By Andrew Delamarter

When companies are hacked and their data is stolen, that data often appears for sale on the so-called darknet. Earlier this year, for example, user data from both the mega-hack of Yahoo (500 million accounts) and the uTorrent breach (400,000 accounts) showed up on the darknet’s illicit marketplaces. As InformationWeek recently put it, the darknet is “where your stolen identity goes to live.” Think of it as mass e-commerce for the black market (here’s a good primer).

And it isn’t a problem just for consumers. Valuable corporate assets — from intellectual property to pirated software to stolen code bases and other digital products — appear for sale on these marketplaces more and more. The darknet is enabling criminals to more easily profit from failures of corporate cybersecurity.

To better protect both their businesses and their users, company leaders need to familiarize themselves with the darknet and its threats and opportunities.

hack-3What Is the Darknet?

When many people think of “the internet” — websites, message boards, marketplaces, and so on — what they’re actually thinking of is the open web, or surface web. The open web is what you see when you start up a web browser and use a search engine to find what you’re looking for. Sites on the open web are accessible to anyone.

The darknet as a whole is much like the open web. It consists of websites, message boards, and marketplaces. But the darknet’s sites can’t be found with search engines, and they can only be accessed through anonymizing software such as Tor, which obscures the user’s IP address. This is useful for people who don’t want to give away their location and identity to internet service providers or other parties, such as government agencies, that can track network activity.

Of primary interest to corporate leaders is darknet marketplaces (DNMs). The first DMN to hit mainstream awareness was Silk Road, the black market for illegal drugs that was shut down by the FBI as part of a multiagency effort in 2013. New, more robust DMNs immediately took its place, and research indicates that DNMs continue to grow and thrive.

DNMs sell their products and services to an effectively anonymous clientele, who often buy with Bitcoin for even greater anonymity. The combination of Tor and Bitcoin has helped DNMs’ popularity explode.

Where the Darknet May Be Headed

As the darknet becomes mainstream, more people may decide to actively split their online activities between a public face on the open internet and a private face on the darknet. Our lives have become permeated with personalized services and technology, allowing strangers to see intimate details of our lives through social media and search engines. The kinds of anonymous environments provided by the darknet may offer an appealing escape.

As a result, HR and legal teams will need to come to terms with the fact that employees may have obscured digital identities. Facebook, LinkedIn, and Twitter profiles will contain nothing but inoffensive content and activity; any kind of controversial thought and digital engagement will move to “dark” spaces. Employers will have to adapt to the new reality that employee online activity will be harder to monitor, control, or enforce. The sunny days of getting a full picture of someone through their social media profiles may disappear into a darknet night.

Easy access to the darknet will also make it easier for anyone to sell corporate access and critical information without exposing themselves directly to the criminal underground. For example, it seems inevitable that insider information will become available on the darknet. How might corporations or executives be put under suspicion when sensitive information made available on the darknet moves stock prices in a way that benefits insiders?

How Can Businesses Limit Their Exposure to Darknet Risks?

Companies, already taxed with controlling access to systems, defending against cyberattacks, and keeping mission-critical systems online, need to start monitoring the darknet and DNMs. A corporation can be hit with a denial-of-service attack, even one initiated by a nontechnical person renting botnet time through a darknet market, at any time. And any employee with access to the Tor browser can solicit anonymous bids for sensitive corporate data, code, or access. The bar to accessing criminal technology and digital capabilities has never been lower.

Fortunately, as a consequence of the open-but-anonymous nature of DNMs, it is now easier for businesses to monitor the cyber criminal underground and react to potential threats and stolen assets. Which is exactly what happened, for example, when proprietary source code for PilotFish, a health care software vendor, appeared for sale on the DNM AlphaBay and was detected by the underground research team at infosec firm Infoarmor.


Here are the key points for companies about dealing with corporate darknet threats:

  • Use strong encryption on all sensitive data and keep the encryption approach up to date. Yesterday’s encryption methods quickly become obsolete, so make sure your IT department has an encryption strategy in place.
  • Build or hire a strong cyberthreat monitoring and reaction ability. Detecting an intrusion is critical to dealing with threats before they get out of control.
  • Monitor DNMs and the darknet in general for corporate-specific threats. There are firms emerging that specialize in identifying and reacting to darknet activity or that include darknet monitoring as part of their cybersecurity offerings.
  • Monitor employee hardware and network use and investigate darknet access.
  • Put a response plan in place to guide the corporate response to sensitive data or IP appearing on the darknet. Consider how you will deal with customers , legal issues, and stakeholders in the event of a breach.

Going forward, business leaders will need to think about darknet monitoring and analysis in a range of departments, from IT to legal to HR to marketing. As more corporations begin to take darknet issues seriously, information security firms dedicated to darknet analysis and monitoring will thrive and new business models will emerge to control, document, and react to threats either emerging from or facilitated by darknet technology. Business leaders take note: You live in interesting times.