The dark web. We’ve all heard of it, some of us may have accessed it, but what actually is it, what can you find there and how is it affecting the future of businesses of all sizes in all sectors?
It Is All Drugs, Guns & Data?
Well yes and no. The dark web is a secretive part of the internet that you can’t access via Google because the content isn’t indexed. It was developed in the mid-1990s by American military researchers so their intelligence operatives could exchange data anonymously and they called it TOR which stands for The Onion Router.
A vital element of their strategy was to release TOR into the public domain on the basis that the more people using it would make it harder to separate government chatter from the general noise. You can’t be anonymous on your own.
There are plenty of legitimately legal sites on the dark web – especially in helping people communicate in countries that have a casual relationship with free speech, where there is state-sponsored eavesdropping or where general internet access is criminalised – but its name suggests something more sinister, and there are plenty of bad places where you can do bad things…
In a January 2019 article on cybersecurity site CSO, you can:
- Buy login credentials to a $50,000 Bank of American account for $500
- Get $3,000 in counterfeit $20 notes for $600
- Buy seven pre-paid credit cards with a $2,500 balance on each for $500
- Take out a lifetime Netflix subscription for $6
- Hire hackers to attack networks and steal sensitive or financial data
- Buy usernames and passwords, driving licenses and passports, drugs and guns
Interestingly, in a study published by King’s College London in 2016, there’s hardly any evidence of extremist propaganda because, so say the co-authors Daniel Moore and Thomas Rid, propaganda can’t thrive if it can’t be found.
It’s where buying and selling is done with Bitcoin, it’s where the lowest of the low do their bidding and it’s where you can find, almost without exception, whatever you want.
How Is It Affecting Businesses?
Pretty badly is the short answer.
As we move into the age of the Internet of Things, where every device is inter-connected to the point where your smart fridge knows when you’ve run out of milk and adds it to your online order, the efficiency and the automation it creates to make our everyday lives easier also make it easier for cybercriminals.
A recent report by Accenture estimates that the additional costs and lost revenue to businesses due to cybercrime over the next five years could be as high as $5.2 trillion ‘as dependency on complex internet-enabled business models outpaces the ability to introduce adequate safeguards that protect critical assets.’
As we’ve mentioned on numerous occasions in our series of blog posts on cybersecurity and cybercrime, and reaffirmed in the Accenture report, around 80% of business leaders admit to having a hard time ensuring their businesses are protected and for the first time, it’s not just businesses –
‘Government figures reveal that UK residents are more likely to be a victim of cybercrime or fraud than any other offence.’
And there’s no coincidence in the fact that as costs to businesses skyrocket, so do profits for the cybercriminals. The University of Surrey estimate that attacks on the likes of Facebook, Amazon, Marriot, Instagram and Uber have pulled in a cool $1.5 trillion, a figure that isn’t without its ironic connotations. It’s about the GDP of Russia.
- $860 billion is made from illicit and illegal online markets
- $3 billion from crimeware and ransomware
- $160 billion from data trading
- $500 billion from trade secrets and IP theft
In a ‘state the bleedin’ obvious’ comment from the UK’s Ministry of Defence, ‘In a world where almost every instruction, process, transaction and secret is located in cyberspace, there could be a wealth of opportunities for criminals.’
Could be? You can’t open a newspaper or access your preferred online news site without some reference to another massive data breach.
With low start-up costs and huge profits, you can see the appeal, especially, as the MoD says, ‘in countries with limited economic opportunities.’
Yet another fly in the ointment is that the underhand methods of cybercrime are now being democratised and being made available by anyone willing to pay for them. Malware affiliate programs if you like. Maya Horowitz, the Director of Threat Intelligence at CheckPoint suggests that cybercrime, just like their victims, are being corporatised. Again as we’ve said in the past, these large-scale attacks are no longer the domain of the geek in his or her bedroom at mum and dad’s house, they ‘involve organised teams of programmers, corporate insiders, IT technicians and phishing experts. These teams even issue job ads for new roles for the next hack’ says Nafeez Ahmed in the Sunday Times.
Back to the Dark Web
In 2013, the phrase ‘dark web’ entered common parlance when the FBI shut down Silk Roads, the black market site trading in illicit drugs but since those early days, cybercriminals can simply buy off-the-shelf password-cracking kits. Another revenue-generator for cybercriminals is the fact that they are now renting themselves out as guns for hire, creating a new underground industry that’s been dubbed ‘malware as a service.’
For fear of repeating ourselves, companies aren’t doing enough to protect themselves, or the massive proliferation of smart, wirelessly-connected devices that will increase from two billion in 2006 to 200 billion by 2020, half of which will be wearable. Silicon Valley tech guru Dr Janusz Bryzek predicts that within 20 years there will be 45 trillion networked sensors, devices that will be able to detect and respond to physical environmental changes such as light, heat, sound, moisture and pressure.
In order to get these products out to the market, the protections are applied retrospectively and that offers cybercriminals the window of opportunity they need.
Who Pays The Price?
We all do. Complacency is not an option anymore. Nafeez Ahmed finishes off by giving us a taste of things to come. ‘One of the largest electric power companies in America, Duke Energy, was hit with a $10 million regulatory fine in early February for 130 violations of physical and cybersecurity standards. If companies fail to act now, governments will have little choice but to make them pay later.’
The money you save on a phone call to us may result in costing you your business and your reputation.
If you would rather the data you hold doesn’t end up in the pockets of the highest bidder on the dark web, talk to us. Email us today on firstname.lastname@example.org or call 020 7078 0789.