Understanding the pros and cons of the dark web: Internet Scambusters #1,007
The dark web -- we've all heard of it -- is the places where crooks and scammers hang out, but there are also some legitimate reasons why you might want to visit.
But how do you do that, and what are the risks and possible benefits?
In this week's issue, we'll tell you what goes on there, how to visit, and why you should think carefully before doing so.
Let's get started…
Into the Dark Web Where Crooks and Scammers Hang Out
Scam victims, consumer groups, and law enforcement agencies often talk about the dark web. But what exactly is it, and why might it be a dangerous place to visit?
Put simply, the term refers to pages and content that aren't indexed by search engines. In other words, dark web pages won't show up when you google a particular topic.
In fact, you can't access the dark web (sometimes also called the deep web, though that's not strictly accurate) without help in the form of certain browsers, special software, network configurations, a provided link, or some other kind of authorization.
And, of course, the reason it's complicated to access is because many operators want to keep prying eyes away from whatever they're doing -- like buying and selling stolen identity details, sharing hacking information, buying drugs or guns, and other illicit activities. When you read about data breaches, the stolen information usually ends up there.
It's not illegal to access the dark web itself, for example, by using the browser Tor, which also disguises the location of the user. But from there, a user has to know exactly how to find the pages and information they seek.
However, because the user is made anonymous by the browser, the dark web browsers like Tor have potential non-criminal applications -- for instance, allowing people living in repressive regimes to find out what's going on in the outside world or to search anonymously for sensitive medical information.
Over the years though, dark sites have attracted more and more crooks. A study of more than 5,000 sites found that more than half of them had illicit material.
And, in 2018, US law enforcement agencies arrested more than 35 sellers of illegal products and seized $23.6 million in illegal guns, drugs, gold, and Bitcoin.
Furthermore, a new report by web security specialists Bitglass shows that while a random piece of stolen data might take 12 days to wind up in the hands of crooks in 2015, it now takes only a day.
One reason for the growth is increasing use by novice hackers -- people wanting to learn the evil art of illegally accessing others' computers and networks. And it seems, according to Bitglass, there's no shortage of crooks willing to pass on data theft tactics and tips.
"Overall, the Dark Web is a mix of both well-educated, professional hackers and moonlighting novices with very little in the way of expertise or knowledge," says researcher Salim Hafid. "Interestingly, the latter seem more than willing to take risks in hopes of a big pay day."
Accessing the Dark Web
Although we urge extreme caution about using the dark web, you can still access it by using the Tor browser and an anonymizing search engine, such as DuckDuckGo.
Tor hides the location of a user by routing Internet traffic through a maze of different places. And DuckDuckGo keeps no records of what the user searched for.
The names of dark web pages are unusual and difficult to find, says Internet security specialist Symantec/Norton, although all end in ".onion".
"Instead of site names that are easy to memorize, such as CNN.com or Google.com, Tor sites are made up of a random series of numbers and letters," the firm says.
However, it's worth noting that high-tech security specialists are claimed to have complex technology that, in certain cases, enables them to identify both dark sites and users.
Is My Personal Information on the Dark Web?
Almost certainly, yes -- if your personal information has ever been stolen in a data breach, through phishing, or if it's been posted by dubious marketing firms that build profiles of individuals by monitoring them on social media sites.
The most commonly traded information on the dark web is credit card numbers, followed by debit cards, Social Security numbers, and medical records. Even card PINs and school records are available. If that sounds weird, some dark web sites claim to be able to alter class grades by hacking school websites -- price $500.
Can I Protect My Personal Data from the Dark Web?
There's really no way to remove you data if it's on the dark web. The trick is to stop it getting there in the first place -- by using and frequently changing passwords, running up-to-date web security software, and by being careful about who can see your social media posts and how much information you post about yourself.
None of that would help if the data got there through theft. But this underlines the importance of monitoring all your online financial activities and being aware of data breaches that might affect you. Then you must act fast to change passwords, notify sites where your data may be used, and freeze your credit listing (see Experian, TransUnion and Equifax websites on how to do this).
Increasingly, it makes sense to subscribe to security organizations that do most of the monitoring work for you, including the dark web. Search for "personal data monitoring services."
This Week's Scam Alerts
No order: A fake text message is being sent out at random with the words "Your order has been delivered. This text session will close in 5 min." Strictly speaking, you can't "close" a text session, so what's the point of this message? Simply part of a search for users. As we warned last week, if this type of text piques your curiosity and you respond in any way, your name and number will be added to a saleable list of live accounts for crooks to use in future. And, of course, it'll go on the dark web!
Escobar Lives!: Drug lord Pablo Escobar may be dead but his name lives on as the title of a new piece of malware that can hijack an Android phone and steal passwords, even those used for multi-factor authentication (MFA). According to website Android Police, the trojan installs on phones via text message links and even some apps in Google's Android Play Store. Google removes offending apps as soon as it finds them, but it's a good idea to enable Google Play Protect on your phone anyway.
That's it for today -- we hope you enjoy your week!