October is Cybersecurity Awareness Month and the perfect time to shine some light on the murky mysteries of the dark web. Read on to find out what the dark web is, how it can impact your business, and what you can do to protect yourself. You can also skip down to watch a video of our CEO Chuck Brown discussing the dark web on WSAV’s Coastal Experts.
3 Parts of the World Wide Web
1. Surface Web
The dark web is part of the Internet, but not what we access when we’re browsing websites, searching articles, or shopping online. Picture an iceberg like the image to the right. The Internet we use, sometimes called the visible Internet, would be that small, top portion, consisting of all the millions of websites that are searchable by, or visible to, Google and Bing, for example.
This visible portion is also sometimes referred to as the “clear web” or “surface web” and is only the tip of the iceberg. The deep web and the dark web make up all the rest, the massive area underneath the surface.
Estimates put the surface web at only 1-4% of the Internet, meaning the deep web and dark web make up the other 96-99%.
2. Deep Web
The content of the deep web goes below the surface to websites that cannot be openly and publicly accessed, pages that will not appear in search results. Think about websites that need you to login first, such as your email, online banking, and private or otherwise restricted access social-media pages and profiles.
Deep web content includes medical records, membership websites, and services that users must pay for and are protected by paywalls, such as video on demand and some online magazines and newspapers. It also includes any content that its owners have blocked web crawlers from indexing.
The deep web is considered ethically neutral: it can be used for good or for bad.
3. Dark Web
The dark web, considered part of the deep web because it is below the surface, is even harder to access. It takes special tools and techniques to get to, and even if you know where you want to go on the dark web, you cannot do so from a ‘normal’ web browser.
People commonly associate the ‘dark’ in dark web to mean dark dealings and illegal activities, and in truth, the dark web is where many attacks are launched from and where a lot of the stolen data is sold. Its anonymous structure and hidden nature naturally attract criminal activity.
But I do want to acknowledge that not all of the dark web is used for illicit purposes. Some people use it legally for the anonymity, such as abuse victims or whistleblowers. In terms of your business and the risks to you, however, the simple (and more common) understanding of the dark web as a place where criminals will share cyber attack tools and sell your stolen information is what this article is going to focus on.
Discussing the Dark Web (Video)
Now that we know the basic idea of the dark web, let’s add some details. Starting at the 1:41 mark in the video below, Chuck and Natalie dig into how easily passwords can get compromised and how that ties into the dark web.
I’ve pulled out some key parts of the transcript so you can read if you prefer not to watch.
“You’re not really even worried about keeping a person out [of your password-protected account]. The threat is that there are programs out there that are designed to randomly run through hundred of thousands of passwords to try different things. And common things are easier to crack is the bottom line. Most of the information needed to crack most passwords, you can find on Facebook.
And in a lot of cases when a password is compromised, it’s immediately made for sale on the dark web.”
Chuck goes on to give examples of costs listed to buy account information on the dark web, many of which are disturbingly cheap. And he sums up the dark web in this way:
“There’s very little good on the dark web. The dark web is used by people who are selling or buying things that they can’t put on the regular web. And that’s everything from illegal drugs, stolen pharmaceuticals, cyber weapons used to create malware, physical weapons, forged documents, stolen credit cards, ISIS recruiters, human trafficking… Pretty much anything you can think of that is depraved and evil, you can find somewhere on the dark web.
The good thing is, the dark web is not something you’re going to stumble onto. It’s not the easiest thing to get to. It takes special tools and techniques. The bad thing is those tools and techniques are readily available on the web…but you’re not just going to stumble into it.”
They then discuss the differences between the regular (or surface) web as we explained with the iceberg image above and what happens if one of your passwords gets compromised.
As Natalie asks, “Would I even know?”
It’s very likely you would not know. Or you may not know until you get an alert about unauthorized access from a new device. Or you may not know until something strange shows up on your bank statement or credit card.
And when it comes to your business, you may not know until you get hit by ransomware. Because that’s what criminals have discovered is more effective – gaining network access and remaining undetected until they have infiltrated every area they want or stolen all the data they want to hold for ransom.
But there are tools that can help.
Dark Web Scan
“One of the services we offer is called a dark web scan. What it does is looks at the domain – the email addresses your company uses – and searches certain databases on the dark web to see if that [domain] shows up, implying that one or more of your employees’ passwords have been compromised.”
If you’ve never checked before, a dark web scan can be the perfect starting point to assess your current risk. And you may qualify for a free scan and report from us (see form below).
In a longer part of the discussion shown in the video above, Chuck told Natalie that a 2017 study showed the average business user had 191 passwords. And another study showed that 59% of people use the same password over and over again.
Stop and think about that for a second.
If you have 150-200 logins, and you use the same or a slight variation of the same password across them, then all it takes is ONE of those accounts to get hacked for ALL of your information and connections and network access to be wide open.
(Fun Fact: He estimated having 1700-1800 passwords himself.)
The point being that you may need more than a one-time scan. If every one of your employees has more than 150 passwords and any single one of those is similar to their work account password, then your company could be exposed.
Dark web monitoring may be what you need to help protect your business. An ongoing monitoring service will alert you if certain emails, names, passwords, usernames, and more appear in the deep web. This gives you the chance to change passwords or back-up data before an attack occurs. A service like this could save you from having your identity stolen or from losing your business entirely.
At Infinity, we believe you should know if your data is being passed around on the dark web. So if you’re curious about it at all, fill out the form below, and we will get back to you with either your free scan results or other options for those who do not meet the free report eligibility.
Request My Free Scan