It is dark, forbidding and full of scary content. That’s usually what we think when the darknet pops up in conversation. And, to be fair, if you do think that you’d be about right. The darknet is actually so-called, not because dark things happen in there but because it is hard to find using a conventional online search. But it also, coincidentally, is full of the worst of humankind.
If you go to the darknet you will find many upsetting things such as the Elysium platform that traded in child abuse. Or you’ll be able to purchase illegal weapons, including guns and explosives. Or buy illegal drugs or rent malware. Exposed personal data, like the 620 million online accounts stolen in the last year or so, are highly likely to end up on the darknet – for sale to the general cybercriminal community.
The darknet is like Harrods for all things illegal.
This article will look at what the darknet is and how we can use it to help us protect our organisation.
What is the Darknet?
The darknet has a history that is not so dark. It has been around since the early days of the internet. Back then, hidden websites were developed for pure security reasons and not for the hiding of illegal content. But the ethos of hidden websites has persisted along with the more accessible ‘surface web’ of the WWW we all know so well. The web in total consists of the surface web – what we normally use, the darknet, and the deep web.
It is said that 96% of online content is in the deep web and the darknet; the other 4% is the surface web.
The darknet that we know today, is more recent. The Silk Road became one of the most well-known illegal marketplaces on the darknet . This online trading portal was a little like eBay in that it used a rating system to build trust into the platform for buyers. The platform wasn’t originally designed for illegal items to be bought and sold, but it quickly became a place where you could buy anything from a gun to malware.
The Silk Road was closed down in 2013 and Ulbricht, who developed the platform, is serving a life sentence in prison.
If you want to take a safe look at the types of things on the darknet, check out a map created by Hyperion Gray showing 3,747 darknet sites.
How Do You Get on the Darknet?
The darknet is so-called because the sites therein are unindexed. This means that you cannot find them using a browser like Chrome or a search engine like Google. Instead, you need to use a specialised browser such as Tor or similar. Tor is actually a legitimate browser used by journalists and similar to hide their web activity but it is also used to browse the darknet anonymously. Once you have Tor setup you can then use a browser like Onion Link to search the darknet. Although Tor allows you to browse with anonymity, many darknet users, being paranoid types, also advocate using a VPN too – just in case.
What Sort of Information Can be Found in the Cybercrime Areas of the Darknet?
The darknet, as well as being a place to buy and sell illegal goods such as drugs and weapons, is also a haven for cybercriminals. The darknet is the place for cybercriminals to exchange ideas, intelligence on targets, hacking tools, and stolen data.
When the Silk Road was closed down, it left an open gap for other illicit marketplaces to fill. One such portal was AlphaBay. At the time the site was removed by the FBI it has over 100,000 listings such as hacking tools used by cybercriminals.
The darknet is a treasure trove for aspiring cybercriminals and it offers everything needed to run a successful cybercrime campaign, including:
Vulnerability lists: The darknet is host to vulnerabilities for sale. Hackers looking for software vulnerabilities, which they then put up on a specialist darknet site for sale, the details being revealed post purchase. Along with the vulnerability, you can also buy the exploit kit that use the vulnerabilities to infect computers with malware, etc.
Phishing kits and Malware-as-a-Service: Packages that offer phishing emails and associated spoof sites are also available to buy. You can even buy or rent malware-as-a-service; cybercriminals no longer need to be competent programmers. These packages can be cheap, we’re talking a few dollars to buy.
Hacking forums: Cybercriminals need friends just like the rest of us and they have online get-togethers to share their criminal plans. Hacking forums are used to discuss techniques and share information about targets.
Data: All the data from those hacked accounts, like Marriott, Uber, British Airways, Facebook, etc., usually, at some point, end up on darknet sites that sell it on. The data is then used to commit fraud, create fake accounts, as phishing bait, and sometimes to blackmail the owner. The latter happened to some users of the dating site Ashley Madison when account data was stolen.
How the Darknet Can be Useful in Cybersecurity
In terms of darknet cyber-intelligence, it is a case of two can play that game. Much of cybersecurity is about being security aware. Security awareness is a very wide area and one aspect of this is understanding the cyber-threat landscape. As much of the threats against both individuals and organisations come from the darknet, it makes sense to plunder the darknet booty in some manner.
You can mine darknet data either manually (and laboriously) or using dedicated tools.
Security analysts can and do, go onto the darknet to gather cybercrime intelligence. Information can be found on vulnerabilities, threats, and the type of malware that is being sold. But you can also, if you persevere, get on to hacking forums and look at conversations and to see if your company is being discussed. It can be a labour-intensive process as the darknet is large and ever-changing.
Alternatively, you can employ the use of darknet cyber-intelligence kits. These kits automate trawls of darknet data. The focus of the tools can vary; for example, some will look specifically for stolen data and cybercrime tools for sale. With over 3 billion identity records for sale on the darknet in 2018, this is a big trawl.
Be Security Aware and You Won’t Be Afraid of the Darknet
In the world of cybersecurity, we are being forced to fight fire with fire. Cybercriminals are plotting attacks and selling data and hacking tools in the dark recesses of hidden websites.
To stay ahead of the game or at least keep up with cyber-threats we need to have an awareness of what is going on. Understanding the threats that lie within the darknet is one aspect of an overall cybersecurity strategy. If your company does not have the expertise or bandwidth to find this out yourself, you can turn to the cybersecurity industry. As experts in the field, we make it our job to keep up to date with the world of the cybercriminal and what lies beneath…