Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

To shine a light on cybercrime, go Dark

Taylor Armerding | Aug. 11, 2015
One of the best ways to understand your enemy – what he's up to, what his capabilities are and how he can damage you – is to spy on him.

Others are a bit more dubious about the average IT department doing effective Dark Web surveillance, even if the budget is there. "The task of collecting raw information itself is non-trivial," said Dr. Fengmin Gong, cofounder and chief strategy officer at Cyphort. "And distilling the threat intelligence from the raw data is not any easier. So while it is beneficial to do it, it's not a task that can be undertaken by an average IT department effectively."

That, he said, is because the average IT worker doesn't have the expertise to do it, "and it's not easy to get up to speed. It requires understanding of threats and data mining, which is a high hurdle."

Fred Touchette, security analyst at AppRiver, is less dubious, but said the deeper the analysis goes, the more expertise is required.

"Initial high-level research should be easily executed by any research team that knows its way around implementing Tor (The Onion Router)," he said. "Once one gets a basic understanding of how Tor is implemented and how to use it, the Dark Web is nearly as easy to navigate, albeit much slower than the regular internet."

"And once research goes beyond passive and into trying to find and possibly purchase samples, things could get pricey," he said. "Depending on the merchant, sometimes free samples can be obtained, but not always. From here, the same tools and expertise would be required to analyze samples."

Easy or difficult, most experts agree that enterprises monitoring the Dark Web for threat intelligence is not yet mainstream. "I am aware of technology researchers and developers proposing this as a complementary means to security threat monitoring, but it's not very common as an initiative taken by enterprises themselves," Gong said.

That may change, however, as more tools become available to make surfing the Dark Web easier.

Juha Nurmi, writing on the Tor Blog, said he has been working since 2010 on developing Ahmia, an open-source search engine for Tor hidden service websites.

And Eric Michaud, founder and CEO of Rift Recon, is also CEO and cofounder of DarkSum, which launched just last week and is promoting a search engine that it calls "Google for the Dark Net."

Michaud agrees with Gong that effective surveillance of the Dark Net would be beyond the capability of most organizations smaller than Fortune 100. But he said with a search engine like DarkSum that indexes the Dark Net, they can do it. "We make it easy," he said.

McAleavey said he has already done it. "All it really takes is setting up a couple of machines to crawl the Tor network with a dictionary list of interesting keywords to match up with, and then let it rip," he said.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.