Dark Web and Data leaks

The blog is published for education purpose only

Source: NeONBRAND/ Unsplash

Internet is a medium of communication where millions of people can connect at the same time. It is called the ''network of networks''. The Journey of the internet started in the 1970s but it became accessible to the general public in the early 1990s. By 2020, approximately half of the world population (4.5 billion) are using it. At first, Robert W. Taylor developed ARPANET (an early prototype of the internet). Later Vinton Cerf and Robert Kahn developed the Transmission Control Protocol/Internet Protocol (TCP/IP) technologies. Internet is not owned by a single entity, it is a decentralized medium. However, many argue that tech giants such as Amazon, Facebook, and Google have control over a large part of the internet. Many countries have banned certain parts of the internet via censorship.

 

Internet is classified into the Surface web, Deep web, and Dark web. 

 

The surface web is a part of the internet where a user can access any information from the website at any location and time from google, bing, or any search engine without permission. It consists of 3%-4 % of the total internet comprising entertainment websites, news websites, torrents, and other websites available publically. 

 

Source: Wapology

The Deep web is 94%-95% of the internet consisting of online cloud storage like dropbox, google drive, research papers of universities, databases of multinational companies and banks, security data, and other such data. It requires a proper web address or link to access this data. A user is allowed to collect information with login credentials and step-verification only. The User ID and the password is available to the employee of the companies and bank to fetch the data. 

 

The Dark web has websites that are not indexed on any search engine that can only be accessed by algorithm, encryption, and onion routing.

A special browser like Tor (The Onion Router) is used to reach the dark web. Like an Onion, it has multiple security layers to protect the identity of the host website and the user's IP address and privacy. The websites listed on the dark web have .onion as the domain name which opens in Tor browser only.

 

Dark web- The dark side

While the dark web promises privacy to its users, it violates the privacy of others. Criminal-minded Hackers trade data of PAN, personal photos and videos, social media and bank account details, location, email ID password, payment through credit or debit card, and other such information. They sell it on the dark web to make money out of it. The trading of cryptocurrencies like Bitcoin and Monero has increased on this platform.

 

Source: Illya Pavlov/Unsplash

Surfing on the dark web is not illegal. But, it is difficult to find websites on it. A person has to face trouble if he joins forums that include hate speech, smuggling, criminal behavior, etc. Researchers from King's College in London, Daniel Moore and Thomas Rid classified the contents of 2,723 live dark web sites over five weeks in 2015 and found that 57% host illicit material. 

  

The dark web and the deep web are also often considered the same, but, they are not. The dark web is just one part of the deep web. Online banking, payment sites, and file hosting services are all parts of the deep web.

 

 

Data leaks

According to a report published in Security magazine in December 2020, Anurag Sen from Security detectives discovered that the data of more than 7 terabytes got leaked on the adult-streaming website. It includes

• Facebook’s data breach – 267 million records

• Instagram, TikTok, and YouTube breach –  235 million records

• Cit0Day – 226 million records

• Google Cloud Server breach – approximately 201 million records

• MGM – 142 million records

• Barnes & Noble – unknown

 

As per the reports published in Firstpost in March 2021, hackers allegedly leaked data of 9.9 crores of Mobikwik users in India while the company's CEO Bipin Preet Singh denied the claim. It was exposed by cybersecurity analyst Rajshekhar Rajaharia and later wrote to the Reserve Bank of India and payments firms. Mobikwik replied that it will call a third party to conduct a forensic security audit to provide clarity on this matter. This leak is considered to be the biggest leak that happened in India. The hackers only wanted the money without any ill intentions.

 

Air India reported a cyberattack that took place in the last week of February 2021, where the personal data of 45 lakh passengers of Air India got leaked. Hackers gathered information of the travelers registered between 26th August 2011 to 20th February 2021. Data breach includes the name of the passenger, date of birth, contact details, passport and ticket information, credit card details, etc. This cyberattack took place on the SITA passengers service system. SITA is a Switzerland-based IT company that offers services that includes passenger online booking system, airport operations, baggage, and transport, etc. It covers 200+ countries with more than 2500 customers. Air India made a deal with SITA in 2017 to upgrade its IT infrastructure to enable it to join the star alliance.

 

Cybersecurity expert Rajshekhar Rajaharia tweeted to report the data of famous pizza brand Dominos is available on the Dark web for sale. A hacker admitted having gained access to Dominos data of 13 TB which includes payment details. However, Dominos India denied the leak of financial details of the users.

 

Steps to be taken for data security

• Use a strong and unique password and never share it

• Avoid installing unapproved software

• Do not open the suspicious e-mail attachment

• Use Antivirus in a device and scan it regularly

• Set up a firewall

• Back up data regularly

• Be smart with web browsing

• Encrypt the data

• update passwords to email addresses

• setup two-factor authentication (2FA) including OTPs

• educate others