Story image

Interview: Sophos reveals the criminal underbelly of the dark web

29 Aug 2017

The dark web may be something that most of us have heard of as a murky underworld for cybercriminals, but also where most internet users dare not tread. What is the dark web, how is it used and what implications does it have for cybersecurity?

We got the inside word from Chet Wisniewski, principal research scientist at Sophos. He focuses on research about the evolution of online threats. He also analyses how businesses use standard cyber defence practices and how they can be improved to be effective.

What is the dark web?

The dark web is a layman's term referring to a privacy focused overlay network on the internet known as TOR or The Onion Router. The idea is from US Naval research in the 1990's and allows for secure and anonymous communication with no inherent ability to identify neither the sender nor recipient of messages.

What are cybercriminals selling on the dark web, and how do they get that information?

They are selling anything and everything. Weapons, drugs, malware, books, pornography, credit cards, identities and more. The sources are diverse, but often when talking about credit cards, identities and passwords it is acquired through the use of malware on victim computers or through overtly hacking into insecure databases on the internet.

Who are criminals selling that information to, and what are the buyers doing with it?

Other criminals? Hard to know how much commerce occurs and with whom, as it is not usually disclosed.

Recently we saw two major dark web marketplaces, AlphaBay and Hansa, shut down by authorities. Where are the cybercriminals heading and does this mean we’re any safer? Criminality abhors a vacuum. It is a bit like playing Whack-a-Mole at the carnival... You bop one monster on the head and instantaneously another pops up on the other side of the board. While Alpha and Hansa were dominant, there are many more willing to take their place. The demand for accounts on The Dream Market was so high when AlphaBay went down that it created a Denial of Service (DoS) outage.

How is the dark web impacting cybersecurity as a whole?

It is enabling unskilled, but morally misguided individuals to get involved in the illicit profits of online crime with a simple search and a few dollars. You can buy any information, malware or services to acquire victims using Bitcoins and a bit of self-guided learning of jargon and techniques.

Would victims ever find out that their details are compromised if those credentials are never used?

Most victims only discover their information has been stolen when something bad happens or when they get a letter from a company acknowledging that their information has been stolen in a hack. It is almost impossible to identify your data as it is bought, sold and ripped off.

What advice would you give to people to make sure their details stay off the dark web? 

Only share real details about your life when you have to. You have no obligation to join another service nor to share with them your real postal code, birth date or anything else. You need to be honest with your government, financial institutions and some other regulated entities, but the rest of the time consider adopting some alternate personalities.

When possible use long, unique passwords for each website, take advantage of multi-factor authentication when it is available and choose whom you trust your information with based on their track record of honesty and keeping others' information safe.

Better data management: Whose job is it?
An Experian executive’s practical advice on how to structure data-management roles within a modern business environment.
Platform9 and Intersect partner to bring unified cloud to A/NZ
“For Intersect, Platform9 represents the single most strategic solution to a set of challenges we see expanding across the board."
Meet the future of women in IT
Emily Sopers has just won Kordia’s first ever Women in Technology Scholarship, which was established to address gender imbalance in the information and communications technology (ICT) sector.
Web design programmers do an about face – again!
Google is aggressively pushing speed in the mobile environment as a critical ranking factor, and many eb design teams struggling to reach 80%+ speed scores on Google speed tests with gorgeous – but heavy - WordPress templates and themes.
Digital spending to hit US$1.2 trillion by 2022
A recent study by Zinnov shows that IoT spend reached US$201 billion in 2018 while outsourcing service providers generated $40 billion in revenue.
'Iwi Algorithm' can grow Aotearoa's mana
Ngāti Whātua Ōrākei innovation officer Te Aroha Grace says AI can help to combine the values from different cultures to help grow Aotearoa’s mana and brand – and AI is not just for commercial gain.
Dropbox brings in-country document hosting to A/NZ & Japan
Dropbox Business users in New Zealand, Australia, and Japan will be able to store their Dropbox files in-country, beginning in the second half of 2019.
Why 'right to repair' legislation could be a new lease on life for broken devices
“These companies are profiting at the expense of our environment and our pocketbooks as we become a throw-away society that discards over 6 million tonnes of electronics every year.”