The Dark Net is a hidden part of the internet that allows for anonymous browsing and communication. It is much larger than the surface web that is accessible through typical search engines. The Dark Net promotes anonymity and prevents censorship, but is also exploited for criminal activity like drug and weapons trading. It poses a threat as sensitive data from governments and businesses has been stolen and is available for sale on the Dark Net. Debates are ongoing on how to address security concerns while maintaining privacy, and whether businesses should play a role in investigating criminal networks on the Dark Net.

1. he‘Dark Net’is often described as the part of the
internet that none of us really gets to see.You can’t
browse the Dark Net through normal interaction
with the internet,such as using Google,Bing or
Yahoo searches.The Dark Net,or‘DeepWeb’,is thought to be
thousands of times larger than the internet most people
know,also known as the‘Clear Net’,or‘SurfaceWeb’.Experts
often use an iceberg analogy to describe it:if you imagine an
iceberg representing the total internet,we can all see the tip
of the iceberg above the water representing‘normal’internet
activity,while submerged lies a huge block of hidden activity
– the Dark Net.
The Dark Net is not only hidden;it is also anonymous.
Within the Dark Net both people browsing the web and
website publishers are anonymous,and this is the main
attraction for those who use it.In theory it is indeed
possible to track individuals on the Dark Net but it is very
difficult and requires a huge amount of resources.The end
result isn't always successful.
Perhaps the most popular route to accessing the Dark
Net is throughTor;free software originally created by the
US Navy for anonymous encrypted communication,and
modified over time following its release as open source in
2004.Tor prevents people from learning your location or
browsing habits by bouncing your communications
around a distributed network of relays run by volunteers
globally.It keeps the original location that the information
was sent from,and its destination,hidden.
The Dark Net promotes anonymity and defeats
censorship.According to theTor website,individuals use it
to keep websites from tracking them,or to connect to sites
and services blocked by their local internet providers,or for
socially sensitive communication.It saysTor allows users to
publish websites and other services without revealing the
location of those sites.Journalists useTor to communicate
more safely with whistleblowers and dissidents.Non-
governmental organisations (NGOs) useTor to allow their
workers to communicate while in a foreign country,
without notifying everybody nearby that they're working
with that organisation.
It’s also a place exploited by criminal groups to hide,
operate and trade with each other.It is home to illegal
activity of all kinds such as trading drugs,child pornography
and assassination markets.It’s where nation states are
alleged to sometimes use the attributes and technical
expertise of clandestine groups to carry out attacks on behalf
of governments,so that when those attacks are made the
true identity of the attacker is masked.
On the Dark Net sensitive information stolen through
cyber crime from both the public and private sectors
T
MOD DCB :: 13 May 2015 :: Vol 13 No 9 :: www.contracts.mod.uk18
F E A T U R E
19www.contracts.mod.uk :: Vol 13 No 9 :: 13 May 2015 :: MOD DCB
across the world is available for sale – data
belonging to governments and businesses,
data about personnel within governments
and businesses,data about citizens and data
relating to compromised accounts and
networks.This obviously presents a very real
problem for governments,organisations,
businesses and individuals across the globe.
Speaking at the recent CounterTerror
Expo conference in London,John Lyons,CEO,
International Cyber Security Protection
Alliance (ICSPA),said:“If you are a government
and you’re being attacked,the first real issue is
establishing what they are attacking.What are
they after?What have they taken? Are they still
in our systems? And the big Advanced
PersistentThreat (APT) question is:Who is
attacking us? So from a governmental point of
view dealing with APT is really key;but in the
beginning you have to clear up the mess that
has been left.
“Ifyou’reinbusinessandyou’retargetedby
DarkNetgroupsthenthechancesareyou’re
goingtobecompromised–ifyouhaven’tbeen
compromisedalready.MostChiefInformation
SecurityOfficersthatIknowtodaytaketheview
thattheirorganisationhas
beencompromisedandthat
thestepsthey’reputtingin
placearetofindoutwhathas
beencompromised,andifthe
badguysarestillinthere.”
There are ways for
governments and
businesses to fight back.
Groups such as the ICSPA
and its partners are capable
of looking at what is on the
Dark Net and then passing
that information back to those who have
been attacked.This allows targeted
businesses and governments to learn how
they have been compromised by showing
them the information that was trading on
the Dark Net;they can then take measures to
plug the vulnerabilities and deal with the
necessary mitigation issues.
There are potential complications,however.
In the UK laws such as the Computer Misuse
Act and the Regulation of Investigatory
Powers Act deal with the authorised
interception of communications.It may be
that information on the contents of the Dark
Net can only be gathered in a way that is not
consistent with UK law;if so,it would be
unusable as a means for prosecution,even if
the information is gathered in a country
where it is perfectly legal to do so.
Mr Lyons commented:“This is a crazy
situation,is it not?We have a Computer Misuse
Act in the UK,and other derivations of that in
various countries around the world,which is
supposed to protect us and put criminals
behind bars,but yet is working against our
ability to find out who is stealing from us.It
needs further debate.”
‘Crime-as-a-Service’is a growing concern
too.According to Mr Lyons,one group
operating on the Dark Net has built its own
‘vulnerability assessment engine’– a piece of
software that can scan millions of IP
addresses within a targeted range for ways
to compromise them.The scanning engine
takes all of the top ten vulnerabilities
identified by information and cyber security
experts at the SANS Institute and fills up a
database with all the networks and IP
addresses meeting the vulnerabilities you’re
seeking to exploit.
Mr Lyons explained:“I think the last result I
saw was in France – within two and a half
hours 17,600 compromised networks had been
identified.It’s a wonderful piece of kit,and the
kit itself is now up for sale,so you can image
where that is going.If we are to try and start to
win this battle,there’s one major issue that
needs to be addressed – the move to
encryption to provide greater levels of privacy
while allowing the bad guys to use those very
encrypted services against us.
“Governments can’t have it both ways.
We’ve spent the last 10-15 years telling
businesses and citizens to encrypt their
information.But you can only do that if
governments have a backdoor,because
otherwise how can we employ authorised
interception techniques in terms of
communications?”
Mr Lyons argues that another debate we
need to have is about the ability to deploy
security technical services into the Dark Net,
from a business cyber warfare point of view,
to attack the servers belonging to Dark Net
criminal groups to find out how they can be
compromised.Governments and law
enforcement agencies do not have the
capability to tackle the problem,which is
why governments have to employ the
business sector to carry out skilled
investigative work on their behalf.Mr Lyons
says what is required is cyber warfare,not
from a military point of view,but from a
business point of view.
He expanded:“There must be a mechanism
that we can put in place that has the authority
of government and law enforcement to enable
that type of work to take place,otherwise we
will continue to be victims.
“The problem now is that we’ve lost trust in
our security agencies,our intelligence agencies
and our governments.We don’t trust them with
our data anymore.Therefore when Google and
Facebook and the rest start to encrypt
communications to avoid the US Patriot Act
requirements of interception,everyone is
happy because it’s good for privacy.
“We would like to form a clearing house.
We’d like businesses and government to get
involved – the internet companies,ISPs,law
enforcement,the legal community,
prosecutors.I think if we were able to have a
couple of days locked away somewhere quiet,
we could probably come up with a set of
protocols and rules of engagement whereby
we could re-establish that trust;internet
companies could start to have faith in the
process of requesting authorised interception
and citizens would then start to become safer.
“We’ve got to deal with the Dark Net and the
issue of security versus privacy now,because
the problem is only going to get worse.”
A good communications interception
capability is important to those in counter
terrorism.Privacy is also important to citizens
and businesses.Finding a solution that
satisfies everyone’s aspiration for safety and
privacy will be challenging,but there is a role
to play for both business and government in
finding that solution and tackling cyber
crime on the Dark Net.
“This is a crazy situation.We have legislation
which is supposed to protect us and put
criminals behind bars, but yet is working against
our ability to find out who is stealing from us
on the Dark Net. It needs further debate”
– John Lyons,CEO,ICSPA
Further Information
For more information,visit
www.icspa.organd
www.counterterrorexpo.com
CounterTerror Expo:
shining a light on
the Dark Net
Cyber security and assessing the
escalating threat to government and
business posed by the‘Dark Net’were
issues discussed at the recent Counter
Terror Expo 2015 event in London.
MOD DCB features writer Paul Elliott
was there to listen to John Lyons,CEO,
International Cyber Security
Protection Alliance,and take a closer
look at the problems and challenges
presented by the Dark Net.