What is the Dark Web?
The dark web is the hidden collective of internet sites only accessible by a specialized web browser. It is used for keeping internet activity anonymous and private, which can be helpful in both legal and illegal applications. While some use it to evade government censorship, it has also been known to be utilized for highly illegal activity..
WHAT IS THE SURFACE WEB?
The open web, also known as the surface web, constitutes the visible upper layer of the entire web, akin to the part of an iceberg above the water's surface in our visualization. From a statistical perspective, this segment, comprising websites and data, represents less than 5% of the total internet.
​
Included in this category are widely accessible, public-facing websites that users typically access through conventional browsers like Google Chrome, Internet Explorer, and Firefox. These websites are often identified by registry operators such as ".com" and ".org" and are easily discoverable through popular search engines.
​
WHY IS THE DARK WEB SO DANGEROUS?
Cybercriminals and malicious actors heavily leverage the capabilities of the Dark Web for various illicit purposes. The primary hubs for illegal activities on the Dark Web are marketplaces and forums where wrongdoers engage in transactions involving illegal products and services.
​
Within these black markets, lawbreakers and scammers trade various illicit products, including stolen and counterfeit data, which comes in diverse forms:
​
-
Personal data, also known as PII (personally identifiable information), encompasses full names, home addresses, phone numbers, birth dates, Social Security numbers, hacked email addresses, and other details that can uniquely identify an individual.
-
Financial data involves stolen credit card details, online banking usernames and passwords, credentials for cryptocurrency accounts, banking and insurance records, among other sensitive information.
-
Online account login data typically consists of username-password combinations, providing access to accounts across a spectrum ranging from social media and ride-sharing to video streaming services and paid professional services. Demand even extends to logins for genetic testing and antivirus products.
-
Medical data, referred to as PHI (personal health information), covers medical history, prescriptions, biometric data (including fingerprints and facial images), test results, billing information, and other confidential details. In the wrong hands, this can lead to medical identity theft or even fingerprint identity theft.
-
Confidential corporate data encompasses classified information like intellectual property, patents, competitive intelligence, and operational details.
-
Forged data, notably fake passports, stolen driver’s licenses and IDs, bank drafts, and more.
WHAT TYPES OF SERVICES CAN CYBERCRIMINALS ACCESS?
Although personal information may hold significant value for individuals, cybercriminals often trade such data for surprisingly low prices on the black markets within the Dark Web. For instance, details for credit cards with balances up to $1,000 typically fetch around $150, while stolen online banking login credentials (for accounts holding at least $100) are priced at a mere $40.
​
Specifically, a compromised Uber rider account is available for just $4, and a Netflix account with a one-year paid subscription is valued at $44. For more exclusive items, like a French passport, the cost can soar up to $4,000.
​
Interestingly, Dark Web marketplaces incorporate rating and review systems, allowing potential buyers to identify "trustworthy" sellers. With these features, coupled with the allure of potential cybercrime gains, it's not surprising that these black markets are witnessing a significant surge in supply, as reported by the Dark Web Price Index.
In Addition to Trading Personal Data and Compromised Accounts, Cybercriminals are Involved in the Sale of Various other Illicit Products and Services.
These Include:
-
Off-the-shelf software exploits (exploit kits): Toolkits used by cybercriminals to target vulnerabilities in systems, facilitating the distribution of malware.
-
Ready-to-use malicious software (malware): This category encompasses ransomware, information stealers, keyloggers (to record every key pressed on a device), spyware, adware, rootkits (notoriously difficult to detect and stop), Trojans, and worms with self-replicating capabilities.
-
Malware-as-a-service: A subscription-based model that rents the necessary software and hardware for cybercriminals to execute attacks. This service includes malicious software, a distribution network, various target options, technical support, and a personal dashboard to manage the project.
-
Software vulnerabilities: Known as zero-days when unknown to the software maker, these vulnerabilities provide cybercriminals with a means to infiltrate organizations incognito.
-
Access to networks of compromised devices (botnets): The computing resources required by malicious hackers to conduct their attacks.
-
Distributed denial of service (DDoS): Offerings that leverage extensive botnets to overwhelm victims' systems with traffic, causing them to go offline along with the services they provide.
-
Cybercriminal training: Tutorials, guides, and other content supporting the up-skilling of malicious actors in various roles.
-
Money laundering (money muling): Facilitates the dispersal of stolen or extorted funds, allowing scammers to convert them into clean, untraceable cash.
YOUR DATA COULD ALREADY BE ON THE DARK WEB
The Dark Web is an online marketplace for stolen data, drugs and other nefarious activities. In spite of this, there are legitimate reasons why people choose to use it including political dissenters and other reasons.
​
Some of your personal information or data may already be on the Dark Web. This data may be concealed within illegal websites, forums, blogs, and other data repositories on the Internet.
CAN I REMOVE MY INFORMATION FROM THE DARK WEB?
There is no foolproof method for removing your sensitive data from the Dark Web once it's exposed; the process is irreversible. This underscores the importance of adopting a proactive approach to cybersecurity, making it worthwhile to leverage a service that monitors your data.