It has lately been stated by tech professionals from Georgia State University and The University of Surrey, there exists a thriving marketplace for the highly sought-after digital certificates, namely TLS and SSL, at abstract and restricted repositories across the Internet, which is claimed to be a trivial part of the infamous Dark Web.
The team includes several security experts, and also claims that when the certificates are traded on the darknet, they are usually bundled with a wide range of crimeware that distributes mechanism IDs to the black-hats who use them to spoof websites, snoop on encrypted data traffic, accomplish attacks and steal sensitive data, among other activities. According to David Maimon, Associate Professor at Georgia State, he was intrigued to realize how easy and reasonable it is to acquire extended validation certificates, along with all the documentation needed to create very credible shell companies without any verification information.
Another proficient tech hotshot, Kevin Bocek, Vice President of Security and Threat Intelligence for cyber-security firm Venafi, said, “The studies found clear evidence of the rampant sale of TLS certificates on the Dark Net”.
The Deep Web also continues to be away from the reach of law enforcements, due to the restricted access to the Deep Web, which is allowed only through TOR ONION browser, which bounces the location of individual users across a mesh of networks, spanning across countries or continents.