Shining a light on the dark web

Michael Marriott | 21 June 2016

The dark web receives more than its fair share of media coverage pertaining to cyber crime. But, amid all of this hype, what actually is it and should organizations even care? The latest eBook by O’Reilly Media, “Patrolling the Dark Net”, cuts through this hype and provides organizations with advice on how to gain an awareness of the risks they face. 

First of all, it’s important we’re talking about the same thing. While the dark web is often confused with the deep web, they are two different concepts. Whereas the deep web is anything that is not indexed by traditional search engines, the dark web refers to web content that has been intentionally obscured and may only be accessed through the introduction of an overlay network technology. Common examples would be Tor and I2P.

Activity on the dark web, then, does not equate to criminal activity and, while the dark web does play host to cyber criminals, so too does the surface web. What is more, the privacy and anonymization offered by the dark web also favors whistlebowers, investigative reporters and other, legitimate individuals.

But this does not mean we can ignore activity on the dark web. Indeed, as criminal syndicates now use the dark web, it would be remiss to simply ignore it. The value of the dark web as an intelligence source will vary from organization to organization. For example, banks need to worry about the theft and sale of financial data such as credit card numbers and bank accounts. Organizations within the healthcare and pharmaceutical industries, on the other hand, might be more concerned with keeping patient information secure and protecting intellectual property.

What is more, it is not simply a case of tracking those individuals selling the final product; a whole criminal ecosystem has evolved over time to provide supporting infrastructure, malware and money services. This includes services such as bullet-proof hosting, VPNs, exploit kits, tumbling services and exchangers. As this book points out, we are facing an incredibly “well-organized criminal infrastructure”.

In the face of such organization and sophistication, what can organizations do to combat such risks? The book notes that a good strategy “would be learning and understanding as much about the dark net as possible, and leveraging its positive qualities to improve the security, safety and privacy of law-abiding citizens and companies”. This helps to stay ahead of the criminals and align your security efforts more effectively to counter new and emerging tactics, techniques and procedures (TTPs) used by the bad guys.

Download your free copy of “Patrolling the Dark Net” to find out more about how you can gain awareness of the risks posed by activities on the dark web.