20 Years In The Dark | The Dark Web Turns Twenty: What Does This Mean For A CISO?

Infamous for its illicit trade and now the adopted home of malware authors, purveyors of ransomware and other misappropriated data, the Dark Web (aka Darknet) has been around for two decades. While not everything on the Dark Web is shady – there’s plenty of traffic hidden from sight that is sometimes in the public good – there’s no doubt that it has acquired a reputation as a place that harbors malcontents and threat actors who might be planning on attacking your enterprise.

How the Dark Web Started 20 Years Ago
The Dark Web was officially launched in 2000 with the release of “Freenet“: a peer-to-peer, decentralised network, designed to make it less vulnerable to attack and snooping by authorities and states.

Freenet was the brainchild of Ian Clarke, who developed the concept and the software tools required to support it during his studies at Edinburgh University. For his thesis project, Clarke created “a Distributed, Decentralised Information Storage and Retrieval System”, through which he hoped he could provide freedom to communicate without the fear of being tracked online.

Freenet is still available today, and it is still free to use. However, the hardcore cybercriminals were at this time still using other platforms for their needs such as imageboards like 4Chan and IRC channels.

Peeling the Onion
On 20 September 2002, the The Onion Router (or TOR) Network was created by computer scientists Roger Dingledine and Nick Mathewson. Surprisingly, this semi-anarchist project was mostly funded by the US Naval Research Laboratory, which wished to facilitate safer communication with intelligence sources around the world. This is a critical point. The TOR network is not inherently evil, nor was it architected with bad intent.

There has always been a need to facilitate a higher level of security communications. This network allows for anonymous sources to be protected in hostile regimes, for example. The adoption of the TOR network by criminals is an unfortunate side-effect, but the value of the network should not be weighed based solely on that as there is also a percentage of legitimate and good activity as well.

In 2004, the Naval Research Laboratory released the code for TOR under a free license, and the Electronic Frontier Foundation (EFF) began funding Dingledine Mathewson and others to continue its development, until they launched “The TOR Project”, a non-profit organisation to help maintain the network.

The Onion Router is the most popular means by which people today access dark web sites. TOR has several search engines, directories and hidden wikis that users can use to navigate their way around the dark web and find the kind of sites they’re looking for.

TOR greatly simplified access to and use of the Dark Web, and this has led to an explosion of sites offering almost any type of service imaginable, especially for contraband and illicit material – both physical and digital content – using a variety of online payment services like Paypal and Western Union.

Cryptocurrencies, Revolutions and the NSA
It wasn’t until around 2010 when cybercriminals really took to the platform. Forums like the Silk Road netted millions of dollars for their administrators with the aid of another technological development: cryptocurrencies, particularly Bitcoin (BTC) and, later, Monero. Cryptocurrency enables the anonymous transfer of funds and provides a nearly complete smokescreen for both buyers and sellers.

Later, the Dark Web was used by hacktivists such as the Anonymous collective and Middle Eastern hacktivists involved in the Arab Spring to coordinate attacks on countries, organisations and enterprises.

Darknet users who value their privacy and anonymity also make use of virtual private networks (VPN). The reason for that is to disguise the fact that the user is actually connecting to TOR at all. Without a VPN, even though you may be anonymous, your use of TOR is not. It has been claimed that the NSA tracks the IP addresses of everyone who visits a TOR website, regardless of the content. According to leaks from whistleblower Edward Snowden in 2014, the NSA also collects the IPs of anyone using FreeNet, HotSpotShield, FreeProxies, MegaProxy and Tails. Hence, VPNs are part-and-parcel of the darknet user’s technology stack.

What About the Dark Web Today?
Although the FBI took down the Silk Road and activities have declined in recent years, the Dark Web is still a haven of illegal activity. Researchers at King’s College in London classified the contents of 2,723 dark web sites over a five-week period (2015) and found that 57% hosted illicit material.

The rest is largely a mixture of political dissidents, journalists, and whistleblowers mixed in with a motley crew of people trading borderline-legal goods and services. White hat, grey hat and black hat hackers also all make use of the darknet for sharing techniques and various software kits that could be used for both educational and illegal purposes.

How is the Dark Web Relevant to a CISO?
The fact that this network exists is in itself no cause for concern. Cybercrime existed before it was fully developed and will continue even if it were to shut down today. Even in that unlikely event, the same traffic would most likely migrate to social media or encrypted messaging apps like Signal, Telegram and WhatsApp.

But in all likelihood, the cybercriminals who are, or might be, relevant to your organisation are active on the Dark Web today. Employing proactive threat intelligence from Dark Web sources can provide security teams with additional information that might prove useful for securing against future threats.

Here are some examples of how Dark Web intelligence could be relevant to your security operations:

• Tracking the development and sale of malware/exploit kits
• Monitoring data dumps that could contain your IP
• Finding stolen credentials such as login passwords belonging to your organisation
• Discovering vendors on the Dark Web actively selling access to corporate networks and MSPs

The Dark Web has been around for two decades, and it seems that it will continue to be with us for some time yet; its shape could change, but its function will likely remain the same. It is real and won’t disappear just by simply looking the other way.


By Yotam Gutman, Director of Marketing at SentinelOne

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.