To most people, the Internet is a necessary and useful place to gather information (sometimes useless), connect with prospects and customers, and stay abreast of current events. However, there’s a more nefarious side to the World Wide Web that many don’t even know. The dark web is a subterranean marketplace for criminal activities—drug deals, child pornography, weapons sales, unauthorized links to sensitive information, money laundering, copyright infringement, credit card fraud and identity theft, even murder for hire.
The underbelly of the Internet can be tough to understand, let alone access. Consultant BrightPlanet outlines the difference between the surface web, the deep web, and the dark web. The surface web is the familiar face of the Internet we all know. Deep web is not accessible to link-crawling search engines; users can only access it through searches within a particular website. For instance, searching “government grants” through Google will take you to www.grants.gov, a deep web site where a directed query to the search box brings deep web content not found via Google.
The dark web refers to any web page that has been concealed to hide in plain sight or reside within a separate but public layer of the standard Internet. It’s accessible via search boxes that reveal a web page or answer if a special keyword is searched; sub-domain names that are never linked, or special HTTP headers that show a different version of a web page. Virtual private networks, often requiring additional software to access, are another way into the dark web.
Although law enforcement regularly detects and shuts down illegal dark web sites, the dark web economy keeps growing. A recent Washington Post article estimates that seized sites represent less than a third of dark web commerce. One of the best-known, Silk Road, was an online black market, fueled by Bitcoin, where illegal drugs were bought and sold, and buyers rated dealers like restaurants on Yelp. Although the FBI shut down the site in 2013, catching wrongdoers on the dark web is like playing a game of whack-a-mole—more keep cropping up.
After data is stolen, the deep web provides a marketplace where stolen identity information is bought and sold. One could argue that with such a vibrant market for stolen information, the dark web is fundamentally increasing the demand for identity and other personal information.
The big-data/data monetization model of legitimate businesses is a perfect fit for dark web sites, which can be remarkably sophisticated. Before being busted, black market outpost Rescator was selling more than a million stolen credit cards at $20 to $100 a pop. Buyers could search for cards by the banks that issued them, card type, expiration date, country, or type of data stored in different tracks on the card’s magnetic strip. Rescator even offered refunds for cards that didn’t work!
Beyond hacking for profit, the dark web also harbors brand terrorism, or “troll attacks,” designed to create an environment of chaos and economic disruption—a real threat for businesses, according to a recent article in Risk & Insurance.
Increased awareness of dark web activities is generating more interest in the purchase of cyber insurance, a great opportunity for the industry. But this sword has two edges. With the increase in big data hacks, it’s only a matter of time before global insurance companies become the target. If a Rescator was charging crooks $100 for stolen credit card information, what would be the going rate for sensitive insurance information?
This potential threat means your team must be aware and focused on preventing cyber crime—certainly to expand the business around cyber security, but also to ensure that someone is still minding the store.