Demystifying the dark web

Danny Rogers, CEO of Terbium Labs, explains the ins-and-outs of the internet black market that traffics in stolen data and illicit goods. He covers everything from marketplace size and structure and the evolution of data breaches. All is not hopeless, however, as organizations can protect themselves from evildoers with several proactive monitoring practices provided.

Highlights from Rodgers’ presentation include:

One way to think about the dark web is from the perspective that it comprises all the nodes and hidden services on the Tor Network. That’s roughly 7,000 .onion domains and two million active users — far smaller compared to the one billion domains and two billion users that make up the regular internet. (02:35)

The dark web, despite its reputation and myth as the place where bad things happen such as illegal drug markets or the selling of stolen credit card information, is not actually all bad. The dark web allows for anonymized access to the internet, which can be a good thing for citizens living in authoritarian states or places where censorship from the government is a concern. (03:16)

Synthetic identity fraud is one of the more popular ways to defraud a bank. Scammers will make up an email address and social security number to apply for an easy-to-get credit card. Then, they build up a credit score, an identity, and keep applying for higher limits on the credit amount, before maxing out the card and walking away with the cash. This leaves the bank with little recourse because the person never really existed to begin with. Payment card fraud, like this, is a $25 billion global problem that acts as a slush fund for most illegal activity. (10:26)

You can see Rodgers’ complete presentation in the video above.