fbpx

The dark web is full of dangerous stuff, but how does it affect your security directly?

The dark web is a mysterious place with a crazy reputation. Contrary to belief, finding the dark web isn't difficult. However, learning how to navigate it safely can be, especially if you don't know what you're doing or what to expect.

Hackers and scammers use the anonymity the dark web gives them to launch attacks on a wide range of targets, including consumers and businesses.

MakeUseOf spoke to Echosec Systems James Villeneuve about dark web threats, intelligence gathering, and security planning.

How Do Dark Web Threats Affect Corporate Security Planning?

The dark web is an ever-present backdrop for security planning. Just as cybersecurity firms do not underestimate the power of the dark web—that is, the users, forums, and organizations lurking there—corporate security planning is increasingly weighing those threats into their security planning.

James Villeneuve says:

Corporate security teams can no longer turn a blind eye to the growing threat landscape across the deep web and the dark web. With large corporations likely to experience, on average, one crisis per year, security planning has to identify where these crises are originating from online and begin developing a more proactive approach to monitoring.

Can Security Teams Actively Search the Dark Web for Threats?

One of the biggest draws of the dark web is privacy and anonymity. First, you can only access the dark web using specialized software, such as the Tor Browser. This software comes equipped with the special routing and privacy add-ons required to access the Tor network.

 

The structure of the dark web is meant to keep the sites, services, and users anonymous. When you use Tor to access the darknet, your internet traffic moves through several anonymous nodes from your computer to the site you want to visit.

Furthermore, the dark web isn't indexed in the same way as the regular internet. Websites on the Tor network don't use the DNS system that the normal internet uses.

Scanning the dark web for threats, then, requires special tools. For example, Echosec Beacon is a specialized threat intelligence tool that scans darknet marketplaces for stolen credentials, leaked data, and illicit goods, detects data breaches, and can provide early warning and insight into conversations relating to specific organizations on dark web forums.

Villeneuve explains:

Monitoring the communities that are discussing, planning, and propagating these threats, organizations are beginning to value and prioritize more proactive security strategies. With the average cost of a data breach now equalling over $3.86 million (IBM, 2019), the ability to prevent such breaches can save an organization millions in damages.

Does the Dark Web Provide a False Sense of Security?

As the dark web carries a strong reputation for privacy, it is no surprise that attackers and criminal organizations gather there to plan and launch attacks. The idea of a hidden service operating on a highly secure anonymous network provides users with a strong sense of privacy and security.

However, this feeling can lead users to make mistakes in their personal security. Furthermore, that sense of privacy and security provides the platform for people to discuss and plan "a great deal of nefarious activity... illegal goods sales, money laundering, and human exploitation" all happen on the dark web.

When users feel more comfortable in their surroundings, discussing plans for a cyber attack or details of their employer, they might give away more information than they realize.

In terms of "regular" dark web users, who are perhaps simply visiting the dark web version of Facebook or the BBC News website, these privacy issues aren't of a similar concern. The examples provided involve users interacting with and posting on dark web forums.

Posting to these forums can create traceability, especially if the users' operational security is poor (such as using the same username on multiple sites, revealing personal information, etc.).

Can Users Do More to Protect Themselves on the Dark Web?

When asked about security experience and responsibility, James Villeneuve says:

Your IT team simply cannot be the only team with security training. Security awareness training is paramount for all employees, in large corporations as well as SMEs. Empowering your staff with this knowledge can allow them to identify and prevent social engineering, spear-phishing, and ransomware attacks.

Security extends into all areas of life. So many of our important services are online. Learning how to use them safely is becoming a necessity, in that learning how to spot and detect phishing emails goes a long way in securing your online accounts. You should also consider how to create and use strong passwords.

But in terms of the dark web, the basics remain the same, with some extra tweaks. For example, aimlessly browsing the dark web isn't a good idea. You might click a link that takes you somewhere you don't want to go, with dangerous content at the other end.

Secondly, the dark web isn't really made for browsing in the same way as the regular internet.

Finally, there are hoaxes everywhere on the dark web. You'll almost certainly encounter sites offering services that simply don't exist.

Is the Dark Web Illegal?

The dark web itself isn't illegal. The dark web is an overlay network, which is a network that runs on top of another network. So, the network itself is completely legal.

However, there is illegal content on the dark web, some of which could land you in prison for a very long time if caught accessing it.

Then there is the exposure to other dangerous content, such as the darknet marketplaces and so on. Browsing a darknet marketplace isn't itself illegal, but purchasing the illicit goods on there is very likely to be, depending on your locale.

The other consideration goes to local laws regarding encryption. In some countries, the use of strong encryption is illegal as it makes government snooping much harder. Which, of course, they don't like.

You cannot access the dark web without using some form of encryption. The Tor network has strong encryption at its core. Accessing the dark web in a country with anti-encryption laws could see you fall foul of the government, so it pays to check before accessing the dark web.

Stay Safe on the Dark Web

You can access and use the dark web securely, but businesses and other organizations should be aware of the threats that can lurk there. Unfortunately, many of these threats are unseen, which is where dark web monitoring tools such as the Echosec System Platform can make a difference.

 [Source: This article was published in makeuseof.com By Gavin Phillips - Uploaded by the Association Member: Grace Irwin]
Categorized in Deep Web

Invisible Web, as the name suggests is the invisible part of the World Wide Web which either is not indexed on the search engine or is subjected to various access restrictions. The regular search engines cannot trace or track the content uploaded on the Invisible web which means not everyone can get access to it. Just in case you aren’t aware, the World Wide Web can be called the metaphor Ocean which further has different sections like Surface Web, Shallow Web, Deep Web, and Dark Web.

  • Surface Web includes the normal part of the Web which we browse and it includes the set of websites indexed by the automated search engines. Search engines can index and track all the content uploaded on the Surface Web and thus it is available for everyone. All the social networking websites, online shopping, etc comes under Surface Web.
  • Shallow Web is basically used by the developers and other IT people which includes the databases stored by the developers, servers, programming language, etc. It is actually the background of the webpages you and I browse.
  • Dark Web and Deep Web – These two are slightly different and combinedly make the term Invisible Web. All the information and content stored or uploaded on the Dark and Deep Web are hidden and are not accessible to everyone. The Deep Web includes personal content like online banking, email inboxes, cloud storage, etc which requires some kind of authorization to access.

Whereas the Dark Web actually refers to a set of anonymously hosted websites that are not indexed by the regular search engines. There are specific web browsers and search engines to access this Invisible Web and this is what we are going to learn in this post.

Invisible Web Search Engines

1] The WWW Virtual Library

thw www virtual library 500x263

Started by Tim Berners Lee, the creator of the World Wide Web, the WWW Virtual Library is the oldest web catalog. It is actually a wide range catalog which compiles the key links of various web pages in different categories like Agriculture, Arts, Recreation, Education, etc. This virtual library lives on hundreds of different servers worldwide. Check it here

1] USA.Gov

usa.gov 474x500

If you are looking for any information on US government services and programs you can check the USA.Gov. The website is very simple and comes with a user-friendly interface. Just use the search box to find what you are exactly looking for. It is very well organized as per the categories. Check USA.Gov here

2] Elephind

elephind 500x123

This website is one of its kind as it showcases international historical newspapers. It includes 3,866,107 Newspapers and 4,345 Newspaper titles which is huge. Most of the newspapers shown on this website are on the deep web and are not indexed on Google or other traditional search engines. You will get the newspapers from the 17th Century too. You can either use the search bar to get a specific newspaper or can go through the newspaper archives. Check Elephind here

4] Voice of the Shuttle

voice-of-the-shuttle-500x484.jpg

Voice of the Shuttle is an excellent resource for anyone interested in Humanities. It is a beautifully and perfectly curated collection of deep web content. The collection includes a wide range of categories right from Architecture to General Humanities, Literature to Legal studies, and a lot more. It has been listed in Forbes as the best of the Web directory in the Academic research category.  Check Voice of Shuttle here

5] Ahmia

ahima-500x264.jpg

It is a Dark web search engine and you need to install the Tor web browser to use it. You won’t be able to open the links without the Tor browser. Ahima indexes the hidden content published on Tor. Check Ahmia here at https://ahmia.fi.

These were the five search engines to explore the Invisible Web. Do let us know if you want us to add in some more names.

 

[Source: This article was published in thewindowsclub.com By Shiwangi Peswani- Uploaded by the Association Member: Joshua Simon]

Categorized in Search Engine

Identity theft is such a growing problem that it’s become almost routine—Marriott, MyFitness Pal, LinkedIn, Zynga, and even Equifax (of all places) have had high-profile online data breaches in recent years, affecting hundreds of millions of people. To help combat this problem, Experian and other companies are marketing “dark web scans” to prevent data breaches. But what is a dark web scan, and do you need it?

The dark web, explained 

The dark web is a large, hidden network of websites not indexed or found on typical search engines. It’s also a hub of illegal activity, including the buying and selling of stolen financial and personal information. If your information ends up on dark web sites after a data breach, an identity thief could use that data to open credit cards, take out loans, or withdraw money from your bank account.

How dark web scans work 

A dark scan will scan the dark web to see if medical identification info, bank account numbers, and Social Security numbers are being shared. If you get positive results, the dark scan service will suggest that you change your passwords, use stronger ones, or put a credit freeze on your credit profiles with the three major bureaus (Experian, Equifax, and TransUnion). A negative search result doesn’t necessarily mean you haven’t had a data breach, of course, as there’s no way for any company to search the entirety of the dark web.

Many of these services offer you a free scan, but that only covers certain information like phone numbers, passwords, and Social Security numbers. If you want to set up alerts, or search for other information like bank account numbers, passports, or your driver’s license, or have access to credit reports (which are already free) these services will typically charge a monthly fee (Experian offers this service for $9.99 per month after a 30-day free trial).

Is a dark web scan worth paying for?

In an interview for NBC News’ Better, Neal O’Farrell, executive director of the Identify Theft Council, called dark web scanning “a smoke and mirrors deal” that doesn’t “go to the cause of the problem, which is vigilance, awareness, taking care of your own personal information, freezing your credit.”

[Source: This article was published in twocents.lifehacker.com By Mike Winters - Uploaded by the Association Member: Eric Beaudoin]

Categorized in Internet Privacy

Dark Web is that area of the internet that consists of encrypted content and is not indexed by search engines.

About 97% cybersecurity companies had their data exposed on the Dark Web in 2020.

Some data breaches occurred as recent as in end of August, a survey by security firm ImmuniWeb found.

The survey covered 398 cybersecurity companies headquartered across 26 countries including USA, UK, India, Canada and Germany.

Dark Web included both Deep Web and Surface Web in the survey. Dark Web consists of encrypted content that is not indexed by search engines.

More than 160 companies faced incidents as their employees used identical passwords on more than one breached system. Most of the passwords lacked basic security requirements - uppercase, numerical and special characters. Common passwords included ‘password’ and ‘123456’.

Half the exposed data consisted of plaintext credentials like financial and personal information.

US-based security firms showed most number of high-risk data breaches, followed by the UK. High-risk breaches include credentials with sensitive information.

A large number of leaks were silently performed by trusted third parties like suppliers or sub-contractors to the company.

Some stolen credentials came from incidents involving unrelated third parties where victims used work emails to sign into adult websites.

At least 5,121 stolen credentials were found in pornographic and adult-dating websites, ImmuniWeb said.

The report also stated that half the companies did not comply with General Data Protection Regulation (GDPR) rules owing to vulnerable software, lack of strong privacy policy, and missing cookie disclaimers when cookies contain traceable personal information.

More than a fourth of the vulnerabilities remain unpatched to date, the security firm said.

[Source: This article was published in thehindu.com By Sowmya Ramasubramanian - Uploaded by the Association Member: Nevena Gojkovic Turunz]

Categorized in Deep Web
Although both the deep web and dark web are the hidden sections of the internet, they are not synonymous and should not be confused with each other

The terms ‘dark web’ and ‘deep web’ are often interchangeably used to describe the section of the internet that is home to criminal activities. To understand the difference between the dark web and the deep web, we must understand the different layers of the internet, as detailed below.

Surface web: The first layer of the World Wide Web is the surface web, which is also known as the visible web or the clear web. It comprises websites that are indexed by common search engines such as Google, Yahoo, Bing, and so on. These websites are available for public access without requiring permissions. It is believed that the surface web constitutes only 3-4% of the entire World Wide Web; however, according to Wikipedia, the figure stands at 10%. This means the millions of search results conducted every second are but a minuscule percentage of the overall internet!

Deep web: A step further below the surface web is the deep web. The deep web is estimated to be nearly 500 times the size of the surface web or 90% of the entire internet. This section of the internet comprises websites and data that are not indexed. They are protected from search engines and crawlers by way of encryption.

Any data behind a firewall, be it data servers, organizational intranets, or archives, belong to the deep web. A website in the deep web would require you to enter your unique username and password combination to access. Probably, the simplest examples of a website in the deep web can be web-based email, social media platform, online banking, or web-based subscription service. That brings us to the question – whether the deep web is illegal to foray into? The answer is No.

Dark web: The deepest layer of the World Wide Web is called the dark web. Although a part of the deep web, dark web goes further deep. It is a subset of the deep web and the key difference between the two is that the deep web can be home to both good and bad data, whereas the dark web is mostly illicit.

As per some estimates, the dark web probably constitutes only 0.1% of the entire internet but is the hotbed for many illegal activities. The dark web can be termed the underbelly of the internet, as it facilitates crimes such as sale/purchase of stolen data, fake identity proofs, porn, drug trafficking, contract killers, sale of arms and ammunition, and so forth.

It is the infamous part of the internet where data is intentionally hidden and criminal activities are rampant. It requires special software – such as The Onion Browser (Tor), Freenet, or I2P (Invisible Internet Project) – to access the dark web. This is because the dark web can be accessed only by anonymous users, which common browsers do not allow. Common browsers track the IP address of the users and hence enable identification of the user – something which is undesirable in the dark web.

Access to the dark web is not illegal but is fraught with numerous risks. Therefore, it is recommended to stay away from the dark web, as it can be highly dangerous.

[Source: This article was published in dqindia.com By Neetu Katyal - Uploaded by the Association Member: Deborah Tannen]

Categorized in Deep Web

Law enforcement agencies working online benefit from machine learning (ML) and artificial intelligence (AI) , which lead to leading solutions. ML and AI work together, and automated methods can search the dark web, detect illegal activity and bring malicious actors to justice. 

The interface between AI and GIS has created enormous possibilities that were not possible before. The field of artificial intelligence (AI) is so advanced that it exceeds or exceeds human accuracy in many areas, such as speech recognition, reading and writing, and image recognition. Together, ML and AI are rapidly making their way into the world of law enforcement. 

AI, machine learning, and deep learning help make the world a better place, for example, by helping to increase crop yields through precision farming, fighting crime through predictive policing, or predicting when the next big storm will arrive, whether in the US or elsewhere.

As fraud detection programs are driven by artificial intelligence (AI), many of these chains turn to AI to ensure that they use various techniques to stop bad actors in advance. Broadly speaking, AI is the ability to perform tasks that typically require a certain level of human intelligence. 

 

Reward programs are particularly popular because they can store large amounts of valuable data, including payment information. Reward points are also valuable because bad actors can spend them or sell them on dark web marketplaces. 

Coffee giant Dunkin 'Donuts was the victim of a hacker attack in October 2018, and the fraudsters who initiated the program were able to sell users' loyalty credits on dark web marketplaces for a fraction of their value. Sixgill is a cyber threat intelligence service that analyses dark web activity to detect and prevent cyber attacks and sensitive data leaks before they occur. Using advanced algorithms, its cyber intelligence platform provides organisations with real-time alerts and actionable intelligence that priorities major threats such as cyber attacks, data breaches and cyber attacks. 

New York City-based Insight has developed a threat detection platform that uses artificial intelligence and machine learning to scan deep and dark networks for specific keywords to alert potential targets. Sixgill investigates the Dark Web, the Internet of Things, and other areas of human activity to identify and predict cybercrime and terrorist activity. While the darker web requires someone to use the Tor browser, it can also be accessed by someone who knows where to look. 

That's why AI and ML are used to bring light into the dark web, and they can sweep it away faster than a person could. The IntSights report primarily scans deep and dark nets for the latter, but it can also scan the darker net, though not as fast or as far as a person could do, the report said. 

The problem with using AI and ML for this job is that there is not enough clarity: 40% of the websites on the dark-net are completely legal. The remaining 60% are not, and this includes anonymous transactions that are legal, according to the IntSights report.

 

Good cybersecurity practices can reduce the risk of information being collected and sold on the dark-net. Reporting incidents to law enforcement can generally reduce the risk, and a quick response to incidents can help minimise the damage. According to IntSights, law enforcement agencies around the world seized more than $1.5 billion worth of malicious software in 2017. 

Cobwebs Technologies' confusing tool can also search for information about possible crimes before they happen. Cobwebs Technologies' involvement tools can also search for information about potential crimes before they happen, and they are available to law enforcement free of charge. 

Cobwebs Technologies "confusing tool scans the deep dark web to identify and find connections between people's different profiles, displays the information in graphs and maps, and presents it in a variety of formats. It uses artificial intelligence and machine learning to search for keywords that contain information about people, such as their social media profiles and social networks. Tangle can also generate alarms to alert officials to potential threats extremely quickly. Monitoring people's activities on the dark web and other social networks can help officials pinpoint their plans.

Criminals now routinely use the internet to keep their criminal businesses under wraps, and artificial intelligence could help catch paedophiles operating on the dark-net, the Home Office has announced. The company's co-founder and chief technology officer, Dr Michael O'Brien, said: "Our company has developed an AI-based web intelligence solution to make the web safer by enabling law enforcement and crime analysts to uncover the hidden profiles of criminals, drug dealers, money launderers and other criminals lurking in the deep darknet. 

Earlier this month, Chancellor Sajid Javid announced that £30million had been made available to tackle child sexual exploitation online, with the Home Office revealing details on Tuesday of how it will be spent. The government has promised to spend more money on a child abuse image database that, since 2014, has allowed police and other law enforcement agencies to search seized computers or other devices for indecent images of children to help identify victims. Some aspects of artificial intelligence, including language analysis and age assessment, have been used to determine whether they would help track down child molesters.

[Source: This article was published in aidaily.co.uk By Manahil Zahra - Uploaded by the Association Member: Anna K. Sasaki]

Categorized in Deep Web

 Threat intelligence firm KELA shared a list of more than 900 Pulse Secure VPN enterprise server usernames and passwords with ZDNet, which a hacker had posted on the dark web in plain text.

The usernames and passwords, as well as IP addresses, from more than 900 Pulse Secure Virtual Private Network enterprise servers were posted in plain text on the dark web by a Russian-speaking hacker, first reported by ZDNet.com, which obtained the list with help from threat intelligence firm KELA. 

The list contained Pulse Secure VPN server firmware version, SSH server keys, all local users and password hashes, administrator account details, previous VPN logins with cleartext credentials, and session cookies.  

The authenticity of the list was verified by multiple cybersecurity sources. Further, the list was published on a forum frequented by popular ransomware threat actors, such as REvil and NetWalker. 

 

The leak was first discovered by researchers from Bank Security, which observed that the VPN servers listed by the hacker were operating with the firmware version that contained the CVE-2019-11510 vulnerability patched by Pulse Secure in early 2019. 

The Department of Homeland Security and other security researchers have repeatedly urged organizations to patch this critical vulnerability, as hackers continued to target the flawThose targeted attacks continued through January 2020. 

And in April, DHS warned that hackers were using stolen credentials to crack into enterprise networks through the Pulse Secure VPN, even if the vulnerability was patched. 

To find vulnerable VPNs, it appears that the hacker who compiled the list scanned the internet IPv4 address between June 24 and July 8, 2020 and leveraged the known vulnerability to access servers. Then, the threat actor gathered the server details and credentials, collecting the data into a central repository. 

Reviewing the list, it appears that 677 companies failed to patch the Pulse Secure VPN vulnerability. 

VPNs are one of the most common, secure methods used to remotely connect to the network. But as remote connections and telehealth use expanded amid the COVID-19 pandemic, the threat landscape has become much more complex. 

Pulse Secure CMO Scott Gordon told HealthITSecurity.com in March, that in healthcare, providers need to be employing endpoint protection and modern VPN solutions “where you’re encrypting communication session between the device and the data between the practitioner’s devices and application.” 

Since you are now expanding VPN use to more sets of employees contracts and affiliates you should for sure that the VPN software is up to date and current to eliminate the potential VPN vulnerabilities,” Gordon said, at the time. “They’ve essentially broadened the attack surface. Every end user accessing information and resources are now part of their attack surface, and they want to do everything they can now that they've added greater accessibility.” 

To Laurence Pitt, Global Security Strategy Director, Juniper Networks, its unacceptable that organizations failed to patch the vulnerability more than a year after a fix was provided, which allowed for cleartext data dump to occur. 

Further, security researchers have repeatedly provided proof-of-concept data that showed just what could occur if the enterprise left the vulnerability exposed.   

“The lesson learned here? Patch, patch, patch,” Pitt said in an emailed statement. “The data published lists only 900 servers. What we do not know is how many more have not been released – or, which of these could be sensitive servers that are now being poked and prodded in planning for a bigger attack.  

If you are running an older version of code on a service as critical as the VPN is today, then find the latest version and get that upgrade planned, he added.

Healthcare organizations should review insights recently provided by the National Security Agency to better understand the risk and best practice methods to secure VPNs, telework, and other remote sites.

[Source: This article was published in healthitsecurity.com By Jessica Davis - Uploaded by the Association Member: Jeremy Frink]

Categorized in Deep Web

While public safety measures have started to relax, the surge of malware accompanying the pandemic is still making headlines. As a recent study points out, hackers have created no less than 130 000 new e-mail domains related to Covid-19 to carry out what analysts now call ”fearware” attacks.

A lot of these domains and attacks are tied to the same source: the dark web. From selling vaccines and fake drugs to simply spreading panic, the dark web has been the host of many pandemic-related threats. And these attacks were just the latest addition to the dark web’s regular activity including, but not restricted to botnets, cryptojacking and selling ransomware.

However, to see how threats from the far reaches of the Internet can affect your company or clients, we must delve deeper into the concept of “dark web’’.

In the first part of our article, we try to understand the dark web’s structure and acknowledge its growing importance to cybersecurity teams.

What is the Dark Web?

Simple users or security specialists, most of us spend our time online the same way: tied to a few popular websites and chat clients or perusing pages through a search engine. This activity, mediated by traditional browsers and apps, accounts for an almost endless amount of content.

But, as copious as this content might seem, it’s only a small percentage of what the Internet has to offer – as little as 4%, according to CSO Online. The rest of it? An enormous collection of unindexed websites, private pages, and secluded networks that regular search engines cannot detect, bearing the generic moniker of ‘’deep web’’.

The deep web covers just about anything that’s hidden from the public eye, including exclusive and paid content, private repositories, academic journals, medical records, confidential company data and much more. In a broad sense, even the contents of an e-mail server are part of the deep web.

However, there is a certain part of the deep web that’s noticeably different. How? Well, if the deep web in general is content that can’t be found through conventional means, the dark web is that part of it that does not want to be found.

The dark web exists through private networks that use the Internet as support, but require specific software to be accessed, as well as additional configurations or authorization. While the dark web is only a small part of the deep web, it allegedly still accounts for around 5% of the entire Internet… and for a lot of its malicious activity.

Since the dark web can’t be accessed directly, users need to use special software such as the Tor browser, I2P, or Freenet. Tor, also known as The Onion Router, is perhaps the best-known means of accessing the dark web, as it is used both as a gateway and a security measure (limiting website interactions with the user’s system). While the protocol itself was initially developed by a Navy division before becoming open source, the project is currently administered by an NGO.

I2P (The Invisible Internet Project) specializes in allowing the anonymous creation and hosting of websites through secure protocols, directly contributing to the development of the dark web.

At this point, it’s worth stating that many dark web sites are not in any way malicious and might just be private for security reasons (journalism websites for countries where censorship is rampant, private chat rooms for people affected by trauma, etc.). It’s also worth noting that platforms such as Tor are not malicious in themselves, with their technology being also used by many legitimate companies. However, the dark web offers two very powerful abilities to its users, both of them ripe for abuse.

These abilities are complete anonymity and untraceability. Unfortunately, their dangers only became visible after Silk Road, probably the world’s largest illegal online market at the time, was closed. A similar ripple was also produced by the closing of the gigantic Alphabay, an even more comprehensive follow-up to Silk Road.

The Dangers of Anonymity

The truth is, dark web sites have been known to sell just about anything from drugs and contraband, guns, subscription credentials, password lists, credit cards to malware of all types, as well as multiple other illegal wares. All without any real control, from website owners or authorities, and all under the guard of encryption. Back in 2015, a study classified the contents of more than 2,700 dark web sites and found that no less than 57% hosted illicit materials!

Obviously, this prompted authorities to take action. Some law enforcement agencies have started monitoring Tor downloads to correlate them with suspicious activity, while others, such as the FBI, established their own fake illegal websites on the dark web to catch wrong-doers.

Even with such measures in place, the dark web’s growth is far from coming to a halt. Its traffic actually increased around the Covid-19 pandemic, and the technology’s 20th anniversary. It is estimated that in 2019 30% of Americans were visiting the dark web regularly, although mostly not for a malicious purpose. Furthermore, as large social networks increase their content filtering and as web monitoring becomes more prevalent on the „surface web”, the dark web is slowly becoming an ideological escape for certain vocal groups.

While these numbers can put things into perspective, many security experts, from both enterprise organizations and MSSPs, might ask: ”Alright, but what does that have to do with my company? Why do I have to monitor the dark web?”

In the second part of our article, you will learn what Dark Web threats are aimed directly at your enterprise, and how an efficient Threat Intelligence solution can keep them at bay.

[Source: This article was published in securityboulevard.com By Andrei Pisau - Uploaded by the Association Member: Daniel K. Henry]

Categorized in Deep Web

Welcome to TechTours, where we will delve a little deeper into the questions many are too afraid to ask, and dive into the pools that most would just like to dip their toes. Today, we tackle the dark web. 

The notorious dark web has been the subject of many IT discussions and curious minds in the last few years. With the rise of cryptocurrencies and hacking groups like Anonymous, many wonder what is behind the curtain, and how to take a peek. 

The difference between clear, deep and dark web

Clear web is what we use every day. Everything that can be indexed or “found easily” will be classified under clear web. The terms “deep web” and “dark web” however, are often mixed up but they could not be more different. 

The deep web refers to items that can be accessed via a search engine  but are blocked by paywalls or subscriptions and sign-in credentials. It also includes any content that its owners have blocked web crawlers (such as search engines) from indexing. The deep web is estimated to make up between 96 and 99% of the internet.

The dark web is a subset of the deep web that is a lot more difficult to access, and where most of the illicit activity can be found. This requires a specific type of browser to access and is estimated to make up about 5% of the internet. Again, not all the dark web is used for illicit purposes despite its ominous-sounding name. 

What is the dark web? 

The dark web is the “underside” of the internet that isn't indexed by major search engines. By now, you have probably heard about the dark web being a proverbial dark alley of illegal activity and in many cases, it is. 

On the dark web you will find immeasurable amounts of ways to buy credit card numbers, lifetime Netflix accounts and even counterfeit currency. It goes without saying that it would not be a great idea to put in banking details or any personal information on there due to the dangerous nature of the anonymity of its users. It would also be illegal to purchase the aforementioned products.

But not everything is illegal, the dark web also has a legitimate side. For example, you can join a chess club or BlackBook, a social network described as the “the Facebook of Tor”.

How is the dark web accessed?

The thought of accessing a global marketplace where everyone is free to sell what they want, when they want, might sound enticing. I assure you, as can be expected with a platform where everyone is anonymous, accessing the dark web is not easy and it is incredibly easy to be scammed. 

Accessing the dark web requires the use of a browser called Tor. The Tor browser basically hides you from everyone else by routing your web page through a variety of servers making your IP address unidentifiable.  

Some positives of the dark web

Despite its “dark” reputation, the dark web also provides an access point for people in countries where digital restrictions are stifling them. People are turning to the dark web for freedom of speech and privacy. Just like the “clear” web, the dark web is filled with social media platforms, email services and even gaming websites. However, due to the use of browsers such as Tor, you are kept fully anonymous.

The dark web is also being used to expose corruption. News channels such as Fox, CNN and NBC have all got open sites on the dark web in order to receive anonymous tips from online users. In addition to this, due to the anonymity that the dark web provides, many users on the dark web use it to share personal stories. This ranges from advice on drug addiction, sexual abuse and many other personal stories people are afraid to share on the clear web. 

There are also a growing number of medical professionals using the dark web who consult with patients who would rather keep their medical conditions anonymous. 

Another reason people are moving to the dark web is to make anonymous purchases. We do not condone buying illegal items but recognise that there are legitimate reasons to buy products and services on the dark web such as buying specific security software and electronic devices. There are also tons of online communities where no matter what your passion is, you will probably find a forum for it. A note of caution is always avoid forum discussions pertaining to illegal activities. 

The dark web is an interesting place filled with a myriad of forums, marketplaces and illegal items but as mentioned previously, there is little to no policing. 

If your intention to use the dark web is to remain anonymous and find like-minded people then this is the place for you. One thing is for certain, like walking through a shady part of town, you will find lots of bargains and interesting things to see. Just don't go down the dark alley and check what people are selling from their trench coats. 

* Independent Media will not be responsible for person/s using the dark web irresponsibly. Please proceed with extreme caution when doing so and steer away from illegal activity. 

[Source: This article was published in iol.co.za By Faheem Khota - Uploaded by the Association Member: Jason bourne]

Categorized in Deep Web

A Trend Micro study reveals that trust in Deep Web marketplaces is diminishing due to law enforcement efforts to shut down illegal activities.

new study has revealed that the dark web marketplace isn’t as safe for users’ anonymity as it was believed to be due to the simple fact that authorities are cracking down on the presence of online marketplaces, which makes it hard to keep the constant and reliable presence. 

According to the study published by the cybersecurity company Trend Micro, the crackdown on marketplaces like Dream Market, Wall Street Market, DeepDotWeb, and Valhalla has generated a huge discontent among their userbases due to the lack of security infrastructure from the said websites. The security flaws on these websites may well result in the loss of anonymity for their users, which is the main draw to their businesses. 

Exit Scams are Rampant

The increase in the precedents of exit scams from the online stores has resulted in a considerable slowdown of sales. Exit scams are the type of activity where the website shuts down suddenly without delivering the orders thus stealing money from the customers. Undercover operations from the law enforcement forces from all over the world have also been on the tail of these websites thus the increase in mistrust.

Users have started countering these scamming websites via the creation of the DarkNet Trust website where the reputation of the companies can be found by searching for their usernames and Public Key (PGP) fingerprints. 

In countries like Australia, for example, gambling is legal in general however the citizens are not allowed to gamble with the locally registered websites. The law specifically mentions engaging in wagering with real money. Since Australia does not recognize the cryptocurrencies as “real money” this creates a loophole in the legal system. Although, it’s obvious that this is all done for anonymity, and due to the increase in concerns of government agencies spying on the users, this has become an issue for a lot of people. The biggest draw to the darknet has been on the cryptocurrency market. Since trading is illegal, cryptocurrencies are acquired through the dark web in order to mask activity as much as possible, later used in any bitcoin casino Australia has listed within its borders, and then withdrawn as real cash with minimum payments to be made to the government.

Apart from this, the administrators of the darknet marketplaces were forced to implement additional security methods like two-factor authentication, multi signatures, wallet fewer transactions on Bitcoin (BT), and Monero (XMR) with the addition of rooting out the usage of JavaScript due to easily exploitable nature of the scripting language.

A wallet less payment is when a transaction is made from the user to the vendor directly and the marketplace getting a monthly subscription instead of a per-transaction fee. The Protonmail has also been under attack from the users since the accusations of them assisting law enforcement agencies have been circulating around the net. It is also worth mentioning that an anonymous hacker has cracked open the databases of Daniel’s Hosting, which is the largest free web-hosting provider on the darknet. This resulted in the takedown of over 7000 websites and their databases leaked and consequently the pages being deleted as a whole. Also, around 4000 emails have been leaked.

 [Source: This article was published in bitrates.com - Uploaded by the Association Member: Anna K. Sasaki]

Categorized in Deep Web
Page 1 of 16

AOFIRS

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media