Most of us tend to think of the internet as a single destination, accessible via the browsers installed on our laptops and smartphones. But over the years, the web has evolved into three different areas: public web; the private web or deep internet (deep web); and the darknet or dark web.
The public web is the internet that most of us are familiar with: sites run by leading dot-com companies, SaaS sites that provide software to run our common email and corporate applications, and so on.
This is information that flows freely between our computers, daily. These sites are searched and recognized by Google and other search engines. If you have an online security tool, this is the part of the web that is your focus.
But when we switch to the private web or deep web, we come to a part of the online universe that search engines cannot easily index or cover from security tools. This includes private intranets, instant messaging services like WhatsApp, chat rooms and online discussion forums, as well as private databases that are behind multiple firewalls or are not acknowledged via the public internet.
Until a few years ago, most cybercriminals were not focused on using these areas to establish themselves on corporate networks, but that has changed. As messenger usage took off (with Microsoft Teams, Slack and other services), opponents created tools that can take advantage of the lack of security built into these services. This makes instant messaging the primary target of opportunity for phishing attacks, in particular – as an example of the growing threats that can be found in private web sources.
Finally, there is the dark web. This part of the digital world is much more difficult to understand. Like the private web, these sites strive to not appear in search indexes, mainly because some of them offer illegal goods and services, such as drugs, stolen data (including credit card numbers) and tools for online infringement. Not all of its content is illegal, but there are many that can be questionable.
Examples of such content on the dark web include:
- Places, where you can hire a cybercriminal to break into networks;
- Drugs and other illegal items;
- Lists of usernames / passwords obtained through data breaches;
- Tutorials on how to use computing tools, especially those related to hacking, malware creation, exploitation and code breaking;
- Financial data about companies that may be available on a public website or data breaches;
- Compromised sites and suspicious domains for sale;
- “Undetectable” malware source codes, which are for sale;
- Directories of command and control servers for lease, aiming at launching DDoS and other attacks;
- URLs of file sharing sites with malware;
- Censored content of all kinds.
To access the dark web, a special browser called Tor is usually required. Most estimates attribute its popularity to about 5% of the total internet traffic and content. They use .onion domain naming conventions instead of .com or .net. Even Facebook has its own presence on the dark web.
Why would legitimate companies have these sites? They can help your developers understand how to use them and protect your data. In addition, using browsers like Tor, people who live in countries where access to even sites considered harmless are restricted, can access them, making it difficult to track the sites they have visited.
These sites have very complicated domain names – their owners want to make it harder to track and find them, unlike the public web
Note that these sites have very complicated domain names – their owners want to make it more difficult to track and find them, unlike the public web, where your brand name is usually synonymous with your domain name. Most of the inhabitants of the dark web are scammers and criminals, trying to separate people from their money and data.
These cybercriminals are constantly on the move, trying to stay ahead of law enforcement and vigilantes who try to expose their scams. The dark web sites themselves are also on the move, as they can be common targets in denial of service (DDoS) attacks. This means that many materials are out of date. And, as you might expect, what counts in this realm are cryptocurrencies, like Bitcoin, which make it difficult to know exactly who you’re doing business with.
Digital security professionals are interested in the dark web for three basic issues: first, by helping to know if the brand was mentioned there. This can damage a brand’s reputation or confuse its potential customers with someone trying to sell fake products and services. It can also indicate that some of your business data has been leaked.
A second reason is that these mentions on the dark web may be examples of a threat alert, before malware is detonated on the public web. Since there are so many threat agents operating on the dark web, you can find out what they are planning and what malware they are testing before attacks are seen anywhere else.
Third, the dark web is darker, that is, it is increasingly occupied by professional criminals and not just by writers or people who do not fit into society. Exploits are becoming more sophisticated and malware obfuscation tools and techniques are increasingly seen and commercialized.
How to protect your sensitive data in the online universe?
Since much of the content on the dark web has to do with credentials, a good place to start thinking about how to protect yourself from ending up in these databases is to strengthen your logions and passwords.
The first thing to do is to remove reused passwords. Yes, it is convenient to have the same password for multiple sites, but this gives cybercriminals an easy way to compromise their identity.
The second is to minimize data recognition (footprint). For example, not disclosing someone’s birthday on social media, not filling out all fields on a sensitive information request form, and not saving payment details on e-commerce sites.
Protecting your data from reaching the dark web is not a simple process and will require a series of careful steps. But it is important to keep these points in mind, to protect sensitive data and prevent it from circulating on the dark web.
Luis Corrons, author of this text, is a Security Evangelist at Avast and will debut a biweekly column on TecMundo. Stay tuned to follow the next articles.