Shedding Light on The Dark Web.
The impression I got from the discussions around the breakfast bar before this, the fourth of the Like Minds Business Breakfast events at Hay Hill, was that the Dark Web was a concept that hovered at the edges of conscious awareness for most businesses. I think it was almost universally seen as a threat rather than an opportunity but quite how serious a threat was unclear. The attendees were at this event, therefore, to see some light shed on the dangers lurking in the Dark Web.
The man to shed that light was Thomas Olofsson, an expert on business intelligence and security. His company Intelliagg works directly with businesses to monitor and reduce cyber threats, as well as researching and analysing the Dark Web itself. In the chair next to him – and asking the questions – was James Hurley, Enterprise Editor at The Times.
James kicked off by referring to the often sensationalist way mainstream media reports the Dark Web. He hoped that the answers provide by Thomas would dispel some myths. First, he asked Thomas to describe his company and what it does.
Thomas defined Intelliagg’s core business as monitoring the internet for potential threats; threats to both business organisations and high net worth individuals. Part of the monitoring involves working with the Dark Web and much of that work revolves around data mining. One of the most alarming aspects of what Tomas described was that, where previously identifying and preventing cyber threats was the major part of such work, there is an increasing element involving personal and physical threats. He gave the example of advising a journalist working for a media organisation in a hostile environment to switch hotels after learning of a potential attack.
The Dark Web is Small.
James asked Thomas to define the dark web and to clarify any major common misconceptions.
The term Dark Web is a buzzword. In purely technical terms it’s merely a further encryption layer built on top of the internet that creates true anonymity for its users. The most common misconception is that it is enormous: in fact, compared to Google’s index of one billion sites and the vast size of the “deep web” – that’s all networked sites residing on corporate internets etc and which are inaccessible by Google – the Dark Web appears to contain approximately thirty thousand sites. To put that in perspective, that’s about the size of the web in 1994.
The combination of Bitcoins – the currency of the Dark Web – and true anonymity is obviously a magnet for organised crime. The Dark Web is set up to facilitate buying and selling anonymously. There is completely secure anonymous trading — and communication.
And what is being bought and sold in this anonymous marketplace is what constitutes the main threats to companies. There are data dumps of stolen credit cards, personal data, bank account details, addresses, as well complete sets of company and personal data. At the same time, there is also a market for quick – and cheap – DDOS (denial of service attacks) to cripple or bring down a company site. This latter is a market that is seeing a fall in prices: in other words, it is not expensive to exercise a grudge or to initiate an attack out of spite.
The recent dump of the “Panama Papers” is merely the latest example of a data leak threatening to become a company extinction level event.
The Dark Web is Easy to Use & Access.
The simplest way to access the Dark Web is to download the TOR browser. Install the browser, launch it, and you’re there. You can be up and running in the Dark Web within minutes.
As Intelliagg continues to map the Dark Web and to examine the data traffic, the biggest surprise remains the overall size in terms of the low number of sites. Of the thirty thousand or so mentioned above, Thomas estimates that perhaps only 50% of those are active.
In contrast to the common media portrayal, there is, in fact, a very low proportion of porn. By far the largest number of site categories are information theft and data leakage.
Thomas thinks that perhaps the scariest thing at the moment is the prevalence of doxing/digging sites; the sourcing of information for others to use against people. Swatting is another example of this, where SWAT teams are sent to harass people after false calls. The most famous case recently is that of security journalist Brian Krebs. The Krebs case is worth reading about.
The Dark Web Is Also About Legitimate Use.
Not all data leaks are ‘bad’. The Dark Web offers a perfect environment for whistle-blowers. (This, of course, can be seen as both a threat and an opportunity by some companies.) There is also the question of exercising human rights under repressive regimes.
A key point to note here is that, based on the analysis carried out by Thomas and Intelliagg, he believes that the split between legal and illegal activity on the Dark Web is more or less even.
James asked whether the Dark Web and what it stands for marks the end of privacy. Thomas thought not but there is a need for new countermeasures. Furthermore, the case for strong encryption has not been taken as seriously as it should have been until very recently.
That had given us an excellent overview of some of the main aspects of the Dark Web. James opened the meeting up to questions from the audience.
Q: Is it possible to access ‘normal’ sites from the Dark Web?
A: TOR provides exit nodes that allow leaving the Dark Web and crossing into the internet proper. Although the source will remain anonymous, the data will now be unencrypted (depending on the security of the TOR node). It is not possible to send messages from within to without because encryption will be compromised.
Q: How is it possible to mine the data if it is encrypted?
A: It is the user data and traffic that is encrypted. The sites themselves are in the clear. All TOR connectivity passes through 3 layers of encryption and then 3 of decryption to maintain anonymity.
Q: Is it possible to block access to the Dark Web within a company or to find a forensic trail of access afterwards?
A: Not really — not by network. The only thing that would work would be to block access by individual device and that simply moves the problem elsewhere. The nature of TOR’s anonymity renders forensics impossible.
Q: Are data leaks down to negligence or merely a byproduct of the vast amounts of data now stored – and the way we store it?
A: Many companies have levels of compliance and check boxes but this is not enough. There is simply not enough understanding of the core security issues. This is not so much about negligence but about general failures of security and understanding.
Q: What is the size of the Dark Web economy?
A: Thomas and Intelliagg continues to research this but the current estimates – based on bitcoin transactions – show it is growing and is in the region of $10 million per day.
Q: What of the future?
A: Attempts to break TOR have failed because it is too expensive. The development of quantum computing is the big hope for attacking encryption. That, though, creates other problems with security.
Thomas concluded this talk by showing us some screens from the Dark Web, including some of the personal and financial items available for sale – and their prices.
This was a highly informative talk that both dispelled misconceptions and alerted those representatives from companies present to some of the threats – and opportunities – the Dark Web poses.
The next Business breakfast in on Thursday May 5th. Sign up on the right for our newsletter to be invited along.