Each day the number of cyber-attacks continues to grow, with the dark web often playing an underlying role.
Cybersecurity awareness among internet users is increasing but isn’t enough to halt such threats.
The tactics used by criminals and hackers are constantly evolving and becoming more sophisticated, making it harder for security experts to stay ahead.
Recent data leaks have shown that dark web marketplaces and forums are a treasure trove for all kinds of illegal products and services.
But cyber-security experts have pointed out that monitoring of the dark web and its activities may represent the winning factor in the war against cyber-criminals.
Surveillance of the dark web may help cybersecurity professionals foresee possible angles of attack and allow them to put more effective preventative measures into place.
Gathering threat intelligence data from the various dark web marketplaces and communities could help with threat analysis and in the identification of possible vulnerabilities and breaches before they occur.
A Future for Dark Web Monitoring?
Monitoring the dark web might be the most effective way of slowing down cybercriminals who currently rely on the lack of such monitoring to continue to their practices.
Research has shown that 80 percent of most system breaches stem from weak or stolen log in details, a huge proportion of which can be purchased from the dark web.
If more organizations were to commit to monitoring for stolen information, the market for personal data would definitely be hampered.
One might ask how monitoring can be carried out in a world where anonymity and secrecy thrives.
To start with, endeavoring to carry out the following steps will form a good foundation for any organization wanting to start monitoring the dark web.
The deep web is an obscure concept for many individuals in law enforcement agencies, corporations and the public in general.
Consequently, education is the first step towards making dark web monitoring a possibility.
Once the essential elements of the deep web are understood, recognizing and dealing with crimes stemming from the dark web will much more straightforward.
For instance, knowing that a web address ending with .onion is related to the dark web is a good starting point.
The more people monitoring and scanning the dark web the better. However, it helps if those people are experts in the field.
Experts in cybersecurity, cyber forensics and computer science can help mitigate risks of a cyber-attack through understanding how the dark web systems operate and the techniques and tactics used.
Meanwhile, working with international partners can help to overcome the borderless nature of cyber-crimes.
Scan the Dark Web for Threats
Knowing where to look is the first step, understanding what to examine is the next step.
Mining for certain phrases or keywords related to organizations, as well as for email addresses, names and any other sensitive pieces of information used by these organizations is a good place to start.
Breaches can go unnoticed for a long time, making the scanning of data dumps on the dark web an important step in uncovering threats or weaknesses.
Some hackers will sit on data leaks for a period of time during which they compile massive collections and then offer them for sale.
Continually scanning for any new data dumps or collections will help uncover any system breaches that may have occurred.
Another method is to search for any mentions of software, systems or assets used by governments or other organizations.
Analysing communications in dark web communities can aid in identifying attacks before they happen. This offers the opportunity to plug the vulnerabilities or reinforce security.
Possible Risks and Limitations
Despite these apparently simple steps, scanning and monitoring the dark web isn’t that easy.
The main drawback is its time consuming nature, requiring seemingly endless working hours to monitor or infiltrate the more secretive dark web markets and communities.
The other drawback is that it requires significant resources.
Some smaller organizations may not possess the necessary resources or technical capability to carry out active monitoring.
Hiring the appropriate experts or training current staff isn’t cheap.
Aside from time and money, a lot is at stake when cybercriminals are at play. Many of the dark web communities and their members are paranoid and grow suspicious when intruders start poking around.
Attempts at infiltration may result in an increased exposure and likelihood of being targeted.
Monitoring without directly engaging will not only offer valuable intelligence but also reduce the risk of being discovered.
In the end, without a clear plan and goal, the whole monitoring process is meaningless.
Surveillance needs to be targeted with a pre-defined strategy in place in order to get the best results.
To Monitor or Not to Monitor?
This is a question that can only be answered by each organization individually depending on a cost-benefit analysis.
How much do you have to lose from dark web threats and how much will monitoring cost you to prevent this?
For some organizations, simply being more aware of the dark web will go a long way towards preparing their cybersecurity team for defence.
For others, monitoring may aid in developing more effective containment of threats. Law enforcement agencies especially may need to increase the resources targeted at deep web surveillance.
However, not everyone agrees with simply monitoring the dark web. Some call for other more stringent actions such as the shutting down of dark web forums and markets.
The issue with this move is that cyber-criminals will only move on to other markets and platforms.
For instance, Silk Road 2.0 came into a life barely a month after the original was taken down by the FBI.
Moreover, existing laws are struggling to govern the dark web as well as the internet in general.
Until a legal framework is in place that can keep up with the evolving technology, surveillance of the dark web is a better option for slowing down the wheels of cyber-criminals and predicting future threats.