You’re happily humming along on the Internet thinking you’ve got a pretty good understanding. You can navigate your way around Google, Facebook, Amazon, and news sites. You’re actually only visiting four percent of the Internet. In doing all of this, did you forget about the Dark Web?

There’s a whole world (96% of the Internet) hiding beyond these safe surface-level sites, known as the Dark Web. It’s a much less hospitable place and a very significant part of the internet that can’t be ignored.  

dark-web-1

What Exactly is the Dark Web?  

The Dark Web was developed in 1990 by a U.S. Naval Research Lab. It’s a conglomeration of websites that cannot be found on search engines or accessed via traditional web browsers because their location and identity is hidden through encryption tools, like TOR. 

TOR browsers were originally created to protect military communication but now have much broader utilization for both Dark Web purposes and for highly secure communication. You have to access these sites utilizing TOR, typically.  

TOR users create Dark Web sites in order to hide where they’re operating from, as well as to remain anonymous (TOR hides all IP information, identifying information, as well as data transfers). Over half of the sites on the Dark Web are used for criminal or illegal activities. 

dark-web-2

Why do People use it?  

One of the most prevalent uses of the Dark Web is buying and selling illegal goods, such as recreational drugs, weapons, fake identities, and organs. The proliferation of cryptocurrency, like Bitcoin, has facilitated these sales. 

People living within totalitarian societies that restrict communication also take to the Dark Web to share their thoughts freely. To them, an anonymous online presence through a TOR network doesn’t seem like criminal activity. But, what they don’t realize that browsers like this are exactly how criminals protect their identities online. They use it as an easy way to perform criminal acts such as money laundering. 

The most dangerous use of the Dark Web for businesses is the exchange of credentials (usernames and passwords) and identities. These could be credentials for your social media, credit card and bank accounts. 

A recent audit from the security firm Digital Shadows has put a number on just how large a problem that it has become. The data-loss-detection firm found 15 billion login pairs—user names and passwords—stemming from 100,000 breaches. Five billion of those were unique. 

An individual’s stolen credentials can typically be sold on the Dark Web for the low price of $1 to $8. Hackers utilize these purchased credentials to: 

  • Gain access to important financial information and steal identities (access to a Bank of America account holding $50,000 can be purchased for $500) 
  • Access accounts for further phishing attacks 
  • Threaten people with exposure of sensitive information (Remember the Ashley Madison hack from a few years back? Those credentials were dumped onto the Dark Web and hackers leveraged them to expose users). 
  • Compromise other accounts using the same passwords and perpetuate the sale of personal information 

dark-web-3

What can you do about it?  

The average citizen will never have a reason to access the Dark Web, but their credentials could easily be floating around, endangering their offline livelihoods. Once your credentials are released on the Dark Web, there is little you can do to have them removed. However, you should, at the very least, know when you’ve been compromised; so that you can immediately act by changing passwords and activating two-factor authentication.  

We recommend utilizing a full Dark Web monitoring service that alerts you if your credentials appear on it. These services are constantly scanning for your information and alert you whenever something suspicious appears. 

These alerts don’t necessarily mean a breach has occurred, but they are a very good indicator that something bad may be coming. These kinds of scans ensure that company network credentials aren’t on the Dark Web for purchase. 

You can then create a plan of attack before any damage is done. Granted, there will be your fair share of false positives, but we firmly believe in operating in the better safe than sorry camp.  

Along with this kind of monitoring, a layered combination of the right Managed Security solutions will ensure your business is monitored and safe at all times.

How should you get started with Dark Web monitoring?  

Contact The TNS Group today to learn more about Dark Web scanning and monitoring. Protect your business, your employees and yourself.

Categories: Managed Service Provider, MSP Blogs