Phishing With A Darknet: Imitation of Onion Services

In this work we analyse the use of malicious mimicry and cloning of darknet marketplaces and other 'onion services' as means for phishing, akin to traditional 'typosquatting' on the web. This phenomenon occurs due to the complex trust relationships in Tor's onion services, a...

Full description

Saved in:
Bibliographic Details
Published ineCrime Researchers Summit pp. 1 - 13
Main Authors Barr-Smith, Frederick, Wright, Joss
Format Conference Proceeding
LanguageEnglish
Published IEEE 16.11.2020
Subjects
Aggregates
Cloning
Government
Law
Phishing
Privacy
Redundancy
Online AccessGet full text
ISSN2159-1245
DOI10.1109/eCrime51433.2020.9493262

Cover

More Information
Summary:In this work we analyse the use of malicious mimicry and cloning of darknet marketplaces and other 'onion services' as means for phishing, akin to traditional 'typosquatting' on the web. This phenomenon occurs due to the complex trust relationships in Tor's onion services, and particularly the complex webs of trust enabled by darknet markets and similar services. To do so, we built a modular scraper tool to identify networks of maliciously cloned darknet marketplaces; in addition to other characteristics of onion services, in aggregate. The networks of phishing sites identified by this scraper were then subject to clustering and analysis to identify the method of phishing and the networks of ownership across these sites. We present a novel discovery mechanism for sites, means for clustering and analysis of onion service phishing and clone sites, and an analysis of their spectrum of sophistication.
ISSN:2159-1245
DOI:10.1109/eCrime51433.2020.9493262