Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

That Awesome Time I Was Sued for Two Billion Dollars: Jason Scott’s Extraordinary Experience

Jason Scott, creator of textfiles.com, tells some hilarious stories about ins and outs of the old BBS files archiving activity during a Defcon presentation. Since the beginning part is kind of introducing myself and everything else, I am going to go move forward with that. My name is Jason Scott –...

How My Botnet Defeated the Russian Hackers 3: Beating a Competing Bot

As Michael’s bot started getting less successful, there occurred a need for improvement so that it could outperform a competing one made by Russian hackers. Everything worked great for about six months, and then all of a sudden things weren’t as rosy anymore. The client would call and he would say:...

How My Botnet Defeated the Russian Hackers 2: The Car-Purchasing Bot

Michael Schrenk now dwells on the actual bot design that enabled his client to outperform competitors in terms of buying the best used cars online. So, a car dealer came to me; he had a great opportunity, found a wonderful website that was part of the national franchise. They were getting in used rental...

How My Botnet Defeated the Russian Hackers: Screwing with the System

In a Defcon presentation, professional web bot developer Michael Schrenk tells an absorbing story of creating a specific botnet to gain competitive advantage. I’ve had the opportunity to do a lot of really cool things in my career with bots, but the one thing that gave me more satisfaction than anything...

Common Darknet Weaknesses 7: General Mitigations and Summary

At the end of his AIDE Conference presentation, Adrian Crenshaw describes a few more types of darknet attacks and enumerates a number of general takeaways. Also, things can be done to affect timing (see right-hand image). This is where sybil attacks can help augment traffic correlation attacks. Let’s say...

Common Darknet Weaknesses 6: Sybil and Traffic Analysis Attacks

Adrian Crenshaw now highlights a few more darknet attack vectors based on the use of sockpuppets as well as analyzing traffic and lists mitigations for these. Okay, now we’ll get into some more academic attacks – sybil attacks (see right-hand image). The term comes from the book called Sybil which about...

Common Darknet Weaknesses 5: Clock Based Attacks, Metadata, and Forensics

Getting further into darknet attack strategies, Adrian Crenshaw sheds light on the use of system clock information, metadata, and local attacks deployment. Alright, clock based attacks: this is another place where people can at least reduce the anonymity set of someone using a darknet. Some protocols allow...

Common Darknet Weaknesses 4: Attack Mitigations

Along with countermeasures for attacks against darknets, Adrian Crenshaw also points out popular applications with poor anonymity capacity in this part. Another example of applications that suck at anonymity is BitTorrent (see right-hand image). There’s a paper written a while back, where they found that...

Common Darknet Weaknesses 3: DNS Leaks and Application Level Problems

Adrian Crenshaw describes some common attacks deployable in the darknet usage scenario, such as DNS leaks, content grabbing, and application level issues. Alright, some other common attacks: DNS leaks and various other protocols, and application level problems. An overview: does all the traffic go through...

Common Darknet Weaknesses 2: Tor and I2P

Two most popular darknets, The Onion Router and I2P, are comprehensively described by Adrian Crenshaw here, including their weaknesses and user precautions. Now I’m going to briefly cover two major darknets, Tor and I2P, so that the rest of the slides make some kind of sense. Most people make node...