Dark Web Consequences Increase from Global Rise of Police-Friendly Laws

… network operators to provide data under their control upon request to the government.

There are penalties for network operators that violate these measures. They could be subject to public exposure, confiscation of any illegal gains, and suspension or shutdown of their business. Their websites can be disabled, and their business permits and licenses can be revoked. Individuals can be investigated and punished in accordance to criminal law. Surveillance is largely aimed at minorities and people coming into the country — spyware is typically uploaded to their phones. In this way, China is able to monitor every single person inside the country.

The risk: Primarily to foreign firms operating in-country in loss of proprietary data and trade secrets, as well as physical threats to employees who may accidently misstep.

There are also cyber risks worldwide since the dark web is not as popular in China as it is elsewhere. That’s because the Chinese government can surveil every person’s activities in very granular detail and stop dark-web usage. In order to hide their activities, cybercriminals work and communicate on the clear web where they speak in code resembling normal conversation. This creates a blind spot for everyone in cybersecurity since it’s harder to identify and track such activities. You either have to risk someone in-country for counterintelligence or turn to the U.S. government for that information. The U.S. government is great about sharing that info with law enforcement and the private sector.

CFMI: And what about Russia? They are certainly getting a lot of attention these days. What’s new their way?

CW: Russia is the gold standard in dark-web use. They have always paved the way in dark web and cybercrime.

Now they are making some sweeping changes that are creating big ripples throughout the global threat landscape.

Russia is centralizing its surveillance and censorship apparatus. On May 1, 2019, President Putin signed into law the Sovereign Internet Law, which is similar to China’s Great Firewall. Russia is still behind China in surveillance and internet control but I predict it will catch up with China soon — in a few years.

Russia says the main goal of this most recent law is to protect itself from foreign intervention and against disconnection from the internet. But in practice, this law allows the Russian government to secure the web within its borders, disconnect from global internet infrastructure and facilitate mass surveillance and domestic internet control. Russia could willfully disconnect from global root-name servers, ensuring autonomous operation of RUnet, the Russian internet sector.

Also, specialized hardware and software are now installed in every Russian internet service provider. This gives governmental and law enforcement agencies on-demand access to the private data of Russian citizens without the need to provide a court order. If Russia decides to disconnect its citizens from the world wide web, internet freedom for users is further restricted, thus tightening the government’s clenched grip on how the internet is used within its borders.

However, Russia does not care what its citizens do on the dark web and typically ignores any crime there that doesn’t affect the country or government in a negative way. Russia basically started the dark web and sees it as a lucrative market. It actually encourages cybercrimes against other countries. Hence its aversion to shutting the dark web down or otherwise interfering with activities there.

Russian cybercriminals have become more welcoming to new users over the years. That’s because they now realize they can better monetize their assets by enlarging their buyer bases.

The first rule of Russian dark web communities is to never target victims in CIS countries — Russia in particular. The sovereign internet will make it much easier for Russian law enforcement to crack down on hackers that target Russian entities, but threat actors that target foreign entities will still go unscathed — particularly those operating in enemy states like the U.S.

Russian hackers are also working toward connecting through their own alternative means to networks, but nothing has emerged yet from those efforts.

The risk: Is to both foreign and domestic companies working inside and outside of Russia. Dark web criminal activities will …