What is the Dark Web and how can you keep your details safe?
Posted by Howard Busby
The dark web is now more topical than ever. We see it on TV shows and hear about it on the news. What most people are not aware of is what the dark web is and how it might affect them – even if they never go there.
Part of a bigger picture
Before touching on the dark web we need to have a quick look at what makes up the World Wide Web as a whole. The web that you and I use on a daily basis, for the most part, is the surface web. Content is indexed, searchable and your activity can be traced. When you Google search and visit a website, it’s the surface web you’re surfing.
You may be surprised to read that this makes up a tiny portion of the internet. Around 16%. The vast majority of the web, and unknown to most people, is what you find under the surface. The deep web. Here content is not indexed and cannot be searched for, but is still commonly accessed. When you bank online, for example, you are accessing content on the deep web. Think of it as something we dip in and out of as required. Databases and password protected pages.
There is a small part of the deep web, however, that most of us will never visit. A part that can only be accessed via specialised software and where website owners and users act with almost complete anonymity. This is the dark web.
The Dark Web
Unlike the rest of the deep web, the dark web is encrypted. IP addresses are masked, your identity and location hidden. A town not on the map, with no CCTV cameras and where everyone is in disguise. And while this allows for anonymous communication – there’s nothing recording your browsing habits – it shouldn’t come as a surprise that some people use this anonymity for illegal purposes.
You can buy almost anything. Drugs, guns and pornography. Virus software, dinosaur bones and stolen goods. Extremists use message boards to recruit and criminals offer illegal services for money (and cops pretend to be criminals offering illegal services for money). It is a scary, weird place. And yet, despite all this, the dark web is also used in positive ways. It is used to encourage whistle-blowing (many major news sources have a presence on the dark web) and it gives people a safe place to communicate. The dark web has been used to report domestic violence and has given people living under oppressive regimes a voice.
For better or worse, the dark web offers almost complete online freedom.
What are the risks to me?
You do not intend to ever visit the dark web and have nothing to worry about. Unfortunately, this isn’t the case. When a site is hacked and credentials are leaked, these credentials invariably end up for sale on the dark web. And when unscrupulous people get hold of these details they try combinations of them to try and gain access to your accounts and cause harm, or simply to sell them on for someone else to use.
First hand, I’ve come across people whose email accounts have been hacked using credentials purchased on the dark web – usually because their password is similar to one that was compromised from another site – and likewise I have seen stolen details used in phishing and scareware email campaigns. Some of you may have received one of the recent sextortion emails doing the rounds that contain a current/previous password in the title. These passwords are available to buy right now on the dark web. The sad truth is as long as we need to log onto websites and websites continue to be hacked, the dark web poses a threat. (For a list of major data breaches in recent times: https://en.wikipedia.org/wiki/List_of_data_breaches)
The good news is that in understanding the risks we can help mitigate them. Here are some handy practices to help keep your accounts safe.
Our tips to help you keep your data secure
1. Do not use your work email address for any personal accounts
The more your work details are online, the more chance they will be compromised and the more chance you will fall for targeted, spoofed email campaigns. These are becoming increasingly more sophisticated and look virtually identical to legitimate emails from organisations like DHL, Amazon, Netflix, Microsoft, Facebook etc. The difference being these emails are used to steal your details and/or trick you into clicking on links and downloading malware. Don’t make it easy for them and keep these emails out of your work inbox.
2. Have complex passwords.
Stick in some capital letters and symbols. Do not use one of your names or date of birth. An 8 letter, lower case password results in 208.8 billion options and is relatively easy to crack. Adding just capitals and numbers increases that number to 218,340,105,584,896 and is significantly more secure.
3. Have different passwords for different accounts.
If you have too many accounts to remember a separate password for, think of a complex naming convention that alters the password in a way you can remember for each one. One password for all/multiple accounts potentially gives someone access to them all should one be compromised. There are tools that can help you with this such as Safe in Cloud and Keeper.
4. Don’t keep the same passwords for years
Within your business, enforce password policies that make staff regularly update their credentials. For personal accounts, do the same. Don’t include the year in the change – it can be spotted and hacked.
5. Use two-factor authentication for important accounts
There are a myriad of available two-factor authentication (2FA) tools out there. If you would like some help in identifying the best one(s) for your business, let us know.
6. Use a throw away account that is not used for anything important
If you are worried about appearing in mail lists and/or are regularly creating accounts for websites, trials and forums, a throw away account helps keep your main accounts clear of clutter.
7. Be proactive in real-time scanning of the Dark Web
There are likely passwords you have used, or are currently using, for sale on the Dark Web as you read this. Every client domain we have scanned results in hits. This is also true for the majority individual client and friend/family email addresses we have scanned. This last part requires expensive, specialised software. We can help with this:
Are any of your details out there now?
Want to know whether there are any of your company’s details currently for sale on the Dark Web? We have a series of tools that we can use to check what is currently out there and putting your business and data at risk.
To discuss the risks of the dark web to your business, and to ensure you are protected, give us a call on 020 3745 6630, or simply click here and we will call you.