Break free from the dark web

Discovering your company’s financial data up for sale on the dark web is the stuff of nightmares. Don’t worry, there are still things you can do, says Phil Chambers

Dark web trading rooms are open 24-7. They can materialise and sell off high-value financial data, then vanish. But there are opportunities for businesses to find their stolen information and beat the criminals at their own game.

If your computer system is hacked, there is a good chance that any saleable data will find its way to dark web, where anonymous individuals pay for illegal goods and services using an equally anonymous cryptocurrency such as Bitcoin. That is why FDs and c-suite executives should view the dark web as a tool in their risk management and loss prevention plans, not as a ridge of despair. It helps to understand how the dark web works.

The invisible internet
Released into the world by the US government, the dark web offers users complete anonymity in a world of untraceable websites. Its back rooms, chat rooms, data dumping grounds, trading spaces and marketplaces can’t be found by any publicly available search engine.

A world of worlds
The dark web is not an exclusively criminal underworld. Alongside the stolen information, drugs, weapons and illicit content, there are whistle-blowers, activists, idlers and people who simply want a private space in which to exercise the sort of freedoms many of us take for granted.

A marketplace for financial data
Credit rating agency Equifax estimates that around 40 per cent of the illegal activity on the dark web is financial data. And a Financial Services Threat Landscape Report suggests that the volume of such data is growing by 135 per cent year on year. This highly prized data can be sold or used in phishing attacks and is a key building block in identity theft. Where so-called hacktivists are involved, company reputation may be the primary target.

High risk of infection
Companies that hunt the dark web themselves potentially expose their high-value data to malware that resists removal. If you don’t know what you’re doing, it’s best not to do it.

SME Publications/ SME XPO 2024

Distribution can be stopped or delayed
Financial data tends to be held in tightly controlled areas that can’t be accessed by bots or crawlers. Human analysts can go deep into these rooms to remove the data – although this is not always possible. They can also delay its sale by creating uncertainty about the authenticity of the information or the vendor, buying a company valuable time to act.

Clean financial data moves fast…
Parts of the dark web are home to organised crime groups with clear decision-making structures and established pathways for buying hackers’ services and selling stolen goods. They often employ “miners” to extract information such as passwords or bank account details, hidden within data strings. Money specialists (the dark web equivalent of FDs) then find the best way to leverage this data. The National Cyber Security Centre report Cyber Crime: understanding the online business model makes sobering reading.

…but lags can be an opportunity for companies to limit damage
Vendors generally release taster-sized portions of data to see who “bites”. The price might be contested or competed, a buyer might get cold feet, or there could be a delay while data is cleaned or matched with information from a previous breach. Such delays are an opportunity for analysts to retrieve or neutralise stolen company data.

A mine of information
The dark web is a source of valuable information that can help you shape your response to a breach. Only when you know exactly what data has been stolen, can you put appropriate measures in place to contain financial losses and reputational damage and limit any fines imposed by the Information Commissioner’s Office. It’s never too late.

Phil Chambers is chief operating officer at Metro Communications, which specialises in IT and telecommunications services, including cyber security solutions.

SME Publications/ SME XPO 2024