The surface web consists of the stuff you see every day through your browser on your Internet connection, yet it only represents about 1 percent of what’s going on in the true worldwide web. Beyond the surface web lies the deep web. It consists of content that cannot be found or accessed via your common surface web search engines and is intended to keep search crawlers out.
This where most of the cybercriminals hang out in forums, obtain exploit kits and tools for hacking and trade credit card data, fake IDs, weapons, drugs, and other banned substances on a variety of black markets in exchange for some form of BitCoin.
To give you a sense of scale, it is estimated that for every billion pages indexed on the surface web, there are 900 billion on the deep web.
[lz_ndn video= 33025227]
But if you go below the deep web, you will find an even more nefarious sector known as the dark net. The dark net is an anonymous network that is rigorously designed to protect hidden data, identities and political forums. Unlike the surface web and dark web, the dark net is only accessible with specialized and not readily available tools, software and protocols that dive beyond access privileges or login credentials. In other words, not many “normal” people can get there.
The dark net is where black hat hackers develop malware, toolkits and viruses that are used for political hacktivism, cybercrime and the buildup to the coming cyberwar. One of the dark net’s most active players in the past 12 months has been nation-state actors, aka, really bad guys.
So it isn’t surprising that the head of the British National Cybersecurity Centre predicts that a level-one cyberattack will happen within one to two years.
Whether or not Russia succeeded in affecting the outcome of the U.S. election, the U.S. intelligence community has now confirmed that nation-state actors from Russia’s foreign intelligence service and main intelligence agency directly sponsored the team of hackers that carried out the attacks and used bots and fake stories to make information more damaging, while strategically magnifying the effects of information leaks. And contrary to Sen. Mark Warner’s (D-Va.) ridiculous comments on CNN implying that the Russians needed help from the Trump campaign to target U.S. social media sites such as Facebook, they are quite capable of corrupting any country’s electoral process without help from anyone.
More significantly, China’s military-based cyberteam (Unit 61398) has successfully accessed several U.S. government-controlled domains to steal military plans, drawings, and program details. The alleged “deal” in 2015 between President Obama and Chinese President Xi Jinping has not stopped China’s cyberespionage operations, which has been confirmed by the U.S. intelligence community’s Senate briefing earlier this year, pointing out that “Beijing continues to conduct cyber espionage against the U.S. government, our allies, and U.S. companies.”
Recent reports indicate that China’s total number of cyber operatives is in excess of 100,000 trained hackers. Because of the covert nature of the Russian government, it is hard to estimate the extent of its cyber program, but there is irrefutable evidence that Russia regularly sponsors dark net cybercriminal campaigns across Eastern Europe like those that turned out the lights in Ukraine.
Iran, of course, has heavily invested in its own cybercapabilities and has significantly contributed to the rise of cyberterrorism in the Middle East. As an example of the recent increase in kinetic cyberattacks, a hacking group with Hezbollah cracked into and disabled a network of security cameras at a Defense Ministry compound in Tel Aviv in early 2016. That sort of messaging was not lost on the Israelis.
Western and NATO member nations such as the U.S., U.K. and Germany have developed cyberteams for intelligence and cyberdefense purposes, but we are woefully in arrears in terms of sophistication, training, education, funding, technology and information.
We have occasionally observed federal agents from U.S. intelligence and homeland security communities active on the dark net, arresting some underground market vendors during the past two years, and the German Interior Ministry has deployed some custom-developed Trojans to track suspected citizens’ user chats and conversations on smartphones and PCs, which is good news. But this level of counterespionage is a long way from where it needs to be if we are to mount any sort of reasonable defense against an increasingly dangerous nation-state presence, all targeting the U.S.
The malware tools used for nation-state espionage and sabotage are interchangeable and widely available, and nation-state hackers use the same tools in every common hacker’s backpack. Their attack style evades detection and easily mitigates most IT security measures that are in place today. Most chilling, in our government agencies little has changed since the successful attack on the Office of Personnel Management records back in 2014. And our energy operators have done almost nothing to improve or bolster ancient cybersecurity defenses. Due to existing regulations and oversight, there is no incentive for them to change a thing.
One fact emerges repeatedly from monitoring activity on the dark net. Nation-state-sponsored hackers are the black hat community’s biggest and most active players. The head of Britain’s Cybersecurity agency is correct, but to dark net observers, the level-one cyberattack to which he refers will not be targeted at health care operators, entertainment channels, or retail outlets with ransomware or blackmail demands, but rather a kinetic slam on key infrastructure targets in the U.S.
The message is clear. We simply cannot continue to pursue this strategy of hope and denial any longer, and people like Sen. Warner, the top Democrat on the Senate Intelligence Committee, are not helping.
Steve King is the COO of Netswitch Technology Management.
(photo credit, homepage images: iStock / Dan Duncan, Flickr; photo credit, article images: Pixabay / Mark Warner, Flickr)