The WZCC, Pune organized a very interesting and insightful webinar on Saturday, 10th April 2021, on the relevant, yet rather mysterious topic of the Dark Web. Titled, ‘A Journey Through The Dark Web’, our guide through this formidable terrain was the young and dynamic Meherzad Motafaram, Partner, PROTEQme Cyber Solutions. He shared some rather startling facts with us, like how the internet or cyberspace is divided into the Surface and the Deep Web, and within the Deep Web is nestled the Dark Web. When we log onto the internet for various online reasons – web search, email or e-commerce platforms, browsing, etc., all these activities lie within the Surface Web which accounts for barely 4% of the entire world-wide-web!!! 

Into the Dark Web… True to its name, the Dark Web is the area of cyberspace where nefarious activities are carried out – this is where entire identities are bought and sold; here you get credit card details along with the all-important CVV, purchase of guns, drugs, et al… it’s the haven of today’s tech-criminals. Of course, not everyone can log on to the Dark Web. Meherzad advises, “I very strongly dissuade anyone from ever trying to enter the Dark Web because it is not a safe place, especially for those who are not well versed with technology and are simply curios.”

Visiting the Dark Web is no walk in the park – access is not easy. As Meherzad explained, “The websites here are unindexed – you need to access the Dark Web via a TOR network.” In this ‘cloak and dagger world’, law and security agencies are also active, keeping a track on various sites to mitigate crime. “This is also why, to avoid law enforcement agencies, the sites keep changing their addresses and will only inform their trusted members via something called ‘jabbers’. The sites are ‘invitation only’ like one of the most infamous websites – Genesis, where one can buy identities for as low as $5. The multiple layers of the Dark Web is also the reason why TOR is likened to an onion and the websites end in ‘.onion’ . The layers are also the reason why the Dark Web is notoriously slow and you are likely to get irrelevant results or get timed out,” he added. 

Incidentally, not everything about the Dark Web is illegal – there are forums where people can discuss issues anonymously; you could even join a book club or Blackbook – the Facebook of TOR. Besides, it also houses ‘whistleblower’ sites like Wikileaks. Interestingly, the Dark Web actually traces its genesis to the US navy, who used it for its internal communications and later opened it up to the general public.”

Protect Yourself!

An alarming piece of information that Meherzad shared was how, over the past few years, activity on the Dark Web has increased almost 200%! Here, Bitcoins and other cryptocurrency is typically used for transactions. Moreover, since the coronavirus outbreak, phishing attacks and scams have also increased exponentially. He shared a few basic, fundamental pointers about what one could do to self-protect against phishing attacks:

• Always check that the link provided in the email or message that you have received is a site that has the ‘padlock’ symbol in this web address or URL. 
• One should also look out for the ‘https’ in the website link, where the ‘s’ indicates secure communication. 
• Check the Google Safe Browsing Transparency Report.
• Moreover, when you get offers that sound too good to be true, check out the spelling of the domain name in the link, for instance a phishing attack claiming a super deal from Amazon would probably have the spelling as ‘A-ma.zon’ or some such aberration which will immediately indicate an invalid site.
• Another indicator of an illegal site would be the quality of content – typically grammatical and spelling errors on the site, pictures with bad resolutions – those who put up these phishing sites are pretty sloppy about the content. 
• If it is a site that you have not visited before, but are interested in, look for online reviews to get a better idea about its authenticity. 

Social Media Boom: Social media has gained a tremendous presence in our lives. We use it to communicate, to interact – basically we all inhabit a virtual universe as well as the physical one. But this also makes us vulnerable to attacks from those who are into identity theft. Even getting details like social security numbers, passport copies, date of birth, etc is child’s play to hackers. Meherzad advices the following protocol on social media sites:

• Don’t post every aspect of your life on social media. 
• Avoid using your real name; social media sites give you the liberty of using pseudonyms. 
• Make sure to switch off the ‘location’ on these social media sites – don’t make your whereabouts public. 

Meherzad mentioned the ‘Twitter’ Bitcoin scam of July 2020 when numerous Twitter accounts of famous US personalities like Bill Gates, Elon Musk, Barack Obama, were hacked and messages were posted with Bitcoin account details stating something along the lines of ‘I’m giving back to the community, if you send me $1,000 I will send $2,000 back!’ This was a classic case of social engineering, or ‘hack the human’ where Twitter employees were compromised. 

Has Your Data Been Breached?

Meherzad shared an easy method of checking whether you’ve been the subject of a hacking attack, especially if you’ve inadvertently visited a seemingly safe site or subscribed to web newsletters. If these sites have been compromised, it is very likely that your data has been breached as well! 

So, how do you know for sure? Simple, just log onto www.haveibeenpwned.com. You need to enter your email id or phone number and within a few seconds you are informed if you are safe or if your email or phone has been compromised. The site also allows you to register yourself so that you can be immediately informed if your data is breached in the future. Incidentally, the word ‘pwned’ is a derivation of the word ‘owned’ and indicates that someone else has gained control over or compromised your data.

How to Build On-line Immunity?

The main security you have on-line is your password. As Meherzad rightly points out, “most of us don’t have different passwords for every site, we stick to the same one, which is easier for us to remember.” Unfortunately, we are also making things easier for hackers. The best thing to do is to change your passwords every 40 – 90 days. If you have been ‘pwned’ change your password immediately. 

Credit card skimming has become a very lucrative crime and the way to protect against them is to:

• Use virtual credit cards.
• Never share your credit card details with anyone.
• Use intricate passwords.
• Always verify and cross-check with your bank or financial institution.
• Regularly check your transaction history to track unaccounted for activity. 

A Questions and Answer session concluded the webinar where, Meherzad was inundated with numerous questions on cyber security as well as the world of the Dark Web, which again Meherzad strongly advised against.