Threat Intelligence

What does dark web monitoring really do?

Christine McKenzie
November 14, 2019 by
Christine McKenzie


The dark web has earned a reputation as the internet’s shadowy underbelly. Hidden from search engines and only reachable with an encrypted web browser, it’s become a haven for cybercriminals and illicit activity. 

What makes the dark web so appealing to fraudsters is the total anonymity it affords them. By masking IP addresses, cybercriminals can operate without the threat of detection to commit a slew of crimes, including identity theft. 

This is where dark web monitoring comes in. Also known as cybermonitoring, dark web monitoring is a service that plumbs the depths of the dark web for pieces of your personal identity information. If it discovers something — say, your Social Security number or banking information — you’ll receive an alert. 

What is the dark web?

The term “dark web” sounds like something straight out of “Blade Runner,” but it’s merely a term for websites that aren’t accessible by standard web-surfing means. 

To understand what the dark web is — and isn’t — it’s helpful to first know a thing or two about the deep web. The deep web is the vast portion of the internet that isn’t indexed, and therefore isn’t accessible via a quick Google search. It’s mostly mundane stuff — emails, social media profiles and subscription sites. 

The dark web, on the other hand, is the small sliver of the deep web that consists of encrypted sites. Common web browsers like Google Chrome and Safari can’t access dark web sites, so visitors need a specialized browser like Tor. The Tor browser masks the user’s IP address, which protects them from being traced and identified.

Not all dark web users are nefarious. In fact, it’s a popular tool for whistleblowers and people living in countries with restricted internet access. However, that hasn’t stopped tech-savvy criminals from figuring out how to exploit the system for their own gains. 

How does dark web monitoring work?

Dark web monitoring looks for pieces of your personally identifiable information on sites frequented by cybercriminals. The service uses scrapers and web crawlers to monitor areas of the dark web where stolen information is commonly sold, including websites, peer-to-peer networks and chat rooms. If they make a discovery, they’ll send you an alert to let you know your data was compromised. 

Dark web monitoring can keep tabs on a variety of online sources, including:

  • Web pages
  • Peer-to-peer sharing networks
  • Forums and chat rooms
  • Blogs
  • Malware samples
  • Social media feeds
  • Web services, servers and file transmissions

Some monitoring services are bundled with more comprehensive identity theft services that go beyond just dark web scanning. These services also take into account credit reports, public records, commercial databases and your financial accounts. It’s up to you to decide which options — if any — are worth investing in. 

There are also a couple of free tools you can use, such as Have I Been Pwned.

Limitations of dark web monitoring 

Dark web monitoring has some notable limitations. The biggest one is due to the vastness of the internet, which is impossible to scan in its entirety. 

Services often get their information from databases that are publicly available on the dark web. These databases are essentially dumps of personal information like usernames, passwords and credit card details that were stolen and posted online. But by the time this information hits public forums, chances are it’s already been used and sold multiple times. This is too little and too late for many victims, who by this time may have already noticed other, more troubling signs of identity theft or fraud. 

Getting most of their information from public dumps means the majority of the dark web is in their blind spot. They’re unable to monitor lesser-known websites or the private transactions between individuals where this information is bought and sold. For the consumer, this can be misleading. Just because your data wasn’t found in a public dump doesn’t mean it’s not out there beyond the reach of the scanners. 

What types of information can be monitored by dark web surveillance?

Monitoring services focus their efforts on personally identifiable information. This includes financial information, contact information and personal data such as: 

  • Account credentials
  • Social Security number
  • Passport number
  • Email addresses
  • Medical identification numbers
  • Bank account numbers
  • Driver's license
  • Credit/debit cards
  • Phone numbers

What can dark web monitoring actually do for you?

There are a lot of rumors and false assumptions swirling around about what dark monitoring does. Some of this is due to the mystique of the dark web, and some is based on a simple misunderstanding of how monitoring services work. A recent survey by the Consumer Federation of America (CFA) found that: 

  • 36% of people believe dark web monitoring can remove their personal information from the dark web
  • 37% think monitoring services can prevent information sold on the dark web from being used

Once data surfaces on the dark web’s underground marketplace, nothing can stop it from being sold or used. It’s also impossible to remove your information from the dark web. This is not the purpose nor the goal of dark web monitoring. 

However, there are still steps you can take to protect yourself. For example, if you receive an alert that your credit card number was discovered, you can contact your credit card company to request a new number. If nothing else, dark web monitoring gives you the opportunity for action and damage control. 


Dark web monitoring is designed to notify you when your personal information is discovered on the dark web, but the service’s effectiveness is questionable. The scanners, crawlers and scrapers utilized by dark web monitoring companies are often limited to public databases of information that’s already been bought and sold. Meanwhile, stolen data in the private corners of the dark web go undetected. 

But despite its limitations, monitoring services can still be helpful in that it gives you an opportunity to do damage control in the event that your information is compromised. 

Hands-on threat intel training

Hands-on threat intel training

Learn how to collect, analyze and act on cyber threat intelligence with expert instruction and hands-on exercises in Infosec Skills.



  1. The Deep Web Is the 99% of the Internet You Can't Google, Curiosity
  2. Dark Web Monitoring: What You Should Know, Consumer Federation of America
Christine McKenzie
Christine McKenzie

Christine McKenzie is a professional writer with a Master of Science in International Relations. She enjoys writing about career and professional development topics in the Information Security discipline. She has also produced academic research about the influence of disruptive Information and Communication Technologies on human rights in China. Previously, she was a university Career Advisor where she worked extensively with students in the Information Technology and Computer Programming fields.