Health establishments, Auchan, Free, SFR, France Travail… So many French structures hacked this year and whose customer or user data was stolen to end up on the darkweb. But what happens next? Some answers with Iskander Sanchez-Rola, dark web specialist.
The dark web, a platform for selling personal data? Not a week goes by without a new cyberattack. The latest concerns a health establishment in Ile-de-France, the data of more than 750,000 patients was hacked and put up for sale on Tuesday November 19 on the dark web. The dark web is often mentioned without us knowing very well what it is and especially what happens to our data there.
According to Norton, an internet security company, in France, 7% of identity theft attempts were successful in 2022, and more than 200,000 French people have their identities stolen each year. Many people receive strange emails, SMS or Whatsapp messages and click on links. In total, some 26% of French people have been scammed via these phishing messages. “IThere is a lot of data on the dark web because most of the things we do today are done online”, warns Iskander Sanchez-Rola, director of innovation at Norton. This specialist takes us into the dark web to better understand what is happening there.
franceinfo: What is the dark web?
Iskander Sanchez-Rola : In order to define what the dark web is, we must imagine the entire internet as an iceberg. Its emerged part corresponds to the “surface web”, that is to say everything we visit on the internet every day, when we read the news, when we do research on Wikipedia, everything we can find on any search engine like Google, Yahoo, or Bing. After the “surface web”, there is the “deep web”, the submerged part of the iceberg just below the surface of the water to continue the comparison. You may think you've never been there, but in fact you're there regularly, because every time you need a password to access a website, you're on the deep web. This may include databases from companies or academic institutions. These are also platforms like Netflix, because you cannot access them without a username and password.
Even deeper lies the “dark web”, at the other end of the iceberg. Dark web pages are not indexed on traditional search engines and all information found there is encrypted. This allows, for example, not knowing where the person hosting the website is, but conversely not knowing who is connecting, because there are several layers of encryption, like those of an onion. . This subset of the Internet is accessible via special software, such as the better known Tor, which stands for “The onion router”, which allows you to communicate, exchange and purchase in a way anonymous. One of the big differences of the dark web compared to the classic web is the URL, which is long and complicated and ends in “.onion”.
What is happening on the dark web?
Drug trafficking, cryptocurrencies, scams, all types of illegal activities. But it is sometimes used for a good thing, such as political protest in countries where there is no freedom of speech. In these countries, it is quite common, for example, for a journalist to use it when he must preserve the confidentiality of his private communications.
What do hacker groups look like on the dark web?
Lock bit 3 is one of the largest hacker groups attacking France, among other countries. On their page on the dark web, they write in very detail the rules to follow in order to work for them, a bit like a job offer. They list the countries they do not want to attack, the post-Soviet countries, which suggests that they are from these countries. They also specify that, regarding anything related to health, such as hospitals or dental clinics, it is possible to steal their data, but not to prevent them from functioning, because this could lead to death and they do not want to kill people. Make no mistake: these people are not very nice. The only reason they don't want to kill people is because it would give them bad press, and no one will pay them if they kill hundreds of people.
To talk to each other, hackers use forums, such as Dread, the equivalent of Reddit on the dark web. On Dread, they talk about fraud, drugs, untraceable cryptocurrencies like Monero, drug manufacturing… completely illegal things.
What are the hacker groups who steal the data demanding?
The activity of hacker groups takes place largely on dark web chats where they chat with the structures they attack. Once hacked, these structures receive instructions which lead them to contact the hackers. These explain to the targeted structure that it has been the victim of a cyberattack, what data has been stolen, that there is a ransom to recover it and how to pay it.
The concept of ransom has changed over the years. Now the ransom is no more: “I will return the data to you”, more “I won't make it public. So if you don't want your data to be on the dark web and everyone who wants to access it can, pay me, and if you pay me, I'll delete it. Otherwise, it will be public.” But, to be honest, even if they pay, it's not 100% sure that hackers won't make the data they have public.
What happens to our data once it is on the dark web?
I will take the example of Medusa which is another hacker group. On their page, they display amounts of money associated with countdowns. They charge money based on the data they have and, if they don't get paid, then they make the data public. Anyone can pay, and not necessarily the targeted structure, the hackers don't care where the money comes from. This means that other hacker groups or mafias who want this data can get it.
What risks are there in having your data sold on the dark web?
This is really something important to take into account, because with the big cyberattacks that France has experienced recently, Free, Auchan… if you gave them your data, then your data is on the dark web . Then, they can be used for identity theft, for example. With your identity, I can try to open whatever I want, like an online bank account in your name and apply for a loan. It’s mind-boggling how much money is lost to identity theft. This is reality, it's not a threat we see in the movies, and it creates big problems. Because hackers pretend to be you, they do things in your name and it is you who will suffer the consequences of what they do. And then it's you again who will have to prove that it wasn't actually you.
Can we really prevent our data from ending up on the dark web?
First of all, you need to know that your data is on the dark web. This is extremely important because if you don't know your data is there, you're not prepared. The more you know, the more you can protect yourself. For example, I can change my passport if I know it is there. I can't change my address, but if I know someone has my address, I can be on guard if I receive strange mail.
But you also have to ask yourself the question: why are you giving your data? Do they really need my phone number, my full name and my first name, my address? The answer is often no. People tend not to think about it too much and one would expect them to be more careful. So I will always recommend people to think twice before deciding to give their data the next time they fill out a form. I've heard so many times “I'm too small, no one cares.” This is wrong, your data sooner or later ends up on the dark web and you need to protect yourself.
