Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to surf the Dark Web for fun and profit

Maria Korolov | July 22, 2015
Life is tough if you're a criminal.

But according to the FBI, there are only about 800 criminal Internet forums worldwide, and while their impact might be large, the number of people using them often isn't.

For example, last week law enforcement agencies from 20 countries worked together to shut down Darkode, a major computer hacking forum with about 300 users. Authorities infiltrated the invitation-only group and arrested 63 members.

One of them, Johan Anders Gudmunds, also known as "Mafi aka Crim," operated a botnet that stole data from innocent on approximately 200,000,000 occasions, according to the FBI.

A scan of TOR earlier this summer by the PunkSpider Web vulnerability scanner found around 7,000 TOR sites -- only 2,000 of which were active. And not all of these sites are run by criminals, of course. Dissidents who live under repressive regimes, security-conscious agencies and companies, and individuals very concerned about privacy also use TOR, Freenet, and the Invisible Internet Project, or I2P.

And when it comes to criminally-oriented Dark Web sites, not all of them are of interest to enterprise infosec professionals.

A TrendMicro scan last month found approximately 8,000 suspicious sites on the Dark Web, of which about a third were connected to malware download pages on the public web, just under a third were proxy avoidance sites that help users get around school, company, or government filters, and a quarter were related to child pornography. Just five percent were related to hacking.

TrendMicro also analyzed commerce on the Dark Web, and found that only five percent of sellers and six percent of buyers wanted to trade in user account credentials, a similar number were trading in video games, and the almost all of the rest were all about the drugs. Other services available included fake documents and beatings and murder for hire.

So, while the Dark Web is typically illustrated by an iceberg where the small tip that's showing is the public Web -- in fact the part of it that's of particular interest to security researchers is fairly small and manageable.

A company can set up a Dark Web data mining operation and start being productive in about a day, said Jason Polancich, founder and chief architect of SurfWatch Labs, Inc.

"Most businesses already have all the tools on hand for starting a low-cost, high-return Dark Web intelligence operations, within their own existing IT and cybersecurity teams," he said. "And most large enterprises are either starting this, or already have it in place."

According to Terbium Labs, there are a "few dozen" forums, mainly on TOR, that traffic in stolen information such as bank account numbers.

To make the Dark Web even more accessible to enterprise security researchers, several vendors -- including SurfWatch and Terbium -- are offering monitoring, indexing or alerting services, helping companies react to, or stay ahead of, Dark Web threats.


Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.