By: Shimon Brathwaite
September 23, 2021
Deep Web Browsing For Threat Intelligence
By: Shimon Brathwaite
September 23, 2021
The Internet is significantly larger than most people can imagine. Anytime we search for a website on search engines such as Google, we only receive results from indexed websites; all these websites combined consist of less than 10% of the total amount of web pages available on the Internet. The rest of the Internet is known as the Deep Web. The Deep Web contains web pages like any other web page but is not indexed by search engines. While perusing the Deep Web, you can find information and products not easily found using Internet search engines. Another section is called the Dark Web within the Deep Web, where illegal activities, drugs, or hackers can be found. In the online forums of the Deep Web, you can find information that is crucial for a company's cyber threat intelligence service. For example, companies are notified that they are victims of a breach when their customers' information is leaked. Therefore, it is imperative to have an effective threat intelligence program, and companies must monitor the deep web as a source of gathering information.
How Do You Access The Deep Web?
To access the Deep Web, you need a specialized browser; the most popular is The Onion Router (TOR). This browser is specialized in protecting users' privacy and allows you to access the deep web through its default search engine, duckduckgo. TOR takes your source IP address and routes all requests through multiple nodes on the TOR network. When the request reaches the web server that you are requesting information from, the webserver does not know who originated the request; therefore, your privacy is maintained. More importantly, by using TOR, you can access web pages that are not indexed.
The next challenge is finding useful web pages that are not indexed by search engines. Users can conduct their research on different deep web forums in search of pertinent information. To get started, click here to view some web forums.
Tips for deep web threat intelligence gathering
Professional Services: If your company does not have the expertise to do threat intelligence internally, you can always pay for professional help. Companies such as Recorded Future monitor the Web for any threat intelligence that is useful to their clients. Even though these services can be expensive, the company will inform you of any leaked data found on these forums, and they deliver that information to you in an organized report.
Be careful what you click on: This part of the Internet is not heavily regulated; therefore, you will see disturbing images or accidentally download malware. Be cautious when browsing these forums so that you do not click on anything that might cause computer issues and draw any unnecessary attention to yourself. If you return to a hacker's forum and the hackers find out you are employed within the organization of their targeted victim (while working to reduce their profits), they may target you directly.
Focus on your organization's name: You want to keep your intelligence efforts focused on any mention of your organization's name. There is a lot of chatter on these forums, but if you want to focus on your approach, you must consider buying stolen data (if it is allegedly from your company). This will ensure that the alerts notify you when the new data becomes available and avoid suspicion on these forums. Once you are an employee/contractor of the company whose information you are buying, it's not likely to cause you any problems because you are doing your due diligence to protect your customers' information. The common type of data that you should be looking for includes:
- Compromised Accounts & Servers
- Personal customer information SSN, email, phone numbers, etc.
- Discussion of data breaches
- Planned attacks against the industry you operate in
Use web crawlers: Rather than manually finding and going through all these forums looking for information related to your company, if you have some coding skills, you can design web crawlers. Web crawlers take a root URL and crawl the website for outgoing links. This way, you can find new forums to look for without manually searching for them all. If people comment on forums with links to other websites, you can generate a huge list of forums for you to go through. However, you need to be careful because if your bot draws too much attention, you may get blocked from the forums.
The Deep Web is simply the part of the Internet that is not indexed for discovery by search engines like Google, Yahoo, and Bing. The deep web represents a much larger portion of the Internet than the Internet that we interact with through search engines like Google. You can find all sorts of information on the deep web, and a lot of it can help your company stay informed on what hackers are doing relating to your company. Many times, after a hack, hackers will sell company information online., By being informed of the data sold on these platforms, you can discover that your company was hacked before your IT security teams could detect an issue. Also, many hacker groups recruit people on these platforms, so it is best to have an active account on certain forums to stay informed. If your company does not have the expertise to navigate these forums properly, you should invest in professional help. If you improperly navigate the forum environment, you and/or your company can get hacked. Many people on these forums are extremely skilled with computers, and combined with a financial incentive; they can weed out people who are obstacles to their illegal businesses.