The ghost in the machine: Darknet evolves as portal into hacker’s targets

Organizations would be wise to monitor hidden network’s forums to shield themselves from attack

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

The Dark­net is a vast part of the inter­net where most ordi­nary cit­i­zens will nev­er tread. Google, Bing and GoDuck­Go do not keep track of any­thing in the Dark­net. Its web loca­tions can only be reached if you’re versed in using non­stan­dard com­mu­ni­ca­tions protocols.

With this in mind, I attend­ed a talk by Andrew Lew­man, chief rev­enue offi­cer of Far­sight Secu­ri­ty at the RSA 2017 in San Fran­cis­co. The title of his talk: “Track­ing Dark­net: A Win­dow into Attack­ers’ Motives, Meth­ods and Tar­gets.” A few eye-open­ing takeaways:

• Fol­low the mon­ey. The Dark­net is where the cyber under­ground con­venes. Net­work breach­es now cause a phe­nom­e­nal $600 bil­lion in dam­ages annu­al­ly, a lev­el of crime inten­si­fy­ing at a rate that will dri­ve cor­po­rate loss­es to $2.5 tril­lion by 2020, accord­ing to British con­sul­tan­cy Juniper Research. The Dark­net func­tions as the com­mons where all of the intri­cate horse trad­ing under­ly­ing the com­plex, amaz­ing­ly effi­cient cyber crime econ­o­my takes place.

• It takes a vil­lage. Want to hack a high vis­i­bil­i­ty tar­get? Head to the Dark­net forums. It won’t take you long to find par­ties knowl­edge­able about the sys­tems your tar­get uses, and, more impor­tant­ly, the unpatched vul­ner­a­bil­i­ties there­in wait­ing to be exploit­ed. You can then shop for mal­ware that will get you inside, and help you stealth­ily copy and exfil­trate entire data­bas­es. Now you need to mar­ket what you stole. One tried and true way is to post a sam­ple of the stolen data on a Dark­net loca­tion mon­i­tored by hack­tivists and reporters. Voila, your breach hits the head­lines. Expect pur­chase queries to fol­low via the forums.

• Cash­ing in. Bit­coin is the Darknet’s vir­tu­al cur­ren­cy of choice. But it’s hard to pay the mort­gage or buy a Tes­la  with Bit­coin. What’s more, U.S. and Euro­pean anti-laun­der­ing laws can snare you at legit­i­mate exchanges. Luck­i­ly, on the Dark­net faked pass­ports are read­i­ly avail­able, Bit­coins accept­ed for pay­ment. It’s sim­ple to set up an alter ego, with a pass­port of good enough qual­i­ty to be used as accept­ed ID at online cur­ren­cy exchanges.

Anoth­er fas­ci­nat­ing theme Lew­man spoke about was why orga­ni­za­tions should con­sid­er assign­ing some­one to gain a work­ing knowl­edge of the Dark­net. Self-edu­ca­tion is straight for­ward with lots of tuto­r­i­al mate­r­i­al avail­able online.

Why would a com­pa­ny do this? The same rea­son law enforce­ment does it: to under­stand and mon­i­tor deal mak­ing and the move­ment of stolen data and crim­i­nal pay­offs. From a company’s stand­point, it’s pos­si­ble to mon­i­tor Dark­net forums to see if your company’s name appears in a way that should send up a red flag. And if your com­pa­ny gets breached or sus­tains a ran­somware hit, fol­low­ing the bread crumb trail of the attacks can be acute­ly valuable.

How so? Give a lis­ten to the accom­pa­ny­ing pod­cast with Lew­man, and his research assis­tant, Sarah Cortes, for more insight.

More relat­ed stories:
Norse dis­cov­ers stun­ning Dark Net attack patterns
How to oper­ate in a world with­out any secrets