The dark web is an increasingly lawless place where cybercriminals trade hacks, passwords, and stolen corporate data. While international regulation was sought to stamp out such practices, the online environment that allowed the Internet to spread so widely and so quickly has also allowed the dark web to stretch even further, and carve out new places to hide and operate from.
As the Nigerian economy expands, and more multinational businesses move into the region, the country’s ever-increasing cybercrime statistics are a key concern. The Cyber Security Experts Association of Nigeria (CSEAN) has gone as far as to state that the Nigerian government is ill prepared to face cybercrime in 2017 and beyond.
Secure VPN solution-Your online privacy solution
In this era of fast moving technological innovations and development, one area that has lag and yet unable to match feet with the pace is online security and anonymity. Though we have opportunity to go online while on the move, we don’t have surety just how secure we are. An old proverb fits well here, Prevention is better than cure. You should take preventive measures before it’s too late. In this article our focus would be VPN and online security and anonymity. While I was surfing the internet, I came across many interesting websites that have been offering remote VPN accounts, they are for your sure security and anonymity online with a price tag equals that of an anti-virus license. Let me explain how it works and what is needed on your part to get a VPN. Create Your Own VPN on Any Device in 5 Minutes – ServerMania, the network you connect to will only see the connection established between your computer and your ServerMania server. This connection is encrypted, and the local network won’t have any idea what sites you are accessing.
The VPN providers have setup remote servers at various locations worldwide in various data centers. They may be at diversified locations like USA, UK, Canada, Germany etc. On the server side generally if Windows they may be using built-in RRAS (Remote routing Access) that is configured to route (or NAT) your connection to the other side (Public Address on Internet) while you get a private address from a predefined pool in there. There could principally three flavors, namely Shared IP, Dynamically Shared IP and Dedicated IP. A shared IP or a static shared IP means every time you connect (dial their server) you get similar IP address. Dynamic shared IP means every time you connect you get a different IP (from a pool of Public IP addresses, may be /24 or /25 or other). Whereas a dedicated IP would mean you will get a similar IP every time you connect but that is not shared with anyone else. In short static shared IP address is more like an open-proxy as it begin used by more than one person at a time, dynamic shared IP is not much like proxy, its concept could be understood by thinking its IP allocation as that in ADSL. Dedicated IP, as name suggests, gives you a unique IP that is solely yours and there is no point in any kind of trouble like Black listed IP, UCE listings. You should first check IP status before going to get a dedicated IP.
The so-called dark web, buried in the deep web, utilises a different protocol and is not indexed by mainstream search engines. Users go about their business anonymously, their locations protected by encryption and a host of privacy features baked into the free and readily available Tor browser, which is the most common way of accessing it. This makes it a paradise for cybercriminals. Dark web threats loom in today’s complex, ever changing environment, for companies all over the world. To shore up their own cyber defences, CIOs need to take a more proactive approach to monitoring threats in its hidden depths.
Exposing these illicit transactions is almost impossible as many take place in invitation-only forums and are authenticated to stop anyone tracking them. However, it seems that even the dark web is not invincible when it comes to vulnerabilities. The hack of Freedom Hosting II, the largest host of dark websites, shows that there are holes in the deepest abyss of the Internet.
According to a Palo Alto Networks report (2016), the Nigeria 419 cybercrime gangs specialise in using advanced malware tools common with sophisticated criminals and espionage groups. To illustrate the threat that cybercrime poses to Nigerian individuals and businesses, the Leadership.ng (2016) reported that Nigeria loses nearly half-a-billion dollars to cybercrime annually. The publication also predicted that in 2017, five categories of cybercrime would dominate the country: the CEO email scam, ransomware, assisted online kidnapping, cyber bullying, and impersonation.
In addition, Alphabay, reputably the biggest dark web market place, recently issued a statement on Pastebin confirming that it had rewarded a hacker after they had found bugs that had enabled them to steal 218,000 unencrypted messages between buyers and sellers. This hack highlights the scale of business being done on the dark web and underlines why CIOs need to understand its dangers and minimise their organizations’ exposure.
It could be argued that these vulnerabilities in the dark web makes it easier for ethical hackers to get a better view of what data sits where, while making the dark web a more dangerous place for cybercriminals to operate. In this case stolen data, which included names and addresses, were handed over to law enforcement agencies, but only a minute percentage of stolen data is handled responsibly.
Take Yahoo, for example. Data from a breach involving one billion Yahoo accounts back in 2013, which the company only went public about last year, is still being openly sold on the dark web. The stolen data for sale includes personal data including names and birth dates.
“CIOs are beginning to understand that a more proactive approach must be taken to protecting their organisations from cyber crime, which includes scanning the dark web for threats,” explains Wale Ogunyemi, Senior Solution Architect for Orange Business Services’ West Africa Business Unit. “However, due to the make-up of dealings and the trust required between buyers and sellers on the dark web, human intelligence is essential in monitoring the dark web – automated tools alone are not enough.”
Granted, monitoring the dark web is an enormous task. It requires a global team of cyber experts to analyse massive volumes of data and linguists who can impersonate cybercriminals to gain their trust.
Threat monitoring the dark web gives CIOs intelligence that can act as an early warning system. It can uncover, for example, if cybercriminals are planning an attack, so the organisation can pre-empt a breach and take immediate action to protect their digital identities and servers.
One of the biggest threats of the dark web is that dissatisfied employees can use it to sell their services to cybercriminals, according to Avivah Litan, VP distinguished analyst at Gartner. A report by RedOwl and InSights claims that the active recruitment of insiders in the dark web is growing fast, with insider outreach going up nearly 50 percent from 2015 to 2016.
The report maintains that the dark web has created an active market for employees to easily monetise insider access. It says that sophisticated cybercriminals are using the dark web to find and engage insiders to help them get malware over organisation’s perimeter security and trigger it.
Gartner’s Litan says that its clients blame the ease in which discontented employees can download the Tor browser and log into the dark web. Litan accepts that insider threats are a sensitive issue and that companies do not want pry and encroach on employee privacy, but at the same time must protect their business assets. “Organisations must be the judge of how high their risks are and how far they need to go fighting it,” she says.
The RedOwl and Insights report recommends that enterprises “create, train and enforce consistent security policies while protecting employee privacy”. This includes making sure employees and contractors understand penalties involved in insider action on the dark web.
The dark web provides a rich source of cyber threat intelligence for any CIO looking to bolster their cyber defences. By monitoring its inner workings, organisations can find out what data or IP may has been stolen, or leaked by insiders to use against them.
Tor, however, has made no secret of the fact it is doing more to safeguard its users this year, making the dark web even more difficult to penetrate. This will include sandboxing Tor at the application level and investigating the use of quantum computing.
“There isn’t an organisation out there who can claim it will never be compromised. Threat detection is paramount. If CIOs know what they are up against, they can take the appropriate steps to protect their organisations,” concludes Ogunyemi. Having an ear to what is being discussed in the chambers of the dark web is invaluable in the war against cybercrime.
SOURCE :The Nigerian Voice (local news)