by Tyler Carbone
Chief Operating Officer, Terbium Labs
What is the dark web? Finding consensus on the answer to that question is surprisingly challenging. Typically, studies discussing cyber threat and the dark web focus on sites hosted on hidden services within the Tor network. These sites—accessed by URLs ending in “onion”—are only accessible through Tor, an Internet overlay proxy network that users most frequently access with a special browser called the Tor Browser. Tor hidden services are outside the reach of a standard Internet browser and are set up so that both the hosts and the visitors of those sites are anonymous.
While many measures and discussions of the dark web focus on these hidden services, the dark web is bigger than just hidden services. A large number of sites customers classify as the dark web don’t live on Tor at all; they are hosted on the regular Internet and can be accessed from any browser. Often, these sites are simply hosted in countries where running, for example, a marketplace for stolen credit cards is not grounds to be shut down. For instance, many major fraud markets that claim to provide credit cards or bank accounts live, technically, on the clear web, and popular exploit sites exist steadily on even the most common top-level domains, even dot-coms.
At Terbium, we think about the dark web as anywhere on the Internet that our customers wouldn’t want to see their data appear, either for sale or for vandalism purposes. These locations range from forums on Tor hidden services to clear web carding marketplaces hosted in Eastern Europe to paste sites such as Pastebin that may be used largely for legitimate purposes.
What makes the dark web dark?
Recently, a global poll conducted byIpsos showed that 70 percent of people believe the dark web should be shut down. The idea of shutting down the dark web is likely to struggle to gain traction. Because, at the end of the day, the dark web is simply a series of independent websites hosted on both the clear web and as hidden services within the Tor network. Even if it were possible, or advisable, to shut down Tor entirely, doing so would do little to curb sites that may not even be hiding, except by virtue of being in countries with laws that do not touch them. Thinking of the dark web as a single entity isn’t entirely accurate, and shutting it down is not as simple as flipping a switch.
The issue is further complicated by the ambiguous nature of Tor itself. In addition to hosting a variety of illicit content, the Tor network is also a tool for free speech in regions that may seek to censor citizens. As a result, in addition to a lot of the so-called dark web existing outside the Tor network, much of the activity occurring within the Tor network is largely considered positive.
Criminal activity does occur on the dark web, but it’s hardly as shady or mysterious as it’s often made out to be. The dark web, criminally speaking, is primarily a place of business, and it mirrors traditional ecommerce far more than you might expect. Major markets allow you to browse through subsections of their websites to see what kinds of offers are available. You can filter your search results by vendor rating or sort your results by price. Vendors rely on reputation, advertisements and sales—Black Friday is a big sale day among fraud dealers, while drug dealers favor Halloween or New Year’s Day—just like traditional retailers.
Shining reviews from satisfied customers are a popular way for vendors to promote their shops, and fraudulent transactions—yes, even for fraud purchases—are quickly flagged as scams to warn other customers. Forums discuss the best places to find deals, who you can trust and how satisfied buyers are with their latest orders—not unlike typical forums on the clear web.
MINIMIZE THE THREAT OF THE DARK WEB
The reality is that the dark web—some of it on Tor, some of it on clear web sites—is made up of sites and activities that pretty closely mirror offline crime statistics. The majority of it is drugs, and of what remains, much of it is financial- or fraud-related crime. At times, the dark web is a disappointingly mundane corner of the Internet. Therefore, at Terbium our approach is to provide our customers with an affordable, automated and fully private tool to monitor for the appearance of data or discussions that they wouldn’t want to be public. Precisely because of how routine the transactions on the dark web can be, not ignoring them as well as not overreacting to them is equally important.
What can we do about the dark web?
Nevertheless, the question remains: Should we shut down the dark web? Here are some other questions that will be up for discussion among a panel of experts exploring the dark web, 28 June 2016, at 1 p.m. Eastern:
· Why are deep and dark web actors so much more challenging to identify?
· Can we permanently shut down the dark web? Would we want to? Why or why not?
· What type of illegal activities are conducted on the deep and dark web?
· What challenges does the dark web present for law enforcement agencies?
· What should be the government’s role in policing the dark web?
· What should or can private sector entities do in the deep and dark web?
Attend the live panel discussion for answers to these questions and more.
Bob Stasio is a senior product manager of cyber analysis with IBM i2 Safer Planet. Stasio has nearly 14 years of expertise fighting top-tier malicious actors in the intelligence community, the US military, the National Security Agency (NSA) and the commercial sector. He also served on the initial staff of the US Cyber Command. During the troop surge of 2007, his intelligence unit supported the detainment of more than 450 high-value targets.
Tyler Carbone is a technology entrepreneur with a business and law background. A graduate of Harvard University and the University of Virginia, Tyler has cofounded and successfully sold two technology companies. He has consulted and advised a variety of clients, ranging from a Fortune 500 financial services company to local start-ups. Tyler currently is COO at Terbium Labs in Baltimore, Maryland.
Scott Dueweke formed Zebryx Consulting in 2015 to provide public and private sector clients an understanding of identities and alternative payment systems—both risks and rewards. Dueweke is an expert on identity and anonymous payments on the Internet, and he regularly advises senior leadership within financial institutions and the US government. He previously provided similar services for Agilex and from 2006–2014 with Booz Allen Hamilton.
Michael Goedeker is an author and researcher at the front end of cyber warfare, espionage and crime and researching academia, press and security professionals globally.========================================= Good Netiquette And A Green Internet To All!
Special Bulletin - My just released book,
is now on sales at Amazon.comGreat Reasons for Purchasing Netiquette IQ
· Get more email opens. Improve 100% or more.
· Receive more responses, interviews, appointments, prospects and sales.
· Be better understood.
· Eliminate indecisin.
· Avoid being spammed 100% or more.
· Have recipient finish reading your email content.
· Save time by reducing questions.
· Increase your level of clarity.
· Improve you time management with your email.
· Have quick access to a wealth of relevant email information.
Enjoy most of what you need for email in a single book.
=================================**Important note** - contact our company for very powerful solutions for IP
management (IPv4 and IPv6, security, firewall and APT solutions:
Another Special Announcement - Tune in to my radio interview, on Rider University's station, www.1077thebronc.com I discuss my recent book, above on "Your Career Is Calling", hosted by Wanda Ellett.In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” has just been published and will be followed by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
In addition to this blog, I maintain a radio show on BlogtalkRadio online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahooa member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ and PSG of Mercer County, NJ.
I am the president of Tabula Rosa Systems, a “best of breed” reseller of products for communications, email, network management software, security products and professional services. Also, I am the president of Netiquette IQ. We are currently developing an email IQ rating system, Netiquette IQ, which promotes the fundamentals outlined in my book.
Over the past twenty-five years, I have enjoyed a dynamic and successful career and have attained an extensive background in IT and electronic communications by selling and marketing within the information technology marketplace.Anyone who would like to review the book and have it posted on my blog or website, please contact me email@example.com.