What is the Dark Web?
By Kimberly Connella | July 30, 2020 | 0 Comments
What is the dark web?
In order to understand the dark web, you first need to understand how the internet and the World Wide Web work.
To give some context, the internet is a global system of interconnected computer networks that use protocols to communicate between networks and devices. You can think of it as a network of networks.
The World Wide Web is a collection of web pages that exists on the internet. Your web browser uses the internet to access the World Wide Web.
The internet can exist without the World Wide Web but the World Wide Web can not exist without the internet.
A search engine, such as Google or Bing, is a software system designed to carry out web searches. It allows you to search the World Wide Web in a systematic way for specific information. Search engines crawl the web and index web pages.
Google’s mission is to ” organize the world’s information and make it universally accessible and useful.”
Google has digital crawlers that crawl the World Wide Web and index pages so that they can populate the search engine results page (SERPs) when someone performs a web search query. It’s an essential part of their mission.
This leads us to the deep web.
The deep web is a part of the World Wide Web whose contents are not indexed by search engines.
It is a part of the deep web that has been intentionally hidden and is inaccessible through standard web browsers.
- Surface web: Anything a search engine can access.
- Deep web: Anything a search engine cannot access.
- Dark web: A subset of the deep web that is intentionally hidden and requires an anonymizing browser.
Dark web vs. deep web
People often use the terms “dark web” and “deep web” interchangeably. Although the deep web and the dark web do overlap, they are not the same thing.
The deep web simply refers to all the pages which are not indexed.
Site owners can block pages from being indexed by search engines. In most cases, site owners do this because the information is private, irrelevant, or hosts corporate/ client data.
The deep web can host things such as medical records, fee-based content, membership websites, confidential corporate web pages, etc.
Essentially, it is information not intended for public consumption. Most pages on the deep web are perfectly legal and are just meant to be private.
The deep web is neutral, some stuff on it is bad, some is good, but most of it is simply just irrelevant to most people.
The deep web makes up 96% – 99% of the internet.
In contrast, the dark web is a small portion of the deep web that is intentionally hidden and is a hotspot for illicit activity.
The bottom line is that not all deep web is the dark web, but all dark web is the deep web.
What is the dark web used for?
As mentioned above, access to the dark web requires an anonymizing browser. Essentially, Tor is a web browser that hides your IP address and makes your internet activity harder (yet not necessarily impossible) to trace.
As a result, the it is filled with illegal content, services, and products.
You can think of the it as a shady digital alleyway where people go to make shady, usually illegal, transactions.
These can include things like drugs, fake degrees or passports, weapons, as well as illegal services like murder-for-hire, sex services, etc.
In terms of cyber security concerns, you can buy and sell hacked information from data breaches such as social security numbers, credit card numbers, and stolen/ hacked accounts.
In short, it is not a place you want to be caught browsing.
Can the dark web harm my business?
Yes: the dark web can harm your business.
Imagine for a moment that one of your employees had his Capital One account breached in their massive data breach back in 2019.
Your employee, like 65% of employees do, reuses the same password for everything.
If your employee’s data from the Capital One breach is for sale on the dark web, all it takes is a savvy hacker (And, let’s face it, most hackers are savvy) to perform a quick LinkedIn search to find out their place of work.
Hackers can and do access corporate networks with this method.
Worse, what if your employee has admin access?
Now a hacker has the keys to your entire network—and they bought it for $6 on the dark web.
aNetworks has a free dark web scan tool that performs a live search of any compromised accounts on your domain. It provides a report of your compromised accounts that includes details such as the date, origin, and source of the data breach.
The following are examples of things on the dark web that can harm your business:
- Financial data
- Customer data
- Operational data
- Credentials
- Intellectual property/ trade secrets
- Espionage services
- Phishing services
- Access, remote access trojans, keyloggers, and exploits
- Infections or attacks, including malware, botnets, and denial of service (DoS) attacks.
According to a 2019 study done by the University of Surrey, the number of listings on the dark web that could put your business at risk has risen by 20% since 2016.
Furthermore, of all the listings on it (excluding drug sales), 60% of them could harm businesses.
But do not worry, there are ways to protect your business. There are both proactive and reactive best practices you can follow, most of which you should be following anyway.
How to protect yourself
Let us go back to our example from earlier of your employee’s credentials being for sale on the dark web.
What can you, as a business leader, do to avoid that?
Proactive measures:
Establish multi-factor authentication, so even if your employee’s credentials get into the wrong hands, they still need another form of authentication to get into your network.
Create strong password policies, so your employees must follow strict guidelines such as using a password manager, changing their passwords frequently, and most importantly: not reusing passwords.
Test your network access control, so you have a clear understanding of who can access what within your network. Ask yourself questions such as who has admin access? What would happen if their account were compromised? Do my employees only have access to the information they need to do their jobs?
Establishing multi-factor authentication, strong password policies, and network access control is a good start to protecting your business from any malicious actors, whether they came from the dark web or not.
These are foundational security best practices that your organization should have in place.
If you want to figure out if you have the security basics set up, a good first step is to complete a NIST security assessment to examine the strength of your current security. You can use our free cyber security assessment tool.
Reactive measures:
There are also best practices you can follow to monitor your organization’s presence on the dark web.
Complete frequent dark web scans on your domain to ensure none of your employee’s credentials are on it.
Enroll in dark web monitoring so that you can constantly be on top of your business’s presence on it.
What is a dark web scan?
This type of scan is a security service your business can use to scan the dark web for any compromising information associated with your domain.
Essentially, we dive in to keep you out.
We search for things like your accounts, usernames, passwords, email addresses, corporate, financial, or customer data, etc.
A scan can be useful but it is a one-time action. It allows you to check in real-time whether your corporate data is on the dark web.
You can use our free dark web scan tool to test it out.
The only downside to dark web scanning is that you can run a search and come up clean, but then have a false sense of security if compromising data were to be uploaded the next day.
This is where dark web monitoring comes in.
What is dark web monitoring?
Dark web monitoring is a cyber security service that searches for information that could compromise your business.
If you enroll in this service, then you receive alerts that notify you when your corporate information is found.
We alert you as soon as it is discovered so you can resolve the vulnerability before it is exploited.
Alerts notify you when information such as usernames, passwords, credit card numbers, or other corporate data is located there.
Ready for dark web monitoring? Sign up now.
Is dark web monitoring worth it?
Like most security services, it is entirely dependent on your industry, size, and the strength of your current security.
In most cases, dark web monitoring is worth it because it can significantly reduce the chance of successful cyber attacks by notifying you when compromised data hits it.
However, the best way to test if it is worth it is to try it.
This scan gives you a snapshot of your compromised accounts. If your scan comes back clean, then it may not be a pressing problem for your business.
If your scan is alarming in frequency and quantity of compromised accounts, then it is likely worth looking into.
Free dark web scan
The dark web can be a dangerous place.
If you are interested in learning more, then please contact us below.
Furthermore, if you are looking for more information, then check out our resource center.
Finally, you can always find us on Twitter, LinkedIn, and Facebook.