The Dark Web

Jason LaRoche

Cybersecurity is ultimately the battle for identity and an economic model. Whether you call it information assurance, information security, or cyber security, it boils down to protecting identity vis a vis the economy. Everything from tax collection, to the banking system, and elections rely on the individual being reliably tied to social security numbers, card numbers, and legal names. The seemingly terrifying fact of the matter is your personally identifiable information is probably for sale right now somewhere within the depths of the dark web. Anyone with some aptitude and an afternoon can download Tor, and be transacting in carder forums before sundown. To the uninitiated, this process may seem mysterious, even magical. It is this shroud that must be removed, if we ever hope to get ahead of the bad guys.

The dark web is not nearly as glamorous as it sounds. It is a less functional, less user friendly World Wide Web. If you don't know your way around, it may seem vast, but in actuality, compared to the larger Internet, it is very small. The most common way users access the dark web is through the Tor Project's Onion Router. The Onion Router is essentially an anonymity network accessible through free software. One needs to merely download the Tor Browser and follow the ensuing directions. The Tor Project is a not-for-profit organization dedicated to preserving web anonymity. It does this by confusing bystanders. A collection of independent nodes creates the backbone of the Tor network. By not allowing a single entity to control a majority of nodes, Tor is able to creatively route network traffic thereby maintaining user anonymity. Tor sends all exchanged data through a bunch of false destinations/starting points, making it harder for anyone to track who is sending and receiving what. It is similar to television's crime stoppers trying to trace a phone call that has been bounced all over the globe.

Carder forums range in quality from flashy to very basic. Older more established marketplaces tend to provide a graphic user interface, making navigation no different than Google. Other sites appear cobbled together and elementary, lacking even basic English proficiency. Users locate these sites through a variety of means. IRC channels and forums on the regular Internet, lead to direct messaging sessions with dark web denizens. These folks act as gate keepers, attempting to weed out law enforcement. They are in business, after all.

You may be asking yourself, how did my information get there in the first place? Sometimes there is a large breach wherein huge data sets are stolen, other times it is a piece of malware sitting on a restaurant's POS system siphoning off credit card data. Lastly, don't be intimidated by glossy terminology; malware is just a piece of software designed for nefarious purposes. Sophisticated attackers are capable of hiding this software from the owners of the infected machines, actually issuing multiple iterations over a span of years from remote servers. Education and eternal vigilance remain paramount.

Want to learn more about information assurance and cybersecurity? Request more information or call 877-820-0581 today.