In this age of growing technology, we trust the Internet. We trust it with making secure payments, storing our medical history and sharing personal photos with family and friends. We trust a website when it claims our information is safe from intruders and that when our information is posted privately, it is only ours to see.
However, once information is posted, sent, or clicked, it is public. Hackers can crawl into these supposedly private portals and extract information.
The vast Internet consists of three layers. The first layer is public, consisting of sites we use frequently such as Facebook, Twitter, Amazon and LinkedIn. This layer makes up only 4 percent of the entire Internet.
What is the other 96 percent? The deep web and the darknet. The deep web, the second layer, is a network where data is stored in inaccessible databases. The darknet is the third, deeper layer of the Internet where hackers congregate and facilitate illegal meetings. Customers whose data is breached do not have access to the darknet.
Tor (originally short for The Onion Router) began life as a U.S. Navy project for anonymous online activity but is now used by a wide range of groups, including the military, journalists, bloggers, activists and, yes, criminals. Tor makes communications harder to trace through traffic analysis by routing Internet activity through a series of network nodes, each ignorant of the whole route from beginning to end. The trade-off for increased security is slower speed.
To surf the darknet, we use a browser that allows us to access .onion sites with call browsers like:
- Tor Browser
- Onion Browser
Or, websites like “Tor2Web” and “Onion2web” can be used, which allow users to easily access .onion sites on browsers like Google Chrome. As easy as this may be, it guarantees that your IP address is exposed – and when this happens, you’re open to all sorts of attacks from hackers.
Here are some steps to protect your computer:
- When users surf the darknet, it opens up their computer to possible malware and scans that can compromise their network. Do not surf the darknet from a work computer on your work network. Use a computer that you are willing to rebuild, and use a VPN to protect your network connection. I would also advise using software that can protect your computer from any unauthorized changes such as:
- Deep Freeze
- Be safe and do not enable any Macros or scripts on a .onion site
- Do not download files off untrusted or unknown sites.
- Do not buy anything on the darknet because there are lots of scams. Buyers may never even hear from the seller, and what you are buying may be illegal.
- Be careful of what you may find on the darknet because it could be related to something illegal – drugs, weapons, hackers, pornography and classified data. You may have to report to the authorities what you find and explain what you were doing. Furthermore, nearly all darkweb transactions use cryptocurrencies like Bitcoins, so it’s completely untraceable, and a refund is usually out of the question.
- Do not make friends or enemies on the darknet; messing with a hacker can potentially ruin your life.
- You can use services that will search for you, or allow you to search in a secure manner, like Harris corporation’s TORNADO.TM
What are some reasons to search the darknet? There could be company data that may be on the darknet now, such as user name and passwords, network maps, and other confidential data that could be problematic. Once users become good at searching the darknet, they can create a seed file. A seed file is kept internally by companies. Finding them on the darknet is an indication that the company has been compromised.
Editor’s note: To learn more about this topic, an archived webinar, “The Dark Web – A Threat To Your Business?,” is available at www.isaca.org/Education/Online-Learning/Pages/Webinar-The-Dark-Web-a-Threat-to-Your-Business.aspx.
Jay Ferron, C|EH, CISSP, CHFI, CISM, CRISC, CVEi, MCTIP, MCSE, MVP, NSA-IAM, past president Greater Hartford ISACA Chapter, Interactive Security Training, and Tim Singletary, CISSP, CISM, CRISC, CTT+, C|EH, Security +,A +,Net+ ,Linux+, Harris – Information & Cyber Solutions
[ISACA Now Blog]