You are here

How the dark web works: What your security team needs to know

public://pictures/alex_holden.jpg
Alex Holden, Founder and CISO, Hold Security

The dark web is a destination where cybercriminals use electronic means to communicate about and traffic in stolen data. They often use the Tor network, black markets, and underground forums, and they arrive using myriad standard communication tools allowing ease of use and privacy.

With the dark web economy thriving, more cyber-criminals than ever are joining the ranks.

Many in the security community shy away from the dark web; others overcomplicate the concept, creating an untouchable taboo around it. And while certain places on the dark web can be accessed only with the utmost skill and caution, the basics of the dark web and its hidden pathways should be well understood by the information security community.

Get past the taboo. Here's what your information security team needs to know about how to study the dark web—so you can start building better defenses.

[ Understand what's driving the next-generation SOC with TechBeacon's guide. Plus: Download ESG's report on the state of cloud-based security analytics and operations ]

Why take the time to fathom the dark web

The dark web is full of our adversaries, and understanding their thought processes and techniques should create a better mapping for our defenses.

Pen-testers should be learning new techniques on the dark web; only then will their assurances of security be based on realistic threats and techniques used by malicious hackers. For incident responders, the dark web may be a treasure trove of information about their investigations.

The fear that many have of the dark web is unjustified and more akin to denial of reality.

I spent an entire decade of the 2000s in the corporate world as a defender without a thought about who the bad guys were that we were defending against. But when I had an opportunity to investigate and understand the enemies in their habitat, I became a better security professional, started building more effective defenses, and began understanding the mindset and technologies of those who would try to attack them.

These important factors may help you learn about the dark web and change your perspective, making you want to learn more.

Read the dark web forums

A big misconception for many is that the forums are the entire dark web. In fact, they are relatively hidden places where cyber-criminals communicate with each other. Sections of forums allow users to buy or sell services, goods, and data, and each is subdivided in many different subsections based on the type of wares that are for sale.

There are parts of forums that are designed to exchange ideas, techniques, and manuals. This is perhaps the most interesting part of many of them, since you can learn about technical or even business-process vulnerabilities just by reading the threads. Other sections cover various topics, from politics to everyday life concerns.

Usually there is a place to complain about and weed out the miscreants who defraud their own. This is a special section for "honor among thieves." When a deal between two cyber-criminals goes wrong, they seek justice from arbitrators, who are usually forum administrators. A forum admin can choose to ban an account of a cheater from the forum, destroying that person's hard-earned reputation.

Some cyber-criminals go as far as doing in-depth research of the offending party and publishing personal information about them; this is called "doxing." Unlike security researchers and law enforcement professionals, cyber-criminals are not deterred by trespass laws and are open to other malicious tricks.

[ Explore TechBeacon's guide to SecOps challenges and opportunities. Plus: Download the 2019 State of Security Operations report. ]

Scan the black markets

Outside of forums, there are black markets with less talk and more commerce. Browsing the stolen wares is almost always free. There, you can learn if your company data is for sale, or you may find your vendor/partner data, which can be just as damaging.

Even if the data belongs to you, buying it is not a good idea, since it will draw unwanted attention to your brand and will generate a demand for more. However, being aware of what’s out there may be a revelation.

Anything that can be monetized is for sale, but the price and quantity may give you an idea of how much demand there is. Sometimes, even the most interesting data is not priced high, since cyber-criminals have a tough time monetizing it.

Beware the dark side

Going on the dark web is easy; it takes some research, and basic, but not overabundant, caution, and in many cases a knowledgeable guide.

As you learn more about the enemy, you can start building better defenses. And the more you learn, the smarter you will become in stopping attacks.

Be careful and be wise. This is the key for success in your first steps of hunting for threats and using the dark web as a tool in your defenses, rather than creating a taboo around it.

I will be sharing more insights on this topic during my session, "Dark Web Review—a Deep Dive into a Dark World," at the Infosecurity ISACA North America Expo and Conference, to take place November 20-21, 2019 in New York.

[ Effective SecOps requires staying one step ahead. Get up to speed with this Webinar covering UEBA and MITRE ATT&CK ]