Professional Documents
Culture Documents
F500 2018 Darknet Index
F500 2018 Darknet Index
Introduction
In May 2017 DarkOwl published its first reranking of the
Fortune 500 companies by their footprint on the darknet.
Since that publication, there have continued to be a number
of very high-profile data breaches, including Anthem, Verizon,
Deloitte, Yahoo and most frighteningly, Equifax. And over the
same period of time overall usage of the darknet has grown,
with over 4 million daily users on Tor alone. TABLE OF CONTENTS
The continued impunity with which large and sophisticated Introduction .........................1
organizations continue to be breached begs a further reranking Methodology .........................3
of the Fortune 500 since our original publication. Using the The Top 25 ...........................4
same methodology that we utilized in our May 2017 paper, we Observations .........................6
look below at changes to the darknet footprint over the last 6
Conclusions............................8
months.
The Darknet Index.................9
The higher the DARKINT score, the more relevant the harmful
information is on the darknet and the greater the risk that
criminals can exploit this data.
Until DarkOwl began this scoring effort, there was no easy *FORTUNE 500 is a trademark of Time Inc. DarkOwl
way to comprehensively measure a company’s presence on is not affiliated with, maintained, authorized,
the darknet. This has however become a critical measure of endorsed, or sponsored by Time Inc. or any of its
exposure due to the growth in usage of the darknet. affiliates.
DarkOwl’s proprietary database of darknet content is the most comprehensive one of its kind in the world.
This database is automatically and continuously updated with between 18 to 20 million scraped pages
daily (up from 10 to 15 million pages per day in May 2017), from more than 50,000 domains on the Tor
network alone (up from 24,000), as well as other darknet networks, including I2P, FTP, IRC, and ZeroNet.
Added to this purely darknet information is data collected from over 100 paste sites. All this DARKINT
content is indexed and searchable in 47 languages. Clients access this information through a SaaS
interface, an API, a direct data feed, or an on-prem installation.
• Most Fortune 500 companies are exposed to a much greater degree than we found in May
2017. Over 80% of the Fortune 500 had new data posted in the DarkOwl database, contributing
to the overall DARKINT Index score increase of 22% compared to May. The average Fortune
500 DARKINT score climbed from 6.7 to 8.2, meaning that there is over four times the relevant
information on the typical Fortune 500 firm as compared to just half a year ago.
• Frontier Communications leads the Index. Frontier rose from #7 in May, to #1 at year end
(while interestingly its stock price declined by roughly 80% in 2017). Conversely, all the May Index
leaders (Amazon, Apple, Google, Facebook, and eBay) fell markedly in our rankings. Our conclusion
remains that the absolute index ranking of a company is not nearly as important as its relative ranking
compared to its peers.
• Financial firms experienced the largest increase in darknet exposure from 2017 to 2018.
Financial firms—frequent targets of hackers—had fared better than expected back in May, but the
average Index score of the largest group within the Fortune 500 rose by over 2 points. Financial firms
now occupy 3 of the top 10 re-ranked firms in this updated Index, whereas the worst financial firm
was ranked #11 in May. Non-banks, particularly the insurance sector, have done notably worse.
• The worst performing firms had the highest percentage of fresher data. The average Fortune
500 firm could attribute roughly 15% of their score related to information posted within the last 90
days. In contrast, the top 10 reranked firms had over 30% of their score attributable to data of theirs
which had been found on the darknet in the 90 days prior to the publication of this report.
Methodology
Unlike the surface web, the darknet is designed to be difficult to index, record activity, or trace user data. The
use of special software is required, and users need to obtain the full URL of a destination darknet web page
to visit. There is no “darknet google,” and darknet sites are often put up and taken down within a matter
of minutes. As a result, the darknet has become a safe harbor for those looking to remain private online,
whether their intentions are good or bad. A high volume of criminal activity has migrated to these sites which
are growing exponentially.
For this re-ranking effort DarkOwl used the exact same methodology and algorithm to assess each company
as we did in May 2017. To compile our DARKINT Index, we ran each member of the Fortune 500 through the
DarkOwl database and recorded the number of unique matches. We focused on specific matches on each
company’s website and email domains and then further adjusted the results based on computations of how
Hackish™ the data was — Hackishness being our algorithmic rating system which weighs over 100 factors to
score a result based on the likelihood the data could be used for malicious intent. Recent results, from within
the last 90 days, are given the most weight, as recent breaches or data leaks containing an organization’s
proprietary information are often more useful to hackers, and haven’t yet been mitigated. All mirror sites
(which can be otherwise considered duplicate data) of both darknet and surface net results were excluded
from the scoring.
Index scores are not meant to be indicative of all the risks a firm faces. Only the most obvious company-
related data is scored. Ultimately a deeper dive into each firm’s results is warranted, which is the purpose of
a Darknet Footprint Report (sample included in this paper in the Conclusions section), which we recommend
firms do on a quarterly basis.
One final note worth mentioning is that the Index ranking reflects the attractiveness of the target. It is not a
“risk of breach.” It is more accurately described as one measure of the effectiveness of an organizations cyber
defenses, as well as the potential attractiveness of a target to a hacker.
ALGORITHM
Our hackishness algorithm (embedded within our Index ranking algorithm) is the most critical input to the
scores, as it eliminates insignificant content hits. For simplicity, our algorithm weighted results from Darknet
Hidden Services (such as Tor) and transitory sites most heavily. All results found in our database were given
some weight as per the formula below:
Our algorithm is simple and objective. It is not biased toward company nicknames, press mentions, company
size, senior officials’ names or other subjective measures. Because of the sheer number of results the scale is
logarithmic, meaning every point in the index reflects almost triple the profile of a single point less, assuming
hackishness scores to be comparable (which often they are not, particularly across different time frames). As
a result, the size of a single breach is less of a factor than the frequency of breaches over the data collection
period.
DARKINT: Top 25
The results of our analysis are presented below for the top 25 companies in our Index as follows. The full
ranking of the Fortune 500 companies by their DARKINT Index scores can be found in the DARKINT Index
section. We categorize all companies using the following metrics:
• DARKINT Rank - The rank of each company based on their DARKINT index score in December 2017.
• Previous DARKINT Rank - The rank of each company based on their DARKINT index score in the May
2017 calculation.
• Fortune 500 Rank - The rank each company is given on the 2017 annual list.
• DARKINT Score - The algorithm score based on the DarkOwl data in December 2017.
• Change in DARKINT Score - The difference between the algorithmic score based on the DarkOwl data
published in this report and the May 2017 score.
• % New Data- The percentage of the DARKINT score that was based on data from the last 90 days.
• Company Sector - The market segment as defined by the Fortune 500 list.
Observations
Every company on the Fortune 500 has a darknet ranking and most have increased substantially since our
report in May. This fact alone offers a glimpse into the growth in sheer volume of information available on the
darknet as well as advances in DarkOwl’s collection technology. Overall, the results confirm that no company
or organization is without risk on the darknet .
The importance of the hackishness rating is seen in the case of Apple. Without such a weighting, Apple would
have been the most highly ranked DARKINT company, with nearly twice the results to its next closest entrant.
Yet when weighted for hackishness Apple did not even make the top 10, and instead came in at #15. Put
simply, Apple has a great deal of data on the darknet, but much of the data’s potential criminal value was low
relative to those with higher Index scores.
The company with the largest hackishness-rated DARKINT score, Frontier Communications, is a bit of a
surprise given their low Fortune 500 rank. But we noted their outsized ranking in May and clearly a large
amount of data from Frontier continues to make its way into the darknet. The remainder of the top 5 ranked
companies come from firms whose scores greatly increased from May.
In May, we had predicted that the nature of our algorithm’s reliance on recent data made our rankings very
dynamic. In fact, the Top 5 DARKINT Index firms from May were all technology firms. Amazon, Google, Apple,
Facebook and eBay each improved their scores despite the large increase in the average Fortune 500 score.
Clearly, the leading technology firms are taking steps to lower their darknet presence while most others have
more work to do
Conclusions
This updated reranking of the Fortune 500 based on their DARKINT presents a mere sliver of DarkOwl’s
DARKINT database which includes information on many additional organizations and individuals. Our database
consists over 300 terabytes of information, and 75% of our searchable data comes from darknet or paste sites
which is where much of the internet criminal activity takes place.
In some cases, private data for sale on the darknet may have come from a breach, but it often is not identified
as such. For example, a group of credit card credentials for sale could have been illegally obtained from either
a bank or a retailer, but that information isn’t always attributed to a specific firm. The more comprehensive a
database, the more likely a search will yield valuable and actionable intelligence.
over time as well. For any firm to available on the darknet that can be misused by hackers or criminals. A
greater availability of data implies a higher risk profile, as more attack
have a truly accurate snapshot of their vectors are available. This is a point-in-time snapshot for August 2017.
shareholders.
Previous Change in
DARKINT Fortune DARKINT % New Company
DARKINT Name DARKINT
Rank 500 Rank Score Data Sector
Rank Score
26 29 9 Ford Motor 13.41 2.91 26.89% Motor Vehicles
Previous Change in
DARKINT Fortune DARKINT % New Company
DARKINT Name DARKINT
Rank 500 Rank Score Data Sector
Rank Score
Liberty Mutual
52 139 73 12.03 4.09 25.50% Financials
Insurance Group
53 146 497 First American Financial 12.01 4.10 27.84% Financials
Previous Change in
DARKINT Fortune DARKINT % New Company
DARKINT Name DARKINT
Rank 500 Rank Score Data Sector
Rank Score
78 15 37 Comcast 11.50 (0.51) 24.37% Telecom
96 236 472 Host Hotels & Resorts 10.97 4.11 30.08% Financials
Aerospace &
97 21 60 Lockheed Martin 10.92 (0.39) 29.66%
Defense
98 121 95 Exelon 10.91 2.70 24.56% Energy
Previous Change in
DARKINT Fortune DARKINT % New Company
DARKINT Name DARKINT
Rank 500 Rank Score Data Sector
Rank Score
105 150 21 Cardinal Health 10.63 2.77 31.62% Health Care
111 156 465 St. Jude Medical 10.54 2.75 30.61% Health Care
125 210 436 Jones Lang LaSalle 10.32 3.23 27.23% Financials
Previous Change in
DARKINT Fortune DARKINT % New Company
DARKINT Name DARKINT
Rank 500 Rank Score Data Sector
Rank Score
Hotels,
Starwood Hotels &
131 175 444 10.27 2.68 22.51% Resturants and
Resorts
Leisure
American Family
132 106 332 10.26 1.89 19.41% Financials
Insurance Group
133 208 194 Western Digital 10.24 3.13 41.28% Technology
Previous Change in
DARKINT Fortune DARKINT % New Company
DARKINT Name DARKINT
Rank 500 Rank Score Data Sector
Rank Score
158 164 102 Avnet 9.62 1.91 12.78% Wholesale
161 254 468 Western Union 9.55 2.87 23.40% Business Services
164 207 467 Kelly Services 9.50 2.38 11.00% Business Services
165 161 140 Tenet Healthcare 9.45 1.69 16.74% Health Care
166 219 221 Waste Management 9.43 2.37 12.06% Business Services
167 117 255 R.R. Donnelley & Sons 9.42 1.19 27.70% Media
Previous Change in
DARKINT Fortune DARKINT % New Company
DARKINT Name DARKINT
Rank 500 Rank Score Data Sector
Rank Score
185 228 358 Quest Diagnostics 9.16 2.23 15.75% Health Care
192 320 244 United States Steel 9.05 3.11 37.12% Materials
Previous Change in
DARKINT Fortune DARKINT % New Company
DARKINT Name DARKINT
Rank 500 Rank Score Data Sector
Rank Score
211 155 375 Sealed Air 8.70 0.89 23.54% Materials
Food, Beverages
212 166 66 Tyson Foods 8.69 1.00 26.91%
and Tobacco
C.H. Robinson
213 142 208 8.66 0.73 16.15% Transportation
Worldwide
214 179 15 Costco 8.66 1.10 1.02% Retail
235 319 411 Erie Insurance Group 8.29 2.33 13.26% Financials
Community Health
236 265 125 8.27 1.77 19.52% Health Care
Systems
Previous Change in
DARKINT Fortune DARKINT % New Company
DARKINT Name DARKINT
Rank 500 Rank Score Data Sector
Rank Score
237 251 108 Tech Data 8.26 1.55 17.98% Wholesale
241 304 459 Alaska Air Group 8.14 2.04 30.45% Transportation
242 300 268 Henry Schein 8.13 1.99 15.36% Health Care
251 303 372 Kindred Healthcare 7.95 1.85 15.72% Health Care
Previous Change in
DARKINT Fortune DARKINT % New Company
DARKINT Name DARKINT
Rank 500 Rank Score Data Sector
Rank Score
263 328 339 BorgWarner 7.78 1.90 20.01% Motor Vehicles
269 345 202 WellCare Health Plans 7.70 2.00 9.02% Health Care
Philip Morris Food, Beverages
270 299 106 7.69 1.53 24.96%
International and Tobacco
271 239 408 Sanmina 7.67 0.85 14.33% Technology
285 363 485 ABM Industries 7.51 2.07 8.32% Business Services
Previous Change in
DARKINT Fortune DARKINT % New Company
DARKINT Name DARKINT
Rank 500 Rank Score Data Sector
Rank Score
289 221 385 Expedia 7.47 0.43 19.38% Technology
311 324 440 United Rentals 7.12 1.19 15.45% Business Services
Previous Change in
DARKINT Fortune DARKINT % New Company
DARKINT Name DARKINT
Rank 500 Rank Score Data Sector
Rank Score
315 312 42 Marathon Petroleum 7.03 0.98 22.98% Energy
316 273 22 Express Scripts Holding 7.01 0.59 0.00% Health Care
317 152 269 Hertz Global Holdings 7.00 (0.82) 0.04% Retail
322 287 281 Navistar International 6.89 0.61 9.06% Motor Vehicles
323 331 312 Republic Services 6.89 1.04 14.37% Business Services
333 114 172 Health Net 6.59 (1.66) 0.00% Health Care
Fidelity National
334 264 392 6.59 0.08 7.32% Business Services
Information Services
335 334 258 Murphy USA 6.58 0.77 15.56% Retail
349 384 291 Owens & Minor 6.29 1.08 0.00% Health Care
350 364 330 Avis Budget Group 6.27 0.85 9.95% Retail
354 340 437 WEC Energy Group 6.24 0.47 15.85% Energy
359 311 404 Alliance Data Systems 6.18 0.13 10.10% Business Services
Previous Change in
DARKINT Fortune DARKINT % New Company
DARKINT Name DARKINT
Rank 500 Rank Score Data Sector
Rank Score
368 413 412 Rockwell Automation 6.00 1.35 20.70% Industrials
371 355 201 Molina Healthcare 5.95 0.42 7.92% Health Care
377 347 335 United Natural Foods 5.80 0.11 11.96% Wholesale
384 325 430 LifePoint Health 5.73 (0.17) 0.00% Health Care
Previous Change in
DARKINT Fortune DARKINT % New Company
DARKINT Name DARKINT
Rank 500 Rank Score Data Sector
Rank Score
394 379 457 Genesis Healthcare 5.55 0.29 0.00% Health Care
Penske Automotive
395 310 143 5.52 (0.54) 0.00% Retail
Group
396 377 170 Nucor 5.50 0.24 0.00% Materials
416 394 355 Interpublic Group 5.24 0.18 0.00% Business Services
Aerospace &
417 454 118 Northrop Grumman 5.21 1.77 19.23%
Defense
418 409 342 O’Reilly Automotive 5.18 0.47 2.89% Retail
Previous Change in
DARKINT Fortune DARKINT % New Company
DARKINT Name DARKINT
Rank 500 Rank Score Data Sector
Rank Score
421 443 384 UGI 5.14 1.27 19.26% Energy
447 431 211 Illinois Tool Works 4.42 0.24 0.00% Industrials
Previous Change in
DARKINT Fortune DARKINT % New Company
DARKINT Name DARKINT
Rank 500 Rank Score Data Sector
Rank Score
Booz Allen Hamilton
448 456 487 4.41 1.01 26.36% Technology
Holding
449 434 267 Group 1 Automotive 4.41 0.25 0.00% Retail
455 422 475 Energy Future Holdings 4.25 (0.18) 0.02% Energy
Hotels,
456 473 109 McDonald’s 4.10 1.72 0.03% Resturants and
Leisure
457 444 356 Steel Dynamics 4.09 0.31 0.00% Materials
458 459 374 Casey’s General Stores 4.09 0.81 0.00% Retail
466 447 186 Omnicom Group 3.90 0.35 0.00% Business Services
American Financial
467 455 421 3.79 0.37 0.00% Financials
Group
468 436 276 Global Partners 3.64 (0.49) 0.00% Wholesale
Asbury Automotive
469 452 393 3.64 0.17 0.00% Retail
Group
470 492 353 XPO Logistics 3.63 2.81 25.94% Transportation
471 458 463 Lansing Trade Group 3.61 0.32 0.00% Wholesale
Household
472 457 328 Jarden 3.47 0.09 0.00%
Products
Food, Beverages
473 497 460 Seaboard 3.47 2.89 0.00%
and Tobacco
Previous Change in
DARKINT Fortune DARKINT % New Company
DARKINT Name DARKINT
Rank 500 Rank Score Data Sector
Rank Score
474 482 448 Hanesbrands 3.46 1.59 26.21% Apparel
476 465 427 Barnes & Noble 3.36 0.50 64.05% Retail
477 464 39 Johnson & Johnson 3.30 0.44 0.02% Health Care
Household
478 429 345 Masco 3.19 (1.03) 0.00%
Products
Old Republic
479 480 442 3.02 1.06 0.00% Financials
International
480 479 315 Univar 2.90 0.93 0.04% Wholesale
486 484 365 Dick’s Sporting Goods 2.61 0.82 48.60% Retail
493 494 426 A-Mark Precious Metals 1.92 1.10 0.00% Materials
Walgreens Boots Food and Drug
494 418 19 1.86 (2.63) 0.00%
Alliance Stores
495 147 6 UnitedHealth Group 1.73 (6.15) 0.00% Health Care
496 450 238 Bed Bath & Beyond 1.63 (1.88) Retail
About DarkOwl
DarkOwl is based in Denver, Colorado providing darknet threat intelligence data and services to allow
companies and organizations to understand and mitigate their digital risks. DarkOwl’s data platform allows
companies to see in real-time the theft, breach or other compromise of their proprietary data on the darknet,
allowing them to both mitigate damage prior to the information being misused and to highlight gaps in their
cybersecurity perimeter.
This database is believed to be the largest database of darknet content available to commercial users.
DarkOwl complements this with a full range of cybersecurity consulting services, including security
assessments, penetration testing, application and code review, incident response, and digital forensics.