In order to best protect your company from shady online activity, you need to familiarize yourself with the basics. Learn about the different players involved in the dark web to better recognize vulnerabilities in your own system.
The first bad actors in the dark web value chain are called “Breachers”—and they don’t actually steal anything. Instead, they break into your network by buying credentials online or spear-fishing employees. Breachers are very careful to remain undetected so that once they’re in, they can create a permanent presence by installing back-door software.
After breachers gain access to your company’s information, they sell that back-door access to “exfiltrators”. These dark web users buy access to your network from breachers and surveille activity to determine where files are stored and databases are located. Once exfiltrators have identified the information necessary for a hack and collected “saved password” files from web browsers and operating systems, they begin streaming data out. This stolen information is often compressed and encrypted in hidden files that remain on the computers the hackers silently exploit.
Exfiltrators then sell bulk collections of breached information as highly-demanded, valuable resources to various, specialized “data miners”. Data is sold in bulk by the gigabyte and processed through big-data cloud engines or old-fashioned sweatshops with low-wage employees to extract valuable marketing information, intellectual property, decrypted passwords, personal health information, personal identity information, credit card data –literally anything of value. After a successful breach, your company becomes just another attribute of value, providing unlimited, silent access to data.
The next step in this chain of suspect events is bundling and distribution. Stolen data gets bundled by type and sold into an online market where distributors can purchase data in bulk. This data can include anything from social security numbers and email addresses to wire-instruction samples for spear-phishing and intellectual property. Because of this organized system, buying information about specific companies that includes numerous employee contact information and passwords is extremely easy.
Distributors then sell bundles to retailers, creating an open market for stolen information. These retailers are similar to Ebay or Amazon, acting as third-party sellers of information and selling in bulk. This stolen information can be extremely valuable including credit card data, banking credentials, and more. In fact, I’ve personally purchased my own identity information from a retail outlet on the dark web, and I can verify the process is not difficult.
Just as in the real world, the retailers take the most risk, have the highest overhead, and charge the biggest markups. When you hear about a major Dark Web bust such as the Silk Road breakup that occurred a few years ago, it’s a retailer that is being taken down, not the individual breachers or data miners. Because of the anonymity of upstream distributors, new retailers with the same workers simply pop up to replace others as they are caught.
The people buying from the retailers on the dark web are the direct criminals exploiting your data: Carders, who buy stolen credit card information and run purchases on them, Breachers who close the economic loop by purchasing stolen credentials to further the cycle, and Nation-State Actors who purchase stolen Intellectual Property, PII, and PHI for their clandestine activities, and Private Intelligence companies who buy dark web information and upsell it through consultants into private corporations to spy on their competitors and steal their secrets.
There’s even a substantial “thrift shop” market on the dark web: old data that’s already been exploited for profit and abandoned by the original buyers. This market is littered with everything from bulk sets of credit cards that are mostly deactivated to old password files that have been merged into bulk common password datasets to be used to create password decryption dictionaries. It is from these markets that spear-phishers are getting the comprehensive insider information that they use to insert false wiring instructions that look and sound real. It’s how APT threat actors simply buy access directly into a target company.
This hacking economy guarantees that you will be found eventually. Just as capitalism guarantees that all the oil in the world will be found, extracted, refined, and sold at retail, Bitcoin now guarantees that every bit (pun intended) of value that is easily available will be found, it will be correlated, it will be bundled, and it will be retailed. The emergence of Bitcoin is directly responsible for the dramatic increase in data breaches you read about in the news. The combined value of all of these data breaches, about $100B annually, also provides the fundamental basis value of Bitcoin and the other minor cryptocurrencies.
How Connetic Can Help
Connetic solves IT; it’s as simple as that. The Connetic team has the unique training, knowledge, and expertise necessary to ameliorate the risks caused by the new hacking economy by implementing real security for our clients through comprehensive security audit practices, security framework compliance, and the comprehensive implementation of security solutions such as multi-factor authentication, log aggregation, and our 24×7 alerting and monitoring infrastructure.
Connetic achieves superior data security for their clients by implementing simple, yet effective, multifactor solutions on all of their information services, including cloud service, traditional server-based services, and bring-your-own-devices. Learn more about Connetic’s approach to data security: CLICK HERE.