Dark Web
ThreatBites 08: Dark Web Stories & Forums
Barnarby Holdsworth-Kirby
September 20, 2024
Summary
Today we have our two DarkInvader team members, 4NG3L & E4GLE, talking about dark web stories and forums currently popular on the Dark Web and how you can report this if you are impacted.

ThreatBites 08: Dark Web Stories & Forums

Today we have our two DarkInvader team members 4NG3L & E4GLE, talking about dark web stories and forums currently popular on the Dark Web.

What Are The Forums on The Dark Web?

The dark web is host to a wide variety of forums, websites and online marketplaces where users can buy and sell goods. There are forums dedicated to illegal activities such as drug selling, hacking services, counterfeit currency and stolen credit card numbers. Some forums also include leaking data of companies or their employees on the dark web, which can be detrimental to a businesses security.

What Are Some Examples of Data Leaks on The Dark Web?

Data leaks on the dark web can be devastating to any company. For example, huge companies such as LinkedIn, Adobe and Dropbox have all had their user data leaked on the dark web. This means that any personal information stored regarding employees and customers was accessible to those with knowledge of how to navigate the dark web. Other examples include leaked financial data from banks, political emails, and personal records.

What Should You do if Your Data has Been Leaked?

If you find out that your data has been leaked on the dark web, it is important to take steps to protect yourself. First, change all of your online passwords and make sure they are secure. Secondly, be aware of any suspicious activity or emails from unknown sources.  Finally, contact your financial institution and any other companies that may have been affected by the data leak and ask what measures they are taking to protect you.


Transcript

Welcome to another DarkInvader threat bites on these threat bites we discussed the latest Dark Web stories.

A report has detailed how the majority of the world's top cybersecurity companies have had their data exposed on the dark web. The survey from the application security farm immunity web took a sample of nearly 400 of the largest cybersecurity companies from the 26 countries across the globe. With the majority based in Europe and the US further data identify that 29% of leaked passwords belonging to the security companies were weak and that employees from 40% of the organisation had refused credentials across different online services.

On today's threat back we welcome Angel for our news and Eagle it's good to be here. Both of the identities have been hidden for privacy. Thanks for joining me guys on today's threat bite. So let's get this started. So how can we know if our emails and personal details are on the Dark Web? Angel? Do you have anything to say about that?

Well, yeah, lots of them, obviously notorious for being on the dark web and things but as he said the clearnet has also has a large variety of leaks and information and credentials and things. And one of the main ones would be a website called the house, if you can go on there and things you can search up companies and see if yours are leaking things and credentials are on the internet. And then you can remove them and you can like remove them from the website, which is a great feature if you are a company owner or are part of an organisation. But your placements are a great one as well.

They can be found through lots of things. I mean, the dark web is definitely the best one or like with all of the websites and things such aren't allowed and things on the clear now that's the best way to for threat actor to access lists and game gains by obtaining these credentials.

A lot of these threat actors will download these credentials off the data points and make their own password lists or own financial lists. So it's important to note that, you know, all the notorious ones from our games will most likely have their own sort of database of ugly credentials that they're capable today, when, when and where the breaches happen.

Yeah, I think that was a great mentioned by Eagle about the ransomware gangs taken in the own databases and things of these credentials. And that's something we adopted, he already taught in VEDA, bringing into having a look at databases and credentials and bringing our own credentials and who they are based on things. Can you give our listeners some examples of data leaks on the dark web?

I'd say that the three main breaches that we find a lot of employee emails are in is Adobe, LinkedIn, and Dropbox. Purely because these are just the types of services that people sign up for work. I mean, a lot, a lot of organisations use drop out, a lot of times they use LinkedIn, and Adobe etc. So it just introduces a big single point of failure for these organisations because they're signing up with their, their emails, and if they ever did get hacked, and you know, it was in 2013, you don't really happen. And it's still a prevalent list on the dark web that people download. And it makes up, it makes up a decent amount of that the leaked credentials out there. So it's there's just an important note that you put a lot of trust in these companies.

And if they do ever get breached is that's where it becomes important not to reuse same passwords and to make sure you have to have their two factor authentication enabled to try and minimise the risks that you can put these compose some great points. You've mentioned that Eagle. Angel, is there any comments you would like to add?

Yeah, so I mean, ego touched on some really good points. And you only mentioned three of the data breaches. But I mean, that doesn't even scratch the surface. And in terms of how many are actually out there, and to public knowledge as well. I mean, there's many databases out there that most guys don't even know where they're coming from, and where they've been leaked from and things. So, I mean, it can be a scary thing for companies and people in general.

So what should you do if your data has been leaked?

I mean, there's lots of incident response companies and teams that can really help you bring together a good plan of action and how to mitigate the damage to the best of your ability. But if this data is really sensitive, and it means a lot to you and your organisation, and it's illegal in the first place, I mean, I feel like the police should definitely get involved. And that should be one of the first calls being made.

Another important step in preventing the damage that you can know is not necessarily how they get leaked, because there's, as just the company's not a lot you can do but in preventing sort of mitigating the risks that can happen, it's definitely important to just never reuse these passwords. Because the reason criminals want these data lists is so they can try and log into our servers with them because they know how many people reuse a password. So just ensuring that your password policy shows that employees aren't allowed to reuse passwords of their strong passwords. And additionally, that any two factor authentication is a really powerful tool nowadays that most services will employ whether it be an authenticator app or a text to your to your phone or something like that. These are important so you know, shall these credentials ever get leaked, they'll never be able to do the one time password.

So these are controls can help mitigate what damage that these leaks can do.

Dark Web and deep web are sometimes confused by people thinking they are the same. What is the difference between them two, I think it's best if you take into account a normal browser, for example, Google, Google limit what gets shown on on their browsers a lot. In terms of the clear slash, deep web, that's more of a all URLs in all websites and things get uploaded onto that. And then in terms of the the dark web, that's things like onion links, and an illegal things that shouldn't be up and you can really, in terms of the dark web, it's hard to really, the, the idea of what's been given from it in the past, and the present still, is, is really not what it's like. And you don't just go on the dark web and see all the things you hear and things. And even to get down that rabbit hole in a sense, you need to really know what you're looking for. And if you don't know exactly what you're looking for, you're really going to struggle a stumble across this, Angel mentioned Onion Routing ego, can you explain to our listeners what onion routing is.

So this is generally what we mean by the dark web out what's called Tor Hidden Services Tor being that it's actually a nonprofit charity, technically, they work off donations. And it's an implementation. Tor literally stands for the onion router, and the onion routing, basically, it takes all your traffic and encrypts it with layers of encryption, hence the name of onion routing, so that and then bounces your connection across the world before it gets to the server. And this just ensures that if anyone was intercepting these messages, at any point, they have no idea what it is you're doing and know who you are, which is the main point of time. And this is why it's called the dark web. Because this anonymization means that law enforcement agencies have a very hard time finding out who you are and what you're doing. Because there's no distinction between there's plenty of perfectly legal sites on the dark web, and then equally, plenty of very legal stuff, there is no distinction all all you can see is just that this user is using tar. And that's it, you don't know who they are, you don't know where they are. And that's that's the aim of onion routing. And that's what tar and that's how tight implemented.

I think that's great eagle, I think you should mention about how it was founded and how it how it came to fruition, because I feel like that's a great little backstory of how Tor and the dark web even occurred. Yeah, so the protocol that was only in routing was defined by US Navy research, it was to protect the identities of spies working abroad, essentially. And it was just the onion routing protocol. It's, you know, at its core, it's just a lot of maps and a protocol like any other in computing.

And now it's, it's evolved into what is Tor and you can, they rely on donations, they are literally a nonprofit organisation. So they're taken what US intelligence made, and they've evolved into a nonprofit organisation, they work off donations, and they work on their own users have to host the network. So you can volunteer if you've got enough bandwidth to host a toll network. So it's interesting how it was developed by the US military research for them. And it's evolved now into what we'd refer to as the dark web.

Yeah, I think it's worth to mention as well, even though the dark web comes across as a bad and scary place and things which which it can be, there's also a lot of good in it with journalists and people, people in dangerous situations, situations, being able to be able to anonymously report and help help the good of the world at the same time. So I think that's also a great thing. It's not the analytical, the dark web and things like that. But I feel there's definitely two sides to what or is.

Yeah, exactly. And something that often surprises people is that the BBC and the Guardian both have that website. And this is so people in countries where internet access is either restricted or blocked or censored by the government. Tor completely bypasses this and lets them view uncensored news. And and also, the Guardian has a portal where you can upload new stories for dissidents in other countries, whether it be for war crimes, or anything that they've witnessed. They're gonna upload this completely anonymously without the threat of being arrested. And there's also sites that host the Bible and the Koran and other texts for, again, in countries where this information isn't even available on the clear web.

So yeah, it's like Angel said, there's a lot of good uses for the dark web. But obviously, it comes to a lot of people mind, especially having a name like the dark web is all the illegal activity that take place on it. But there is plenty of good stuff. And there is plenty of good stuff that goes on on the dark web, which is definitely worth noting with the stolen credentials. What do cybercriminals do with them? Do they just put them on the dark web or is there a lot more to it?

There's tends to be two camps with the cyber criminals.

There is cyber criminals who get these data and then they'll sell them on forums and that's they make money that way. They'll last for so much Bitcoin theory and whatever cryptocurrency they accept, and they'll just make money that way. And they can make an extensive amount of money because these credentials are in, in supply by the second group, they want to use them to do credential stuffing attacks, maybe make a phishing email, you can imagine if someone was to email you, and it had your password in it, you'd be you'd be that much more likely to believe them. So, you know, there's two sort of camps of people who want to sell them on the dark web and make money that way. And the criminals he wants to use it for malicious intent against the company itself.

Yeah, I think that's a great mention, in terms of the leaks and things that often come with companies and organisations and things. And if a threat actor wants to get the hands on this, there's a lot more money in businesses and organisations, if they were to send phishing emails, and good about go about it in that sense. So it would prove to the threat actor to be much more profitable for them to go about getting their hands on a database, especially a fresh one. And then going out that way, instead of just doing random people, which you don't know what the what the turnover rate on them emails would be two or three doctor. So I feel that you can get a lot more a lot more peace of mind if they were to go about it in that manner.

Eagle, I noticed you mentioned credential stuffing. If you are listening to this podcast and want to know more about credential stuffing, we actually do have a whole podcast on credential stuffing, be sure to check it out. So how can people prevent that whereby even that web data exposures as we've mentioned it throughout the podcast that there's not a lot you can do to prevent these initially becoming breach because these happen when third party services that your company is using get breached? So in terms of that, there's not a lot you can do. But I think Angel could talk a lot about the controls that you can implement to prevent the risk of this.

Yeah, well, I mean, in terms of organisations and companies that are especially security based, the need to be getting run through a security protocols and security training and what to do in certain situations as just the likes of one email could destroy your company. And they could lose profits, like quicker than they could blink. So I mean, long passwords to just understanding that these things can occur and occur more than some people would think. So that's definitely a great way to go about things.

Yeah, it's a great point, I'd imagine. I'd imagine most companies have leaked credentials or somewhere it's not. It's not, it's pretty much unavoidable. So I imagine if your companies are being a bit too naive about this, it's definitely worth checking. Because there are probably credentials out there. So don't think you're immune, because there are probably definitely your passwords on someone's dark website. So it's definitely worth checking in. And that's something that dark invader offers.

Yeah, I also think it's worth mentioning as well are companies and organisations that do have weak, weak security and things if you do manage to get breached, or your security slips up somewhere, then the government can hand out pretty big fines. And that is, the fines that can occur and things it would be a lot more, you'd save a lot more money just by going through the training and the reputation alongside that as well as if you own a company or business. You know, that means a lot to customers and to other companies in terms of partnerships, and etc.

Have you both got any closing comments before we wrap up this podcast?

Yeah, so I'd like to say thank you for having me on the podcast, of course. But in terms of what we've talked about in everything that goes on, I mean, he are riddled with it. We call out a majority of this, and we do it in a very professional and to a high standard at the same time. So yeah, I feel like you should definitely browse over to the Dalton VEDA website, DarkInvader.io and just book a demo. So how we'll go about things, see if it's to your standards, because most companies could definitely benefit off their cybersecurity, especially going into the future of what we're going into IT admin very technological and advanced. I mean, a lot of people are ahead of the curve already and if your company is needing this, and you can also be ahead of the curve as well.

It's been great having you both on today's threat bite.

Thank you for having us.

Thank you very much.

Both Angel and Eagle have discussed crucial information today on data breaches and the best practices to stay safe from the dark web. If you are listening to this podcast. Avoid browsing on the dark web as even if you have good intentions, and it's easy to stray off the beaten path and encounter illegal material sites or malware.

Follow our Dark Invader Spotify page for more.

Barnarby Holdsworth-Kirby

Barnaby Holdsworth-Kirby is an award-nominated open-source investigator at DarkInvader and a proud member of the UK OSINT community. With deep expertise and a passion for uncovering hidden insights, Barnaby is dedicated to advancing the field of open-source intelligence, helping organisations navigate complex security challenges with precision and insight.

Sign Up for Your Free Account

Unlock continuous, real-time security monitoring with DarkInsight. Sign up for your free account today and start protecting your external attack surface from potential threats.

Create My Free Account