What in the Dark Web is happening here?
“What in the Dark Web is happening here?” was the first thing said to me over a recent holiday trip, with a friend walking in and seeing me checking in on work and life with three separate laptops set up in front of me, my attention and hands darting between them all in rapid succession. It was good for a laugh, and a reminder about the appearance, and perception, of what a cybersecurity professional is thought to be doing today on a daily basis – other than typing very, very quickly, and wearing a hoodie 365 days a year. That said, kudos to him for knowing about the Dark Web in general, which frankly caught me a little by surprise. When I asked him what he thought I might be doing on the Dark Web, his answer of, “Looking at illegal stuff?” also took me off guard but sparked quite the interesting conversation.
So What is the Dark Web?
Just a handful of years ago, the Dark Web was not something in the common parlance for most folks. While it has long been known about and interacted with by security professionals, it has typically fallen in that grey area of awareness that the general population has about any other form of Utility – they know that infrastructure is out there, that there are specialists that work both with and within it, and if things are “working” then they don’t need to pay too much attention to the “how” things happen. Pop culture and media have brought the Dark Web more to the forefront in the last decade, and in more recent years, the common consumer has found themselves reading about in their mail. The Dark Web has become a common phrase for people via their credit card statements, and ever-growing more frequent breach notifications they receive in the mail. “Your email has been found in a database,” or “your username, password, and credit card number” has been found on the Dark Web, follow these next steps to ensure your safety online…lots of awareness, but not a lot of specifics about what the Dark Web actually is.
The World Wide Web, or Internet as we generally know it, is a global offering of content readily available from just about any web browser to just about any user – nation-state firewalls or employer internet access restrictions aside. However, the portion of the internet that the average person can Google, Bing, or Duck Duck Go only makes up an average of 1%-5% of the information stored out there in the ether. While much of that 95%-99% of the information out there is known as the “Deep Web” with information that is restricted and secured behind company portals – think of bank records, health insurance portals, credit card statements, and merchants you interact with online – a relatively small, but impactful slice of the rest is what is commonly known as the Dark Web.
The Dark Web is in many ways an escalation of the Deep Web, where access is even further restricted, and requiring specialized software (at a minimum) and realistically, specialized skills to access – such as a Tor browser, unique and rotating search pages found within specific domains unique to this area, and one heck of a security setup for the user in question. [Please note, this is in no way a guide to safely access the Dark Web, and it should not be treated as such] Sites on the Dark Web can host a variety of content, with few if any standards or guidelines as to how information is shared, posted, or accessed, and always with the intent of a lack of accountability for who is providing the data. Hosts are typically anonymized and/or located in countries with low impact or consequence for the material they provide. Much of the information here IS illicit in nature – from transactions involving controlled substances, firearms, confidential materials, to extensively, user account information and personal financial data such as credit card numbers. Caveat Emptor to the extreme, though, as there are not typically any customer service numbers for the shoppers here, though you will find somewhat standardized pricing (https://www.privacyaffairs.com/dark-web-price-index-2023/) for a wide range of services and data sets. Instead, much like black markets elsewhere, credibility for buyers and sellers can be built up over time, with reviews and referrals linking towards more reliable clients at any particular moment. And, like any technology-based solution, these tools are being commoditized Ransomware as a Service (RaaS) is a real and present thing. Information and data that has been ransomed, or simply extracted from networks, can also be stored on distributed systems within the Dark Web that can’t be commercially sanctioned in a timely manner, if ever.
What Else Can Be Found On The Dark Web?
The Dark Web is not simply a boundaryless market for malfeasance, though that is what tends to lead the news cycle. It is also a repository of information for those who are more privacy focused, and for those working around restrictions in sharing information that would seem foreign, indeed, to a U.S. citizen. Bitcoin and other cryptocurrency resources abound here, communication channels and aggressively private email services, localized news updates from behind The Great Firewall and more, whistleblower sites that take privacy to whole new levels, these and far beyond can all be found with the right knowhow and tools in place. Fortunately for security professionals, there can also be found a wealth of information to be shared and contributed towards.
The Dark Web As A Tool, and Resource
As with nearly any tool, while intent is present during the design and introduction phase, users are the ones who ultimately decide what to do with what they have in their hands. Many have certainly used a wrench-handle to tap in a nail, and security experts work hard to make the same effective twist of the information provided on the Dark Web. Under the banner of validating their wares, many malware vendors have to advertise and demonstrate their tools – providing opportunities for security researchers to gather, evaluate, inform the market and/or engineer mitigation strategies for distribution across Open Source resources and vendor sponsored security databases alike. Similarly, information about coordinated cyber attacks is often shared in forums or user groups, along with specific bundles of services – all of which can be quickly acquired and used by top-tier researchers to determine how to circumvent the circumvention; Cyber Whack-A-Mole is a valid enough name for much of the defensive cyber research and implementation. Crucially, just as RaaS exists, so too do defensive services for the industries and organizations we readers are likely to be supporting.
Multiple third-party vendors, research firms, defensive cybersecurity firms, open source forums and research boards, managed service providers, SIEMs, and more – many have some level of integration with information coming from the Dark Web, and the researchers who dredge it for actionable intelligence on cyber threats. Some vendors will provide this information to you for your team to decipher, many will update their own systems and solutions to both best serve their customers and their stakeholders; nobody wants to be held liable for the impacts of a breach, or a vulnerability being leveraged. Generally speaking, this is a Very Good Thing. Our Industry thrives on groups of experts, being experts, and leveraging that capability in a way that maximizes impact while minimizing costs, and specifically, minimizing risks.
What To Do With The Dark Web?
If you’ve only recently learned that “onion” is more than a vegetable, or you have a smaller team of security professionals, leaving the Dark Web good and well alone is likely the safest bet you’ll make all year. As the saying sort of goes, “When you look into the abyss, the abyss runs scripts and gets into every system you didn’t know you needed to lock down.” Many people expose their personal systems, work infrastructure, or both, from natural curiosity and poking around to explore, assuming they’re “safe enough” in how they’re browsing. Like any minefield though, what you see is far less concerning than what you don’t see, and you likely won’t know in the moment when you’ve tripped something – though you’ll find out soon enough.
Instead, leverage the resources your vendors and partners have, use the relationships their professionals have built to gather the information, all while meeting their objective to shield you and your organization from risk. Security as an industry-wide concern is a driving factor in this, where the more secure every company, vendor, and organization is from cybersecurity threats, the more secure the entire supply chain and ecosystem of services is, at every level. Security researchers work hard to publicize fixes for vulnerabilities, and they often get the first inkling of where to look through their professional colleagues who sift through the online muck while keeping their own hands clean.
As to how to avoid your information making its way to the Dark Web in the first place, or to avoid being as vulnerable as a less-informed peer? Follow good cyber hygiene best practices in all you do – in your personal accounts, especially your work accounts, and with how you interact with your clients, partners, and vendors. Ensure your patching schedule is sufficient, and current for your systems and allowable risk. Follow best practices as defined by your governing agencies and requirements, and understand both the impact made by following through, and the risk you expose yourself to by pushing off modernization projects.
Exploits happen, this has long been the matter of When, not If, in Cybersecurity, and it won’t be changing any time soon. When logins and user account information can be bought for less than the price of a movie for two, and when the same strings of Common Passwords stay in the Top 100 list year after year, it isn’t difficult to see how much damage can be done with something as conveniently inconvenient as a standard password across multiple systems. Cybersecurity is a field that is constantly, continuously evolving, always engaged in the dance of leading or following threat actors. The Dark Web is the largest source of information about these groups and individuals, and security professionals work diligently to use this against them, all while securing our clients and customers behind the scenes, out of sight, and out of mind. When Cybersecurity is managed well, it is as reliable as your lights, internet, and water.