The phrase “The Dark Web” or “The Dark Net” or “Deep Web” has been popping up in the last few years in the news and in conversation. Even TV shows and movies portray it as a sinister cyber underworld filled with horrible websites and unspeakable content.
Some of that is true, but like all things, the truth often gets twisted and exaggerated with time.
Every day most of us use the internet at work, school, home, and even as we travel, via our smartphones. When you search for something with Bing, or Google, or other search engines, you get a list of matching sites. We may go to news sites, Youtube, Wikipedia, and so on. You can go there and see everything posted on the site. You do not need a password to view the contents. It is open to the public and content is readily available. If the internet were like an ocean, this would be the surface, or the Open, or Public Web. It comprises about 4% of the total volume of the internet.
Then comes the Deep Web. It is often confused with the Dark Web, but these are two different things. It is just below the surface of the Public Web. When you go to Facebook, or your banking site, for example, you need a password to get in. Once logged in, you can view, download, upload, purchase, and do other online transactions. The pages you view are only accessible to only you, or those logging in. This is the Deep Web, it is for the most part not bad or criminal, but just protected because it contains a lot of personal information. These sites also may contain all types of records and information. They may contain medical records, financial records, personal information, credit histories, and so on. All of them sitting hopefully behind a secure password gate. This accounts for about 90% of internet, and is usually where many of us spend our time (and money) when online.
The remaining portion is the Dark Web. This would be like the ocean floor. Unlike the other parts of the net, here there is no way to track you. You can remain hidden as you travel, and so, for the most part, do the sites that live there. You cannot browse this part of the web without a browser designed to see these websites. They have a different type of ‘language’ than the others. Web addresses often look like gibberish with the suffix ‘.onion’ rather than the usual ‘.com’ or ‘.net’, etc., that we are used to. The browser bounces your connection across the globe, using a layered system of encryption. As you travel, it sheds these layers several times so when it arrives at its’ destination, the origin is untraceable, keeping the user anonymous. It would be like driving across country and switching cars every hundred miles or so. The browser is called the TOR browser, short for The Onion Router, named after the layered onion-like encryption. Like an onion having many layers, so does this type of security.
This browser was actually designed by the NSA to help political activists remain anonymous and undetected in countries where oppressive governments could trace them and physically find them. It was intended as well to be used by journalists as a safe place to deposit whistle blower data and remain safe and hidden in the process. Many sites there are still true to this original theme of the Dark Web, a safe place for expression without oppression.
In the deepest parts of the sea, there are beautiful creatures, but also there are hidden predators. The anonymity of the Dark Web has also created a haven for illegal activity, as most know about today. Drugs, weapons, criminal services, and other really bad stuff is bought and sold, using crypto-currency, another dark and untraceable feature.
Inside this hidden economy are also those who threaten the entire web, Public, Deep, and Dark. Cybercriminals have set up shop there. Hacking tools, hacking services, and all types of stolen information is on sale daily. Now, one does not have to be an expert programmer, they only need to buy a ransomware kit, phishing templates, or hacking tutorials, to be on their way to a life of cybercrime. Large collections of stolen passwords, personal information, credit card numbers, banking information, company inside data, and more is on the shelf for easy purchase.
Hacking organizations have sprung up and operate like businesses. Nation states also utilize the Dark Web’s secrecy to operate their campaigns as well. So now there is a conduit where information stolen from networks is distributed, sold, and used for more crime. The criminal aspect of the Dark Web has skyrocketed, becoming bigger than all other types of crime.
We do have some ways available to us in order to defend ourselves from these threats that spring from the Dark Web. First of all, security awareness is key. Knowing that this place exists and what its’ goals are is the first step for prevention of becoming a victim.
Learning how to recognize fake email, or phishing, is important, since about 80% of cybercrime starts with a simple email fooling the receiver. Changing passwords and even email addresses periodically is another good strategy. Since many big sites like Linkedin, Adobe, and DropBox have been breached, many of those password sets are now there, for sale. Many people do not realize that their emails and possibly passwords are already out there waiting to be used for phishing, or to gain intrusion.
Dark Web scanning is a great tool to see how much you or your organization has been compromised. It will scan the Dark Web for your email domain. It will let you know which of your credentials have made it to a site posted for sale. Once you identify these you can take action by removing old, unused accounts and by changing current email address and/or passwords to render them ineffective. About 70% of domains scanned have anywhere from a handful of breaches to thousands. Some go as far back to around 2011, but if not removed or changed from your system, they are still valid and can be used. This is one of the big threats of stolen information being sold, it has a long shelf life. Names, addresses, social security numbers, and other personal data does not change and can be used for years. Whatever we can change should be done routinely. Thankfully, there are websites like haveibeenpwned.com where you can check a single email address. It will show how many times it has been stolen, and if it has been posted. This is great for personal or home email addresses. Once identified you can make changes to your emails and passwords to close these breaches.
Depending on the age of these breaches, other steps are necessary. If a password was stolen last year and ‘nothing has happened’ doesn’t mean that nothing will happen. Intruders often gain entry and then will sit quietly inside a network to observe and gather intel. Months can go by until a well-crafted email is delivered to the right person and damage or theft is accomplished. Internal and external penetration testing, phishing simulations, and security policy and education is vital to increase safety and dramatically reduce this risk. Most companies when initially tested have found that around 30% of their employees were fooled by phishing email simulations. After about one year of continued security awareness training and phishing tests, it dropped to around 2%.
These breaches are clues to other possible undetected threats that may be dwelling in your system now, waiting for the right time to strike. There may be misconfigured network settings or other vulnerabilities that are undetected.
Yes, part of the Dark Web is scary. It is a very organized, a mostly invisible and growing machine that creates, manufactures, and promotes cybercrime every day. We can defend ourselves by finding these breaches and taking these steps to plug up any holes, and greatly reduce our future risk.
At INVAR Technologies we greatly focus on Cybersecurity, and the human factor. Technology like firewalls, monitoring programs, filters, etc. are great and they do work. But, we, the users, are the weak link in the chain. By taking steps to identify, correct, and educate, we can greatly help you not to fall prey to the threats coming out of the Dark Web. We offer FREE Dark Web scanning to identify what, if any of your credentials have appeared on the Dark Web. We also can evaluate the results and offer suggestions and solutions for your organization.
Cybersecurity & Technology Consultant
INVAR Technologies Inc.