Shedding Light on the Dark Web

What is it and are you and your customers really at risk? 

You’ve likely seen the television commercials advertising “a free scan of the Dark Web,” to determine if your personal information—social security number, phone number and email address—can be found there. For most people, exposure to these commercials is the extent of their knowledge of and exposure to the Dark Web.  

Skip to main content
Main Content

Shedding Light on the Dark Web

Jun 25, 2018

Shedding Light on the Dark Web

What is it and are you and your customers really at risk? 

You’ve likely seen the television commercials advertising “a free scan of the Dark Web,” to determine if your personal information—social security number, phone number and email address—can be found there. For most people, exposure to these commercials is the extent of their knowledge of and exposure to the Dark Web.

However, as a business owner, you need to know what the Dark Web is, how it can harm your business and your customers, and what you can do to protect yourself.

What is the Dark Web?

The Dark Web is defined by dictionary.com as “the portion of the internet that is intentionally hidden from search engines, uses masked IP addresses, and is accessible only with a special web browser.”

The Dark Web is most easily understood by comparing it to the part of the web that is accessible to the general public, This part of the web is sometimes referred to as the Surface Web or Clear Web, which includes sites where you get your news, browse online stores and follow your favorite sports teams. You can easily get on this part of the web using standard search engines or browsers.

But the Surface Web actually makes up a very small percentage of the actual web. Estimates vary, but according to Popular Science, the most commonly cited statistics indicate that somewhere between one percent and fifteen percent of the web is indexed (found) by search engines.

The other 85-99 percent or so is known as the Deep Web, which is all the information that is not or cannot be indexed by search engines and remains hidden from the average internet user. This includes access-controlled databases and pages that are hidden by password protection.

The overwhelming majority of the content on the Deep Web is legitimate, and almost every web site has some content on the Deep Web. For example, when your web designer was building the web site for your business, s/he likely used a robots.txt file to instruct search engines not to crawl your development site. In that way, your “dev site” was a part of the Deep Web.

However, a small subsection of the Deep Web is known as the Dark Web, which can only be accessed using special software like Tor (The Onion Router) or I2P (Invisible Internet Project). When done right, the sites on the Dark Web can be accessed anonymously, and to be sure, some users of the Dark Web have perfectly legitimate reasons for wanting to remain anonymous. For example, journalists in countries that don’t enjoy freedom of the press might want to use the Dark Web to communicate and exchange information.

However, the prospect of remaining anonymous is very attractive to criminals, so the Dark Web attracts a lot of bad actors, like people buying personal information, counterfeit goods, drugs and weapons. It’s also a place where hackers discuss, trade, and sell computer vulnerabilities.

How the Dark Web began

The Dark Web was originally created in the mid-1990s by the U.S. Naval Research Laboratory for the purpose of exchanging information anonymously—a means of protecting intelligence. As noted by the BBC, “as part of their strategy for secrecy, [the U.S. military] released Tor into the public domain for anyone to use. Their reasoning was simple: the more people using the system, the harder it would be to separate the government’s own messages from the general noise.”

This explains why there are now thousands—or perhaps tens of thousands—of sites on the Dark Web, many of which have the potential to harm you or your business in several different ways. One way would be having your customers’ personal information find its way onto the Dark Web, where a vast inventory of stolen records containing sensitive information is openly for sale. If the personal and financial information of your clients or customers is stolen and exploited, such a data breach would likely result in considerable loss of customer goodwill, and your business could be hit with financial penalties as well.

Another possibility is that harm could come to your business more directly, say, if your proprietary corporate information, trade secrets, or intellectual property were to be stolen. How can this information be stolen? The Dark Web can come right to your door, so to speak, via social engineering techniques or a phishing attack or a malicious download delivered via email, which could result in malware being introduced into your network.

Protecting against the Dark Web

One of the best ways to protect your business from the Dark Web is by training your employees, customers, and business partners (or anyone who exchanges sensitive information with your company) to be vigilant and cautious when it comes to opening and responding to unexpected emails, not to mention downloading files and responding to requests for information.

Keep in mind, too, that the greatest threat you face may come from an insider. Hackers are known to seek out employees to help gain access to a company’s systems, and have also been known to offer very attractive financial incentives.

Security businesses also advise companies to proactively monitor Dark Web communication channels for mentions of your brand, which might allow you to head off an emerging threat. You can hire a vendor to perform this service for you, if your business doesn’t have the knowledge and resources to handle this in-house.

Companies are also encouraged to monitor suspicious traffic on their networks and to block protocols commonly used to access the Dark Web from exiting firewalls. This means you don’t just have worry about hackers getting in, you concerned about information passing from your systems out onto the Dark Web.

Other basic security advice should still apply. For example, counsel your staff to use dual factor authentication and strong passwords, as well as back up your website and other mission-critical files on a regular basis. Have a disaster recovery plan in place and review it---regularly. Last, but not least, consider buying cybersecurity insurance and/or data breach protection and speak to your processor to determine what safeguards they have in place to prevent data being shared on the Dark Web.

Given today’s e-business climate and reliance on numerous types of technology, becoming a victim of the Dark Web can happen instantly.  By being prepared, ready and informed can be the key to shedding light on the Dark Web.

Contact Us
About Our
Merchant Services

Get your Free Quote, Now!

After you have submitted your information, a TSYS representative will contact you.

All fields are required to submit form. Your information is private and secure. We do not accept adult businesses

Customer Support Form