The Dark Web. It sounds mysterious, seedy, underhanded. What is it? How does it work? And should you be concerned about your information being sold?
First, let’s educate ourselves. The Internet is loosely classified into 3 regions. You may relate it to an iceberg: what you can see above the surface and what you cannot see below the surface.
The First 10% of the Internet is the region above the water that we can see:
- The Clear Web – It is the region of the Internet with which most of us are familiar – publicly accessible web pages that are largely indexed on search engines. This is also known as the “Surface Web”.
The Next 90% of the Internet is below the surface and consists of:
- The Deep Web – The Deep Web are regions of the Internet that are hidden from the public. They require authentication or passwords to access the data within.
- The Dark Web – Within the Deep Web are regions of the Internet that are intentionally and securely hidden from view. It is an area of the web where anonymity is critical. The Dark Web can serve the purpose of avoiding censorship and helping people communicate in environments that are hostile to free speech. However, criminal services can be shopped for here and run rampant.
The Clear Web and Deep Web are places you regularly access on your computer browser.
- Example of Clear Web: Browsing to yahoo.com or espn.com to read news.
- Example of Deep Web: Browsing to amazon, logging in to see your shopping cart, browsing to your bank and logging into your bank account.
To access The Dark Web, you commonly have to use something called a “tor browser”. Tor is short for The Onion Router. The Tor network was originally developed by the US Naval Research Lab. It was released under a general license in the early 2000s. Tor is now a non-profit organization that researches and develops online privacy tools. Tor browsers disguise your online activity and you may even need to be invited to access specific “.onion” domains within The Dark Web.
Tor directs internet traffic through a free, worldwide, volunteer network consisting of more than six thousand relay servers or users’ computers to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis.
As mentioned, the Dark Web is not all bad. There are advocates for The Dark Web that claim it promotes whistleblowers and free speech activism. However, the content on The Dark Web is dominated by illegal pornography, hackers, fraud, and black-market sites that are involved with human trafficking, drugs, and even murder for hire.
So, why should you care?
From small businesses to large enterprises, there is an average of 28,500 of breached data records, including credentials, per US based company. Typically, it is your own credentials or those of your employees that show up for sale to the highest bidder, much like an eBay for the criminal world. However, in some cases, personal information like your social security number is also listed for sale. Pause for a moment and think about that. The problem is not that your credentials are on the Dark Web for sale. As troubling as that may be, the biggest problem comes when a cyber criminal decides to buy your credentials. It is an investment for them. A criminal dealing in stolen credentials can make tens of thousands of dollars from buyers interested in those credentials. And rest assured, they will not stop until they get a return on that investment.
“Ok, but how did my credentials get on the Dark Web in the first place?”, you might ask.
You’ve heard of Phishing by now I am sure. Often it is a subtle trick by means of a suspicious email, perhaps even message that makes your heart race, or a web link. “Did I go somewhere I shouldn’t?” “Oh, I need to change that password?” “That website needs me to update my info?”
Common things we don’t even think twice about doing can put our credentials for sale on the Dark Web.
The other common way your credentials end up on the Dark Web is that a vendor or partner in your supply chain gets hacked, en masse. Your info and a million other credentials end up on the Dark Web. Your hope at that point is that your credentials do not get bought first.
So, what if someone buys my credentials – what is the real risk to me and my business? That will be discussed in part two: How is your business affected?
We encourage you and your staff to sign up for our FREE Cybersecurity Tips which include information like this, emailed once a week, in order to spread cybersecurity awareness. Any one of these tips can easily save you from becoming a victim of a cyber-crime!
To learn more about protecting your business, we invite you to sign up for a Free Dark Web Scan of your business credentials.