What Is The Dark Web?
The Internet is comprised of thousands of interlinked networks, some of which are publicly accessible and others which are not. Think of the Internet as an iceberg with part of it easily visible because it’s above water. The largest part of the iceberg, however, sits underneath the water’s surface.
The Surface Web is the part of the iceberg that is above water. Publicly accessible websites (i.e. can be found via a search engine, such as your company’s website) are part of the Surface Web, and while there are over 1.5 billion websites that are publicly accessible, the Surface Web only accounts for 4% of the Internet.
The Deep Web is the part of the iceberg residing below the surface. Information, such as patient health records, government resources, etc., make up the Deep Web. For example, your credit card transactions are part of the Deep Web. Only individuals with certain permissions can access that content.
Within the Deep Web lies the Dark Web. It’s comprised of hidden, encrypted networks known as Darknets that are only accessible via specific software tools, such as Tor, Freenet, I2P, Riffle, peer-to-peer networks, etc. The infamous, Silk Road, a black market for selling illicit drugs, was part of the Dark Web. (It was shut down by the FBI and Europol in 2013, as was its successor, Silk Road 2.0, in 2014.) Regarding cybercrime, yes, the Dark Web is where hackers and cybercriminals sell and trade stolen credentials, among other things.
What does this mean to me?
Millions of Internet users are affected by data breaches year after year. You have very likely been affected by at least one data breach, if not more. In other words, some of your information may already be for sale on the Dark Web.
My personal email address was among the data discovered in 2016 as part of the LinkedIn data breach; the email address-password combination that I used to access my LinkedIn account was compromised. That information is a valuable asset to cybercriminals, as most Internet users reuse passwords across multiple accounts. If I used the same email-password combination to access Amazon, as well as LinkedIn, then I would have left my Amazon account at risk of being compromised.
To be honest, removing your compromised information from the Dark Web is impossible. What you can do is take precautionary steps to protect your data. There are tools available to check if some of your information has been compromised. For personal use, Have I Been Pwned is a free service that will list the breaches where your email address was part of the compromised data. For business and commercial organizations, there are services that offer Dark Web monitoring for your entire domain.
Whatever the case may be, we need to be aware of the world around us, as it continues to grow and evolve digitally. We can no longer merely be bystanders, and must instead understand the risks and be proactive participants in protecting our data, on both personal and professional levels.