Showing 1–5 of 5 results for author: Jawaheri, H A

Dizzy: Large-Scale Crawling and Analysis of Onion Services

Authors: Yazan Boshmaf, Isuranga Perera, Udesh Kumarasinghe, Sajitha Liyanage, Husam Al Jawaheri

Abstract: With nearly 2.5m users, onion services have become the prominent part of the darkweb. Over the last five years alone, the number of onion domains has increased 20x, reaching more than 700k unique domains in January 2022. As onion services host various types of illicit content, they have become a valuable resource for darkweb research and an integral part of e-crime investigation and threat intelli… ▽ More With nearly 2.5m users, onion services have become the prominent part of the darkweb. Over the last five years alone, the number of onion domains has increased 20x, reaching more than 700k unique domains in January 2022. As onion services host various types of illicit content, they have become a valuable resource for darkweb research and an integral part of e-crime investigation and threat intelligence. However, this content is largely un-indexed by today's search engines and researchers have to rely on outdated or manually-collected datasets that are limited in scale, scope, or both. To tackle this problem, we built Dizzy: An open-source crawling and analysis system for onion services. Dizzy implements novel techniques to explore, update, check, and classify onion services at scale, without overwhelming the Tor network. We deployed Dizzy in April 2021 and used it to analyze more than 63.3m crawled onion webpages, focusing on domain operations, web content, cryptocurrency usage, and web graph. Our main findings show that onion services are unreliable due to their high churn rate, have a relatively small number of reachable domains that are often similar and illicit, enjoy a growing underground cryptocurrency economy, and have a graph that is relatively tightly-knit to, but topologically different from, the regular web's graph. △ Less

Submitted 4 May, 2023; v1 submitted 15 September, 2022; originally announced September 2022.

Investigating MMM Ponzi scheme on Bitcoin

Authors: Yazan Boshmaf, Charitha Elvitigala, Husam Al Jawaheri, Primal Wijesekera, Mashael Al Sabah

Abstract: Cybercriminals exploit cryptocurrencies to carry out illicit activities. In this paper, we focus on Ponzi schemes that operate on Bitcoin and perform an in-depth analysis of MMM, one of the oldest and most popular Ponzi schemes. Based on 423K transactions involving 16K addresses, we show that: (1) Starting Sep 2014, the scheme goes through three phases over three years. At its peak, MMM circulated… ▽ More Cybercriminals exploit cryptocurrencies to carry out illicit activities. In this paper, we focus on Ponzi schemes that operate on Bitcoin and perform an in-depth analysis of MMM, one of the oldest and most popular Ponzi schemes. Based on 423K transactions involving 16K addresses, we show that: (1) Starting Sep 2014, the scheme goes through three phases over three years. At its peak, MMM circulated more than 150M dollars a day, after which it collapsed by the end of Jun 2016. (2) There is a high income inequality between MMM members, with the daily Gini index reaching more than 0.9. The scheme also exhibits a zero-sum investment model, in which one member's loss is another member's gain. The percentage of victims who never made any profit has grown from 0% to 41% in five months, during which the top-earning scammer has made 765K dollars in profit. (3) The scheme has a global reach with 80 different member countries but a highly-asymmetrical flow of money between them. While India and Indonesia have the largest pairwise flow in MMM, members in Indonesia have received 12x more money than they have sent to their counterparts in India. △ Less

Submitted 1 December, 2019; v1 submitted 27 October, 2019; originally announced October 2019.

Characterizing Bitcoin donations to open source software on GitHub

Authors: Yury Zhauniarovich, Yazan Boshmaf, Husam Al Jawaheri, Mashael Al Sabah

Abstract: Web-based hosting services for version control, such as GitHub, have made it easier for people to develop, share, and donate money to software repositories. In this paper, we study the use of Bitcoin to make donations to open source repositories on GitHub. In particular, we analyze the amount and volume of donations over time, in addition to its relationship to the age and popularity of a reposito… ▽ More Web-based hosting services for version control, such as GitHub, have made it easier for people to develop, share, and donate money to software repositories. In this paper, we study the use of Bitcoin to make donations to open source repositories on GitHub. In particular, we analyze the amount and volume of donations over time, in addition to its relationship to the age and popularity of a repository. We scanned over three million repositories looking for donation addresses. We then extracted and analyzed their transactions from Bitcoin's public blockchain. Overall, we found a limited adoption of Bitcoin as a payment method for receiving donations, with nearly 44 thousand deposits adding up to only 8.3 million dollars in the last 10 years. We also found weak positive correlation between the amount of donations in dollars and the popularity of a repository, with highest correlation (r=0.013) associated with number of forks. △ Less

Submitted 9 July, 2019; originally announced July 2019.

BlockTag: Design and applications of a tagging system for blockchain analysis

Authors: Yazan Boshmaf, Husam Al Jawaheri, Mashael Al Sabah

Abstract: Annotating blockchains with auxiliary data is useful for many applications. For example, e-crime investigations of illegal Tor hidden services, such as Silk Road, often involve linking Bitcoin addresses, from which money is sent or received, to user accounts and related online activities. We present BlockTag, an open-source tagging system for blockchains that facilitates such tasks. We describe Bl… ▽ More Annotating blockchains with auxiliary data is useful for many applications. For example, e-crime investigations of illegal Tor hidden services, such as Silk Road, often involve linking Bitcoin addresses, from which money is sent or received, to user accounts and related online activities. We present BlockTag, an open-source tagging system for blockchains that facilitates such tasks. We describe BlockTag's design and present three analyses that illustrate its capabilities in the context of privacy research and law enforcement. △ Less

Submitted 24 September, 2023; v1 submitted 17 September, 2018; originally announced September 2018.

Deanonymizing Tor hidden service users through Bitcoin transactions analysis

Authors: Husam Al Jawaheri, Mashael Al Sabah, Yazan Boshmaf, Aiman Erbad

Abstract: With the rapid increase of threats on the Internet, people are continuously seeking privacy and anonymity. Services such as Bitcoin and Tor were introduced to provide anonymity for online transactions and Web browsing. Due to its pseudonymity model, Bitcoin lacks retroactive operational security, which means historical pieces of information could be used to identify a certain user. We investigate… ▽ More With the rapid increase of threats on the Internet, people are continuously seeking privacy and anonymity. Services such as Bitcoin and Tor were introduced to provide anonymity for online transactions and Web browsing. Due to its pseudonymity model, Bitcoin lacks retroactive operational security, which means historical pieces of information could be used to identify a certain user. We investigate the feasibility of deanonymizing users of Tor hidden services who rely on Bitcoin as a payment method by exploiting public information leaked from online social networks, the Blockchain, and onion websites. This, for example, allows an adversary to link a user with @alice Twitter address to a Tor hidden service with private.onion address by finding at least one past transaction in the Blockchain that involves their publicly declared Bitcoin addresses. To demonstrate the feasibility of this deanonymization attack, we carried out a real-world experiment simulating a passive, limited adversary. We crawled 1.5K hidden services and collected 88 unique Bitcoin addresses. We then crawled 5B tweets and 1M BitcoinTalk forum pages and collected 4.2K and 41K unique Bitcoin addresses, respectively. Each user address was associated with an online identity along with its public profile information. By analyzing the transactions in the Blockchain, we were able to link 125 unique users to 20 Tor hidden services, including sensitive ones, such as The Pirate Bay and Silk Road. We also analyzed two case studies in detail to demonstrate the implications of the resulting information leakage on user anonymity. In particular, we confirm that Bitcoin addresses should always be considered exploitable, as they can be used to deanonymize users retroactively. This is especially important for Tor hidden service users who actively seek and expect privacy and anonymity. △ Less

Submitted 10 July, 2019; v1 submitted 23 January, 2018; originally announced January 2018.