The World Wide Web is an integral part of most peoples’ day to day lives, enabling business, social activity, entertainment, education, awareness and much more. However, there are bits of the Internet we know about and bits we don’t.
With the proliferation of IP enabled technologies breaking into mainstream security, the Internet and its workings are becoming more important. It is critical that any area that allows hidden Internet traffic is understood so that potential threats can be assessed and appropriate mitigation actions taken.
The top level of the Internet is often referred to as the Surface Web. This is anything that can be indexed by a typical search engine such as Google, Bing or Yahoo. Search Engines rely on pages that contain links in order to find and identify content on the web that people want.
IP reliant security devices such as CCTV, therefore, do not work as part of the Surface Web. So what comes next?
If the surface web is anything a search engine can find, then the next level is the Deep Web – anything that a search engine cannot find. There are a number of reasons why search engines can’t find data on the web, the main one being that content is ‘hidden’ behind a website’s search box and does not contain links to the Surface Web. This is common in many government websites and other data repositories such as libraries. Search engines do not search inside a website. The majority of content that makes up the Deep Web is in these sorts of sites and is generally not anything illicit or scary.
This is an area where we start to see IP security device output, accessible through a company’s own website but not available to Surface Web searches. However, this is not the end.
Digging a little deeper – and darker – we find the Dark Web. This is a small portion of the Internet that has been intentionally hidden and is inaccessible through standard web browsers. There are many anonymous networks that can only be accessed via specialised browsers and it is in this area of the web that illicit activities take place. But what how does the Dark Web threaten you, and how would you know?
Security professionals often stumble across data left behind by a bad actor, whether after an attempted hack, a suspicious visit to a website, or the fraudulent purchase of an online product. Unfortunately, because those engaged in illicit activity are not operating on the surface web, mainstream search engines and data aggregators offer little to no additional information to flesh out the profile of a bad actor.
Trying to find out where these illicit actors have come from and what risk they pose to your business requires expertise. This expertise is not just in finding particular sites, but also in getting into them and maintaining ‘membership’ whilst remaining legal. A further challenge is staying safe so the owners of the illicit site don’t discover who is looking at them and why!
Luckily, there are firms who specialise in identifying threats hiding in the Dark Web and can provide general and targeted threat analysis. This means that threats to businesses and individuals can be properly quantified and cost effective mitigation steps taken.
One such company is GeoRiskAnalysis, which has a cyber security division specialises in mapping the Dark Web to provide the information needed to mitigate the risks emanating from this area.
Vasco Amador from GeoRiskAnalysis discussed the risks from individual and companies operating in the Dark Web with SecurityNewsDesk.
“Key indicators suggest that we are not making enough progress with cyber security and, in fact are possibly going backwards,” he said. “Companies, governments, schools, and critical infrastructures,are experiencing increased data breaches, criminal activity, essential e-services disruption, and property destruction.”
Amador went on to explain more, saying, “The first risk is a breach. The number of breached records rose by 350 per cent in 2013, with approximately half of the US population’s personal information exposed in a 12-month period. The average time it takes an organisation to detect a breach is 32 days, an increase of 55 percent from last year.
“The second risk is crime and financial, informational,and industrial espionage. By one estimate, cybercrime and economic espionage costs an estimated 445 billion US Dollars globally (an increase from last year).
“The third risk is disruption of e-services. A DDoS campaign has been underway for the last year against the US top financial institutions. The DDoS attacks are reaching levels that are disrupting citizen’s ability to conduct banking, and communications providers can no longer guarantee quality of service or business continuity. The most recent example is the shutting down of the Sony PlayStation and Xbox networks this week.
“The final risk is destruction. In August 2012, Saudi Aramco suffered a targeted attack that used malicious software to destroy data and damaged nearly 75 per cent of the company’s IT infrastructure. Corporate officials declared it a targeted attack intended to affect oil production. A few months later, in March 2013,multiple financial institutions in South Korea suffered damages from malware similar to that used in the incident against Saudi Aramco. Their e-services were disrupted and data was destroyed.”
Amandor concluded that “Cyber breaches, crime, disruption, and destruction have significant implications for global trade and global business continuity. Cyber security constitutes a risk area for all organisations whether they acknowledge it or not.”
You can find out more from GeoRiskAnalysis at www.georiskanalysis.com.