Phishing With A Darknet: Imitation of Onion Services
In this work we analyse the use of malicious mimicry and cloning of darknet marketplaces and other 'onion services' as means for phishing, akin to traditional 'typosquatting' on the web. This phenomenon occurs due to the complex trust relationships in Tor's onion services, a...
Saved in:
| Published in | eCrime Researchers Summit pp. 1 - 13 |
|---|---|
| Main Authors | , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
16.11.2020
|
| Subjects | |
| Online Access | Get full text |
| ISSN | 2159-1245 |
| DOI | 10.1109/eCrime51433.2020.9493262 |
Cover
| Abstract | In this work we analyse the use of malicious mimicry and cloning of darknet marketplaces and other 'onion services' as means for phishing, akin to traditional 'typosquatting' on the web. This phenomenon occurs due to the complex trust relationships in Tor's onion services, and particularly the complex webs of trust enabled by darknet markets and similar services. To do so, we built a modular scraper tool to identify networks of maliciously cloned darknet marketplaces; in addition to other characteristics of onion services, in aggregate. The networks of phishing sites identified by this scraper were then subject to clustering and analysis to identify the method of phishing and the networks of ownership across these sites. We present a novel discovery mechanism for sites, means for clustering and analysis of onion service phishing and clone sites, and an analysis of their spectrum of sophistication. |
|---|---|
| AbstractList | In this work we analyse the use of malicious mimicry and cloning of darknet marketplaces and other 'onion services' as means for phishing, akin to traditional 'typosquatting' on the web. This phenomenon occurs due to the complex trust relationships in Tor's onion services, and particularly the complex webs of trust enabled by darknet markets and similar services. To do so, we built a modular scraper tool to identify networks of maliciously cloned darknet marketplaces; in addition to other characteristics of onion services, in aggregate. The networks of phishing sites identified by this scraper were then subject to clustering and analysis to identify the method of phishing and the networks of ownership across these sites. We present a novel discovery mechanism for sites, means for clustering and analysis of onion service phishing and clone sites, and an analysis of their spectrum of sophistication. |
| Author | Barr-Smith, Frederick Wright, Joss |
| Author_xml | – sequence: 1 givenname: Frederick surname: Barr-Smith fullname: Barr-Smith, Frederick email: freddie.barr-smith@cs.ox.ac.uk organization: University of Oxford,Department of Computer Science,Oxford,United Kingdom – sequence: 2 givenname: Joss surname: Wright fullname: Wright, Joss email: joss.wright@oii.ox.ac.uk organization: University of Oxford,Oxford Internet Institute,Oxford,United Kingdom |
| BookMark | eNotj81KxDAURqMoOI59Ajd5gY65yU3a626ofwMDI6i4HNL82KiTSlsE394R52y-s_rgnLOT3OfAGAexABB0FZoh7YIGVGohhRQLQlLSyCNWUFWDMRqlVgTHbCZBUwkS9RkrxvFd7NFYS6VnDB-7NHYpv_HXNHV8yW_s8JHDdM1XuzTZKfWZ95Fv8p88heE7uTBesNNoP8dQHHbOXu5un5uHcr25XzXLdZmkUFOJLaLQoqLYRjAelY1eOtv6qhY1OmOIELSSVEvtPcZIBL4FdM4JAyaqObv8_00hhO3XvtcOP9tDp_oF9LJIjA |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/eCrime51433.2020.9493262 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE/IET Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Government Law Computer Science |
| EISBN | 9781665425391 1665425393 |
| EISSN | 2159-1245 |
| EndPage | 13 |
| ExternalDocumentID | 9493262 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IK 6IL 6IN AAJGR AAWTH ABLEC ACGFS ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK IPLJI M43 OCL RIE RIL RNS |
| ID | FETCH-LOGICAL-i203t-4b4405079fbf16d43afd2cabd78084c6699415329825dd4ff991db14ccc0616f3 |
| IEDL.DBID | RIE |
| IngestDate | Wed Aug 27 02:39:50 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i203t-4b4405079fbf16d43afd2cabd78084c6699415329825dd4ff991db14ccc0616f3 |
| PageCount | 13 |
| ParticipantIDs | ieee_primary_9493262 |
| PublicationCentury | 2000 |
| PublicationDate | 2020-Nov.-16 |
| PublicationDateYYYYMMDD | 2020-11-16 |
| PublicationDate_xml | – month: 11 year: 2020 text: 2020-Nov.-16 day: 16 |
| PublicationDecade | 2020 |
| PublicationTitle | eCrime Researchers Summit |
| PublicationTitleAbbrev | eCrime |
| PublicationYear | 2020 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0000548235 |
| Score | 1.7984039 |
| Snippet | In this work we analyse the use of malicious mimicry and cloning of darknet marketplaces and other 'onion services' as means for phishing, akin to traditional... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1 |
| SubjectTerms | Aggregates Cloning Government Law Phishing Privacy Redundancy |
| Title | Phishing With A Darknet: Imitation of Onion Services |
| URI | https://ieeexplore.ieee.org/document/9493262 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LSwMxEB7annqqthXf5ODR3W422Ue8iVpUrPZgsbeSJy3FrZQtgr_eZB8tigdvIRAICZnvm8nMfAAXkmETcPuQUkm0RxWnHqdEWVeFKcqwjJh2oYHRc3w_oY_TaNqAy20tjNa6SD7TvhsWf_lqJTcuVDZg1LENa3CbScLKWq1tPMVSjzQkUZ2sE7CBdsJY2hECYv3AMPCr5T90VAoYGXZgVG-gzB5Z-ptc-PLrV2_G_-5wD_q7gj003kLRPjR01oVOrdiAqgfchfZOWrcLzSf-2QM6npdhKPS2yOfoGt3y9TLT-RV6eK_6d6OVQS-ZG9SWpQ-T4d3rzb1XSSl4izAguUcFtcwsSJgRBseKEm5UKLlQSRqkVMYxYxbJScisw6gUNcbSRiUwlVJawI8NOYBWtsr0IaAIJ0RLFohIWTYjUk5TgxmTmmmDKRZH0HPnMvsou2XMqiM5_nv6BNrublx1H45PoZWvN_rMwnwuzov7_QZMUqWJ |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LTwIxEJ4gHuSEAsa3PXh0l-22-6g3oxJQQA4QuZHtKxDiYsgSE3-97bJANB68NT00TZvO9810Zj6AG8Gw9hLzkGJBlENlQp2EEmlcFSYpwyJgyoYGev2wPaLP42BcgtttLYxSKk8-U64d5n_5ciFWNlTWZNSyDWNw9wPjVUTraq1tRMWQj9gnwSZdx2NNZaWxlKUExHiCvucWC_xQUsmBpFWF3mYL6_yRubvKuCu-fnVn_O8eD6GxK9lDgy0YHUFJpTWobjQbUPGEa1DZievWYK-bfNaBDqbrQBR6m2VTdI8ek-U8Vdkd6rwXHbzRQqPX1A42tqUBo9bT8KHtFGIKzsz3SOZQTg038yKmucahpCTR0hcJl1HsxVSEIWMGy4nPjMsoJdXaEEfJMRVCGMgPNTmGcrpI1QmgAEdECebxQBo-w-OExhozJhRTGlPMT6Fuz2Xyse6XMSmO5Ozv6Ws4aA973Um30385h4q9J1vrh8MLKGfLlbo0oJ_xq_yuvwEyb6ja |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=eCrime+Researchers+Summit&rft.atitle=Phishing+With+A+Darknet%3A+Imitation+of+Onion+Services&rft.au=Barr-Smith%2C+Frederick&rft.au=Wright%2C+Joss&rft.date=2020-11-16&rft.pub=IEEE&rft.eissn=2159-1245&rft.spage=1&rft.epage=13&rft_id=info:doi/10.1109%2FeCrime51433.2020.9493262&rft.externalDocID=9493262 |