Constella Intelligence

It’s Not Dark, Your Eyes are Closed.

Blog By Lindsay Whyte, UK Regional Director at Constella Intelligence.

Are you on the dark web?

The Dark Web — or Darknet — is no different from any other type of technology. It is becoming easier to access, easier to interact with and more sophisticated. Think AI, think AI malware too.

People know that cybercrime is rising. This gets repeated constantly, although most of us work it out for ourselves. It’s a simple formula: the lower the barriers to entry = the more data and infrastructure there is = the more bad things happen.

The good news is that, in correlation, there’s more cybersecurity techniques and tools out there to help us. Be it intruder detection systems, AVS, machine learning, SIEM, smart cyber awareness, certificate lifecycle management or deception technology.

But one area that gets less, not more, attention is the dark web. The more dangerous it gets, the more people look away.

There’s so much data out there, and so little visibility on how to leverage this part of the internet, people don’t know where to start. As a result, this blind spot is not only going unaddressed — it’s getting bigger and bigger.

For many governments, even, there’s no comprehensive enforcement strategy based on pursuing an attacker and their network on the dark web. Core activities are based always around defence, hardly anything on offence.

This heavy focus on defending systems and networks is an approach that has, in part, been driven by a blame-the-victim mentality. We turn our attention back to building up that digital fortress once attacked; replacing drawbridges and adding bricks to the outer walls rather than proactively stopping crime — whether intentional or not — at its source.

The dark web isn’t going away

There’s a great scene from the film The Imitation Game in which a cryptography team led by Alan Turing finally crack the Enigma Code.

This was a code that had encrypted enemy communications for years during WWII. Now cracked, the team had the opportunity to prevent imminent attacks and by extension loss of life.

With artistic licence the story plays out that Alan Turing deliberately stops the team from sounding the alarm of an imminent naval attack.

Why? Because if they did, they let the enemy know they know they’ve cracked this code — and the allies lose the long game. More loss of life will follow. Stopping one attack today would be a Pyrrhic victory.

This logic is the same whichever side of right and wrong you sit. In modern cyber warfare, why settle for a few thousand dollars of ransomware booty when you could bleed accounts dry for years undetected? A good cybercriminal knows to stay undetected before, during and after breaking-and-entering to maximise their gains. Attention-seeking and/or politically motivated ransomware attacks may have the glory of global media coverage, but they actually betray a serious deficit in business nous.

Constella’s 2020 Identity Breach Report shows ​18.7 billion raw identity records are circulating in underground communities, and there’s been a 67% increase in clear text passwords circulating on the dark web in 2019 versus a year prior.

Not all heroes wear capes. Not all hackers are hacktivists.

Remote customers, remote staff

As with all vectors of cybersecurity, working from home has exacerbated the problem.

Unsecured networks, more online purchasing (Paysafe found in May that 43% of the UK have tried a new payment method since lockdown began), loneliness, romance fraud and social media content creation have all ticked up.

Remote Desktop Protocol — something that gives trusted outsiders access to your network — is an obvious target nowadays. NetWiredRC and AveMaria, remote desktop access-capable malware families, have been found to be common payloads for COVID-19-related phishing schemes.

Security administrators are so overworked that in-depth analysis of logs can’t be assessed, thus making unintentional insider threats all the more common and crucially undetected.

As mentioned at the beginning, there are lower barriers to entry to access and build digital technology. As a result, IP in the software space is becoming the sole differentiator for companies. They must beware of intentional — not just unintentional — insider threats where high-value IP is concerned. Staff loyalty, like customer loyalty, is fleeting, temporary and easily squashed.

According to the CPNI, “research from the US shows that most insider acts come from employees who, until only 3–4 weeks previously, had been perfectly loyal and committed.”

Are the glory days of “office culture” and employee fellowship over in the age of remote working? I hope not. But these variables certainly won’t be any stronger.

Don’t keep us in the dark

As security expert, Graham Cluley put it: You can ask forgiveness for being hacked, but many people will find it harder to forgive and forget if you deliberately concealed the truth from them.

The difficulty is now about how you decide what you can and can’t know. Is it not your job to keep customer and staff data safe? Shouldn’t you be monitoring the dark web, if you can? There are solutions to help you effortlessly monitor your digital exposure on both the surface and dark web. Coupled with the fact malicious actors try hard to work undetected, it’s more important than ever to focus on this area of security.

In the Ponemon 2019 Cost of Data Breach Report, it’s estimated that it takes an average of 200 days to identify a breach. Meltdown, Spectre, the NASA hack… all went undetected for years. The business costs of breaches need not be repeated. But you’re risking new reputational damage if you’re not using the powers at your disposal to protect customer data.

Look beneath the surface

As mentioned at the beginning, technology evolves. As the dark web becomes more sophisticated, so do the techniques to uncover the activities. By embracing the dark web and proactively listening in to it, you can start pushing the boundary wall outwards, covering more ground and controlling more about what goes on externally.

Control data. Control brand reputation. Even deter against future attacks and make an example of someone set on destroying you, your suppliers or customers.

There will always be threats, always new improved ways to attack and compromise you and your ecosystem personally and professionally. And likewise, we’ll have the tools to evolve and mirror these threats…

…but that’s only if we mirror the threats in every sense, and treat them as three-dimensional organisms with intentions, networks and growth plans. Just like us.

Like you, cyber threats are a business, and you’re in direct competition.

Enter Constella

Constella’s solutions are rapidly getting adopted by governments and enterprises to address these external threats, and transform them into strategic advantages. We bring to the surface all your compromised data and the root cause of any brand or personal attacks. By crawling through billions of data points across social media, the dark web and numerous online directories, we help you take back control of the conversation, fast.

What’s more, you can deter threatening and damaging behaviour and ultimately inform future marketing, public affairs and customer service efforts as part of your growth strategy. You can truly “own the outside” with our best-in-class investigations and data lake search tools.

Interested in our work? Please contact us at To learn more about Constella, subscribe to our newsletter below.