LP Magazine

JUL-AUG 2019

LP magazine publishes articles for loss prevention, asset protection, and retail professionals covering shrinkage, investigations, shoplifting, internal theft, fraud, technology, best practices, and career development.

Issue link: http://digital.lpportal.com/i/1146652

Contents of this Issue


Page 44 of 76

UNRAVELING THE MYSTERY OF THE DARK WEB 44 JULY–AUGUST 2019 | LOSSPREVENTIONMEDIA.COM contracting overseas customer service call centers. These call centers, often located in countries like Romania and India, are simply providing a service, whether they are doing so for a legitimate retailer or for someone on the dark web who sells drugs. The Dark Web and Retail Asset Protection How does all this secretive and potentially illegal activity relate to retail? The dark web is where people go when they want to learn about something or communicate without others knowing who they are. Although drugs are the most common illegal commodity found on the dark web, there are more immediate threats for private retailers—stolen credentials, stolen credit card information, counterfeit merchandise, and hacking tools, just to name a few. Criminals can even use the dark web to learn about company security policies, which stores are best to steal from, and which EAS tags a company uses, so they can learn how to defeat them. Because the dark web is primarily used for secure communication, it can facilitate organized retail crime planning, research, and discussion. People can also use the dark web for hacking as a service (HaaS), where a hired hacker serves as a contractor. Some of the services offered in hacking as a service include gaining access to another person's social media accounts, denial of service (DoS) and distributed denial of service (DDoS) attacks on websites, network infrastructure attacks to bring down communications, and even command and control of a huge botnet army. Hiring a hacker is just as much a crime as hacking itself since inducement to commit a crime is itself a crime under US law. According to a hacking-as-a-service website called "Hire An Hacker," many hacking-as-a-service websites intentionally use bad English to disguise their identities and make it harder to figure out where they are located. Other hacking services include Facebook account hacking as their most requested service, along with smartphone hacking, backdoor computer access, database modification hacking for websites, and even a way to fix one's credit score. Service costs start at $350 for "easier" jobs, such as email account hacking, and can go up to nearly $2,000 to hire someone to deface or even completely delete a website. Hackers can also facilitate identity and credit card fraud by stealing this information and selling it on the dark web. In 2016, credit card fraud totaled $24 billion in losses, half of which affected cardholders in the United States. In April 2017, the then-unidentified group called the Shadow Brokers published a collection of the National Security Agency's (NSA) most coveted hacking tools, including ways of exploiting most versions of Microsoft Windows, allowing essentially anyone to download cyber weapons. The authors of the WannaCry ransomware attack, a worldwide cyber attack in May 2017 that encrypted users' data and held it for ransom in exchange for Bitcoin payments, used the EternalBlue exploit originally developed by the NSA and later released by the Shadow Brokers. The Shadow Brokers also offered a subscription service for the latest hacking malware for tens of thousands of dollars a month. Some dark web users believe they are impossible to trace, so they will keep the same usernames they employ on the surface web. This makes investigators' jobs a lot easier. Furthermore, because the dark web is not automatically indexed, criminals must advertise their products and services. There are even directories for providers of illicit services. Forums, both on the surface web and the dark web, discuss the relative merits of various dark web marketplaces and services. All this makes it surprisingly easy for investigators to locate bad actors. On the other hand, investigative targets can be tough to pin down because dark web sites come and go quickly. They must constantly adapt to changing circumstances, Even with your company's measures to protect itself from cyber crime, as a security professional, sometimes you feel the need to do more. Though only a very small portion of the Internet is on the dark web, you still might find it helpful to use the dark web when conducting investigations.

Articles in this issue

Links on this page

Archives of this issue

view archives of LP Magazine - JUL-AUG 2019