a bookworm who loves cyber security. a sucker for hacker and security conferences. loves reviewing conferences and has attended and spoken at the cons from Singapore, Middle East, Europe and as far as the U.S. a fan of security rock star Bruce Schneier and 50 Shades of Grey.
Monday, 11 January 2016
The Dark Web Rises - A look back at 2015
2015 has finally come to an end and with many security predictions for 2016 made by credible security companies, from IoT to Ransomware and Cloud security to Privacy issues. However, one thing that has made its presence in 2015 was not being raised – the rise of the Dark Web.
2015 was not only the year where data breaches were the highest than previous years, it was also the year in which, the Dark Web was heavily utilized to accommodate this breached data, selling them, trading them and even exposing them in the dark corners of the web.
Let’s take a look at some of the cases reported in 2015.
mSpy, the makers of a software-as-a-service product that claim to help more than two million people spy on the mobile devices of their kids and partners, has reportedly been hacked and has its data leaked to the Dark Web. Details such as emails, text messages, payment details, Apple IDs, passwords, photos and location data for mSpy users have all been exposed in the Dark Web.
One of the biggest hacks emerged from the office of personnel management of the U.S administration office also known as the OPM Hack where millions of personal data were breached allegedly by Chinese hackers. These databases were sold and exposed in forums in the Dark Web.
15 million customer records stolen from T-Mobile's credit monitoring service Experian has reportedly been listed for sale on the dark web. According to the Irish fraud prevention and security firm Trustev, they found data very similar to the one stolen from Experian being listed for sale on the Dark Web marketplaces.
Ashley Madison, the website known for cheating spouses has hackers threatening to sell the information, including the credit card details of 37 million adulterers in the Dark Web. Some of these data dumps were available to download in the form of ‘Torrent’ allowing hackers to expose them freely in the Dark Web forums.
The hack of 000Webhost, a Lithuanian provider, was discovered by independent security researcher Troy Hunt, best known for running the service 'Have I been pwned?', who was contacted by an anonymous source who claimed to have a database containing the credentials of 13.5 million 000Webhost users.
On October, some of the TalkTalk’s customers financial data were spotted for sale in the Dark Web. Almost 157,000 TalkTalk customers had their personal details hacked on the telecoms company. The company said 28,000 credit and debit card numbers, with some digits obscured were stolen by hackers. However these data cannot be used for payment and customers cannot be identified from the data.
Even ISIS, knowing the anonymity the Tor Network provides, shifted its operations to the Dark Web protecting itself from being monitored and avoiding surveillance. This is just one example of how the Dark Web is being used not just by hackers but also terrorists to spread its propaganda and even recruiting of potential members through its forums in the Deep and Dark Web.
If there is one thing we can learn from these cases, it is that 2015 was the year where the Dark Web has been on the news more often than the previous years. The Dark Web is no longer just known for selling drugs, hiring of assassins, selling of weapons and other related illicit and criminal activities, with data breaches, exposure of vulnerabilities, planning and organizing of hacking events and cyber threats made against organizations, the Dark Web has now made its way into the chapters of information security and organizations must be prepared and ready to face it.