The surface web consists of the stuff you see every day through your browser on your Internet connection, yet it only represents about 1% of what’s going on in the true world-wide web. Beyond the surface web lies the deep web. The deep web consists of content that cannot be found or accessed via your common surface web search engines and is intended to keep search crawlers out.
This where most of the cyber-criminals hang out in forums, obtain exploit kits and tools for hacking and trade credit card data, fake IDs, weapons, drugs and other banned substances on a variety of black markets in exchange for some form of BitCoin.
To give you a sense of scale, it is estimated that for every billion pages indexed on the surface web, there are 900 billion on the deep web.
But if you go below the deep web, you will find an even more nefarious sector known as the darknet. The dark net is an anonymous network, that is rigorously designed to protect hidden data, identities and political forums. Unlike the surface web and dark web, the darknet is only accessible with specialized and not readily available tools, software and protocols that dive beyond access privileges or login credentials.
In other words, not many “normal” people can get there.
The darknet is where black hat hackers develop malware, toolkits and viruses that are used for political hacktivism, cyber-crime and the build-up to the coming cyber-war. One of the darknet’s most active players in the past twelve months has been nation state actors, aka, really bad guys.
So, it isn’t surprising that the head of the British National Cybersecurity Centre predicts that a level-one cyber-attack will happen within one to two years.
Whether they succeeded in affecting the outcome of the U.S. election or not, the U.S. intelligence community has now confirmed that nation state actors from Russia’s foreign intelligence service and main intelligence agency directly sponsored the team of hackers who carried out the attacks and used bots and fake stories to make information more damaging while strategically magnifying the effects of information leaks. And contrary to Senator Mark Warner’s ridiculous comments on CNN implying that the Russians needed help form the Trump campaign to target U.S. social media sites like Facebook, the Russians are quite capable of corrupting any country’s election opinion process without help from anyone.
More significantly, China’s military-based cyber team (Unit 61398) has successfully accessed several U.S. government controlled domains to steal military plans, drawings and program details. The alleged “deal” in 2015 between Obama and Xi Jinping has not stopped China’s cyber espionage operations, which has been confirmed by the U.S. intelligence community’s Senate briefing earlier this year, pointing out that “Beijing continues to conduct cyber espionage against the U.S. government, our allies and U.S. companies”.
Recent reports indicate that China’s total number of cyber operatives is in excess of 100,000 trained hackers. Because of the covert nature of the Russian government, it is hard to guesstimate the extent of their cyber program, but there is irrefutable evidence that Russia regularly sponsors darknet cyber-criminal campaigns across Eastern Europe like the ones that turned out the lights in Ukraine.
Iran of course, has heavily invested in their own cyber capabilities and has significantly contributed to the rise of cyber terrorism in the Middle East. As an example of the recent increase in kinetic cyber-attacks, a hacking group with Hezbollah cracked into and disabled a network of security cameras at a Defense Ministry compound in Tel Aviv in early 2016. That sort of messaging was not lost on the Israelis.
Western and NATO member nations, such as the U.S., UK and Germany, have developed cyber teams for intelligence and cyber-defense purposes, but we are woefully in arears in terms of sophistication, training, education, funding, technology and information.
We have occasionally observed federal agents from U.S. intelligence and homeland security communities active on the darknet, arresting some underground market vendors during the last two years, and the German Interior Ministry has deployed some custom-developed Trojans to track suspected citizens’ user chats and conversations on smartphones and PCs, which is good news. But this level of counterespionage is a long way from where it needs to be if we are to mount any sort of reasonable defense against an increasingly dangerous nation state presence, all targeting the U.S.
The malware tools used for nation state espionage and sabotage are interchangeable and widely available, and nation state hackers use the same tools in every common hacker’s backpack. Their attack style evades detection and easily mitigates most IT security measures that are in place today. Chillingly, in our government agencies little has changed since the successful attack on the Office of Personnel Management records back in 2014. And our energy operators have done almost nothing to improve or bolster ancient cybersecurity defenses. Due to existing regulations and oversight, there is no incentive for them to change a thing.
One fact emerges repeatedly from monitoring activity on the darknet. Nation state sponsored hackers are the black hat community’s biggest and most active players. The head of Britain’s Cybersecurity agency is correct, but to darknet observers, the level-one cyber-attack to which he refers will not be targeted at healthcare operators, entertainment channels or retail outlets with ransomware or blackmail demands, but rather a kinetic slam on key infrastructure targets in the U.S.
The message is clear. We simply cannot continue to pursue this strategy of hope and denial any longer, and people like Senator Warner serving on our “Intelligence Committee” are not helping.