If you are having trouble viewing this email, click here to view this online



   ISSUE 88

29 November 2018

Article of the Month Around the World


To the depth of web : The Dark Web


Surface web is the web that is visible to all of us. Where the general services we use such as Linkedin, Facebook etc are presented. Simply it is the indexed part of the web by any search engine such as google, yahoo. Then the deep web can be identified as anything search engines cannot find. Though people portrait this part of the web as illicit, the truth is deep web can be some pages in a website that cannot be reached by the common search engines but only through the website itself. This can be medical records, legal documents, university databases etc. The dark web which I�m going to talk about is a part of the deep web. It is the part of the web which is hidden intentionally and only accessed by special search engines through a unique process.

What illegal content is on the dark web exactly? Well, there is common illegal stuff like drugs, illegal products, fake ids, fake passports, pornography, and the list goes on. But there are more bizarre things in the dark web which are beyond our imagination. There are sites where you can find professional assassins, human trafficking, organs for sale and terrorism. A site called �cloudenine� provides information about well-known celebrities, politicians, public figures as well as individuals. The accuracy of the information is not guaranteed. Yet to see that this information contains public email addresses and certain IP addresses are frightening. There is also verity of malware, spyware, ransomware that are available for purchasing.

But there are also advantages in the dark web. Freedom of privacy is one of them. Then there are resources that are useful for study purposes in different fields. The dark web can be used for military activities for its anonymous nature. It has also become a platform for activists to interact.


In my opinion, the best way to deal with cybercrimes in the dark web is to capture only the culprits. Indexing dark web will not prevent cyber crimes from happening. We humans will always find a way to be undiscovered. The best example for this is when FBI seized a child pornography site called playpen and hosted it in one of their servers for weeks. Then they were able to track down hundreds of members using this site. They framed only the criminals and did not affect other dark web users. Anonymity is not illegal. It is the crimes that should be focused and should be prevented.

Hope this article brought you some knowledge of dark web and if you are interested I suggest you to read some research papers regarding the subject.




Hasini Navindi Abeywardana

is an undergraduate of the Sri Lanka Institute of information technology who is currently following Bachelor of Information Technology specializing in Cyber Security, currently, she is working as an Intern - Information Security Engineer at Sri Lanka CERT|CC

























1 Statistics on the Internet growth in Sri Lanka
2.The Dragon Research Group (DRG)
3.TSUBAME (Internet threat monitoring system) from JPCERT | CC
4.Shadowserver Foundation
5. Team Cymru

  German chat site faces fine under GDPR after data breach


"...A German social media platform called Knuddels.de has been fined with �20,000 following a breach that exposed the personal information of 330,000 users, including their passwords and e-mail addresses, according to a statement (in German) by the regional Baden-W�rttemberg data protection watchdog (LfDI Baden-W�rttemberg)..."


Microsoft Warns of Two Apps That Expose Private Keys


"...Microsoft on Tuesday warned users that digital certificates were disclosed in two apps, which could allow a bad actor to remotely spoof websites or content.

Headset software company Sennheiser HeadSetup, Microsoft said, had inadvertently installed the root certificates onto two apps, HeadSetup and Headsetup Pro....."


Facebook admits 'serious mistake' in not removing racial hatred post in Sri Lanka



'...A Facebook executive has admitted that the company �made a mistake� in not removing a post that incited racial hatred in Sri Lanka, an international hearing on fake news and disinformation in London heard on Tuesday (Nov 27)....'

Election Security Tested



'...We�ve learned a lot about election security in the two years following the 2016 presidential election, and most of it is not confidence-instilling. U.S. voting systems, like any other electronic systems, have vulnerabilities......'

Smartphone shopping: Avoid the blues on Cyber Monday


'....Let�s get a bit statistical first. On Cyber Monday in 2017, smartphones and tablets accounted for almost one-third of online sales, according to Adobe Digital Insights (ADI). With that proportion rising in recent years, a not-too-dissimilar picture is expected to be painted during the 2018 edition of Cyber Monday, which ADI expects to be the largest single online shopping day, ever, in the United States. The importance of taking precautions while grabbing those bargains via our mobile devices cannot be overstated.......'

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in October 2018
  Statistics - Sri Lanka CERT|CC

Keeping data swamps clean for ongoing GDPR compliance

'...The increased affordability and accessibility of data storage over recent years can be both a benefit and a challenge for businesses. While the ability to stockpile huge volumes and varieties of data can deliver previously unattainable intelligence and insight, it can also result in �data sprawl�, with businesses unclear of exactly what information is being stored, where it�s being held, and how it�s being accessed....'

Cisco predicts nearly 5 zettabytes of IP traffic per year by 2022

"...Cisco foresees a massive buildup of IP traffic � 4.8 zettabytes per year by 2022, which is over three times the 2017 rate � lead by the increased use of IoT device traffic, video, and sheer number of new users coming onboard....."
​'Congress Wants to Confront Facebook, Robocallers and Data-Throttlers

�...Democratic lawmakers clashed with the tech industry last week while Republicans sought to expand cyber protections for small businesses.

Congress also finally delivered the Homeland Security Department its top legislative priority and pushed the Pentagon to chip in more cyber resources to defend civilian agencies.....�
Iranian hackers charged in the US for SamSam ransomware attacks

."...We�re sure you know what ransomware is by now.

ICYMI, ransomware is malicious software that scrambles your files with a randomly generated cryptographic key�....."

Notice Board

Training and Awareness Programmes - November  2018


Brought to you by: