As the secret underbelly of the internet, hidden from view and notorious as a hotbed of illegal activity, the dark web continues to incite both fear and fascination in public opinion. It often features as a plot-point in films and TV series, usually in dramatic scenes involving drug barons and criminal gangs. But far from being some totally separate, parallel universe, we are actually far more inter-connected with this "criminal underworld" than most people realise. Every time a website suffers a security breach (think Yahoo, or LinkedIn), huge databases of usernames and passwords are offered up by hackers for sale or exchange on the dark web. The unfortunate reality is that most of us probably already have some of our private information floating around on the dark web, our small contribution to the multi-million dollars' worth of business generated by data theft and identity fraud.
So what exactly is the dark web?
The internet is actually made up of three different layers: the surface web, the deep web and the dark web. The surface web is the top layer of the internet, and includes all the web pages that show up using search engines like Google. The deep web are web pages that don't show up in search engines because they are hidden and only accessible via passwords and authorisation, such as password-protected parts of online banking and work intranets. The dark web, or Tor (The Onion Router), is a network of untraceable online activity and websites that cannot be found using search engines. To access them you need to use specific software and configurations.
Tor was originally set up in the mid-1990s and offers anonymous browsing to people across the world. It now hosts roughly 30,000 hidden sites. Users in countries with strict censorship laws can use it to access mainstream sites and exchange information securely. But contrary to its principles of privacy and security, this same anonymity has also enabled it to hide some of the most serious crimes on the Internet.
Hidden sites, hidden credentials...
Everyone in cyber security knows about the problem of stolen credentials on the dark web. According to recent reports, a whopping 81% of recent hacking-related breaches leveraged either stolen or weak passwords. The tendency of people to reuse passwords everywhere and all the time is compounding this problem; if someone uses their regular password to set up a throw-away account on a shopping site that then gets breached, then ALL of the private information that they store and access on sites across the web each day could easily be compromised.
The problem of password re-use also creates a serious issue for enterprises, and extends the risk of compromised credentials well beyond the immediate control of an organisation. For example, if a cloud-based service that an employee uses gets hacked, their stolen credentials - which could be the same username and password used to access corporate IT systems - could be bought and sold on the dark web. But due to its illicit nature, and the risks involved in accessing it, it can be extremely difficult for most organisations to monitor the dark web for stolen credentials - which means that most companies might not realise that compromised credentials have made their systems vulnerable until it's too late.
Shining a light on the problem
The biggest challenge is that the data on the dark web is typically not found by the tools that most IT teams use to monitor the internet, such as scanners, scrapers, or web crawlers. Instead, dedicated analysts usually need to spend time manually browsing through forums and building up trust in order to gain access to sensitive data so they can check for company credentials. This requires a considerable investment of time, technical skill and authorized access that generally isn't easily available to IT teams, particularly those that are small or resource-constrained.
Since monitoring the dark web in this way is a very time-intensive task, it is easier for organisations to increase their dark web visibility by partnering with vendors that can pull data in from the dark web and integrate it into a company's monitoring and threat detection capabilities. Some of these tools can generate alarms that detect when your users' personal or corporate credentials are trafficked in the dark web.
But to effect real change, we also need a greater understanding of the dark web itself. More research is required so that we can better understand the mechanisms by which the data is acquired and shared amongst criminals, and develop best practices for detecting and responding to the cyber-attacks that can result if stolen credentials are sold on the dark web. Learning how to shine a light on this murky abyss can make the internet itself - and all the data shared within it - considerably safer.