By Lauren Morley on Oct 22, 2019 10:17:00 AM
You’re happily humming along on the internet, thinking you’ve got a pretty good understanding. You can navigate your way around Google, Facebook, Amazon, and news sites.
You’re actually only visiting four percent of the internet. There’s a whole world hiding beyond these safe surface-level sites, known as the Dark Web, and it’s a much less hospitable place.
What exactly is the Dark Web?
The Dark Web is a conglomeration of websites that cannot be found on traditional search engines or accessed via the usual web browsers because their location and identity is hidden through encryption tools such as TOR.
TOR was originally created to protect military communication but now has a much broader utilization for both Dark Web purposes and highly secure communication. You typically have to access Dark Web sites utilizing TOR.
People create sites on the Dark Web in order to hide where they’re operating from, as well as to remain anonymous (TOR hides all IP information, identifying information, as well as data transfers). Over half of the sites on the Dark Web are used for criminal activities.
Why do people use the Dark Web?
One of the most prevalent uses of the Dark Web is buying and selling illegal goods, such as recreational drugs, weapons, fake identities, and organs. The proliferation of cryptocurrencies - like Bitcoin - has facilitated these sales. People living within totalitarian societies that restrict communication also take to the Dark Web to share their thoughts freely.
The most dangerous use of the Dark Web for businesses is the exchange of credentials (usernames and passwords) and identities. An individual’s stolen credentials can typically be sold on the Dark Web for as low as $1.
Hackers utilize these purchased credentials to:
- Gain access to important financial information and steal identities (access to a Bank of America account holding $50,000 can be purchased for $500)
- Access accounts for further phishing attacks
- Threaten people with exposure of sensitive information (Remember the Ashley Madison hack from a few years back? Those credentials were dumped onto the Dark Web and hackers leveraged them to expose users).
- Compromise other accounts using the same passwords and perpetuate the sale of personal Information
What can you do about it?
The average citizen will never have a reason to access the Dark Web, but their credentials could easily be floating around, endangering their offline livelihoods.
Once your credentials are released on the Dark Web, there is precious little you can do to have them removed. However, you should, at the very least, know when you’ve been compromised so that you can immediately act, like changing your passwords and activating two-factor authentication.
We recommend utilizing a full Dark Web monitoring service that alerts you if credentials appear on the Dark Web. These services constantly scan the Dark Web for your information and alert you whenever something suspicious appears. These alerts don’t necessarily mean a breach has occurred, but they are a very good heads up that something bad may be coming.
A few other helpful tools include haveibeenpwned.com - enter your email address to find out if your credentials can be found in online breach databases, and Google Chrome's Password Checkup Extension - when you log into a website, this tool will alert you if the password you use on it has been compromised and advises you to change it.
You can then create a plan of attack before any damage is done. Granted, there will be your fair share of false positives, but we firmly believe in operating in the better safe than sorry camp.
How should you get started with Dark Web monitoring?
Our team can run a free preliminary scan of your domain revealing the likely breaches in the last 36 months. We’ll then review that report with you and come up with a plan of action to alleviate any major dangers. Click here to request that scan.