Underground marketplaces on the dark web are a breeding ground for hackers and cyber attack tools, and browsing these places using Tor can lead to the murky world of arms trading, malware sales and drug suppliers.
But security firms should take advantage of the so-called dark web as a source of threat intelligence, according to ThreatStream.
Cyber criminals thrive on the dark web and an entire economy has built up around its existence, and ThreatStream believes that the threat intelligence on the dark web can be an excellent resource for security firms.
"There's actually a lot of useful information that you can gather, whether it's forum posts about a customer, compromised credentials such as emails, or phishing domains being set up," Colby DeRodeff, co-founder and chief strategy officer at ThreatStream, told V3 in an interview.
ThreatStream has governments and large firms as customers, and offers a range of end-to-end threat intelligence tools. The firm also scoops up data from the dark web to have a better understanding of these threats and how they spread.
"We have a decent sized research team that spends time in the dark web looking for information about our customers," DeRodeff said.
"Customers use that information to make sure their users are protected and that the partners or third parties they interact with [are aware] that they are being affected. What we really focus on is making that data not scary to our customers but usable."
The goal, according to DeRodeff, is making any information discovered on the dark web, from compromised personal information to financial banking details, useful for its customers.
"Let's say, for example, you have a credentials dump that you find on the dark web and it has 50 or 60 or 100 of your user accounts in there. You then need to automate the process of alerts if anybody is trying to access those accounts, and automate password change procedures," he said.
Security researchers have first to infiltrate the various dark web forums and marketplaces to locate and make use of such information.
"You have to get street cred in these forums. That's their security. A lot of the dark web activity is done by humans that have personas in the dark web. [Researchers] create a fictional identity in the dark web and then pretend they are somebody who buys and sells credit cards," he said.
DeRodeff explained that the criminals now put full credentials dumps onto virus-checking websites like Virus Total to ensure that the stolen files do not contain malware.
Yet for intelligence gathering purposes, ThreatStream often welcomes the leak of such data on to the clear web. "As security folks we love that because we can then gather that [intelligence]," said DeRodeff.
Additionally, ThreatStream uses dark web data to produce threat ‘profiles' and better understand the nature of cyber attackers. This can help to analyse and understand a security problem in the wake of a major breach.
"We are seeing information being tracked at the adversary level, so really understanding motivations, who is behind different campaigns, understanding what the targets and motivations are, will help you do an analysis post-breach or even pre-breach," he told V3.
"We try to understand what they might be after. I know [hackers] are in my network now because I found their malware, but where are they going and what kind of data will they be after? Are they going after personal information for fraud purposes? Are they going after intellectual property or is it nation-state activity?"
It was only days after the T-Mobile data breach last year before the cache of 15 million customer records from credit monitoring service Experian was listed for sale on the dark web.
Previous investigations into dark web activity have revealed that cyber criminals are selling personal identities or financial data for as little as £12.
Yet instead of ignoring this thriving underground economy, ThreatStream uses the dark web for intelligence on planned attacks, malware trading and, ultimately, as a tool to better understand threats in the digital world.
Intel wants to get inside your car, despite missing out on mobile
'We'll keep fighting to fight to keep the web free and open,' claim EFF
Breached in March by the same attackers, claim 'insiders'
And all for less than £150, according to Keith