Thursday 7 November 2019 5:53 am

Dirty data deals on the dark web are a risk to business

Viktoria Austin is strategy and research analyst at Digital Shadows.

Five years ago, you’d be hard-pressed to find anyone who had even heard of the dark web. Now this realm of mystery is the topic of books and films – not to mention daily headlines alongside news on the latest cyber breach. 

It’s got a reputation as the “go to” place for buying anything illegal, with everything from stolen data to drugs to fighter jets available for sale. But what exactly is the dark web; how big is it, what’s the danger, and why are businesses increasingly concerned about it? 

Let’s start with the 101. The dark web is an area of the internet that is only accessible with specific software, such as Tor and I2P. Tor was originally set up by the US Navy as a means of protecting military intelligence, but has since become a web of anonymity where users’ identities and locations are protected by encryption technology that routes user data through many servers across the globe, making it nearly impossible to track users. The dark web also quite hard to use, since it is not indexed by traditional search engines in the same way as the regular web which we all use.

Naturally, the anonymity makes the dark web an attractive technology for illegal purposes, but it is important to address some common misconceptions. 

The first is that there are no legitimate uses of the dark web. Many might have been surprised to see the BBC launch on Tor last month, but actually it is in good company: organisations such as the New York Times and Facebook are already there. The reason they do so is to expand their reach in geographies where freedom of speech is restricted and to protect users from prosecution by repressive regimes.

The second misconception is that all criminality takes place on the dark web. Many criminalities actually take place on the regular web. 

In countries where law enforcement is weak, criminals often have no compunction about trading (for example) stolen credit card details or usernames and passwords in plain sight on the regular internet. There are also multiple criminal forums which exist on the open web, but are password protected or hard to access. This is often known as the “deep web”.

There have been attempts to take down the dark web. In July 2017, the cybercriminal community was shaken to its core when the US, European and local Dutch law enforcement launched Operation Bayonet, which seized and disabled two of the most prominent dark web marketplaces called AlphaBay and Hansa. Before that, millions of vendors and buyers were doing an estimate of over $1bn in illegal trade.

Then in May this year, an internationally coordinated operation led to the takedowns of two more marketplaces: Wall Street Market and Valhalla Marketplace (also known as Silkkitie). In the same operation, law enforcement simultaneously disabled one popular dark web news source and review page: DeepDotWeb. 

On the face of it, law enforcement is making progress. Each takedown encourages paranoia among criminals using the dark web that law enforcement has infiltrated their community. There have also been several incidents of the threat actors running marketplaces “cashing out”, taking the proceeds of criminal funds being held in escrow for goods, and disappearing. 

To grow, these criminal marketplaces need a solid reputation, financing to scale, security to maintain current users, and trust to gain traction. Unlike legitimate corporations, these marketplaces don’t strive for monopoly, as becoming too prominent may draw the attention and resources of law enforcement.

But criminal marketplaces have not been eliminated entirely, and forums have become smaller but more specialised. There has also been a move towards encrypted channels such as Telegram, where criminals often feel less under the watch of the law. 

But the flipside is that they have less visibility into who they are transacting with, since the online auction-style “peer rating” systems on marketplaces don’t apply here.

So should we be worried? It’s important to put everything into context. We shouldn’t hear the words “dark web” and presume that it’s all criminal. But we also shouldn’t presume that all criminality takes place there either. The picture is much more nuanced, and criminals are constantly evolving and diversifying their methods and the platforms they use. 

What is certain is that criminals are after anything that can be traded for profit – data such as usernames, passwords, credit card details, intellectual property, bank details, or employee information. 

We see this information changing hands on a daily basis, but it still takes on average nine months for firms to discover that they have been breached. During that time, the information of their organisation and customers is at risk. 

Shrinking this window (or better still, eliminating it altogether) is key. This is why getting one step ahead is crucial, and this means monitoring the places where criminals congregate – forums, closed sources, Telegram, and the marketplaces. 

If businesses can identify risks against them early – such as breached data or evidence of cyber criminals conspiring against them – then they are half way to mitigating the issue.

Main image credit: Getty

City A.M.'s opinion pages are a place for thought-provoking views and debate. These views are not necessarily shared by City A.M.