November 10, 2016
Have you heard of the Dark Web? I bet not and I encourage you to resist the urge to Google it and start clicking. It is called the Dark Web for good reason.
The "Dark Web" is the encrypted network that exists between Tor servers and their clients. You might hear it called the "Deep Web." Both the Deep Web and Dark Web are services that cannot be indexed by conventional search engines.
The Dark Web primarily refers to the layers of the World Wide Web where users can exploit other users on the Internet for their financial gain. While illegal drugs continue to be the biggest item purchased and sold on Dark Web marketplaces, law enforcement agencies around the world are also seeing a rise in counterfeit prescription drugs and other counterfeit items. More recently, the selling of compromised credentials has spiked. Some of these are quite large in scale like the 117 million LinkedIn credentials sold last May.
It is important for leaders – and every user of the Internet – to be aware of this hidden marketplace. But instead of you doing the research and falling victim to it, I am sharing what you need to know in this blog.
The Dark Web is…
- Hidden.
The Dark Web works over the Internet, but instead of having your traffic routed from your computer and through the normal network of servers, it stays within the Tor network. You won't know exactly what system you're accessing unless they tell you, and they won't know who you are unless you tell them - or unless one of you is careless. Users often gain access by downloading Tor as their web browser, or adding the plugin for their existing browser like Firefox. For mobile users, several browsers exist that allow Tor to be used on Android or iOS devices. Security concerns have been raised for all of these browsers and that anonymous browsing cannot be 100 percent guaranteed for any of these. - Growing.
It has become increasingly easier to enter the Dark Web. With a simple Google search, you can find step-by-step guides on how to access the Dark Web – and start a path to using the Internet to swindle people out of money or take down key IT systems. That means your chances of falling victim to it are growing, too. - Costly.
The inner workings of the Dark Web are closely connected to the rise of ransomware, the worst form of malicious software. Ransomware blocks access to a computer system or set of data until a sum of money is paid. It typically demands the currency of the Internet – bitcoins. Encryption techniques are used to regulate the generation of these units of currency and verify the transfer of funds. This currency operates independently of a central bank and only a certain amount can be transferred every day. Now it can take days to pay a ransom and with time, the hacker often increases the request. In the past year, it has gone from costing organizations a few hundred dollars to thousands of dollars. - Dangerous.
While it started as a hidden set of networks for controversial content, whistleblowers and gambling, it has become an increasingly more dangerous and widespread black market. People sell drugs, counterfeit money and hack software. The Dark Web now brings together want-to-be and seasoned hackers from around the world and equips them to magnify their efforts. This is why I said at the start of this blog to be careful what you Google and click on. It is sophisticated and even some of the top technology experts cannot stop it.
I wish we could say that the Internet is only full of good. But it’s not. While many organizations use this public space to effectively promote their cause and serve people, there are others exploiting it and even committing criminal activity that’s difficult to stop.
The best way to defend against having your information stolen and sold is to follow best practices around security. In my next blog, I’ll start by covering password policy best practices.
