It’s a bit of a nightmare scenario for a business, born of watching too many crime thrillers: a criminal syndicate hacks into their systems, wreaking havoc and stealing all their data, while also destroying that company’s reputation. Is this scenario a fantasy? To a point, yes—but not so much as you might think.
Let’s discuss the concept of a gig economy for hackers, and how the dark web has been used to help facilitate it.
First and Foremost: Understanding the Gig Economy
Before we dive into our discussion about the dark web, it will help to have an appreciation for what the “gig economy” is.
The “gig economy” is the presence of a large number of people working part-time in temporary positions or as independent contractors, either as their primary source of income or as a means of supplementing what their other job (or jobs) provide. The Internet and its capabilities have greatly benefitted the development of the gig economy—particularly amongst many of the younger generations living in urban areas.
Businesses and the workforce alike have benefitted through the development of the gig economy, businesses by expanding their pool of available resources without committing to a new full-time hire, and workers by giving them the opportunity to supplement their existing income while providing them with a more flexible lifestyle.
This new means of work has brought some serious benefits as well as some drawbacks—but that’s a discussion for another time. For our purposes today, all we need to acknowledge is that people are increasingly seeking out work opportunities—and, for that matter, seeking out people to perform this kind of work—online.
Unfortunately, this includes cybercriminals and those who are seeking out the services they can offer. For these individuals to do so, however, they must turn to the notorious dark web.
Is the Dark Web Really So “Dark?”
Okay, so to make sense of the dark web, we have to take a look at how the Internet is constructed. The different pages and locations that create the Internet as we know it can be classified into three distinct categories:
- The Surface Web: This is the part of the Internet that most people are familiar with and associate with the Internet in general. Composed of all websites and pages that have been indexed by a search engine (and can therefore be found through these search engines), the surface web is anything that is openly accessible via the Internet.
- The Deep Web: The deep web is the next layer down, and includes all the pages that require a login or some kind of payment before they can be accessed, along with a user’s data on a website or platform. This data is not indexed, meaning that search engines cannot crawl or index it. This is the vast majority of the Internet today.
- The Dark Web: Finally, the dark web is the portion of the Internet that is inaccessible to a typical browser, only available via the Tor browser. As such, activity here cannot be traced or tracked, making the experience anonymous—and therefore, ideal for cybercriminal activity (amongst many other uses, of course). Due to its anonymity, the dark web operates on secrecy and cryptocurrency.
It is this final point that makes the dark web the marketplace for cybercriminals that it is today: the fact that anonymous browsing and cryptocurrency can be used to buy and sell someone’s services anonymously.
A Dark Web Gig Example
Let’s say that your company has an enemy—it could be a competitor, a disgruntled ex-employee with a grudge, a dissatisfied client with an axe to grind, anyone who might wish you ill—and that enemy is committed to seeing you hurt. What options does that enemy have?
Well, with the reality of the dark web, that enemy could presumably go to an anonymous hacker forum and request that someone take down your business’ website for a fee. Maybe they offer a thousand dollars or so for it, and a cybercriminal with some time to kill can decide to make themselves some cash.
This isn’t a complete hypothesis, either. Dark web forums have shown more than 80 million messages appearing from eight million users that are seeking out these services, while hackers are using these platforms to market themselves and their abilities.
- 90 percent of these posts are from those seeking out hacking and cyberattack services
- 7 percent of these posts are from hackers seeking out jobs
- 2 percent of these posts are meant to encourage the sale of hacking tools
- 1 percent of these posts are to encourage people to network with each other
These services can be very specialized, with different voices present on the platform to help people get into websites and others to help people use this access once they get it.
Data Can Fetch a Pretty Penny
Naturally, we can’t discuss the cybercriminal propensity that the dark web can bring without also talking about the value that stolen data has there. Hacked databases can bring the hacker up to $20,000, with every 1,000 entries netting them $50.
How Big of a Risk is This to the Average Business?
For the small to medium-sized business, it can be hard to gauge the threat that the dark web poses to them—particularly from the scenario that we presented above. While the dark web is more accessible than ever before, it is still far less than well-known… and most who know it only know it as a ghost story or as a crime show buzzword.
However, as the dark web slowly becomes more mainstream, it will only become a bigger threat than it already is. Furthermore, it is still the primary marketplace for stolen data, credentials, and other stolen information. You may already have stolen data up for sale, completely unaware of its presence.
To avoid this from happening any further, there are a few steps that need to be taken now and established as habits in every business:
Whether something is based in a business’ internal network or through a web application, a hacker can make use of any vulnerabilities to get into your operations. Ensuring that all of your resources and technology—including your website—are properly reinforced against threats will help to minimize the opportunities that hackers have to get in. This will help protect your business and the data that it holds.
A lot of serious security issues can come around via a cybercriminal taking advantage of you or your employees. As such, you and your team need to keep threats like phishing in mind and be sure to avoid the attacks that your business could (and at some point, will) face.
Finally, your security-focused behaviors can not and should not let up. Hackers will not hesitate to jump on companies that have been seen to have substandard security protections, so it behooves you to keep up with those updates and best practices, too.
There are many, many ways that we can help you with all this. For more assistance, reach out to Nexela at (215) 525-3223 today.