According to general manager Ludwig Sandell at Dignato AS, there are industrial trade secrets posted on the dark web, which concerns Norwegian companies, such as Statoil or DNB.
“Many companies have given up control of how valuable information is handled. In a time when it is so easy to get any information from the dark web,” Sandell said.
Sandell’s security adviser tests the security of businesses and looking for secret, hidden criminal networks where sensitive information is traded. The “surveillance center” of the security company is based in Porsgrunn, Norway.
“I have found information about an offshore wind power project by Statoil, which seem to have lost on a memory stick with measurement data and other information. It only took a few hours to find information about Statoil,” Sandell said.
Industrial espionage has always been a major international problem for big firms. Sandell found sensitive information about Norwegian companies including access to their monitoring and control system. If somebody gets access to that they can easily sabotage some important social functions. The manager also found information of another nature on the dark web: banking and credit card info, stolen credentials.
“Often it is the company’s own employees who are to blame. Either by being careless with data security or they deliberately exploit sensitive information that they sit on,” Sandell continued.
A recently published report called Dark Survey of security firm Industry Security revealed that only nine percent of cybercrime business victims takes the case to the police. Statoil is one of those companies who are aware of the issue. Their system is exposed daily to hacker attacks who mostly seek information about commodities.
“There is no need to be naïve. We are constantly working to protect our infrastructure. But we do not go into details about how we follow up on this,” says Baard Glad Pedersen, vice president at Statoil.
“There is a significant underreporting in data related crime. This type of criminals practice penalty-free,” says Jack Fisher Eriksen, Director of Industry Security.
“The data was indefensibly stored. Many have given up control of how valuable information is handled. In these cases it may end up on the dark web,” said Sandell in response to a customer who asked about how their company is storing data.
Norway is a “silent country” regarding dark web busts. The most recent darknet arrest was in April when Norwegian law enforcement authorities detained 15 persons. The vendor group operated on the infamous Silk Road marketplace, which was taken down by the FBI in 2013. US law enforcement authorities were able to access a list of sellers and client names including the vendor shop authorities taken down in Norway. The police action was part of Operation Marco Polo that Kripos, Norway’s national criminal investigation service started against criminals operating on the dark web. Kripos found 150 marijuana plants in the basement of a house in Skien and seized over 80 communications devices including computers, hard drives, as well as memory sticks. However, due to a high level of encryption, they could not use the gathered evidence. This bust is considered to be one of the biggest in Norwegian history that targeted darknet drug dealers.