Dark Web - What it is & How Does it Work?
While the name makes us think of dark alleys in dangerous neighborhoods, the Dark Web is quite simply an anonymous communications platform on the Internet. And, according to the Dark Web specialists from Secmon1, it was invented by the US military as a security exercise.
This is a perfect example of how technology that was intended to be used for good (to test if the scenario is possible) can be turned to the dark side (no pun intended).
What it’s used for?
Since we’re talking about an anonymous online platform called the Dark Web, you can’t expect positive things out of it. And we shouldn’t!
The dark web is mostly used for illegal activities such as fraud (selling credit card details, personal information for identity theft or company data), drug dealing (check out the Silk Road story), and more.
Here, you can also find information stolen from corporations and organizations (by hackers) and published for anyone to see. In these scenarios, the hackers consider that the leaked data should be publicly accessible, as a way to fight for a just cause or right a wrong.
In fact, Edward Snowden used the Dark Web to leak highly classified information from the National Security Agency (NSA) in 2013. But we also have a more recent incident, one that took place during the Black Lives Matter protest. Hackers stole and published law enforcement data containing employees’ personal information such as full names, where they lived, and more.
How Does it Look Like?
The Dark Web as a whole is not that much more different than the internet we know. However, there are some things that would throw off a regular user (at least at first).
For instance, these sites are not indexed by a search engine. In fact, they do everything possible to avoid this. In addition, the URL structure is different as all the domain extensions are replaced with .onion and all the domain names are just a string of random text.
Access to the Dark Web can be achieved via a system that can use the “TOR” (The Onion Router) network (like a TOR browser). This network is enveloped in several different layers of protection, just like an onion (hence, the name). In addition, each layer only knows its direct layer above or below (the person you received it from and the person you send it to - just like a game of Chinese whispers). This makes it impossible to track the origin of a communication.
As such, the only way to access such a website is to know their URL. Of course, sometimes the word gets out and people start discussing on forums like Reddit, but these are carefully watched by the authorities. Once they catch wind of illegal sites, the shutdown process happens rather quickly.
How To Protect Your Interests?
The Dark Web is festering with illegal online activities, but most of them are left to the proper authorities. However, most companies that ever went through a data breach, worry that their data is publicly available somewhere online.
So, how do you know if your personal or company data is on the Dark Web?
This is where IT security forensic specialists like Secmon1 enter the scene. Their job is to identify local watering holes in the Dark Web community and follow discussions that may lead to the stolen data.
Furthermore, they may even stumble across discussions where cybercriminals advertise various vulnerabilities they’ve identified in a server and how to attack it. In this case, the investigators will get in touch with the organization at risk and notify them of the risk.
What Data are Cybercriminals after?
In short, cybercriminals will get anything they can get their hands on. This includes all sorts of files (word, excel, pdfs, accounting files), CRM (Customer Relationship Management) data, and more.
A recent example is the Australian Toll breach where personal employee information, customers, financial information ended up on the Dark Web.
Often cybercriminals will ask for payment. And in return, they won’t post the sensitive information they stole. If payment is not met then the data can be auctioned on the dark web to other cybercriminals who can use it for fraud purposes (such as identity theft).For instance, here are several current practices of cybercriminals:
- They take out credit cards in the name of employees
- They withdraw super using the COVID early release superannuation funds
- They set up bank accounts using the data they stole
- Know where your sensitive data is stored:
- Is it in the cloud, is it on any computers or servers at the office?
- Reduce your sensitive data footprint:
- Is it easy to manage the security for all the locations of where the sensitive data is stored?
- Does all the sensitive data need to be accessible, can we archive it and take it offline in a secure location (e.g put it on an external hard drive and store it in a safe)?
- Automate the classification of your data
- Ensure sensitive data is classified and stored in safe and secure locations
- Automate remediation of data where it is saved to less controlled parts of your network
Another type of data cybercriminals target is email addresses and passwords. These are amongst the most valuable commodities on the dark web, since buyers can use social engineering to break into financial accounts or more.
Of course, it would be easier if they had direct access to credit card numbers. According to specialists, the average value of a valid credit card number sold on the dark web is $50 AUD. So, you can only imagine that a cybercriminal who obtains a database of thousands of credit cards will have a very good payday once sold.
Finally, cybercriminals don’t just sneak into your computers and steal data. They can also launch ransomware attacks where your data is held hostage until you pay the requested amount.
How to Stay Safe
While there is no one sure way to keep your company’s data safe, there are several steps every company should take to increase protection:
Onsite Helper’s recommendation to reduce vulnerability
Apply the Essential 8: Security Recommendations from The Australian Government to ensure the IT security of your computers and servers are very strong
Apply DLP (Data Loss Prevention) in your cloud applications like Google Workspace or Office 365 - this can prevent sensitive data from incorrectly or maliciously being sent outside the organization.
Ensure all staff are using MFA (Multi-Factor Authentication) for your cloud services like Google Workspace & Office 365
Educate your staff on IT security best practices