Why brands should protect themselves from the dark net
By Nikki Scrivener
As with so many things internet-related, the Dark Net began with good intentions. Essentially, it was used by naval analysts to hide their IP addresses when they went online. In fact, any one of us can download and access the web via TOR (The Onion Router) to protect our identity. There are up to 30,000 websites ending in .onion, not all of them with criminal intentions – TOR itself is maintained as an open source platform by a not-for-profit organisation. The browser has been used by whistleblowers, political activists and journalists to great effect – but by cyber criminals and drug dealers in equal measure.
It’s also a bizarre hot bed of innovation. Drug dealers are credited with being early adopters of cryptocurrencies, for example, as Bitcoin was used as a payment method on the Dark Net’s trading platform, Silk Road. The site mirrored any other marketplace that we would recognise in our consumer lives – with drug dealers competing on price, quality, delivery and customer service – showing market forces and our behavioural patterns are the same, whatever we’re buying or selling.
A new reputational risk
But the Dark Net also poses a reputational risk to brands. Thousands of O2 customer log-in details and passwords cropped up for sale on the Dark Net a while ago, prompting fears that the company had been the victim of a data breach. Speaking at a CIPR event last week, Jamie Bartlett, author of The Dark Net, explained how O2 were oblivious to this when he broached the subject with them as part of a BBC investigation. As it transpired, it was a less security-conscious gaming website that had left itself exposed and not O2 at all. Using the data acquired from that site, the cyber criminals set about trying the same username/ password combinations with multiple corporates and, lo and behold, thousands perfectly matched O2 personal log-in information.
A lesson to us all. Don’t use the same passwords across multiple sites, particularly with organisations that you fear may be less than secure.
But where does this leave brands like O2? Or Tesco, when in a slightly different scenario counterfeit Tesco vouchers started appearing on the Dark Net – with £20 vouchers on sale for £8.
Another trend that has emerged is the ability to buy numerous fake social media accounts and use them to become an influencer or promote specific messages. This is an alarming development, particularly with the rise in (and blurred boundaries around) fake news. It also brings companies like Facebook and Twitter under scrutiny.
In essence, none of these companies did anything wrong. However, had the real story on O2 not been uncovered there’s no doubt they would have been accused of being hacked. And even if the accusations proved false eventually, some of the mud would probably have stuck.
Keep your enemies close
It’s so important that brands don’t ignore the reputational risks that the Dark Net presents, and this is something that Jamie Bartlett was keen to point out during his presentation. Whether someone within the organisation is tasked with monitoring the Dark Net – perhaps as part of a social media management role – or whether this is outsourced to an agency, it’s becoming an important element of crisis comms and damage limitation.
Being on the front foot enables you to consider how you would communicate to customers if you were ever accused of a data breach if, for example, your customers’ details were ever being traded on the Dark Net or if counterfeit products were found to be circulating. As with all crises, you will most likely be judged by the speed and transparency of your response.
The key to protecting your reputation is understanding the risks and having a communications plan in place. The Dark Net is out there, it’s not going away and at the moment we can’t beat it. (When the Silk Road was shut down in 2013, Silk Road 2.0 appeared almost overnight.) But removing some fear of the unknown could help you to manage the outcomes of any brushes you may have with the alternative cybersphere.
We’re planning to look at this topic in more detail in the new year, so if you have any experiences that you’d like to share with us we’d love to hear from you.
Nikki is a director and co-founder of Fourth Day