The Dark Web: Why Service Providers Need to Shine Some Light

Dana Liedholm

By Dana Liedholm, VP Global Channel Programs at ID Agent

Many MSPs aren’t familiar with the dangers of the dark web, or even know what it is. If that’s the case, you aren’t alone — but you certainly don’t want to stay in the dark any longer because your small and midsize business clients are at high risk for high-cost cybersecurity breaches stemming from the dark web.

The dark web is a hidden universe contained within the “deep web,” a sublayer of the internet that is hidden from conventional search engines, like Google, Bing and Yahoo, which search only .04 percent of the indexed, or “surface,” Internet. The other 99.96 percent of the web consists of databases, private academic and government networks, and the dark web. The dark web is estimated to be 550 times larger than the surface web and growing. Because you can operate anonymously, the dark web holds a wealth of stolen data and hosts a range of illegal activity.

Criminals, typically aiming to profit from stolen credentials – an individual’s name and social security number, driver’s license number, medical or financial records – may hack into a user’s account with a stolen login and password, trick a user into downloading malicious software or otherwise gain access to a company’s or consumer’s valuable data..

Many times, exposure of employees’ personal credentials leads to a corporate breach, where a compromise can turn into a business catastrophe.

Regardless, once stolen data is posted for sale on the dark web, it is copied and distributed (resold or traded) to a large number of cyber criminals within a short period of time. It is generally implausible to remove data that has been disseminated within the dark web. Awareness is the next best thing, so customers can implement compensating controls. For this reason, it’s important for MSPs to help clients scour botnets; criminal chat rooms, blogs, websites and bulletin boards; peer-to-peer networks and forums; private networks and other black-market sites to identify stolen credentials and other personally identifiable information (PII). As an MSP, you should be monitoring the dark web and the criminal underground for exposure of your clients’ credentials to malicious individuals.

When a credential is identified on the dark web by a reliable service, it is harvested. Typically, data is harvested from sites like Pastebin, but it can originate from sites that require credibility or a membership within the dark web community to enter — like internet-relay chatroom (IRC) channels, private websites and Twitter feeds.

Here some questions clients may ask:

• Where might stolen data reside? Dark web chatrooms, where compromised data may be discovered in a hidden IRC; exposed on a hacked website or data dump site; in hidden forums within a dark web community; P2P file leaks, where compromised data can be leaked from a peer-to peer file sharing program or network; and social media posts, where compromised data can be found on a social media platform. Data harvested through botnets may rest on a command and control (C2) server.
• How was the data stolen or compromised in the first place? Data is first tested to determine if it is live/active. The compromised data is posted to prove its validity and then entered into a fictitious website or extracted through …