We recently participated in Datavore conference where we reflected on our 9 years of experience in collecting intelligence on the dark web and monitoring malicious actors. Over the years, the tools, strategies and targets have changed considerably, and this walk down memory lane was an opportunity to gather our insights in how and why we collect intelligence on the dark web.
Throughout the presentation, we received many excellent questions from security professionals, and we are presenting here our answers to some of them. If one had a question, it is likely that others might have it as well, so hopefully the answers will help security professionals improve their work capabilities.
Question 1: Are there legitimate uses for the dark web?
The dark web was created by the U.S. Navy to enable its spies to communicate with their intelligence officers anonymously and securely when located in hostile settings. The dark web was opened to the general public in an effort to hide the Navy’s traffic among that of millions of other people to make it harder to find, and crack. There are therefore legitimate uses for the dark web if only for spying.
Many NGOs, news rooms, and even governments use the dark web to receive anonymous tips and information about abuses and violent events. The internet was built with much tracking infrastructure, and it is very difficult to anonymously report anything on it. By going through the dark web, individuals can make private abuse and violent events public with less fear of retribution.
All citizens are finally entitled to their privacy. It is difficult in today’s world to use the internet without being tracked, and monitored in large public and private databases. The dark web brings back some of the freedom and privacy that have been lost over the years. The dark web is host to many email, chat and libraries of people that simply do not want the government or businesses knowing what they are doing online.
In essence, while much of what is happening on the dark web is illicit, there are many reasons why the dark web also contributes to society.
Question 2: What is the most unappreciated aspect of the dark web?
The dark web is often seen as a black hole that is difficult to access, risky to remain in, and difficult to get out of. What many people fail to realize is that the dark web is a communication channel through which internet traffic is routed. It is not a destination per se, but rather a path through which communications are anonymized.
This path can be walked both ways, meaning that senders and receivers of communications can be anonymized. Through this process, individuals can request information without having to disclose who they really are. Individuals can also share information without giving up where this information is coming from.
Because of this, the dark web can help anonymize chat rooms, file servers, websites and any other online service currently on the internet. The dark web does force communications to take a detour through it, but this detour is becoming shorter and shorter due to improvements to the protocols. While the dark web increased by perhaps an order of magnitude communication times in the past, it now only adds up a few seconds of delays in many cases.
Question 3: Why would a legitimate company ever use the dark web?
Many of the largest companies in the world such as Facebook, Google, offer versions of some of their services over the dark web. The same can be said of even the CIA, whose dark web website can be found at: http://ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjstad.onion
Companies and organizations need to be where their potential users are. At some point in time, this meant having a presence in virtual worlds such as Second Life. The dark web has simply become another opportunity to reach out to people, and one that potentially reaches 2 million people on a daily basis, based on the latest statistics.
Integrate the world’s easiest to use and most comprehensive cybercrime database into your security program in 30 minutes.
Question 4: How secure and anonymous is the dark web? Can it be cracked?
The events of the last 8 years have shown that, if need be, it is possible for large nation states like the United States to identify specific users of the dark web. European and American law enforcement agencies have located servers protected by the dark web on multiple occasions, and have arrested many malicious actors who hid behind the dark web.
It does not appear at the moment that doing so can be done easily, or by all nation states. Indeed, many illicit activities are active for a number of years before being taken down, often when the police have publicly said it was seeking to shut down those activities.
The protection from the dark web mostly expresses against companies, local law enforcement, and other malicious actors. It is very difficult for these actors to identify an individual, or find the location of a web server protected by the dark web because they do not have access to advanced tools to monitor large parts of the internet traffic. Other means of infiltration can be used to identify individual actors, but in practice, the legality of those tools and the skills required to use them makes their use a rare occurrence.
Question 5: Why should companies care about the dark web?
This was the last question we received, and a good conclusion to the previous ones. Malicious actors are opportunistic creatures that find the path of least resistance.
- They will, in many cases, target smaller firms when more established ones are too difficult to attack.
- They will target less security-conscious employees when key employees of a company do not fall victim to their attacks.
- They will target programs, services where security is not as mature
Organizations of all sizes, locations and industries are therefore at risk of being victimized, not because of who they are, but unfortunately because they may have made that one mistake that opened them to attack.
The dark web is yet another setting where malicious actors converge to buy and sell illicit products and services, as well as to exchange tactics and methods. Organizations should monitor their digital footprint as part of their cyber hygiene efforts, and the dark web represents an essential part of that monitoring.