Updated: May 30, 2020
Author Jose-Miguel Maldonado
You see it on TV ads and on tech websites all the time, “your personal data is on the Dark Web.” Have you ever wondered what that really means and what the implications are for you?
The “Dark Web”
There is a lot of confusion about what the Dark Web actually is. To simplify, the Dark Web is a collection of sites and networks on the Internet that you can only access with special software. Tor (The Onion Router) is what most people use to access the Dark Web. From a logistical standpoint, the Dark Web is a small subset of the Deep Web – which refers to parts of the Internet that aren’t indexed by search engines (e.g. Google, Yahoo, Bing, etc.).
What’s On The Dark Web?
There are legitimate uses for the Dark Web, such as people trying to bypass state-sponsored censorship, (Facebook has a .onion address on the Dark Web for this very reason), activism, and secure file sharing sites. That said, the majority of the Dark Web consists of illegal cybercrime markets, hate sites, criminal services, illegal pornography, hacking services, and terrorism sites.
Your Info On The Dark Web
Cybercrime is a robust business that is organized and efficient. Think of how easy it is to buy something on Amazon, there are Dark Web marketplaces that have a similar layout where you can add items (e.g. credit cards, SSN’s, doxed info) to a cart for purchase. Whenever there is a data breach, it is safe to say that the compromised information will inevitably end up on the Dark Web for sale and redistribution.
What Can I Do?
It is impossible to prevent your information from getting onto the Dark Web when you consider how many data breaches have occurred over the last ten years coupled with the sheer amount of data brokers and malware campaigns that seek to exfiltrate user data. It is a good rule of thumb to operate from the mindset of “my data has already been breached and is out there, but I can take some steps to protect my data.”
First and foremost, strong password hygiene (e.g. password manager + unique credentials for every site/service) is imperative. This will help prevent credential stuffing attacks targeted against you. Second, enable MFA (Multi-Factor Authentication) everywhere that it is offered. You should enable from strongest (e.g. biometric --> hardware --> authenticator app) to weakest forms of MFA (e.g. SMS). Third, embrace the security freeze with the four credit reporting agencies: Experian, Equifax, Transunion, and Innovis to help prevent fraudulent lines of credit/loans/credit cards from being opened with your SSN. Fourth, enable alerts for your credit/debit cards through your provider (e.g. bank, credit union, credit card company) to help stay on top of erroneous charges in the event your credit/debit card information is traded on the Dark Web.
By taking these four proactive steps, you can take back control of your digital security by limiting the scope with which your compromised data on the Dark Web can be used.
About the author: Jose-Miguel Maldonado is the VP of Business Ops & Security at Rubica, a cybersecurity startup, and has acquired a reputation for creating cybersecurity champions out of non-technical people.