You’ve probably come across the term “Dark Web” at some point, but what does this somewhat ominous term refer to?
Dark Web refers to sites that are hosted behind several layers of encryption, and because of this encryption, the site operators and contributors remain hidden as it is very tricky to trace a Dark Web site back to the source. Most of these sites are used for a wholly or partially illegal purpose, as their clandestine nature means morally questionable activities can be carried out under a veil of secrecy and anonymity. Without going into the unpalatable details, many sites on the Dark web are used for purposes such as:
- The distribution of illegal drugs.
- Gathering spaces for extremist ideologies
- The sale of counterfeit documentation
- The sale of illegal weaponry
- Human trafficking activities
- The sale and distribution of stolen goods.
- The sale and distribution of stolen data.
It, therefore, goes without saying that the dark web is home to some very unsavoury characters.
It is also used by individuals who are intensely paranoid about their online privacy, particularly concerning their communications. While online privacy is a concern for many, there are definitely better ways to conceal private conversations than taking them into a seedy criminal underworld that’s rife with malware.
I don’t think I’ve encountered such sites, how do you access them?
You cannot stumble across a dark web site through a Google search, to find the dark web you have to go looking for it. And while much of the activity on the dark web is illegal, browsing the sites is not – although it’s something we certainly wouldn’t recommend!
Dark Web sites exist behind encryption, so in order to access a site, you have to use the same encryption tool as the site you’re trying to access. You also have to possess the site’s URL, as you cannot access dark web sites via domain name searches.
Again, accessing the dark web is a risky business and we strongly advise against it. You may encounter criminals, be exposed to a range of extremely potent malware designed to steal your data or inadvertently engage in activity that could be considered a criminal offence.
So why do I need to know about the Dark Web?
It’s important to be aware of the Dark Web from an online security perspective. As we’ve mentioned, criminals use the dark web to trade illegal commodities, and one of these commodities is stolen data. Indeed, if you were to suffer a data breach carried out by a cybercriminal there the chances of your data being traded on the dark web is relatively high.
How could my data end up on the Dark Web?
Dark web criminals use a number of methods to steal valuable data:
Hackers use a variety of malware types to harvest data from various settings. Most types are designed to extract login credentials, particularly those used to access banking sites or sites that allow the hacker to leverage some kind of financial reward from the account information. Keyloggers, info stealers and banking malware are common examples and are often picked up through malicious email attachments, drive-by downloads and interactions with malicious websites.
Phishing scams involve the use of social engineering to encourage victims to voluntarily hand over personal information. The scammers often masquerade as a trusted organisation or someone known to the victim in order to build a bond of trust before requesting information (again, usually login details). Phishing scams can be avoided if you know what to look out for, so staff training is one of the best way businesses can defend themselves against Phishing fraudsters.
Weak account protections
Hackers use methods such as Brute force attacks in order to gain access to online accounts. The weaker the account password the greater the chance that such an attack will be successful. Once the hacker knows your password they might use it to make purchases or steal money from an account. Alternatively, they could bundle it into a collection of stolen account credentials and sell this bundle on the Dark Web.
Techniques such as ‘man in the middle attacks’ allow hackers to intercept data travelling across insecure networks such as public WiFi. Levels of security on such networks are often low, leaving users vulnerable to a range of attacks.
Sometimes ‘rogue hotspots’ are also used. This involves the hacker setting up a public Wi-Fi portal that imitates a legitimate hotspot nearby. These hotspots can then be used to listen in on traffic, distribute malware or even direct users towards malicious websites.
Attacks on large companies
The databases of large corporate entities are a prized target for the most sophisticated cybercriminals. Social media giants, software-as-a-service companies and financial institutions have to spend large sums of money on cybersecurity, in order to defend the vast quantities of customer data they hold in their servers. While such breaches are relatively uncommon when they do occur attacks can result in millions of articles of sensitive data being leaked onto the dark web.
Struggling to find a solution that fits around your business?
At Cloudscape, we use our extensive experience to deliver custom-fit technology solutions to SMEs in London and the home counties. Technology should serve your business’ aims and aspirations, it shouldn’t be something to mould your operation around. We are experts in Cloud-computing and we know how empowering Cloud Services can be when leveraged correctly, so let us help you tailor Office 365 so that it works for your business and the unique challenges you face. Call us on 0207 952 8123 or send us an email email@example.com.