Login

Category: Uncategorized

  • Why is the dark web so interesting to cyber criminals?

    Why is the dark web so interesting to cyber criminals?

    For many people, cybercrime and the darknet are directly linked. But why do cybercriminals like to use the darknet so much?

    There is no such thing as “the dark web”. The Tor network is often meant when peopl talk about “the dark web”. This is also the case in this article.

    History of the Tor network

    To understand why the Tor network is used by criminals today (among others), it is worth taking a look at the past.

    In 1995, David Goldschlag, Mike Reed and Paul Syverson were working on the first prototypes of “onion routing” at the U.S. Naval Research Lab (NRL). The basic idea has not changed to this day: The Internet should be accessible with as much privacy as possible and to achieve this, network traffic should be routed via several servers and encrypted between them.

    In the early 2000s, Roger Dingledine and Paul Syverson worked on an “Onion Routing” project at the NRL. To distinguish themselves from other research projects with the same goal, they called the project “TOR”, which at the time stood for “The Onion Routing”. Later, Nick Mathewson also joined the project.

    From the very beginning, it was necessary to find enough volunteers to operate a node for the Tor network. Since the release of the software, the code has therefore been available to everyone under a free software license.

    How the darknet became accessible to everyone

    In 2003, there were already around a dozen Tor nodes, most of them in the USA and one in Germany.

    A few years had to pass before the Tor browser was developed in 2008. This meant that the darknet was now also accessible to less tech-savvy people – all you had to do was download this browser and you were in.

    This meant that parts of the Internet were also accessible to people living in a country where the Internet is (at least temporarily) censored.

    Crime on the Darknet

    Unfortunately, increased anonymity also attracts criminals. Just as hardly any robbers today will go about their business unmasked, cyber criminals also try to disguise themselves. One place where this is possible, but which is still easily accessible, is the Tor network.

    The latter is important because the criminals actually want to be found (to a certain extent). If, for example, no one can find the leaked data from a ransomware incident, then the damage to the affected company is significantly lower and so is the willingness to pay the ransom.

    But the dark web has been “cracked”, hasn’t it?

    Even though we now know that law enforcement agencies have found ways to deanonymize Tor users with considerable technical effort and under certain conditions, the darknet remains interesting for cyber criminals. From the very beginning, there was always talk of increasing privacy and not becoming completely anonymous. Many professional cybercriminals have not only come up with the idea of further protecting their identity since this report.

    Today, a professional criminal is unlikely to connect directly to the Tor network via their home Internet connection if they are planning criminal activities there. Instead, other ways are used to extend the layers of obfuscation on their own initiative and thus make deanonymization much more difficult.

  • What happens on the dark web? Is it relevant for cybersecurity?

    What happens on the dark web? Is it relevant for cybersecurity?

    Cybercrime, drugs and stolen credit cards can be found on the dark web. However, we also hear time and again that there are legitimate uses for the darknet. What really happens on the dark web?

    Data leaks from ransomware incidents

    One of the biggest concerns for companies: Cyber criminals steal company data, encrypt the servers and threaten to publish the data. If the victim company does not pay the ransom, this actually happens. Dozens of “leak blogs” by ransomware actors can be found on the darknet.

    On the leak blogs, the companies attacked are usually listed in a kind of “hall of shame” with a company logo and brief description. If you are interested in the data as a consumer of these websites on the Darknet, all you have to do is click on “Read more” and you can download terabytes of company data. Of course, this is not legal, even as a consumer of this data (this is not legal advice).

    What data is leaked on the dark web?

    All data that you have to deal with on a daily basis in your day-to-day business. For example, stolen copies of ID cards, e.g. from an application process, can be found on the leak blogs. Internal correspondence, invoices and construction plans are also frequently found there.

    Stolen credit card data

    Stolen credit card data is also still being offered for sale on the darknet. Due to the security measures (two-stage verification, e.g. via an app) taken by the credit institutions, these are a little less interesting today than they were a few years ago. Nevertheless, there are still websites on which goods can be ordered without these security measures. And depending on the type of credit card data offered, it is still possible to transfer it to a blank card and make purchases “offline” at the owner’s expense.

    Legitimate purposes

    There are countries in which access to the Internet is massively restricted and/or monitored. This makes access to information extremely difficult in some cases. International news portals are sometimes inaccessible in these countries. The Dark Web can help here.

    For example, the BBC website is also accessible on the Darknet (press release). The DW website (press release), the New York Times (press release) and The Guardian (press release) are also on the Darknet, along with a few others.

    The dark web is also an opportunity for journalists reporting from such countries to communicate with their colleagues from other countries.