Mark Lanterman | March 23, 2018
As a cyber security expert, I often present on the Dark Web and its impact on the average person, the average Internet user. The Dark Web is a term used to describe the approximately 83 percent of the Internet that remains inaccessible through the most common search engines.
The Dark Web is frequently used by people searching for illegal drugs, child pornography, hacking services, and stolen credit and debit card numbers. While not every service and product advertised in this marketplace is necessarily illegal, it is widely recognized that the Dark Web is the place to go for the illicit and the illegal.
Though the Dark Web isn't as easily accessible as the brighter 17 percent of the Internet that we typically access, knowledge of its associated risks is relevant for everyone interested in maintaining a strong cyber-security posture. While we may not be directly delving into the Dark Web, I have often observed that people that end up doing just that start out very slowly.
Thinking of the Dark Web as akin to the deepest recesses of the ocean, websites like Ashley Madison, legal pornography, and gambling websites among other more illicit sources on the Internet can be thought of as being the upper depths that individuals journey to before ultimately going deeper and getting more and more involved. One such person was Stephen Allwine.
I recently provided digital forensic analysis in the case of Stephen Allwine, a man recently convicted of killing his wife after attempts at murder-for-hire via the Dark Web failed. In addition to observing the historical narrative of Mr. Allwine's extensive access of the Dark Web, I also observed that, before diving right into what the Dark Web had to offer, Mr. Allwine started visiting Ashley Madison. This website's purpose is to facilitate extramarital affairs. Mr. Allwine's affairs initiated through this site fueled his Dark Web activity and ultimate crime.
It's important to remember that the Dark Web is not as distant from us as it may seem. Another element of this case was Mr. Allwine's use of bitcoin to conduct illegal transactions. In recent months, bitcoin's popularity among the average Internet user has further demonstrated the Dark Web's influence and growing legitimacy.
While bitcoin is, of course, not solely used for illegal transactions, its use as a Dark Web cryptocurrency far outdates its recent commercial success. On the Dark Web, bitcoin is the preferred cryptocurrency for its ability to bypass global exchange rates and its ease of use, but primarily for its comparative anonymity in completing transactions. However, even bitcoin isn't perfectly anonymous—bitcoin wallets can be tracked and, in the case of Mr. Allwine, a saved note on his laptop backup revealed a bitcoin wallet address that matched a payment to the Besa Mafia, a service that had been offering murder-for-hire services.
While you may not necessarily be on the bitcoin bandwagon and buying it up as an investment, many organizations are forced to get familiar with it as quickly as possible when they become victims of ransomware.
Ransomware is a type of malicious software used by hackers that locks particular files or a complete system until a payment is made by the victim. For the reasons previously listed, bitcoin is often the required payment method. These attacks are often time-sensitive and force organizations or individuals to make payments as quickly as possible. In these instances, the Dark Web has a great impact in its facilitation of cyber attacks.
In addition to the risk of ransomware attacks, no one is immune to becoming a victim of identity theft as a result of having information posted to the Dark Web without his or her knowledge.
While many think of the Dark Web as being a hub of stolen credit and debit card numbers, I think many are also surprised when they learn that the most valuable data on the Dark Web is actually compromised medical information. All types of personal information are available for sale on the Dark Web, often sourced from high-profile data breaches. But, beyond a stolen credit card number, people can be made victims of identity theft with the kinds of personal information available about them on the Dark Web.
While doxxing can be conducted via legal personal information reseller websites, the types of information available on the Dark Web often goes a step beyond, supplying cyber criminals with Social Security numbers, dates of birth, and everything required to completely capitalize on another's identity.
In sum, the Dark Web poses a cyber-security risk to anyone on the Internet. Though accessing the Dark Web to patrol for your personal information is not advisable, being aware of its potential impact in facilitating cybercrime is important in developing a sound cyber-security protocol. Limiting the sharing of personal information, staying apprised of recent cyber threats including ransomware, and following steps to mitigate risk in the wake of high-profile data breaches are all great steps in a proactive approach. Additionally, acknowledging the slippery slope of questionable "gateway" sites to the Dark Web can help keep you and your family safe from what the Dark Web encompasses.
Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.