Stolen data is sold all the time online.
Imagine you’re a hacker and you’ve stolen a huge list of names and credit card numbers from one of your victims. You don’t want to commit financial fraud yourself, but you still want to make a profit. So you decide to sell the data. But you can’t exactly take a hard drive full of credit card details and account logins into your local pawn shop, so what do you do?
You sell it on the dark web.
What Is The Dark Web?
When you use a search engine like Google or Bing, it returns results from what’s known as the open or surface web. There may be millions of results, but that doesn’t mean the entire web has been searched – only links that have been indexed. There are, however, vast amounts of data that can’t be found in this way.
- Online bank accounts
- User account pages
- Dashboards for content management systems like WordPress
- Private networks
- Cloud storage
Such hidden content is part of the deep web, and it’s thought to make up around 99% of the entire internet.
The dark web, meanwhile, is just a small part of the deep web, but the two have historically been conflated by mainstream news sources. There is a huge difference, though: the dark web consists of content that lives in networks built on top of the internet called darknets, and they can only be accessed by using special software or configurations.
^ Long lists of stolen credit card numbers frequently make it to the dark web
The most well-known dark web network is Tor, which is accessed using the Tor browser, but there are many others. Users can even create their own direct, friend-to-friend networks.
While most of the content on the deep web is benign, it is the dark web that is normally used by criminals. As well as stolen data, the dark web is used to sell and share drugs, illegal weapons and obscene content like child pornography.
Why Do Criminals Use The Dark Web?
In a word, anonymity. Each network has its own features, but in general they offer encryption of user data, so it is almost impossible to identify or locate users or dark websites. Internet service providers can see that you’re on the dark web, but they have no way of knowing what you’re looking at while you’re there.
This level of privacy is useful in countries where free speech is repressed, such as in China, where some citizens use the dark web to get around the Great Firewall of China. But it naturally attracts crooks as well. No one knows who anyone else is on the dark web, and they can easily sell contraband in exchange for cryptocurrencies like Bitcoin. These, too, offer anonymity, so criminals have a pretty good chance of avoiding apprehension.
Is Your Data On The Dark Web?
If your data is locked down by ransomware, it can be catastrophic for your business, but at least you know it’s happened. In contrast, when hackers steal data, it’s in their interest to stay hidden for as long as possible, because if the victims don’t know it’s happened, they won’t be able to defend themselves.
This was made painfully clear to the Marriott hotel group, which admitted in November 2018 that its customer data had been accessed by hackers for four years. More than 500 million customers were affected.
Unfortunately, the only way to be sure if your data is on the dark web is to go on there and look for it. However, most businesses don’t have the knowledge or resources to do this, and the fraudsters know it. That’s just another reason why they use the dark web.
^ How much of your personal data is already being shard on the dark web?
The Dark Web Data Solution
There is, thankfully, a more graceful solution than trawling through darknets looking for your business’s data. Later this year, TMB will be launching a fully managed dark web monitoring service. Using specialist tools, we’ll be able to detect your compromised data on the dark web, and if we find anything, that data will be analysed and validated to avoid false positives.
With regular reports and real-time alerts, this service will enable you to implement appropriate security measures faster and with more confidence. If, for example, we find your business's email logins on the dark web, you can change them and implement two-factor authentication to prevent it happening again.
If you would like to know more about our upcoming dark web detection service, contact us and let us know. Existing TMB customers can simply speak to their account manager.