Fong Choog Fook in his statement said normally you have to go through a special channel to connect to Dark Web – Ramani Parkunan / The ESPC


Kuala Lumpur: September 9, 2020 — Mid of August, Singapore’s The Straits Times (ST) published a story claiming that around 70 of the stolen documents that were released were supposedly sourced from hacked TLDM personnel emails.

Sensitive Royal Malaysian Navy (TLDM) documents have reportedly been leaked on the Dark Web.

The documents are said to contain information about TLDM and Malaysian Armed Forces (ATM) bases, details on TLDM personnel as well as sensitive communications between TLDM and a United States (US) Navy vessel.

When they say about Dark Web, what do we understand? Is it something a dark or secret place?

This term is just as mysterious as they sound, despite how similar they may seem at first glance.

So much so, that tech-savvy publications generally use a disclaimer when discussing the dark web, reminding their readers that it is not to be confused with the deep web, which is related, but not at all the same thing.

What is the deep web or dark web?

Both deep web and dark web were coined recently, gaining popularity in the world of cyber.

Dictionary.com defines deep web as “the portion of the Internet that is hidden from conventional search engines, as by encryption; the aggregate of unindexed websites.”

When people discuss the seedy underbelly of the Internet where you can buy stolen data, drugs, weapons, child pornography, murders-for-hire—basically any illicit item or service you could dream up will be done using the dark web.

The dark web, sometimes referred to as Darknet, is accessed by Tor (The Onion Router) or I2P (Invisible Internet Project), which use masked Internet Protocol (IP) addresses to maintain anonymity for users and site owners.

This way, people who use the dark web for illegal purposes can’t be traced, and it’s difficult to tell who hosts a particular site.

To get an understanding from a local cyber security expert, ESPC team interviewed Fong Choong Fook of Le Global Services Sdn Bhd.

According to him, “We know that Internet has many websites, chat rooms and many other functions, there is also another part of the Internet which is not disclosed to the public.

“It is not indexed by the search engine. Meaning that if you are trying to search certain websites it is not found but although it is placed in a dark place.

“Normally you have to go through a special channel to connect Dark Web. You connect to the network.”

The sites in the Dark Web frequently change and you never know. The site is not static and changes dynamically.

Sometimes even in Dark Web the law enforcement officers will pretend as bad guys to solicit for information. It is a very complex place, he added.

“It is not easy to track down the Dark web unless the law enforcement suspected that this person going through a dark web to do an illegal activity example selling firearms.

“Then usually they will narrow down and do a surveillance and monitoring on the movement of the suspect otherwise it is very difficult.”

Data Leakage and Prevention

When asked is there any way to overcome this situation, he said “Data Leak is one of the prominent problems for the industry, the cybercriminals do not care the nature of your business and industry you are from.

“There cybercriminals can take the data and sell it for money.

“What we do to prevent a data leak so far there is no effective way to stop cybercriminals to continue to attack

“We only can assure that the prevention is in place at different levels and to look at physical level how your data is securely stored.”

Additionally, Fong pointed out, the second level is to encrypt the data as it will be a defence mechanism. When the data is encrypted, it will at least prepare you for the last case scenario.

“Let say your data was exfiltrated by the cybercriminals but because the data is encrypted so there is no use for the cybercriminals also.”

LGMS was started 15 years ago. They started with a simple objective in mind to provide cyber security consultancy service to the public.

Firstly, they engaged in giving cybersecurity training and gradually ventured into consultancy.

Eventually, they moved on with penetration testing, security assessment, computer crime investigation and computer forensic as well as certification scheme.

By ESPC