Home » Cybersecurity | What Is the Dark Web?

Cybersecurity | What Is the Dark Web?

Businesses must understand what anonymous users can do, security experts and academics say

By Susan Gosselin

The Dark Web. Just the name conjures images of a virtual Star Wars cantina, a section of the internet so untraceable, so impenetrable, that it is a haven for pornographers, sex traffickers, drug dealers, terrorists and thieves selling hacked Social Security and credit card numbers.

And all that is true. In fact, in 2013 alone, the dark web was the repository for more than 40 million credit/debit card numbers stolen during the Target stores Black Friday hack, and was the trading post for the Silk Road, a $1.2 billion marketplace for illegal drug trafficking shuttered by the FBI and Europol.

But what is the dark web, exactly? Primarily, it is internet sites that are publicly available but intentionally unregistered with search engine networks and which users navigate with privacy browsers such as Tor.

Users can become completely anonymous on the dark web with the Linux-based operating system TAILS – The Amnesic Incognito Live System, a security-focused operating system whose outgoing connections are forced to go through Tor and non-anonymous connections are blocked.

For businesses, the dark web’s cloak of anonymity for users can be a source of risk but also of some limited opportunities, according to our sources.

  • IT’S FREE | Sign up for The Lane Report email business newsletter. Receive breaking Kentucky business news and updates daily. Click here to sign up

Originally developed by the U.S. government to help political dissidents share information and avoid censorship, the multilayered Tor browser makes it impossible for the IP address of a computer to be linked to an individual’s activity online, rendering online activity untraceable.

And that’s not always a bad thing, according to Adrian Lauf, faculty member in Computer Engineering and Computer Science at the University of Louisville JB Speed School of Engineering.

“The dark web is not necessarily nefarious. It is simply an anonymized way of using the internet. Business leaders need to monitor the traffic coming to them from the dark web,” Lauf said. “Some of that traffic might be coming from criminals that are looking for ways to infiltrate your system and install ransom ware, or mine your data. Some of it may simply be coming from people who are security-conscious. The trick is having a more nuanced understanding of what this corner of the business can mean to your business.”

Who’s on the dark web?

According to the most recent numbers from Tor, whose layered “onion” browser technology makes the dark web possible, just over 2 million people operate on the dark web, with Russia, the United States, Iran, Indonesia and Turkey the top five for the size of their user bases.

Terbium Labs, the company behind the dark web monitoring software Matchlight, released a recent report about the types of activity on the dark web. From its analysis of thousands of sites, Matchlight estimates 54.5 percent of the activity on the dark web is legal activity, 17.7 percent is dead/inactive websites, 12.3 percent is illegal drug trafficking, and the remainder is a cocktail of various criminal activities.

Staying safe – a culture of caution

Brian Rushman, president of Covington, Ky.-based IT consulting business CForward, said not enough companies are fully prepared to address the cybersecurity threats coming their way through the dark web.

“There’s no denying that the dark web provides a type of safe haven for criminals. There’s a reason why ransomware has been so successful,” Rushman said. “All it takes is one guy on the dark web, sending an email to someone in your company that looks like it came from their boss, with a link to open. When the link downloads, malware can infect your system and bring it down. You have to pay the hacker to remove the software, and make your systems operational again. These guys are getting rich, and they are vanishing again, because they can’t be traced.”

Any number of ruses can be used to gain entry into your company’s systems. Rushman cited the Target cyberattack in 2013 as a key example. Those hackers posed as employees of a heating and cooling company Target uses to remotely maintain its climate control systems in all its stores. After gaining administrator access to the computer system, the thieves got into Target’s transactions data, downloaded millions of credit card numbers onto the dark web and put them up for sale, record by record. And the perpetrators were never caught.

Other “man in the middle” schemes might include sending emails to employees saying they should click a link to track a FedEx package, or social media messages sent saying a coworker is on vacation and needs to be wired money from a particular account.

“Companies need to build a culture of internet security to the point it becomes automatic,” Lauf said. “It should be required like looking both ways before you cross the street. And digitally, most companies just aren’t there yet.”

Lauf recommended that every company have intrusion protection software that automatically blocks communications with dark web exit nodes attached, or dark web internet addresses in links. Additionally, Lauf advised tracking software that automatically alerts IT management, and allows it to review those incoming messages.

Rushman employs several such intrusion-protection software solutions when he works with his clients.

“Our software allows us to not only monitor what is coming in to our clients, but we are able to scan the dark web if there is anything out there that might be stolen from our clients, such as company documents, employee passwords or information, email addresses and source codes, or the like.”

Rushman stresses the importance of requiring employees to have long passwords that adhere to Microsoft guidelines, meaning that all passwords should have at least eight letters, a capital letter and a special character such as a number sign or an ampersand. And all employees should have some kind of two-step password authentication process, especially those with administrator access.

“Your most important line of defense is a security-conscious employee,” Rushman said. “They need to be able to recognize spoof emails, phishing attempts and so on. That’s the reason we offer training sessions, where we actually create fake phishing emails and send them out to employees just to see what they do. How they react forms the basis for the employee training programs we offer,” Rushman said.

The data-tracking backlash

While companies that sell internet-security software may be on the rise, our sources agree that the dark web itself is not the best place to launch services or build companies.

“The dark web is not necessarily a viable place for growth. It’s far too slow to be a good source media,” said Sean Burns, assistant professor at the University of Kentucky School of Information Science.

However, Burns noted that just this June, Apple CEO Tim Cook spoke at a developer conference and announced that Apple believes data tracking has “gotten out of control.” In response Apple has introduced new tracking-buster features on its Safari browser and on iPhone. This kind of fear may be driving more internet users to consider using the dark web, Burns said.

“Facebook, for instance, has started to allow Tor users to run Facebook on their Tor browser, essentially allowing dissidents and others to communicate, without their computer location being tracked,” Burns said. “And the New York Times has Strongbox, a dark web website that allows whistleblowers to submit data and news tips anonymously. While companies may not want to actually operate on the dark web, there may be ways that the dark web can be used to further their business.”

Facebook recently announced that it has a million users who have Facebook profiles through its Tor-friendly program. OnionWallet is a program that allows people on the dark web to purchase items using crypto currency Bitcoin. And a company called ProtonMail is now offering Tor-enabled email.

But business owners need not operate on the dark web to reap the benefits of user anonymity as a business strategy. Burns specifically pointed to the web browser DuckDuckGo as an example of a company that operates on the traditional internet, while allowing its users the anonymity they desire.

Unlike Google, DuckDuckGo does not use data tracking to gather information about its user’s searches, and create profiles. Instead, it serves up ads based solely on the search term users type. Its user will see ads based on that search term only, and not on data that has been associated with their IP address or user profile such as income, profession, political/religious beliefs or location.

“Much of what is going on on the dark web is open source,” Burns said. “It will be very interesting to see how technology for all parts of the internet gets developed in the years to come, and how data will be leveraged in the future.

“The most important thing to remember about the dark web is that it is still the internet, but it is cloaked,” he said. “What goes on there is more about human nature than it is about the technology itself. The risk is not knowing how the dark web may be impacting your company.”

Susan Gosselin is a correspondent for The Lane Report. She can be reached at [email protected]