The dark web is a growing concern in the cyber-security space and has been the subject of numerous, recent, crime-related headlines.
For users who access it, the dark web is a part of an anonymous network known as the ‘deep web’. It’s made up of a large assembly of data and domains not accessible through typical search directories such as Google on the ‘surface net’. The dark web and deep web are often confused as being the same thing, though, in reality, the dark web represents just a small portion of the deep web, but one where the majority of cyber-crime-related activities take place.
The dark web is most commonly accessed through ‘Tor’, a web browser that allows users to access websites anonymously, retaining communications between users and web servers on an encrypted network and ‘defending’ them from the various forms of network surveillance that impede true privacy.
This anonymous nature of the dark web has made it an obvious hot spot for a host of malicious and illegal content. Drugs, weapons, illegal pornography and hacking services are among the nefarious bounty on offer. The majority of goods and services are sold on store-like sites, such as the now infamous ‘Silk Road’, and transactions are done using cryptocurrencies such as bitcoin in order to retain 100% anonymity. With no overriding authority and nothing traceable, criminals and cyber-criminals have found room to stretch within the dark web and are able to put their anonymity to the test.
Accessing the deep/dark web through Tor via an organization’s network can come with severe risk. Though Tor is used as an anonymous and secure service, it can undoubtedly cause damaging exposure to a network and the sensitive information held on it.
Vulnerabilities can be detected in Tor’s ‘exit nodes’ – this is the gateway that will decrypt traffic sent through Tor. Because the dark web is a free-for-all in most cases, an exit node can be used by anyone, and that certain person can access bits of data that is passed through the exit node such as usernames and passwords used in sessions.
Other security risks include the bypassing of network/company security measures which can be illegal and rule-breaking, the risk of malware/botnets attached to files from exit nodes, information theft, and even blackmail – these are all not uncommon.
Prevention the key to safety
As is the case with all cyber security related issues, maintaining prevention is far better than being forced to search for a cure. The keys to successful prevention are as follows;
- Employee Training – Make it known to all network users that use of Tor use is not permitted. The majority of network security issues within organizations stem from a simple lack of knowledge and understanding relating to risk. In many cases, providing network users with an understanding of Tor and the risks and implications relating to its use will be enough to significantly reduce potential exposure.
- Ensure endpoint blocks – Administrators/security analysts are able to block certain .exe files or hashes belonging to Tor from being downloaded or installed. Reducing administrator privileges and the use of personal USBs can also help reduce risk.
- Implement IP Blacklisting – Although primarily a small preventative measure, compiling a blacklist of known Tor entry node IP addresses can help prevent deep web access from the network-side. Ensuring this blacklist is consistently updated with Tor-related IP’s as they become known is also a key component to guarding against exposure.
Due to its anonymity and network-switching capabilities, it can be extremely difficult to ensure users are unable to access the dark web via Tor using an organization’s network. However, if the proper measures are put into place, Tor access can be greatly reduced and this preventative action could save networks from, what can be, highly disruptive and damaging exposure.