More than one person is curious to know what is on the deep web, what is on the dark web. Is it really so “dark”? Is it worth taking the time to monitor activity there? If you are part of an organization or your work environment has high data handling, you should do it. This article will detail an overview of the dark web, which is a minimal but relevant portion of the deep web.
Let’s start by detailing what the deep web involves. It is a large number of websites that are not indexed by search engines and private websites. In addition, they include certain isolated networks that search engines cannot detect. The latter, above all, is what makes the deep web denominate as such.
What can be found on the deep web? Exclusive content that in most cases requires payment, private repositories, academic papers, and medical records. Other sensitive data that is available are those that have corporate information and sensitive personal data such as banking and financial information. Even, contents that are in the different web and / or email servers are available on the deep web.
So what is the dark web? It is all the content present in the deep web whose visibility is not desired. This “dark” part of the web exists through private networks that use the Internet to make them accessible in some way. However, additional configurations and authorizations are required to do so. In addition, there is specific software that facilitates access to the dark web. According to a Business Insights study, the dark web is a tiny portion of the deep web … only 5%. However, that percentage is not minor. Likewise, the amount of information included in that 5% is quite considerable. From there, multiple attacks or breaches can be carried out.
Does the dark web have advantages?
Yes, there are two: anonymity and impossibility (or difficulty) of it being traceable . A curious fact is that not everything is illegal on the dark web. There are sites that have extremely useful content but nothing malicious. The caveat of benign sites on the dark web is that they have that special condition of privacy for many reasons. One of them has a lot to do with politics and censorship. There are journalists in many countries around the world, who find themselves in this difficult situation and access to the dark web makes their job easier. Also, it facilitates communication between them and their coworkers.
With what tools do you access the dark web or the deep web? One of the most popular is the Tor browser. The focus of this type of tool is the security and privacy of the users. However, they were not intended for malicious purposes. Unfortunately, cybercriminals or malicious individuals can take advantage of Tor’s capabilities and similar tools to harm many people.
Most likely, you have begun to read or listen to the dark web thanks to the fact that it is said that there are sales of drugs, weapons and other things. And it is so. In addition, contraband products, credentials for all kinds of services, credit card data, malware and / or ransomware kits are offered for sale. Anything that can be useful for an illegal activity can be found on the dark side of the web. Until not long ago, it was customary to say that what was put up for sale there had extremely high prices. However, it is possible to find personal data for less than 20 or 30 euros for a certain number of records. Dangerously, engaging in illegal activities is becoming increasingly accessible.
Consequently, the police authorities, especially in the US, have redoubled their efforts to find out in greater detail how this whole scheme of the dark web works. There has even been an instance of monitoring the activity of Tor browser users, as well as the creation of fake malicious websites in order to hunt down potential cybercriminals.
Is the dark web dangerous?
More than you think, and even more now that teleworking is the order of the day. Our personal and professional data is permanently managed in our homes. So cybercriminals have taken advantage of this change in our habits to focus their efforts on attacking individual users like the one writing this article. How can they do it? Very simple, they can acquire the credentials to access bank accounts of a certain entity through the dark web. They then begin accessing these accounts and, without much effort, can render those affected without funds or fill them with suspicious operations in just seconds.
Even if your organization or your work environment is not a large bank, financial company or “important” company, we must take the necessary measures so that our data does not end up in the wrong hands. Now we are going to mention some of the frequent situations that can occur through the dark web.
Sale of malicious software, exploits and vulnerabilities
Above, we had mentioned that you can find malware or ransomware kits. In addition, we can find Trojan viruses and worms. Emphasizing the programs used by people in general, it is customary to put exploits and vulnerabilities for sale that have not yet been reported. The latter happens as a consequence, generally, of the little importance that organizations give to the security problems of the programs they offer to the public. So, the people who managed to find those vulnerabilities and how to exploit them, look for other ways to make money or get noticed, and the dark web is a very tempting alternative.
Very easily, you can build a network of cybercriminals who buy and sell these kinds of “products.” This allows numerous attacks to be carried out that highlight those security problems that were originally reported but ignored. Unfortunately, many companies do not attach importance to security holes until a big event that damages them for that reason happens and from there, do something about it.
Botnets and their Command & Control servers
These are the main allies so that DDoS attacks , especially, can be carried out successfully. Let’s remember that a botnet is a network of infected computers and / or networked devices, which are called zombies . These are controlled by other devices called Command & Control servers . They act as a control center that indicates what the zombies must do to execute this or that attack. Both botnets and C&C servers are very effective in achieving their mission. With some ease, millions of users around the world can be left without access to a certain web resource through a small botnet. Of course, attacks can take place on much larger scales.
General cryptocurrency market
From the moment cryptocurrencies managed to gain relevance as alternative means of payment and as alternatives to classic trading actions, they were quickly adopted on both the deep web and dark web. Let’s take Bitcoin as a use case. This is the most popular cryptocurrency of all time and the one with the most value per unit. This and other cryptocurrencies are characterized by anonymity and the lack of traceability of transactions. Consequently, it has become a widely used means of payment for those who buy and sell both illicit products and services.
Another advantage of using cryptocurrencies for cybercriminals is that so far, there are no very strong regulations regarding their use. On the other hand, cryptojacking solutions can be found on the dark web. Let us remember that they consist of programs and / or portions of code that once executed, begin to take advantage of the resources of the affected computer or device for cryptocurrency mining. The ones that get used to mining through cryptojacking are Bitcoin and Monero.
How to monitor the dark web
Specialized programs are needed to help us know what happens on the dark web. They are called “Threat Intelligence Solutions”. The main advantage of using them is that it will not be necessary to install software like Tor and have to constantly access the dark web on your own. These are the most important characteristics of Threat Intelligence programs:
- Search for customer and / or corporate data to report any related activity on the dark web.
- Search for any company assets that have been leaked. This may include intellectual property documentation, access credentials, and corporate bank accounts.
- Any mention of your company or work environment in relation to vulnerability detection. So too, any other security threat
- Search for any link between the partners of your company and the activity found on the dark web.
- Information regarding those responsible for the activity on the dark web and how they carry out their activities.
- Proactive identification of potential signs of attacks such as DDoS in order to take preventive actions.
- Data on the potential reasons why cybercriminals act on the dark web with your organization’s data.
Onion Scan
It is a free and open source tool that supports the monitoring of the dark web. It focuses on the generation of reports that are characterized by being highly visual and easy to understand. On its official portal, you can access various articles detailing the reports and data maps that are obtained.
Do you want to install it on your favorite Linux distribution? We suggest you access the official repository on Github with all the necessary instructions to install. With few commands, you will already have all the dependencies and packages necessary to run Onion Scan. Likewise, here we provide you with the first commands to test this solution right now:
- How to install all necessary dependencies
go get github.com/HouzuoGuo/tiedot go get golang.org/x/crypto/openpgp go get golang.org/x/net/proxy go get golang.org/x/net/html go get github.com/rwcarlsen/goexif/exif go get github.com/rwcarlsen/goexif/tiff
- Begin installation with grab command to clone all content from Github repository
go get github.com/s-rah/onionscan
- Install the solution
go install github.com/s-rah/onionscan
Then you can run the binary file in the following path:
$GOPATH/bin/onionscan
- Another alternative is to run the program without compiling.
go run github.com/s-rah/onionscan.go
As you have seen, it is very easy to install and use Onion Scan to check what is on the Dark Web and if it interests us for our own security.
