Hidden and anonymous online communities provide a marketplace for sensitive data and cyber services.
For centuries, there have been physical locations where illegal goods and services are offered for sale. Consider the speakeasies of the 1920s, where a walk down a dark alley, a special knock and a whispered “Swordfish” were the requisites for entry.
Today, the use of TOR (The Onion Router, technology that anonymizes your web activity), obscured URLs and encryption provide the foundations of security and anonymity for those who wish to use the dark web marketplace.
The “dark web” is a portion of the internet not indexed or cataloged by search engines (e.g., Google and Bing) that consists of dark networks or “darknets” that require special software like TOR-enabled browsers, protocols, configurations and authorization to access.
On the dark web, communities of users buy and sell various goods and services. Some communities are open to anyone—for others, membership is a paid-for privilege.
An example is a website that sells stolen credit card information. Run much like legal retail sites, these resellers offer various pricing rates, special orders and discounts. Platinum credit cards with higher limits are priced higher than cards with lower credit limits. Newer batches of cards with less chance of being blocked are priced higher than older batches. Cards are also sold in geographic batches to help circumvent fraud monitoring. A fraud ring in the Northeast U.S. can buy “New York cards,” while one in the Southwest can get cards from Arizona. These sites may also attach premiums to batches based on the seller. Batches from a hacker known to offer fresh, high-quality cards will be promoted as such with advertising and higher prices. And batches “with all the sides” (e.g., cardholder name, card number, CVV and potentially Social Security number and date of birth) also garner higher prices.
Other dark websites and forums offer a soup-to-nuts menu of goods and services:
- In a bit of a gray area, “stress testers” offer to test a website to determine how well it handles a large load of requests. Done above board, this work can help a company prepare against a distributed denial of service attack. Done below board, and you have an actual DDoS attack on your hands.
- Numerous and varying in sophistication, hacking tools, exploits and malware are commonly traded items. Bitcoin was the currency of choice not long ago, but issues with account hacking and fluctuating values have led cybercriminals to other e-currencies, such as Monero.
- Just as legitimate IT and cybersecurity folks specialize in technical areas (such as firewalls, databases or Linux), cybercriminals also specialize. And just as you can post resumes and “help wanted” on Indeed.com, specialized services for hire are advertised and solicited on dark web forums.
- It’s often thought the dark web consists only of outsiders looking to make a fast buck, but that isn’t always the case. In many instances, law enforcement and researchers have found current and former employees offering up insider information on their employers.
- Another common commodity available on dark web forums are batches of credentials (i.e., user logins and passwords). These credentials—for the right price—offer access to bank accounts, social media sites, company networks, retail sites or such services as Netflix and Hulu.
A Caveat and Warning
It’s important to understand that there’s more to the dark web than criminal activity. For people whose religion, politics or life choices may be censored where they live, the dark web offers a place to safely and anonymously congregate and communicate. In fact, many legitimate organizations such as Facebook, ProPublica and the United Nations have dark web sites.
However, accessing the dark web, even just to see what’s out there, is not something to be done at your desk in your CU’s office without undertaking precautions to prevent the compromise of your systems or yourself. If you wish to research threats to your CU on the dark web, first research how to do this in a safe and secure manner. cues icon
Jim Benlein, CISA, CISM, CRISC, owns KGS Consulting LLC, Silverdale, Washington, and offers insights to CUs on information technology governance, information security and technology risk management.