What is your brand worth?
You might not be aware that your brand could be exploited (beneath the Surface web) by cyber-criminals. They could be selling your company data, your software (at a fraction of the cost), selling customer’s stolen data, or any other creative endeavor they devise that could put your brand name at risk. Whether your company is in the top 500 or has a product or service that is hot today — no doubt, it will find it’s way into the underbelly of the Deepweb, and if it is not there yet — check back tomorrow, next week, or six months from now.
Deepweb brands frequently exploited
PayPal is an Internet payment service that performs payment processing (for a fee) and allows the secure transfer of funds between accounts. Amazon is a Fortune 100 company and the largest e-Commerce Internet-based company in the United States.Microsoft is a multinational corporation and worldwide leader in software services, devices, and solutions that help people and businesses realize their full potential.Adobe is a multinational computer software company that is changing the world through digital experiences. What do these four companies have in common?
All four brands are exceptionally popular on the Surface web and also exploited in Darknet marketplaces. Here are a few examples:
PayPal: You can buy a U.S. middleman account that includes email access and the answers to the account security questions for as little as 0.1300 BTC ($44.34 USD). These accounts are aged and verified with real transaction history which makes them perfect as cashout accounts. Each account includes the username, password, email, email password, address, credit card #, CVV, expiry, status, security A1, and security A2. The seller is level 4 with a feedback rating of 99.4 percent and has made 1,932 sales in the Evolution marketplace. He recommends that all buyers build up some IP and cookie history prior to making any purchases with the stolen account.
Amazon: If you need receipts, you can purchase an Amazon receipt generator (downloadable .exe digital file) for 0.0147 BTC ($5.01 USD). You are probably wondering what is that for? Well, it is great for social engineering, free refunds, and deliveries. This item is sold by a very popular level 5 seller with a feedback rating of 99.2 percent and who has made 5,498 sales at the time of this writing.
Microsoft: You can purchase Microsoft Windows 7 Home Premium + Ultimate 32/64 Bit SP1 (pre-activated) for 0.0146 ($4.98 USD). This item is sold by a popular level 4 seller with a feedback rating of 99.8 percent and who has made 4,718 sales at the time of this writing.
Adobe: You can also purchase an Adobe Creative Suite 6 Master Collection that currently retails at the Adobe Store for $12,329.09 (USD) for 0.0147 BTC ($5.01 USD). This item is sold by another popular level 4 seller with a feedback rating of 99.8 percent and who has made 5,498 sales at the time of this writing.
Lately, I’ve been spending quite a bit of time beneath the Surface web delving into Deepweb territory, in a fascinating exploration of Darknets (including Onionland) and some of the marketplaces. The Deepweb is often referred to as the Darkweb, and also referenced as the Invisible web or the Undernet. Since the underbelly of the Deepweb cannot be indexed by major search engines such as Google, Yahoo, and Bing, you need special software to access it.
Traditional search engines (listed above) can only see approximately 0.03 percent of the entire Internet. Many experts have estimated that it is 500 times the size of the Surface web. Where is the other 97 percent? Since the vast majority of the web is located in the Deepweb and cannot be indexed by traditional search engines — we may never know its actual size. In the whitepaper: Understanding the Deep Web (Rabia Iffat, Lalita K. Sami), the following are the differences between the Surface Web and Deep Web and is considered the holy grail of Deepweb information (Bergman, 2001):
- Public information on the Deep Web is currently 400-550 times larger than the commonly-defined World Wide Web.
- The Deep Web contains 7,500 terabytes of information, compared to 19 on the Surface Web.
- Deep Web contains nearly 550 billion individual documents compared to one billion on the Surface Web.
- More than 200,000 Deep Web sites presently exist.
- Total quality of the Deep Web is 1,000 to 2,000 times greater than that of the Surface Web.
There is also a cornucopia of users down under: activists, buyers, arms dealers, assassins, astronomers, data miners, drug dealers, feds, fraudsters, hacktivists, kidnappers, researchers, sellers, whistleblowers and the like. The Deepweb can be creepy and at the same time exhilarating. Some Darknet locations are offensive and unsavory, while other Darknet cubbyholes tend to entrance and bait the curious ones. Be forewarned — the Deepweb can become addictive.
I selected TOR to explore the Deepweb because I am overly familiar with this particular software, (having initially played with an exit node years ago). I also use a VPN (because of my concern with eavesdroppers) and because my VPN provider does not keep logs. I wanted to be sure that there would be no identifiable data retention from my ISP, the government, or hackers. I also wanted to be able to conduct research in this area without fear of getting doxxed. I decided to concentrate on one popular marketplace (Evolution), and four brands (Microsoft, Adobe, Amazon, and PayPal) for this excursion into the Deepweb. I also needed a Deepweb search engine for locating products and services — I selected Grams, otherwise known as the Google of the Darknet.
It’s a given that there will be black-market software for sale (Adobe, Microsoft, etc), and this might be a good topic for enterprises to also keep a close eye on underground markets. Companies often get so buried in the Surface web that they tend to forget there is an entire Deepweb that may include hacks (such as credit cards, user accounts, software, etc) that are being sold on the black market. It’s deep. It’s dark. It can hold secrets. But, in a surveilled world — people who desire anonymity, privacy, and respite from government surveillance and online tracking, may find the Deepweb rather appealing.
You should never underestimate the power of the Deepweb. Just because it is hidden, does not mean that your products, services, or affected user base is invisible. You need to take the same actions against cyber-crime that you take on the Surface web, but with a different twist. Get your experts from the IT, IS, Infosec, Networking or fraud department down into the bowels of the Deepweb, and give them plenty of bitcoin to play with.
Follow your brand and play Deepweb
Whether your brand is on the Surface web or the Deepweb, you need to keep a close eye on your brand on both webs. Is someone selling your software at a fraction of the cost and wrapping the installer in malware and Trojans? Are they selling your customer’s stolen data accounts — what actions do you need to take to stymie the flow of identity theft or financial loss to the account holder?
What can you do?
Purchase your software and reverse-engineer the applications. Purchase the user accounts that are being sold and protect your user-base. It’s a whole different ballgame down yonder and you need to pay attention to the Deepweb and how your brand operates beneath the Surface web, because the Deepweb blackmarket is not going to go away.
To know your Enemy, you must become your Enemy. — Sun Tzu
Index of Terms:
- Deepweb [also referenced as the Darkweb, Invisible web, Deepnet, Hidden web, and Undernet]: Content that is non-indexed and non-accessible by main search engines [Google, Bing, and Yahoo].
- Darknet: Anonymous cubbyholes that are recessed in the Deepweb.Darknets require special software (TOR), and cannot be accessed via a regular browser. Top level domains in the Tor Onion Router Network are hosted with a .onion suffix. Other Darknets include I2P, Freenet, and GNUnet.
- Surface web [also referenced as the visible web, indexable web, or Clearnet] : The visible web that is indexable by major search engines such as Google, Bing, and Yahoo.
- Bitcoin [BTC]: Unregulated and decentralized (anonymous) digital currency that serves the same purpose as conventional money.
- Cashout account [PayPal]:Using a service such as LocalBitcoins, you can find sellers that are accepting PayPal for Bitcoin.
- Black-market: Underground economy where goods or services are traded illegally.
This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. To learn more about tech news and analysis visit TechPageOne. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.