Researchers find marketplace on dark web that sells tools to commit identity theft
While we generally focus on cybersecurity that revolves around our everyday use of apps and services, a major chunk the internet incidentally lies under what is labelled as the dark web.
For the uninitiated, the dark web essentially refers to content that exists on the internet but requires specific software, configurations or authorisation to gain access to. This content is also not searchable using your regular search engines and does not show up in search results.
A team of researchers have now published a report which finds that cybercriminals actually have access to the most-secured data formats used to facilitate confidential communication between organisations and their clients’ computers on the Dark Web.
A team of researchers from Georgia State University and the University of Surrey have found the existence of an entire marketplace for Secure Sockets Layer (SSL) and Transport Layer Security (TLS) certificates that exist on a hidden part of the Internet.
As per popular cybersecurity firm Symantec, SSL and TLS are security certificates that protect the transfer of data and information between computers and servers. Networked machines use keys and SSL/TLS certificates to identify and authenticate themselves when connecting to each other, much like humans employ user names and passwords to go online. In short, it’s a form of encryption that is widely used by websites to safeguard personally identifiable information.
According to a blog post published by researchers, when these certificates are sold on the dark web, they are packaged with a wide range of crimeware that delivers machine identities to cybercriminals who use them to spoof websites, eavesdrop on encrypted traffic, perform attacks and steal sensitive data, among other activities.
The lead author of the research and an associate professor in the Department of Criminal Justice and Criminology at Georgia State University, David Maimon, states, “One interesting aspect of this research was seeing TLS certificates packaged with services — such as Web design services to give attackers immediate access to high levels of online credibility and trust.”
A basic search across five marketplaces in the dark web returned, as many as, 2,943 mentions for SSL and 75 for TLS.
In comparison, the researchers found just 531 mentions for ransomware.
“It was surprising to discover how easy and inexpensive it is to acquire extended validation certificates, along with all the documentation needed to create very credible shell companies without any verification information,” added Maimon.
Vice President of Security and Threat Intelligence for cybersecurity firm Venafi, Kevin Bocek states, “This study found clear evidence of the rampant sale of TLS certificates on the Dark Net.”
“Every organisation should be concerned that the certificates used to establish and maintain trust and privacy on the Internet are being weaponised and sold as commodities to cybercriminals,” he added.
Tech2 is now on WhatsApp. For all the buzz on the latest tech and science, sign up for our WhatsApp services. Just go to Tech2.com/Whatsapp and hit the Subscribe button.