“When the NSA can’t find something, they use Google,” says Cary Moore, CFE, CISSP, Associate Partner for the IBM Red Team. In the session, “Shining a Light on the Dark Web,” Moore delved into what can be found on the three different levels of the web: the Open, the Deep and Dark Web. As the chances for cyberthreats increase with today’s digital culture, so will the demand for anti-fraud professionals with the skillset to prevent the risks and investigate the avenues cybercriminals use to defraud their victims.

The Surface Web (the Open Web) is the unencrypted, searchable space on the internet. Searching for cat videos and movie times is where this level of the web falls. The Deep Web is the space on the internet that requires credentials. These sites include entities like financial institutions, retail sites and utility providers. Most importantly, the Deep Web also includes, “everything that hides in plain view,” says Moore. Beyond paying your water bill and checking your back account, Google provides interesting results with a few key searches. For example, when you create a Facebook account, Twitter account or any social media profile, you receive an identification number. By searching with an individual’s profile number, the search results can find troves of information relating to a subject’s personal life.

The Dark Web is defined by WIRED as, ‘a collection of thousands of websites that use anonymity tools like The Onion Router (TOR) and Invisible Internet Project (I2P) to hide their IP address.’ TOR was originally created by the U.S. Navy Research Lab with the purpose of protecting U.S. intelligence communications online but was released to the public in 2004. It is now funded by the Electronic Frontier Foundation (EFF) to continue protecting public privacy online. TOR bounces from multiple computers and routers in order to produce the “layers” of anonymity. These layers obscure the original user. Hence, The Onion Router.

The Dark Web offers anonymity with security as a concern. Because of the anonymity, there
are vast options for fraudulent businesses to prosper. Credit card information, drugs, hitman services and even people are sold on the Dark Web. Data breaches in which cybercriminals steal millions of credit cards and data files, end up for purchase; skimmed credit card information makes an appearance as well. Stolen information may even be sold with a buy-back guarantee.

Understanding the different risks of the Open, Deep and Dark Webs is key to protecting your organization from malicious cyberattacks. Before placing anything online, Moore recommends having security and controls in place. Audit your security measures and adapt them to deal with the threats lurking in the depths of the web.