Dark Web

Dark Web—a View From the Inside

The dark web functions no different than a social network for criminals—with hierarchies, money flows, and user reputations being built and torn down, according to Avi Kasztan, SIXGILL co-founder and an expert in dark web monitoring and intelligence

Avraham Chaim Schneider 16:4426.12.19
Much of the mystique surrounding the dark web stems from the fact that for the average cyber citizen, this sinister sliver of the internet is like a digital, third world country few have dared venture into. Information about its inner workings comes as snippets from news reports informing of yet another shocking data breach with millions of users exposed, or some stunning police raid complete with all the sordid details one would expect to find when turning over rocks in an underworld infested with crime.


But like any foreign country, the mystique mostly evaporates once you experience it firsthand. That isn’t to say the reports of crime and exploitative behavior are exaggerated. To be sure, there is plenty of that going on. But it is still just a place with its own cultural norms and trends, and to get a true sense of that culture and what trends may be emerging that threaten your data, it is a good idea to speak to someone whose day job it is to walk its dark marketplaces and listen in on the closed chats of the locals.


Cybersecurity. Photo: Shutterstock Cybersecurity. Photo: Shutterstock



Our guide for today’s tour will be Avi Kasztan, co-founder of B2B cyber intelligence company SIXGILL, who is a local for all intents and purposes as unlike most firms offering dark web services as part of a broader cyber offering, SIXGILL specializes exclusively in dark web monitoring and intelligence.


To begin with the basics, we have asked Kasztan who in his opinion should be actively monitoring the dark web. His short answer:


The dark web is home to hardcore cybercrime, he said. It is where criminals plan their activities with a level of collaboration and sophistication hereto unheard of. In his words, the dark web is essentially a social network for criminals. A robust industry with hierarchies, money flows, and user reputations being built (and torn down) on a daily basis. To effectively use the power of social networks, you don’t necessarily have to be actively posting on them. It all depends on your goals. The same applies to the dark web, and Kasztan believes that any company concerned about its assets (especially its human assets) should be monitoring it to make sure they are not missing out on anything critical.


Critical is the operative word here. According to Kasztan, the damage hackers can inflict via the dark web should not be underestimated. They could effectively murder someone, in the digital sense, through identity theft. Admittedly, this sounds a bit over dramatic, so we pressed him to elaborate on this point. What could a victim of identity theft be facing on a practical, real-world level?


An empty bank account would be the least of the victim’s worries. According to Kasztan, criminals sometimes need an alternative identity to commit their crimes with. A victim of identity theft might wake up one day to the authorities knocking on their door with evidence of their involvement in anything from gun running to human trafficking, and everything in between. It could be a legal (not to mention financial) nightmare to clear a record from such crimes, and as for reputations, they may never recover.


We asked about health profiles, knowing these to be a favorite for many hackers. Kasztan agrees that the danger is real, only far worse than the obvious threat of having sensitive medical information exposed. Data could be modified in ways that are not only damaging from a reputational sense, but physically so if medical histories are made to be inaccurate.


Kasztan doesn’t stop there, taking the health-hack scenario to the next level when he suggests some medical devices with online connections may allow attackers to gain access that enables them to cause serious injury or even death, depending upon its functionality. This sounds a little too much like something out of a techno-thriller novel to simply accept at face value, so we had to do a little research on our own. Wouldn’t you know it, the cardiologist of former U.S. Vice President Dick Chaney actually disabled the wireless functionality of Chaney’s pacemaker due to this very fear.


We moved on to the question of proactive versus reactive monitoring. What is the breakdown for companies approaching SIXGILL?


Kasztan responded with an old adage: a clever man knows how to extricate themselves from a bad situation while the smart man knows to avoid the situation in the first place. He explained that corporate awareness of the need to address the reality of the dark web is increasing. But, he clarified, SIXGILL is a cyber intelligence company, more involved in monitoring than with offensive measures. Should a company discover a breach, generally speaking, it is time to start collaborating with the relevant authorities.


There are, however, times when out-of-the-box, offensive measures can be employed. Kasztan recalled one case that involved a team of hackers that exploited ATMs across a country, affecting SIXGILL’s client as well as many other banks in the region. The hackers were extremely sophisticated in their methodology, always managing to remain one step ahead of the authorities. They appeared to be toying with their pursuers, almost as if hacking the ATMs was just an excuse to show off. When the SIXGILL team understood the game the hackers were playing, it became clear what they needed to do to bring them down, and that they had the technology and knowhow to do it.


Essentially, they used the hackers’ own sophistication against them. Through their intimate knowledge of the dark web’s cultural hierarchy, SIXGILL’s team was able to narrow down the list of possible suspects in the ecosystem that had the technical ability to pull off attacks with this level of complexity, eventually closing in on and identifying the ones responsible, at which point the authorities were called in.


To wrap things up, we asked about the future of dark web. Some claim its growth has stagnated, with raids and site takedowns keeping the number of its URLs from growing much beyond the 100,000 mark. At present, the number is closer to half of that.



Kasztan is not impressed with URL numbers. He measures growth in terms of the size and nature of the crimes being committed and the amount of money changing hands. We know from our previous piece on Mapping the Dark Web that the numbers are indeed rocketing skyward, with bitcoin transactions expected to break the 1 billion mark this year.


Kasztan believes the dark web is going through a maturing phase and that it will eventually stabilize. It is a platform like eBay or Amazon, he said; it just happens to be filled with criminals.


Avraham Chaim Schneider is coordinator of Israel-based law firm Herzog Fox & Neeman’s cyber and innovation media project.