Strategic Cyber Intelligence on the Darknet: What you don’t know can hurt you

v1_3126_Tor_project_logo.png

Rift Recon’s Darknet Research Team work to increase the security posture and awareness of our clients in matters related to Darknet information. Our team specializes in strategic Darknet cyber-intel, specifically in the arena of search.

Google (and other search engines) removes results to illegal sites, and this is a double-edged sword for our clients. For instance, this practice reduces the ability for you to find out that someone stole or leaked your Social Security Number on a carding forum or a pastebin-like site: in this climate, only the bad guys know where to go.

With permission from a current client, our researchers are able to share an alarming discovery that doesn’t come up in standard search engines, and reveals that what we don’t know can most certainly hurt us.

In the course of Rift’s engagement, we encountered the present-day PII (Personally Identifiable Information) of various Twitter founders, and its current CEO. The .onion site hosting the sensitive information explains that the posting has been done as retribution for the closing of a Twitter account.

These are redacted screenshots showing the Social Security Numbers and home addresses (as well as previous addresses) as discovered by Rift Recon:

Jack_Dorsey_Redacted.jpg

Dick_Costello_Redacted.jpg

Ev_Williams_Redacted.jpg

Noah_Glass_Redacted.jpg

Background: About Tor Hidden Services

As take downs of carding sites and other information portals has become routine for search engines, the admins and copycats have been quick to move onto the TOR Hidden Services also known as .onion (“dot-onion”) sites.

Tor makes it possible for users to hide their locations while offering various kinds of services, such as web publishing, or an instant messaging server. Using Tor “rendezvous points,” other Tor users can connect to these hidden services, each without knowing the other’s network identity. This hidden service functionality allows Tor users to set up a website where people publish material without worrying about censorship. No one is able to determine who might be offering the site, and those running the site wouldn’t know who was posting to it.

The Darknet adds layers of complexity to anything related to discovery. It’s actually a variety different software/hardware platforms which provide a another layer that Google may not be indexing (or if it’s through sites like onion.to or tor2web, it will index very deep, and move on). These come in a variety of flavors such as open or closed (meaning you’d have to know someone), point to point VPN tunnels, and onion-style routing like TOR and I2P.

The Darknet is vast, and growth is explosive. There is no exact number of sites in operation, or way to obtain a correct total (and this is by design). Even still, in the last six months various entities claim estimates of the .onion address space to range from 80,000 to 400,000-600,000 (sites). Meanwhile, the TOR Project estimates potentially around 2.5 million users of the service. One certainty is that as of this writing, there are 5336 Tor Routers with which to mask one’s identity.

Rift’s Darknet Research Team specializes in resolving issues related to information on the Darknet. Contact us.

-Rift Recon

Press: press@riftrecon.com

Client inquiries: info@riftrecon.com

Rift Recon contacted Twitter prior to publication of this post.



2 Notes

  1. jezus1177 reblogged this from riftrecon
  2. riftrecon posted this