what the dark web wants...what the dark web wants by michael dombo vice president of sales october...
TRANSCRIPT
What the Dark Web Wants
By Michael Dombo
Vice President of Sales
October 20, 2015
About Winvale
For more than a decade, Winvale has provided its public and private
sector customers cutting edge identity & brand management,
collaboration, network management and cybersecurity solutions.
In June 2015, Winvale was awarded the contract by the U.S. Office
of Personnel Management (OPM) to monitor and protect the credit
and identity of 4.2 million current and former federal employees for
an initial period of 18 months. The OPM breach is considered to be
one of the most damaging federal cyber attacks to date.
All Rights Reserved – Winvale & Dark Web ID LLC © - Proprietary & Confidential Information - 2015
• “Dark Web” added to Dictionary.com – May 7, 2015 – “The portion of the Internet that is hidden from conventional search engines, as by encryption; the aggregate of unindexed websites.”
• Hidden from conventional search engines and the general public
• Search engines like Google only search the surface web, aka the World Wide Web (www)
• Surface Web only makes up .04% of the internet
• The other 99.96% of the web consists of databases, private academic and government networks, the deepnet, and the Dark Web
What is the “Dark Web”?
Serves as a forum for conversation, coordination, action
Used for:
• Anti-censorship and political activism – government-blocked
content, political dissidents
• Sensitive communication – personal/business
• Leaked information
What is on the Dark Web?
Users can operate anonymously
• Exploitation of technology-driven crimes – identity theft, credit card
fraud, intellectual property theft
• Goods such as drugs, weapons, exotic animals and stolen
information sold
• Thieves can sell stolen Personally Identifiable Information (PII) for
profit, often obtained in data breaches
• Dark Web users include nation states, organized crime professionals,
hacktivists, malicious insiders, motivated individuals, terrorist groups
Who is on the Dark Web?
• Sites within the Dark Web use software such as Tor, to operate anonymously
• Software allows users to utilize “an open network that helps you defend against traffic
analysis, a form of network surveillance that threatens personal freedom and privacy,
confidential business activities and relationships, and state security.”
• Bitcoin is most often used for trading – decentralized digital currency that uses
anonymous, peer-to-peer transactions
Communicating on the Dark Web
Dark Web Privacy Concerns
“We see fraudsters of all kinds, whether it's health care or just trying to steal your banking transactions, trying to operate in a way that we can't see." - FBI Director James Comey Source: Politico
The recent Ponemon Institute Cost of a Data Breach study found the
average cost of a data breach to be $5.5 million with average cost per
compromised record to be more than $194.
Breach Cost & Frequency Increasing
Breach Impact to Organizations
10
• Data lost in a breach can include Social Security numbers, email addresses, driver’s
licenses, medical information, fingerprints, addresses and other PII
• Identity thieves can do a lot with this sensitive information:
• Take over existing bank accounts
• Create a fake driver’s license/government
ID
• Commit crimes, be arrested and then skip
bail, leaving an innocent citizen with a
criminal record and warrant for their arrest.
• Take out multiple high-interest, quick cash,
payday loans under someone else’s name -
leading an individual’s credit to be impacted
by bad debt.
• Process a change of address request and
have access to an individual’s personal
records that arrive in the mail such as
benefits, bank statements, etc.
• Access and make purchases through sites
such as Amazon, Paypal, Ebay, Gilt, Uber
and others where payment information is
save on an account
Password Sharing Concerns
76% of people will use the same password for most, if not all, websites
• Have a breach response plan in place!
• Educate/train employees on cybersecurity best practices –
password hygiene, updating systems, signs of phishing scams
• Proactive, ongoing external monitoring
• Know what parties to engage if/when breached
Recommendations/Best Practices
• Dark Web ID was created by Winvale to address critical issues impacting both public and private sector organizations
• Through Dark Web monitoring, we have identified more than 300 million compromised records from 82.7% of commercial and government organizations
• Web based platform provides external monitoring of an organization’s email domains, IP addresses, Supply Chain
• Identifies compromised credentials in real time so users can take necessary steps to help protect a organization’s network and prevent a potential cyber attack
• Operates independently, does not require software install or connection to IT network
• Utilizes HTTPS encryption, user validation with two factor authentication login, cloud hosted within a secure FedRAMP environment
What is Dark Web ID?
Leveraging both Human and Artificial Intelligence, we monitor the following, 24x7, 365 Days a Year:
• Hidden Criminal Chat Rooms
• Private Websites
• Peer-to-Peer Networks
• IRC (Internet Relay Chat) Channels
• Social Media Platforms
• Black Market Sites
• 640,000+ botnets On average, we identify and report on more than 1 million compromised IP addresses and more than 80,000 compromised emails every day.
To date we have identified more than 300 million compromised records from 82.7% of public and private sector organizations.
How We Monitor the Dark Web
Monitoring the Dark Web Can Help Privacy Professionals
Internal Operations &
Management
• Holistic Threat Intelligence
Program Development
• Proactive & Automated Security
Management
• High Value Target (HVT)
Monitoring
• Targeted Individual and Repeat
Offender Monitoring
• Reduce Incident Response
Times
• Policy Enforcement
• Cyber Education & Awareness
Supply Chain Management
• Identify trends and potential exposure
points within your supply chain
• Share threat intelligence and support
corporate supply chain management
and security policies.
Industry Benchmarking
• Understand how your organization’s
threat posture compares to your
industry peers and competitors.
Cyber Liability Insurance
• Demonstrate a comprehensive
approach to loss prevention and
educate through the deployment of
external security monitoring services.
Washington, DC/Odenton, MD
WWW.DarkWebID.com
Contact Us
Michael Dombo
Vice President of Sales
Tel: 202-997-8858
Email: [email protected]