Where Hackers Roam: Enter The Darknet
There is no getting around it, we all need and depend on the internet for conducting business. Business uses the internet for a variety of reasons, including access to cloud services, networking, and in more recent times whole business operations. Many users of the internet, whether they be your everyday person, employee or business manager, do not go further than logging into protected areas which require passwords. With all the recent cyber attacks you may have heard the term “darknet” when they talk about the hackers. This part of the internet is not accessible to your average user unless you use specific tools. Before we talk about that let’s establish some common ground with understanding layers of the internet.
The Internet Surface
We all engage with the internet on a surface level. This surface level of the internet contains any and all content that is traceable by search engine web crawlers. Which includes this article that you are reading. Anything you can access without a need to sign-in could be reasonably considered the surface level internet. While there does seem like there is a lot of content on this level of the internet, there really is not at all. According to Google only four percent of the internet would be considered surface internet. Which means Google only able has visibility to only four percent of the internet. So where does the other 96% of content live online?
Into the Deep Web and Darknet
Everything else not traceable by search engines can be found either on the dark web or even deeper on the darknet. That is 96% of the data online takes residence beyond Google’s grasp.
Content that is not easily found by search engines can be classified as deep web content. Another way to classify it is if search engines have a direct connection to the content. Most of this content in the dark web exists behind a credential screen, however at times it may not require a login. Often you will find databases which are only searchable within the website. For example a library catalog, student registrations, or email system are all deep web content. None of these are readily searchable through Google. It is at this level where much of the communications, project management, and file exchanges are made. These websites are intentionally made to blocker search engine crawlers. Most activities that happen on this level are with non-hackers, with specialized programmers building the platforms and architecture for others to use.
This a space where few have dared to venture. Those who do must be prepared or may easily find themselves lost. The darknet is a whole separate network layered on top of the internet, with the primary intent being anonymity. Access is even a challenge in itself with most access being only through specific software, protocols, and even specialized browsers. In a sense the Darknet operates like its own side of the internet, which is inaccessible to the average user. No web address will bring you there. The tools that would bring you to the darknet have the explicit intent of keep users, activity, and information hidden and untraceable. Sound shady, perhaps but you may be surprised who uses the darknet. As with any technology it is neutral and is reliant on it’s user for general, noble, or malicious use.
With all of the bitcoin transactions, trafficking, counterfeiters, gamblers, malware development, and even assassination plots; it can be easy to dismiss the darknet as a place of only criminal activity. However these discussions happen in the deep web as well, yet not everyone who uses the internet is a malicious actor. Same applies to the darknet, people are on there all with a variety of motivations.
The average people on the darknet usually include privacy advocates who are seeking to conduct legal activity in private. These can include people living under oppressive regimes or people seeking support from a toxic environment. Another set of users of the darknet are government security agencies themselves. Information on the regular web is tracked and they may need to conduct operations without a trace. They can also conduct sting operations on criminal actors in the darknet. Even businesses are on the darknet, who attempt to identify the sale of stolen data or finding communications of a planned attack. Lastly you will likely find journalists and political groups on the darknet attempting to mask their communications.
The criminals on the darknet are the ones you have heard about above. Often these criminals come in may shapes and forms, but on the darknet they’re all involved in illegal markets and business. One group of criminals often associated with the darknet are drug dealers who have established black markets and communicate exchanges. Another group of major concern to businesses and governments are information peddlers who have acquired stolen data or personal information and are seeking to sell it for a large amount. In case you’re wondering what happens to all of your stolen data, this is the result; a market exchange. Black markets for stolen data exist and are alive and thriving. It can be compared to the value that personal data has in the advertising industry.
The most important group to worry about are the hackers who often are the ones who acquire the information that is then used by information peddlers. At times these two may be one in the same. Hackers on the darknet will often be have forums and code exchanges set up to trade information with the same level of enthusiasm as developers on Github. The main difference is that no one in the darknet spaces can be identified. NotPetya and WannaCry were born from these groups in the darknet.
Understanding just how large the internet is and where you operate in it can provide you with enough insight to know where to identify upcoming threats to your organization. The most important thing to understand about the darknet is that, it is primarily market driven illegal activity that takes place there. While there are some people on there for lawful purposes, much of the activity is illegal and untraceable. With a basic grasp of the darknet how will you use this information to protect your data assets in your organization?