Did you know that what you’re seeing on the Internet is just one slice of what’s really available? Most people access the Surface Web, which offers content accessible to the general public and for indexing by a search engine. However, there’s another side to the Internet called the “Dark Web.” And to get to it, you need a special tool.
If you were searching for a site, you’d go to Google, type in the name and click on the link. However, with anonymizing software called Tor, someone looking for that same site would have their request bounced randomly through volunteer computers before exiting Tor and arriving at the site. What’s the purpose of this? It makes their online movements virtually impossible to track.
Some people view the Dark Web as the seedy back alley of the Internet. And in many cases, they are right. Everything from illegal guns and drugs to child pornography and human organs are for sale. Stolen customer information, such as credit card and social security numbers, are also available…for a price.
However, surprisingly, Tor wasn’t created by a group of hackers or cyber criminals. Rather, it was created by the U.S. Department of Defense to encourage the sharing of information. In fact, Tor’s website reads that it was: “Originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others."
The U.S. government continues to use it to help people gain access to censored information with repressive regimes. It also gives individuals known as “whistleblowers” the ability to share useful information without having to worry about revealing their identity. That being said, Tor is still primarily used to engage in criminal activities; in fact, it’s estimated that more than 70% of the activity on the Dark Web is illegal.
For instance, the Silk Road was a website on the Dark Web that operated like sites such as eBay and Amazon. The main difference? The products sold, from counterfeit money, fake IDs and stolen credit card information to illegal drugs and even hit-man services. Purchases were typically made using electronic currency known as Bitcoin, which can’t be traced like a credit card.
In 2013, after two years of service, law enforcement identified the creator of the Silk Road, Ross Ulbricht, and shut the site down. Ulbricht has since been convicted on seven counts and faces a minimum of 30 years in prison. The counts included drug trafficking, conspiracy to commit money laundering, conspiracy to commit computer hacking, and a kingpin charge.
And the Silk Road is only one example of the kind of criminal activity that takes place on the Dark Web. Almost immediately after the Silk Road was shut down, similar sites started appearing. The Silk Road 2 operated for about a year until it was shut down in 2014. The current Silk Road is known as “Evolution” with 26,000 product listings.
It’s clear that with today’s technology, all you need is one good hacker, or one dishonest employee, to steal data and continue providing the Dark Web with unlimited inventory. What can you do to protect your company and its digital assets?
- Have a professional, certified financial forensics expert conduct a surprise audit. If you don’t know what parts of your business are vulnerable or what data you have that needs to be protected, you can’t properly secure it.
- Have an independent certified forensic examiner (NOT your audit firm) conduct a financial forensics exam of high-risk areas.
- Promote strong ethics throughout the organization. Your staff is your front line of defense when it comes to security. Vigilance can ensure that human error – which is a big cause of data security breaches – is minimalized.
- Set security policies and ensure employees follow them. For example, insist that all notebook computers connected to the corporate network have security software. Mandate that no security information ever be given over the phone.
- Follow best practices, such as using strong and multiple passwords.
- Implement a multiple security technology solution. Having multiple layers of security technology on all your different devices (including each desktop, mobile device, file server, mail server, and network end point) will block attacks on your network and/or alert you to a problem so that you can take the appropriate action.
There are many people out there who will go to great lengths to illegally access your company’s data and sell it via the Dark Web. It’s up to you to integrate security into your corporate culture and consistently evaluate the risks of every interaction with networks, devices, data, and of course, other users, including internal employees. That process begins with having a financial / technology forensics audit performed.