Recently, many large organizations like Experian have been running ads on major networks with something along the lines of “conduct a free Dark Web Scan” as an effort to search for some sort of nefarious information located somewhere in the abyss. Apparently, they scan the Dark Web in search of your private information. Playing off of fear, ads like this are extremely troubling, and border on the verge of false advertising. To understand why let's dive into what the Dark Web is.
What is the Dark Web?
The Dark Web is a term given to the sort of underbelly of the internet. The public internet is a massive collection of computers all connected to each other. In the early days of the internet, special computers called servers were tasked with presenting web pages to users as they visited. With the massive number of devices that were connected to the internet and a near equal number of websites, it impossible to keep up with all of the websites. Somehow, we needed a way to keep up with the massive number of growing websites. Eventually, the search engine as we know it was born. The history of the rise of the search engine is a fascinating read, but on to that later.
Cybersecurity Non-profit to Help SME's Fight Against Cybercrime | Data Driven Investor
A non-profit organization called Global Cyber Alliance (GCA) has vowed to improve one of the weakest links in…
Modern search engines function by running special programs called robots or web crawlers. These programs are tasked with crawling the internet and indexing each page. In practice, this means the program visits each website based on a file called a sitemap. This file explains to the robot each page available to it. The robot then reports back to the index. The index is the sort of library that contains all of the collection of information gathered by other robots on other sites. This culminates in a large database which is then searchable by users. When users type in keywords, the search engine then displays the most relevant pages based on those keywords. Large search engines like Google are so efficient at this, they can return millions of results in a matter of seconds. In fact, this statistic is displayed with each search. (Weird Flex, but Ok.)
Here is where the Dark Web comes in: search engines as we know them can only crawl about 7% of the internet. That is right. Only 7%, depending on the source. This means there is a massive collection of websites and web servers that are not searchable, and by some means not discoverable. As an aside, security through obscurity is never a good plan. Just because you can’t see or find a website doesn’t mean it isn’t there or that it cannot be hacked. Anyway, the Dark Web takes up the remaining 93% of the internet. These statistics are tough to gauge, however. There are literally billions of devices on the internet. Some of the 93% is made up of internal webpages hosted by organizations big and small. The rest is quite a bit more interesting. The remainder of the internet is host to some of the most nefarious crime in the world. This area of the internet is called the Dark Web.
How Do You Get to The Dark Web?
The Dark Web is accessed via a special internet browser called the TOR browser. TOR is an acronym for “The Onion Router”. Although not the only way to access the Dark Web, TOR remains the most popular. The underlying technology for TOR was originally developed by DARPA in the late 90s. TOR allows for an impressive level of anonymity, assuming there are no active vulnerabilities that undermine its security. TOR burst into the spotlight after revelations from Edward Snowden, a former NSA contractor, in 2013 that the NSA and FBI had a working exploit that did exactly that. TOR, at its core, is designed to obscure a user’s identity on the internet. It does this by wrapping the internet request in multiple layers of encryption and passing the connection through multiple relay machines called “nodes”. A node could be situated in your neighbor’s basement or on a server in Israel. There are thousands of nodes around the world, which lead to an impressive number of hops before the final destination. This process reduces the likelihood that someone could trace your connection back to you, hence the name “onion router”. The more bounces around the world, the better the security in theory.
Why Does It Matter?
One of the most important things to consider is why the Dark Web is of interest in the first place. After all, why wouldn’t you just put your website out there for everyone to see? The unfortunate reality is, the Dark Web is a breeding ground for every crime imaginable. From the illegal selling of data breach records, human organs, illicit drugs, even selling services like assassinations, the Dark Web is full of the most despicable aspects of society. It isn’t recommended to even attempt to search the Dark Web on your own. There are countless accounts from across the internet of very nefarious occurrences with misclicks on the Dark Web. This brings us back to the central point of the article. Why would companies like Experian be selling/giving away “dark web scans”? The reality is, they aren’t. What they are actually doing is comparing your private credentials with the growing databases of records from data breaches. When a cybercriminal successfully breaches an organization, they upload their “drop” or collection of records to the Dark Web for other criminals to bid on. Security researchers and cybercriminals crawl these underground forms in an effort to discover these records. Then, the stolen records are input into a database for comparison. You can actually view one of these databases here. As for Experian, once they finish searching your private information through these databases, they then present you with an attractive offer for identity theft protection for $10 a month. Most experts agree that this service is largely worthless, although props must be given for the genius of the marketing gimmick. That is another article, however.
The bottom line is, the Dark Web is far more complex than it seems. As the President and CEO of The Penn Group, it is our mission to protect honest organizations from those who seek to do them harm. As a part of this mission, we take complex cybersecurity topics and break them down to build awareness about the perils of not paying attention to security. We’d love to hear your thoughts on the Dark Web.
Your Debit Card Number Got Stolen. So What?
Why you should buy everything on a credit card.
Austin Harman is the President & CEO of The Penn Group. He currently holds the coveted CISSP certification, in conjunction with the CCSP, CAP, and Security+ certifications from ISC2 and CompTIA respectively. He resides in Columbus, Ohio.