Most likely you have heard of the dark web, but do you know how hackers can use it to sell your personal information?
The Deep Web
We first need to explain the deep web, which people sometimes confuse with the dark web but is not the same thing.
Google uses software to crawl the internet from site to site, finding pages and indexing them. It’s basically an internet directory, and nothing would be “googlable” unless they first find it with that web-crawling software.
Just like in the days of phone books, when you could keep your number unlisted, some pages aren’t indexed by Google. These include bank accounts, library catalogues, email, pretty much anything you need credentials to log in for. It is also where government websites like NASA and the US Patent Office hold their data. The deep web means websites or content not indexed on search engines.
The Dark Web
Networks within the deep web that allow people to browse and interact anonymously make up the dark web. They stay anonymous with something called “onion routing.” Instead of connecting a computer to a server in a straight line, onion routing services like Tor wrap your data packets in concentric layers of encryption, and send them through multiple relay points, or nodes. Each node “peels off” a layer of encryption, while only revealing the last node it came from and the next one it’s going to.
Some dark web activity is criminal, like illegal drugs, weapons, and even assassins for hire, and they mostly use bitcoin for currency. Some of it is legitimate, like journalists talking to anonymous sources, activists under authoritarian regimes, and undercover law enforcement.
The Part to Worry About
Illegal gun and drug sales on the internet may not threaten you directly, but that’s not all that goes on there. One of the most common illegal dark web activities is the trade in stolen personal information: credit card numbers, social security numbers, etc. Last year alone there were over 800 data breaches in the United States, exposing more than 2 billion individual records with personally identifying information (PII), much of it probably ending up on the dark web. Dark websites even sell kits, called “fullz,” which include all the information on a specific person necessary to steal their identity.
Though you should always be careful online, that alone won’t keep you completely safe here. If a streaming service, a bank, or a health care provider gets breached, and your information was on there, it’s now at risk of exposure. But unfortunately there was no other choice; doctors and banks can’t serve you without storing your information.
The Good News
We said the dark web provides anonymity for criminals, but that anonymity is not invulnerable. Law enforcement agencies have been on the trail of dark web crime networks for the last couple of years and have defeated some of them. In 2017 the FBI raided the black market site AlphaBay, while Dutch authorities took down another one called Hansa:
The [National High Tech Crime Unit] officers explained how … they surveilled Hansa’s buyers and sellers, discreetly altered the site’s code to grab more identifying information of those users, and even tricked dozens of Hansa’s anonymous sellers into opening a beacon file on their computers that revealed their locations.
And earlier this year the FBI conducted Operation Disarray, unmasking and arresting even more drug dealers.
The raids we know about so far have mainly targeted the drug trade, not the stolen information trade. But anyone worried about their personal information should be encouraged by these developments; after a slow start, law enforcement is making the dark web less safe for criminals.
What can you do? There are services that scan the dark web to let you know if some of your information is posted on the dark web. However, these are not perfect and won’t necessarily find all the information that might have been stolen. Though if you do find your information on the dark web all you can do is change it. Whether it be your login credentials or credit card information.