Like Dark Matter, you know the Dark Web is there but you can’t see it. Is it a threat to online security?
Many commentators divide the Internet into three areas:
The Surface Web – the Internet we all know and love, about 0.03% of all material held on the Internet.
The Deep Web – simply put, parts of the Net that the common search engines don’t index or are prevented from indexing.
It contains online information that needs to be kept secure such as medical records, social media files and other information we want and need to keep secure.
The Deep web is not entirely a criminal or red light zone. Most of it is, in fact pretty innocuous. One useful piece of content being the archives. The bots that carry out the indexing for search engines often ignore information that is either too old or obscure. You could find just the driver you are needing for a piece of kit that Noah used in the Ark GPS system.
The Dark Web – A part of the Deep Web, about 0.01% of it, that contains intentionally hidden material, inaccessible to normal browsers and indexing bots. True to the popular perception, the Dark Web is the home of large scale unlawful activity.
It cannot be accessed using common browsers like Google and Edge, only with anonymizing Proxy networks like Tor, Onion and I2P, and specialised software.
On the more positive side, it also provides a place for whistle-blowers, political dissidents, and journalists under threat of censorship or worse if discovered by their government. However, that positive note is offset by criminal criminals using Deep Web cryptography and anonymous relays to cover their tracks.
The Dark Web – is it a threat?
The question that most IT department heads ask is “Do I need to be concerned about the Dark Web and include it in my online security measures?”. In the corporate world, the answer is an unequivocal yes.
There are three major issues as regards online security and the Dark Web.
- The inherent danger of accessing websites on the Dark Web is that they will download malware to a desktop that will enable criminals to steal confidential information or use the site as a vehicle to spread malware further.As an example, in a phishing exercise, unsuspecting users are directed to a fake website. The site downloads and initiates a keylogger that collects information giving access to bank accounts and other financial information, or installs simple malware that acts as a botnet for a later DDoS attack on another site. An increasing danger is the prevalence of ransomware.A further issue is that the malware could provide the information for a directed attack on the corporate network to enable the theft of information, either financial or intellectual property
- In some jurisdictions, it is unlawful to host certain types of material that are readily available on the Dark Web, for example, child exploitation, or to carry out the sale or purchase of goods or services illegal in that jurisdiction.In South Africa, for instance, the IT Head could be heavily fined and possibly imprisoned if a network is reported to the authorities for activities of both types.
Such a revelation in the media will result in considerable reputational damage.
- The sale and purchase of malware, exploit kits and cracked versions of legitimate software. Cracked software often contains malware. Network users may install cracked software on their desktop to circumvent corporate IT Policies.
Denying access to the Dark Web
The IT infrastructure must include the usual array of security measures and tools:
- Every desktop must be loaded from a centrally managed disk image containing only the software needed to carry out the job. Software installation must be explicitly prohibited.
- Network routers and switches must allow traffic for permitted protocols only. Protocols like Peer-to-peer networking, I2P, Tor and Onion must be disallowed.
- Finally, use strong identity and user access management, data must be encrypted in transit, particularly to remote users, and when a user leaves the organisation, remove their access rights immediately.
While the criminal threats of the Dark Web can be overstated, the prudent IT Head must be aware of it’s dangers.