Credit: oskar karlin
One of the best ways to understand your enemy what he's up to, what his capabilities are and how he can damage you is to spy on him.
And according to some cybercrime experts, one of the easier and more effective ways to do that is to hang out where the bad guys do on the Dark Web.
In a recent post on Dark Reading, Jason Polancich, founder and chief architect of SurfWatch Labs, asserted that, "most businesses already have all the tools on hand for starting a low-cost, high-return Dark Web intelligence operations within their own existing IT and cybersecurity teams."
Such a data mining operation, he wrote, could be up and running in a day.
It is widely known in IT circles that the Dark Web is a thriving cybercrime marketplace offering multiple exploits, hacking for hire, stolen personal data and intellectual property, spam and phishing campaigns, insider threats for hire and more.
It is also a relatively secure place for criminals to operate, thanks to randomness, anonymity and encryption.
But just because it is difficult to track criminals individually doesn't mean it is impossible to conduct surveillance on what they are doing. Polancich wrote that the Dark Web is the place to, "find out what may have been stolen or used against you and improve your overall security posture to close the infiltration hole."
Is it really that easy?
According to Kevin McAleavey, cofounder of the KNOS Project and a malware expert, "easy" may not be the right word. But "possible" definitely is.
"Can anyone do it? You bet," he said, "but only if you're willing to pay people to sit around and just surf. Most managers consider that wasting time' and it's often frowned upon, but it works really well."
He said that was one of the things he did in a previous job "follow the bad guys back to their cave so I could see what they were working on before they released it. But it was one of the most time-consuming parts of being ahead of the curve rather than under it."
Nicholas Albright, principal researcher, ThreatStream, agrees. "These networks seem obscure to many, but with a simple tutorial, anyone could be up and running in less time than it takes to watch an episode of Mr. Robot'," he said.
"The hardest part of monitoring is really learning where to look. Many of the sites on these obscure networks move locations or go offline periodically. However, once an individual has identified a handful of sites, they frequently lead to others."
He also agrees with McAleavey that it is labor-intensive, and does not always yield useful intelligence. On the "slow" days, "you might not see anything of value," he said. "Furthermore, this requires an analyst's fingers on keyboard. Deploying a 'tool' to do this job is not effective. Scraper bots are detected and regularly purged."
Sign up for MIS Asia eNewsletters.