EDITOR’S QUESTION
MAJID KHAN, MSS
ARCHITECT AND CSOC
MANAGER AT HELP AG
accessible by standard web browsers. Through use of
specialised networks, this hidden Web makes it possible for
users to remain completely anonymous. Again, some users
simply leverage this anonymity to protect their privacy
while others use it to engage in illegal activities.
Here, one may find market places, similar to eBay, selling
things like leaked credentials, credit card data, forged
documents, and Malware kits - some even with a ‘buy
back’ guarantee if they don’t work.
I
n order to better assess threats or use of the dark web, it’s
important to understand what the dark web really is and
what role can it play for organisations that are concerned
about its security. The Internet can be broadly divided into
three aspects of the Web. These are the Surface Web, the
Deep Web and the Dark Web.
The Surface Web refers to the normal internet that we browse
day in and day out. This is anything that can be crawled
and normally indexed by popular search engines - generally
believed to be less than 10% of the whole web.
Next is the Deep Web - this is the area of the Web for which
access is controlled. Search engines may not be able to
crawl through it and you may not be able to directly access
it, because in some cases it is protected by passwords; or
simply because no hyperlinks to such content exist for one
to browse. This is where most – almost 80–90%– of web
content exists. This does not mean there is anything illegal
in such content, this could be anything like companies’
databases or any internal information for which the intended
audiences are limited.
If we go deeper into the next layer of the Web, which attracts
a lot of interest from a security perspective, we find the Dark
Web. This section is intentionally hidden so as not to be
86
INTELLIGENTCIO
The anonymity of the financial transactions related
to these purchases is also maintained by use of
cryptocurrencies like Bitcoin. Of course, there is a good
chance of being scammed too. Navigating the Dark Web
also requires knowing where to go and resources such as
Dark Web Wikis help users find sites of interest. You may
also find ‘hackers’ discussing new vulnerabilities, attack
campaigns or attack targets. Access into some Dark Web
sites is controlled too, as they want law enforcement,
reporters and others to keep away from their website.
Some Dark Web sites are accessible by invitation only and
some may even require you to prove your skills, often by
hacking some websites before access is granted.
Due to the nature of the content available on the Dark
Web, it is important for security focused organisations
to consider intelligence from the Dark Web to be an
important aspect of their security strategy and therefore
included in their Security Operations Centre (SOC).
Intelligence from the Dark Web can help organisations be
aware of breaches related to their organisation, planned
attack campaigns, and new vulnerabilities which may impact
their organisation.
Getting this visibility from the Dark Web can be very
tricky, hence there are security companies who specialise
in offering this as a service. They basically harvest
information from the Dark Web and make it available
to organisations as part of the service. It’s like accessing
‘useful’ Dark Web content without actually being in it.
To summarise, it’s important for organisations to
include intelligence from the Dark Web in their security
strategies, this will help them better predict and respond
to cyber security breaches.
www.intelligentcio.com