Just as in the physical world, there are hidden corners in the cyberspace which lie in shady and darker zones. They are collectively known as Deep Web, i.e. the section of the internet which is hidden from the search engines like Google, Bing, and others.Deep Web is mostly unindexed or is behind some sort of login or invitation based private access walls. Dark Web is further deeper down and is often on other private and anonymous networks such as TOR, I2P, Freenet etc. Contents are often highly volatile and are accessible to only a restricted group of people.The existence of contents in the darker part of the internet comes to light when small bits of information seeps into the Surface web (the open internet which is indexed by search engines). The dark web offers a safe place for people with privacy concerns to anonymously share ideas and views. In addition to this, a huge portion of the dark web is used for criminal gains and to share copyrighted materials. From a cybersecurity point of view, the dark web offers a good platform for cybercriminals to operate outside the law.Monitoring this hidden corner of the Web is difficult but never impossible and will yield a wealth of information in mitigating information security risks and in improving threat intelligence. The catchy point is that at some point in their operations, the dark web users has to market theirstuff on the surface web. Therefore monitoring paste sites, forums and similar surface web points to get the links to the deeper web will be extremely valuable.Dark Web marketplaces are notorious for stolen financial and personal data and trading tools used for cyber crimes.
A study report from Trend Micro System showed that the dark market from different geographic areas are unique and has different strategies in their products and services.An interesting finding is the Chinese deep web market which sells not only software but also hardware used for criminal activities.The overlapping landscape is observed in German and Russian underground markets. Another interesting finding is that even though there are no global deep web markets, there is a collaboration between cybercriminals around the globe and a considerable exchange of knowledge exists between them.Malware constitutes as an important tool used in modern cyber crimes. Malware depends on networks at various stages of their deployment. For example, the exploits kits need network access and the command and control of malware are also network dependent. Dark Web offers a channel for malware communication and makes them immune to legal takedowns.In addition to a private communication network, the dark web offers an anonymous payment channel which makes them untraceable by conventional techniques. Crypto Currencies like bitcoins provide a unique opportunity to hide from money trails.Skynet is an example for a malware which used TOR network as its command and control server to remain immune from legal takedowns.Skynet is an example for a malware which used TOR network as its command and control server to remain immune from legal takedowns.Ransomware is recently on a high popularity among the cybercriminals and uses deep web and TOR networks extensively for their communication and uses bitcoin as their form of payment to remain anonymous.One of the biggest challenge as well as the strength of the dark web is its decentralized and anonymous nature. It is extremely difficult or nearly impossible to identify and localize a person on the dark web. So it is a challenging area for digital forensics examiners.While considering the economic aspect of the dark web, there are criminals who make money out of the illegal activity and the companies which monitor dark web activities on behalf of law enforcement agencies and private clients.Companies like Terbium labs and iSight partners (acquired by FireEye) have millions of dollars churning in their dark web monitoring business. An example scenario is detecting data leaks and credit card information on darknet for a particular banking client. The bank can have an earlier warning before illegal transactions start to appear from sales of credit card dumps.Alternate approaches involve more human effort and include undercover analysts and enforcement agencies exploring the darknet and exploring the nature of topics being discussed and identifying the emerging threats.It is also challenging to separate the legit information from scams and false information spreading down the dark web. There can be a false threat which is purely fabricated to misguide the security experts. So it is challenging to identify the ground truth from false messages.Companies should be careful in making decisions to go for dark web monitoring services. Cost-benefit ratio may be different in different sectors. For example, a bank can pay 150,000$ on dark web monitoring if it can save them from fraudulent transactions worth millions of dollars.To conclude, a continuous monitoring of deep web and the dark web will help us to create better tools to mitigate the cyber threats. It will be extremely valuable to build a system for data collection and analysis in the Deep Web to generate more insights on cybercrime landscape. This can help to identify and prevent online extortion, identity theft, digital vandalism etc.