Tuesday Morning Grind, Ep 10 - Dark Web Monitoring

Podcast Summary

We have all heard of the infamous “dark web”. The place where hackers live and criminal activity prevails. At least that’s what pop culture says.

In this episode of TMG, Shane and Christian provide an overview of the Dark Web, talk about “Dark Web Monitoring”, and discuss how you can integrate it into your security program.

Dark Web Monitoring

What is the Dark Web?

  • There are different layers of information, services, and websites that comprise the World Wide Web
    • Surface Web: Portions of the web that is indexed by search engines and and readily accessible by the general public.
    • Deep Web: Content and services accessible on the web but not indexed by search engines. Includes private forums and wikis and business applications or services that might technically be accessible not not indexed for search.
    • Dark Web: Information only accessible via special software and protocols (i.e. Freenet, Tor, Invisible Internet (I2P))
  • There is no mapping of the Dark Web and the Dark Web is not just some place.
    • There is no way of knowing how much of it your are monitoring.
    • It is not easy to gain access to the best forums. These forums are designed to evade law enforcement and keep people out.

Why Monitor the Dark Web?

  • Discovering the selling of sensitive credentials may reveal a serious threat to your organization.
  • Depending on your industry, not detecting the theft and selling of your stolen information may increase liability.

Risk, Concerns, and Regulatory Concerns

  • If you are performing monitoring internal to the organization, your employees may be coming in contact with contraband.
    • This data will be stored on company owned machines and traversing company networks.
    • Viewing some of this information may cause mental harm to your employees.
  • To gain access to sensitive information or forums, you may have to first purchase illegal information.
    • There are legal implications of purchasing stolen information.
    • If you purchase information from an organization classified as a terrorist organization, there are additional legal considerations.
  • Accessing a forum via an unauthorized matter is illegal in the US. Even if that forum belongs to the bad guys.
  • Only passively collecting information is completely in the safe zone legally.
  • There is a large probability of being a victim of cybercrime when trying to access Dark Web forums.
  • All activities undertaken by a company should take place under the guidance of legal advisory.
    • Create a Rules of Engagement policy.
    • Assume you will eventually be investigated by federal investigators.
    • Ensure systems are properly hardened.

Further Reading on Dark Web