Life is tough if you're a criminal.
Sure, one big score can set you up for life. If you're smart and disciplined, you can retire early. But the flip side of that is that the smart and disciplined cybercriminals cash out and retire early, leaving you with an increasingly undisciplined and dumb selection of partners to work with.
Then, if you're in the business of selling malware, botnets, and other illegal goods and services, you've got to do some sales and marketing, to make it easier for your customers to find you. The flip side of that, of course, is that the easier it is for your customers to find you, the easier it is for the authorities as well.
Yes, you've got your anonymity to protect you. On the Dark Web, nobody knows who you are. The flip side of that, however, is that you also don't know who your business partners are. Worst case -- your customers, suppliers or business partners are cops building a case against you. Best case -- your customers, suppliers or business partners are criminals who rob and cheat people for a living.
Even the double-secret invitation-only criminal mastermind forum you finally got access to might be a front run by the cops, set up specifically for the purpose of gathering intel on you and all your most trusted confederates.
Maintaining anonymity and security requires constant vigilance. You can't afford a single mistake. A single loose threat is enough for authorities to pull apart your entire operation. And it's not just the authorities you have to watch out for -- according to TrendMicro, when competing criminal groups have a falling out, it's common for one group to try to unmask -- "dox" -- their rivals.
If you make a mistake, and you're lucky, you'll have time to run and hide, spending the rest of your life in the shrinking part of the world with no extradition. If you're unlucky, you'll spend a few years in prison. If you're really unlucky, one of your drug trafficking or money laundering business partners will have you killed.
Sonatype's crown jewels is its database of descriptions of over 1.2 million open source packages.
"If that is lost, it could be an existential outcome," said Wayne Jackson, CEO of the Fulton, Maryland-based software supply chain management company.
To shut down any such leak quickly, Sonatype has decided to start monitoring the Web for any indications that this data has been stolen and is now being shared on line.
That monitoring will include the Dark Web, as well.
The Internet's dark side isn't actually all that big. Media accounts frequently overestimate the size of the Dark Web by lumping in everything that's not accessible by search engines, and that includes corporate intranets and password-protected sites like online forums, bank websites, and email platforms.
Sign up for CIO Asia eNewsletters.