Does the term “Dark Web” conjure up images of shifty eyes, hooded capes, shadowy dark lanes, maniacal laughter, and maybe a bat signal?
If you’ve been staying up to date with this year’s trend of data breaches, you might have heard the name “Dark Web” or “Deep Web” popping up here and there, and wondered exactly what it was and what it had to do with data privacy.
Well, guess what—yes, the Dark Web is as shifty as the name sounds.
And yes, it’s the place where—among the plethora of both legal and illegal activities that take place upon its many-layered interface—stolen data is often listed and sold.
So if you’ve been a victim of a data breach and had your sensitive information stolen, the Dark Web might be the place where that stolen data has ended up.
Now, I’m not saying you should go squeeze into that old Batman costume and venture into the depths of the Dark Web to seek out justice—but perhaps it would be good to educate yourself on what it is, what it has to do with your private data, and why you should be worried about it.
So, what exactly IS the Dark Web?
The Dark Web is an immense underlayer of the deepest part of the Internet that isn’t crawled and indexed by search engines like Google.
If you picture the Internet like an iceberg, you could divide it into three categories: the “surface web,” the Deep Web, and the Dark Web. The tip of the iceberg represents the “surface web” (the stuff you and I use every day, like Facebook or YouTubing DIY videos, which are indexed), a portion of the underlayer is the Deep Web (parts of the Internet comprised of unstructured data and temporary pages hidden by passwords), and a portion of that underlayer—the deepest part of it that’s hidden beneath the cold and murky water via passwords and exclusive invites—represents the Dark Web.
It’s a pretty good visual for something that is as extensive, mysterious, and complicated as the Internet—with the Dark Web portion being the most mysterious and notorious of them all.
Where do you find the Dark Web?
Accessing the websites that make up the Dark Web requires an anonymizing browser like “The Onion Router” (TOR), I2P, or “Freenet,” which will route your web page requests in a way that renders your IP address untraceable. These pieces of software essentially give you the first layer of “access” to the Dark Web—but beyond that, many pages require passwords or invites for access.
How exactly are these websites anonymous?
In simple terms: each web address functions as a doorway that allows the connection to reach the server where the website is actually stored, giving users access to an encrypted network that is connected in such a way that users remain anonymous.
Essentially, software like TOR directs the web traffic through a volunteer network that sends each signal into a complicated maze of unknown sequences. This conceals individual IP addresses and locations.
So you can imagine why such a network attracts all sorts of people and provides all varieties of illegal sales and services. It is, essentially, a secret playground with no rules.
You can do some things that aren’t illegal—like taking part in a chess club or socializing on the Dark Web version of Facebook, called Blackbook—and, in fact, the anonymity of the Dark Web makes it a safe zone for individuals to exercise free speech, explore ideas without interference, and even whistle-blow.
However, the privacy of it also makes it a hotbed for criminals, as well as a sticky trap for government officials trying to hunt down evasive groups.
A lot of the Dark Web pages are commonly used for selling drugs, child pornography, buying illegal services, and trading or selling stolen information (among many other things).
Some of you might remember the 2013 crackdown of one of the Dark Web’s most notorious former black markets, Silk Road, which was worth over one billion dollars in sales and boasted a million customers.
The Dark Web is still going well and strong, with countless other black market sites and billions of dollars still being exchanged via cryptocurrency every day.
In fact, a product that is making more and more of an appearance is private data, such as credit card info, login credentials, bank details, and social security numbers.
This information is bright and shiny gold, readily available from businesses and organizations, and accessible with the right amount of hacking skills.
And guess what? It’s your information at stake.
Today’s data breaches on the Dark Web’s market
You probably already know that 2018 has brought us a painful number of data breaches. Maybe you’ve already been a victim and maybe you haven’t, but there’s no doubt that you’ve probably submitted your private data to corporate entities a dozen times over by shopping with your credit card or starting a Netflix account with the same login/password combo that you always use (come on, that’s a big no-no right there).
Have you been watching the news?
There have already been over 22 million private records exposed throughout the span of this year.
Some of those records were safely stored away again…
…But some of them weren’t.
In fact, one major data breach saw five million Saks Fifth Avenue and Lord & Taylor customers exposed and harmed by the theft of their sensitive information that had been accessed by a notorious hacking syndicate.
That syndicate, known as Fin7, released those stolen records for sale on their page within the Dark Web.
And this is by no means the first of a case like this.
Two years ago, a hacker stole healthcare data from nearly 10 million individuals and then listed that data on the Dark Web for $96,000 to $490,000 in bitcoin. The sensitive information included things like patient names, birthdates, addresses, phone numbers, and social security numbers—valuable healthcare information because it can be resold again and again.
Then in December of 2017, a team of security researchers discovered a treasure trove of online credentials—1.4 billion, to be exact, all found on a 41GB data file within a database lurking around on the Dark Web.
What do these incidences tell us?
They tell us that our private and sensitive information is drawing a lot of attention from hackers and causing black market buyers to come swarming. Our healthcare providers, our banks…. they are all hotbeds of illicit activity because of the goldmine of information that they hold.
…And that’s why we’re all a little bit worried
The Dark Web is worrying for multiple reasons—not only is it a prime location for illegal buying, trading, and selling, but the way it is set up makes it extremely difficult for officials to catch the bad guys.
The layers and layers of anonymity pose a serious threat to those entities that have massive amounts of data in their possession.
And even though government agencies like DARPA—the U.S. Defense Advanced Research Projects Agency—are working to build software that helps law enforcement work their way through the Dark Web, there’s still a lot of wiggle room for hackers and criminals to do their thing and get away.
It’s true that data privacy is becoming more of a priority within major companies and organizations, but we’re still at the beginning of a very long road towards better data protection.
The reality of business today is that, although they may be taking valuable steps toward improving their privacy policies and network security, much of their data is probably already outside the firewall.
In fact, a 2017 study found that U.S. companies took an average of 206 days to discover a data breach.
That gives hackers a lot of time to sell their stolen data, it gives plenty of time for countless buyers to get a hold of it, and it makes the mess of a data breach even more damaging.
This is the reality:
We’ve seen the way our private data—even when it’s seemingly as safe as possible—can be exposed and sold as valuable goods within a hidden market that’s nearly impossible to infiltrate.
We’ve seen (as billions of us have already experienced) the consequences of having our information exposed and violated by strangers.
So the fact of the matter is that data safety is becoming an issue that’s almost way over our heads. It’s time to pick up the pace and get real about how we’re handling our own individual data, as well as the data of others that is acquired by businesses and organizations.
The Dark Web isn’t some fantasyland where masked criminals run amuck with stolen goods—it’s the very real and potential future of our private data if it’s not used wisely or locked up safely by businesses we trust.
This is a serious issue that’s gaining momentum.
Our technological world is on the fast track to advancement, and data is everywhere. It’s time for us to be wise with how we handle our own data, and it’s time for businesses to become trustworthy and reliable when we entrust it to their care.
It’s time for us to be ready for the future’s influx of data.