Login

Category: Basics

  • How can I tell if my company’s data has ended up on the dark web?

    How can I tell if my company’s data has ended up on the dark web?

    Many companies underestimate the risk of information about them circulating in the hidden part of the internet. The darknet is not a mystical place, but rather a sealed-off area that can only be accessed using special software and often serves as a trading hub for stolen data and illegal services. When companies appear there, they often only find out once damage has already been done. However, there are clear ways to keep track of things and identify early on whether your own company is affected.

    To find out whether their own company is mentioned, companies tend to use specialized dark web monitoring services. These services automatically scan parts of the darknet for company names, email addresses, or other unique identifiers. Since the darknet is not indexed like the regular internet, such monitoring cannot guarantee complete coverage. Nevertheless, it provides valuable information about potential risks. If a hit is detected, a notification is sent before the published information can be used for attacks.

    Although your company can also conduct manual searches on the darknet, these searches are often not as comprehensive as those performed by commercial providers.

    Barriers to research

    To conduct research on the darknet, you need sources. In this case, the places where cybercriminals like to hang out. With a little online research, you can quickly find various forums, marketplaces, leak blogs from ransomware groups, chat groups, and other websites on the darknet.

    However, the next hurdle is access to these platforms. Understandably, criminals do not want everyone to be able to browse their sites. These sites therefore often have restricted access. In concrete terms, this means that in order to access a forum, you may first have to prove that you have had an account on another forum for several years. As an alternative, you are often offered the option of paying a one-time “admission fee” in cryptocurrency. However, whether access is actually granted after that certainly varies from case to case. In any case, there is no guarantee – you should always bear in mind that you are dealing with criminals.

    Once you have overcome the hurdle of access restrictions, the next step is to know what you are looking for. Depending on the type of website, criminals use different names, spellings, or descriptions. For example, access data for a specific domain (e.g., “vpn.example.org”) may be offered for sale. Sometimes, leak blogs that publish stolen company data from ransomware attacks also contain the full company name or parts of it, or even abbreviations of the company. In darknet forums, the company in question is sometimes only described in general terms. For example, access to a manufacturing company from Germany with an annual turnover of €85 million may be offered. This makes it difficult to find your own company.

    Clear processes for handling darknet findings

    In order for the findings from darknet research to deliver real added value, the company must also have clear processes in place for emergencies. As soon as a clue emerges, it should be determined who will be informed, what measures will be taken, and how extensive the internal analyses need to be. Everything must be carefully planned, from changing compromised passwords to checking affected systems and preparing public communications. A quick and coordinated response is crucial to limiting damage.

  • Which corporate data is leaked on the dark web?

    Which corporate data is leaked on the dark web?

    The media repeatedly reports that “cybercriminals are attacking companies and publishing stolen data on the darknet.” But what exactly is this data? Why does it pose a threat to companies?

    Once cybercriminals have gained access to a company network, they attempt to steal as much information as possible. To do this, they first spread further throughout the network (after successful initial access) in order to obtain particularly sensitive data.

    As soon as access to network shares, file servers, or even SharePoint folders is gained, as much data as possible is stolen from there (i.e., transmitted to the attackers).

    This data can then include everything that the company has stored.

    However, as this statement is somewhat vague, we have listed a few examples here:

    Leaked correnspondence on the dark web
    Leaked correnspondence on the dark web

    Any correspondence that has been saved can be exposed by a cyberattack. In this example, the correspondence contains not only a customer’s address details, but also login details for an administrator account.

    Leaked ID cards from employees on the dark web
    Leaked ID cards from employees on the dark web

    Copies of identity cards and birth certificates are also frequently published on the darknet. These may originate from job applications, for example, or have been submitted due to marriage or the birth of a child.

    A file list showing leaked data on the dark web
    A file list showing leaked data on the dark web

    Data leaks affecting your own company can also occur at the service providers (of all kinds) you use. The screenshot from a data leak at a payroll service provider illustrates this impressively. Here, employees’ salary information is suddenly freely accessible.

    This is only a small sample of the data that can be found on the darknet. Ultimately, anything that companies and their employees store can be leaked there.

    This poses a threat to companies when sensitive data that was not intended for public consumption ends up on the darknet. It is not only the company’s own employees, whose ID card copies can now be misused by criminals, who are upset. The company may also face legal action if it emerges that the data was not adequately protected against unauthorized access. And competitors, who now have detailed insights into the company’s operations, can also use this information to their advantage.

  • Darknet – What is the Clearweb, Deepweb and Dark Web?

    Darknet – What is the Clearweb, Deepweb and Dark Web?

    Many people have heard of the “darknet”, but what exactly is it all about? Is it the dingy corner of the internet where only criminals hang out? In this article, you will learn the most important basics about the darknet and what you need to connect to it.

    Clearweb, deepweb, darknet and dark web

    In simple terms, the clearweb is the part of the internet that our parents can access. It is the part of the internet that can be accessed with standard hardware and software without any special access restrictions. This is where you can find news and streaming portals, webmail providers, forums and this blog, for example.

    The deep web is the part of the internet that cannot be found in the search engine index (e.g. Google, DuckDuckGo, etc.). This is where you can find underground hacking forums, for example, but also something like a university’s online repository, where users first have to register in order to access the latest scientific publications.

    Special access software is required to access the Darknet. Due to this additional hurdle, the term “hidden services” is often used. Sometimes the term “onion services” is also used in reference to the domain that can be found in the Tor network.

    Difference between darknet and Tor network

    According to the definition, there is not just one darknet. However, the most widespread today is the so-called “Tor network”. Tor, formerly written in capital letters TOR, originally stood for “The Onion Router”. In addition to the Tor network, which is managed by the “Tor Project”, there are also other ‘darknets’, such as the “Freenet Project”.

    Theoretically, you could also team up with your friends, program your own access software and you would have your own “darknet”.

    When people talk about “the darknet” in the media or colloquially, they are usually referring to the Tor network. This is the best-known and most widespread “hidden” network.

    Is there a difference between darknet and dark web?

    Darknet and dark web are actually different. The darknet refers to the entire network that can be accessed via the special access software. In addition to web browsing, this also includes other predominantly TCP-based services, such as SSH (Secure Shell), instant messaging or VNC.

    By using the Tor network, you can, for example, access devices in your home network (after prior configuration), even though you are located elsewhere in the world.

    Is the dark web illegal?

    Using the Tor network is not illegal as long as you are not doing anything illegal there.

    So if you just enjoy the additional anonymity and look at legal things on the darknet, you are completely legal.

    However, as soon as you do something illegal – and there is a lot of it there – it is of course just as punishable as on the Clearweb. Examples of illegal use are hate comments, ordering drugs and any form of cybercrime.

    How do I connect to the Tor network?

    Connecting to the darknet is surprisingly easy. Download the so-called “Tor Browser” from the official website (and only from there, please!). Search for the “Download” button on the official website torproject.org and download the Tor browser for your operating system (e.g. Windows or macOS).