The dark web isn’t inherently bad or evil. It’s not illegal to be anonymous on the web. However, the unfortunate truth is that there are plenty of people who are willing to take advantage of the anonymity lent by the dark web and to undertake some form of illicit activity.
Cybercriminals use the dark web as a means to communicate about all manner of activities, from planning cyberattacks to the selling of illegal goods or stolen data.
On top of this, with distrust growing towards governing bodies and large corporations around data privacy dark web communities are thriving. More people are becoming familiar with the dark web for both legitimate and illegitimate reasons, a fact that should cause security professionals increasing concern.
On the flip side, many security professionals actually shy away from the dark web. It is an online region surrounded by an ether of mystery and myth. However, while certain parts of the dark web should only be accessed with the utmost skill and caution, the basics of the dark web need to be understood by all members of the security community.
The difficulties of accessing dark web forums
There are numerous challenges that security professionals face when they come face to face with the dark web. The first of which is actually finding the dark web forums where illicit activity is taking place.
The first step to locationg dark websites is through various directory lists. These easy to locate sites and forums, however, are unlikely to be where the really important things are happening. Instead it’s more likely to be filled with amateurs and more innocent activity. Additionally, these lists often become outdated quickly as dark web domains change frequently.
In order to locate more relevant darknet forums for the purposes of security research, there are strategies which can be employed, for example, snowball sampling.
Snowball sampling is a method which involves creating a web crawler that takes a root URL and crawls the website for outgoing links. Generally, this will then return a large number of dark web URLs. This works particularly well for dark web forums as people often link to other sites in comments or posts. Done incorrectly though could draw attention to your bot and have the admin block you.
The dangers of accessing dark web forums
Accessing the dark web should be done with care and caution. It is in some ways like the last frontier, the wild west. It provides a training ground for new techniques and strategies for experienced and inexperienced hackers alike. For a security professional, getting to know these new techniques is vital for the efficacy of your security strategies.
A few key safety concerns and the dangers of the dark web are as follows:
Breaking the law. Law enforcement officials operate on the dark web to catch people engaged in criminal activity. Like others on the dark web, law enforcement can do their work under a cloak of anonymity. It’s important to remember that you can be prosecuted for things you do on the dark web and thus to behave in an appropriate and legal manner.
Viruses. Unsurprisingly a lot of hackers on the dark web would be more than willing to turn their talents and attention to you should you accidentally cross them. Some websites will infect your device with viruses and any and all links or downloads should be viewed with suspicion. There are a lot of viruses to watch for, from ransomware to spyware and everything in between. Additionally, if you do click any links you may be taken to the material you don’t want to see that many people would find disturbing.
Webcam hijacking. It’s smart practice to cover your webcam with a piece of tape or plastic when you’re not using it. This is because some people may attempt to gain access to your device’s webcam by using a remote administration tool (RAT). The risk of this happening increases exponentially when you enter the dark web.
Remember: You use the dark web at your own risk and you should take necessary security precautions such as disabling scripts and using a VPN service.
Why do security professionals need to surveil dark web forums?
We’ve talked about the dangers and difficulties of accessing and finding relevant dark web forums for security research. Why though should accessing these dark web forums be a priority for security professionals and how can one effectively monitor these forums for potential threats?
Identify new hack strategies.
The dark web is where many cyber criminals go to learn as well as to purchase things like exploit kits. Monitoring the dark web, being able to investigate and understand the methods and mindsets of hackers is essential to enable security professionals to develop counter strategies.
Discover physical threats or plans against your organization or executives.
Terrorist organizations, violent far-right dissenters, and others who intend to commit or openly discuss violence against others can be found on dark web forums. One example of this is the shooting which took place in a mosque in New Zealand on the 15 March 2019 which killed 51 people.
This attack was talked about before and during the attack on forums such as 8chan. Pictures of the weapons that would be used were shared along with a 74 page manifesto. Conversations around the event appeared with numerous like-minded individuals actively in support.
This is an extreme, worst-case scenario. But it absolutely highlights the necessity for security teams to have the tools to effectively monitor dark web forums.
Listen and filter noise around your organization’s name.
There is a lot of noise on the internet. Inevitably some of it may be about your organization and it’s more than likely that not all of it will be good noise. Because of the nature of dark web forums, there is an increased likelihood of discovering negative noise about or relating to your organization.
With the right tools, such as Signal paired with our emotional analysis tool Spotlight, you can identify persons of interest and more closely monitor future activity around them.
Additionally, discussions around stolen data for sale, as well as things like exploit kits are often discussed on the dark web. Identifying these threats as soon as they appear will allow you to take appropriate action to mitigate these threats and reduce any potential damages.
Dark web monitoring solutions: Signal OSINT platform
With an ever increasing amount of Cyber activity it is more important than ever for organizations to mitigate the potential risks of cyber threats, attacks, and data breaches. As the traditional Physical Security and Cyber Security worlds converge, Signal cyber feeds provide the ability to expand areas of interest and boost potential Cyber threat intelligence.
Cyber feeds that are accessible with a Signal subscription include:
Onion/Tor – Anonymous network requiring Tor browser (AKA as Dark Web)
I2P – Invisible Internet Project
ZeroNet – decentralized web-like network of peer-to-peer users
Open Bazaar – a fully decentralized marketplace
Telegram – a cloud-based instant messaging and voice over IP service
Discord – a VOIP application and digital distribution platform
IRC Chat – instant relay chat
The information available on these additional Cyber feeds can help identify a number of potential scenarios including;
Hacking for hire
Compromised accounts & servers
Sale of financial data
Sale of counterfeit and/or stolen goods
Money laundering
Sale and/or publication of personal information such as SSN, email, phone numbers
Discussions on and/or exposure of data breaches
Related: What is OSINT and how is it used for Corporate Security?