While there are numerous positive and beneficial aspects of the dark web, it has become a well-known global marketplace where bad actors in the workplace can commit cybercrimes almost undetected. Fortunately, the advent of new and emerging technologies enable us to monitor dark web and potentially derail cybercriminals.

Defining dark web

According to Dr John Coyne, Head of the North and Australia’s Security at Australian Strategic Policy Institute (ASPI), “The internet is comprised of two parts: the part that is indexed by search engines and that which isn’t (the deep web). A small portion of this deep web comprises of what has become known as the ‘dark web’. In these areas of the internet exist secure networks of various sizes. These networks and their data, are protected by a range of technology including encryption.” 

The dark web is a layer of the internet that is relatively hidden from the view of typical search engines such as Google Chrome and Safari, and it can only be accessed by specific software or computer configurations.

This hidden layer allows website operators and users to remain anonymous and almost untraceable.

Advantages of dark web

On a fundamental level, dark web offers opportunities for us to create communities where we can share stories and talk about anything, anytime, without fear of being monitored. We can join gaming forums such as a chess club and play with people from all over the world. We can enjoy unfiltered chat rooms, and mingle on dating sites, etc.

On a humanitarian level, anonymity of dark web provides a safe haven for people who may fear for their lives to freely express feelings, connect to support groups for help, provide tips and report their abusers to media outlets and law enforcement without humiliation or reprisal. Here are some instances where such people may find refuge on dark web:

• With “Cyber Stalking on the Rise” in Australia, victims can download Tor software and anonymously leverage its network on dark web to research where to find help and report their stalkers.
• Australian’s can tap into dark web communities like Dread and Envoy to learn how to privately and safely navigate the dark web. These communities offer valuable insights on how to avoid scams, malicious sites and cyber criminals.
• Many media and news outlets, such as Australia’s ABC News and Guardian Australia, use SecureDrop’s open-source whistleblower submission system so people can submit documents and communicate with journalists while maintaining anonymity and confidentiality.

A dark playground for cyber crime

According to Australian Commission for Law Enforcement Integrity (ACLEI), “Many of the challenges facing law enforcement and intelligence agencies arise from the application of new and emerging information and communications technologies (ICTs) in ways that enable criminal activities to go undetected – commonly described as ‘going dark’. These include the ‘dark web‘; encryption; multiple data storage platforms; cryptocurrency; social media; and messaging apps.”

David Glance, director of the University of Western Australia Centre for Software Practice, recently stated cybercriminals consider dark web an established “safe harbour” for nefarious activity because of its accessibility and encryption software.

Going dark in Australian workplaces

Australian Government Home Affairs, Australian Federal Police, telcos and other law enforcement agencies around the world are collaborating and building robust methods to combat increasing criminal activity on the dark web, in particular to crimes related to workplaces. The fruits of their tactical labour have been hitting Australian headlines:

• Is your company and customer data being sold on the darknet? Potential rogue employee sells Australians’ Medicare numbers on darknet for the equivalent of $30 in Bitcoins. Suspected to be the result of a legitimate login to Australia’s Health Professionals Online Services system, Australian government referred the ‘Medicare Machine’ service to Australian Federal Police for investigation.
• ‘Trusted inside access’: Sydney IT contractor arrested over Landmark White data breach. Australia’s New South Wales Police Force investigates a Sydney IT software contractor who gained unauthorised access to the firm’s database. The contractor uploaded sensitive company data and personally identifiable information of 275,000 individuals to the dark web. The trusted contractor had worked for the firm in a position of trust for 12 years, and cost the firm at least $8 million.

• Hacked: Australian websites for sale on dark web. Hundreds of Australian websites are among 43,000 hacked servers available for sale on shadowy online “go-to” marketplace, MagBo, where cyber criminals sell access to websites through “web shell malware“. According to Australian Signals Directorate, “Web shell malware is a long-standing, pervasive threat that continues to evade many security tools.”

Dark web monitoring

Leveraging the same new and emerging ICTs, dark web monitoring tools and services help combat this pervasive threat by proactively monitoring dark web for signs that company accounts or sensitive information have been compromised, including stolen credentials, passwords, account details and financial information.

Whether vendors allow you to manually search large data bases of dark web content, or offer a managed approach by monitoring dark web for you, the most proactive approach to cyber security provides a deep layer of protection by leveraging dark web threat intelligence and real-time broad dark web searches to detect threats before attacks commence and compromise a company’s assets.

If you would like to learn how Intrix can help your business build the right cyber security strategy to detect and deter dark web predators, please contact us. We would love to help protect your company data and sensitive information.