Halloween is my favourite time of the year. Most people see it as a chance to dress up, go to parties and have fun, but I’m more interested in the spooky side of the night. Every year, I watch some awesome horror movies to mark the occasion. Not only are they exciting, the horror genre is a dark, twisted reflection of society that can yield some surprising insights.
Horror movies and stories from a particular time or era can often give a glimpse into the common fears that gripped society at that time. For example, due to a rise in crime in the late 1970s and early 1980s in America, classic “slasher” movies like “Halloween” and “Friday the 13th” gripped the nation. Moviegoers feared what may be lurking around the corner of their own safe and familiar surroundings.
The amazing technological progress of the post 2010s has brought with it both potential and threats. Advances like artificial intelligence, smart devices and genetic engineering could change life as we know it, for better or worse.
But sometimes terror comes from a source a little closer to home. Something as innocent as your own personal laptop, brought to life by the movie “Unfriended: Dark Web” in 2018.
What is the Dark Web?
What do you know about the Dark Web? You may have heard some vague rumours about how it’s a haven for tech criminals. The tech-savvier among you may be aware about how to access it, using a special browser, or hear media outlets talking about how the latest hacker sold stolen personal information on the Dark Web. But what is it?
The Internet as we know it is much bigger than we think. When you Google something and it returns millions of hits, it may seem huge already. But that’s just the “Surface Web”, which means pages accessible by public search engines, and it’s the tip of the iceberg.
Below the surface lies the Deep Web, a vast collection of information that is not accessible by public search engines. Now this sounds clandestine, but most of the Deep Web is perfectly legal and safe. It contains sites like university research databases, for example, that are not open to the public. Or intranets, internal networks for members of a particular organisation, like a government agency.
But also within the Deep Web exists the Dark Web, and that’s where the trouble lies.
The Dark Web is different. Instead of being accessible by public search engines, or not searchable at all, it is instead accessible only by specific browsers or proxies. And it is here where all kinds of criminal activity can be found, if one is looking.
Drugs can be bought and sold. Human trafficking is conducted. Extreme pornography and films of graphic deaths can be found. There are even rumours that one can find assassins for hire on the Dark Web, or other people willing to commit the most depraved of crimes for money.
That’s what “Unfriended: Dark Web” is about. A teenager discovers a lost laptop and most unwisely tries to make use of it. Unfortunately, the laptop belongs to someone deeply involved in the Dark Web and his pals, and he soon falls victim to their evil schemes fueled by technological wizardry.
While the movie is dramatised, the Dark Web can indeed be a serious threat to the average person who just uses the Internet for normal, everyday purposes.
Why criminals love to use the Dark Web
Roy Zur, CEO of ThriveDX SaaS, formerly Cybint, with a background in Israeli military intelligence and years of experience in the corporate sector, has done his fair share of battling cyber threats which unfortunately he wouldn’t divulge. Pity, as they could probably form the basis of a few thriller movie scripts. But it’s clear the man knows his tech.
Zur breaks down for me in fine detail why the Dark Web is just festooned with criminals and criminal activity.
“The Dark Web allows people to be anonymous, and it's very difficult to find your identity even for law enforcement agencies, because of these layers of encryption and jumping between IPs. Then people, including hackers and criminals allow themselves to trade, or to share materials or substances or products that they would not do in other places.”
But besides the usual drugs and sex one might picture when thinking of criminal activity, Zur reminds me that things like corporate secrets, financial information and personal records can also be stolen and monetised by hackers with malicious intent.
“One of the biggest uses of the Dark Web is actually for hackers that steal information from companies, from governments, people to sell the information on the Dark Web,” he shared.
“Let's say I'm the hacker, and I hacked your bank. And I stole 100,000 client records. Or I hacked your health care provider and stole private information. Now I want to monetize it. I want to make money out of this. So one way is to sell it in Dark Web marketplaces, sometimes while extorting the company and the individual victim.”
As these hackers can’t really make use of all the thousands of accounts and records that they stole, they would prefer to sell it off. This also allows them to hide behind all the “small fish” who will attract attention from law enforcement.
Zur explains that even seemingly “useless” information, such as passwords for websites you rarely used, can still be of value to scammers who can target specific individuals with phishing scams. If they can bypass your defences by tricking you, they can gain access to much more valuable targets, like your credit card details or bank account.
What can we do to protect ourselves?
So what can the ordinary person do to protect themselves from such malicious actors? After all, the average citizen doesn’t exactly have the technical know-how to construct formidable firewalls and antivirus programmes.
For Zur, some of it comes down to simple solutions that just require a little bit of effort.
He recommends having a password management system to update compromised passwords and to ensure that no two sites use the same password. It may be convenient to keep reusing the same password wherever you go on the Internet, but it could mean that the random lucky draw you signed up for while you were bored is the key to seizing control of your email account.
Two-Factor or Multi-Factor Authentication systems are also crucial for making sure that hacking attempts won’t escape your notice.
Zur recommends checking with service providers like your bank to ask for identifying details (like a mother’s birthday) before making changes to things like passwords, email addresses and PINs, so it will be harder for hackers to lock you out of your own accounts.
Zur refers to the well-known joke of two guys out for a walk in the woods. Suddenly, they come across a bear. One guy gets ready to run, and his friend says, “Why bother? The bear can get us both before we can escape!”
To which the other guy replies, “I don’t need to be faster than the bear, just faster than you!”
So it is with cybersecurity. You don’t have to be an Iron Man out there when it comes to technical wizardry, but even a few simple precautions may be enough to deter hackers who would rather find easier prey to go after.
Zur emphasised the importance of the human element in cybersecurity as well. A company can invest in as many advanced technological solutions as it likes. But at the end of the day, these systems are manned and operated by their human employees. And humans have foibles like biases and mistakes.
“What hackers are doing today is really focusing on hacking the human factor, like finding a way for what we call social engineering, or ways to actually get through the “front door”. I mean, let's say you are living in a very secure home, with steel and traps and everything and somebody tries to get in and can't.
But if you open the door, the hackers can go right in. Right? I mean you can let people in.”
Hackers find this easier, Zur explains. Commercial organisations are at risk because they can’t keep themselves closed and walled-off forever. Eventually when dealing with customers or vendors and so on, people on the outside, there will eventually be some form of human-to-human interaction and exchanging information.
“So what hackers are trying to do is just tricking you to let them in the front door,” Zur says. The weakest link in the cybersecurity chain is often the human element.
Cybersecurity classes you can take
So what can you do about it?
ThriveDX SaaS (formerly Cybint), a global cyber education company committed to “reskilling the workforce” and “upskilling the industry in cybersecurity”, offers courses that specifically deal with this weakness Zur identified, the human element.
The company has partnered with NTUC LearningHub to provide a variety of courses in cybersecurity. The CSPC course provides basic cybersecurity education for people from all walks of life, young or old.
For banking and finance professionals in particular, where massive gains can so easily be stolen by malicious hackers, the CEBFP course is just the thing for you. Although really, it’s suitable for anyone who regularly surfs the Internet.
The one-day CSPC and CEBFP courses are 90 per cent funded by the government through the Institute of Banking and Finance until the end of 2021. The remaining 10 per cent can be paid through SkillsFuture credit for eligible Singaporeans and Permanent Residents.
For tech-savvier individuals and others who feel like making this a profession, the Cybint Cybersecurity Boot Camp is the place to be. Enter a noob, come out a pro.
The government is also providing funding until the end of 2021 for companies in selected industries to benefit from cybersecurity training. You can check it out at this link.
The key to keeping yourself safe in a hostile world is sometimes just a little knowledge.
Top image from Nahel Abdul Hadi on Unsplash and ThriveDX SaaS.
This is a sponsored article by ThriveDX SaaS (formerly Cybint).