The Brighter Side of Dark Web is Even Scarier
What happens to the data of an organization when their system is hacked, obviously those stolen data end up in the data market. The hackers sell it to what is known as the dark web. Dark web is a website that is not indexed by the Search Engines and can only be accessed if you know the URL. As the term goes, it’s a dark world of the cyberspace, a place where you can get drugs, firearms, even sell contraband, lay your hands on sensitive data, password combination, username, password, well, you name it and hopefully it will be there on the dark web.
With its easy access to sensitive information and illegal activities, the notion of the dark web can be chilling. Yet there is a place that is potentially more dangerous and much more significant in scale. Many thousands of public-facing sites exist where data can be easily uploaded and shared, offering a vast treasure-trove of sensitive information to prospective hackers. I’d like to call this place the ‘bright web’.
The dark web ensures that you get easy information related to all illegal activities and the facts can be surprising. This place is dangerous, but on the same scale, it has some significance. There are plenty of public websites where data can be easily uploaded to share, this is a repository of huge data treasure, which is drooling worthy for the hackers.
What astonishes the cyber world is that there is a place called dark web on the Internet, and you are allowed to upload and download easy and sensitive data. What is more shocking is the ease of doing this significant damage.
How it works, a research student tried to go with the process of the dark web as he shared some sensitive information that consisted of data mostly about himself. A fake customer number, personal information, address and contact details, emails, social security number etc. A few fake credit card numbers were also added. The data was compiled and made into 3 documents PDF, JPEG and .pptx.
The service of slide-sharing was used to upload the presentation. Anyway, this service also makes it handy to share this information with the public. What is surprising is that Google helps you find this information. Search for QBR or Prezi yo will get all public QBR uploaded by Prezi. You’ll find revenue numbers, customer names and business plans – data that are sensitive and obviously not intended to be shared publicly. We then moved on to cloud storage services and discovered that not only do apps like Dropbox, Box, and Zippyshare makes it easy to upload and share data publicly, apps like Google Drive have an option to have the data you upload to be indexed by search engines. This presented a very risky scenario where any data can be easily leaked to the masses by simply uploading it and clicking on a button. It’s that simple.
More than 10% of cloud services allow you to easily upload and share data by signing up without a credit card. An enterprise has more than 1,000 cloud services in use and more than 95% of those are business-led, with the remaining 5% being IT-led. Lines of business rely on these cloud services to move quickly, innovate and be more productive. A comprehensive cloud security strategy should include a focus on securing the IT-led cloud services like Office 365, in addition, to safely enabling the bright web with granular access control and Cloud DLP that can be applied and of the thousands of cloud services that make up the bright web.
Julia Sowells280 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.