First of all, what is the ‘dark web’ and why you may need a dark web scan? The ‘dark web’ is a portion of the ‘deep web’, a multitude of hidden websites that cannot be accessed via a public link, are not indexed by Google or other search engines, and can only be accessed via Tor browser or other special software. The history behind the deep web is complicated. It'll suffice to say that the deep web can be used for good: for example, to bypass censorship in countries where certain websites are blocked. The dark side of the deep web is, well, black markets. The dark web is an equivalent of an offline situation when your iPhone gets snatched in the street, but then you find it on one of those sketchy alley markets and repurchase it. The dark web is where stolen databases wash up and are sold to interested parties. There are many advice articles on how to protect personal information online, offering solutions that range from exercising extreme caution and reading all ’Terms and Conditions' to committing a complete online suicide and going to live off the grid. The truth is, by now an average internet user may expect to have been ‘featured' in at least one major data leak. Scanning the dark web for your personal or business information
The ‘dark web scan’ is offered by a number of companies that employ various methods to identify your presence in the dark web data dumps. If your company’s database has been breached, the dark web scan will allow you to assess the scope of the breach and the gravity of the situation. As an individual, you can conduct a dark wen scan in search of your own personal information to see if it has been leaked somewhere and appears in one of the dark web platforms for sale. Service providers like Cyberscanner outline the importance of conducting a dark web scan for companies. Indeed, for example, the EU Data Protection law demands that a company discloses any data breaches within 72 hours upon discovery and takes all possible measures to avoid the risk of compromising user data. For small and medium businesses, a dark web scan can provide important cyber intelligence to comply with data protection standards. For companies, scanning the dark web for employee credentials may be a good starting point to find out whether any of the business accounts have been compromised and might become an entry point for cyber attack.
Major credit reporting agencies often offer a service of dark web scan to their clients as a way to take control of the leaked online data and prevent identity theft. Experian, for example, promises to scan the dark web for your SSN, passport number, medical ID, financial and credit card information, driver’s license number, and other identifying information that is extremely hard or impossible to change. The techniques they employ include a wide variety of automated methods, like web scraping, chatroom and forum monitoring, p2p network scan, social media analysis, malware code analysis and scanning of file sharing platforms. Other companies like IdentityForce offer similar services. So does Equifax, which itself had a high-profile data breach in 2017 that compromised 143 million individual accounts. Have you been pwned?
On the most basic (but also transparent) level, websites like haveibeenpwned.com is a good way to start if you want to find out whether your personal data has been leaked or posted somewhere online.
haibeenpwned.com allows you to search by email or username and gives you a list of breaches where your account was compromised, with an overview of what components of your personal data were likely exposed in the breach (username, unencrypted password, IP address, location, phone number, website activity, payment history, private messages, and more). It also lets you know if your personal information was posted somewhere in open access (like PasteBin) for free. haveibeenpwned.com or a professional dark web scan by no means provide the ultimate accurate information. What they can do, is indicate whether your personal data has been dumped online, on a dark web market or in open access. In many breaches, the stolen data does not appear online until several months or years later. For example, a massive LinkedIn hack that contained 164 million email addresses and password was announced in 2016 but initially conducted in 2012, which means there was a four-year gap between the hackers gaining access to user data and dumping this user data on the dark web. Knowing that your account has been compromised in a data breach, for a private user, it is crucial to be able to take measures to protect your information (by changing the password, for example). An advantage offered by professional dark web scans (compared to free services like haveibeenpwned.com) is a more detailed insight into your personal data that has been compromised. Dark web scans can let you know if extremely sensitive information like your ID, insurance number or credit card data have been stolen. On the other hand, there is a very slim chance that they have not. The problem with the dark web is that it is almost impossible to regulate or monitor efficiently and systematically. Once your personal data, or your company data, have been compromised, it is likely to have been copied multiple times and distributed over a number of dark web channels. There is no chance you can eliminate the breach, but you can mitigate its consequences by notifying your customers, changing passwords, improving your cybersecurity practices and raising awareness among your employees, family members and friends.
|