The darknet is an invisible and anonymous network within the internet. Here, communications cannot be traced back to users without an awful lot of effort and it’s this anonymity that makes prosecution nigh on impossible and illegal activity oh so simple. This has led to a flourishing criminal community being established, from where members launch well-organised and planned cyberattacks on businesses and organisations of all shapes and sizes,
a fact underscored by a recent story about a district in Saxony-Anhalt declaring Germany’s first cyberattack-related disaster after parts of its administration were completely paralysed for two weeks. According to the Chaos Computer Club, the stolen data is already circulating the darknet, where criminals can buy, view and edit it and cause even greater damage.
The risk of an SME falling victim to such an attack has gone up considerably over the last few years and there doesn’t seem to be an end in sight. A better understanding of the darknet is, therefore, crucial to facilitate risk management.
The darknet is built on the Tor network, which according to Wikipedia, is used by some 2 million people every single day. This network doesn’t have a readable list of web addresses, but it does have Wiki pages and search engines that we know from the normal internet. In contrast to the standard browsers, Tor uses onion routing, in which data traffic is encrypted and routed around the world through several servers. All Tor network domains end with “.onion”—an appropriate term because the multiple layers of an onion represent the layers of encryption and privacy.
As with most technology, Tor is neither good nor bad. It is essentially to allow people to act with a certain level of anonymity and for journalists and those living under a dictatorship, the darknet can be incredibly useful for enabling free speech. At the end of the day, it’s all about how it is used. One thing is certain, In the USA, Germany and Russia, it is more often than not a launchpad for criminal activity.
Cybercrime as a Service offers on the darknet are the reason behind the recent increase in threats faced by businesses. You are never too far away from illegal activity on the darknet and almost anyone can find and request illegal services or get their hands on some stolen goods with just a few clicks and without any special knowledge. While that is a criminal offence, it is much more difficult to track activity on the darknet because of the way it is structured.
Criminals will often use, for example, encryption trojans that encrypt a company’s most important asset—its data. A ransom is demanded and the data sold on to the highest bidder later on. The impact on affected businesses can be huge—expensive downtime, reconfiguration of the IT infrastructure, irrevocably lost data and stolen sensitive information.
The most important questions you have to ask yourself are how you can protect yourself against such catastrophic attacks and how you can minimise the danger posed by the darknet. Managing directors need to consider the following four points:
IT security is by no means simple, but it is absolutely crucial for all companies and organisations. Most importantly, stay on the ball. In business and with this blog. We have plenty of fascinating insights to offer including the business potential that IT security offers your company.