Saturday May 25, 2019
Home Lead Story Dark Web Expo...

Dark Web Exposes Computer-server Data Transfer to Hackers

In comparison, there were just 531 mentions for ransomware

0
//

Cyber criminals now have access to the most-secured data files used to facilitate confidential communication between organisations’ servers and clients’ computers on the Dark Web, say researchers.

According to the team from Georgia State University and the University of Surrey, a thriving marketplace for Secure Sockets Layer (SSL) and Transport Layer Security (TLS) certificates exists on a hidden part of the Internet.

SSL and TLS are security technology (https protocol) that protects the transfer of data and information between computers and servers.

Networked machines use keys and SSL/TLS certificates to identify and authenticate themselves when connecting to each other, much like humans employ user names and passwords to go online.

According to the researchers, when these certificates are sold on the darknet, they are packaged with a wide range of crimeware that delivers machine identities to cybercriminals who use them to spoof websites, eavesdrop on encrypted traffic, perform attacks and steal sensitive data, among other activities.

“One very interesting aspect of this research was seeing TLS certificates packaged with wrap-around services — such as Web design services — to give attackers immediate access to high levels of online credibility and trust,” informed lead author David Maimon, Associate Professor in Georgia State.

Two days before the major cyber-hack on Wednesday, Dr.Krishna warned about the growing number of hospitals that could be shut down by ransomware attacks.

A search of five marketplaces in the darknet uncovered 2,943 mentions for SSL and 75 for TLS.

In comparison, there were just 531 mentions for ransomware.

It was surprising to discover, he added, how easy and inexpensive it is to acquire extended validation certificates, along with all the documentation needed to create very credible shell companies without any verification information.

Also Read- Supreme Court Restricts Defacement of Hillocks, Public Places with Political Slogans

“This study found clear evidence of the rampant sale of TLS certificates on the Dark Net,” said Kevin Bocek, Vice President of Security and Threat Intelligence for cyber security firm Venafi.

“Every organisation should be concerned that the certificates used to establish and maintain trust and privacy on the Internet are being weaponised and sold as commodities to cyber criminals.” (IANS)

Next Story

US Lawmakers Seek Probe to Control the Spread of Hacking Tools Sold Globally

The bill is expected to be voted on by the full appropriations committee in the coming weeks before going onto the full House

0
hacking
A man takes part in a hacking contest during the Def Con hacker convention in Las Vegas, Nevada, on July 29, 2017. VOA

U.S. lawmakers are pushing legislation that would force the State Department to report what it is doing to control the spread of U.S. hacking tools around the world.

A bill passed in a House of Representatives’ appropriations subcommittee on Tuesday said Congress is “concerned” about the State Department’s ability to supervise U.S. companies that sell offensive cybersecurity products and know-how to other countries.

The proposed legislation, released on Wednesday, would direct the State Department to report to Congress how it decides whether to approve the sale of cyber capabilities abroad and to disclose any action it has taken to punish companies for violating its policies in the past year.

National security experts have grown increasingly concerned about the proliferation of U.S. hacking tools and technology.

hacking
National security experts have grown increasingly concerned about the proliferation of U.S. hacking tools and technology. Pixabay

The legislation follows a Reuters report in January which showed a U.S. defense contractor provided staff to a United Arab Emirates hacking unit called Project Raven. The UAE program utilized former U.S. intelligence operatives to target militants, human rights activists and journalists.

State Department officials granted permission to the U.S. contractor, Maryland-based CyberPoint International, to assist an Emirate intelligence agency in surveillance operations, but it is unclear how much they knew about its activities in the UAE.

Under U.S. law, companies selling cyber offensive products or services to foreign governments must first obtain permission from the State Department.The new measure was added to a State Department spending bill by Dutch Ruppersberger, a Democrat from Maryland and member of the House Appropriations Committee.

Ruppersberger said in an emailed statement he had been “particularly troubled by recent media reports” about the State Department’s approval process for the sale of cyberweapons and services.

CyberPoint’s Chief Executive Officer Karl Gumtow did not respond to a request for comment. He previously told Reuters that to his knowledge, CyberPoint employees never conducted hacking operations and always complied with U.S. laws.

hacking
Rep. Dutch Ruppersberger, D-Md. questions U.S. Ambassador to the UN Nikki Haley as she testifies on Capitol Hill in Washington, Tuesday, June 27, 2017. VOA

The State Department has declined to comment on CyberPoint, but said in an emailed statement on Wednesday that it is “firmly committed to the robust and smart regulation of defense articles and services export” and before granting export licenses it weighs “political, military, economic, human rights, and arms control considerations.”

ALSO READ: Huawei Warns Ban on 5G Technology would Harm American Workers

Robert Chesney, a national security law professor at the University of Texas, said the Reuters report raised an alarm over how Washington supervises the export of U.S. cyber capabilities.

“The Project Raven (story) perfectly well documents that there is reason to be concerned and it is Congress’ job to get to the bottom of it,” he said. The bill is expected to be voted on by the full appropriations committee in the coming weeks before going onto the full House. (VOA)