Outstanding Cyber Security Training/Awareness Initiative
NPCC National Cybercrime Programme
The NPCC Cybercrime Training Programme provides police forces in England and Wales with the skills needed to be able to respond to a report of cybercrime and fully investigate any criminal activity, prosecute offenders where necessary but also divert individuals on the cusp of criminal activity on to productive paths. The Programme gives staff the technical skill to advise and protect individuals and organisations in cyber security to help better protect themselves against cybercrime.
Course overview
This course, provides delegates with advanced knowledge in understanding the difference between the Dark and the Deep Web. How you can exploit these to find information or intelligence.
There are many key technologies that have allowed The Dark Web to flourish, from cryptocurrencies like Bitcoin to software that allows anonymity such as Tor. The Dark Web is at the fore-front of criminal innovation and understanding how it works is the first step in being able to combat the illegal activities that go on there.
This course is highly practical allowing delegates to explore and understand the tools that make up the various Dark Webs. How to access and search for information on Deep and Dark webs.
Course modules
Module 1 – Deep Web
- Staying Safe
- Exercise 1 - Surface, Deep and Dark webs?
- Exercise 2 - Meta Search Engine & Federated search engine
- Exercise 3 - Pastebins - Registering with Pastebins gives you greater results, set up monitors, alerts and trends
- Exercise 4 - Visit the following Carding Forums and Chatrooms
- Exercise 5 - Wikipedia live updates
- Exercise 6 - Deep Web Search Portal
- Exercise 7 - Document and document metadata – searching
- Exercise 8 - FOCA tool used mainly to find metadata of documents
- Recap - Recap module objectives – confirm objectives met. Any questions?
Module 2 – Deep Web Archives
- Exercise 9 - Archive.org
- Exercise 10 - archive.is or archive.org
- Exercise 11 - View Data Breaches - Experian data
- Recap - Recap module objectives – confirm objectives met. Any questions?
Module 3 – Background of the Dark Web
- History of criminal forums
- Exercise - Dark Web Markets - multiple sellers and buyers, commission charged
- Exercise/Demo - Reddit clone on the Dark Web. Good place to obtain intelligence.
- Background - AlphaBay & Hansa take down - Users on multiple drug market sites use the same username passwords and identical listings
- Dream Market - one of the biggest drug markets available
- UK presence
- Carding sites delegates will be able to go onto these sites later
- Card Skimming
- Fixed Football Matches
- ISIS, Daesh and Right-Wing groups etc
- Regularly Wiki Leaks updates
- Exercise/Demo - Torch, Ahmia.fi, Hidden Wiki, TorLinks and No Evil
- Hidden Wiki - good starting point to get into Dark Web
- Buyers need to be able trust sellers
- Facebook has 1 million people viewing daily
- New York Times on Dark Web
- Investigative Journalism and newsroom
- Exercise/Demo - Social Media sites via Tor Delegates to visit sites after been shown Tor
- Black and white hackers
- Exercise/Demo - Dark webpage capture tool and Torscan.io beta comprehensive index of onion sites
- How to keep up to date with new Tor Hidden Services. Not what the Tor Hidden Service refers to it
- Recap - Recap module objectives – confirm objectives met. Any questions?
Module 4 – Tor, Privacy and Security
- Exercise 12 - Checking your browser
- Browser are Leaky - show what information is leaking out
- Exercise 13 - Using user agent switcher or user agent spoofer Chrome or Firefox
- Cookies - Persistent or session specific cookies. Zombie Cookies
- Exercise 14 - Cookies Visit Amazon, Ebay, Space, Autotrader analysis the relationships between the cookies.
- History of Tor – how it became into existence
- Exercise 15 - Tor funding & sponsors
- How Tor Works - Onion layers, Guard Relay allocation
- How Tor works 1, 2 & 3
- Tor Circuit Creation1 1, 2 & 3
- Tor Directory Authorities (DA’s)
- Explain the different Tor relay flags
- Exercise 16 - Tor Relay Search tool
- Understand Tor Protocols Port 80, 443, 9001 and 9030
- Tor Bridges & Pluggable Transports used to circumvent censorship
- Tor under attacks.
- Exercise/Demo - Tor Metrics – Demo torstatus.blutmagie.de
- Tor Network Status - view Tor
- Exercise 17 -Tor Metrics
- Demo https://www.eff.org/pages/tor-and-https
- Importantly how to protect yourself using Tor
- Exercise 18 - torproject.org
- Then do the due diligence checks (browserleaks.com, whatismyip.com, and panopticlick.eff.org)
- Adjusting security settings
- Exercise 19 - Navigating the Dark Web find the onion addresses and also go to Dark Web sites and go to Dark Web social media sites
- Exercise 20 - Engaging in chatrooms
- [Chat/Email – CS Clone – CryptoDog – The Campfire – JitJat Denial Home – MyChat]
- Exercise 21 - Dark Web Forums & Community Links
- [Deep web forums – Community – Forums – Hackweb - RetroBBS II – Hidden Clubs – DNM Avenger – Onion links]
- Tor Projects outline the basic tools
- Tor 2 Web Proxies
- Access dark web via the surface web
- link, Onion.to, Onion.casa tor2web.org - Imapct?
- Recap - Recap module objectives – confirm objectives met. Any questions?
- Recap - Recap day 1 modules – confirm if any questions?
Module 5 – Tor Hidden Service (THS)
- Why use Tor Hidden Services (THS)
- THS allows to visit websites anonymously & VPN?
- Tor Hidden Service Protocol
- Exercise 22 - Connect to https://check.torproject.org/ then select Relay Search
- Exit node analysis
- Tor – Unique Onion Addresses
- Exercise/Demo - The Dark Web Map https://www.hyperiongray.com/dark-web-map/ is a visualization of the structure of Tor’s Hidden Services.
- Exercise 23 - Torrc file – Demo what happens when you change the Torrc file
- Attacks against Tor & THS
- Analysis of THS
- Recap Recap module objectives – confirm objectives met. Any questions?
Module 6 – Tor Apps and Using Tor in Virtual Environment
- Tor Messenger - Consider using https://crypto.cat/ or https://ricochet.im/
- Android devices
- iOS devices
- Exercise 24 - USB key with Tails
- Exercise/demo - Buscador, allow delegates to use the tool which is already installed
- Recap - Recap module objectives – confirm objectives met. Any questions?
Module 7 – Other Dark Webs and Dark Nets
- Outline I2P
- Exercise 25 - Accessing i2P Dark Web
- Exercise 26 - Freenet then show delegates how to access
- Exercise 27 - Zeronet then show delegates how to access
- Exercise 28 - Open Bazaar 2 show delegates how to access
- GNUnet and other Dark Web’s
- Recap - Recap module objectives – confirm objectives met. Any questions?
Module 8 – Bitcoin and Virtual Currencies
- Bitcoin video
- Exercise 29 - Bitcoin research
- Info/Question - What is a Bitcoin?
- Info/Question/video - Three ways of getting Bitcoin.
- Exercise 30 - Bitcoin mapping
- Tracking Bitcoins - Chainalysis
- Exercise 31 - Social media platform for Cryptocurrencies https://bitcointalk.org
- Exercise - Markets
- Recap - Recap module objectives – confirm objectives met. Any questions?