The term dark web wasn’t always associated to shady corners of the internet. In the 1970s, it referred to networks that were isolated from ARPANET for security purposes. Gradually, ARPANET swallowed up most computer networks, leading many to believe it is the full extent of the internet. However, some areas remained separate and came to be seen as truly dark – an ungovernable place where unscrupulous activities take place and people can browse with complete anonymity. But not everything that happens there is entirely deserving of this bad reputation.
The Many Webs
Today, dark web is an ominous term often used interchangeably with deep web. While they all allude to similar parts of the internet, they are not the same.
The Internet most of us inhabit, easily accessible through search engines such as Google or DuckDuckGo, are known as the surface web and accounts to around 10% of what the Internet actually is.
Deep beneath our everyday web lays the deep web, hosting all else that isn’t indexed by standard web search engines– from user databases, to business intranets, to password-protected websites. This part of the internet is estimated to be 400 to 500 times larger than the surface web’s over 4 billion indexed web pages.
Although much of the deep web is benign, in it lies the infamous dark web – where sites with criminal intent or illegal content hide by using a set of websites accessible only through the use of special software and tools that makes your location anonymous – hence its nickname: the invisible web.
In an era of frequent and massive data breaches, understanding this Internet roadmap matters because stolen information is almost guaranteed to end up for sale in its dark corners.
It all started in the mid-1990s, when the U.S. Naval Research Laboratory created a technology for intelligence workers to exchange information completely anonymously. They called it Tor – short for The Onion Router. As part of their strategy for secrecy, they released Tor into the public domain for one simple reason: the more people using Tor, the harder it would be to single-out government messages from general noise.
Since then, Tor spread widely and is today a critical part of the dark web, hosting many of its sites. However, the strategy’s success came with a huge side effect: Tor’s anonymity element attracted a huge range of people to the dark web, including those wanting to keep their activities hidden for nefarious reasons.
The Anonymity Dilemma
Privacy advocates relish in the idea that parts of the Internet can be navigated without them having to reveal their location or identity – and indeed, there are many benefits to being anonymous.
Since we’re all exposed on the open internet, activists and campaigners around the world rely on the dark web’s anonymity to maintain communication in areas where speech is censored, and journalists rely on it to protect their sources when collecting confidential information.
Open Internet service providers can see everything we do, when, how, and why. Google keeps an eye on our browsing and search history and use all they know about us to manipulate our behaviour – to, for example, get us to spend as much money as possible online. In the U.S., they are even allowed to sell our information to the highest bidder. We’re paying for all “free” online services with our personal data, whether we know it or not. The dark web and anonymity browsers such as Tor are alternatives to this invasive system.
But what flourishes in the dark web is mostly what has been banned elsewhere. While this includes censored information, it also includes things that are many shades darker, like cyber crime tools, child abuse media, and drug dealing.
In the dark web, you can buy anything – credit card numbers, all manner of illicit substances, counterfeit money, stolen subscription credentials, hacked Netflix accounts, businesses’ customer and financial details, confidential corporate data such as new product designs and business strategies, software, and hackers’ services.
Sophisticated attacks against serious organisations are almost impossible to conduct as a one-man job. So the dark web is not only where criminals sell what they steal, but is also where they network, articulate, and get the help they need to strike the next victims. Cyber intelligence firms have caught up on that and are tracking the dark web to find out who, when and where malicious hackers may be planning to attack next.
But in the dark web, criminals have found the space and tools to arm themselves with freely-available technologies that are making their jobs easier and those of their victims harder. Malicious actors are selling software specifically designed to break into businesses and even offer 24-hour help-desk services and technical support to help unskilled hackers conduct criminal activities.
As a result, one particularly disturbing trend was observed last year: hacker groups never previously found to be associated with governments are now using sophisticated tools and techniques formerly exclusively deployed by Russian and Chinese intelligence services.
The Offensive Approach
The dark web’s sheer complexity means that it is unlikely to become a regulated place anytime soon. In this overwhelming and lawless scenario, businesses can’t wait for justice or rely on defensiveness. Hopefully, digital innovations will come to the rescue soon – such as digital risk protection platforms capable of driving real-time detection of cyber threats via artificial intelligence and machine learning algorithms. But meanwhile, businesses must act.
Cyber security strategies must strive to achieve a deeper level of visibility into dark web transactions to detect when information that relates directly to their business is exchanged or even discussed. In other words: cyber security must incorporate Dark Web monitoring and threat intelligence services and actively hunt for threats in the deep web – the digital equivalent of skulking around in a dark alley.
Monitoring dark web activities is a step for businesses to understand who their typical adversaries are, what their motivations might be, and which types of data they are most likely to target. And the pressure to act quickly is on: any stolen data, such as customers’ or employee’s credentials, can swiftly change hands in the dark web and become key to even more valuable corporate information.
Each business’ security capabilities and risk appetite will dictate how and when they achieve a greater level of visibility into the dark web. But tread carefully – it is long way down.
#
Written by Paula Magal for CS4CA Europe – the annual platform for critical infrastructure security leaders to collaborate in strengthening the cyber security of their IT and OT environments. 2019’s summit is taking place in London, 1st-2nd October. Book your Early Bird delegate pass before August 1st to save €250.
