The Upside Down: Inside the Dark Web

| By:
Jay Ryerse

We’ve all heard the phrase “there’s more than meets the eye” at some point. For the internet, it’s no different. What we see in our day-to-day activities on the web barely scratch the surface of what exists.  

There are websites in other languages you wouldn’t normally visit. There are websites dedicated to hobbies you may not even know exist (rock painting, anyone?). Then there are websites that don't welcome the average visitor, and they work to stay out of the light. 

You can break it down into three main parts. 

  1. Public (or surface): This is the part of the web that you interact with throughout your day. The pages are searchable with your favorite search engine, and accessible to just about anyone.  
  2. Deep: This is the hidden or invisible part of the web that isn’t indexed by search engines. This includes content like personal email accounts, information on private databases, medical records, and legal documents. 
  3. Dark: This is where things get interesting. It’s part of the deep web, but needs extra tools to access. This can be your everyday browser configured with software to gain access, or a specially-designed browser like Tor. Users can conduct business and browse anonymously. It’s like a parallel universe that resembles our own, but where nefarious things go down. If you're a fan of Stranger Things, you might consider this similar to The Upside Down. 
What happens on the dark web 

What exactly is inside the dark web? Demogorgons, maybe? Probably not. But if you’re interested in discovering the dangerous world of the dark web, this webinar is a good place to start. However, if reading is more your thing (and even if it isn’t), continue on to find out. 

1. Hackers abound, though they aren’t all who you would expect.

  • Black hat hackers: They work with malicious (and often illegal) intentions – stealing, exploiting, and selling data. They are usually motivated by personal gain. 
  • Grey hat hackers: Those who hack for fun or just to troll. They may both fix and exploit vulnerabilities, but not usually for financial gain. Even if their intentions are not malicious, their work can still be illegal as they don’t always have the consent of the system’s owner.  
  • White hat hackers: Where there’s bad, there’s also good. They work to keep data safe from other hackers by finding system vulnerabilities. Their work is usually done with the system owner’s consent. 

2. Ransomware is prevalent, and it feels like it’s growing. 

  • Ransomware has been around since the 1980’s, but most people became aware of it when WannaCry (which was coordinated on the dark web) was released and hitting the news. This was a Windows exploit that many users failed to patch. 
  • Now, it feels like major ransomware attacks are happening just about every week. With ransomware-as-a-service (RaaS) becoming popular, it’s becoming easier for smaller groups to get in on it. 
  • Large businesses aren’t the only ones impacted - SMBs are no longer flying under the radar and get hit with ransomware and data extortion; MSPs included. 
  • The growth of ransomware has led to an executive order from the White House – something that has an impact on MSPs 

3. Personal information is everywhere.

  • It’s everywhere, it’s valuable, and there are marketplaces set up just for trading it. There’s even a price index dedicated to researching the average cost of personal information found inside the dark web. Take a look:  
    • Credit card details (with account balance up to $5,000) - $240 
    • Stolen online banking logins (with at least $2,000 in the account) - $120 
    • PayPal transfer from stolen account - $340 
    • Hacked Gmail account - $80 
  • Other common information found on the dark web includes social security numbers, date of births, email addresses, and various financial and identifying information that puts you at risk. 
  • There’s a way to see if your, your employee’s, or your client’s information is on the dark web through a dark web scan, like the Fortify Dark Web Scan 
Reducing your dark web risks 

There are things you can do to minimize your risks to the dangers lurking in the dark web.  

  1. Do a dark web scan. This is a great way to see if you have any information hanging out in the dark web you may not know about. 
  2. Install software patches. Doing this will help close holes in your security posture, reducing the risk of someone getting access to your data who shouldn’t have it. 
  3. Training. When it comes to cybersecurity, the human factor is the biggest vulnerability. Training is essential to keeping information off the dark web. 
  4. Add EDR to your stack. Incorporating endpoint detection and response can help you take your security beyond traditional antivirus and firewalls.