The Dark Web is a well-known term for the parts of the internet that aren’t indexed by mainstream search engines. It can only be accessed by specialist browsers that route web traffic through a series of proxies, making all users on the Dark Web completely anonymous and very difficult to trace.
A big community has grown on the Dark Web. The anonymous nature of the platform has made it a popular choice for those with privacy concerns, and there are multiple social networks, gaming sites and forums you can join. But as you’d expect from an anonymous online platform where no rules apply, it’s a hotbed for criminal activity.
The Dark Side of the Dark Web
This is well publicised in the media. We’re used to seeing how the Dark Web is being used to sell illegal substances and materials. But what is less publicised is how hackers are using the Dark Web to network – with the aim of finding ways to hack a company’s data or selling compromised information.
Barry Spielman, VP of Marketing at Dark Web security vendor CybersixGill, told us that “If attackers are on the dark web, they need someone to help with buying, selling, or some collaboration to help them succeed.”
This means that companies can leverage the Dark Web to find information about how attackers are trying to target them and identify where their data is being bought and sold. This is exactly what Cybersixgill does.
The Cybersixgill Platform
In addition to being a sophisticated investigative platform designed for analysts, Cybersixgill’s platform can function like a search engine for deep and dark web activity. It allows users to search just as they would on Google, then scans the deep and dark web for where those terms have appeared, with statistics on how frequently they are being talked about.
This allows companies that have been hacked to investigate if hackers were networking on the dark web about how to breach their systems, or proactively look for hackers discussing ways to break into their networks. It also allows companies to start building a picture of who is targeting them – even though the Dark Web is anonymous.
l elaborates that mapping the activity of threat actors is “at the heart,” of the Cybersixgill platform. He told us of an example, that a company was hacked, losing millions of dollars. The Cybersixgill team was able to look back over time and identify that there was an attacker who asked for help building a phishing site, to help steal financial information.
“We were able to identify this guy posted in several places,” Spielman says. “We look at the Dark Web like a social network, and we’re unique in that. Just like a social network, we can identify behavioural analytics, which can look back over different posts over time and tell you in certain cases like the example above with 99% confidence ,that it’s the same person as posted in a different forum using a different name. That’s based on information like the language he uses, the email addresses he’s leaving, the actual posts that may appear in more than one location and the times he is posting.”
How this helps businesses
This gives businesses clear visibility, in real time, of what kind of threats they are facing with alerts and notifications. It allows them to start building a picture of who is targeting them and what the methods that they are using are, even on an anonymous platform like the Dark Web.
This is an important tool for businesses to have. Spielman says they are working with “large enterprises such as banks, insurance companies and financial exchanges, as well as law enforcement, government agencies and MSSPs,” to help them identify hackers and the methods that they are using to try and break into sophisticated and secure systems. This helps them to stay one-step ahead of attackers, with enhanced visibility over threats.
As sophisticated cyber-attacks from anonymous attackers around the world continue to threaten businesses of all sizes, platforms like Cybersixgill will become valuable tools to help businesses and governments track anonymous illegal activity.