Whether it’s the news stories you hear on an almost daily basis or those alarming letters you receive in the mail from your bank, one thing is clear: Cyber criminals are constantly trying to steal our personal information.
Those hijacked Social Security numbers, credit card data and account passwords often end up on a place called the Dark Web.
It’s something you’ve probably heard about, perhaps during TV commercials, but might not know much about.
So what exactly is this mysterious online world, and how do you get there?
For the answer to that question, the NBC10 Boston Investigators sat down with Andrei Barysevich, the director of advanced collection for Recorded Future, a Somerville-based cyber intelligence company.
In less formal terms, Barysevich describes himself as an "in-house spy," someone who spends his days surfing the Dark Web and looking for important clues.
So what exactly is the Dark Web?
"You can pretty much find anything," Barysevich said. "Stolen identities, credit card numbers, compromised data or weapons and drugs."
Although you can’t get to the Dark Web via traditional browsers like Google, it isn’t that difficult to access with readily available online tools. And while not everything that goes on there is illegal, much of it operates like a cyber black market. CNBC put together this helpful explainer on why people use the Dark Web and how it keeps user identities and locations anonymous.
"You’d be surprised about how many people use the Dark Web on a daily basis," Barysevich said.
In the past two years, Barysevich has gone from a team of one to a team of several dozen cyber intelligence analysts, combing through more than 2 million Dark Web sources per week.
The company’s growth shows there is a significant demand in the Boston region as companies look for guidance about where their security systems are vulnerable so they can stay one step ahead of cyber thieves.
The employees, typically fluent in several foreign languages, act like "flies on the wall" in Dark Web online forums, Barysevich said, attempting to gather information about what’s being bought and sold. Occasionally, they engage with the bad actors, but are very careful not to cross a line.
"From the first day, we said we are going to do this in a way that’s legal" said Christopher Ahlberg, CEO of Recorded Future. "Cyber security has grown incredibly in the past few years. It’s the idea of being able to catch cyber threats before they hit you. To do that, you need to infiltrate the places that bad guys hang out."
When valuable information is uncovered, Recorded Future told NBC10 Boston it shares the details with the pertinent parties, whether it’s a government agency, financial institution or law enforcement. One notable example was when the company spotted a hacker selling sensitive documents about military drones.
During a visit to their office in April, Barysevich took the NBC10 Boston Investigators for a quick tour of the Dark Web.
It was truly stunning to see. On one site, a simple drop-down menu allowed users to buy stolen accounts from almost any online site imaginable: Amazon, Airbnb, Instagram or Netflix. And it was all available with a simple "pick and click."
Just as there are so-called "gateway drugs," Barysevich described the Dark Web as a gateway to cyber crime. For instance, a single stolen Netflix account for $3 might later grow into an online mastermind selling drugs or counterfeit cash overseas.
"Someone might start with small, almost innocent things," Barysevich said. "But then he develops his skills and engages in different schemes. Eventually he’s doing completely illegal things and making millions of dollars."
On one disturbing site, Barysevich showed NBC10 Boston Investigator Ryan Kath how easy it is to buy the Social Security number of almost anyone in the United States. Using one of Recorded Future’s accounts to pay the $3 charge, Kath plugged in his name.
After a search that only took a few seconds, Kath’s personal information appeared on the screen.
Barysevich said everyone should assume their information was at one point stolen and is available on the Dark Web.
Despite that ominous statement, he said there are a number of things consumers can do to reduce their risk:
• Freeze your credit report, something that can be done for free
• Activate text and email alerts for activity on your bank accounts
• Question why you need to provide a Social Security number or copy of your driver’s license when you visit the doctor or dentist
• Don’t use the same password for multiple online accounts
Barysevich emphasized this last tip the most, saying it is the most common mistake he sees. For a few dollars, consumers can instead use a password manager app or a program that provides a unique password for each online site they frequent. It’s an inexpensive strategy that can pay off big.
While some consumers might want to throw up their hands in frustration, Ahlberg — the Recorded Future CEO — said not to give up the fight. The goal is to decrease the odds that you’ll be cyber thieves’ next target.
"You just have to be the second-slowest," Ahlberg explained. "When the bear starts chasing you, it’s important to be the second-slowest because the bear will kill the slowest."