Published on 19 May 2017 By Wale Ogunyemi
The dark web is an increasingly lawless place where cybercriminals trade hacks, passwords, and stolen corporate data. While international regulation was sought to stamp out such practices, the online environment that allowed the Internet to spread so widely and so quickly has also allowed the dark web to stretch even further, and carve out new places to hide and operate from.
As the Nigerian economy expands, and more multinational businesses move into the region, the country's ever-increasing cybercrime statistics are a key concern. The Cyber Security Experts Association of Nigeria (CSEAN) has gone as far as to state that the Nigerian government is ill prepared to face cybercrime in 2017 and beyond.
The so-called dark web, buried in the deep web, utilises a different protocol and is not indexed by mainstream search engines. Users go about their business anonymously, their locations protected by encryption and a host of privacy features baked into the free and readily available Tor browser, which is the most common way of accessing it. This makes it a paradise for cybercriminals.
Dark web threats loom in today's complex, ever-changing environment, for companies all over the world. To shore up their own cyber defences, CIOs need to take a more proactive approach to monitoring threats in its hidden depths.
Exposing these illicit transactions is almost impossible as many take place in invitation-only forums and are authenticated to stop anyone tracking them. However, it seems that even the dark web is not invincible when it comes to vulnerabilities. The hack of Freedom Hosting II, the largest host of dark websites, shows that there are holes in the deepest abyss of the Internet.
According to a Palo Alto Networks report (2016), the Nigeria 419 cybercrime gangs specialise in using advanced malware tools common with sophisticated criminals and espionage groups. To illustrate the threat that cybercrime poses to Nigerian individuals and businesses, the Leadership.ng (2016) reported that Nigeria loses nearly half-a-billion dollars to cybercrime annually.
The publication also predicted that in 2017, five categories of cybercrime would dominate the country: the CEO email scam, ransomware, assisted online kidnapping, cyber bullying, and impersonation.
In addition, Alphabay, reputably the biggest dark web marketplace, recently issued a statement on Pastebin confirming that it had rewarded a hacker after they had found bugs that had enabled them to steal 218,000 unencrypted messages between buyers and sellers. This hack highlights the scale of business being done on the dark web and underlines why CIOs need to understand its dangers and minimise their organisations' exposure.
It could be argued that these vulnerabilities in the dark web makes it easier for ethical hackers to get a better view of what data sits where, while making the dark web a more dangerous place for cybercriminals to operate. In this case stolen data, which included names and addresses, were handed over to law enforcement agencies, but only a minute percentage of stolen data is handled responsibly.
Take Yahoo, for example. Data from a breach involving one billion Yahoo accounts back in 2013, which the company only went public about last year, is still being openly sold on the dark web. The stolen data for sale includes personal data including names and birth dates.
Scanning for threats
CIOs are beginning to understand that a more proactive approach must be taken to protecting their organisations from cyber crime, which includes scanning the dark web for threats.
However, due to the make-up of dealings and the trust required between buyers and sellers on the dark web, human intelligence is essential in monitoring the dark web - automated tools alone are not enough.
Granted, monitoring the dark web is an enormous task. It requires a global team of cyber experts to analyse massive volumes of data and linguists who can impersonate cybercriminals to gain their trust.
Threat monitoring the dark web gives CIOs intelligence that can act as an early warning system. It can uncover, for example, if cybercriminals are planning an attack, so the organisation can pre-empt a breach and take immediate action to protect their digital identities and servers.
One of the biggest threats of the dark web is that dissatisfied employees can use it to sell their services to cybercriminals, according to Avivah Litan, VP distinguished analyst at Gartner. A report by RedOwl and InSights claims that the active recruitment of insiders in the dark web is growing fast, with insider outreach going up nearly 50 percent from 2015 to 2016.
The report maintains that the dark web has created an active market for employees to easily monetise insider access. It says that sophisticated cybercriminals are using the dark web to find and engage insiders to help them get malware over organisation's perimeter security and trigger it.
Gartner's Litan says that its clients blame the ease in which discontented employees can download the Tor browser and log into the dark web. Litan accepts that insider threats are a sensitive issue and that companies do not want pry and encroach on employee privacy, but at the same time must protect their business assets. "Organisations must be the judge of how high their risks are and how far they need to go fighting it," she says.
The RedOwl and Insights report recommends that enterprises "create, train and enforce consistent security policies while protecting employee privacy". This includes making sure employees and contractors understand penalties involved in insider action on the dark web.
The dark web provides a rich source of cyber threat intelligence for any CIO looking to bolster their cyber defences. By monitoring its inner workings, organisations can find out what data or IP may has been stolen, or leaked by insiders to use against them.
Tor, however, has made no secret of the fact it is doing more to safeguard its users this year, making the dark web even more difficult to penetrate. This will include sandboxing Tor at the application level and investigating the use of quantum computing.
There isn't an organisation out there who can claim it will never be compromised. Threat detection is paramount.
If CIOs know what they are up against, they can take the appropriate steps to protect their organisations.
Having an ear to what is being discussed in the chambers of the dark web is invaluable in the war against cybercrime.
By Wale Ogunyemi, Senior Solution Architect for Orange Business Services.
ALSO ON ITWEB AFRICA
GE executive speaks on energy resource management on the continent.
Bruce van Wyk director at PaySpace writes that accountancy practices have a lot to gain from mobile, cloud-based technologies.
ISPA says attempts to eradicate hateful/harmful content from social networks are often hindered by the global nature of these networks.
Wale Ogunyemi, Senior Solution Architect for Orange Business Services, says threat monitoring the murky world of the dark web empowers CIOs to act.
See the article here:
Why Nigerian CIOs should care about the dark web - ITWeb Africa
- Teejayx6 Will Steal Your Identityand Rap About It - WIRED - December 2nd, 2019
- Such as the struggle of the Venezuelan economy, some residents turn to a lucrative gig: Cybercrime - Herald Journalism 24 - December 2nd, 2019
- Smart users guide to the snooping game - Livemint - November 17th, 2019
- Privacy on your smartphone: how to protect your data - AndroidPIT - November 17th, 2019
- BBC News heads to the dark web with new Tor mirror - The Verge - October 27th, 2019
- The Tor Project releases Tor Browser 9.0 with several UX improvements - Neowin - October 27th, 2019
- Fraudulent Tor Browser Spies and Has Been Stealing The Bitcoins - GoodTime Nation - October 27th, 2019
- OnionShare Lets Anyone Host Anonymous Sites on the Dark Web - BleepingComputer - October 16th, 2019
- #SecTorCa: Millions of Phones Leaking Information Via Tor - Infosecurity Magazine - October 16th, 2019
- Is there anything we can do to stop someone spying on us? - Newstalk 106-108 fm - August 25th, 2017
- If you're really concerned about browser security, Incognito isn't enough - TechRepublic - August 20th, 2017
- The Daily Stormer has lost its lease, accessible only via Tor browser - The Moderate Voice - August 20th, 2017
- Tor Project 'disgusted' by Daily Stormer, defends software ethos - CNET - August 18th, 2017
- Neo-Nazi site Daily Stormer resurfaces with Russian domain following Google and GoDaddy bans - Vox - August 16th, 2017
- Tor Browser 7.0.4 Download - TechSpot - August 14th, 2017
- Debian-Based Tails 3.1 Anonymous OS Debuts with Tor Browser 7.0.4, Linux 4.9.30 - LXer (press release) - August 11th, 2017
- Tails 3.1 has been released but you'll need to do a manual upgrade - Neowin - August 10th, 2017
- China and Russia go further in squelching Internet freedom - Washington Post - August 10th, 2017
- The FBI Booby-Trapped a Video to Catch a Suspected Tor ... - Motherboard - August 9th, 2017
- Major Improvements Are Coming Soon to the Tor Browser - The Merkle - August 8th, 2017
- The Attack on Global Privacy Leaves Few Places To Turn - WIRED - August 4th, 2017
- Tor Co-Founder: There Is No Dark Web The Merkle - The Merkle - August 3rd, 2017
- Online privacy protection - Choice - CHOICE - August 2nd, 2017
- There Is Basically No Dark Web. It's Only A Few Webpages TOR Co-founder - Fossbytes - July 31st, 2017
- How to Install Tor Browser for Mac and Protect Your Online Activity - iDrop News - July 29th, 2017
- How to get around an ISP blocking a website - MyBroadband - July 26th, 2017
- Don't blame online anonymity for dark web drug deals. - Slate Magazine (blog) - July 26th, 2017
- Tor network will pay you to hack it through new bug bounty program ... - ZDNet - July 21st, 2017
- Tor Project to launch public bug bounty project - CIO Dive - July 21st, 2017
- How to access the dark web - The Daily Dot - July 20th, 2017
- Your Mailman Is a Drug Dealer. He Just Doesn't Know It. - WNYC - July 20th, 2017
- Want porn? Prove your age (or get a VPN) Naked Security - Naked Security - July 20th, 2017
- Suspected AlphaBay founder dies in Bangkok jail after shutdown of online black market - Washington Post - July 19th, 2017
- S. Sudan blocks Sudan Tribune website over hostile coverage - Sudan Tribune - July 19th, 2017
- Assassins and child porn; a darknet offers everything - The Slovak Spectator - July 19th, 2017
- Apple users warned of dangerous new Mac malware that steals banking credentials - ThaiVisa News - July 18th, 2017
- The best security apps to lock down your Android phone - The Daily Dot - July 14th, 2017
- Mozilla is held to a higher standard - Ghacks Technology News - July 14th, 2017
- Privacy blunder? Firefox's Get Add-ons page uses Google Analytics - Ghacks Technology News - July 13th, 2017
- Russia, China vow to kill off VPNs, Tor browser - The Register - July 11th, 2017
- How to safely search the deep web - The Age - The Age - July 11th, 2017
- ACLU's Gillmor on privacy: 'We pay for what we value' (Q&A) - The Parallax (blog) - July 10th, 2017
- What is Tor browser, and is it safe? | Komando.com - July 7th, 2017
- Darknet 101: Your guide to the badlands of the internet - CNET - CNET - July 5th, 2017
- In Reporting on North Korea, Tech Helps Break Through Secrecy - New York Times - July 5th, 2017
- How to safely search the deep web - The Sydney Morning Herald - July 5th, 2017
- TOR Browser - darkwebnews.com - July 5th, 2017
- How To Search The Deep Web Safely - Gizmodo Australia - July 5th, 2017
- Burleson man convicted of accessing child porn from dark website - Fort Worth Star Telegram - July 4th, 2017
- Here Brazilian Journalists Learn Privacy for Themselves and Their Sources - Brazzil.com - June 30th, 2017
- Purism aims to push privacy-centric laptops, tablets and phones to market - Computerworld - June 29th, 2017
- Brazilian site teaches journalists how to protect sources and personal data from digital attacks - Knight Center for Journalism in the Americas (blog) - June 29th, 2017
- The best ways to make your search private in 2017 - KnowTechie - June 28th, 2017
- Bill regulating online anonymizers unanimously passes first ruling in Russian Duma - Washington Times - June 24th, 2017
- The Burger King Ad That Activated Google Home Just Won A Prestigious Award - XDA Developers (blog) - June 24th, 2017
- Mozilla's new Android browser blocks ads and trackers - Boing Boing - June 22nd, 2017
- Secure OS Tails 3.0 Launches With Debian 9 Base, Redesigned ... - Tom's Hardware - June 15th, 2017
- Tails OS hits version 3.0, matches Debian's pace but bins 32-bit systems - The Register - June 14th, 2017
- Tor Browser 7.0 is released | The Tor Blog - June 10th, 2017
- Tor Browser 7.0 works harder to protect your anonymity on its own - Engadget - June 10th, 2017
- Tor Browser 7.0 released - gHacks Tech News - Ghacks Technology News - June 8th, 2017
- Tor Browser 7.0 arrives with multiprocess mode, content sandbox, and Unix domain sockets - VentureBeat - June 7th, 2017
- Wikipedians Want to Put Wikipedia on the Dark Web - Motherboard - June 7th, 2017
- What The Dark Web Is And How To Access It - Komando - June 3rd, 2017
- What is Deep Web and How is it Different from Dark Web - Guiding Tech (blog) - June 1st, 2017
- If You Think WannaCry is Huge, Wait for EternalRocks - Data Center Knowledge - June 1st, 2017
- DOJ, FBI Executives Approved Running a Child Porn Site - Motherboard - May 30th, 2017
- What is Tor, How It Works And Where to Download the Tor Browser? Everything You Need To Know - MobiPicker - May 30th, 2017
- WannaCry 2.0: EternalRocks author calls it quits - TheINQUIRER - The INQUIRER - May 28th, 2017
- Data For Sale: What Everyday Consumers Can Do To Keep Their Info Safe - Forbes - May 26th, 2017
- Fearing surveillance in the age of Trump, activists study up on digital anonymity - Washington Post - May 26th, 2017
- EternalRocks Attack Spreads While Using Same Exploit As WannaCry Ransomware - Yahoo News UK - May 23rd, 2017
- Tor browser for Android that is better than Orfox is in the works - Android Kenya (blog) - May 23rd, 2017
- Organizations Can Combat WannaCry & Jaff Ransomware With Well Instrumented DNS - Techzone360 - May 23rd, 2017
- This Spy App Can See If You've Visited Whistleblowing Sites on the Dark Web - Motherboard - May 20th, 2017
- A hack has put data of 17 million Zomato users at risk: Should India be worried? - DailyO - May 20th, 2017
- New Jaff Ransomware Part Of Active Necurs Spam Blitz - Threatpost - May 13th, 2017
- Three vulnerabilities allow spies to detect Tor browsers - Cloud Pro - May 9th, 2017
- Tor Browser - TechRadar - May 6th, 2017
- Tor Browser Profiles Itself - Security Intelligence (blog) - May 4th, 2017