What is the dark web?
Most of us tend to think about the web as a single destination, available through our browsers on our laptops and phones. But over the years it has evolved into three very different parts: the clear or public web, the private or deep web and the darknet or dark web. In this primer, we explain their differences, what kinds of information can be found in each part, and why you need to protect yourself when you access this content. As you can tell by the fact that we list different terms, there is no hard and fast division among the three pieces. Here is a good explainer published by the FBI back in 2016, which is somewhat outdated but a useful starting point.
The public web is the web that most of us are very familiar with: the sites that are run by the major dot com businesses, the SaaS sites that provide our software for running common office applications and email, and so forth. This is the data that freely flows between our computers every day. These sites are searched and recognized by Google and other search engines. If you have a web security tool, this is the part of the web that is their focus. Most of the security products give the other parts of the web short attention, if at all.
But when we move to the private web, we come to a part of the online world that isn’t easily indexed by the search engines or covered by security tools. This includes private Intranets, instant messaging (IM) services, chat rooms, discussion forums and private databases that are behind various firewalls or that have no public Internet footprint. Until a few years ago, most hackers didn’t focus on using these areas to gain footholds into business networks but that has changed. As IM usage has taken off (with Microsoft Teams, Slack and other services), adversaries have created tools that can leverage the lack of much built-in security across these services. This makes IM a prime target of opportunity for phishing-like attacks in particular. As an example of the increasing threats that can be found coming from private web sources, just look at the number of Slack add-on security tools.
Finally, there is the dark web. This portion of the online world is much more difficult to get our hands around. Like the private web, these sites take pains to not appear on search indexes, mainly because some of them offer illegal goods and services, including drugs, stolen data (such as credit card numbers) and hacking tools. Not all its content is illegal, but there is a lot that could be questionable.
Examples of this dark web content includes:
- Places where you can hire hackers to break into networks
- Drugs and other illegal items
- Lists of username/password pairs taken from data breaches
- Tutorials on how to use computing tools, especially those that relate to hacking, malware writing, exploitation and code cracking
- Financial data on companies that could be available from a public site or data breaches.
- Compromised sites and suspicious domains for sale
- Source codes of “undetectable” malware that are for sale
- Directories of command and control servers for hire for launching DDoS and other attacks
- URLs of malware file-sharing sites
- Censored content of all kinds
To access the dark web usually requires a special browser called Tor. Most estimates peg its popularity to about five percent of the total Internet content and traffic. They use the naming conventions of .onion domains instead of .com or .net. For example, this link will take you to a list of hard-to-find printed books. Even Facebook has its own presence on the dark web. Why would legitimate businesses have these sites? They can be used to help their developers understand how to use them, and how to protect their data. You’ll notice that these sites have very convoluted domain names: their owners want to make it harder to track and find them, unlike the public web where your brand name is often synonymous with your domain name.
Most of the denizens of the dark web are scammers and swindlers, looking to separate you from your money and your data. These scammers are constantly on the move, trying to stay ahead of law enforcement and vigilantes who are trying to expose their scams. The dark web sites themselves are also on the move as they can be common targets on denial of service attacks. This means that a lot of material is outdated. And as you might expect, the coins of this realm are cryptocurrencies such as bitcoin that make it hard to know exactly whom you are doing business with.
Why does the dark web matter to ordinary web users?
Let’s look at two different perspectives for why ordinary web users should care about the dark web. There is the interest for cybersecurity professionals, who have three basic concerns: first, it is useful to know if your business brand has been mentioned there. This could harm your reputation or confuse your potential customers with someone who is trying to sell fake goods and services. It could also indicate that some data has been leaked from your company.
A second reason is that these dark web mentions could be examples of an early threat warning before malware is detonated across the public web. Because there are so many threat actors that operate on the dark web, you can find out what they are planning and what malware they are testing before the attacks are seen anywhere else.
Finally, the dark web is getting darker. It is increasingly occupied by professional criminals and not just script kiddies or society misfits. The exploits are getting more sophisticated and malware obfuscation tools and techniques are being increasingly seen and traded.
But even if you aren’t a cyber professional, you should still be concerned about the dark web, because your private data could exist on one or more of the stolen credential databases that are being traded online.
What can you do about it?
There are a variety of information sources that can be used to investigate whether your private data has found its way to the dark web. Troy Hunt’s HaveIbeenPwned.com keeps track of millions of logins across years of collecting them from various breaches. It is a good first place to start and you can set it to notify you when your email account has been found in a new collection.
Avast’s BreachGuard is another tool that can alert you if your information is involved in a breach. It scans the dark web daily looking for your information and alerts you if it is found. It also contains tips on how to keep yourself protected and ways to find out if your information is out there.
How to protect your personal data online
Given that a lot of dark web content has to do with your credentials, a good place to start thinking about how to protect yourself from ending up on these databases is to strengthen your login authentication. The first thing to do is to eliminate your own password reuse. Yes, it is convenient to have the same password for multiple sites, but, that is giving criminals an easy way to compromise your identity. There are a couple of tools that can be useful here, including a password manager (such as Lastpass and 1Password) and a smartphone authentication app (such as Google Authenticator and Authy).
Second is to minimize your data footprint. Here are a few examples of how to do this:
- Do you really need to provide your birthday to anyone on social media? Sure, it is nice to get e-greetings at that time of year, but this just makes it easier for hackers to masquerade as you. Your real-life friends will know your birthday, let’s just leave it at that. If you must provide a date, use something that is obviously false like January 1 or April 1.
- Don’t fill out every field in a form that requests private information. For example, do you really need every airline and travel site to have your passport number on file?
- Think about using a payment processor that can anonymize your credit card data. Services such as Google and Apple Pay can make it harder to intercept your data when checking out at an ecommerce site, for example.
As you can see, protecting your data from reaching the dark web isn’t a simple process, and will require a series of careful steps.