Majorly occupied by the notorious hackers, the dark web was originally never intended to be a safe haven for them or other illegal activities
REvil vanishes from the dark web. The Russian-linked ransomware gang that documented its activities in its dark web extortion site, Happy Blog, disappeared without a trace of its infrastructure, payment portals and chat functions. The dark web makes everything possible for the hackers. Yet, it was never intended to be that way, like every other revolutionary technology.
An idea was brewing in the mind of an Irish programmer Ian Clarke. He developed the Freenet as a project while studying at the University of Edinburgh in the late 1990s. With a belief that the free-for-all information sharing could end the concept of copyright in the years to come, the anonymous file-sharing system was set off live in 2000. Although he was only graded ‘B’ by his professor, the Freenet ended up being downloaded by over two millions users in the span of five years. While it wasn’t an element of the dark web, the idea had begun to take shape.
Two research teams in the US Department of Defence worked hard to develop an anonymised, secret network that could protect sensitive communications among US spies in the late 1990s. Little did they know that the encrypted network would actually fall in the hands of common internet surfers and most dangerously, the notorious hackers.
It all happened due to the change of plans by a few researchers. They saw a better value proposition by deploying a non-profit web on anonymity for human rights and privacy activists. The Tor network came to be.
The Secret Corner
In the 1990s, the United States Naval Research Laboratory developed the Onion Router.
Containing several layers of encryption, Tor lives on the edge of the internet and is the foundation of the dark web. It is a collection of websites hidden from a regular browser and unindexed.
The secret corner makes privacy possible. Private information is stored away from the eyes of government surveillance. But deeper into the darkest corners of the web, exploitative content, including violence, pornography, extremist support groups, and malicious malware, prevail. Add cryptocurrencies such as Bitcoin and Monero into the picture, and the cyber combination is nearly untraceable by law enforcement agencies.
Also Read: Dark Data, A Gold Mine?
Dealing with the Menace
Malware lingers everywhere, looking for unsuspecting users to infect. While anonymity is powerful, the system is not entirely reliable. The only line of security between common web users and the dark web is a free download of the Tor browser. If dug deep enough, hackers can follow the user’s activities right to the unplugged world and exploit the network connection.
There are hardly any security walls that can protect users in the dark. Many times, threat actors let loose malicious software such as keyloggers, botnet malware, ransomware, and phishing malware for easy cyber attacks. Experts believe the excess of hacked information available today has facilitated cheaper, simpler, and more sophisticated malware, social engineering techniques, and threat for hire services on the dark web. For example, a cybercriminal can rent a small botnet for about $100 or a DDoS service for about $59 a day.
It’s increasing the number of cyberattack cases as even inexperienced users can cause havoc similar to that of professional hackers. The only skill required would be the knowledge of where and how to navigate through the dark web. Cybersecurity experts reckon most malware infections can be stopped by endpoint security programs. While effective, it is not leveraged by most organisations and civilian users operating out of their home PC.
Monitoring identity theft caused by dark web cyberattacks is crucial. Recently, ZeroFox, a cybersecurity company, acquired dark web intelligence company Vigilante that offers protection to organisations by scouting for intelligence on the dark web. ZeroFox hopes to upgrade its decades-old dark web monitoring skills to produce better intelligence. All types of personal data from passwords, physical addresses, social security numbers and bank account numbers can be made public. It is highly possible that the identity theft can mar the user’s social reputation.
Anti-malware and anti-virus protections are also critical to protect oneself from information theft via malware-infected users. Experts recommend the use of keyloggers to gather data and endpoint security programs offered by solutions such as Kaspersky Security Cloud. Real-time scanning through a powerful anti-virus program should be employed before downloading any file.
Additionally, many Tor websites are being overtaken by the police authorities worldwide, and organisations run a high risk of being monitored by them even for unthreatened browsing. China uses a ‘Great Firewall’ to limit access. If found browsing for certain government content, the user would be placed on the watchlist or be imprisoned.
The Hacker Civil War
Ethical hackers, many of whom spend their time reporting vulnerabilities for bug bounty programs, frown upon the uncouth activities on the dark web. A group of hackers wanted to remove over 30 GB of illegal files that reflected child abuse on the dark web. A civil unrest among dark web operatives brewed. In 2017, a large dark web hosting site Freedom Hosting II was taken offline by a hacker, and over 10,000 services were burned out. While it was a revolutionary move, it did not succeed in ending the thousand other illegal websites and operatives that sprung in its place.
Also Read: The Deep Deception
It’s Dark in the Middle East
The deepest corners of the web have also drawn the cybercriminals in the Middle East. According to a 2020 Ponemon Institute and IBM Security study, data breaches in the MENA region cost around 6.5 million in 2019. For instance, a Digital Shadows study stated that the Thanos ransomware as a Service that targeted several state-affiliated organisations in the MENA region was first observed on the dark web in 2020. Experts believe that the dark web has shaped both the online and the offline world in its two decades of existence.
The Middle East governments have been working on creating awareness for years. In 2016, the UAE government banned the use of Tor but for hackers, it didn’t make much of a difference. It’s important that cyber security companies work closely with the government and other business organisations to come up with better strategies.
Enterprise B2B marketplace Amiviz partnered with the threat intelligence enablement Cybersixgill to bring its advanced technological threat intelligence solutions to the Middle East organisations to protect themselves from attacks that emerge from the dark web.
The silver lining to the ominous dark cyber ecosystem is that the illicit activities conducted here are negligible compared to the overall worldwide illegal commerce. Nevertheless, since it has the potential to disrupt global societies and economies, it is crucial that the leaders in the dark corners of Tor are stopped by international regulation and law enforcement.
International cooperation plays a significant role in addressing the criminal activities on the dark web. Experts opine that law enforcement agencies and other financial organisations that share substantial information with each other can be a leap towards dark security. For instance, in 2018-19, Interpol and the European Union created a network of law enforcement agencies from 19 countries to locate 247 high-priority criminals. The network worked together and shared operational intelligence and the results were motivational. They made several arrests and shut down over 50 dark websites including Valhalla and Wall Street Market.
Want to find out more about topics like this: Watch this space for the high-profile black markets that surface on the dark web.