The dark web is where many of the most dangerous cyberattacks are planned and confidential company information is sold for Bitcoins. So how do you get insight into what is occurring there and protect your organization from its murky depths?
If you think the dark web is a shadowy underworld dedicated to hiring hitmen, human trafficing and other sinister services, think again. Your company’s intellectual property, email database or customers’ credit card details could be for sale there now without you knowing.
So how is it structured?
The deep web is a gargantuan rabbit warren of pages, estimated to be 500 times bigger than the ‘surface’ web we use daily. It includes any password-protected sites that can’t be indexed by the likes of Google or Bing, such as our online banking services, academic community sites and content behind paywalls. Delve into its deepest part and you find the dark web.
In the dark web people use encryption to hide their location, identity and details of the sites they visit. The Tor browser, also known as the onion router, is the most common way of accessing this ‘invisible’ web. Free and easy to download, Tor protects a user’s identity by bouncing traffic via a random, distributed network of relays run by volunteers around the world. Whilst the dark web isn’t totally populated by bad guys, it has earned a reputation as a virtual gangland where you can buy and sell anything.
With criminals getting ever more specialized and organized in developing new types of attack, enterprises can no longer ignore the dark web when developing their cyberdefense strategy, according to Aurelie Perez, senior security consultant at Orange Cyberdefense. “The dark web provides a very convenient meeting place for cybercriminals to get everything they need to mount an attack fast,” she says.
Just five years ago cybercriminals owned the whole attack value chain. They needed to profile the target, source insider information, find vulnerabilities, develop the right attack tactics and launder the money themselves – a long, complicated and expensive process. “The big threat today is the ecosystem the dark web has created. It’s a game changer in the cyber economy,” explains Perez.
“Cybercriminals now specialize in one service and sell this on to a wider market. Experts can link up and move more quickly. Because most charge on a pay-per-success or pay-per-install basis, it’s also cheaper to mount an attack. And if the first tactic doesn’t work, they can experiment with others until they succeed. When they have a technique that gets results they will keep re-using and re-selling it.”
How does the dark web operate?
In this shady world, criminals need to shift illegal assets fast, so like any other business they need to advertise. Sites such as Pastebin on the surface web allow text to be posted anonymously for a set period of time. Pastebin is where the entire email account of Sony Pictures Entertainment chairman and CEO Michael Lynton’s hacked email box ended up.
There are also virtual shop fronts were illicit data is bargained over. Over 200 million Yahoo user accounts were posted for sale on dark web marketplace The Real Deal last year for 3 Bitcoins (US$1,824). According to the Institute for Critical Infrastructure Technology (ICIT), this site along with Dream Market and AlphaBay are flooded with stolen personal data, including healthcare information. Tesco, O2, Target, Home Depot are amongst the household names to suffer breaches in recent years.
Sometimes the content on sale is so ‘hot’ it’s only made available for a few minutes. The speed of the criminal transactions, size and inaccessibility of the dark web, lack of commercial search tools and shortage of specialist expertise makes it challenging for enterprises to identify dark web threats internally. It requires expert surveillance teams who know 24/7 what is happening where.
To monitor activity in the dark web requires global teams of cyber sleuths. Cyber Security Operations Centers (CyberSOCs) employ ethical hackers who are native speakers of the cyber-slang the criminals use. Illegal activities are not often referred to explicitly on the dark web. These ethical hackers use this knowledge to program specialist big data and artificial intelligence tools that crawl the dark web and analyze the results. Others masquerade as cybercriminals to identify data relating to a specific enterprise, building credibility by setting up fake deals between themselves to demonstrate they are active.
How do I get extra intelligence?
Being proactive and gathering intelligence enables organizations to set up an early warning system for potential new types of attacks that are under development. Surveillance teams can find out if your organization is being talked about and by whom. They can inform you of the type of tactics cybercriminals are using so that you can shore up your security defenses. “It is a cat and mouse game,” explains Perez. “It is about continuously adapting to outwit the bad guys”.
At the same time, surveillance allows organizations to be reactive. If surveillance finds, for example, that an organization’s passwords are for sale on the dark web, it can report back to the organization and they can immediately take steps to change passwords and security policies.
Remember not all attacks are external. Insider threats include employees maliciously posting confidential company information in the dark web for financial gain or to harm your reputation. Your organization would be none the wiser until it was too late.
“Most companies still look inwards when they are talking about security. They are concerned about their networks and who is prying into their devices and data,” explains Perez. “What they need to do is start looking outside and see if their IP, employee and customer data is already for sale. They will be very surprised.”
The criminal economy on the dark web has matured fast. Is your enterprise already on hackers’ hit list? Find out more about dark web surveillance techniques at the Orange Business Services webinar. Listen to the recording now.
Jan has been writing about technology for over 22 years for magazines and web sites, including ComputerActive, IQ magazine and Signum. She has been a business correspondent on ComputerWorld in Sydney and covered the channel for Ziff-Davis in New York.