The “Dark Web” isn’t actually so dark. It is part of the “Deep Web,” the volume of Internet-connected devices that are not indexed by search engines. This is the “plumbing” of Internet infrastructure, with specialized devices like security cameras and power plant sensors.
They really tick away at their tasks without anybody needing to notice them. The device-indexing search engine Shodan can find some of it.
What is Dark Web
Running on top of the Deep Web is the Dark Web. This is a subsystem of networks that also functions off the Google grid. It also requires specialized software or devices to access them.
Some of this is encrypted traffic, Bitcoin and other cryptocurrencies, peer-to-peer file-sharing, and other practical business use. But a criminal subset does find it useful to communicate through encoded channels. It uses software such as Tor, Freenet, or Riffle to cruise the web anonymously.
Dark Web Users
If you’re curious about this layer of the Internet, it’s not that hard to find a way into it. It is a playground for hackers, traffickers, contraband, and a criminal element trading in all sorts of illicit goods.
Just like exploring the seedy side of a large city, you’re best off not going there at all unless you’re streetwise.
How Your Data Enters the Dark Web
Despite the best efforts of commercial and public web services, security breaches happen all the time. When a big data leak happens, that’s where compromised personal data is revealed from banks, social media networks, schools, government institutions, and the like.
Once this happens, lists of personal information from potentially thousands of ordinary citizens end up being traded on the Dark Web. Hackers buy and sell lists of social security numbers, account numbers, passwords, and more.
Stolen identities have become a big business on the Dark Web. There is such thing as a “Fullz” for full identity profile. It includes basic social security number / ID numbers, personal details and more, everything you need to impersonate another person’s identity.
They don`t always immediately use to, say, open a credit card account and max it out.
Rather they might sometimes lie dormant and be used as a backup to, for instance, open a crypto-currency account for money-laundering purposes. Once you can access a few hundred average citizens’ profiles and wear their identities as a mask, there’s a lot you can go undetected.
What to Do If You’re Compromised
Typically, agencies such as banks will send you an email alert if they find your data on the Dark Web. Or you might get back the results from a background check including a credit report where there is a security breach report.
However, the first step is to change your passwords on everything and keep a password manager app handy so you don’t lose track of them. Alternately, use your own mnemonic to generate passwords that contain all of the upper-case letters, lower-case letters, digits, and punctuation marks.
At the same time, they still have the key known to you – at this point, any password change is more secure than a compromised password.
Obtaining a Full Credit Report
Next, you want to obtain a full credit report, on top of a full background check.
This ensures that no crimes have been committed in your name and no financial obligations have been taken out using your identity. With any luck, the report might even uncover the perpetrator who is using your identity.
Credit Monitoring Service
A credit monitoring service is usually a good idea for a while. This will send you automatic alerts when unusual credit activity occurs. Let say, it`s opening a new account in a country you’ve never been to. For extreme cases where your identity has been widely shared or sold, a credit freeze is possible.
For a small fee, you can block all new activity for a duration of time. You just send a red flag to any agency receiving a loan application with your name on it.
Compromised Data Shelf Life
One handy thing to know is that compromised data has a shelf life. After a certain amount of time, any identity profile loses its value. This is because details like address, phone number, or place of employment are no longer correct.
You can speed this process along. You can change not just passwords, but security questions, phone numbers, and any other bits of data that will lead to a wrong answer by anybody using your profile.
Does My Hacked Data Always End Up on the Dark Web?
You can usually assume so. Unless the data breach was the result of someone with a personal grudge against you, they do most large-scale data breaches specifically to harvest identities to trade and sell online.