The internet you interact with on a daily basis is not the entire internet.
Websites you routinely visit, social media platforms you frequent, streaming sites — these are a part of what’s known as the surface web, billions of web pages that are indexed and accessible via search engines.
Lurking below the surface web, however, are two more levels: the deep web and the dark web. And while each has its own purpose, they’re not interchangeable.
The deep web, for example, includes elements of the internet that have been blocked from the prying eyes of web crawlers. Things like databases, medical and banking records, and services that require sign-in credentials.
According to estimates, the surface web accounts for just 4% of the internet. The deep web, meanwhile, accounts for roughly 90%.
The remaining 6%? That’s what’s known as the dark web.
Chances are, if you’ve heard about the dark web, you know it as a place for criminals — “A wretched hive of scum and villainy,” to quote Obi Wan Kenobi.
Access to the dark web depends upon a specialized web browser, the most popular of which is Tor. And instead of the traditional domain endings like .com or .org, dark web addresses end in .onion. And while there are legitimate uses for accessing this ecosystem, such as secure communication for whistleblowers and those fighting against oppressive regimes, crime is by far the most common activity.
It’s also big business. In 2021, for example, Europol announced a joint operation between a handful of nations that took down DarkMarket, then the world’s largest illegal marketplace. The numbers revealed by the operation were shocking:
Nearly 500,000 people regularly used the site
There were more more than 2,400 sellers conducting hundreds of thousands of transactions
More than 140 million Euros were spent and received on the marketplace
Even if the vast majority of people and businesses have no reason to access the dark web, monitoring activity there is still important. Why? Because the dark web is home to vast repositories of data and information that have been stolen.
Credit cards, social security numbers, even Netflix credentials can be found for sale on various dark web websites and marketplaces. Same for networks that have been compromised, known software vulnerabilities, and “off-the-shelf” malware.
Basically, any information stolen via phishing or other attacks will likely find its way onto the dark web where it can be purchased.
Because of this, IT professionals and companies need to be proactive in monitoring dark web activity — not just when a cyber attack occurs, but also on a proactive basis. This is due to the fact that criminals in the dark web often have something standard criminals don’t: patience.
Unlike someone stealing a credit card from a wallet and taking that card on a shopping spree, information on the dark web tends to arrive slowly. Hackers often steal information only to sit on it for weeks, months, even years before making it available for purchase. It’s also common for hackers to sell stolen data in bulk to another party, who then sells it off in pieces — further obscuring the trail.
By regularly scouring the dark web for personal information of employees and company data, IT can significantly limit the damage stolen information can cause.
This is particularly important since most data breaches either go unreported or are identified long after the fact, making it far too late to react before damages can be inflicted.
At Dynamic Computing, our process for monitoring the dark web works like this:
Regular scans utilizing specialized software for posted credentials belonging to our clients and their accounts
If credentials are found on a dark web site, forum, or marketplace, we immediately inform the client and tell their teams to reset passwords
To fully assess the potential damage to the business as a whole, we can conduct a forensic investigation to determine how the leak of credentials happened and whether other employees are at risk
Can a company or individual be completely safe from crime happening on the dark web? No. For every marketplace like DarkMarket that is taken down, another springs up overnight.
But as governments around the world continue to play a game of “whack-a-mole” with illegal sites on the dark web, IT can go a long way toward keeping companies safer simply by monitoring for reported breaches and proactively looking for stolen company information.