Here’s why the Dark Web just got a lot darker

Why the Ashley Madison hack might lead to a tiered Internet.

Reports about the Ashley Madison breach are all over the news this week. I’ve rarely seen so much attention given to a data breach. What we know is far is that there are 37 million user records “in the wild” right now that contain personal information including credit card numbers, names, email addresses, and even sexual preferences. It’s intense.

What’s most interesting to me about this breach is that the hackers have gone to great lengths to protect their own identities. According to a BBC Report today, the hacktivist group known as Impact Team made sure they used encryption keys to sign the data. There is no digital footprint so far, although the same BBC report suggested that one of the hackers might have been a contractor.

What worries me most about a hack like this is that it just encourages more hackers to go after more legitimate companies. (Ashley Madison is intended for married people to find partners who are willing to have an affair or to brag about it -- or both.) Security experts keep telling me the main fallout won’t have anything to do with divorces or lawsuits; it will lead to a whole new round of loosely-related phishing scams.

You can imagine how this will work. Hackers will use the news about Ashley Madison to trick even more people into clicking an email that infects their computer. There will likely be even more ransomware ploys that involve stealing data and then promising to expose something if you don’t pay up. The problem with such a major breach like this is that it not only creates headlines, it creates copycats. I’m expecting to see more breaches that follow the “prescription for success” used here.

Here’s the worst part of all. Let’s say the Dark Web does get even darker -- more attacks, more breaches, more lawsuits. Just one quick check at Google News and you can see that this is a huge story. Other hackers have surely noticed. I can’t say much about whether Home Depot is a perfectly legitimate and ethically pure company, but compared to Ashley Madison, they seem like a ma and pa shop that sells lumber and gives you a pat on the back when you leave. Did they really deserve this?

As the Dark Web gets darker, it seems ever more likely that the U.S. Government will get involved and end up splitting the Internet into two channels. There will be the wild and unprotected side used for sites like This is where you will surf without thinking about the consequences. Then, there will be the “commercial” side where you visit a site like Companies like Verizon will "sponsor" it. You’ll have an expectation of privacy on the commercial side. will have an expectation of protection against hacking. Perfect world, right?

The problem is that I’m a big proponent of entrepreneurship. I won’t comment on whether I think Ashley Madison is a legitimate business. When you take sides, you either end up sounding like a deadbeat loser or a pious more-righteous-than-thou Bible thumper. However, I do want to defend the rights of some random dude in Omaha who wants to sell smartphone cables. He won’t have a chance to compete on the “commercial” side of the Internet, so he’ll probably have to create a site on the unprotected second-tier channel, the one that is “free and open” for everyone. Good luck with that.

Is it fair? Is it even (shudder) moral? The commercial side will likely be well-funded, fast, reliable, government-sanctioned, and possibly heavily taxed. The free side will be like drinking water at the local cesspool. In the end, the free and open Internet is that way for a reason. It's not so you can cheat on your wife. Frankly, people will do that with or without the Internet. The "free and open" bit is intended to foster ideas. It's meant to level the playing field. It's meant to help that one guy in Omaha.

What do you think about this? Are hackers essentially paving the way for a Light Web? Is it even darker now? Is there a light at the end of this tunnel? Post in comments.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about GoogleHome DepotNewsVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John Brandon

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts