Preparation, execution and monetization of any high-profile data breach that comes to mind requires multiple transactions between several tiers of co-conspirators. That collaboration takes place on the Darknet.
Yet despite its ominous handle, the Darknet isn’t as mysterious as you might think. In fact, some security experts say it can be an effective form of defense for a corporation to assign an IT staffer to maintain a presence there. I will come back to that in moment. First, here’s what every organization should know about the Darknet.
Why it’s dark
The Darknet simply refers to servers that aren’t tied into the mainstream Internet. Google, Bing and DuckDuckGo do not keep track of anything in this vast expanse of the web. To get on the Darknet, you need to be versed in using non-standard communications protocols. But this is something anyone with an Internet connection and a modicum of self-discipline can master.
Quite naturally, drug dealers and weapons brokers years ago set up a thriving online marketplace on the Darknet. And now malware writers, hackers, software license thieves, hacktivists, nation-state sponsored spy rings and the entire supporting cast that comprise the booming global cybercrime industry have joined the party.
The commons
The Darknet is where the cyber underground convenes. Network breaches now cause a phenomenal $600 billion in damages annually, a level of crime intensifying at a rate that will drive corporate losses to $2 trillion by 2019, according to British consultancy Juniper Research. This is possible because the Darknet has come to function as the commons of cybercrime. It is where all the intricate horse trading underlying the complex, amazingly efficient cyber underground economy takes place.
Going shopping
So, you’d like to hack into a large corporation or government agency? Where to begin? Head directly to the Darknet forums. With patience and diligence, you can find brokers who will sell you information not just about the specific IT systems your target uses, but they can also direct you to specific vulnerabilities just waiting to be hacked, says Andrew Lewman, chief revenue officer at Farsight Security. Lewman gave a fascinating talk about the Darknet at the RSA 2017 cybersecurity conference last month.
You can then shop for malware, and recruit specialists to help you every step along the way: spread the malware; get a foothold inside the fire wall; map the company’s network; and, exfiltrate entire databases.
Going to market
Now you need to sell what you stole. One sure fire marketing technique is to post a sample of the stolen data at Darknet locations known to be haunted by ideologues and reporters, Lewman says. There’s a very good chance news of the breach will circulate via social media and, if you’re lucky, make headlines in the mainstream media. You can then sit back and wait for purchase queries for the juicy stuff you stole. This will come via your contacts in the Darknet forums.
Getting paid
Bitcoin is the Darknet’s virtual currency of choice. However, it’s hard to buy a Maserati with Bitcoin. And U.S. and European anti-laundering laws have been designed to snare criminals when they try to convert virtual currency into hard cash at virtual currency exchanges. No problem. Faked driver’s licenses and passports are readily available on the Darknet, Lewman says. It’s simple to set up a faked alter ego, good enough to dodge law enforcement, he says. So, what color would you like that Maserati?
Canary strategy
It’s very straight forward for anyone with technical aptitude to become an active participant on the Darknet. Law enforcement and white hat researchers do it all the time. That means it is also feasible for a company to assign an IT staffer to become a Darknet denizen. Why would any company do this? The staffer could be assigned to study the ebb and flow of the criminal activities, and be on alert should the company’s name turn up where it shouldn’t, Lewman says. The staffer could become, in effect, a canary in the coal mine.