Cyber Attacks, Terrorists and The Dark Web | Cyber Sentinel EP004

What is the Dark Web?

- If you're not familiar with Dark Web, Dark Web is kinda this secured area on the internet that you have to use tools like something called TOR, which is the onion router, to go in and access these sites in an anonymous way. And so, the Dark Web is a place where there's all kinds of things for sale, information, you can buy credit cards, you can buy personal records, you can buy information to use for doing IRS tax refund scams, all of the malware virus toolkits, rootkit toolkits, all that good stuff is for sale on the Dark Web. So anyway, there's a site called the Wall Street Market. It was taken down, primarily in Germany. A lot of people's houses got raided over this. So, some of the interesting stuff that came out of this article, on this one site on the Dark Web, there were 5400 sellers, so people offering up information and tools for sale on that, 1.1 million customer accounts had been created on this site for buyers, and there were about 63000 items open for sale at the time that they were able to take this thing offline. So, that kinda gives you an example of the scale of what's out there in the Dark Web. Most people would love for their, most small businesses would love for their website, their online store to have those kinda numbers for their legitimate goods, as these guys had. But that one is no more. So, through a large effort globally, Europol was able to take this one offline and give us a win for the good guys. -

Are terrorists conducting cyber attacks?

So, we recently had an event over in the Middle East where the cyber world moved over into the physical world. In the recent flare-up in the Gaza Strip in the long-running conflict between Israel and the Palestinians, the Israelis actually launched an airstrike against a building in the Gaza Strip that they had identified as housing the cyber attack operations of Hamas. So, I'm not sure if this has ever happened before where we've actually got a direct physical attack on a cyber attack organization, but this has happened here in the news recently. This is interesting. I've had several prospects and a couple of clients ask me if we can't just go launch Tomahawks at these guys to keep 'em out of their corporate networks. It's a great thing to talk about, but obviously we can't really do that. But in this case, the Israeli military was able to get enough intelligence on this facility to go and attack it. This is really difficult to do. Most of the time, you know, a cyber attack operation, they're gonna launch those attacks from proxies, so they're not gonna use their computers to launch an attack directly. That cyber attack organization is going to craft whatever the attack method it is they're gonna use. They're going to then leverage a botnet or some group of computers that they have access to and launch the attack from that in order to conceal their identities, and who they are, and where that attack is coming from. So, we see this a lot of times where Chinese-based groups, Russian groups, North Koreans in particular, will use a botnet, which a botnet is a group of computers that have software, malicious software, installed on 'em. The users don't usually know that that software's even there. But they'll use a US-based group of computers to launch an attack against a company or whatever their target is so it doesn't look like it's coming from the country of origin. We use something called geo fencing, and a lot of the firewalls where we say, okay, if the company does not do business with Russia, Ukraine, North Korea, China, then we'll just block all traffic coming from those countries in the firewall, which removes the threat of a direct attack, but you still have this proxy attack that can happen. And in this case, apparently the intelligence forces or the cybersecurity forces in Israel were able to trace back through those proxies and locate specifically in the Gaza Strip where these cyber actors were all gathered together and initiating these attacks from and drop an airstrike on that location.

Are there organizations that combat cybersecurity threats? -

So, cybersecurity is a growing field, it's a growing problem. We're trying to secure both public facilities and private enterprises against all manner of attackers, both domestic-based and international. As we try to get our hands around this problem, there's organizations that are coming out, coming forth to help us with that. A lot of this is trying to get information distributed to everybody that needs to know what's going on in a secure way, so that we can collectively combat these cyber criminals. One organization that we'll talk about today is called InfoGuard. InfoGuard is an organization that is a private entity and government collaboration. So, private companies like ASC Group have partnered up with the FBI in this organization, which now has 82 chapters across the United States, about 46000 members, and we all can share information about what kind of cybersecurity threats we're seeing with that community. So, access to that information is secured to just be in that community so it doesn't get out, so they share information from the government side, companies share their information, what they're seeing, and we can collectively develop ways to mitigate those threats that are live in the cyber realm. InfoGuard also is tasked with providing information to industries outside of IT, like healthcare, transportation, any type of power generation, anything that's a critical infrastructure organization, they have data that's shared with them in order to protect things like the power grid, water supplies, transportation hubs. So, it's a good step in creating a clearinghouse for this kind of information. There's other organizations, of course, that ASC belongs to and other companies like ours belong to to gather that intelligence information on what threats are out there in the cyberspace. So, through these organizations and this partnership, we hope to be able to do a better job of thwarting the cyber attacks that are coming our way. So, that's all we've got for this episode of Cyber Sentinel. If you've got a question or an issue you want us to discuss on a future episode, read out to us on social media at #CyberSentinel.