Table of Contents
About The DarkNet – A little History
The darknet didn’t make so much sense until 2000 with the release of the Freenet. It gained much popularity in 2002 with the development of The Onion Browser (TOR). This technology was developed by the US government to serve as a means to enable their operatives to remain anonymous.
The inception of cryptocurrencies in the late 2000s made the darknet a lot juicier as it made it almost impossible to track transactions of users.
How Does TOR Works
To visit Cybersecfill website, for instance, a computer must first send a request to the server where the website is hosted. The server ideally would be able to see the IP address of the initial computer. It is not the same as Tor. At every layer of transmission, the data is transmitted multiple times in nested layers and randomly send it to other onion servers before it finally reaches its desired website.
On receiving the request, the website is unable to discern the original source. All it sees is the location of the last server in the Tor network. The information is sent back to the original computer through the onion routes. These routes act as a session. As they are only active for a short while after which it closes and a new one is created.
Getting through the Darknet
The darknet will remain a mysterious place if your only experience about it is through the not completely true mainstream media.
Most times, they make it look as though only advanced hackers have the skills needed to navigate through the hidden network that you are often told to stay away from.
It is important to note anyway that there are a lot of illicit activities on the hidden network and if you choose to participate in any of them, you should be willing to cry your cry when it’s time.
To access the darknet is like going on a private trip. You don’t tell anyone where you are going to, you just leave.
That’s why you need a virtual private network (VPN). This service ensures that your communication stays private. Such that even your internet service providers (ISP) would be unable to read the content of your search.
Sometimes when making these private trips you may want to be sure there is no one following you. You do this by going through some weird paths which obviously make your trip longer but make it harder for anyone to track you. It’s exactly same on the darknet and that’s why you need the Tor browser – it constantly relays your search queries across multiple servers from all around the world and still keep your search private making it difficult for anyone to stalk you.
Though, this could make your browsing experience relatively slow. Now, the same way you could freely stop by to make your personal purchases or have your private fun because you know there is no one watching is the same way you could freely make your searches on the darknet because you have ensured anonymity.
Have you ever imagined where all those data stolen from data breaches are being taken to?
The adversary has an end game when they come for your data. There is this financial power they can harness when they have sensitive data with them.
One cannot explain the possibilities that come with what can be done with your data. Most at times, adversaries are not always the primary beneficiary of your data, instead, they put it up for sale in a market where they can get buyers who end up being the primary users of the stolen data.
We have cases of stolen credit card information from the darknet, where it is put for sale for less than $40 per credit card information.
Credit card market is country-specific when doing your search. The darknet is the tunnel through which adversary can stay anonymous while trying to reach out to the primary users of their stolen data.
This beautiful coordination takes place through forums, chatroom and stores present in the darknet; some of these forums are renown to be controlled by various threat actors and adversary group. Some of which have nation-state backing in order to keep advancing their capabilities and waxing a strong identity and reputations.
Considering the fact that many organizations don’t have time and money to invest in threat intelligence; they lack the visibility to what adversaries might be planning on them, as it concerns happenings in the darknet. There are solutions with capability that revolve around letting you know when your organizations’ name or another form of identity are being mentioned across the darknet.
Source of Actionable Intelligence
How will an organization use a threat intel indicating that certain adversary group have their data leaked to the darknet?
This information can be an employee email and login credentials, databases from business-critical applications, customers credit card details and others have been put up for sales.
To answer the above question, we have to think of giving answers from diverse context.
The first context will be on the time such information get to the affected organization, that is if they get to know. This determines whether it will be useful strategically or tactically for the organization.
We can as well take it from the perspective of dwell time – the time when attackers successfully get to the last stage of the cyber kill chain which is not always the same as when organization get to know about the infiltration.
This clearly shows that many organizations are currently vulnerable to certain threats or under attacks in Nigeria. While many have been successfully breached but they never knew it until after months of the incidents, many also take some of those incidents as mere technical problems with servers and endpoints.
So all they do is to reinstall the operating systems and services impacting business process negatively and never bothered to find out about the root cause of the incident to avoid future occurrence.
Moreover, they have refused to share their ordeal with the communities so others could learn from it.
In a situation where all necessary factors are in place, information from the darknet about an organization can help them stay proactive instead of always been reactive.
If for instance organization have a couple of their employees’ email accounts and passwords leaked in one of these darknet forums as a result employee’s carelessness, series of actions to be taken to disable affected accounts, review the log of activities on an affected account, direct affected employees to change affected accounts password followed by employee’s awareness and basic cybersecurity tips.
This is what we call actionable intelligence, as it translates to actions that will keep affected organization safe now and as they move into the future.
Hamzah ‘Lateef is a Cybersecurity Engineer at CyberDome, where he manages and support endpoints and network security.