The Dark Web. It’s a term some are familiar with, but far more are not. Yet its effect on business is being felt internationally, even as recently as this month with the WannaCry ransomware attack on hospitals throughout the world, which we analyzed in a special Insights Report on ransomware.

Perhaps you remember the hype about Bitcoin many years ago and how that internet payment system was going to change everything. Think it died off? Think again…it has become the main currency of the Dark Web and ransomware.

If you are confused by all of this, you are not alone. According to Pinkerton Vice President Stephen Ward, “So many companies we work with have little or no idea what the Dark Web is…but they should. The impact it is having on business is widespread and companies have been slow to shore up vulnerabilities, leaving themselves exposed to major business disruptions.”

What is the “Dark Web?”

Definitions vary, but essentially the Dark Web is a private part of the internet that uses encryption tools that allow users to move through it anonymously and, if they choose, conduct business.

What kind of business? “A lot of the activity is in illegal products and services,” Ward explains. “Initially, weapons and drugs drove much of the Dark Web activity. But, more recently, trade secrets, product designs and other critical information have made it on there. It’s something companies need to be aware of and have plans for mitigating the risks.”

There has been a lot written about the Dark Web so, we will provide the following links to get caught up to speed:

The Dark Web’s impact on business

“The days of the Dark Web being focused only on guns and narcotics are over,” Ward says. “The growing trend is the sale of Intellectual Property for profit, and that should have many companies concerned. However, our experience so far is that it does not…until they talk with us and we show them how easy their proprietary information could become available. That gets their attention.”

Ward noted that product designs are hugely popular, especially with nefarious manufacturers looking to release the next high-tech gadget on the market before the real manufacturer’s launch date. “We know of an electronics manufacturer that had been preparing a product launch for months, under what they thought was tight security. But the design showed up on the Dark Web, it was purchased, and counterfeits started hitting the market before the genuine product did. Shareholders were made aware of the situation and the stock price dropped at a time when the company had hoped for big gains. That’s how serious the Dark Web can be.”

Advances in technology have made it even easier for that type of situation to be repeated across nearly any manufacturing segment. Computer Assisted Design (CAD) plans are regularly shared electronically within a company and even with third-parties brought on to help with product development. This provides many opportunities for leaks to occur. Furthering the problem, the advent of large-scale 3D printers has made it easy for those plans to turn into real products. According to Ward, many companies have invested in personnel and technology to troll online auction sites like eBay and Amazon, looking for their proprietary information and products being offered. But they fall far short when it comes to the Dark Web.

The flow of information on the Dark Web

The Dark Web is as tangled a connection of sites and information as the normal Web is. How does information get on there? Who puts it on there? Who buys it? And how does it result in counterfeit product production? According to Ward, these are all good questions that many companies simply aren’t asking.

“I am surprised that when I bring up the Dark Web to many companies, they have no idea about it and its potential impact to their business,” he explains. “When I explain the flow of information and how relatively simple it is, they are pretty shocked.”

The flow of Dark Web information

image showing information flow on the dark web: from the leak to the offer, to the initial buyer, to the ultimate buyer

The leak

The first thing that has to happen is someone has to leak, either intentionally or otherwise, the intellectual property information. “And that just takes one disgruntled employee either at your company or a vendor your company uses,” says Ward. “That person decides to market your information and the Dark Web is a good way to do that anonymously.”

The offer

The person who is the leaker then puts the offer of the design or sensitive information out on the Dark Web with an asking price. But how do they find someone willing to pay it?

“Finding a buyer is pretty easy,” says Ward. “There are people who do little else but troll the Dark Web looking for trade secrets, especially related to big brand companies. They will go as far as to proactively post offers to pay for any proprietary information from certain companies, hoping to encourage an employee or vendor to make the information available.”

Initial buyer

Once a buyer is found, a transaction is conducted. Now we get to Bitcoin. The very nature of the Dark Web, where many illegal transactions take place, lends itself to Bitcoin, which is a currency service set up to protect the identities of those using it. Therefore, someone buying product designs will pay via Bitcoin so they cannot be traced to the transaction. 

But many times, these initial buyers are, in reality, resellers. Their role is to find and secure the information from the sellers who, as in the case of a disgruntled employee, are not normally engaging in this activity. The resellers are looking for opportunities like this and then once they secure the information, use their network to sell the information at a higher price to the ultimate buyer. 

Ultimate buyer

The ultimate buyer is one who will actually do something with the information. This could be an individual with a 3D printer, a covert manufacturer that will make many of the product quickly, or even a competitor looking to get an advantage.

But perhaps one type of buyer is most surprising. “Ironically, the final buyer of the leaked design might wind up being the company who designed it in the first place,” says Ward. “They are willing to pay the price so that they get back that which they lost and prevent a major problem. It’s the basis of ransomware schemes on the Dark Web. Of course, the sellers don’t care who buys it, only that their price is met.”

Mitigating the risks of the Dark Web

According to Ward, most companies are not sophisticated when it comes to mitigating the risks of the Dark Web and ransomware. “It’s common that manufacturers will outsource some of the work to an outside vendor. But, they haven’t taken the time to really investigate that vendor to determine if their security protocols are up-to-date and enforced. Vulnerabilities at a vendor puts your company at risk, too.”

Ward and his team recommend a security risk audit be conducted on any vendor who will be entrusted with proprietary company information. This includes looking into their hiring practices and how they screen employees to prevent Intellectual Property theft. Ward additionally recommends a:

  • Review of the vendor’s security plan and protocols
  • Audit of the company’s physical security operations
  • Fingerprinting of key vendor employees
  • Full review of the vendor’s cybersecurity risk mitigation systems
  • Monitoring of Dark Web activities at least 90 days prior to product launch, looking for designs/specifications for purchase
  • Continued monitoring of the Dark Web at least 30 days after launch to prevent a flood of “knockoffs” in the marketplace

“As your company evolves, so should your security needs and solutions,” Ward says. “Too many companies either don’t know about or don’t concern themselves with the Dark Web. That’s a mistake that is proving costly, as recent news like WannaCry demonstrates. Criminals on the Dark Web can be caught because they usually make a mistake. But a company needs to commit to a plan that is dedicated to this type of mitigation.”

Published May 24, 2017