To Boldly Go Where Google Cannot Go: Why Businesses Should Know about the Deep Web

(This is the first part of a series on business and the deep web.)

When I first walked through the gateway into the deep web, I couldn’t help feeling uneasy. It just didn’t look the same as the internet I was used to. I couldn’t find my way around. I couldn’t speak the language. I finally managed to find my way into a marketplace and saw what they were selling. I felt a vague uneasiness mixed with a morbid fascination that floated on an all-pervading atmosphere of paranoia. It was all strangely familiar. It took me a while, but I finally remember where I had felt this way before. It was when I first arrived in Poland in 1991, not long after the demise of communism.

I was sent by the US government (hiding under an NGO program) to a small city with the unpronounceable name of Przemysl, which was right on the border with Ukraine. It was anarchy made reality. The Polish government was coming to grips with the idea of capitalism. It hadn’t yet become sophisticated enough to understand how to regulate business or anything else for that matter. Ukrainians flowed unchecked across the border to sell anything they could get their hands on. They took over the local stadium as they set up their selling tables and stalls. Many of them took up residence in the train station, making it impossible to walk to the ticket counter and forcing the ticket seller to work through an open window. They also lived in the tunnels under the street, cooking sausages outside the entrances on small fires made with wood from packing crates.

When winter came with its -20C temperatures, it was common to see drunks passed out on the sidewalks. In truth, I didn’t want to know if they were just passed out or dead and no one else wanted to know either, as shoppers threaded their ways around the prone bodies as if they were nothing more than obstacles. Fights were common. The most bizarre fight I saw was at noon in a snowstorm. Two men stripped to the waist, despite the -10C temperature, grappled with each other in the middle of the town’s main shopping street. Such was life in the time of anarchy.

But the highlight of those days was what was known as the Russian Market at the stadium. I told my Ukrainian friend, Anatoly, that I had heard a story that they once sold baby bears there. It did not surprise him in the least. He said he could get me whatever I wanted there. As a joke, I asked if he could get me a bazooka. With no hesitation, he said he could get one for me the next day. All he had to do was to pass the word around. I also told him that I had heard that there were people who would kill someone for $200. He laughed. He told me he was sure he could get it done for $50. This was more information than I wanted to know. I guess it just meant you had to be careful who you made angry.

That’s what the deep web is all about. Buying and selling things or services you can’t get anywhere else. Yes, you can hire a hitman, buy drugs, and have someone hack your ex-girlfriend’s Facebook site. You can buy fake passports, counterfeit money, and weapons. And, getting even seedier, you can hire thugs, buy exotic pets, hire corrupt government officials, and get insider trading information. I’m really giving you only a sample of the less sordid things that you can find there because I don’t want to serve as a portal for depravity.

I know what you’re thinking. There’s always a small black market economy operating everywhere. What’s so special about this? What’s so special is that 90 to 99% of the internet is composed of the deep web. Unlike the normal web, sites in the deep web intentionally try to hide from search engines. In other words, you cannot get to the deep web through Google. You must go through a special gateway where you are cloaked in anonymity. No one in the Kingdom of the Deep wants to know who you are and they certainly don’t want you to know who they are. They don’t make it easy for you to find them either. But if you do, and if you find some product or service you are looking for, you can only pay for it with invisible money. If this sounds like traveling to another universe, it sort of is.

Now, why would any self-respecting business want anything to do with the deep web? Well, first of all, almost every business and organization on earth is already dealing with the deep web whether they know it or not. This is because the deep web is one of the main reasons why companies pay so much for security. Identity theft, which is one of the main goals of all hackers, exists because the deep web exists. Ever wonder what hackers do with those identities that they steal? They sell them, of course. And the deep web is their marketplace. But the marketplace is simply the endpoint of a long string of dealings that most companies will have with the deep web.

If I wanted to hack your company, I could get training on the deep web, I could buy malware, I could buy exploit kits, or I could simply rent a hacker. One hacker I found offered the following services:

“Small Job like Email, Facebook etc hacking 200 EUR = 0.662 ฿

Medium-Large Job, ruining people, espionage, website hacking etc 500 EUR = 1.656 ฿”

Sounds like a pretty fair price for the potential profits that could be made. I could also purchase DDoS and zero-day attacks, but the latter could cost me tens or even hundreds of thousands of dollars, so I really have to be sure I can make some big money from it. I also have to be sure of who I’m buying this information from. After all, this is the deep web and how can I really trust anyone?

That seems to be one of the problems with doing business on the deep web. How do I know the people I deal with have the actual product or service they advertise? That’s where the pure form of capitalism that exists in this land begins to take hold. It’s all about reputation. Sure, there are scammers (called ‘rippers’ on the deep web) that can get away with cheating people on a short-term basis, but they are usually exposed by the victims or other ‘more legitimate’ sites. A Rand report, entitled Markets for Cybercrime Tools and Stolen Data, estimated that rippers make up about 10-15% of the sellers on the deep web. You have to remember, though, that you can be scammed in the real world as well, despite all its laws and policing.

In the real world, if you want to work with companies in a country that you know little about, you can go to trading companies. They will help you find the most reputable firms with the highest quality products that you need. It is their job to do the necessary research so that you don’t have to. The same is true in the deep web. There are individuals, sometimes called, ‘fixers’, who will help you connect with the best seller for a fee. One fixer claims, “I can get you anything from wholesale drugs to wholesale weapons. From hacking to immigration services. Insider trading info to exotic pets. Crooked government officials to real university degrees. You name it, and I can get it for you or connect you with someone who can get it for you.” (needless to say, I am not going to give out the names of these web sites because I don’t want to give them free advertising).

As the Rand report points out, the capitalism that is developing in the deep web “mirrors the normal evolution of a free market, with both innovation and growth.” If this is true, if the deep web is a land of true capitalism, then why haven’t legitimate companies made any attempts to exploit it?

And in my next post, I’ll discuss why we may see some companies attempting to colonize this forbidden land.

_________________________________________________________

_________________________________________________________

The Rand report mentioned above predicts that “exploitation of social networks and mobile devices will continue to be growth areas” among hackers. To protect your company from these future attacks, security experts, InZero Systems, recommend that all connected mobile devices be separated from the company network at the hardware level. Their WorkPlay Tablet is currently the only mobile device that offers such advanced protection.

 

 

 

 

 

 

 

About Steve Mierzejewski

Marketing consultant for InZero Systems, developer of the next generation in hardware-separated security, WorkPlay Technology. I've worked in Poland, Japan, Korea, China, and Afghanistan. I'm a writer, technical editor, and an educator. I also do some work as a test developer for Michigan State University.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s