7"
1*
What*do**
criminals**
sell*online?*
“*
“*
What*do**
criminals**
sell*online?*
“*
“*
What*do*criminals*sell*online?*
Narco)cs"&"controlled"substances"
Guns,"ammuni)on,"UAVs"
"
Stolen"financial"informa)on"like"
credit"card"numbers,"bank"
account"login"creden)als"etc"
Forged"documents"like"passports,"
driver’s"licenses"etc."
Narco)cs"&"controlled"substances"
Guns,"ammuni)on,"UAVs"
"
Stolen"financial"informa)on"like"
credit"card"numbers,"bank"
account"login"creden)als"etc"
Forged"documents"like"passports,"
driver’s"licenses"etc."
2*
Case*1:**
Silk*Road*
“*
“*
Case*1:**
Silk*Road*
“*
“*
Case*1:*Silk*Road*
Online"Narco)cs"Marketplace"
Silk*Road*provided*a*pla\orm*
for*drug*dealers*around*the*
world*to*sell*narco<cs*through*
the*Internet**
Set"up"in"2011"by"Ross"Ulbricht"
Transac)ons"es)mated"to"be"US"$"
1.2"billion"carried"out"in"bitcoins"
"
Had"957,079"registered"users"
Taken"down"in"September"2013"
Online"Narco)cs"Marketplace"
Silk*Road*provided*a*pla\orm*
for*drug*dealers*around*the*
world*to*sell*narco<cs*through*
the*Internet**
Set"up"in"2011"by"Ross"Ulbricht"
Transac)ons"es)mated"to"be"US"$"
1.2"billion"carried"out"in"bitcoins"
"
Had"957,079"registered"users"
Taken"down"in"September"2013"
Silk Road
"
Ross"Ulbricht"created"Silk"Road"as"an"online"criminal"bazaar.""
"
The"site’s"anonymity"was"maintained"by:"
"
• using"TOR"(the"onion"ring"network)"to"run"the"site""
• using"bitcoins,"a"virtual"currency,"for"transac)ons"
"
Ulbricht"had"also"reportedly"solicited"a"Silk"Road"user"to"execute"
a"murderPforPhire"of"another"Silk"Road"user"who"was"
threatening"to"release"the"iden))es"of"thousands"of"Silk"Road"
users."
"
Silk"Road"was"accessible"through"Tor"on:"
silkroadvb5pizr.onion"
Ross"Ulbricht"
aka"Dread"Pirate"Roberts"
"
Ross"Ulbricht"created"Silk"Road"as"an"online"criminal"bazaar.""
"
The"site’s"anonymity"was"maintained"by:"
"
• using"TOR"(the"onion"ring"network)"to"run"the"site""
• using"bitcoins,"a"virtual"currency,"for"transac)ons"
"
Ulbricht"had"also"reportedly"solicited"a"Silk"Road"user"to"execute"
a"murderPforPhire"of"another"Silk"Road"user"who"was"
threatening"to"release"the"iden))es"of"thousands"of"Silk"Road"
users."
"
Silk"Road"was"accessible"through"Tor"on:"
silkroadvb5pizr.onion"
Ross"Ulbricht"
aka"Dread"Pirate"Roberts"
"
Silk"Road"provided"an"online"pladorm"for"trading"in:"
"
• Narco<cs*and*controlled*substances*(heroin,"cocaine,"LSD,"
methamphetamine)."The"site"had"13,000"lis)ngs"of"
controlled"substances"on"it"under"various"categories"like"
Cannabis,"Dissocia)ves,"Ecstasy,"Intoxicants,"Opioids,"
Precursors,"Prescrip)on,"Psychedelics,"S)mulants"etc."
• Malicious*so^ware*designed"for"computer"hacking"
(password"stealers,"key"loggers,"remote"access"tools"etc.)"
• Unlawful*services.*The"site"had"159"lis)ngs"for""Services""
such"as"hacking"into"Facebook,"TwiEer"etc,"tutorials"for"
hacking"ATM"machines,"contacts"for"guns"and"firearms,"fake"
currency"etc."
• Pirated*content.*The"site"had"801"lis)ngs"for""digital"goods""
such"as"pirated"content"and"hacking"tools."
• Forged*documents.*The"site"had"169"lis)ngs"for""Forgeries""
such"as"fake"driver's"licenses,"passports,"u)lity"bills,"credit"
card"statements,"social"security"cards"etc."
"
Ross"Ulbricht"
aka"Dread"Pirate"Roberts"
Silk"Road"provided"an"online"pladorm"for"trading"in:"
"
• Narco<cs*and*controlled*substances*(heroin,"cocaine,"LSD,"
methamphetamine)."The"site"had"13,000"lis)ngs"of"
controlled"substances"on"it"under"various"categories"like"
Cannabis,"Dissocia)ves,"Ecstasy,"Intoxicants,"Opioids,"
Precursors,"Prescrip)on,"Psychedelics,"S)mulants"etc."
• Malicious*so^ware*designed"for"computer"hacking"
(password"stealers,"key"loggers,"remote"access"tools"etc.)"
• Unlawful*services.*The"site"had"159"lis)ngs"for""Services""
such"as"hacking"into"Facebook,"TwiEer"etc,"tutorials"for"
hacking"ATM"machines,"contacts"for"guns"and"firearms,"fake"
currency"etc."
• Pirated*content.*The"site"had"801"lis)ngs"for""digital"goods""
such"as"pirated"content"and"hacking"tools."
• Forged*documents.*The"site"had"169"lis)ngs"for""Forgeries""
such"as"fake"driver's"licenses,"passports,"u)lity"bills,"credit"
card"statements,"social"security"cards"etc."
"
Ross"Ulbricht"
aka"Dread"Pirate"Roberts"
3*
Case*2:*
Darkmarket*
“*
“*
Case*2:*
Darkmarket*
“*
“*
Case*2:*Darkmarket*
Online"Carding"Forum"
Darkmarket*facilitated*the*
buying*and*selling*of*stolen*
financial*informa<on*
Set"up"in"2008"by"Renukanth"
Subramaniam"in"London"in"2008"
Had"2500"members"
Taken"down"in"2010"
Online"Carding"Forum"
Darkmarket*facilitated*the*
buying*and*selling*of*stolen*
financial*informa<on*
Set"up"in"2008"by"Renukanth"
Subramaniam"in"London"in"2008"
Had"2500"members"
Taken"down"in"2010"
Darkmarket
"
Darkmarket,"created"by"Renukanth"Subramaniam"in"London"in"
2008,"was"an"online"carding"forum."Its"members"were"involved"
in"buying"and"selling:""
"
• stolen"credit"card"data,""
• login"creden)als,"and"
• equipment"for"carrying"out"financial"crimes.""
"
At"its"peak,"Darkmarket"had"2500"members"from"around"the"
globe."
"
In"a"twoPyear"opera)on,"an"undercover"FBI"agent"with"the"
handle"Master'Splyntr'penetrated"Darkmarket."60"people"were"
arrested."The"en)re"opera)on"was"handled"by"the"US"Federal"
Bureau"of"Inves)ga)on"along"with"law"enforcement"officials"
from"the"United"Kingdom,"Germany,"and"Turkey.'
'
Subramaniam,"who"used"the"handle"JiLsi,"admiEed"conspiracy"
to"defraud"and"was"sentenced"to"nearly"five"years"in"prison"in"
February"2010."
Renukanth"Subramaniam"
aka"JiLsi"
"
Darkmarket,"created"by"Renukanth"Subramaniam"in"London"in"
2008,"was"an"online"carding"forum."Its"members"were"involved"
in"buying"and"selling:""
"
• stolen"credit"card"data,""
• login"creden)als,"and"
• equipment"for"carrying"out"financial"crimes.""
"
At"its"peak,"Darkmarket"had"2500"members"from"around"the"
globe."
"
In"a"twoPyear"opera)on,"an"undercover"FBI"agent"with"the"
handle"Master'Splyntr'penetrated"Darkmarket."60"people"were"
arrested."The"en)re"opera)on"was"handled"by"the"US"Federal"
Bureau"of"Inves)ga)on"along"with"law"enforcement"officials"
from"the"United"Kingdom,"Germany,"and"Turkey.'
'
Subramaniam,"who"used"the"handle"JiLsi,"admiEed"conspiracy"
to"defraud"and"was"sentenced"to"nearly"five"years"in"prison"in"
February"2010."
Renukanth"Subramaniam"
aka"JiLsi"
MEMBERS"
These"were"the"fraudsters"who"bought"and"
misused"stolen"financial"informa)on.""
HACKERS*/*DATA*THIEVES*
These"were"the"vendors"permiEed"to"sell"to"
members."Categories"–"Trial"and"Reviewed."
REVIEWERS*
They"assessed"the"quality"of"the"stolen"
financial"informa)on."
MODERATORS*
They"monitored"the"forum"and"arbitrated"
disputes."
ADMIN*
The"Admin"ran"the"escrow"service"and"
controlled"membership."
Darkmarket*Organiza<onal*Chart*
These"were"the"fraudsters"who"bought"and"
misused"stolen"financial"informa)on.""
HACKERS*/*DATA*THIEVES*
These"were"the"vendors"permiEed"to"sell"to"
members."Categories"–"Trial"and"Reviewed."
REVIEWERS*
They"assessed"the"quality"of"the"stolen"
financial"informa)on."
MODERATORS*
They"monitored"the"forum"and"arbitrated"
disputes."
ADMIN*
The"Admin"ran"the"escrow"service"and"
controlled"membership."
Darkmarket*Organiza<onal*Chart*
4*
Anatomy*of*a**
Financial*Cyber**
Crime*Organiza<on*
“*
“*
Anatomy*of*a**
Financial*Cyber**
Crime*Organiza<on*
“*
“*
Job*roles*
Coder*
A"programmer,"who"codes"malware,"
exploits,"and"other"tools"most"
commonly"targe)ng"Adobe"PDF,"
Microsoo"Office"and"Flash."Coders"
also"build"and"sell"customized"
malware"kits"that"can"aEack"mul)ple"
vulenrabili)es."
Hacker*
Finds"vulnerabili)es"in"
sooware,"apps,"
opera)ng"systems,"
devices"etc.""
Techie*
Manages"the"
technological"
infrastructure"of"the"
criminal"organza)on."
Usually"an"expert"in"
encryp)on,"web"
administra)on"etc."
Coder*
A"programmer,"who"codes"malware,"
exploits,"and"other"tools"most"
commonly"targe)ng"Adobe"PDF,"
Microsoo"Office"and"Flash."Coders"
also"build"and"sell"customized"
malware"kits"that"can"aEack"mul)ple"
vulenrabili)es."
Hacker*
Finds"vulnerabili)es"in"
sooware,"apps,"
opera)ng"systems,"
devices"etc.""
Techie*
Manages"the"
technological"
infrastructure"of"the"
criminal"organza)on."
Usually"an"expert"in"
encryp)on,"web"
administra)on"etc."
Job*roles*
Vendor*
Trades"in"(buys"and"
sells)"stolen"data.""
Host*
Provides"hos)ng"for"
unlawful"content,"on"TOR"
and"regular"servers."
Vendor*
Trades"in"(buys"and"
sells)"stolen"data.""
Host*
Provides"hos)ng"for"
unlawful"content,"on"TOR"
and"regular"servers."
Job*roles*
Fraudster*
Specializes"in"social"engineering,"phishing,"spamming"etc."
"
Nowadays,"instead"of"mass"level"aEacks,"fraudsters"focus"
on"“spearPphishing”"specific"highPprofile"targets."
"
They"also"“phish”"through"SMS"(smishing)"and"VOIP"
(vishing)."
Fraudster*
Specializes"in"social"engineering,"phishing,"spamming"etc."
"
Nowadays,"instead"of"mass"level"aEacks,"fraudsters"focus"
on"“spearPphishing”"specific"highPprofile"targets."
"
They"also"“phish”"through"SMS"(smishing)"and"VOIP"
(vishing)."
Job*roles*
Cashers*
Control"and"rent"out"
bank"accounts"
opened"by"money"
mules."
Tellers*
Arrange"for"global"
money"transfers"and"
launder"money"
through"virtual"and"
regular"currencies.""
Cashers*
Control"and"rent"out"
bank"accounts"
opened"by"money"
mules."
Tellers*
Arrange"for"global"
money"transfers"and"
launder"money"
through"virtual"and"
regular"currencies.""
Job*roles*
Onedandddone*mules*
They"are"lured"into"allowing"
criminals"to"use"their"bank"
accounts."Usually"poor"/"
uneducated"/"non"computer"
savvy"people.""
Career*money*mules*
They"make"a"living"out"of"
opening"bank"accounts"for"
criminals."They"may"even"
be"sent"to"foreign"countries"
as"students."
Onedandddone*mules*
They"are"lured"into"allowing"
criminals"to"use"their"bank"
accounts."Usually"poor"/"
uneducated"/"non"computer"
savvy"people.""
Career*money*mules*
They"make"a"living"out"of"
opening"bank"accounts"for"
criminals."They"may"even"
be"sent"to"foreign"countries"
as"students."
Job*roles*
Kingpin*
Controls"the"criminal"
organiza)on.""
Kingpin*
Controls"the"criminal"
organiza)on.""
Modus*operandi*d*Step*1*
Hacker"discovers"a"vulnerability"
Kingpin"pays"hacker"for"discovery"
Kingpin"pays"coder"to"develop"a"
malware"to"target"the"vulnerability"
discovered"by"the"hacker."
Techie"provides"relevant"
technological"support"as"needed."
Hacker"discovers"a"vulnerability"
Kingpin"pays"hacker"for"discovery"
Kingpin"pays"coder"to"develop"a"
malware"to"target"the"vulnerability"
discovered"by"the"hacker."
Techie"provides"relevant"
technological"support"as"needed."
Modus*operandi*d*Step*2*
Kingpin"pays"fraudster"to"devise"a"
suitable"social"engineering"or"
phishing"scheme."
Host"provides"Kingpin"with"suitable"
hos)ng"service"for"hos)ng"the"
“fake”"site.""
Techie"provides"relevant"
technological"support"as"needed."
Kingpin"pays"fraudster"to"devise"a"
suitable"social"engineering"or"
phishing"scheme."
Host"provides"Kingpin"with"suitable"
hos)ng"service"for"hos)ng"the"
“fake”"site.""
Techie"provides"relevant"
technological"support"as"needed."
Modus*operandi*d*Step*3*
Casher"“rents”"out"bank"
"accounts"to"the"Kingpin""
Techie"provides"relevant"
technological"support"as"
needed."
Kingpin"can"sell"stolen"
financial"data"to"a"
vendor.""
Teller"launders"money"for"
the"Kingpin""
Casher"“rents”"out"bank"
"accounts"to"the"Kingpin""
Techie"provides"relevant"
technological"support"as"
needed."
Kingpin"can"sell"stolen"
financial"data"to"a"
vendor.""
Teller"launders"money"for"
the"Kingpin""
5*
TOR*–**
the*technology**
powering*the**
hidden*web*
“*
“*
TOR*–**
the*technology**
powering*the**
hidden*web*
“*
“*
What is Tor?
"
Tor"is"a"special"network"of"computers"on"the"Internet,"
distributed"around"the"world."Tor"is"designed"to"conceal"the"
true"IP"addresses"of"the"computers"in"the"network."
"
Tor"websites"operate"in"such"a"way"that"the"IP"addresses"of"the"
servers"hos)ng"them"are"concealed."
"
As"per"the"official"Tor"site:"
"
Tor'was'originally'designed,'implemented,'and'deployed'as'a'
third7genera8on'onion'rou8ng'project'of'the'U.S.'Naval'
Research'Laboratory.'It'was'originally'developed'with'the'U.S.'
Navy'in'mind,'for'the'primary'purpose'of'protec8ng'government'
communica8ons.'Today,'it'is'used'every'day'for'a'wide'variety'of'
purposes'by'normal'people,'the'military,'journalists,'law'
enforcement'officers,'ac8vists,'and'many'others.'
"
Tor"is"a"special"network"of"computers"on"the"Internet,"
distributed"around"the"world."Tor"is"designed"to"conceal"the"
true"IP"addresses"of"the"computers"in"the"network."
"
Tor"websites"operate"in"such"a"way"that"the"IP"addresses"of"the"
servers"hos)ng"them"are"concealed."
"
As"per"the"official"Tor"site:"
"
Tor'was'originally'designed,'implemented,'and'deployed'as'a'
third7genera8on'onion'rou8ng'project'of'the'U.S.'Naval'
Research'Laboratory.'It'was'originally'developed'with'the'U.S.'
Navy'in'mind,'for'the'primary'purpose'of'protec8ng'government'
communica8ons.'Today,'it'is'used'every'day'for'a'wide'variety'of'
purposes'by'normal'people,'the'military,'journalists,'law'
enforcement'officers,'ac8vists,'and'many'others.'
Tor"node"
Unencrypted"link"
Encrypted"link"
Pooja*
Priyanka*
Sameer*Directory*server*
Pooja’s"Tor"client"
obtains"a"list"of"
Tor"nodes"from"a"
directory"server"
How*Tor*works?*–*Step*1*
Unencrypted"link"
Encrypted"link"
Pooja*
Priyanka*
Sameer*Directory*server*
Pooja’s"Tor"client"
obtains"a"list"of"
Tor"nodes"from"a"
directory"server"
How*Tor*works?*–*Step*1*
Tor"node"
Unencrypted"link"
Encrypted"link"
Pooja*
Priyanka*
Sameer*Directory*server*
How*Tor*works?*–*Step*2*
Pooja’s"Tor"client"
picks"a"random"
patch"to"the"
des)na)on"server"
Unencrypted"link"
Encrypted"link"
Pooja*
Priyanka*
Sameer*Directory*server*
How*Tor*works?*–*Step*2*
Pooja’s"Tor"client"
picks"a"random"
patch"to"the"
des)na)on"server"
Tor"node"
Unencrypted"link"
Encrypted"link"
Sanya*
Priyanka*
Sameer*Directory*server*
How*Tor*works?*–*Step*3*
In"a"subsequent"visit,"
Sanya’s"client"takes"a"
different"random"
path"
Unencrypted"link"
Encrypted"link"
Sanya*
Priyanka*
Sameer*Directory*server*
How*Tor*works?*–*Step*3*
In"a"subsequent"visit,"
Sanya’s"client"takes"a"
different"random"
path"
Tor*Projects*
Star<ng*up*the*Tor*browser*
Searching using hfps://ahmia.fi/search*
Setting up an email account
"
We"will"use"the"Bitmessage"Mail"Gateway"at:"
hEps://bitmessage.ch/"
"
A"bitmessage"address"looks"like"this:"
[email protected]"
"
The"address"is"case"sensi)ve."
'
"
We"will"use"the"Bitmessage"Mail"Gateway"at:"
hEps://bitmessage.ch/"
"
A"bitmessage"address"looks"like"this:"
[email protected]"
"
The"address"is"case"sensi)ve."
'
6*
Bitcoin*–**
the*virtual*currency**
that*powers*the**
underground*digital**
economy*
“*
“*
Bitcoin*–**
the*virtual*currency**
that*powers*the**
underground*digital**
economy*
“*
“*
What are bitcoins?
• Bitcoins"are"an"anonymous,"decentralized"form"of"electronic"
currency"exis)ng"en)rely"on"the"Internet."They"are"generated"and"
controlled"automa)cally"through"computer"peerPtoPpeer"networks."
• The"Bitcoin"scheme"is"a"large"scale"global"payment"system"in"which"
all"the"transac)ons"are"publicly"accessible,"but"quite"anonymous."
• Bitcoins"are"like""cash""in"cyberspace"P"anonymous.""
• Bitcoins"are"not"issued"by"any"Government,"bank"or"company."
They"are"not"issued"or"backed"by"any"central"body."This"is"unlike"
currencies"(e.g."Rupees,"Dollars,"Euro)"which"are"backed"by"
Governments.""
• Bitcoins"work"on"public"key"cryptography"and"digital"signatures.""
• Bitcoins"are"an"anonymous,"decentralized"form"of"electronic"
currency"exis)ng"en)rely"on"the"Internet."They"are"generated"and"
controlled"automa)cally"through"computer"peerPtoPpeer"networks."
• The"Bitcoin"scheme"is"a"large"scale"global"payment"system"in"which"
all"the"transac)ons"are"publicly"accessible,"but"quite"anonymous."
• Bitcoins"are"like""cash""in"cyberspace"P"anonymous.""
• Bitcoins"are"not"issued"by"any"Government,"bank"or"company."
They"are"not"issued"or"backed"by"any"central"body."This"is"unlike"
currencies"(e.g."Rupees,"Dollars,"Euro)"which"are"backed"by"
Governments.""
• Bitcoins"work"on"public"key"cryptography"and"digital"signatures.""
What are bitcoins? (contd.)
"
• A"bitcoin"address"mathema)cally"corresponds"to"a""public"
key""and"looks"like"this:"
"""""1PC9aZC4hNX2rmmrt7uHTfYAS3hRbph4UN""
• To""pay""you"in"bitcoins,"a"person"needs"your"bitcoin"
address.""
• Each"person"can"have"mul)ple"bitcoin"addresses,"each"with"
its"own"balance."Users"can"generate"a"new"bitcoin"address"
for"each"transac)on.""
• To"create"a"new"bitcoin"address,"you"do"not"need"to"disclose"
any"personal"informa)on."No"ePmail"addresses,"userPnames"
or"passwords"are"required"to"hold"or"spend"bitcoins.""
• Each"bitcoin"balance"is"simply"associated"with"a"bitcoin"
address"and"its"publicPprivate"key"pair.""
• The"money""belongs""to"anyone"who"has"the"private"key"and"
can"“sign”"transac)ons"with"it.""
"
• A"bitcoin"address"mathema)cally"corresponds"to"a""public"
key""and"looks"like"this:"
"""""1PC9aZC4hNX2rmmrt7uHTfYAS3hRbph4UN""
• To""pay""you"in"bitcoins,"a"person"needs"your"bitcoin"
address.""
• Each"person"can"have"mul)ple"bitcoin"addresses,"each"with"
its"own"balance."Users"can"generate"a"new"bitcoin"address"
for"each"transac)on.""
• To"create"a"new"bitcoin"address,"you"do"not"need"to"disclose"
any"personal"informa)on."No"ePmail"addresses,"userPnames"
or"passwords"are"required"to"hold"or"spend"bitcoins.""
• Each"bitcoin"balance"is"simply"associated"with"a"bitcoin"
address"and"its"publicPprivate"key"pair.""
• The"money""belongs""to"anyone"who"has"the"private"key"and"
can"“sign”"transac)ons"with"it.""
What is bitcoin? (contd.)
*
• Bitcoin"keys"do"not"have"to"be"registered"anywhere"in"
advance,"as"they"are"only"used"when"required"for"a"
transac)on.""
• Transac)ng"par)es"do"not"need"to"know"each"other's"
iden)ty."This"is"analogous"to"walking"into"a"shop"and"paying"
cash"to"buy"something."The"shop"owner"does"not"need"to"
know"your"iden)ty."
*
• Bitcoin"keys"do"not"have"to"be"registered"anywhere"in"
advance,"as"they"are"only"used"when"required"for"a"
transac)on.""
• Transac)ng"par)es"do"not"need"to"know"each"other's"
iden)ty."This"is"analogous"to"walking"into"a"shop"and"paying"
cash"to"buy"something."The"shop"owner"does"not"need"to"
know"your"iden)ty."
Sample bitcoin transaction
Pooja wants to send 1 bitcoin to Rohit
"
Step*1:*Rohit"sends"his"bitcoin"address"to"Pooja.""
e.g."1PC9aZC4hNX2rmmrt7uHTfYAS3hRbph4UN"
"
Step*2:*Pooja"adds"Rohit’s"address"and"the"amount"of"bitcoins"
to"transfer"to"a""transac)on""message.""
"
Step*3:*Pooja"signs"the""transac)on""message"with"her"private"
key,"and"announces"her"public"key"for"signature"verifica)on.""
"
Step*4:*Pooja"broadcasts"the"transac)on"on"the"Bitcoin"network"
for"all"to"see."(See"www.blockchain.info)"
"
Steps"1"and"2"require"human"ac)on."Steps"3"and"4"are"done"by"
the"Bitcoin"client"sooware.'
Pooja wants to send 1 bitcoin to Rohit
"
Step*1:*Rohit"sends"his"bitcoin"address"to"Pooja.""
e.g."1PC9aZC4hNX2rmmrt7uHTfYAS3hRbph4UN"
"
Step*2:*Pooja"adds"Rohit’s"address"and"the"amount"of"bitcoins"
to"transfer"to"a""transac)on""message.""
"
Step*3:*Pooja"signs"the""transac)on""message"with"her"private"
key,"and"announces"her"public"key"for"signature"verifica)on.""
"
Step*4:*Pooja"broadcasts"the"transac)on"on"the"Bitcoin"network"
for"all"to"see."(See"www.blockchain.info)"
"
Steps"1"and"2"require"human"ac)on."Steps"3"and"4"are"done"by"
the"Bitcoin"client"sooware.'
Making*a*bitcoin*payment*
A*bitcoin*wallet*showing*mul<ple*bitcoin*addresses*
Blockchain*showing*all*bitcoin*transac<ons*ever*made*
Blockchain*(contd.)*
Blockchain*(contd.)*
Blockchain*(contd.)*
Coinbase.com*is*an*online*bitcoin*wallet*
Coinbase.com*(contd.)*
Coinbase.com*(contd.)*
Coinbase.com*(contd.)*
Bitcoins*&*captcha*
Bitcoins"can"be"earned"by"filling"out"captcha."This"is"probably"funded"by""
spammers"who"need"humans"to"fill"out"captcha"forms."
Bitcoins"can"be"earned"by"filling"out"captcha."This"is"probably"funded"by""
spammers"who"need"humans"to"fill"out"captcha"forms."
Bitcoins*&*lofery*
Bitcoin*ATM*
The"world’s"first"bitcoin"ATM"was"setup"in"Waves"coffee"shop"in"Vancouver,""
Canada"in"October"2013"
Image"courtesy:"
GeEy"
"
The"world’s"first"bitcoin"ATM"was"setup"in"Waves"coffee"shop"in"Vancouver,""
Canada"in"October"2013"
Image"courtesy:"
GeEy"
"
Using*the*Bitcoin*ATM*
A"user"scans"a"QR"code"on"his"smart"phone"to"transfer"bitcoins""
Image"courtesy:"
GeEy"
"
A"user"scans"a"QR"code"on"his"smart"phone"to"transfer"bitcoins""
Image"courtesy:"
GeEy"
"
How Silk Road used bitcoins
• Every"Silk"Road"user"had"one"or"more"bitcoin"addresses"associated"with"his"
Silk"Road"account.""
• These"addresses"were"stored"on"wallets"maintained"on"servers"controlled"by"
Silk"Road.""
• A"user"had"to"first"send"bit"coins"to"an"address"associated"with"his"Silk"Road"
account.""
• The"user"could"then"make"a"purchase"on"Silk"Road."This"amount"was"held"in"
escrow")ll"the"transac)on"was"completed.""
• Once"the"transac)on"was"complete,"the"bit"coins"would"be"transferred"to"the"
vendor's"Silk"Road"bitcoin"address."From"here"the"vendor"could"transfer"the"
bit"coins"to"an"external"bitcoin"address"and"convert"them"to"real"currency.""
• Silk"Road"charged"a"commission"between"8"P"15%"for"each"transac)on.""
• Silk"Road"used"a"special"technique"to"send"payments"through"a"“complex"
semiPrandom"series"of"dummy"transac)ons""to"further"anonymize"the"
transac)ons."
• Every"Silk"Road"user"had"one"or"more"bitcoin"addresses"associated"with"his"
Silk"Road"account.""
• These"addresses"were"stored"on"wallets"maintained"on"servers"controlled"by"
Silk"Road.""
• A"user"had"to"first"send"bit"coins"to"an"address"associated"with"his"Silk"Road"
account.""
• The"user"could"then"make"a"purchase"on"Silk"Road."This"amount"was"held"in"
escrow")ll"the"transac)on"was"completed.""
• Once"the"transac)on"was"complete,"the"bit"coins"would"be"transferred"to"the"
vendor's"Silk"Road"bitcoin"address."From"here"the"vendor"could"transfer"the"
bit"coins"to"an"external"bitcoin"address"and"convert"them"to"real"currency.""
• Silk"Road"charged"a"commission"between"8"P"15%"for"each"transac)on.""
• Silk"Road"used"a"special"technique"to"send"payments"through"a"“complex"
semiPrandom"series"of"dummy"transac)ons""to"further"anonymize"the"
transac)ons."
7*
Conclusions*“*
“*
Conclusions*“*
“*
Why is computer security so difficult?
"
There"are"so"many"security"tools,"processes"and"standards"available"today."
Then"why"is"it"so"difficult"to"secure"Government"and"corporate"networks?""
"
To"quote"Steven"R."Chabinsky,"Deputy"Assistant"Director,"Cyber"Division,"
Federal"Bureau"of"Inves)ga)on,"this"is"what"needs"to"be"secured:"
"
On'the'technical'side—the'web'servers,'e7mail'servers,'databases,'firewalls,'
routers,' embedded' network' devices,' internal' networks,' remote' access,'
custom'applica8ons,'off7the7shelf'applica8ons,'backup'and'storage'areas,'
and'all'telephone,'PBX,'and'VoIP'systems.''
'
On'the'human'side,'you'need'to'secure'your'physical'infrastructure,'employee'
accesses' and' permissions,' and' connec8ons' to' business' and' corporate'
partners.''
'
These'are'just'the'basics'on'the'way'to'a'secure'network,'all'of'which'need'to'
be'monitored'and'updated'regularly,'as'the'technologies'change'constantly'
and'so'do'our'users.'
"
There"are"so"many"security"tools,"processes"and"standards"available"today."
Then"why"is"it"so"difficult"to"secure"Government"and"corporate"networks?""
"
To"quote"Steven"R."Chabinsky,"Deputy"Assistant"Director,"Cyber"Division,"
Federal"Bureau"of"Inves)ga)on,"this"is"what"needs"to"be"secured:"
"
On'the'technical'side—the'web'servers,'e7mail'servers,'databases,'firewalls,'
routers,' embedded' network' devices,' internal' networks,' remote' access,'
custom'applica8ons,'off7the7shelf'applica8ons,'backup'and'storage'areas,'
and'all'telephone,'PBX,'and'VoIP'systems.''
'
On'the'human'side,'you'need'to'secure'your'physical'infrastructure,'employee'
accesses' and' permissions,' and' connec8ons' to' business' and' corporate'
partners.''
'
These'are'just'the'basics'on'the'way'to'a'secure'network,'all'of'which'need'to'
be'monitored'and'updated'regularly,'as'the'technologies'change'constantly'
and'so'do'our'users.'
Lessons learnt
"
According"to"Steven"R."Chabinsky,"Deputy"Assistant"Director,"
Cyber"Division,"Federal"Bureau"of"Inves)ga)on:"
'
“..'having'hired'and'trained'special'agents'who'can'talk'the'talk,'and'
given'the'resources'to'spend'enough'hours'online'for'an'extended'
period' of' 8me,' we' have' found' that' almost' any' cyber' criminal'
enterprise'will'begin'to'trust'us,'despite'having'never'met'us'face7to7
face.''
'
We' also' learned' that' the' communica8on' methods' used' by' these'
criminals'are,'to'them,'a'social'outlet'as'well.'Just'as'oRen'as'they'are'
speaking'about'malware,'crimes,'and'goods'for'sale,'they'are'talking'
about'their'families,'their'girlfriends,'their'vaca8ons,'and'their'cars.''
'
ARer'a'8me,'members'of'these'forums'become'friends.'That'is'where'
the'intrinsic'trust'stems'from.'When'somebody'first'enters'as'a'new'
member,'they’re'considered'a'poten8al'cop;'a'month'later,'they’re'
less'of'a'cop;'six'months'later,'they’re'a'friend;'a'year'later,'they'are'
trusted'implicitly—to'the'extent'that'when'an'outsider'anonymously'
told'a'Darkmarket'par8cipant'that'Master'Splyntr'was'actually'the'
FBI'(which,'as'you'now'know,'was'true)'all'Master'Splyntr'had'to'do'
was'deny'the'accusa8on'and'he'was'believed'because'he'was'an'
insider,'whereas'the'informer'was'an'outsider.”'
"
According"to"Steven"R."Chabinsky,"Deputy"Assistant"Director,"
Cyber"Division,"Federal"Bureau"of"Inves)ga)on:"
'
“..'having'hired'and'trained'special'agents'who'can'talk'the'talk,'and'
given'the'resources'to'spend'enough'hours'online'for'an'extended'
period' of' 8me,' we' have' found' that' almost' any' cyber' criminal'
enterprise'will'begin'to'trust'us,'despite'having'never'met'us'face7to7
face.''
'
We' also' learned' that' the' communica8on' methods' used' by' these'
criminals'are,'to'them,'a'social'outlet'as'well.'Just'as'oRen'as'they'are'
speaking'about'malware,'crimes,'and'goods'for'sale,'they'are'talking'
about'their'families,'their'girlfriends,'their'vaca8ons,'and'their'cars.''
'
ARer'a'8me,'members'of'these'forums'become'friends.'That'is'where'
the'intrinsic'trust'stems'from.'When'somebody'first'enters'as'a'new'
member,'they’re'considered'a'poten8al'cop;'a'month'later,'they’re'
less'of'a'cop;'six'months'later,'they’re'a'friend;'a'year'later,'they'are'
trusted'implicitly—to'the'extent'that'when'an'outsider'anonymously'
told'a'Darkmarket'par8cipant'that'Master'Splyntr'was'actually'the'
FBI'(which,'as'you'now'know,'was'true)'all'Master'Splyntr'had'to'do'
was'deny'the'accusa8on'and'he'was'believed'because'he'was'an'
insider,'whereas'the'informer'was'an'outsider.”'
Points to remember
"
• Hackers*and*cyber*criminals*can*be*violent.*
A"hacker"was"reportedly"kidnapped"by"another"cyber"criminal,"beaten,"
stripped"down,"and"photographed"holding"a"sign"describing"him"as"a"
rat"and"a"pig"for"leaking"informa)on"to"the"media"and"inves)gators."
'
• Professional*cyber*criminals*don’t*usually*use*
public*forums*as*a*place*to*do*business.**
Forums"are"used"to"make"new"contacts"and"to"keep"upPtoPdate"with"
techniques"and"technologies."The"actual"unlawful"ac)vi)es"are"
conducted"using"encryp)on"and"anonymous"Tor"sites."
"
• Many*cyber*criminal*organiza<ons*are*very*well*
organized*and*have*skilled*experts*and*excellent*
logis<cs*and*other*business*processes.*
• Bitcoins*and*other*virtual*currencies*are*gaining*
popularity.*
The"way"these"currencies"are"designed"and"managed"makes"it"very"
difficult"for"law"enforcement"to"track."
"
• Hackers*and*cyber*criminals*can*be*violent.*
A"hacker"was"reportedly"kidnapped"by"another"cyber"criminal,"beaten,"
stripped"down,"and"photographed"holding"a"sign"describing"him"as"a"
rat"and"a"pig"for"leaking"informa)on"to"the"media"and"inves)gators."
'
• Professional*cyber*criminals*don’t*usually*use*
public*forums*as*a*place*to*do*business.**
Forums"are"used"to"make"new"contacts"and"to"keep"upPtoPdate"with"
techniques"and"technologies."The"actual"unlawful"ac)vi)es"are"
conducted"using"encryp)on"and"anonymous"Tor"sites."
"
• Many*cyber*criminal*organiza<ons*are*very*well*
organized*and*have*skilled*experts*and*excellent*
logis<cs*and*other*business*processes.*
• Bitcoins*and*other*virtual*currencies*are*gaining*
popularity.*
The"way"these"currencies"are"designed"and"managed"makes"it"very"
difficult"for"law"enforcement"to"track."
Incubated"by"Science"&"Technology"Park""
promoted"by"Department"of"Science"and"Technology"
Government"of"India"
Contact*us*at:*
Science"and"Technology"Park,"University"of"Pune,"PuneP7""
Tel:*+91P20P65206029""""Email:*[email protected]""""Web:*hEp://www.lexcode.in"
promoted"by"Department"of"Science"and"Technology"
Government"of"India"
Contact*us*at:*
Science"and"Technology"Park,"University"of"Pune,"PuneP7""
Tel:*+91P20P65206029""""Email:*[email protected]""""Web:*hEp://www.lexcode.in"
SOURCES
hEp://www.{i.gov/news/speeches/thePcyberPthreatPwhosPdoingPwhatPtoPwhom"
Sources*&*Disclaimers**
hEps://bitcoin.it"
hEp://www.torproject.org.in"
hEp://www1.icsi.berkeley.edu/~nweaver/UlbrichtCriminalComplaint.pdf"
And"various"‘hidden’"or"deepPweb"resources"
hEp://www.{i.gov/news/speeches/thePcyberPthreatPwhosPdoingPwhatPtoPwhom"
Sources*&*Disclaimers**
hEps://bitcoin.it"
hEp://www.torproject.org.in"
hEp://www1.icsi.berkeley.edu/~nweaver/UlbrichtCriminalComplaint.pdf"
And"various"‘hidden’"or"deepPweb"resources"
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 1,475
- Slides 94
- Favorites 1
- Age 3917 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
28 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views