Even though the dark web is a term that might attract headlines, there is still a lot of confusion about what it is, how it works, and why it even matters. This entry will hopefully help break down some of the learning barriers and introduce the dark web, and what is available to help track down data that might have found its way to the unseen part of the Internet.
The world wide web that you access through a search engine makes up only a minuscule portion of the Internet, with the majority of websites accessible though not indexed. And then there is the dark web, the seedy part of the Internet that is not indexed – and intentionally hidden – which requires something like the Tor browser to access.
Explaining the dark web as the playground for nefarious Internet users wouldn’t be incorrect, but it’s much more complex than that. It’s important to note that there are a significant number of people accessing the dark web simply because they want to browse the Internet with no restrictions, or are worried about protecting their own privacy.
After a major data breach occurs, such as the Equifax data breach in 2017, that stolen data can end up on the dark web. Typically, dark web usage sees an uptick after these massive data breaches, with information from millions of compromised users suddenly shared online. It’s not just about companies using proper data recovery software after a breach, but to help solve next steps to recover from a major cyber incident.
The online marketplace Silk Road, a now shuttered solution originally created by Ross Ulbricht, thrived on the dark web. In fact, it was probably one of the first introductions of both bitcoins and the dark web to the mainstream – people looking to purchase compromised personal data, narcotics, and other criminal activities could likely find it on the dark web.
Prevalence of Dark Web
Cybercriminals are skilled at capitalizing on major world events to steal data and share/sell it among themselves on the dark web. Five popular dark web forums had slightly more than 268,000 unique monthly visitors, a rather impressive figure, according to a study done by cybersecurity firm Sixgill. Interestingly enough, the growth of one forum didn’t impact growth of another destination – and it’s a clear that more people are intentionally trying to find hidden, unindexed Internet web sites.
Personally identifiable information (PII) is extremely lucrative on the dark web, with names, Social Security Numbers (SSNs), credit card numbers, and other sensitive information readily available.
Most dark web sites have a scrambled name and instead of a .com or .net domain, will likely have a .onion domain extension. Even though law enforcement and federal agencies are becoming better at identifying – and finding ways to shut down – these types of services, the cybercriminals tend to just evolve their own practices.
Now that the high level introduction to the dark web is complete, let’s jump into what can be done to find that compromised information.
What is Dark Web Monitoring?
Dark web monitoring, sometimes also referred to as cyber monitoring, is a tool that continuously scans the dark web for compromised information. Considering the large data dumps that often occur from security breaches, much of the information likely ends up unused, but only vulnerable.
Naturally, company executives likely aren’t randomly browsing the dark web, so they are unable to access many of the hiding places where internal data or stolen customer information can be found. To put it bluntly, the information that already ends up on the dark web will likely stay there, and a dark web monitoring service isn’t designed to try to pull it down.
Finding a resource to create a large enough dragnet to properly crawl the dark web, however, is a challenging task. There are a large number of marketplaces, messaging programs, and apps, and other spots where cybercriminals can hide so they are able to buy, sell, and trade information. That’s why dark web monitoring solutions crawl sites, marketplaces, message boards, and files, so users can trigger a search query to identify if their information has been exposed.
Furthermore, doxx lists, pastebins, I2P pages, IRC chats, and other lesser known places where hackers hang out can also be scanned by a dark web monitoring solution. A stolen email list could be purchased, and a cybercriminal may have the ability to purchase that list, then write fraudulent emails mimicking the victim.
Whether it’s liked or not, the dark web is just a reality in today’s ongoing digital age. For companies trying to track down where their stolen information may be, there is at least a little bit of traceability that can be done.
