One of the most eye-opening panel talks at this year’s ACT Annual Conference was the day-one session ‘Payment Fraud: The Full Story and How to Combat It’.
A forensic zoom into one of the most worrying types of financial crime to trouble the world of treasury, it touched on the influence of a particularly mysterious part of the illicit digital landscape with which finance professionals are wrestling: the dark web.
As attendees heard, bodies of data comprising sometimes thousands of personal login details are on sale on the dark web in generous batches. If cybercriminals who are preparing to infiltrate a company’s systems find that a set of details in one of their batches doesn’t work, no problem: dark web vendors can always rustle up another batch, containing another few thousand options to explore.
If you think of the internet as we know it as a bustling urban centre, where every street, office and home is rigorously mapped and documented, the dark web is like a collection of wastelands on the outskirts.
What characterises the dark web, and sets it apart from the more familiar online environment, is that its various occupants cannot be accessed via the browsers or address formats that enable us to surf the conventional web. They are simply not indexed on standard search engines.
Unlike the known internet, the dark web is typically encrypted, and users navigate it with the aid of open-source software platforms, complete with their own browsing conventions. In Old West terms, this is frontier territory.
User communities range in size from discreet, peer-to-peer groups to much larger networks, which are often bunched around the different breeds of software that promote and enable access – the primary examples being I2P, Freenet, Riffle and Tor.
In short, it is an off-the-books version of the internet, underpinned by an ideology of resistance to censorship, and to the various types of governance that have gradually arisen to control the excesses and misuses of the worldwide web.
It is a perfect climate for incubating and concealing criminal activity.
Experts are constantly combing the terrain for insights into what, precisely, goes on there. One of the most impressive pieces of research undertaken in this field is a series of reports published under the banner heading Into the Web of Profit, from Silicon Valley-based cybersecurity firm Bromium.
Launched in June, the latest edition carried the zeitgeist-friendly title Behind the Dark Net Black Mirror: Threats Against the Enterprise. Penned by University of Surrey senior criminology lecturer Dr Michael McGuire, the report outlined three main areas of business with impacts for corporates in which dark web offenders are currently engaged:
In its coverage of Bromium’s research, Bloomberg reported that Dr McGuire and his team had posed as buyers to communicate with dark web vendors and find out what they were selling. Among the various pieces of merchandise on offer were login credentials for customers of “many businesses”, including Bank of America and Qatar National Bank.
McGuire’s team also found evidence of employees at AT&T and Verizon selling access to their corporate networks, so that fellow dark web users could obtain contract and payroll data.
In June, the International Business Times reported that the notorious dark web hacker Gnosticplayers – which may in fact be a coordinated group of hackers working under the same name – had breached the systems of online social-planning platform Evite, making off with 10 million customer records.
The stolen records were comprehensive in nature, including such details as full customer names, emails, IP addresses, usernames, passwords and even phone numbers. As the report explains, Gnosticplayers had demanded a ransom from Evite of $1,900 in Bitcoin to refrain from using the data. Among the hacker’s other recent victims are the online businesses Gfycat, Canva, ShareThis and 500px, along with the apparel company Under Armour.
According to a Forbes article from February, Gnosticplayers was also behind the offer for sale earlier this year of 127 million personal records stolen from various multi-gigabyte databases relied on by corporates. That was just days after a cache of almost 620 million account details from 16 commercial websites made its way onto the Tor-based, dark web vending platform Dream Market.
In May last year, Europol announced that it had created a dedicated Dark Web Team to investigate and crack down on wrongdoers, and had held a symposium where representatives of law enforcement groups from 28 European countries shared their knowledge of the dark web.
One year later, the agency revealed that, in a series of coordinated raids, national enforcement teams acting on Europol intelligence had brought down two of the dark web’s busiest vending platforms: the Wall Street Market and the Valhalla Marketplace.
In the same month, Metro reported that the CIA had set up a mirror version of its official website on the Tor network. The organisation’s director of public affairs Brittany Bramell explained in a statement: “Our global mission demands that individuals can access us securely from anywhere. Creating [a dark web] site is just one of many ways we’re going where people are.”
Speaking to Metro, Marina Kidron, director of threat intelligence at cyber-risk management firm Skybox Security, said: “Currently, it’s estimated that law enforcement agencies are embedded in about half of the dark web.” In their undercover surveillance operations, she noted, enforcers are infiltrating invitation-only forums and gathering intelligence to “shutter sites and disrupt or capture the cyber gangs behind them”.
YouTube has an excellent, 40-minute webinar on that very subject from cybersecurity company Business Information Solutions.
An equally informative dark web webinar from US conference brand the Global Security Exchange can be found here.
Matt Packer is a freelance business, finance and leadership journalist.