While you may be familiar with the Dark Web, its opaque nature helps to cloak how it works and what it’s used for. As a CIO, if you are concerned about your company’s data security, understanding what the Dark Web is and what it isn’t is critical.
The Dark Web isn’t all bad
The Dark Web is portrayed as the go to place for anyone who wants to do something illicit. However, many argue that the ability to browse the internet for everyday tasks without your internet service provider or anyone else knowing what you are doing is a fundamental human right.
There are good reasons why you might wish to remain anonymous when browsing the web. For example, for people living in a country which has limited access to western internet sites; it can be a valuable tool for avoiding oppression.
Some major media outlets have established domains on the Dark Web. The BBC has established a location with the goal of making access to information for surfers without the benefits of an open and free press. Facebook has also created a mirror for people using social media, who wish to protect their identities.
It’s not just guns, drugs & porn
It’s true that a large part of the Dark Web’s “GDP” is made up of criminal activity and illicit items you wouldn’t find in your local Sainsbury’s; from illegal substances to counterfeit money and more. Hacked accounts of all sorts, ranging from Netflix to Amazon and more have their credentials shared on the Dark Web. It’s also possible to buy access to individual bank accounts for a fraction of their value.
Beyond individual risks to online identity and information security, there also markets your business should be concerned about. Wholesale trading of counterfeit goods could harm turnover for manufacturers and retailers. Marketplaces where stolen credentials, identities and payment details are sold and shared pose a significant threat to any organisation.
There is no index
You cannot search the Dark Web network with Google. You need to know where you are going; many sites are kept secret on purpose, or ‘invite-only’. And whilst there are a number of Wikis listing pages they contain a fraction of sites that exist and can lead unsuspecting surfers to pages that contain links to malware downloads .
Search engines that can peruse and provide Dark Web links do exist, however as the landscape keeps changing, it can be very difficult to keep up to date with active sites. Even some of the best search tools tend to provide repetitive results, and the results are often not relevant to what you are searching for, and 404 errors are common.
It can be dangerous to simply browse the Dark Web
Going online in the Dark Web is a little like wandering through a dodgy neighbourhood. Beware of questionable links to websites with malware, viruses, and trojans. Bad actors will often provide you with links which simply by clicking can load your computer full of unwanted software. Just like that dodgy neighbourhood, your best chance of staying safe is to avoid it altogether or only venture in if you are accompanied by someone who knows where they’re going and has specialist skills to protect you.
If you do choose to enter the Dark or Deep Web, make sure that your computer is equipped with the most up-to-date security software, that can detect viruses, malware, spyware, trojans, and rootkits. It’s also wise to use a VPN so as to truly protect one’s identity whilst you conduct online activities.
Business data is shared/traded/sold and marketed on there
If the Dark Web is in constant flux, the only things that remain constant are the products offered (including data) and the demand for them. Indeed, breached data is frequently recycled as cyber criminals bulk out fresh breaches with historic records. This is because Dumpz (credentials) and Fullz (identity documents) have a real, monetary value.
In other words, even if your data no longer appears available for sale on a specific Dark Web site, that does not mean that it will not reappear somewhere else. Being aware of these risks can help you make the right decisions about how to protect existing data within your local networks. Ensure that you change the access methods to make sure that someone does not keep reusing the same old data to gain access to your systems and employees.
Breached data traded is broad in nature
What gets traded goes beyond the email credentials you can find on HIBP. This includes port scans, invoice templates, photo id’s, credit cards and payment details, PII, etc. Of equal concern is that the Dark Web offers a one-stop-shop for budding hackers, hacking forums provide tools and tips for weaponising this data against your network, your business and your customers. In particular, personal details can be compiled to generate ‘synthetic IDs’ which are then used in major fraud.
For these reasons you need to be aware of what is out there and what sort of methods bad actors will use in breaking into your systems. It may be in areas that you had not considered.
Sites come and go all the time
Law enforcement agencies have had several major successes in taking down marketplaces selling illegal goods and data over the last few years, notably Silk Road, Alphabay, Hansa, Valhalla and Wall Street Market. But, similar to individual post take-downs, investigators can be forgiven for thinking they are simply part of a high-stakes whack-a-mole game. As fast as one market is removed, another springs up.
Keeping track of where these markets are is a full time job. As bad actors are aware of these new locations, so should you.
Content posted on the DW is often very short-lived, can sometimes be there just for a few hours or days then disappears. This is often by design to protect the bad actors. This makes it very difficult for threat analysts to be sure that they’ve found every trace of your data if they are using manual research methods.
Marketplaces and chat rooms require registration and ‘bona fides’
For self-preservation, many criminal marketplaces keep a strict “bouncer” strategy, with clear gatekeepers. These require special identification before you can be allowed to access them. This means that law enforcement and threat hunters require considerable resources to be able to go deep undercover to be able to break apart these organisations.
This does not mean that you are without protection, if you engage the proper services. Skurio can help by actively finding ways to maintain access to these illicit places
Difficult to track your data.
If you’ve had a data breach, it may be harder than you think to find it on the Dark Web. As we’ve explained, the transient and opaque nature of the Dark Web means it is virtually impossible to track/monitor/search for your data appearing on these sites manually. To do so, would take forever to find things; there’s no index to search. On top of this, breached data from your company could be used to spice-up older data sets, making it equally difficult to hunt down.
For this reason, you need professional tools to ensure that you ensure that you have access to the widest array of data. To do this on your own is formidable, but Breach Alert can handle much of the legwork.
While there are many good features associated with the Dark Web, darkness can hide a lot of things. It is essentially like meeting someone in a dark alleyway at night to make a deal. For this reason, it makes sense to partner with a threat intelligence firm like Skurio to help regularly monitor the Dark Web, to find signs of your company’s valuable data or information before it becomes used.