By keeping an eye on what happens on the dark Web, government agencies can gain insight into cybercriminals, their crimes and find ways to stop illegal deeds before they happen.
The dark Web. It’s that part of the Internet where subversive or illegal activities often take place. With its significant level of secrecy, the dark Web gives hackers and other nefarious actors the confidence to discuss and exchange tactics for cybercrime or engage in more dangerous acts, such as human trafficking, child pornography, terrorist activity, the sale of illegal drugs and more.
The dark Web affects governmental entities at every level, with state and local agencies proving no exception. From gathering intelligence on a group conspiring to attack a utility or public transportation system to uncovering clues about the sale of illegal firearms, information found on the dark Web can provide valuable insight. So, how can state and local agencies better understand the dark Web and develop a plan of action?
The dark Web should be treated like any other communication channel — chat rooms, forums and social media platforms — in terms of awareness and discussion. It’s important for authorities to gain an understanding of what information exists and take appropriate action against illicit activities such as human trafficking, sale of narcotics, crimes against the postal service and other common carriers, along with tax fraud and more. But how is the dark Web accessed? The most common way is via the Tor network. Tor is like the Internet, but when communicating with Tor sites, unlike the surface Web, IP addresses are masked. Web addresses on Tor are called Onion addresses and use long strings of randomized numbers and letters.
Tor is a free software and open source network that can be accessed by just about anyone, though it can’t be tapped using common Internet browsers such as Internet Explorer or Google Chrome. Users must download the dark Web Tor browser, which can be found on Tor’s website. However, Tor doesn’t utilize search engines or public links to help users locate information — it’s up to users to find it themselves.
To better illustrate an example of the type of information that could be circulating on the dark Web, let’s look at tax fraud. In the past, most cybercriminals would use spam emails and malicious links to steal personal data. But according to Experian, hackers are now stockpiling personal data to sell on the dark Web. They use these sets of leaked data to locate individual names and their Social Security numbers, which can sell for as little as $1 on the dark Web. This information is then sold to cybercriminals who use it to apply for tax refunds before that person has even filed their taxes, defrauding states of millions of dollars of tax revenue. In 2013, the IRS lost an estimated $5.8 billion paying out bogus federal refunds and at the state level, that number was estimated to be around $8 billion to $9 billion in 2016.
While personally identifiable information (PII) such as Social Security numbers, drivers’ licenses and credit card numbers are some of the most sought-after information on the dark Web, other types of activity are also occurring that should be closely watched by state and local authorities. Perhaps the most prevalent interest of dark Web traversers are marketplaces — sites where people are actively buying and selling a nearly endless variety of illegal and legal goods. Accessing these marketplaces can help agencies and authorities unlock clues into the sale and trafficking of drugs, weapons and even toxic chemicals across state lines.
Aside from marketplaces, the dark Web also hosts many forums where hackers discuss a variety of techniques for breaching a department or agency and often lists information about targets. Looking at the chat forums and other places where people have conversations can tip off or cue an agency on relevant topics being discussed such as a conspiracy to attack a utility, public transportation system or other critical infrastructure.
It’s also important to understand that the dark Web isn’t all bad — there is a silver lining, if you will. Because it increases the anonymity between a person’s computer and the destination of the server they’re trying to reach, it can also be used for legitimate purchases such as communicating or browsing with increased privacy, conducting research, whistleblowing and participating in social media. By working in close coordination, law enforcement agencies have been able to conduct investigations that have taken down key dark Web markets, exploiting criminals and undermining their assets.
While federal task forces exist to help evaluate the dark Web at the state and local level, they are often too overloaded to provide timely and actionable information. An agency’s basic IT policies and procedures can help protect its data and information from being stolen, yet these steps don’t allow for proactive research about what’s already out there on the dark Web. Within traditional IT departments, there may not be the right resources to separate actionable information from the noise. In these situations, a state or local government agency might consider bringing in a cybersecurity expert to make sense of what’s out there on the dark Web and help weed out the noise.
Whether your agency chooses to assess this information internally or outsource the task, evaluating information on the dark Web can help you gather actionable threat intelligence and improve your cybersecurity defenses.