Editor's note: The winding, twisty, dark underbelly of the internet creeps into security conversations regularly. With every data breach, more information is up for sale. And as businesses work to defend against threats, malicious actors become more nimble and innovative.
The following originally ran in May, but in light of National Cybersecurity Awareness Month, it is worth taking another look.
I recently took a trip down a rabbit hole much like the one Alice found. Instead of an ivory rabbit and bread-and-butterflies at the end of the fall, I encountered stolen airline miles, pornography and hacker for hire services.
My rabbit hole at RSA Conference in San Francisco led me to the dark web and what I found was an illegal wonderland.
The dark web is a cold slap to the face for professionals who think their cybersecurity is strong enough to hold off any threat actor. On the dark web, anyone can be a threat actor. Anyone willing to pay a hacker for a customizable cyberattack can wreak havoc on a company's technical infrastructure.
There are more than 6,300 dark web bazaars selling some variant of ransomware, equating to about 45,000 product listings, according to a Carbon Black Ransomware Economy report. Hackers that solicit ransomware talents to dark web users can take home over $100,000 annually. However, ethical or white hat hackers, can take home anywhere between $24,700 and $111,500, according a report from Infosec Institute.
For users with an appetite to launch cyberattacks on their own, a DIY ransomware kit can be sold from anywhere between $0.50 to $3,000, according to the report. Some may manage a DIY cyberattack, but I assume the more expensive the kit, the higher level of success they guarantee.
Last year ransomware attacks saw a 2,502% year-over-year increase from 2016, leading organizations with little options but to prepare for the age of ransomware attacks. This exponential growth is partially due to activities on the dark web and fundamental shortcomings in backups and patching.
So while the dark web doesn't necessarily escalate a new type of risk for the enterprise, it does help highlight the need for a longer look at security basics.
For example, the credentials of a low level employee could be auctioned off on the black market. However, if that employee only has restricted access to sensitive data, a threat of a potential data breach exponentially decreases.
Additionally, cultivating "playbooks" to avoid companywide panic is a must for anticipating threats from the dark web, according to Alon Arvatz, co-founder and CPO of IntSights and also my private dark web tour guide at RSA Conference 2018.
If a hacker threatened to expose sensitive data, it is in the company's best interest to open a line of communication with the threat actor to "understand the authenticity of the data and how he got it" and try to reduce the risk from there, Arvatz said.
Gaining access to the dark web
There are three web platforms:
- Surface or clear web
- Deep web
- Dark web
The surface web is indexed by search engines and is where most of the general public does its searches; far from the more anomalous searches done on its dark web counterpart.
The deep web is the middle ground, hidden from portions of the World Wide Web and partially unindexed by search engines. But the dark web goes further than that.
The dark web is part of the deep web but it's comprised of many dark web networks, according to Arvatz. The dark web has closed networks that require special browsers and computer communication protocol that have "anonymity inside."
Because the dark web "lowers barrier of entry," it makes hacking much more "tangible," said Arvatz. The activity on the dark web is deliberately concealed from the general public but it is accessible using specialized software. Installing a specific web browser to enable dark web access takes about five minutes, after that, getting "inside" the dark web takes about 30 seconds, according to Arvatz.
Software like Tor allows users to reach the dark web "through decentralized, anonymized nodes" on networks like Tor (The Onion Router) and I2P (Invisible Internet Project), according to a 2017 Congressional Research Service report. Beyond that, permissions and authentication could also be further required.
What happens on the dark web
The black market on the dark web is not much different than the homepage of mega shopping sites. However, instead of cookware, men's shoes or dog toys, it breaks down digital goods, including fraud, erotica, drugs and other services.
Much like a traditional business model, shoppers rely on the feedback of fellow customers. It is designed around a hacker's expertise and ability to outsource a cyberattack.
Within the black market community, there is a trust among thieves as a hacker's services are only as good as their reputation, said Arvatz. In fact, the most common form of communication on the black market is in public forums, well, as "public" as the dark web allows.
It is in these forums that solicitation for collaboration is done and it's very similar to how people communicate on Facebook, according to Arvatz.
This is intentional. The mirrored familiarity between surface web and dark web sites is not an accident.
Who lurks on the dark web
English speakers are the most active users, but because locations lie in anonymity, knowing the nationality of participants is impossible. But for some countries, getting involved in the wider black market is made more difficult due to the alphabetical barrier. Those locations tend to create a separate world with others who speak the same language.
But the dark web has seen recent roadblocks with better resilience measures, forcing participants to find another mode of communication, according to Arvatz. Mobile applications like Telegram and WhatsApp becoming atypical solutions for forums and solicitation.
Prior to my tour, using an incognito webpage was my equivalent of using the dark web. I needed a shower after my journey. But the tour reinforced just how important layered security is for the internet-connected.