fbpx

Dark Web is that area of the internet that consists of encrypted content and is not indexed by search engines.

About 97% cybersecurity companies had their data exposed on the Dark Web in 2020.

Some data breaches occurred as recent as in end of August, a survey by security firm ImmuniWeb found.

The survey covered 398 cybersecurity companies headquartered across 26 countries including USA, UK, India, Canada and Germany.

Dark Web included both Deep Web and Surface Web in the survey. Dark Web consists of encrypted content that is not indexed by search engines.

More than 160 companies faced incidents as their employees used identical passwords on more than one breached system. Most of the passwords lacked basic security requirements - uppercase, numerical and special characters. Common passwords included ‘password’ and ‘123456’.

 

Half the exposed data consisted of plaintext credentials like financial and personal information.

US-based security firms showed most number of high-risk data breaches, followed by the UK. High-risk breaches include credentials with sensitive information.

A large number of leaks were silently performed by trusted third parties like suppliers or sub-contractors to the company.

Some stolen credentials came from incidents involving unrelated third parties where victims used work emails to sign into adult websites.

At least 5,121 stolen credentials were found in pornographic and adult-dating websites, ImmuniWeb said.

The report also stated that half the companies did not comply with General Data Protection Regulation (GDPR) rules owing to vulnerable software, lack of strong privacy policy, and missing cookie disclaimers when cookies contain traceable personal information.

More than a fourth of the vulnerabilities remain unpatched to date, the security firm said.

[Source: This article was published in thehindu.com By Sowmya Ramasubramanian - Uploaded by the Association Member: Nevena Gojkovic Turunz]

Categorized in Deep Web
Although both the deep web and dark web are the hidden sections of the internet, they are not synonymous and should not be confused with each other

The terms ‘dark web’ and ‘deep web’ are often interchangeably used to describe the section of the internet that is home to criminal activities. To understand the difference between the dark web and the deep web, we must understand the different layers of the internet, as detailed below.

Surface web: The first layer of the World Wide Web is the surface web, which is also known as the visible web or the clear web. It comprises websites that are indexed by common search engines such as Google, Yahoo, Bing, and so on. These websites are available for public access without requiring permissions. It is believed that the surface web constitutes only 3-4% of the entire World Wide Web; however, according to Wikipedia, the figure stands at 10%. This means the millions of search results conducted every second are but a minuscule percentage of the overall internet!

 

Deep web: A step further below the surface web is the deep web. The deep web is estimated to be nearly 500 times the size of the surface web or 90% of the entire internet. This section of the internet comprises websites and data that are not indexed. They are protected from search engines and crawlers by way of encryption.

Any data behind a firewall, be it data servers, organizational intranets, or archives, belong to the deep web. A website in the deep web would require you to enter your unique username and password combination to access. Probably, the simplest examples of a website in the deep web can be web-based email, social media platform, online banking, or web-based subscription service. That brings us to the question – whether the deep web is illegal to foray into? The answer is No.

Dark web: The deepest layer of the World Wide Web is called the dark web. Although a part of the deep web, dark web goes further deep. It is a subset of the deep web and the key difference between the two is that the deep web can be home to both good and bad data, whereas the dark web is mostly illicit.

As per some estimates, the dark web probably constitutes only 0.1% of the entire internet but is the hotbed for many illegal activities. The dark web can be termed the underbelly of the internet, as it facilitates crimes such as sale/purchase of stolen data, fake identity proofs, porn, drug trafficking, contract killers, sale of arms and ammunition, and so forth.

It is the infamous part of the internet where data is intentionally hidden and criminal activities are rampant. It requires special software – such as The Onion Browser (Tor), Freenet, or I2P (Invisible Internet Project) – to access the dark web. This is because the dark web can be accessed only by anonymous users, which common browsers do not allow. Common browsers track the IP address of the users and hence enable identification of the user – something which is undesirable in the dark web.

Access to the dark web is not illegal but is fraught with numerous risks. Therefore, it is recommended to stay away from the dark web, as it can be highly dangerous.

[Source: This article was published in dqindia.com By Neetu Katyal - Uploaded by the Association Member: Deborah Tannen]

Categorized in Deep Web

Law enforcement agencies working online benefit from machine learning (ML) and artificial intelligence (AI) , which lead to leading solutions. ML and AI work together, and automated methods can search the dark web, detect illegal activity and bring malicious actors to justice. 

The interface between AI and GIS has created enormous possibilities that were not possible before. The field of artificial intelligence (AI) is so advanced that it exceeds or exceeds human accuracy in many areas, such as speech recognition, reading and writing, and image recognition. Together, ML and AI are rapidly making their way into the world of law enforcement. 

AI, machine learning, and deep learning help make the world a better place, for example, by helping to increase crop yields through precision farming, fighting crime through predictive policing, or predicting when the next big storm will arrive, whether in the US or elsewhere.

As fraud detection programs are driven by artificial intelligence (AI), many of these chains turn to AI to ensure that they use various techniques to stop bad actors in advance. Broadly speaking, AI is the ability to perform tasks that typically require a certain level of human intelligence. 

 

Reward programs are particularly popular because they can store large amounts of valuable data, including payment information. Reward points are also valuable because bad actors can spend them or sell them on dark web marketplaces. 

Coffee giant Dunkin 'Donuts was the victim of a hacker attack in October 2018, and the fraudsters who initiated the program were able to sell users' loyalty credits on dark web marketplaces for a fraction of their value. Sixgill is a cyber threat intelligence service that analyses dark web activity to detect and prevent cyber attacks and sensitive data leaks before they occur. Using advanced algorithms, its cyber intelligence platform provides organisations with real-time alerts and actionable intelligence that priorities major threats such as cyber attacks, data breaches and cyber attacks. 

New York City-based Insight has developed a threat detection platform that uses artificial intelligence and machine learning to scan deep and dark networks for specific keywords to alert potential targets. Sixgill investigates the Dark Web, the Internet of Things, and other areas of human activity to identify and predict cybercrime and terrorist activity. While the darker web requires someone to use the Tor browser, it can also be accessed by someone who knows where to look. 

That's why AI and ML are used to bring light into the dark web, and they can sweep it away faster than a person could. The IntSights report primarily scans deep and dark nets for the latter, but it can also scan the darker net, though not as fast or as far as a person could do, the report said. 

The problem with using AI and ML for this job is that there is not enough clarity: 40% of the websites on the dark-net are completely legal. The remaining 60% are not, and this includes anonymous transactions that are legal, according to the IntSights report.

 

 

Good cybersecurity practices can reduce the risk of information being collected and sold on the dark-net. Reporting incidents to law enforcement can generally reduce the risk, and a quick response to incidents can help minimise the damage. According to IntSights, law enforcement agencies around the world seized more than $1.5 billion worth of malicious software in 2017. 

Cobwebs Technologies' confusing tool can also search for information about possible crimes before they happen. Cobwebs Technologies' involvement tools can also search for information about potential crimes before they happen, and they are available to law enforcement free of charge. 

Cobwebs Technologies "confusing tool scans the deep dark web to identify and find connections between people's different profiles, displays the information in graphs and maps, and presents it in a variety of formats. It uses artificial intelligence and machine learning to search for keywords that contain information about people, such as their social media profiles and social networks. Tangle can also generate alarms to alert officials to potential threats extremely quickly. Monitoring people's activities on the dark web and other social networks can help officials pinpoint their plans.

Criminals now routinely use the internet to keep their criminal businesses under wraps, and artificial intelligence could help catch paedophiles operating on the dark-net, the Home Office has announced. The company's co-founder and chief technology officer, Dr Michael O'Brien, said: "Our company has developed an AI-based web intelligence solution to make the web safer by enabling law enforcement and crime analysts to uncover the hidden profiles of criminals, drug dealers, money launderers and other criminals lurking in the deep darknet. 

Earlier this month, Chancellor Sajid Javid announced that £30million had been made available to tackle child sexual exploitation online, with the Home Office revealing details on Tuesday of how it will be spent. The government has promised to spend more money on a child abuse image database that, since 2014, has allowed police and other law enforcement agencies to search seized computers or other devices for indecent images of children to help identify victims. Some aspects of artificial intelligence, including language analysis and age assessment, have been used to determine whether they would help track down child molesters.

[Source: This article was published in aidaily.co.uk By Manahil Zahra - Uploaded by the Association Member: Anna K. Sasaki]

Categorized in Deep Web

LastPass' new Security Dashboard gives users a complete picture of their online security

Knowing if your passwords have been leaked online is an important step to protecting your online accounts which is why LastPass has unveiled a new Security Dashboard which provides end users with a complete overview of the security of their online accounts.

The company's new Security Dashboard builds on last year's LastPass Security Challenge, which analyzed users' stored passwords and provided a score based on how secure they were, by adding dark web monitoring. The new feature is available to LastPass Premium, Families and Business customers and it proactively watches for breach activity and alerts users when they need to take action.

 

In addition to showing users their weak and reused passwords, the new Security Dashboard now gives all LastPass users a complete picture of their online security to help them regain control over their digital life and know that their accounts are protected.

Dark web monitoring

According to a recent survey of more than 3,000 global consumers conducted by LastPass, 40 percent of users don't know what the dark web is. The majority (86%) of those surveyed claimed they have no way of even knowing if their information is on the dark web.

LastPass' new dark web monitoring feature proactively checks email addresses and usernames against Enzoic’s database of breached credentials. If an email address is found in this 3rd party database, users will be notified immediately via email and by a message in their LastPass Security Dashboard. Users will then be prompted to update the password for that compromised account.

Vice president of product management, IAM at LogMeIn, Dan DeMichele explained why LastPass decided to add dark web monitoring to its password manager in a press release, saying:

“It’s extremely important to be informed of ways to protect your identity if your login, financial or personal information is compromised. Adding dark web monitoring and alerting into our Security Dashboard was a no brainer for us. LastPass already takes care of your passwords, and now you can extend that protection to more parts of your digital life. LastPass is now equipped to truly be your home for managing your online security – making it simple to take action and stay safe in an increasingly digital world. With LastPass all your critical information is safe so you can access it whenever and wherever you need to.”

[Source: This article was published in techradar.com By Anthony Spadafora - Uploaded by the Association Member: Anna K. Sasaki]

Categorized in Internet Privacy

 Threat intelligence firm KELA shared a list of more than 900 Pulse Secure VPN enterprise server usernames and passwords with ZDNet, which a hacker had posted on the dark web in plain text.

The usernames and passwords, as well as IP addresses, from more than 900 Pulse Secure Virtual Private Network enterprise servers were posted in plain text on the dark web by a Russian-speaking hacker, first reported by ZDNet.com, which obtained the list with help from threat intelligence firm KELA. 

The list contained Pulse Secure VPN server firmware version, SSH server keys, all local users and password hashes, administrator account details, previous VPN logins with cleartext credentials, and session cookies.  

The authenticity of the list was verified by multiple cybersecurity sources. Further, the list was published on a forum frequented by popular ransomware threat actors, such as REvil and NetWalker. 

 

 

The leak was first discovered by researchers from Bank Security, which observed that the VPN servers listed by the hacker were operating with the firmware version that contained the CVE-2019-11510 vulnerability patched by Pulse Secure in early 2019. 

The Department of Homeland Security and other security researchers have repeatedly urged organizations to patch this critical vulnerability, as hackers continued to target the flawThose targeted attacks continued through January 2020. 

And in April, DHS warned that hackers were using stolen credentials to crack into enterprise networks through the Pulse Secure VPN, even if the vulnerability was patched. 

To find vulnerable VPNs, it appears that the hacker who compiled the list scanned the internet IPv4 address between June 24 and July 8, 2020 and leveraged the known vulnerability to access servers. Then, the threat actor gathered the server details and credentials, collecting the data into a central repository. 

Reviewing the list, it appears that 677 companies failed to patch the Pulse Secure VPN vulnerability. 

VPNs are one of the most common, secure methods used to remotely connect to the network. But as remote connections and telehealth use expanded amid the COVID-19 pandemic, the threat landscape has become much more complex. 

Pulse Secure CMO Scott Gordon told HealthITSecurity.com in March, that in healthcare, providers need to be employing endpoint protection and modern VPN solutions “where you’re encrypting communication session between the device and the data between the practitioner’s devices and application.” 

Since you are now expanding VPN use to more sets of employees contracts and affiliates you should for sure that the VPN software is up to date and current to eliminate the potential VPN vulnerabilities,” Gordon said, at the time. “They’ve essentially broadened the attack surface. Every end user accessing information and resources are now part of their attack surface, and they want to do everything they can now that they've added greater accessibility.” 

To Laurence Pitt, Global Security Strategy Director, Juniper Networks, its unacceptable that organizations failed to patch the vulnerability more than a year after a fix was provided, which allowed for cleartext data dump to occur. 

Further, security researchers have repeatedly provided proof-of-concept data that showed just what could occur if the enterprise left the vulnerability exposed.   

“The lesson learned here? Patch, patch, patch,” Pitt said in an emailed statement. “The data published lists only 900 servers. What we do not know is how many more have not been released – or, which of these could be sensitive servers that are now being poked and prodded in planning for a bigger attack.  

If you are running an older version of code on a service as critical as the VPN is today, then find the latest version and get that upgrade planned, he added.

Healthcare organizations should review insights recently provided by the National Security Agency to better understand the risk and best practice methods to secure VPNs, telework, and other remote sites.

 

[Source: This article was published in healthitsecurity.com By Jessica Davis - Uploaded by the Association Member: Jeremy Frink]

Categorized in Deep Web

Welcome to TechTours, where we will delve a little deeper into the questions many are too afraid to ask, and dive into the pools that most would just like to dip their toes. Today, we tackle the dark web. 

The notorious dark web has been the subject of many IT discussions and curious minds in the last few years. With the rise of cryptocurrencies and hacking groups like Anonymous, many wonder what is behind the curtain, and how to take a peek. 

The difference between clear, deep and dark web

Clear web is what we use every day. Everything that can be indexed or “found easily” will be classified under clear web. The terms “deep web” and “dark web” however, are often mixed up but they could not be more different. 

The deep web refers to items that can be accessed via a search engine  but are blocked by paywalls or subscriptions and sign-in credentials. It also includes any content that its owners have blocked web crawlers (such as search engines) from indexing. The deep web is estimated to make up between 96 and 99% of the internet.

 

The dark web is a subset of the deep web that is a lot more difficult to access, and where most of the illicit activity can be found. This requires a specific type of browser to access and is estimated to make up about 5% of the internet. Again, not all the dark web is used for illicit purposes despite its ominous-sounding name. 

What is the dark web? 

The dark web is the “underside” of the internet that isn't indexed by major search engines. By now, you have probably heard about the dark web being a proverbial dark alley of illegal activity and in many cases, it is. 

On the dark web you will find immeasurable amounts of ways to buy credit card numbers, lifetime Netflix accounts and even counterfeit currency. It goes without saying that it would not be a great idea to put in banking details or any personal information on there due to the dangerous nature of the anonymity of its users. It would also be illegal to purchase the aforementioned products.

But not everything is illegal, the dark web also has a legitimate side. For example, you can join a chess club or BlackBook, a social network described as the “the Facebook of Tor”.

How is the dark web accessed?

The thought of accessing a global marketplace where everyone is free to sell what they want, when they want, might sound enticing. I assure you, as can be expected with a platform where everyone is anonymous, accessing the dark web is not easy and it is incredibly easy to be scammed. 

Accessing the dark web requires the use of a browser called Tor. The Tor browser basically hides you from everyone else by routing your web page through a variety of servers making your IP address unidentifiable.  

Some positives of the dark web

Despite its “dark” reputation, the dark web also provides an access point for people in countries where digital restrictions are stifling them. People are turning to the dark web for freedom of speech and privacy. Just like the “clear” web, the dark web is filled with social media platforms, email services and even gaming websites. However, due to the use of browsers such as Tor, you are kept fully anonymous.

The dark web is also being used to expose corruption. News channels such as Fox, CNN and NBC have all got open sites on the dark web in order to receive anonymous tips from online users. In addition to this, due to the anonymity that the dark web provides, many users on the dark web use it to share personal stories. This ranges from advice on drug addiction, sexual abuse and many other personal stories people are afraid to share on the clear web. 

There are also a growing number of medical professionals using the dark web who consult with patients who would rather keep their medical conditions anonymous. 

Another reason people are moving to the dark web is to make anonymous purchases. We do not condone buying illegal items but recognise that there are legitimate reasons to buy products and services on the dark web such as buying specific security software and electronic devices. There are also tons of online communities where no matter what your passion is, you will probably find a forum for it. A note of caution is always avoid forum discussions pertaining to illegal activities. 

The dark web is an interesting place filled with a myriad of forums, marketplaces and illegal items but as mentioned previously, there is little to no policing. 

If your intention to use the dark web is to remain anonymous and find like-minded people then this is the place for you. One thing is for certain, like walking through a shady part of town, you will find lots of bargains and interesting things to see. Just don't go down the dark alley and check what people are selling from their trench coats. 

* Independent Media will not be responsible for person/s using the dark web irresponsibly. Please proceed with extreme caution when doing so and steer away from illegal activity. 

 

[Source: This article was published in iol.co.za By Faheem Khota - Uploaded by the Association Member: Jason bourne]

Categorized in Deep Web

A Trend Micro study reveals that trust in Deep Web marketplaces is diminishing due to law enforcement efforts to shut down illegal activities.

new study has revealed that the dark web marketplace isn’t as safe for users’ anonymity as it was believed to be due to the simple fact that authorities are cracking down on the presence of online marketplaces, which makes it hard to keep the constant and reliable presence. 

According to the study published by the cybersecurity company Trend Micro, the crackdown on marketplaces like Dream Market, Wall Street Market, DeepDotWeb, and Valhalla has generated a huge discontent among their userbases due to the lack of security infrastructure from the said websites. The security flaws on these websites may well result in the loss of anonymity for their users, which is the main draw to their businesses. 

Exit Scams are Rampant

The increase in the precedents of exit scams from the online stores has resulted in a considerable slowdown of sales. Exit scams are the type of activity where the website shuts down suddenly without delivering the orders thus stealing money from the customers. Undercover operations from the law enforcement forces from all over the world have also been on the tail of these websites thus the increase in mistrust.

Users have started countering these scamming websites via the creation of the DarkNet Trust website where the reputation of the companies can be found by searching for their usernames and Public Key (PGP) fingerprints. 

In countries like Australia, for example, gambling is legal in general however the citizens are not allowed to gamble with the locally registered websites. The law specifically mentions engaging in wagering with real money. Since Australia does not recognize the cryptocurrencies as “real money” this creates a loophole in the legal system. Although, it’s obvious that this is all done for anonymity, and due to the increase in concerns of government agencies spying on the users, this has become an issue for a lot of people. The biggest draw to the darknet has been on the cryptocurrency market. Since trading is illegal, cryptocurrencies are acquired through the dark web in order to mask activity as much as possible, later used in any bitcoin casino Australia has listed within its borders, and then withdrawn as real cash with minimum payments to be made to the government.

Apart from this, the administrators of the darknet marketplaces were forced to implement additional security methods like two-factor authentication, multi signatures, wallet fewer transactions on Bitcoin (BT), and Monero (XMR) with the addition of rooting out the usage of JavaScript due to easily exploitable nature of the scripting language.

A wallet less payment is when a transaction is made from the user to the vendor directly and the marketplace getting a monthly subscription instead of a per-transaction fee. The Protonmail has also been under attack from the users since the accusations of them assisting law enforcement agencies have been circulating around the net. It is also worth mentioning that an anonymous hacker has cracked open the databases of Daniel’s Hosting, which is the largest free web-hosting provider on the darknet. This resulted in the takedown of over 7000 websites and their databases leaked and consequently the pages being deleted as a whole. Also, around 4000 emails have been leaked.

 [Source: This article was published in bitrates.com - Uploaded by the Association Member: Anna K. Sasaki]

Categorized in Deep Web

While the dark web offers a haven for criminals and serves as inspiration for Hollywood blockbusters, it’s much more mundane in real life. Still, many businesses feed into the fallacies surrounding the dark side of the Internet, ultimately delaying their ability to protect employees and consumers.

Our industry really needs to shed some light on the largest misconceptions associated with the dark web. Equipped with these new insights, we can empower security pros to explore the dark web and gain knowledge that will strengthen their security posture. But before we can debunk any misconceptions, companies must first understand the basics.

The dark web resides on a portion of the Internet where communications and transactions are carried out anonymously. Separate networks like TOR, Blockchain DNS, I2P, and ZeroNet make up the dark web and have different access requirements and resources. Cybercriminals and threat actors typically use these networks to securely and secretly coordinate crime functions, and openly discuss terrorist tactics, techniques and procedures (TTPs). The dark web also serves as a marketplace to buy or sell goods or services, such as credit card numbers, social security numbers, all manners of drugs, and stolen subscription credentials. It’s a long list.  

 

There’s also practical value for legitimate security organizations to access the dark web. Cybersecurity teams can track for evidence of attacks in various stages of execution. Today, companies are applying intelligence requirements processes to determine what they should do with the information they discover, like monitoring for vulnerabilities that are weaponized in malware families. To monitor the dark web successfully, organizations should carefully weigh options between people and technology. They must invest in both: people deliver context and expertise, while technology helps teams scale.  

Now that we understand a bit more about the dark web, let’s dive into the four biggest misconceptions:

Misconception: The dark web doesn’t have a good side.

Reality: Dissidents and civil rights advocates use the dark web to communicate in repressive governments around the world.

Understandably, the dark web gets a lot of bad press, which leads many to believe that it’s inhabited exclusively by nefarious types. However, it has many benign practices that organizations can partake in. For example, the Tor network was initially developed by the United States Naval Research Laboratory to protect U.S. intelligence communications from surveillance. Anonymity and protection from surveillance have made the Tor network and other parts of the dark web an invaluable tool for dissidents and civil rights advocates under repressive regimes, journalists, and whistle-blowers. The New York Times makes its website available as a Tor Onion Service for readers in countries that block access to the newspaper’s regular website, or who worry about their web activities being monitored.

Misconception: The dark web houses the majority of digital threats facing businesses.

Reality: Security pros find important communications tools on the dark web.

Contrary to popular belief, the dark web does not serve as a home to a majority of digital threats facing businesses. Although it includes a few thousand sites, it only makes up a relatively small portion of the deep web. People are often surprised to learn that more digital threats appear on the surface web than on the dark web. Communication, collaboration and transactional tools are all available on the dark web. These include forums and chat rooms, email and messaging applications, blogs and wikis, and peer-to-peer file-sharing networks.

Misconception: Organizations can’t mediate or anticipate dark web threats.

Reality: Security teams comb the dark web to prevent future attacks and takedown bad sites.

Although organizations can’t influence sites or marketplaces found on the dark web, the material found there can help discover sites and social media accounts on the surface web used for launching attacks, carrying out phishing campaigns, and selling counterfeit and stolen goods. By leveraging insights from the dark web, security pros can regularly “takedown” those websites and accounts from the surface web.

Misconception: Monitoring the dark web takes money – and it’s slow.

Reality: Doesn’t have to be that way with the right mix of people and technology.

Monitoring the dark web requires some skill, but it isn’t necessarily a slow and expensive process. Typically, organizations gravitate towards data loss protection (DLP) services, which ensure sensitive data doesn’t get lost, misused, or accessed by unauthorized users. Having the right technologies and people, and sometimes with outside DLP services, companies can prevent attacks and at a relatively modest cost.

Habitually categorized as an asylum for criminals of all stripes, the dark web holds an opportunity for organizations hoping to detect data breaches and anticipate and thwart attacks. While other companies are already profiting from monitoring and tracking certain areas of the dark web, others struggle to even understand and dispel its misconceptions. With some minimal investment, companies can establish comprehensive visibility across multiple digital networks. This will let them discover threats sooner and take action wherever attackers are vulnerable along their kill chain. With this level of visibility and understanding, companies can shed their fear of the dark web and have confidence in their digital risk protection program.

 

[Source: This article was published in scmagazine.com By Zack Allen - Uploaded by the Association Member: Alex Gray] 

Categorized in Deep Web

Introduction to dark web fraud

Dark web fraud constitutes a global information security problem. The widespread availability of how-to guides providing instructions on how to commit such fraud exacerbates the problem even further.

Before examining these how-to guides in detail, we need to explain the meaning of “dark web.” The web includes two main layers: the surface web, which consists of any content indexed by search engines, and the deep web, which comprises all content that is not indexed by search engines. Content in the deep web can be hidden behind paywalls, firewalls and other types of protection.

 

The dark web constitutes a small portion of the deep web and appeared as a result of the development by the United States of software known as Tor. It allowed internet users to encrypt their location and information they sent and received. This, in turn, ensured their anonymity and privacy. The dark web is often used by criminals for various malicious purposes, such as sales of guns, drugs and other illegal materials. It is estimated that the content available on the dark web constitutes less than 0.005% of the content available on the surface web.

Large volumes of content exchanged through the dark web include how-to guides. According to a Terbium Labs study that covers three major dark web exchanges, 49% of the data sold through those exchanges consists of how-to guides. 

In this article, we will examine the types of how-to guides sold through the dark web. Afterwards, we will discuss their reliability. Finally, we will provide concluding remarks.

Typology of how-to guides

How-to guides can, depending on their purpose, be divided into five categories: account takeover, phishing, doxing, cashing out and synthetic identity fraud. 

1. Account takeover

The term “account takeover” refers to a situation where a fraudster gets unauthorized access to a genuine customer’s account, such as online banking accounts, email accounts and accounts providing access to subscription services. Once the fraudster gets access to a customer account, he or she may use it for various purposes, including but not limited to purchasing goods or services, acquiring more sensitive information which can be used to blackmail the victim and spreading malware to the contacts of the victim.

How-to guides may include detailed instructions on how to use software for automatic detection of vulnerabilities in corporate computer systems. It is believed that such software was used to conduct the British Airways cyberattacks, which enabled hackers to access tens of thousands of frequent-flyer accounts.

2. Phishing

How-to guides may also teach criminals how to conduct phishing attacks. Research conducted by Cyren revealed that 5,335 new phishing how-to guides were made available in 2019 alone. The same research indicated that 87% of the phishing how-to guides included at least one evasive technique, such as content injection, HTML character encoding, and the inclusion of URLs in attachments.Let’s look at those a little more closely. Content injection refers to changing the content of a page on a legitimate website in such a way as to redirect users of that website to a phishing page. HTML character encoding means the inclusion of phishing code in a webpage in such a way as to prevent security crawlers from detecting keywords associated with phishing (e.g., “credit card” and “password”). The inclusion of URLs in attachments is a technique allowing fraudsters to hide links to phishing websites in files.

 

3. Doxing

Doxing is the practice of finding out sensitive information about an individual or organization and making it publicly available with the aim to harass, shame or extort the victim. Doxing how-to guides contain instructions on how to find sensitive information, how to post it in such a way as to prevent the removal of the information and how to obtain monetary gain through extortion.

4. Cashing out

Cashing-out how-to guides contain instructions on how to cash out voucher codes, bank accounts, credit cards, gift cards and other payment methods. In some cases, such guides may provide links to e-commerce websites that can accept stolen financial data purchased through the dark web. In other cases, they describe the steps one needs to take to clone payment instruments, such as debit and credit cards.

5. Synthetic identity fraud

To commit a synthetic identity fraud, one needs to combine stolen information from unsuspecting individuals and combine it with false information, such as dates of births, addresses and names. The resulting synthetic identities are less likely to be detected because of the lack of a clearly identified victim.A report from the US Federal Reserve indicates that synthetic identity theft constitutes the fastest growing type of identity fraud. In 2016 alone, the losses caused by this type of fraud exceeded USD 6 billion. Many how-to guides contain detailed descriptions of methods used to combine actual and fake data in such a way as to mislead the relevant financial institutions into believing that the synthetic identities are genuine.

The reliability of the how-to guides

How-to guides are highly unreliable. In many cases, they provide no useful information and the buyer cannot demand his or her money back. In this regard, Tyler Carbone, a CEO at Terbium Labs, noted: “Ironically, many fraud guides are themselves fraudulent. Bad actors create fake guides, and try to make a profit selling them before buyers catch on.” Of course, this is not surprising as people who teach others on how to commit fraud should not be expected to be honest and ethical. 

Some how-to guides may even include malware to be used by their buyers to commit fraud. Quite often, such malware may actually infect the computers of the buyers. Thus, the buyers who pay for purchasing how-to guides may actually pay for infecting their own computers.

According to the researchers of Terbium Labs, about 11% of all how-to guides are fraudulent. Although the remaining 89% how-to guides contain genuine information about how to commit fraud, many of them contain obsolete data (more than a decade old) or duplicated data (e.g., publicly available data repackaged by the hackers as their own).

Irrespective of the reliability of how-to guides, these materials may provide people with weak computer skills with the opportunity to conduct serious cyberattacks. This is not only because they often contain detailed and simple instructions, but also because they may include ready-made malware that can be used during the attacks and databases of stolen sensitive information which can facilitate fraudulent operations. The average price of stolen sensitive information on the dark web is about $8.50, but one can find such information even at the price of $1.

Concluding remarks regarding how-to guides

How-to guides have the potential to increase the number of global cyberattacks because they reduce the financial and competence requirements required for conducting such attacks. Anyone who can pay about $4 for a how-to guide or about $16 for a collection of how-to guides under a single listing is now able to engage in account takeovers, phishing, doxing, fraudulent cashing-out, synthetic identity fraud and other malicious activities. 

This means that how-to guides can be regarded not only as an information security problem but also as a social problem because their use can lead to the paralysis of the functioning of various social organizations such as governments, hospitals and companies.

 

[Source: This article was published in resources.infosecinstitute.com By Daniel Dimov - Uploaded by the Association Member: Jason bourne]

Categorized in Deep Web

The dark web is essentially pop-up markets packed with drugs, weapons, child pornography, passports, you name it. You can even find counterfeit money or grenades.

SAN DIEGO — You have probably heard about the dark web, in fact, the name itself sparks a lot of curiosity. It is a place where you can buy all sorts of things, from illegal drugs, to passports and even explosives.

Many people think it is not accessible to the average Joe, but that is not the case. Federal prosecutor Sherri Walker Hobson says, “the problem is, not only can anyone do it in America, it is the person next door.”

No one knows that better than 39-year-old San Diegan Sky Justin Gornik. The Clairemont resident was locked up earlier this year for 70 months for buying and selling drugs on the dark web from 2014-2017. Some of the drugs included the deadly carfentanil.

Sherri Walker Hobson told News 8, “In light if the volume of packages he was receiving, they suspected he was likely a dark web vendor here in San Diego.” She went on to say, “I have been a prosecutor for 30 years, and it is shocking to me, we now have the ability to order drugs over the dark web.”

Hobson says patrolling the dark web is not an easy task.

Lance Larson is the co-director of San Diego State University’s Graduate Program in Homeland Security and an expert in both cyber security and homeland security. He says there are three layers to the web.

  • The surface web which is the sites you use regularly. The dot-coms such as Google.
  • The deep web which has data with complex information, legal documents and medical records
  • The dark web

The dark web is essentially pop-up markets packed with drugs, weapons, child pornography, passports, you name it. You can even find counterfeit money or grenades.

Larson says, “we think there is a use by common criminals of the dark web to be able to gather new tactics, or new ways to be able to scam people and to commit fraud."

So how can we go about making sure our personal information is safe? Larson says it is really tough because we give up a lot of info to companies we trust and unfortunately some companies do not have great cyber security practices. He says it is OK to ask how they are protecting your information.

He says some things that are easy to do include locking down your credit report or lock your username and passwords for sites by using multi-factor authentication. This is a security feature that requires more than just a simple password. For example, you would need to receive a text message with a code in addition to a password.

Larson says the dark web can easily be accessed with the proper router. He says “like the onion router, also known as ‘TOR’ without the users browser or history being exposed.” The dark web can also be downloaded to a cell phone.

We asked, is there legitimacy to the dark web? Larson said, “There are some really good legitimate reasons for the dark web. For example, in countries that have a censorship, the dark web allows people in those countries like news reporters to be able to report out and share on what's going on in their country.”

The dark web is so large it is impossible to know how many pages are out there, but undercover agents around the nation are constantly on the lookout. Prosecutor Sherri Walker Hobson says, “people have to think twice before taking something, even if is from your own friend. You can’t be careless anymore. It is like Russian Roulette.”

And just like Hobson, Larson says we can’t arrest ourselves out of the problem. Education is key. 

“It doesn't look like we're going to solve this by taking down dark web websites, here and there. It really comes down to policing our own children and understanding what to look for. Does our neighbor -  are they receiving packages that have things they have purchased on the dark web and reselling in our San Diego communities?”

 

[Source: This article was published in cbs8.com By Stella Escobedo - Uploaded by the Association Member: Jason bourne]

Categorized in Deep Web
Page 1 of 11

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media

Finance your Training & Certification with us - Find out how?      Learn more