The Dark Web and the Upside Down: Stranger Things in Cybersecurity

6 minute read

It’s our (read: my) favorite time of year: National Cybersecurity Awareness Month and Halloween. This week, we’re diving into one crucial cybersecurity element: dark web intelligence. If you’re more afraid of the dark web than a haunting or a vampire attack (you know, because it’s real), this post is for you. 

Things in the Underground Economy are not always what they seem. The dark web is built on relationships and is virtually a mirror image of the regular economy (I like to think of it as the Upside Down in Stranger Things). Its currency isn’t strictly financial, and people are motivated by a variety of factors. In a world where inexperienced or under-resourced teams miss the “Demogorgon” until it’s already done damage, proactive threat intelligence is critical. 

In this post, we’re shining some light in the dark (web) and sharing what it has to do with the Upside Down. We’re also diving into some tips to take the fright and turn it into delight, witch, er, which will make your security team more efficient.

The dark web and the Upside Down

Just as the Upside Down in Stranger Things is a distorted mirror image of the world above, the dark web houses an entire underground economy with undeniable similarities to the above-ground economy through a variety of dark web forums

The underground economy experiences the same volatile economic constraints we experience, and like our economy, supply and demand fuel many of the activities. Just as we see in horror films like Us and shows like Stranger Things, there are winners and losers in the “alternate realities” of the dark web. 

But, it also has its own language and culture. It has its own geographies, and within each location, are very different cultures. It’s a sophisticated network of people who impose their own rules. 

And, even more than in the above-ground economy (and like any chaotic setting of a horror film), it’s noisy. Threat actors and dark web vendors are vying for the same attention and are trying to stand out from their peers. Meanwhile, some are trying to make noise to simply distract businesses and authorities or root out intelligence professionals. There are enforcement mechanisms, but they differ from the above-ground economy in that there’s no judicial body that penalizes you. It’s effectively mob rule. 

TL;DR: The fictional Upside Down and the nonfictional dark web are both mirror images of their respective mainstream realities. Both the Upside Down and the dark web are cluttered with loud, complex ecosystems that make above-ground visitors justifiably nervous (at best). 

Taking the classic fear and horror from the dark web 

This is where we veer away from the types of fear presented in horror films and TV shows. 

If you look across the clear web, you’ll find a lot of information about the dark web and the underground economy – some true, a lot exaggerated, and some blatantly false. It’s true that criminal activities take place there, just as they do on the surface. However, when you shine a light on how the underground economy operates, it’s less bogeyman and more business practices. Don’t get my wrong – it’s still rife with criminal activity and unique subcultures, but when you can see beyond the fear-based facade, you find a far more familiar environment, where trust-based relationships are paramount to conducting business. 

And behind every dark web threat to your business, there is a real-life person on the other end of a computer. The boogeyman isn’t actually a boogeyman at all. The werewolf is just a dog howling at the moon. So what does this mean for reputable businesses? It means addressing dark web risks is less about confronting a mysterious cyber-villain and more about having the time on target – or access to time on target – to recognize the nuances of the complex ecosystems.  

Relationships in the Underground Economy matter. Trust is an important form of currency, and knowing the adversaries as people can make the difference between an expensive false alarm and a legitimate threat. It’s easy to vilify threat actors because of the crimes they commit. But as counterintuitive as it seems, looking at an adversary through such a narrow lens means you could miss critical details that aren’t obvious to the casual observer. Context is key, and knowing the people behind the threats will give you the upper hand.

TL;DR: Unlike the Mind Flayer or the Vecna of the Upside Down, the people in the dark web are just that: people – and understanding who they are in addition to how they operate provides critical context around threats. 

The gang vs. the team

The group of kids from Stranger Things are arguably the heart and soul of the show. If you don’t watch it, you might compare them to the Scooby Doo gang. In the same way, dark web intelligence operatives are the heart of dark web monitoring. 

There are entire sections of dark web forums designed to smoke out researchers so you have to have a high degree of emotional intelligence and an ability to compartmentalize your personality.

Our dark web operatives must have the maturity to take one hat off, put another on and become somebody that is a reprehensible personality. Then, they have to have the maturity to know when to take that hat off and pivot to talk to colleagues and clients after engaging with uncouth criminals in their language. 

Tradecraft, training practice, and virtually unconditional support from a close-knit dark ops team are paramount. The process, the tradecraft, the training, and the person – every component has to be right to operate and succeed in this type of role.

TL;DR: Stranger Things has Will, Dustin, Mike, Lucas, Max, Steve, Nancy, and Eleven. An effective dark ops team needs to have the same level of knowledge and emotional intelligence.

Threat intelligence tips for navigating the underground economy

As the old saying goes “as above, so below.” This is true of the dark web. Having a team on the inside that understands what is important, dispels myths, and knows when a threat has credibility is critical  to make decisions that keep your brand, and your people, safe. 

Additionally, your team can deploy the following tips to more easily understand threats in the criminal underground:

  • Make sure your team consists of expert global operatives who have spent significant time in and understand the underground economy well. The dark web isn’t a bunch of hocus pocus and having an experienced team in your corner can save you time, energy, and focus as they have already built the relationships and gained access needed to navigate the threat landscape. 
  • Deploy dark web monitoring as part of your overall threat intelligence strategy. The surface web makes up less than 10% of the internet; the rest is housed in deep and dark channels and forums. Don’t underestimate the value dark web monitoring brings to your strategy. 
  • Always ask your dark ops team for context surrounding any potential threats. Not every underground actor is a serious threat; some are all talk. Knowing the difference saves time, energy, and money. 
  • Don’t assume the worst. Yes, we are saying not to assume the worst when you’re facing your company’s version of the mind-flayer – that’s because when you have an experienced intelligence team, relationships can sometimes be leveraged to make the situation less dire. 

There are so many more elements of the dark web that can help your team succeed. Learn more about how ZeroFox can help protect your business with dark web intelligence and check out the rest of the video series here.

See ZeroFox in action