A CISO’s nightmare: Your engineering manager comes to you with a source code listing one of his engineers found on Git. It’s identical to your company’s proprietary SCADA code your clients rely on to ensure infrastructure availability, but missing the copyright statements you use as company policy.
Later in the day, a technical sales lead shows you a company presentation marked ‘Proprietary & Confidential’ that he found posted on a popular file-sharing site. Finally, the HR manager is very concerned because employees have been increasingly reporting that they are receiving suspicious emails at their company address containing details that should be private. Your data is leaking, and you are only finding out about it when it’s arrived at the open Internet. Where did this stuff come from? Who is responsible for the leaks? Where has the data traveled since its departure? LemonFish Technologies has unique capabilities and expertise to answer these questions – and more often than not, they point to the mesh of anonymized networks and protocols known as the “Dark Web.”
What is the “Dark Web” actually?
As with any controversial, frequently changing and non-standardized community, it is impossible to pin a persistently accurate definition on an entity like the Dark Web. Some sufficient conditions seem to be:
These characteristics of the Dark Web make it an ideal place to initiate a data breach’s public lifecycle. There are two broad, non-mutually-exclusive categories behind most breaches: monetary gain and notoriety. Both of these require the quality of “not getting caught,” which the Dark Web enables by its very nature.
Despite these bad actors, there are many uses of the Dark Web that have no nefarious component to them – it is an important community resource for marginalized populations such as dissidents of repressive governments. It is also a valuable platform for whistle-blowers to bring illegal activities to light with less fear of reprisals. Unlike many “all-or-nothing” cyber security providers, LemonFish appreciates this distinction and incorporates ethical behavior within the Dark ecosystem into our analysis.
Data Breach on the Dark Web
So how do data thieves use these Dark technologies, and how can this knowledge be employed to reduce the time to discovery of breaches? From detecting and observing examples of data breaches across diverse industries, LemonFish has come to some conclusions:
How Would I Get to the Dark Web?The largest Dark network in the world is based on The Onion Router (Tor) technology. This network relies on passing communications across multiple ‘hops’ between requestors, relays and providers, just like the Internet. The key difference is that each hop in the communication is cryptographically protected from any of the other hops. Paths are negotiated and encrypted in a way that assures software can only decrypt and understand enough of the message to pass it to the next point. The primary user-facing client on this network is the TorBrowser, a variant of Firefox that knows how to use this protocol and also has much stricter default privacy settings than vanilla Firefox.
Understanding the Dark Web’s role in the lifecycle of a data breach is key to taking the correct steps in early detection of a breach. This in turn allows the affected parties to coordinate appropriate security, legal and public relations responses well before the all-too-usual “caught unawares” situation. LemonFish Technologies is uniquely positioned to address Dark Web data breach detection with a combination of advanced technologies, analytic practices and domain knowledge. Talk to us about helping you build a better defense against data breach and creating a ready response to when it happens to you.