DARKNET, a web designed to be protective but finally becoming harmful!

Most of you have already heard about the DARKNET but none of you, or only a few, know exactly what it is... Be at ease, it's more easy to understand than Bitcoin chain!

As a Cyber Security company, my security engineers teams are more often on the "DARKNET" than the real internet. (LIGHTWEB?)

Firstly, did you know that you can find Facebook on the DARKNET? you also have plenty of other websites that are perfectly normal...

DARKNET, a fantastic idea and technology

The first purpose of it is to protect you with anonymous information.

When you browse on the Darknet.... Hum... Do you know how to browse on it?

Actually that is pretty simple, just download a specific browser called TOR Which will encrypt your communication and relay them through volunteers to make sure that it is almost impossible to track you back. You will not, like internet, take the quickest path to visit a website in order to cover your tracks.Of Course, this is very simplified and if you still publish information with personal assets you will be traceable.

However the principle was imagined by the U.S. navy back in mid 1990s it is a private community that is now implementing and developing it. FYI the DARKNET is 100% legal, going on it will not be punished by the law. It was design to protect the identity of internet users in order to prevent your private life and information to be disclosed.

Why does it turn to be called the DARK net ?

Do you know what is the oldest job in the world? Criminal activities! Since almost the beginning of this world criminals exist and always seek to extend their incomes. For them the more important is to never been caught. Great, TOR can help them with that. Now criminal organization can freely sell drugs, weapons and intelligent information without being caught because they are ANONYMOUS.

In Cyber Security, Hackers are now doing APT (advanced Persistent Threat) around a community where they freely share their discovery and advancement in order to penetrate the IT infrastructure of a company. Example are numerous and huge. FYI in August 2014, the biggest robbery of all time has been the theft of 1.2 billion usernames and password by a Russian Hacking group exploiting such community. Previously, in 2013, multiple stores has been targeted across the United States causing the theft of more than 110 million bank account information... one-third of the American population...

DARKNET is wonderful and frightening at the same time. Like everything on earth, using something without limitation and/or regulations is dangerous!

Here is how you can take advantage of it!

Let's be honest here, on a personal level, you are screwed... It is possible to protect yourself but not without restraining your personal liberty on Internet so let's skip this.

However, on a company level this is a whole different story! Yes you can protect yourself and yes it is easy to do so!

As a company, in Cyber security field, you are mostly afraid of 2 things: 1- Being stolen sensitive information 2- Being attacked and damaged That's exactly what you can find in the DARKNET because as a major company you will be target by APT. As for sensitive information, if they have to be released they will definitely go on the DarkNet!

We provide a services to our customers which is basically scanning thousands of hackers websites to find information about your company and subsidiaries, key employees (CEO, IT director, ...) and your vendors and distributors (an attack could come through them). Our data analyst team gather huge amount information and merge them into a comprehensive APT detection, Data leakage potentiality, vulnerabilities discovery on your company or vendors, ...

This is basically having your own FBI agency working for you!

Still not convinced? Here is a real case we had

The CEO of ABC bank in UK was registered into his former university website in Australia. Unfortunately his university has been hacked and all the users and password has been released on DARKNET.

We detected, right away, the release of information about ABC' CEO on the DarkNet. The password was encrypted but here is the thing... on Darknet you also have tools to decrypt this kind of encryption. (We did it for ABC as a proof)

The second important point is that ABC' CEO used his professional email address (ceo@abc.uk) to register.

We submitted a report to ABC bank to warn them and urge the CEO to modify the password.

Several weeks later, an attempt of access to his account has been detected after multiple try to connect with his account and previous password.

If we hadn't monitor the DARKNET for them the result could have been catastrophic such as CEO Fraud, impersonation, data or intellectual property theft, etc...

CONCLUSION:

The thing with the DARKNET is that everybody think to be safe and everybody think their company is secured. YOU ARE WRONG! I saw worldwide company been successfully targeted so many times that it start to be really risible. To be straight and honest, you do invest a lot in defense but not enough in efficient employees security awareness while they are you're biggest vulnerability. Start monitoring the DARKNET and then you will be capable to predict future and not only wait to be attacked. Furthermore you will be able to do Counter-intelligence. Indeed, in order to identify criminals you can setup honey-pot by directly spreading false information on DARKNET and lead them to a legal trap. (after detecting they are working on an APT)

I told you, it's like having your own FBI agency! In my professional jargon we call that Threat Intelligence Sharing...

Original post: DARKNET, a web designed to be protective but finally becoming harmful!