Adobe Brand Red Hat Brand Fire Eye Brand Symantec Brand
Apr 6 2016

Diving Into the Dark Web - Part 1


The Internet - an invaluable asset to everyone, a place where you have access to information at your fingertips with just a click of a mouse. But what do we REALLY know about the information we find and post online?

There is more to the Internet than what meets the eye. Underneath the surface lies an un-indexed space called the “Deep Web.” This is an area you can still access, if you know the exact URL. Most illegal activities happen on the “Dark Web” which lives within the Deep Web and is not accessible through search engines. However, with specific configurations through multiple routes and randomization you can access this portion of the Internet.

The Dark Web is very large, and some researchers estimate it to be hundred’s of times larger than the Internet. Connecting to the Dark Web using Tor is very simple, the application distributes the Internet connection across multiple nodes making it difficult to obtain the origin IP address. As an example, connecting a machine from the United States over Tor can route traffic from this browser --> Switzerland --> Russia --> Germany --> Network (Internet). Assuming a new identity is as simple as clicking a button, this makes it difficult to find the origin – but not impossible with browser scripting and other technologies.



Cyber attacks can happen more easily than you would think. Computers are on the Deep Web  over Tor and are interconnected based on onion routing- the intended purpose of onion routing, and Tor network (anonymity network), is randomization. Randomization has become a rich commerce and trade platform for criminal activities, and many individuals and organizations operate under randomization to protect their identities.

The Dark Web economy is mostly based on service providers that closely mimic collectors, distributors, sellers, and users - each owning a significant risk of being exposed with directly proportional profit margin. With that being said, it is difficult to know what information these “data stealers” have access to since these websites are restricted



Digital currency is the preferred transaction medium for most of the Dark Web. This unregulated currency is held, validated, and transacted electronically using peer-to- peer networks. Bitcoin is well known among the 350 or so digital currencies that exist today. Bitcoin transactions are verified in all nodes and transactions are recorded in a public distribution ledger called a “block chain.” Many banks and businesses integrate with coinbase to transact bitcoins. Most notable coinbase transactions are from the following: Expedia, Dish, Intuit, Dell, Overstock, USAA, Reddit, PayPal, Bing, and United Way. Criminal enterprises use the anonymity of crypto currency for illegal transactions.



Why does this matter? Stolen credit cards often end up on the Dark Web. If intruders breach a credit card processing system, they typically steal thousands of credit card numbers and sell it on the dark net. The intruders that stole information have little to gain in terms of money, since the effort to infiltrate data and the technical know-how to erase their tracks required deep technical expertise with systems, networks, and logs. Less is less, and more is more in terms of compensation..

This stolen data is then sold to e-commerce providers on the Tor network, which is then purchased by malicious consumers who use stolen credit card numbers , manufactured swipeable - usable cards that are not chip based. Below, the screen shot (ccPal Store) , is a good example of what you would see on the Dark Web after credit card information is stolen. This site, used as a dissemination vehicle, guarantees an 80% success rate on the credit cards you buy in bitcoins – they even go as far as offering a satisfaction guarantee and will replace the stolen credit card numbers if 20% of the transactions are declined.













Regardless of the intent, these numbers (along with intellectual property) are stolen typically with malware, phishing attacks, and other techniques like social engineering. It's possible to stop malware, phishing attacks, and eventual data pilferage with the right understanding, tools, processes, trained people, and solutions.

Stay tuned in this two part blog series, we will dive deep into ways to protect your data and make sure you have solutions to protect yourself and your company from these infiltrations.