Safely shining a spotlight on the dark web

(Image credit: Image source: Shutterstock/Sergey Nivens)

Non-indexed and non-secure, the dark web is a hotbed for nefarious activity, yet searching it is crucial for both security and public safety organisations.

One of the key reasons is that just like any major crime, the sooner an investigation can be launched, the better the outcome will be. That makes timing critical and being able to quickly discover and search through an aggregate of dark web content reduces time to discovery and allows appropriate follow-up actions to kick into place.

The problem until recently was akin to wandering into the wrong side of town late at night, with no guarantee you won’t get roughed up. When a breach occurred, for example, many IT and security teams simply did not have access to dark web tools that allowed safe browsing in order to find key information. Even others armed some variation of software aid were unsure where to start, which made cracking a case problematic.

Another challenge was that while dark net data is not difficult to access through a TOR browser, not only would an investigator need to know where to look, they would also have to possess the right tools to get access; a programmatic key or secret knock.

It was complicated for IT personnel and security analysts alike, which is why the arrival of a set of software tools that are based on open source intelligence (“OSINT”) are now being used to provide new and detailed insights.

They send out a crawler to dark web sites, gather information, index it within a database and make that content available to end users.

Now, it’s even possible for users to get this information via a normal web browser without installing tools that might be difficult to use.

Searching without fear

When it comes to security, many organisations typically struggle to find senior talent and as a result, are forced to end up hiring junior analysts with limited experience.

Providing simple tools increases their effectiveness to respond to these threats or data breaches. Simplicity is key.

The reality is that the dark web can be an extremely intimidating place to venture into for anyone and particularly a junior security analyst. Reducing that fear of jumping in murky waters through OSINT advances allows them to do a better job at the end of the day.

Using our Beacon search tool, for example, we’re able to source intelligence on subjects such as drug trafficking, the sale of firearms and hacker data.

A UK search conducted on May 14 via Beacon found 10,168 instances of hacker data using the keyword “UK + hacking,” while “UK + credit card” returned 13,424 and “UK + guns” 3,410 results respectively.

Compared to a UK search conducted on May 14 via Google, 2,870 instances of hacker data using the keyword “UK + Hacking” were found, while “UK + Credit Card” returned 21,900 and “UK + guns” 6,040 results respectively.

The numbers may be frightening, but at the same time potentially useless for an investigator simply because apart from statistical data that a Google search provides, it is missing relevant information. It does not list the people who are offering their hacking services, for example. But run that same query within an OSINT offering and the results are far more relevant.

It is also far safer than venturing into the dark web without a life jacket.

How dangerous is the dark web?

Earlier this year, law enforcement agencies from Europe, Canada and the U.S., joined forces to target vendors and buyers of illegal goods on a number of dark web marketplaces. According to a release issued by Europol, during the course of this operation, 61 arrests were made, and 50 dark web accounts used for illegal activity were shut down.

Meanwhile, AlphaBay, once the largest online dark web marketplace, thrived for two years until it was shut down in 2017. In announcing the closure, the U.S. Department of Justice said the site was used to “sell deadly illegal drugs, stolen and fraudulent identification documents and access devices, counterfeit goods, malware and other computer hacking tools, firearms and toxic chemicals throughout the world.”

At the time of the bust, former U.S. Attorney Jeff Sessions called it “one of the most important criminal investigations of the year – taking down the largest dark net marketplace in history.” He continued, “Make no mistake, the forces of law and justice face a new challenge from the criminals and transnational criminal organisations who think they can commit their crimes with impunity across the dark net.”

OSINT tools are indexing the dark web in order to reduce the amount of work that a law enforcement agency must carry out during the course of an investigation.

There is so much data and content being generated on a daily basis that it is very difficult to follow it.

Once an investigator knows that information is out there and runs a search, they can instantly key into the fact there was a data leak, or private information is available that shouldn’t be, and take proactive measures much more quickly. The alternative might be a customer complaining about a data leak weeks or months after it occurs, which clearly negates the ability to be proactive.

In a proactive world an investigative team can reach out to the public and put measures in place to minimise any damage that may unfold.

Since every organisation in existence today generates some type of data, there is not a company anywhere that is not at risk to a breach online. A company’s database contains valuable information that very well could end up on the dark web.

Beacon also provides examples from real-world hackers flogging their skills and data online, which highlight the risk posed when private details such as credit card information is accessed by hackers.

The men and women of the dark web are very skilled. The former Director of the FBI, Robert Mueller, famously concluded in 2012 that “there are only two types of companies: those that have been hacked and those that will be.” Anyone’s personal information can be exposed, which is immensely traumatic for the victim.

It also reduces and destroys trust in the organisation that was entrusted with this information. If it’s public sector information, it erodes critical trust in government and law enforcement.

Ethics is underplayed today; however, it will become a bigger story over time and technology companies in particular, need to begin to take seriously the ethical and privacy concerns that relate to their platforms.

Simply put, they have no choice. The public will become more savvy to the risks facing them when companies mishandle their data. It’s time for those charged with protecting our data to either adapt or die.

Michael Raypold, CTO, Echosec
Image source: Shutterstock/Sergey Nivens