As cyber-crime activity continues to grab global headlines with dating services, production companies, and even governments getting hacked, the industry and society as a whole should collectively work towards better understanding of the Dark Web, the side of the Internet behind the typical web browsers consumers use every day. While the majority of global consumers may not routinely find themselves on the Dark Web, the reality is that it's fairly easy to access, and putting companies at risk on a daily basis.
“The Onion Router” (Tor) is a network that connects directly to the Dark Web, and enables anonymous communications by letting users jump through relay nodes via multiple IP addresses. This anonymous communication is incredibly valuable for worthy causes such as: journalists uncovering stories, government officials exchanging intelligence, or even law enforcement officials trying to track predators. However, it also opens doors to stealthy hackers looking to launch a cyber-attack or share details with other cyber-criminals on how to hack a certain organisation.
In fact, the 3Q 2015 IBM X-Force Threat Intelligence Quarterly Report released in August, showed the growing dangers of cyber-attacks originating from the Dark Web through the use of the Tor network/browser. The report found that so far in 2015 more than 600,000 malicious events originated from Tor around the world. The United States lead with more than 150,000 malicious events, while countries including Romania, France, and Luxembourg, have each seen more than 50,000 malicious events originating from Tor in 2015.
The growing popularity of Tor represents a troubling problem for enterprises. Employees may be tempted to download the Tor browser to find out what they can discover on the Dark Web – even for non-malicious reasons. However, if an employee activates a Tor browser on an enterprise network, it not only puts the company at risk for a malicious attack that can compromise confidential corporate data, but in some instances the organisation can be held legally liable for data or illicit or malicious content that comes through that Tor node.
Companies need to understand that the Dark Web is easier to find than they think and take the necessary steps to help protect themselves from potential threats and liability concerns. To do so, organisations should:
1. Develop a comprehensive corporate policy for the acceptable use of networks such as Tor. If your industry requires the use of Tor-like networks – journalists, law enforcement, cyber-security professionals – make sure that there is a complete corporate policy in place so employees understand how and when they can access these networks. Not every employee in the company will need this access, so having a policy in place with limited approvals can lower the risk of threat and make it easier to track activity.
2. Configure corporate networks to deny access to anonymous proxies or anonymisation services such as Tor. There are only a few business-centric instances that may require access to the Dark Web. However, most organisations do not need to have access so networks should be set up to deny any access.
3. Warn all employees that accessing prohibited websites could result in disciplinary action. It's important that all employees understand the threats that come with connecting to the Dark Web through networks like Tor. They should also understand the consequences that may occur if they access a stealth network on a corporate device. By doing so, employees are educated about the dangers and are less likely to put their company as well as their role inside an organisation at risk.
Contributed by Julian Meyrick, vice president, IBM Security Europe