Story image

Interview: Sophos reveals the criminal underbelly of the dark web

29 Aug 2017

The dark web may be something that most of us have heard of as a murky underworld for cybercriminals, but also where most internet users dare not tread. What is the dark web, how is it used and what implications does it have for cybersecurity?

We got the inside word from Chet Wisniewski, principal research scientist at Sophos. He focuses on research about the evolution of online threats. He also analyses how businesses use standard cyber defence practices and how they can be improved to be effective.

What is the dark web?

The dark web is a layman's term referring to a privacy focused overlay network on the internet known as TOR or The Onion Router. The idea is from US Naval research in the 1990's and allows for secure and anonymous communication with no inherent ability to identify neither the sender nor recipient of messages.

What are cybercriminals selling on the dark web, and how do they get that information?

They are selling anything and everything. Weapons, drugs, malware, books, pornography, credit cards, identities and more. The sources are diverse, but often when talking about credit cards, identities and passwords it is acquired through the use of malware on victim computers or through overtly hacking into insecure databases on the internet.

Who are criminals selling that information to, and what are the buyers doing with it?

Other criminals? Hard to know how much commerce occurs and with whom, as it is not usually disclosed.

Recently we saw two major dark web marketplaces, AlphaBay and Hansa, shut down by authorities. Where are the cybercriminals heading and does this mean we’re any safer? Criminality abhors a vacuum. It is a bit like playing Whack-a-Mole at the carnival... You bop one monster on the head and instantaneously another pops up on the other side of the board. While Alpha and Hansa were dominant, there are many more willing to take their place. The demand for accounts on The Dream Market was so high when AlphaBay went down that it created a Denial of Service (DoS) outage.

How is the dark web impacting cybersecurity as a whole?

It is enabling unskilled, but morally misguided individuals to get involved in the illicit profits of online crime with a simple search and a few dollars. You can buy any information, malware or services to acquire victims using Bitcoins and a bit of self-guided learning of jargon and techniques.

Would victims ever find out that their details are compromised if those credentials are never used?

Most victims only discover their information has been stolen when something bad happens or when they get a letter from a company acknowledging that their information has been stolen in a hack. It is almost impossible to identify your data as it is bought, sold and ripped off.

What advice would you give to people to make sure their details stay off the dark web? 

Only share real details about your life when you have to. You have no obligation to join another service nor to share with them your real postal code, birth date or anything else. You need to be honest with your government, financial institutions and some other regulated entities, but the rest of the time consider adopting some alternate personalities.

When possible use long, unique passwords for each website, take advantage of multi-factor authentication when it is available and choose whom you trust your information with based on their track record of honesty and keeping others' information safe.

Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Online attackers abusing Kiwis' generosity in wake of Chch tragedy
It doesn’t take some people long to abuse people’s kindness and generosity in a time of mourning.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."