Dark Web Consequences Increase from Global Rise of Police-Friendly Laws
Former NSA analyst Charity Wright reveals changes to the cyber threat landscape as many nations pass new laws.
July 22, 2019
Laws favoring backdoor access to data for law enforcement are having a major impact on the dark web, and changes in use of the dark web are impacting businesses differently. MSSPs must adapt their strategies accordingly.
Charity Wright, former NSA and U.S. Army cyber threat intelligence analyst, works with IntSights Cyber Intelligence. She gave a presentation on these topics at RSA Conference 2019 – Asia Pacific & Japan last week in Singapore.
It’s not just businesses based inside those countries – Vietnam, China, Russia, and Australia – that are at increased risk, but those outside of these countries too. The effect on consumers is equally disconcerting to businesses that want to serve them as well.
“Isolationism, restrictions and data-privacy laws are driving citizens to the deep and dark web for anonymity, cryptocurrency, and access to otherwise restricted apps or information — including crime,” she said.
IntSights’ Charity Wright
We dove into Wright’s insights in this Q&A for Channel Futures MSSP Insider to discover what MSSPs need to know to protect their clients, and to help their clients protect their customers.
“For example, accounting firms with tons of data on hand belonging to their massive bank clientele,” Wright said.
Channel Futures’ MSSP Insider: Why the combination of Vietnam, China, Russia, and Australia? That last country doesn’t seem to fit as it has a more Western bent than the other three.
Charity Wright: Each of these countries belongs in the APAC category and all four have recently created new internet laws that are creating lasting and possibly permanent changes to the threat landscape and dark-web usage.
CFMI: Let’s take one country at a time from your list, starting with Vietnam. What’s happening there?
CW: In June of last year, the Vietnamese National Assembly passed a new cybersecurity law requiring tech companies to open offices inside the country, store local user data in-country, and provide information on-demand to the Vietnamese government. The new law also enforces social media censorship that goes into effect now. As part of that censorship initiative, Force 47, a 10,000 member-strong cyberoffensive unit was formed to battle “inappropriate or toxic” views — largely meaning anything that threatens or opposes the government’s views.
This has led to a huge spike in deep- and dark-web use as people seek to circumvent the law, pursue anonymity and access more diverse information. A younger, tech-savvier generation is turning to the dark web to use Tor browser, VPNs and cryptocurrencies, as well as to explore opportunities in cybercrime.
The risk: Foreign companies operating inside Vietnam are forced to carefully weigh the benefits and risks each of these changes pose. Vietnam is the baby version of China.
CFMI: China is the king of surveillance. It’s difficult to think they can do anything more. But they made your list. Why?
CW: China has the strictest laws of any country in the world. It leads in internet monitoring, censorship and AI. It may be a prime example of what internet censorship could look like in the future as many governments around the world attempt to control the data flowing through and within their borders. China’s view of the internet is as “internet sovereignty”: the notion that the internet inside the country is part of the country’s sovereignty and should be governed by the country. Russia’s view is very similar.
The 2003 Golden Shield Project/The Great Firewall of China (GFW) is probably best known outside the country. It’s the combination of legislative actions and technologies enforced by the People’s Republic of China to regulate the internet domestically. Since then, the Cybersecurity Law of China was enacted on June 1, 2017, and the new supplement, “Data Security Administrative Measures“ passed. The measures require …
… network operators to provide data under their control upon request to the government.
There are penalties for network operators that violate these measures. They could be subject to public exposure, confiscation of any illegal gains, and suspension or shutdown of their business. Their websites can be disabled, and their business permits and licenses can be revoked. Individuals can be investigated and punished in accordance to criminal law. Surveillance is largely aimed at minorities and people coming into the country — spyware is typically uploaded to their phones. In this way, China is able to monitor every single person inside the country.
The risk: Primarily to foreign firms operating in-country in loss of proprietary data and trade secrets, as well as physical threats to employees who may accidently misstep.
There are also cyber risks worldwide since the dark web is not as popular in China as it is elsewhere. That’s because the Chinese government can surveil every person’s activities in very granular detail and stop dark-web usage. In order to hide their activities, cybercriminals work and communicate on the clear web where they speak in code resembling normal conversation. This creates a blind spot for everyone in cybersecurity since it’s harder to identify and track such activities. You either have to risk someone in-country for counterintelligence or turn to the U.S. government for that information. The U.S. government is great about sharing that info with law enforcement and the private sector.
CFMI: And what about Russia? They are certainly getting a lot of attention these days. What’s new their way?
CW: Russia is the gold standard in dark-web use. They have always paved the way in dark web and cybercrime.
Now they are making some sweeping changes that are creating big ripples throughout the global threat landscape.
Russia is centralizing its surveillance and censorship apparatus. On May 1, 2019, President Putin signed into law the Sovereign Internet Law, which is similar to China’s Great Firewall. Russia is still behind China in surveillance and internet control but I predict it will catch up with China soon — in a few years.
Russia says the main goal of this most recent law is to protect itself from foreign intervention and against disconnection from the internet. But in practice, this law allows the Russian government to secure the web within its borders, disconnect from global internet infrastructure and facilitate mass surveillance and domestic internet control. Russia could willfully disconnect from global root-name servers, ensuring autonomous operation of RUnet, the Russian internet sector.
Also, specialized hardware and software are now installed in every Russian internet service provider. This gives governmental and law enforcement agencies on-demand access to the private data of Russian citizens without the need to provide a court order. If Russia decides to disconnect its citizens from the world wide web, internet freedom for users is further restricted, thus tightening the government’s clenched grip on how the internet is used within its borders.
However, Russia does not care what its citizens do on the dark web and typically ignores any crime there that doesn’t affect the country or government in a negative way. Russia basically started the dark web and sees it as a lucrative market. It actually encourages cybercrimes against other countries. Hence its aversion to shutting the dark web down or otherwise interfering with activities there.
Russian cybercriminals have become more welcoming to new users over the years. That’s because they now realize they can better monetize their assets by enlarging their buyer bases.
The first rule of Russian dark web communities is to never target victims in CIS countries — Russia in particular. The sovereign internet will make it much easier for Russian law enforcement to crack down on hackers that target Russian entities, but threat actors that target foreign entities will still go unscathed — particularly those operating in enemy states like the U.S.
Russian hackers are also working toward connecting through their own alternative means to networks, but nothing has emerged yet from those efforts.
The risk: Is to both foreign and domestic companies working inside and outside of Russia. Dark web criminal activities will …
… grow unchecked unless a global force intercedes as international cooperatives have in the past. In the event Russia were to sabotage the global internet – such as cutting underwater cables or some other large-scale interference – Russia could still operate unaffected on its own internet. However, cutting off the rest of the world could have global consequences.
CFMI: And now Australia, which sounds like the odd man out given it’s a Western democracy. What’s happening there?
CW: Australia is basically doing what Vietnam is doing. Many Americans are shocked at that because Australia is a member of the “5 Eyes” alliance, which seeks to counter China and other foreign interference and influence. The assumption is that none of the members of that alliance would do anything to jeopardize user privacy. Yet Australia now has a strict and dangerous new cybersecurity law that provides on-demand access to encrypted data via a backdoor for law enforcement.
The risks: One of the scariest things in that law is that officials can make demands for data on individuals within a company rather than on the institution. They can force the engineer or IT administrator in charge of vetting and pushing out a product’s updates to undermine its security. Companies that fail or refuse to comply with these orders will face fines of up to about $7.3 million. Individuals who resist could face prison time.
Australia’s new law compels a company to weaken its product security for law enforcement, and in so doing creates a backdoor that will exist universally and be vulnerable to exploitation by criminals and governments outside of Australia. It’s just a matter of time before threat actors figure out how to exploit those backdoors.
Companies that are asked to provide exceptional access might turn off end-to-end encryption, deactivate “encryption on by default,” disable smartphone “kill switches” or take away users’ sole ability to decrypt their smartphones. These are the very features that have vastly improved security and privacy for millions of users throughout the Asia-Pacific region.
CFMI: What are the global implications of these trends combined?
CW: Here are a few global implications and risks that companies and their security providers must take into consideration because of the passing of all these new laws:
The possibility that you are effectively handing over your data and your customers’ data to a foreign government.
That you could be handing over the crown jewels as well — details about deals in progress, trade secrets, intellectual property, pending patent applications and so on.
You may have to make damaging disclosures to clients and customers; you’ll need to disclose all these risks to customers and even vendors that may not want to work with you because of these risks.
There could be expensive new requirements burdening your physical infrastructure — such as complying with the demands that data be stored in the county/countries where users live.
The loss of information and knowledge of consumer behavior as more users dive underground (dark web, cryptocurrencies and so on) to avoid detection, tracking, and even arrests.
For further information from Wright’s presentation, take a look at her slide deck.
Read more about:
MSPsAbout the Author
You May Also Like