As great as the internet may be for some, its pitfalls are equally significant. One of the unfortunate inevitabilities of humanity is the tendency for the mischievous and the pernicious to manipulate and turn such technologies from seemingly harmless to frighteningly dangerous. This has been the unfortunate tale of the internet. With its openness and lack of central authority or filtration, it has become a medium for malicious cybercriminals and hackers to cause havoc for everyone online.
To the average user, much of the happenings on the dark side of the web are barely noticeable. It is often only brought to their attention when they become a victim of a vicious cyber attack. Though sometimes users can be attacked without knowing, and equally companies can also be naive at times, though some pieces of malicious software are more discreet than others.
Before cyber attacks are deployed, however, the vulnerabilities in software are often identified prior to the deployment of an attack. The dark web refers to the part of the internet where darknets, overlay networks and other encrypted networks are used to make access to it exclusive and private. Access to the dark web requires specific software, such as Tor, and special authorisation. It is not to be confused with the deep web; the deep web refers to the part of the web which cannot be found by conventional search engines. It is in the dark web where the buying and selling of software vulnerabilities can be found. Hackers will carefully look through thousands of lines of code in computer software to look for a loophole or a mistake, of which are inevitable. Once one is found, hackers sell the vulnerability in the software, unknown to the company responsible for developing it in the first place, and sold to other interested parties to exploit. The vulnerabilities which are found by hackers are known as zero-day vulnerabilities. Its name derives from the fact that the error in the code is unknown to the vendor but known by the hacker. Thus, the software company, or those consumers using the software, can be subject to a breach or an attack at any time the vulnerability is exploited.
A hacker who successfully finds a zero-day vulnerability has various options available to them. They could, first of all, sell the bug to cybercriminals. Alternatively, they could also sell it to the software makers themselves; they are often willing to pay big sums to ensure that their software and services are as secure as possible to avoid serious breaches. Recently Google increased its reward for those able to find bugs in its products. A lucrative $100,000 is up for grabs for discoveries, and similar ‘bug bounty’ programs have been initiated by other companies, like Facebook and Yahoo. Governments are also often keen bidders, with the intention to use the bugs for espionage. Foreign governments too will be looking to utilise the bugs to spy on other countries as well as for domestic use. China, for example, has been known to use these bugs to conduct espionage and hacking programme, of which has caused tensions with the US.
The consequence of this is a series of mini cyber wars taking place every second, invisible to the unaware. Though the dark web is also home to some of the more familiar, yet equally as disturbing, malicious transactions that can be conducted with complete anonymity. Silk Road, a website for selling illegal goods, was an example of the kind if websites which can exist on the dark web though it was shut down after the arrest of the site’s founder Ross Ulbricht a few years ago. Drugs, guns and fake IDs are some of the common commodities which are available to purchase. Anyone who is able to access the dark web and access such a site is able to purchase such goods without their identities being revealed or associated with such acts. Cybercriminals, child pornographers, forgers and a range of other bad actors only make up a small portion of the dark web. Intelligence and law enforcement agencies also use the dark web to go about their business quietly. But what started off as a private network designed by and for the US government has now become a dangerous haven for its adversaries and others.
One piece of software which provides a gateway to this dangerous part of cyberspace is Tor. The software allows for anonymous communications with networks that conceal user identities. Everything conducted is wrapped in layers of strong encryption and also sends data via a network of other Tor computers to conceal a user’s location (known as relays).
It is the hackers swarming around the dark web that Apple is fearful of when arguing its case not to develop GovtOS. Deliberately developing software, deprived of security features, only makes the exploiting easier for the malicious hackers, endangering many iPhone users. Not only will hackers be waiting to pounce, foreign governments which have poor human rights records may also be keen to exploit the software vulnerabilities to conduct unlawful espionage and spy on their citizens, or even on other governments and companies. It is a frightening reality. Furthermore, trying to infiltrate the dark web has implications; it is not just for the bad actors as it can also be used to protect whistleblowers or those who want to use the web without being tracked. Additionally, the complex technology which makes up the dark web makes it difficult for security agencies to infiltrate anyway. Hence, governments have been keen to hire white-hat hackers who will be able to assist them in trying to bypass the strong encryption and other measures which make it somewhat difficult to access the dark web. In the meantime, it continues to grow in size and in capability. As a result, cyberspace becomes more dangerous, as the knavery goes on.