fbpx

What Is The Dark Web? Everything You Should Know

(The Good, the Bad, and the Ugly)

Many of us have been hearing about the Dark Web for some time now, but it’s usually in the vaguest terms: we don’t really understand what it is or have a firm grasp on how it might be impacting us. Much like the boogie man of our childhood, we understand it to be something bad but only on the most enigmatic level. In this blog, we’ll take a look at what the Dark Web is, it’s history, and the pros and cons of its existence.

In defining what the Dark Web is, we would be remiss if we didn’t take a moment to distinguish it from the Deep Web, with which it is often confused. Many news outlets fail to make a distinction between the two, but for the purpose of this article (and to be more factually accurate), according to Wikiedia, the deep web is “a reference to any site that cannot be accessed through a traditional search engine,” and the dark web is “a portion of the deep web that has been intentionally hidden and is inaccessible through standard browsers and methods.” Because the Dark Web is not indexed, it can only be accessed via certain networks, such as The Onion Router and The Invisible Internet Project. More on those in a minute.

The Dark Web has a muddied history. But it’s not at all new, and it may surprise you to know that it’s been around for decades. There were a string of articles that came out last year touting the 20th anniversary of the advent of the Dark Web, while other sources claim that a rudimentary form of the web’s underbelly, known as ARPANET, first originated in the 1960s as an anonymous online communications network. But if the Dark Web has been around for so long, why is it that many of us have only started hearing about it in the last few years?

The answer is not complicated. We’ve blogged before about the exponential rise of cybercrime, in the form of  ransomware, identity fraud, phishing scams. And with the rise in notoriety there has come an increased awareness of the places where cyberterrorism has been allowed to flourish unchecked.

The people that made the Dark Web possible actually started out with good intentions. In early 2000, Freenet was launched, and touted itself as a peer-to-peer, decentralised network, designed to make it less vulnerable to attack and snooping by authorities and states. To be fair, it was never squeaky clean, as it was immediately used to distribute pornography and pirated materials, but the amount of nefarious activity was a fraction of what takes place today. Back then, it was seen more as a way to share information.

In 2002, The Onion Router (also known as TOR) was created by scientists who received funding from the US Naval Research Laboratory with the hopes that it would facilitate safer communications with intelligence sources from around the world.

In 2004, the Naval Research Laboratory released the code for TOR to the public, and it quickly became the most popular means by which people accessed the Dark Web. It wasn’t long before people who had more sinister intentions found a way to subvert and take advantage of the fact that they couldn’t be tracked.

In 2010, users started taking advantage of another technological advancement: cryptocurrencies, including Bitcoin, and later on, Montero. The anonymous transfer of funds combined with the ability to do so on untraceable networks seemed like a marriage made in heaven for the sale of nearly every kind of illegal transaction possible. Only 4 years later, in 2014, a study by Gareth Owen from the University of Portsmouth found that the most commonly hosted type of content on TOR was child pornography, with the sale of illegal drugs being almost as popular.

Equally as disturbing is that the Dark Web was used by hackers and cyberterrorists connected to the Arab Spring to coordinate attacks on entire countries. And it’s only been escalating ever since. Last month, we blogged about a government-backed terrorist group in North Korea using social networks to infiltrate security teams at Google. And not to be outdone, hackers routinely market their services the highest bidder. Some have even been reported to track and extort money from pedophiles. It’s not called the Dark Web just because the exchanges happen in the shadows; there are pockets of the web that are so subversive that most people with a shred of morality can’t begin to imagine the goings-on.

However, proponents of the Dark Web state that the bad outweighs the good. Many people feel a sense of uneasiness about their every online movement being tracked. Data such as what sites they visit, what they purchase, and even their political affiliations are easily accessible. How many times have you been on Amazon looking for something, closed out of the app, and then suddenly found yourself looking at ads on Facebook for the very same product?

When the Constitution and The Bill of Rights were written, the concept of the World Wide Web may have been difficult for the Founding Fathers to conceptualize, but they were adamant about keeping the Government out of people’s private affairs so long as no one was infringing on another’s rights. They would have no doubt supported protecting citizens, especially those who are too young to defend themselves and are in need of rescue from sexual predators. But they would have also vehemently objected to a record of someone’s purchases or books borrowed from a public library being turned over to the governing authorities to be monitored and tracked.

For many people, it’s not a black-and-white issue. But it is one that will no doubt continue to be debated as we find ourselves utilizing online services more and more. With COVID-19, we saw entire industries go virtual practically overnight. So we predict that this won’t be the last time we will be blogging about the Dark Web. In the meantime, we’ll continue to keep you in the loop about all things related to your digital integrity. If you have any questions though about how to protect yourself from scammers, hackers, and cyberterrorists, reach out to Buzz Cybersecurity today for a free consultation!

Photo by Sebastiaan Stam from Pexels

Google Asking for Help from the Cyber-Community

Recently, Google announced that a North Korean government-backed hacking group known as the Lazarus Group has targeted members of the cyber-security community who specialize in vulnerability research. Google’s Threat Analysis Group (TAG) stated that the hacking group specializes in using social network groups to target security researchers and infect their operating systems with a customized backdoor malware. It’s believed that the cybercriminals hacked multiple profiles on platforms such as Twitter, LinkedIn, Telegram, Discord, Keybase, and some email to target the Google security team, which focuses on hunting down advanced persistent threat (APT) groups. The threat actors began with creating fake Twitter accounts to masquerade as security researchers, and then reached out on social media to legitimate security researchers.

“After establishing initial communications, the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together, and then provide the researcher with a Visual Studio Project,” said Adam Weidemann, a security researcher with Google TAG.

The Visual Studio Project however came already infected with malicious code that installed malware on the targeted researcher’s computer. The malware contacted a control server and waited for commands. Curiously, not every target received malware. Some simply were asked to visit a fake blog. This led some to speculate that the Lazarus Group was not working alone. The blog hosted malicious code, however, so the end result was still the same: the target’s computer was infected after visiting the site.

Of particular note was the fact that many of the researchers who were targeted and visited the site were running fully patched and up-to-date Windows 10 and Chrome browser versions and still got infected, according to Google TAG. Some believe that the cybercriminals used a combination of Windows 10 and Chrome zero-day vulnerabilities. For those that don’t know, the term zero-day vulnerability refers to an area that needs to be patched but has not yet been discovered by researchers and software developers. In most cases, the hackers discover them first.

To add to the confusion, threat actors authored several online articles and videos that analyzed these vulnerabilities to give them credibility and gain the trust of the researchers they were targeting. One of the targets got wise and called out the threat actors’ video as a fake. Not to be outdone, the threat actors began creating Twitter sock puppet account to refute these claims.

The Google TAG Team is asking anyone who believes they were also targeted to come forward so more information can be amassed about the identity of the attackers, as well as take steps to make sure they haven’t been infected. They’re also advising security researchers to review their browsing histories to check if they’ve interacted with any of the fake profiles or visited the infected blogsite. Google has published a site of all the known profiles here. The infected blogsite is under the domain name (DO NOT CLICK) blog.br0vvnn.io.

The reason behind this attack is of particular interest as well. If successful (and at the time of this blog going to print, there’s still much that is not known about how widespread and how damaging the attacks have been), it could allow North Korea to steal exploits for vulnerabilities discovered by the researchers who have been infected. These vulnerabilities could be deployed by the threat actors in future attacks with little to no cost involved where development is concerned.

Since the attack, which is believed to have been rolled out as early as January 25th, several security researchers have discussed being targeted, but none have actually admitted to having had their systems compromised, so at this time, it’s still early days in terms of figuring out how far-reaching the damage actually is.

For anyone concerned that they have been targeted by the hackers, the Google Tag Team advised:

“If you are concerned that you are being targeted, we recommend that you compartmentalize your research activities using separate physical or virtual machines for general web browsing, interacting with others in the research community, accepting files from third parties and your own security research,”

If you have questions about what preventative steps you can take to protect your business or other assets from a cyber attack, don’t hesitate to reach out to us. At Buzz Cybersecurity, we offer a variety of services including Free Lunch & Learns, Cloud Solutions, Managed IT Services, Infrastructure as Service, Support Consulting, Ransomware Protection, and more.

Every business is different, and we would love to talk with you about tailoring a plan that fits the size of your company, as well as fits your budget. Contact us today for your free assessment!

Image by Sammy-Williams from Pixabay

7 Ways to Protect Your Assets During the Holiday Season

As we close out what has been a difficult year for many, there’s a temptation to slack off being aware of the cyber risks out there, but the holiday season statistically sees an increase in cyberattacks, and experts are predicting that this year will be particularly bad. This year with COVID-19 restrictions hindering in-person activities, online purchases are expected to have a record-setting year. Cybercriminals are anticipating this, and will ramp up their efforts to take advantage of both unaware shoppers and unprotected businesses, looking to exploit sensitive information and data for the purpose of hacking. In this article, we take a look at how to stay one step ahead of the bad guys. We’ve done the research so you can actually enjoy your holidays with loved ones, rather than having to be on guard duty 24/7.

  1. Be Careful With Holiday-Themed Emails. Retailers go out of their way to send out emails touting sales and special deals, and they all look really shiny! And by all means, take advantage of those savings, but understand that phishing emails will also look festive. Pay particular attention to an email if you don’t recognize the sender, or it’s rife with spelling errors. That might be a clue that someone overseas is trying to get you to give your credit card information, or open an email with a virus attached to it.
  2. Slow Down. We’ve all clicked on a deal, only to see a pop up telling us that the special price is only available for a limited time—sometimes only minutes! Personally, I click right out of these because retailers often use this tactic to pressure you into making a bad decision that will result in buyer’s remorse, but hackers also use it to get you to throw caution to the wind, enter your credit card information, and click the buy button before you’ve really checked out the site. It’s OK to slow down and take a minute to make sure you trust the retailer on the other end.
  3. Beware of Phone Phishing Scams. I don’t know about you, but during the month of December, I am working to meet deadlines faster so I can have more time to bake cookies, attend parties, and savor the moments of peace and joy that are unique to this time of year. And all the while, I’m juggling phone calls and emails from clients. Normally, I don’t answer the phone if I don’t recognize a number, but I’ve occasionally broken my own rule, and there is usually someone on the other end trying to sell me something. They’re typically harmless telemarketers, but one time in particular I remember the person on the other end had an air of urgency and needed to verify me before he would even explain what the call was about. And when I say verify, he needed me to confirm my mother’s maiden name and the last 4 numbers of my social security number! When I refused, he tried to intimidate me with vague consequences that made me laugh out loud and hang up. Stay vigilant—this time of year scammers are counting on you juggling ten things at once and hoping you’ll have a momentary lapse in judgment.
  4. If You Must Work While Mobile, Be Extra Aware of The Risks. Many people wind up working during the holidays from hotels, airports, and anyplace that has free WiFi. But there are additional risks that come with working on-the-go, so be sure that you’re not using an unsecured network. Hackers will sit in coffee houses and lie in wait for unsuspecting victims who are tired, working against a deadline, and figure that using the free WiFi this one time won’t hurt. Trust us, it’s not worth it. A moment in lapsed judgment can wind up costing you thousands of dollars, and damage your professional reputation when you have to explain to clients how their information got leaked.
  5. Pay Attention to Your Server Activity. Server mining happens with more frequency during periods of shutdown, like holidays, when schools, businesses, and others are not using the majority of their server capacity. You’ll want to keep an eye on the activity level, and if it seems off to you, make sure to look into it right away. Buzz Cybersecurity offers Managed IT Services that can help with this.
  6. Keep You Updates Updated! The excitement of getting to see family, coupled with fast-approaching deadlines means that during the holidays, many companies and employees are more likely to put off patching until the beginning of the year, and hackers will look to take advantage of this. Updates and restarts are often seen as a frustrating barrier to getting out the door and often get overlooked, but take the time to audit. You know what they say about an ounce of prevention.
  7. Keep the Faith. As we celebrate the holidays, we want to encourage you to keep your faith in things above, and not in too-good-to-be-true sales and specials that make grandiose promises. If you get a nagging feeling that something isn’t right, don’t ignore that. At Buzz Cybersecurity, we like to think that we all have a built-in sense of discernment that helps to protect us when others would seek to harm us in some way. We encourage you to pay attention to that.

We hope you and your loved ones enjoy the happiest of holidays and stay safe. And if you want to have us run a diagnostic on how you’re doing with protecting your assets, contact us so we can help you to have peace of mind this holiday season.

Special Election Blog: Cybersecurity and the 2020 Elections

How real is the threat of election results being hacked?

As we’ve posted here on the Buzz Blog previously, cybersecurity is an ever-growing concern, especially since so many things have shifted to a remote setting since the COVID-19 pandemic hit earlier this year. And let’s be honest, it was an issue before your banker was servicing your account while the dog begs for a treat and her toddlers play on the carpet in the other room. The question though that is on the minds of many people is just how real the threat is in the context of the elections coming up. It’s impossible to accurately predict this with 100% certainty, but we’d like to take a look at some of the very real and valid concerns that people have.

To begin with, many people have questions about election security itself. How safe are the databases that store voters’ sensitive information? In 2016 it was confirmed by CBS News that the state election databases in Arizona and Illinois had been hacked. If that weren’t bad enough, at the Black Hat convention earlier that year, it was proven that voter smart cards could be used to vote multiple times. And when not all states are using a paper ballot verification system, this is concerning.

But how exactly does a voting machine get hacked? To start with, there are two types of voting machines: paper and electronic. And the problem with many electronic machines is that they are over a decade old. These machines were designed in a time when cyberattacks, while by no means unheard of, at the very least were less rampant. And the software, issued by companies like Microsoft, isn’t being updated. And because most voting machines don’t have firewalls to prevent unauthorized remote access, it’s not hard for an attacker in close proximity to target an attack with the intent of taking over the device.

We’ll talk about what can be done in light of these concerning revelations, but first, we’d be remiss if we didn’t take this opportunity to point out that cybercriminals also look to exploit the interest people take in the elections by flooding every available channel with malicious spam. Clickbait stories go out every day in emails with the hopes that people will unknowingly open and forward them, spreading malware. We’ve heard from people who had a check in their gut, but opened a suspicious email anyway and now regret it. The best advice we can give you here is that if something doesn’t feel right—pay attention to that. It’s better to double-check the source of a suspicious email and be safe.

Cybersecurity’s role in helping limit the risk of exposure

Most experts agree that election officials need to take a more revolutionized approach to prevent hacking and prevent being left behind as other industries move towards modernization and digitizing outdated infrastructure. A recent article by Security Magazine identifies 9 major election infrastructure components that are necessary in order for any election to be deemed secure, accurate, fair, and accessible:

  • Voter registration and database systems
  • Electronic poll book/onsite voter registration systems
  • Vote capture devices
  • Vote tally systems
  • Election night reporting systems
  • State and other county systems that process election data
  • Traditional and social media communication applications used for situational reporting
  • Vendor election equipment/service architectures

They also recommend that elections jurisdictions bring in a cybersecurity and advisory consulting team to assess whether there are any weaknesses in any of the above areas. Cybersecurity experts can more readily identify these areas because they are trained to know what patterns to look for. Doing so will reinforce the local elections jurisdictions to be able to pinpoint important security issues and target them for quick remediation, better understand how prepared they are to respond quickly to a security event, and be able to evaluate the strategic priority of using certain methods to reduce methods and frequency of attack.

The Bottom Line

Circling back to our original question: Can the elections be hacked? The answer is yes. There are definitely enough weak links in the system countrywide. And although a cyberattack is preventable, with the election being days away, it’s unlikely that steps will be taken between November 3rd at 7pm and the time that this blog goes to print.

If a prototype of an election cybersecurity program could be implemented, it should include precepts that would empower an election jurisdiction to pinpoint, isolate, and update any obsolete OSes on election business systems, as well as routinely conduct elections cyber-maturity assessments. Some experts advocate only using paper ballots.

The most important thing right now is to keep asking probing questions and continue to advocate for updated protocols and systematic approaches that will streamline the process and make attacks harder to succeed. While we have no doubt that these very attacks will continue to get more sophisticated and more frequent, we remain optimistic that continued vigilance and education will reduce the chances that elections will continue to be hacked.

Photo by Element5 Digital on Unsplash