Businesses Listen Up: Take the Threat of the 'Dark Web' Seriously

Being prepared means understanding the nature of these dangers - and really that means recognizing the importance of the dark web as part of any information security strategy.
|

In my world, hardly a day goes by when the 'Dark Web' - also known as the Deep Web - is not making headlines. Take for instance the news from October this year that the FBI had shut down online black market Silk Road (infamous for selling fake passports, drugs and more - see BBC story here), or that Version 2.0 had popped up just 4 weeks later (see Wired story here). As I write, new updates are springing up every day.

Open Image Modal

It's a prime example of the anonymity offered by the Tor network - an acronym for The Onion Router which allows users complete anonymity online. Commonly referred to as the 'dark web', it's not indexed by search engines and can't be accessed via the open internet or Google. Worrying, I know. Even more alarming for business security.

How does it work? By bouncing internet traffic through a series of separate computer relays across the world. Curiously, it started life as a means of protecting the identities of journalists and dissidents in oppressive regimes. This ability to hide the location and identity of users as well as site administrators is however, now being used for less noble means.

But the dark web isn't simply home to websites selling guns and drugs.

Chat rooms and message boards hosted anonymously contain all sorts of potential threats against businesses, from hacking and hacktivism through to organized cyber crime.

The Dark Web provides cover for a whole range of illegal activities... and businesses need to be aware of the threats that exist to them in this underground network.

For instance, the dark web hosts sites selling the credit card details of millions of consumers. Banks and credit card companies need to know which of their customers' details are on these sites so that they can block those cards and avoid fraudulent use.

Companies are also an increasing target of organised cyber attacks and many of these are planned through message boards on the dark web. Between 2005 and 2012, hackers used sophisticated techniques to steal more than 160 million credit and debit card numbers, target over 800,000 bank accounts and penetrate the servers of the Nasdaq.

Losses incurred by businesses as a result of these attacks? An estimated $300mn. Huge.

Here's another example of cyber attacks planned in the dark web. Networks of computers controlled by hackers bombard company web servers with traffic until they become overloaded - this is known as Distributed Denial of Service attacks (DDoS). The largest such attack to date took place in March 2013 when hackers attacked Spamhaus, an international non-profit organization dedicated to combatting spam, with a view to take it offline and kill its service. It was said to have peaked at 300 gigabits of traffic per second - that's a large scale threat by the way. See 'Global internet slows after 'biggest attack in history' for the full story.

If you're interested, check out this live tool created by Google Ideas and Arbor Networks - it's called the Digital Attack Map (try it here) and allows you to track outages on a daily basis and explore historic data.

Now if you're a company owner, knowledge is key when it comes to protecting your business from these kinds of attacks. This allows for early detection and anticipation of those potential threats.

And as more and more cyber attacks against businesses are planned through the dark web, that makes it a key source of threat data.

In this highly digital world, it isn't possible for companies to hide behind their firewalls and simply focus on maintaining their perimeter defenses. Being a part of the internet, social and mobile revolution means that companies will be exposed to new threats that take place across the internet... very real threats that are not only varied but may target them directly, through their partners or even via customers.

Being prepared means understanding the nature of these dangers - and really that means recognizing the importance of the dark web as part of any information security strategy.

(Images in article purchased on Shutterstock by author)