Grant McGregor Blog

Going to The Darkside?

Written by the Grant McGregor Team | Jul 22, 2019 9:45:33 AM

The internet has become an integral part of most people’s lives to the point that it’s hard to imagine a time when it didn’t exist - assuming you’re old enough to remember that it really hasn’t been around forever.

Some of us remember when you always relayed a web address with “www dot” at the start. Now you don’t have to do that which is a good thing as it always struck me as odd that “www dot” was used as a verbal abbreviation when it has more syllables than “world wide web”.

Whatever your age, it’s likely that it would take some serious re-thinking and adjustment to adapt to life without it if someone were to pull the plug on the whole thing tomorrow.

The fact that it has become so intrinsic in our lives does split opinion, however.

On the one hand we have all of knowledge at our fingertips - in seconds, access to unlimited art and music, new ways to do business (whole new kinds of business, in fact), the ability to share experiences instantly with friends and loved-ones wherever they are in the world, more choice and…errrm…eBay!

I could go on.

On the other hand, is likely the reverse of all the above. And more.

I tend to lean towards the positive (though sometimes sit firmly on the fence) and refer to it as ‘our most brilliant mistake.’

However, in that middle ground there are things like this which might really sum the whole thing up…

 

Google hasn’t always been a verb but a quick use of it (other search engines are available) reveals that over half of the World’s population now has access to the internet, around 100,000 domains are registered each day and nearly 2 billion websites are thought to be currently available.

Assuming those numbers don’t come from Mr. Lincoln, that’s mind-boggling stuff. Especially when you consider that most of us probably only really use a small number of websites day to day. Arguably a decreasing number as the big players get their fingers into more areas. Examples being Amazon selling food and Facebook deciding to create its own currency.

But did you realise there’s more than one internet?

Most of what I’ve referred to is known as the public internet. The sites that you can find via search engines and is the one we love (or not), use every day and are familiar with.

Then there’s the Deep Web. This isn’t really anything scary; more like a private internet that you can access with your usual browser as long as you know the web address. These are web pages that are out of reach of the likes of Google for privacy or confidentiality purposes or perhaps a network maintained by a legitimate streaming service. Obviously, the search engines won’t be signing up for a monthly subscription to access the catalogue of such things!

Then there is the Darknet.

This is probably best described as the Wild-West of the internet and sits anonymously beneath the regular internet. It’s the anonymity that makes it a dangerous place.

You need special tools and bravado to get to this place plus a big spoonful of skills. If you only have the first two, you’re in for a lot of trouble and it’s certainly not recommended, whatever your technical ability.

The most well-known gateway to the Darknet is probably the freely available Tor browser (bizarrely based on technology funded by the Federal Government of the United States through the Office of Naval Research) which will allow you to access the regular internet but, via complex encryption and re-routing of connections, will also give you the ability to rub shoulders with those engaged in drugs, illegal weapons, paedophilia, human trafficking etc.

You’ll also be in the playground of serious, international organised crime and casual hackers who can buy sophisticated, commodity malware tools ‘off the shelf’ that allow even those with a small amount of knowledge to launch damaging ransomware and other attacks on businesses or individuals.

You know those stories you read in the news about big organisations suffering data breaches? Well, the same thing happens to an increasing number of small businesses it’s just they don’t make the news or go unnoticed.

When a breach happens, a criminal individual or group have managed to hack into an organisation with the sole intent of grabbing whatever data they can (although sometimes they’re after something specific). Once in, it’s like a supermarket sweep as they’ll download whatever they can and then take the time to sort through the spoils, usually without trace thanks to the anonymity the Darknet affords them.

The result of the breach is usually the same however large or small the organisation is. That data goes up for sale on the Darknet, sometimes to the highest bidder - much like eBay.

This data can be anything from credit card numbers or banking details through to personal information like dates of birth and addresses. Frequently it includes usernames and passwords for the website in question which can be used to either directly steal money or identities or to start the process of gathering information until there is enough gathered for a serious, valid-looking phishing attack.

When was the last time you got a message to say your username and password had been compromised? Ah – you probably have had that message but here’s the news…it was likely fake and an attempt to get you to give them away willingly.

Is it really a big deal if someone has your ASOS or Cineworld password?

Yes, because if you’re like most people you’ll use the same password for everything including your email and that’s the one these criminals really want because that’s the gateway to everything.

If it’s a business email the bad guys can now potentially access company data and pretend to be you inside and out of your organisation. If it’s a personal email address, it’s still happy days for them because they can now go to every website they like and hit that lovely “forgot password” button in the hope you have an account there. As they have access to your email account to get the password reset link, they then get access to everything you know, love and use daily whilst you no longer can because they’ve changed the password and locked you out.

Once in, they’ll have access to all sorts of information about you which could include financial or sensitive personal information.

So, what’s the best way to stop your credentials ending up on sale for the purposes of crime?

Here’s 4 simple guidelines.

1) Use a complex password and not something easily guessed. (Your children’s or pet’s names or football team are easy to find out via social media).

2) Don’t use the same password across every website and app you use.

3) Use a password manager to generate and store complex passwords for every website and app you use meaning you only must remember a single, master password (make it a complex one!)

4) Best of all, use two-factor authentication, also known as 2FA. This usually involves getting a code sent to your mobile phone that is required if anyone tries to access your accounts or change a password.

Your credentials for various websites or apps may already be up for sale on the Darknet without you even knowing about it and, once someone has their hands on one, they’ll usually work out any variations you may use elsewhere. Once your preferred password format is known they can either make an educated guess or use freely available tools that generate thousands of variations on a theme and subsequent, automated attempts to log in until they get what they want.

There are ways to find out if your details are present on the Darknet, but prevention is definitely better than cure in this instance and the guidelines above will go a long way to keeping you safe online.

I hope this article has been of interest and use to you.

Andy Moloney
Commercial Manager at Grant McGregor
Andy.moloney@grantmcgregor.co.uk
0131 603 7912