The Dark Side Of The Web
What do bomb threats, webcam hoaxes, fake credit cards, identity theft, and targeted hacking, increasingly have in common? The Dark Web.
The Dark Web is the deliberately hidden part of the Internet, which is the natural habitat of of hackers and cyber criminals. This ‘dark side’ of the Internet, can only be accessed with specialist knowledge, and specific software tools. Perhaps the most famous such tool is TOR (The Onion Router). Other examples include Riffle, Freenet, and I2P (Invisible Internet Project). Whenever there is a massive data breach, that personal data usually ends up on the Dark Web. There are currently over 6.5 billion sets of hacked credentials already posted on the Dark Web, and the number is growing fast. In most cases, the companies and organizations who suffered these breaches, clearly didn’t do enough to secure themselves from cyber criminals.
Far from leveraging critical cyber-security systems and services to protect their client data effectively, many firms’ customer data was compromised, because databases were put online without having had security patches applied for up to a year, or in some cases, because databases were put online without even basic password protection. We are talking about certain banks and credit card companies, making millions of their customers’ private data available online, with zero security.
Many managers wring their hands and say, ‘it’s impossible to protect our networks from EVERY kind of attack,’ but in reality, there are far too many cases, where networks are not properly protected from ANY kind of attack.
So how does all this impact you?
First, there is the loss of privacy. If your doctor, bank, credit card company, travel agency, hotel, children’s school, lawyer, accountant, or a government department, leaks your private data onto the Dark Web, then your data is out there forever. Everything from how much money you have, to your children’s identities, to your medical condition, to your travel itinerary, to your photos and videos, to your physical location, may be compromised.
Second, there is the potential for direct access to critical accounts, especially if you have reused passwords. It may be that your bank, credit card company, or your workplace, has been hacked. In such a case, a hacker could just log in to your accounts, and directly take advantage. This is why dual factor authentication, is so important. It is also possible, if you have reused passwords, that a hacker can try a password they took from a third-party data breach, on your bank or workplace. This is why reusing the same password on multiple accounts, is a very bad idea.
There have now been millions of emails sent out to people, claiming that a hacker has captured them on video, while they were browsing an Adult Website, using their hacked webcam. These evolved into physical bomb threats as well. The connection to the Dark Web is both the email address to send the blackmail to, and also, and this is the key, the person’s actual password, which will often scare the potential victim into thinking everything else written, must be ‘real’ too.
Given the number of panic calls for help received over the last few months, we recently developed a service to monitor the Dark Web. This subscription-based offering allows our clients access to ongoing, automated updates, highlighting which of their organization’s people have had hacked sets of credentials posted on the Dark Web. This enables IT Departments to educate their users so they can further appreciate the importance of cyber security, and help to defend devices, networks, and data, even more comprehensively.
Michael Gazeley is the Managing Director of Network Box Corporation Limited.