Technical Tuesday – 14 April 2015 – Tor and the Deep Dark Web by Scott FitzPatrick

Posted by on Apr 14, 2015 in Events Archive | No Comments

When faced with the challenge of identifying, understanding and mitigating network security risks, Tor and the Deep Dark Web present obstacles that are increasingly difficult to overcome.

This talk explores the use of Tor and how it relates to garnering useful intelligence.  Distinguishing attribution or valuable intelligence from limited event data is difficult.  Leveraging external threat data can be helpful in evaluating intelligence but how do you identify relevance? Created as a means of protecting the privacy and anonymity of its users, Tor – the managed network of private computers leveraged by criminal elements to minimize the risk of surveillance and capture – is being exploited by the most technically proficient, aggressive, and organized of criminal syndicates.

Tor has emerged as a the network of choice in the Deep Dark Web for enabling illegal transactions involving weapons, drugs, stolen information, and is also often used as an anonymous communication channel for botnets’ advanced malware command and control (C&C).  Identifying timely and relevant intelligence that can be accurately ingested and leveraged into the organization’s workflow is arduous and will continue to become increasingly difficult as the volume of global data exponentially grows.

Presented by: Scott FitzPatrick

Scott FitzPatrick helped found the NCIS Computer Crime Unit at Washington Navy Yard, the District Government Incident Response Program, and Symantec’s Cyber Threat Analysis Program, and has helped companies like NetWitness go from Startup to Stardom. His most recent cooperative engagements have been with cutting edge technology companies Endgame and Norse, and he recently founded a security consulting practice.