Today, the media clamour surrounding the so-called “Dark Web” is deafening. Whether commentators are discussing the imprisonment of Ross “Silk Road” Ulbricht, or the most recent leak of customer data from the Ashley Madison hack, the Dark Web always seems to be at the centre of the latest controversy – but what exactly is it?
Shedding some light
First, let’s straighten out some terms. All too often the Dark Web is confused with the Deep Web – the unindexed part of the Internet that’s not normally visible to search engines, such as content accessed via dropdown boxes or dynamically created web pages. While the Dark Web is certainly part of the Deep Web, they are far from the same thing. To add some perspective, while the Deep Web makes up around 90% of all Internet content, the Dark Web only accounts for 0.1% or so. For that 0.1%, anonymity is the name of the game.
In fact, secrecy is built into the foundations of the Dark Web, with the Tor browser or other specialised tools being a prerequisite for access. Tor bounces traffic through different servers and adds multiple layers of encryption to provide its users with robust anonymity. In a dark example of capitalism and e-commerce in action, this hidden ecosystem has proven to be the perfect cover for a host of illegal industries, including everything from counterfeiters and drug dealers, to assassins and people smugglers. Of course, that’s not to suggest that everything about the Dark Web is illegal or nefarious; while this is the home of the Silk Road and worse, it was also the birth place of WikiLeaks and a haven for those seeking to avoid suppression and censorship.
A tangled web
Clearly the Dark Web raises important questions about Internet censorship that have no easy answers. Even if it were feasible to shut down the Dark Web overnight, it could well be argued that this would be the wrong choice. However, for today’s cybersecurity experts the practical implications of the Dark Web are the main concern. The cyber risks from this hidden world are many and varied, including hackers for hire, access to stolen data and the sale of custom-built exploit kits. The Dark Web has become a cybersecurity trading-hub where attackers can pool their resources, talents and insights. Thanks to this collaborative environment, cyber criminals are becoming ever more sophisticated, prepared and alert to new opportunities. Digital attacks are now big business, with 80% funded by crime rings pursuing annual profits that can amount to as much as US$445 billion worldwide.
Unfortunately, the same sense of collaboration cannot be seen in the cybersecurity industry. While the pursuit of profit is driving cybercriminals to pool their resources and collaborate online, organisations remain reluctant to do the same – preferring instead to keep information on new threats or vulnerabilities under wraps. Today, the analysts and researchers bringing exploits to light so they can be fixed are as likely to meet recrimination as praise. For instance, Chris Roberts – a security researcher at One World Labs – was prevented from flying and questioned by the FBI after a tweet in which he suggested systems on-board United Airlines’ planes could be compromised. It’s time to realise that sharing insights will help strengthen security across the board. No organisation can keep pace with today’s crowded and ever-changing threat landscape alone.
That’s why we developed SecureData GI: a service that combines a deep view of an organisation’s specific vulnerabilities with threat intelligence feeds from the wider web to build an utterly comprehensive picture of its real-time security posture. We also arm customers with expert insights into the most relevant and serious cyber risks on the horizon through our regular Threat Advisories, enabling them to eliminate critical vulnerabilities before they have any business impact. Ultimately, there are lessons to learn from the Dark Web: not just the intelligence it can provide about emerging cyber threats, but also how a collaborative mind-set can overcome any challenge. Once this same mind-set is applied to reinforcing rather than breaking down IT security, every organisation will benefit.