Dan Gavin
Beware of the Dark Web

Lord of the Flies: Imagine a world where children are left entirely to their own guidance and education. One where the only instruction they ever receive is from peers. What kind of a world would that be?

Internet Born: When the Internet was born, it was called the DARPANET. Initially its creators tried to maintain control over its growth and development, but as it grew, that control became untenable. Eventually, a dark side emerged there.

Surface, Deep, Dark: The Internet can be subdivided into: the Surface Web (that which you can Google), and the Deep Web.  You may be surprised to hear that most of you regularly visit the Deep Web.  Accounts such as Facebook, Twitter, or your company network that require sign-in credentials are not index by search engines and are a major part of the Deep Web.  Estimates put the Deep Web as over 95% of the internet.  The Dark Web is a subset of the Deep Web that is intentionally hidden, requiring a specific browse to access. No one really knows the size of the Dark Web, but most estimates put it at around 5% of the total internet.

Dark Web: The Dark Web is best known as a place for illegal and nefarious activities.  You can buy drugs, guns, credit card numbers, credentials, and hacked Netflix accounts.   You can buy malware or pay hackers to breach your competition for intellectual property.  There are even E-Commerce sites. Dark Web commerce sites have the same features as any e-retail operation, including ratings/reviews, shopping carts and forums.  However, sellers have been known to suddenly disappear with their customers’ crypto-coins without providing the service.  The old saying, “There is no honor among thieves,” applies.

Legal Activities: Not all activities on the Dark Web are illegal.  Around half of the Dark Web is used for legitimate activities.  It allows political dissidents to communicate anonymously with journalists without fear of persecution. People go to the Dark Web for mundane activities like joining a chess club or to exchange recipes.   Facebook even has a presence called BlackBook.  The New York Times has a presence.  The Dark Web attracts those that are interested in being anonymous.

The Onion Router: The most common way to get on the Dark Web is through an anonymizing browser called a Tor (the onion router). The Tor browser routes your web page requests through a series of proxy servers operated by thousands of volunteers around the globe, rendering your IP address unidentifiable and untraceable.  It is difficult to find your way around as there are no indexed search engines.  The experience is unpredictable, unreliable, and often incredibly slow.

Why Should I Care: This is all very interesting, but I am not interested in a seedy journey to the Dark Web.  Why should I care?  The Dark Web is full of Personally Identifiable Information (PII) and password credentials recovered from breaches and sold, or just dumped to a site.  Large identity theft companies, like Experian, offer services that search for your information on the Dark Web and notify you of their findings.  Companies can look to their trusted security advisor to obtain a Dark Web monitoring service that tracks your company domain.   For your own email address, you can check for yourself at www.haveibeenpwned.com.   Enter your email address to see if your credentials have been caught in a breach.  If so, it is time to change passwords and verify your account information.

Self Governance: In the novel Lord of the Flies, a group of boys is stranded on a deserted island. Their attempt at self-governance is a disaster. A dark side emerged. Civilization eroded and chaos reigned. Kind of like the Internet.