For those who have heard of it, the most common perception of the deep web is that it’s a place to buy drugs, guns, illegal pornography, and stolen credit card details, as was highlighted last year by the closing down of a notorious mail-order drug site, Silk Road, by the FBI.
While all of that is true, what may surprise most ordinary internet users is that an estimated 80% of all online activity takes place in the deep web—the publicly available online information that is picked up by search engines is merely the surface of what’s out there.
To untangle this deep, dark world, the first step is to define what the terms mean. The second is to consider the threat they pose to individuals and corporations, and how that can be addressed.
The surface web is the everyday portion of the internet, in which information is indexed and made accessible by search engines such as Google, Yahoo, and Bing. It contains a huge variety of material including news, social media and e-commerce websites, corporate sites, discussion forums, and blogs.
Next is the deep web, which refers to areas of the internet that are inaccessible by search engines. The crawlers that search engines use to trawl the web, jumping from link to link and indexing examples of whatever your search term may be, cannot get into sites that are restricted by a password or identification process. The inaccessibility of the deep web is often exploited by hackers: they can direct each other to restricted or temporary sites (which disappear after a set amount of time) to share information with only a selected group.
The dark net is a sub-layer of the deep web. In order to reach it, users have to use applications that also allow them to surf anonymously, such as Tor, I2P, and Freenet. If you are connected to the dark net, everything is done behind a cloak of anonymity.
Inevitably, both the deep web and dark net are home to marketplaces used by criminals for selling illegal merchandise such as leaked credit card and personal data, cyber-attack tools, guns, and drugs.
“There are private servers and closed sites on the deep web whose content is perfectly legal and legitimate,” says Rotem Iram, the COO of K2G, K2 Intelligence’s cyber practice. “But because the deep web enables and enforces restrictions on who can see content, it makes it easier for people to use it for illegitimate purposes. The dark net takes it one step further and gives a built-in anonymity. Both of them are platforms for the cyber black market.”
So what is for sale in these cyber black markets and how does it get there? Bank account details, passwords, so-called “personally identifiable information”(PII) such as social security numbers; customer credit card details; and patents, blueprints, and other trade secrets, are all for sale. The deep web is used extensively by hackers, who break into company networks and search for this kind of potentially valuable information.
The hackers extract the data, break it up into smaller bundles, and sell it to black market vendors, who in turn sell it on the deep web in exchange for virtual currencies such as Bitcoin. Vendors specialize in different types of stolen information or goods, and the marketplaces can look very similar to Amazon or eBay. There is also a separate group, the “hacktivists” who break into sites for social or political reasons, and will generally leak the damaging information they find for free on the deep web.
Given the profit motive of the first group, the criminal hackers, the most highly prized targets are financial services companies that hold bank account and other secure details, followed by e-commerce sites holding large numbers of credit card details. But less obvious, and less profitable targets can be just as attractive—when Sony’s network of Playstation users was hacked in 2011, some 77 million accounts were breached and personal information was published online.
Small companies—which are generally not adequately protected against cyber attacks—are targeted by hackers in order to be used as backdoors to bigger, more protected (and more profitable) companies via their supply chains. Such was the case in the Goodwill credit card breach, in which malware had been installed on a third-party system used to process credit cards in 10% of Goodwill’s stores. Some 868,000 credit cards were compromised as a result.
For companies wondering how they can protect themselves against the threat of having valuable private data stolen, there are two lines of defense. The first is to have a comprehensive cybersecurity strategy. Most companies can assume they have or will be hacked, says K2 Intelligence’s Iram, but having the right cybersecurity strategy in place makes it very hard for hackers to penetrate the system in the first place, and if a company is hacked, it minimizes the damage and reduces the information accessible to the hacker. It also shortens the time it takes to detect that the system has been hacked, and knowing as soon as possible is the best way to shut down leaks and stop them spreading.
The second line of defense is to have a constant flow of intelligence—agents (both human analysts and automated systems) scanning the deep web on your behalf, not only to look for leaked information from your company, but to get to know the environment so you can be better prepared: where are the key locations, who are the main players, and what is the next big hacking trend, for example a new virus or new tools being sold on the cyber black market, that could hurt your company?
The number of reported cybersecurity incidents jumped 48% to 42.8 million in 2014 compared with the previous year, according to a recent report from PwC, equivalent to almost 120,000 a day. The deep web, and within it the dark net, are so large and so deliberately opaque that companies need access to as much expertise as possible to combat this growing threat from hackers who are equally determined to break in and make money or achieve notoriety from what they find.