The dark web is one of those elusive subjects that can often get misinterpreted in its risk and impact to individuals and organizations. Is it dangerous? Is it only for drug dealers and Bitcoin scammers? Should companies concern themselves with the dark web?
We spoke to Connie Mastovich, Senior Security Compliance Analyst at Reclamere, to get her take on what the dark web is, what risk it poses to companies, and how to protect yourself from it.
A Quick Refresher: What is the Dark Web?
“If you don't know what the dark web is and what its capabilities are, you aren't going to be well-equipped,” Mastovich says. “If you don't understand it, you won't be able to put necessary precautions in place.”
Broadly speaking, the dark web is a portion of the internet that is only accessible by specific means. It is designed to provide anonymity and obfuscate movement through a network. The most commonly used method for someone to access the dark web is through the Tor Browser - a browser similar to Firefox.
Because the dark web is best known for anonymity, there are usually three types of individuals lurking on it.
- Those engaging in criminal behavior, such as selling drugs, guns, fake passports, or engaging in cryptocurrency scams.
- Hackers selling stolen personal information, company secrets, as well as vulnerabilities, attack methods, or methods/tools of exploitation (also known as exploit kits).
- Journalists preferring anonymity and citizens from countries who censor or limit internet access.
For the purposes of this article, we’ll focus on the first two.
Does the Dark Web Pose a Cybersecurity Risk?
In the case of hackers, the risk posed to an organization is clear. A hacker may be developing a new method of attack or has recently discovered a vulnerability and created an exploit. They’ll either sell this information or attack tool to other malicious actors or work with other individuals in the dark web to further work on the exploit or attack.
Motivations are hard to parse out - some hackers want the notoriety for developing these exploits and attacks but some just want to make a quick buck.
Beyond hackers, the dark web poses a significant risk to users (and companies) because it has not been created with security in mind. Publicly, it’s easy to take for granted that browsers, websites, and companies consider security and ensure they’re keeping visitors and their data safe from a compromise or breach. If they fail to maintain the right security, these companies are liable for their negligence.
On the dark web, things are different. As Mastovich puts it, “If someone builds a website on the dark web, their top priority isn't to be safe, it’s for business, creating an inherent risk. Using the Tor browser [provides] protection but it's still the underworld. There's no priority on protecting machines and networks.”
Compounding this issue is that individuals on the dark web are, more often than not, engaging in illegal activity, so they’re aware that there are no repercussions or ramifications if their website is putting visitors at risk. There’s nowhere for the victim to go because victims would be found culpable for engaging in illicit activity.
How Does This Affect Companies and Organizations?
Because the dark web is an inherently problematic environment where security and safety is eschewed, any risk an individual undertakes is extended to the network they’re on. “If people want to do something on the Dark Web and don’t want it traced to their home, work would be the next place,” Mastovich says.
All the risks posed by the dark web are passed to your company if the individuals are accessing it through your network.
Additionally, there are legal ramifications that organizations may have to consider. Mastovich mentioned that Jeff Sessions, the US Attorney General, recently announced that his department would be looking at dark web activity more closely in order to prevent the flow of drugs.
While it’s legal to be on the dark web, the possibility that it gets you tracked or looked at by the government, whether the FBI or any other department, can become a serious liability.
If an employee is connecting to the dark web on your company’s network, that IP address may be traceable back to your company. This can lead to serious consequences federally, legally, and reputably, potentially damaging your company on multiple fronts.
How to Minimize Risk Stemming from the Dark Web
There are two main ways to properly protect yourself from the dark web.
- Understanding the dark web.
- Flagging any dark web activity.
Presence of any dark web activity should be taken very seriously.
Security companies should conduct research and stay on top of developments on the dark web. Be aware of some misconceptions:
- It’s not a given that if you’re on the dark web, the government is watching or tracing your activity (but it’s a possibility).
- Just because you’re on the dark web, it doesn’t mean you’re engaging in illegal activity.
- It’s perfectly legal to connect to the dark web. However, your organization should have a compelling reason for being on it.
As we mentioned, the Tor browser and the dark web isn’t built with security in mind. If you’re going to access the dark web, be sure to isolate your device and connection from the rest of your organization’s network.
The best way of doing that is via a sandbox, a method of testing out applications, software, or other tools in a way that isolates the device, OS, application, and network so if any compromise were to occur, whether via a virus or an external attack, the damage is limited only to that device and isolated network.
You should also set up processes or tools to know when your network has connected to the dark web. If an employee has connected, that’s an immediate red flag. One thing to note is that the Tor Browser looks like a regular browser. “It’s easy to pass by someone’s computer [who is] using the browser because it doesn’t look any different,” Mastovich warns.
Having your antivirus up to date and setting up a firewall is a must, as these tools will alert you and flag Tor Browser and dark web activity as suspicious.
If you really want to make sure no one connects, Connie suggests blacklisting certain websites to prevent users from being able to install software, such as the browser and OS that are used to access the dark web. Lastly, real-time event monitoring and endpoint protection should be in place to stay aware of any activity related to the dark web.
The Best Way to Protect Yourself from the Dark Web
Connie advises against accessing the dark web if at all possible, even for the security department. Being on the dark web is risky and the average company doesn’t have access to a sandbox environment to allow them to be on the dark web safely. There simply isn’t much benefit in connecting to it given the risks involved.
It might be tempting to “get ahead” of a hacker and see what kind of new attacks, exploits, or vulnerabilities are out there but these attack methods and vulnerabilities will likely be developed further by any buyer. The deployment method may change or further fine-tuning and development will make defending against it near impossible.
Ultimately, the best way to protect yourself from the dark web is to stay off it and monitor your environment to ensure your organization’s employees are off it as well.
Interested in learning more about topics like this and from experts like Connie Mastovich? Our upcoming Threat Intelligence Summit and the highly-anticipated InfoSec World Conference & Expo offer the perfect opportunities.