Monday, 21 December 2015

Understanding the Importance of the Deep Web and Dark Web

During the course of a 2 day conference I recently attended, I had the opportunity to meet many security professionals from various organizations in the private sector and public sector.  In the hopes of understanding their perspective of the Deep Web and Dark Web, I posed several questions about the Deep Web and surprisingly, many people I spoke to had never heard of the Deep Web or the Dark Web while others conflated the two. This presented me the opportunity to share what each are and how they differ as well as the importance of the Deep Web in information security.
So what is the Deep Web? By definition, the Deep Web are web pages that are not indexed by search engines like Google, Yahoo or Bing. Taking the definition from http://whatis.techtarget.com/definition/deep-Web

“The deep Web is the part of the Internet that is inaccessible to conventional search engines, and consequently, to most users. According to researcher Marcus P. Zillman of DeepWebResearch.info, as of January 2006, the deep Web contained somewhere in the vicinity of 900 billion pages of information. In contrast, Google, the largest search engine, had indexed just 25 billion pages.”

Surface Web vs Deep Web
Let’s have a practical understanding on the difference between the Surface Web and the Deep Web. When you ‘google’ for Gmail, you will be presented with various results that eventually will direct you to the front page of Gmail.com. Now what you are seeing is actually the Surface Web. When you log in to Gmail.com with your credentials, you will be directed to another page where all your personal emails are stored. This Gmail inbox that you are now accessing is part of the Deep Web. So by imagining the millions of Gmail, Yahoo or Hotmail email subscribers, you can imagine how large the Deep Web is.

Deep Web vs Dark Web
Many quickly assumed that the Deep Web is a dark place where criminal activities and illicit services lurks hence many articles and reports posted by journalists and bloggers referring to the Deep Web and Dark Web synonymously. The Dark Web is part of the Deep Web but the Deep Web is NOT the Dark Web. Imagine this for a moment, a tomato is part of a salad but a tomato is not a salad by itself.  This “part of” not “same as” relationship is essential to understand.

The ‘Dark’ Net largest network, TOR
The Dark Web, sometimes called the Dark Net is accessible through special software and configurations.  As part of the Deep Web, the Dark Web is also accessible via standard search browsers. The largest private network that constitutes part of the Dark Web is accessed through software called The Onion Router (TOR) browser. The TOR browser, a project started by the United States Navy Research Labs connects a user to the TOR network which is essentially a microcosm of the same activities that exists in the surface net that we all use every day.  The TOR browser aims to provide a sense of anonymity when accessing the TOR network preventing monitoring of user activities throughout the network. With this sense of anonymity, cyber criminals have taken advantage of this technology and use it to conduct criminal activities such as providing illicit services, selling, and sharing 0 days cyber exploits, drugs, weapons, and other illicit activities. Since all of the illicit and legal activities occur with anonymity and essentially in the shadows, the nomenclature of the “Dark Web” was born. 

The Importance of Dark Web
The Dark Web is known to be a playground of illicit services and it has grown to be more than just a place to purchase drugs or trade 0 day exploits. It is also a place where stolen personal information and documents are leaked/dumped or auctioned.  Recent high profile cases such as the OPM (Office of Personnel Management) hack, Ashley Madison hack and just recently the Talk Talk hack are some of the cases where hackers are utilizing the Dark Web to sell or expose the data causing reputational damage to the affected organizations and great distress to the individuals that have their personal information exposed. There are multiple forums dedicated to the sale of these types of stolen personal information and those posting and making the sale shroud themselves in the anonymity that the Dark Web provides.

Are you already in the Deep Dark Web?
Throughout my research in identifying and gathering information related to several financial organizations and governments, I have managed to locate important and highly sensitive information. From the exposure of vulnerabilities, email addresses, credentials, personal information in private emails, databases, and even potential cyber threats all being leaked and exposed in the Deep Web. This information, in the wrong hands can lead to various implications such as phishing, ransom, threats, and even compromising the state of security of the affected organizations.

The majority of cyber threat intelligence data focus on preventing a breach or leak from happening, but I have found that even with companies and governments spending more and more on the defense of the network, major breaches are occurring at an even more alarming rate.  We must continue to try and protect one of the most valuable assets of the company, the information.  We must also realize that there will be times when our information makes its way onto the Dark Net where cyber criminals and black hat hackers can use the information to further compromise our companies and nations.  I believe we must continuously monitor the Dark Net, so we learn that our sensitive information is for sale or posted as early as possible.  This allows us to take proactive steps to begin remediation prior to a greater exploit or attack.



Sunday, 25 October 2015

Government Ware (GovWare) 2015

Government Ware or GovWare is an annual security conference organized by the agencies of Singapore Government to showcase the latest cyber security talks, booths, vendors and products. This year's theme was 'Building a Secure Smart Nation', held in Suntec Singapore. This is one of the conferences that one should go to check out the competition as well as network! 



































Tuesday, 20 October 2015

Back to the Future II - The Tech and Toys that came true

In the spirit of Oct 21st 2015, the date Marty McFly travelled to the future to save his son and eventually himself in Back to the Future II, i re-watched this classic again and gathered some of the tech and toys that were correctly predicted in the movie.

Travelling 'back' to the Future!


1. Handheld camera with facial recognition technology.




Back in the 80s, there were no handheld and slim cameras not to mention facial recognition technology that now in 2015, almost all cameras in our slim rectangular shaped mobile phones possessed. 

2. Laser Discs and CD ROMs are obsolete



While Laser Discs were long gone since the millenium, who would have thought that CD Roms (see closely on the right -where they were dumped) which was famously used in the 90s till 2000s. are also being dumped. Now in 2015, almost all the latest computers do not come preinstalled with a CD Rom player and everything has now switched to flashdrives. Its amazing to see how eerily accurate this image is and that we in 2015 rarely or no longer need to use CD/DVD ROMs in our computer systems. 

3. 3D and Hologram Technology


3D movies and lately the usage of hologram technology in concerts are just some of the good examples of why this was correctly predicted.

4. Games using hands are old


In this clip, Marty McFly was seen to play an old cowboy game in the Cafe 80s, bar. Two kids after seeing Marty playing the game, commented that playing games using hands are for babies. Now we have seen how games are evolved from handheld controllers to using wireless motion technology known as Kinect!

5. Not Hooverboards but..... Skate Scooters!


Well, hooverboards are still a long way to go but this represents another type of 'transportation' to which we have that is called 'Skate scooters'. See how it was played in the movie and how the skate sccoter is played today. Similar right?

6. Biometric Fingerprint Authentication for Homes


The future is indeed here Back in the Future! Biometric fingerprint technology to authenticate before unlocking home doors. This technology are now being used in many homes and offices!

7. Voice Recognition to on the Lights


"Lights on" and there, the lights are on. This voice recognition to on the lights is another thing that most smart homes are already using.


8. Wall Projectors


Back in the day, we use OHP Projector to display black images from a transparent A4 size plastic. Video images are not something that was capable back then. Now we have projectors that can display images and videos on almost anywhere. 

9. Smart Home Monitoring Technology


Did anyone spot this? Look on the right above the 2 cylinders. Doesn't it look like a monitoring system for the home? Something that is now being used in Smart Home monitoring to monitor temperatures, or to control home electrical appliances.

10. Touch and Go Fingerprint Payment Technology


Though not implemented in taxis, the technology for a touch and go fingerprint payment system has already exists. Check out this company

11. Multi Channel Smart TV and 55 inch LCD TV!


Its not until the late 90s or the millenium where TVs were getting thinner. Even a Plasma TV is still much thicker. Now most homes have at least a 55inch LCD TV being hanged on the wall and subscribing to cable allow us to view multiple channels at once! Spot on!

12. Google Glass?


Remember Google Glass? Though Google Glass 'died' as soon as it first arrived, it doesn't stop the fact that a similar glasses was seen in Back to the Future where one can see who is calling and speaking on the glasses!

13. Video Conferencing


Skype, Kinect, MSN, Yahoo.... need i say more? 

Is there anything i missed? Let me know. ;)

Friday, 25 September 2015

The Cyber Security Show Conference

Attended the Cyber Security Show organized by Terrapinn in conjunction with the IOT Show. Took place in Suntec City Exhibition hall and held on the 22nd to 23rd September 2015. Although 70% of the booths were concentrated on the IoT, the sponsored talks were actually good to listen to. One of the unique things for this conference was that there were a series of table discussions where notable professionals in the security industry gave a topic for a round table discussion. This is definitely something conferences should have especially if one of the agenda is to allow delegates to network and what better way to network then to start off with a round table discussion, getting to know each other and exchanging business cards.



Talks by various vendors
















How the exhibition hall looks




The round table discussion. Here, Anthony Lim, one of Singapore's Cyber Security pioneer discussed on the topic of Cloud Security.