Stealing Data on the Dark Web Just Became Easier
February 1, 2016
“Underground Black Market: Thriving Trade in Stolen Data, Malware, and Attack Services” assumes that the reader knows the basics of the Dark Web. Let’s stake a step back.
Before we talk about stealing data on the Dark Web we must first define what we mean by the Dark Web. Most internet uses never go beyond the surface web, that part of the Web that consists of static Web sites such as Google, Facebook, and YouTube. What makes the Dark Web so interesting is that is it not entirely dark.
In fact, many Dark Web sites and their content are visible to the public. What is not visible is the server addresses which block most people from seeing who is running the sites.
In the article, Candid Wueest talks about a new paradigm for stealing and moving stolen data on the Dark Web. I noted that crimeware-as-a-service lets:
Attackers can easily rent the entire infrastructure needed to run a botnet or any other online scams. This makes cybercrime easily accessible for budding criminals who do not have the technical skills to run an attack campaign on their own. A drive-by download web toolkit, which includes updates and 24/7 support, can be rented for between $100 and $700 per week.
That means that it is becoming increasing easier for criminals to find, access, and sell data. Now you know. Now, anyone, including your local bad actor or your 11 year old, can access and steal data.
Here’s a troubling factoid from “The Tangled World of Stolen Data,” which we assume is spot on: It takes about 205 days for a company detect a data breach, more than enough time for a cybercriminal to sell the data and get it distributed on the Dark Web.
So what can law enforcement agencies do? New advances in Dark Web access, such as I2P, are making it more difficult for these agencies to identify and react to data crimes. What this means is that the law security companies and law enforcement agencies will need to be creative. The FBI ran an offensive image site to get a grip on alleged wrong doers.
Perhaps the Dark Web is not as dark as many assume.
Martin A. Matisoff, MSc, February 1, 2016