While some organisations take a DIY approach to scouring marketplaces, the work is resource heavy and potentially risky says Anthony Vaccaro, senior information security analyst with AusCERT which is employed by a number of companies to monitor the darknet on their behalf.
“Some organisations are checking the darknet for information leaks. A lot of organisations don't have the resources – generally time, although some knowledge is required – to keep an eye on darknet activity,” Vaccaro explains. “There are varying levels of risk depending on the areas and sites you access.”
While accessing darknet sites is initially straightforward, maintaining anonymity can become quite complex. Tor-based markets are also subject to deanonymisation attacks, and connecting to Internet Relay Chat servers – which are occasionally used to communicate with sellers – would also need to be done with a proxy or method of masking the originating address.
“If you don't have the necessary skills to maintain this level of operational security it may be better to leave it to a service provider,” Vaccaro adds.
Deloitte offers darknet monitoring from its global Cyber Intelligence Centre and has done for around five years. Interest in the service has spiked in Australia in the last 18 months, Nunn Price says.
Keeping track of global darknet marketplaces is intensive work. While automation is used to scour the illicit marketplaces, a lot of manual effort goes in too. Even the darknet has darker corners; Deloitte has a team of analysts working to infiltrate these hidden, hidden marketplaces.
“They will go into some of these sites and take part in chat channels and forums, around the periphery – we don't actually partake in any illegal activity. What you find is that there are circles of trust,” says Nunn Price.
“What is important is that we want our analysts to get trusted enough to get invited. Then they can kind of lurk on it – they don’t post to it – sitting there, reading what others are posting.”
It can be tough work for the analysts. It is not only data on sale. As well as being a ‘shopping mall of drugs’ there is disturbing content too.
“Unfortunately ours analysts come across a lot of shocking and illegal content,” says Nunn Price. “On some of these forums you can get a lot of pornography, you can get a lot of extreme content. And that’s something we have to protect our analysts from. We try to automate as much as possible, but it’s still a manual process at the end of the day.”
It’s also a 24 hour job. Things are “appearing and disappearing” on the darknet all the time, says Nunn Price.
Sign up for CIO Asia eNewsletters.