KPMG United Kingdom

About
Transparency Report 2012

Our Transparency Report seeks to explain the steps that we take to uphold our professional obligations and responsibilities and how we ensure delivery of the highest quality in all of our services.

Our national charities

We are proud to be partnering with Action for Literacy and Shelter to enable us to play a greater part in tackling the key issues of literacy and homelessness in the UK today.
Industries
Insurance finance transformation

KPMG outlines how successful finance transformation programmes are structured focusing on reporting, process, people and technology to create a Target Operating Model that sets out management’s scale and ambition for change.

Tech Horizons

Emerging, evolving and expiring – our views on the technologies of today and tomorrow. Tech Horizons is an interactive tool, highlighting technologies or trends that will cause changes in the sector.
Services
- A-Z Services
Research
MF Global UK special administration

Richard Fleming, Richard Heis and Mike Pink of KPMG LLP have been appointed "Joint Special Administrators" of MF Global UK Limited. This website provides the latest updates and information from the Joint Special Administrators.

Fast Forward 2035

fast|forward is a new and exciting project by KPMG investigating the key corporate mega-trends that will change the future business landscape and the role of the CFO.
Careers
Live. Learn. Earn. The School and Colleges Leavers Programme

Explore your options in our e-zine, where you’ll find out more about whether our Audit, Risk Consulting or Gap Programme is for you.

Graduate Programmes

If you’re not a little bit scared, you’re not paying attention. Find out more about our graduate programmes in audit, tax, advisory and central services.
Media
KPMG in the UK on Twitter

Keep up to date with the latest news and views from KPMG in the UK by following our twitter feed.

KPMG blog

KPMG’s leadership blogs brings you insight, opinion and debate from our senior partners and industry experts.
Alumni
Connected 2012

Connected 2012 features interviews with many alumni including: Leslie Ferrar, Treasurer to The Prince of Wales; Joseph Wan, CEO of Harvey Nichols; Mark Donnelly, CFO of The Football Association; and Frank Bandura, CFO of Carluccio's Ltd.

LinkedIn

Over 11,000 of our alumni are registered on LinkedIn. We have established the KPMG UK Alumni group to enable you to contact many of our past and current people who are members.

Details

Type: Business and industry issue
Date: 12/02/2013

The Dark Web: The Newest Risk to Legitimate Business

Lying beneath the billions of Google-indexed websites on the internet is a hidden web, thousands of times larger than the indexed, or ‘surface’, internet. The vast majority of this hidden, or ‘deep’, web is made up of inaccessible areas such as libraries, archives, corporate intranets and Facebook posts. There are however, a number of web pages that have been deliberately hidden that include illegal, or morally questionable, material- this area is known as the ‘Dark Web’.

Only a web user who makes themselves ‘anonymous’ online can gain access to the deep web. Using ‘anonymity network’ software, a user’s IP address can be hidden by routing the user to the web page via random servers around the world and creating a temporary IP address instead, essentially anonymising their computer.

This mechanism provides multiple layers of encryption and has therefore become known as ‘onion routing’. Onion routing was originally developed by the United States military to enable untraceable communication between the armed forces. Through software applications such as Tor, this is now accessible to individual internet users. Onion routing means that new pages can be added without detection and pages can be hosted and visited anonymously. The result is that it is often used by political activists in repressive regimes to disseminate messages. For this reason, the deep web was used extensively during the ‘Arab Spring’ uprisings.

However, there is an attraction to the deep web for the more nefarious internet user. This anonymous space on the internet has created a marketplace for providers of goods and services seeking to avoid the attention of the authorities- the so-called ‘Dark Web’. This includes criminal activity such as the distribution of child pornography, but also includes activity which is less obviously illegal. For example, there are websites specialising in the sale of research-level pharmaceuticals and others in the sale of significantly discounted (and presumably counterfeit) electronics. It is websites such as these that pose the greatest threat to legitimate business.

Dark Business

The sale of goods and services in these dark web marketplaces remains anonymous through the use of an online, ‘untraceable’, currency known as ‘Bitcoin’. There are only ever 21 million bitcoins (or BTCs) in circulation. These are traded between individuals on a peer-to-peer network and therefore do not require a central bank.

It is the lack of audit trail surrounding the use of Bitcoin that makes it so attractive to dark web businesses and the ideal currency for dealing in the dark web marketplace. Added to this, there is something known as the ‘Bitcoin mixer’, a central repository where bitcoins can be placed, randomised and withdrawn, affectively removing any audit trail and ‘laundering’ the BTCs much like a traditional money launderer would do using the real-world banking system.

The combination of hidden web space, anonymous web users and untraceable currency has created near perfect conditions for the sale and purchase of illegal goods and services. The most infamous online retail outlet operating in this marketplace is known as Silk Road. The Silk Road web page presents a host of illegal drugs, weapons, currency and hardcore pornography for sale. In order to preserve the total anonymity surrounding the trade that takes place on Silk Road, the only currency accepted on the site is Bitcoin.

A risk to legitimate business

The dark web, and sites such as Silk Road, is not yet on the list of high priority threats facing today’s boardrooms; but it may be in the future. A growing marketplace is emerging; one in which trade can occur in an unregistered online location between two anonymous parties using untraceable currency. This marketplace is therefore the ideal setting for the sale of commodities that could potentially harm the business or reputation of legitimate organisations; including:

Counterfeit goods and pharmaceuticals;
Samples, prototypes and recalled items;
Commercially sensitive or stolen data including intellectual property, customer data, product specifications and software coding;
‘Insider’ or ‘non-public’ information, affecting share prices;
Information relevant to a pitch or proposal for business not available to all in the bidding process;
Illegitimate software licences, unlocking software and computer game modification chips;
Government or company identification.

Robust and exercised internal and external controls are key to ensuring that a company does not ‘leak’ any product, IP or information which could be traded on the dark web. A strong physical security, cyber security and policy framework, supported by the right cultural drivers, can prevent such things falling into the wrong hands and making their way onto the anonymous dark web market.

However, few companies fully understand their own online profile, increasing the risk that the organisation’s brand and reputation is being harmed by the online activities taking place in the dark web.

This has led an increasing number of organisations to ask: “Are we a hit on the dark web?”

Contact

Peter Jones

KPMG in the UK

+44 (0) 20 7694 2675

peter.jones2@kpmg.co.uk

Fighting Fraud links

Glossary

Deep Web - Areas of the web not indexed by conventional search engines, mostly made up of libraries, archives, corporate intranets and Facebook posts. Also known as ‘Hidden Web’

Dark Web - Areas of the Deep Web occupied by those exploiting its anonymity to conduct nefarious activities

Onion Routing - The name given to the layered encryption method that allows users to host and access the Deep Web

‘Anonymity network’ software - Applications that allow a web user to browse the Deep Web anonymously

Bitcoin - A decentralised and digital money transfer system that allows for the anonymous purchase of goods and services online

Virtual Currency

© 2013 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.

KPMG International Cooperative ("KPMG International") is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.

Transparency Report 2012

Our national charities

Insurance finance transformation

Tech Horizons

MF Global UK special administration

Fast Forward 2035

Live. Learn. Earn. The School and Colleges Leavers Programme

Graduate Programmes

KPMG in the UK on Twitter

KPMG blog

Connected 2012

LinkedIn