Spoiler alert: it’s scary, but not for the reasons you might think.
What do you picture when you hear the phrase “the Dark Web”?
For most folks, the phrase conjures up scary-looking people typing bright green characters into a deep black computer screen, likely selling illegal goods to unsuspecting victims.
And while nefarious activity is certainly part of what happens on the Dark Web, it’s not all spooky.
So…what is the Dark Web?
When most people refer ambiguously to “the Dark Web,” what they mean is the Tor network. The Dark Web is not searchable on standard browsers like Chrome—instead, users have to access it through a Tor browser, which anonymizes the users. In fact, Tor was originally an acronym for The Onion Router because of the layers of encryption used to mask user identities.
The point of these encrypted layers is to keep people completely anonymous. The Tor browser has privacy features built into it so things like location features and IP addresses are hidden.
Nope, it’s not illegal!
While there are crimes committed through the Dark Web, using an anonymous platform isn’t against the law. In fact, wanting online privacy isn’t a bad thing, and a lot of security companies rely on the Dark Web to help them protect their own users!
But…yes, there is criminal behavior.
The Dark Web is full of drugs, messaging, passwords, and everything in between. But one of the hottest commodities that’s bought, sold, traded, and given away on the Dark Web every minute is personally identifiable information (PII).
How does your information end up on the Dark Web?
You’ve probably seen headlines about Data Breaches or received an email from a company letting you know they were compromised. It usually means cybercriminals have digitally attacked a company and stolen information like individuals’ names, social security numbers, birthdays, and passwords.
There are many methods attackers use to get information or spread malware. Brute force attacks and password spraying attacks are two of the most common methods, where the attacker might have a list of emails, and try to access them by automating a program to blast weak and common passwords into the logins.
What do cybercriminals want?
Most of the time, the motive is financial.
But to get there, bad actors will harvest data, especially personal data. Because once a cyberattacker has your email address and password, they can easily find other information about you.
And we’re making it easy. Due to the rampant issue of password reuse—according to the 2022 DBIR, over 60% of users admit to regularly reusing passwords—cybercriminals can access our accounts even more rapidly.
What can you do to prevent your information from getting on the Dark Web?
- Change the passwords on your accounts, especially if you’re guilty of re-using the same, or similar, password. And then, try to stop reusing passwords!
- When you’re creating a new password, consider making a long passphrase that’s easy for you to remember, but would be difficult for a computer to guess. “I!Have!2Purple!47Hair!” would be a stronger password than “Patriots2022!” for example.
- Use Multifactor Authentication (MFA) wherever possible. Adding a second layer of security to your accounts might feel a little irritating, but it’s worth it if someone knows your password!
- Keep your firewall updated and systems and anti-virus regularly patched.
- Use a password manager, such as LastPass. Then you can create unique, strong passwords and then relax about trying to remember them all.
- Regularly have a Dark Web check done for your email accounts. Knowing if your information is on the Dark Web can give you a head start in protecting yourself and your company.
And if it’s overwhelming—don’t worry. As your IT wingman, Stratti has your back. We can get you started with a Dark Web scan and you’ll be well-armed to take the next steps for better security.
Give us a call or email us today to schedule your free Dark Web scan.