In recent years, the black spider web has become widespread. In the past, this collection of forums, chat rooms, markets, and tools, populated by cybercriminals and other types of abusers, was particularly well known to security and law enforcement and the anti-fraud groups responsible for protecting organizations from threats from these environments.
The black network is now so famous that it is not only seen in movies and television, but also in Disney’s cartoons (Ralf breaks the internet) as the protagonist. However, the Dark Net has not only become popular in the eyes of the general public, but also in the security industry itself.
Many organizations strongly believe that black network monitoring is an important part of their security activities, and the security industry likes to cherish this belief. While in some cases it’s really important for the industry to follow the black web where information can help shape a threat reduction strategy, most organizations don’t know (and the security industry doesn’t tell them) that this is often not the case.
To understand which industries can really benefit from monitoring the black web, we first need to understand what it is – and what it is not.
The black network is not determined by the location of the sites. Although it is generally assumed that the dark web only exists in the TOR network, many dark web sites are hosted like any other website on normal servers that are available for any access with the correct URL. Although most people will define the black web as websites that cannot be found by search engines, in reality you could find a lot of them through Google if you know the right keywords.
What the Dark Net really defines is the content and the kind of people it visits. Because if a forum deals with financial crime and is populated by cybercriminals, it doesn’t matter where it is published or where you can find it on Google. The decisive factor is the type of content, and in most cases the content concentrated in a particular black web source is in the wrong area. There are obscure sites that deal with fraud, sites that deal with certain aspects of cybercrime, such as spam or malware encryption, and sites that deal with other issues, such as jihad or paedophilia.
These websites are platforms for networking threatening actors and are therefore generally community-based. There is a close connection between the dark circles of cyber criminals and those inhabited by paedophiles. Each of these communities has a purpose: for jihadists it is the publication and consumption of radicalising material, for paedophiles it is access to alarm material.
It’s a relief for the cybercriminals. Cybercrime is technical in nature and requires many ingredients to perform a simple task such as a phishing attack. In these circles, criminals can find partners who can fill these gaps. Instead of learning how to encrypt a malicious program, they can just buy it on the black web from someone who already knows how to do it. Instead of entering the country to physically steal credit cards with skimmers, they can find someone who has already received them and pay for the data. In order to achieve these specific objectives, black web communities are created and each community around them is built.
For this reason, surveillance of the black web is only relevant for certain industries. Black web communities dealing with cybersecurity, mainly cybercriminals, try to win their members over (although APT groups use black web tools, they have few links to these circles). These participants spend many years perfecting and refining their profession, so that it makes sense for them to focus on things that generate regular income, such as working with ransom or carrying out fraudulent operations, rather than focusing on one-off projects, such as breaking into organisations where each network is present and the problems associated with it are different.
While these projects are done when the rewards are high enough (the data they contain is valuable and can easily be converted into cash, such as credit card information), the community in general is focused on certain types of organizations that your organization may not belong to.
As cybercriminals focus on fraud, financial companies such as banks and credit card issuers are among the sectors that could benefit greatly from monitoring the Black Web. It’s not just about finding the obscure conversations on the Internet in which your organisation is mentioned, but also about the way fraudsters in general work, so that the anti-fraud team can develop effective anti-fraud strategies.
Online services are another area where monitoring obscure websites would be relevant. These companies such as Facebook, Google, Uber, Bitcoin file sharing and gambling sites have many consumer accounts and criminals have a clear incentive to put them at risk. Most other industries, such as manufacturing, B2B service companies or government agencies, are simply less profitable.
It is clear that the actors posing the threat will exploit or try to exploit any uncertain organisation they are dealing with. You can also earn money by accessing internal data and selling it online in these circles. However, any discovery of intelligence in such a dark network would be pure coincidence, beyond the control of the secret services.
Most of the current Dark Web data for these organizations are employee records – compromised records that are released in the event of a leak involving an employee of the organization. Although the definition of these references is important, it may not be a sufficient reason to subscribe to a black web monitoring service. There are services that focus exclusively on discovering employees’ identity cards, which is a much cheaper alternative.
Because many companies do not have many interesting ideas, intelligence services often try to ignore general reports on actors and threats without any real context or relevance to the organization.
Is it possible for a blackweb monitoring service to detect a significant leak in a database, even for an organization that is not normally targeted by cybercriminals? Yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah. The question is, what are the chances of this happening, is it worth paying so much for monitoring the black web, and wouldn’t it be better to spend that money on more effective security solutions for that particular organization?
That’s what it looks like: How can we evaluate providers of information about threats that cross the deep, dark Web?
Idan Aaroni is co-founder and CEO of IntelFinder, a company that collects and analyzes threat information. He is a veteran of cybersecurity and cybersecurity intelligence and has over 15 years of experience in developing and leading cybersecurity intelligence operations. In 2019, Idan received the Legend of Fraud Award for his role in creating one of the world’s first fraudulent intelligence services to monitor the black web on behalf of financial institutions around the world, as part of his work as Cyber Intelligence Manager for South Africa at EMC’s security service.
Previous chronicles of Idan Aaroni:
Keywords: dark web monitoring tools,dark web monitoring for business,is the deep web illegal,free dark web monitoring,dark web links,dark web browser,dark web screenshots,how does dark web work