Threat Tuesday: What is the Dark Web?

In a number of data breach news stories in recent years, you’ve probably seen one phrase pop up again and again: “dark web”. Stories like “Thousands of credit card numbers skimmed from Company X were sold on the dark web” and “Millions of login credentials from <big-website>.com hacked, leaked on Dark Web” have become rather frequent.

What is the dark web? Should you be worried about it? And what can you do to keep your company’s data safe?

What is the Dark Web? What happens there?

The dark web is made up of websites and other services that are not accessible from the normal Internet, but only from specific “darknets”. In order to access sites on the dark web, one must use specialized software. The most common of these is the anonymous browsing service Tor, which makes hidden websites available using .onion links. These sites are neither indexed by regular search engines nor available to most internet users, which is very much by design.

The dark web is home to sites offering a range of unsavory and illegal activities, including drug trafficking, money laundering, and worse. But of most interest to those of us involved in cybersecurity are the underground forums where hackers and data thieves congregate. Here they exchange stolen personal information, malware toolkits, and the services of botnets under their control.

Some of these sites have evolved into full-service marketplaces. For the right price, one can buy zero-day exploits against popular software and hardware platforms, complete with “customer service” packages. Additionally, stolen passwords, credit card numbers, and other personal information are bought and sold in these electronic thieves’ bazaars.

How can I protect my data from the dark web?

With the rise of darknets and the dark web, it may seem like businesses are fighting a losing battle against increasingly sophisticated and organized cybercriminals. But the fact of the matter is that most data breaches aren’t caused by sophisticated, custom-designed zero day exploit toolchains purchased from shadowy underground hacking groups. Most incidents involve much more mundane factors, including unpatched software, employee mistakes, or poor security practices.

That isn’t to say that if your data is stolen via conventional means that it won’t end up on the dark web. Millions of pieces of personal information are circulated there every day, and that trend shows no sign of letting up.

So to protect against threats from the dark web, the usual cybersecurity principles apply. Check for vulnerabilities, train your users, and keep track of where your data is going and how it’s being handled.

CyberCrunch can help you protect your data against unauthorized disclosure by making sure that it’s destroyed properly. Our comprehensive ITAD services will give you peace-of-mind that data contained on old hardware won’t fall into the wrong hands — on the dark web or otherwise.