News broke last Friday of the arrest of a senior programmer from Israeli security firm, NSO Group, the company behind the infamous mobile spyware Pegasus. Allegedly faced with termination, he attempted to sell stolen source and development code valued at hundreds of millions of dollars on the Dark Web. He was caught after a potential buyer reported the sale of NSO code to authorities, allowing them to conduct an internal investigation to find the culprit.
They got lucky. In this case, stolen code not only represented a significant loss in IP but a threat to international security. A buyer with malicious intent would have acquired software with the capability to access and spy on millions of phones worldwide.
The Dark Web has long been seen as a mysterious corner of the internet, inhabited by a small group of shady hackers. The reality is very different. Just a quick Google search and download of the Tor browser can get anyone online onto the Dark Web in minutes. Millions of users access Tor every day to take advantage of the anonymity it provides. Combining anonymity with untraceable cryptocurrency makes it the perfect place for illegal activity, like the notorious drugs marketplace, The Silk Road.
Surface Web and Deep Web searches are slowly becoming a recognised part of the due diligence and repeated company screening process and the Dark Web should follow. Proprietary software and code is becoming ever increasingly more valuable and a more tempting target for theft and resell. Whilst the anonymity of the Dark Web protects sellers, the product can still be identified.
As the Dark Web continues to become the marketplace of choice, companies must adapt to ensure their IP stays safe. In the case of the NSO Group, they were saved by a benevolent Dark Web user. This will not always be the case and companies must take responsibility to recognise the importance of Dark Web investigation.
-Alex Penn