What Is The Dark Web?
The term Dark Web calls to mind a hidden cyberpunk marketplace of illegal activities and goods a home for drug dealers and information thieves. While the dark web is certainly home to any number of illegal goods and activities it’s important to understand how it fits in with the wider internet you are more familiar with. In the broad sense, the internet works on three different levels the surface level, the deep web, and the dark web placed on top of each other.
- The Surface Level
the surface level internet is any website that has been indexed by a search engine and that you can find with a simple internet search. Think of news websites, video streaming sites, or shopping websites. Surface level sites make up the majority of a lot of people’s internet activity but these sites only make up a small percent of the total data that’s on the internet.
- Deep Web
as a business professional you’ve been on the deep web before even if you didn’t know it. The deep web is composed of sites not indexed by search engines. This can include government information, databases, your company’s intranet, private email servers, and so on. Non indexed does not mean illegal it simply refers to information that is commonly only accessed by people with a need to see it and the right logins or VPN credentials.
- Dark Web
the dark web is a subsection of the deep web and where criminal activity often occurs such as the sale of illegal goods and stolen information. You may have heard the story of Silk Road a dark website that served as a multimillion-dollar drug marketplace. The sale of stolen information is also common and that can be dangerous to your company and not just because of data breaches but also account takeovers.
About Account Takeover
News stories about data breaches are commonplace with Equifax being one of the more major ones to occur recently. Where breaches such as this are particularly damaging to your company is on the user end concerning account credentials. Many people reuse the same username and password combinations over and over again and if their information is breached then a criminal will have access to every site they ever used these repeating credentials on.
Where this can be particularly dangerous for your business is that your customer’s accounts could be accessed by a third party without your data having ever been touched or breached by cybercriminals. While you can put strong password rules on your site you have no real way of knowing if a customer is reusing login information or if that information has been stolen in a site breech at a completely different unrelated company.
Preventing Account Takeovers
An account takeover is nothing more than a criminal logging into a site with stolen credentials to access personal information and account balances. It’s not a breach in the traditional sense and is more akin to a criminal robbing a house because they had the keys to the front door. Luckily there are ways to prevent such unauthorized access.
The dark web is where such stolen username and password lists are publically available and due to the anonymity of the dark web as long as you have the right configuration you can access it. This accessibility has made countermeasures such as dark web monitoring services possible. These simple tools can cross-check for leaks and protect from account takeover.
The internet is home to nearly the entirety of human knowledge and unfortunately, that also includes illegally obtained knowledge used for financial crimes. However, the cybersecurity field is one focused on always staying ahead of criminals. With proper security tools and monitoring, you can protect your company’s user and their accounts from illegal and unauthorized access.