It’s estimated the “Surface Web”—websites and data visible to everyone—represents less than five percent of the total information and locations on the internet. Beneath the surface lies the Deep Web—also known as the Hidden, Invisible and Dark Web1. In this article, we’ll shine light on the dark web—what it is, how it’s accessed, and what types of information end up there.
What is the “Dark Web”?
“Dark Web” may sound like the ominous abode of the Sith lord, but really, it’s just part of the internet where users are anonymous and information and activity is mostly unregulated.
The dark web was originally created by the U.S. Naval Research Laboratory, and a lot of what takes place there isn’t criminal. For example, the dark web is also home to journalists, human rights activists, and whistleblowers who want to pass information securely and safely.
The anonymity also draws criminals and illegal activity. On the dark web, hackers and cyber criminals trade in identity information, stolen accounts, and how-to guides for profiting from fraud. You don’t want your personal or business data to end up in the wrong hands, but there are easy steps you can take to avoid that situation.
How is the Dark Web accessed?
Pages in the dark web are not indexed by Google, Bing, Yahoo and other popular search engines used on the Surface Web. You can’t reach dark internet locations using a standard browser like Chrome, Safari or Firefox. Instead, Deep Web explorers use the TOR browser, which stands for The Onion Router. Today, more than 65,000 unique ‘.onion’ URLs can be found on the Tor network, and about half are estimated to be involved in criminal activity2. The rest serve legitimate purposes such as chat room communications, marketplaces, and file servers.
What business and personal information is for sale on the Dark Web?
Many unsavory products are sold on the dark web. Here are some of the kinds of business and personal information transacted online by cybercriminals and identity thieves.
- Fake and “Genuine” identities: Criminals sell fake ID documents (think underage access to a bar) as well as identities of real people (to assume a new identity or pull off fraud).
- User logins for financial accounts: Just $70.91 can purchase access to a bank account3. Thieves can try to transfer money out of a bank, charge up credit cards, take out a loan, or perform an account takeover.
- Medical records: Millions of medical files are for sale and cybercriminals love them for their large amount and quality of identity information4.
- Business network credentials: You don’t have to be hacker to break into a corporate network. And with employees working at home during the pandemic, there were 69% more postings selling corporate network access logins during Q1 20205.
- Accounting department email addresses: These are valuable to cybercriminals for phishing campaigns because they are the personnel dealing with money in a company6.
How to keep your data off the wrong side of the web
If you’re taking steps to guard the security of your business and personal data, you don’t need to worry about the dark side. For individuals, these steps include being careful with passwords, using two-factor authentication, and using an identity monitoring service with dark web monitoring. Businesses should also conduct anti-phishing training for employees, deploy network protection and cybersecurity solutions, and carry cyber insurance with breach resolution.