What does dark web monitoring really do?
Introduction
The dark web has earned a reputation as the internet’s shadowy underbelly. Hidden from search engines and only reachable with an encrypted web browser, it’s become a haven for cybercriminals and illicit activity.
What makes the dark web so appealing to fraudsters is the total anonymity it affords them. By masking IP addresses, cybercriminals can operate without the threat of detection to commit a slew of crimes, including identity theft.
This is where dark web monitoring comes in. Also known as cybermonitoring, dark web monitoring is a service that plumbs the depths of the dark web for pieces of your personal identity information. If it discovers something — say, your Social Security number or banking information — you’ll receive an alert.
What is the dark web?
The term “dark web” sounds like something straight out of “Blade Runner,” but it’s merely a term for websites that aren’t accessible by standard web-surfing means.
To understand what the dark web is — and isn’t — it’s helpful to first know a thing or two about the deep web. The deep web is the vast portion of the internet that isn’t indexed, and therefore isn’t accessible via a quick Google search. It’s mostly mundane stuff — emails, social media profiles and subscription sites.
The dark web, on the other hand, is the small sliver of the deep web that consists of encrypted sites. Common web browsers like Google Chrome and Safari can’t access dark web sites, so visitors need a specialized browser like Tor. The Tor browser masks the user’s IP address, which protects them from being traced and identified.
Not all dark web users are nefarious. In fact, it’s a popular tool for whistleblowers and people living in countries with restricted internet access. However, that hasn’t stopped tech-savvy criminals from figuring out how to exploit the system for their own gains.
How does dark web monitoring work?
Dark web monitoring looks for pieces of your personally identifiable information on sites frequented by cybercriminals. The service uses scrapers and web crawlers to monitor areas of the dark web where stolen information is commonly sold, including websites, peer-to-peer networks and chat rooms. If they make a discovery, they’ll send you an alert to let you know your data was compromised.
Dark web monitoring can keep tabs on a variety of online sources, including:
- Web pages
- Peer-to-peer sharing networks
- Forums and chat rooms
- Blogs
- Malware samples
- Social media feeds
- Web services, servers and file transmissions
Some monitoring services are bundled with more comprehensive identity theft services that go beyond just dark web scanning. These services also take into account credit reports, public records, commercial databases and your financial accounts. It’s up to you to decide which options — if any — are worth investing in.
There are also a couple of free tools you can use, such as Have I Been Pwned.
Limitations of dark web monitoring
Dark web monitoring has some notable limitations. The biggest one is due to the vastness of the internet, which is impossible to scan in its entirety.
Services often get their information from databases that are publicly available on the dark web. These databases are essentially dumps of personal information like usernames, passwords and credit card details that were stolen and posted online. But by the time this information hits public forums, chances are it’s already been used and sold multiple times. This is too little and too late for many victims, who by this time may have already noticed other, more troubling signs of identity theft or fraud.
Getting most of their information from public dumps means the majority of the dark web is in their blind spot. They’re unable to monitor lesser-known websites or the private transactions between individuals where this information is bought and sold. For the consumer, this can be misleading. Just because your data wasn’t found in a public dump doesn’t mean it’s not out there beyond the reach of the scanners.
What types of information can be monitored by dark web surveillance?
Monitoring services focus their efforts on personally identifiable information. This includes financial information, contact information and personal data such as:
- Account credentials
- Social Security number
- Passport number
- Email addresses
- Medical identification numbers
- Bank account numbers
- Driver's license
- Credit/debit cards
- Phone numbers
What can dark web monitoring actually do for you?
There are a lot of rumors and false assumptions swirling around about what dark monitoring does. Some of this is due to the mystique of the dark web, and some is based on a simple misunderstanding of how monitoring services work. A recent survey by the Consumer Federation of America (CFA) found that:
- 36% of people believe dark web monitoring can remove their personal information from the dark web
- 37% think monitoring services can prevent information sold on the dark web from being used
Once data surfaces on the dark web’s underground marketplace, nothing can stop it from being sold or used. It’s also impossible to remove your information from the dark web. This is not the purpose nor the goal of dark web monitoring.
However, there are still steps you can take to protect yourself. For example, if you receive an alert that your credit card number was discovered, you can contact your credit card company to request a new number. If nothing else, dark web monitoring gives you the opportunity for action and damage control.
Conclusion
Dark web monitoring is designed to notify you when your personal information is discovered on the dark web, but the service’s effectiveness is questionable. The scanners, crawlers and scrapers utilized by dark web monitoring companies are often limited to public databases of information that’s already been bought and sold. Meanwhile, stolen data in the private corners of the dark web go undetected.
But despite its limitations, monitoring services can still be helpful in that it gives you an opportunity to do damage control in the event that your information is compromised.
Sources
- The Deep Web Is the 99% of the Internet You Can't Google, Curiosity
- Dark Web Monitoring: What You Should Know, Consumer Federation of America
In this Series
- What does dark web monitoring really do?
- Dark Web hacking tools: Phishing kits, exploits, DDoS for hire and more
- Dependency confusion: Compromising the supply chain
- BendyBear: A shellcode attack used for cyberespionage
- ATP group MontysThree uses MT3 toolset in industrial cyberespionage
- BlackBerry exposes threat actor group BAHAMUT: Cyberespionage, phishing and other APTs
- Top 9 cybercrime tactics, techniques and trends in 2020: A recap
- KashmirBlack botnet targets WordPress, Joomla and other popular CMS platforms
- BAHAMUT: Uncovering a massive hack-for-hire cyberespionage group
- Linux security and APTs: Identifying threats and reducing risk
- Top 6 ransomware strains to watch out for in 2020
- 2020 Verizon data breach investigations report: Summary and key findings for security professionals
- How hackers use CAPTCHA to evade automated detection
- The State of Ransomware 2020: Key findings from Sophos & Malwarebytes
- Dark web fraud: How-to guides make cybercrime too easy
- Top 6 malware strains to watch out for in 2020
- Top Cybersecurity Predictions for 2020
- Malware spotlight: What is click fraud?
- ThreatMetrix Cybercrime Report: An interview
- Are dark web monitoring services worth it?
- Cybercrime and the underground market [Updated 2019]
- Verizon DBIR 2019 analysis
- Common causes of large breaches (Q1 2019)
- The Magecart Cybercrime Group Is Threatening E-Commerce Websites Worldwide
- Russian Cyberspies Target 2018 U.S. Midterm Elections
- The Increasing Threat of Banking Trojans and Cryptojacking
- Leaders’ Meetings: A Privileged Target for Hackers
- Fraud as a Service (FaaS): Everything You Need to Know
- All about SamSam Ransomware
- The Decline of Ransomware and the Rise of Cryptocurrency Mining Malware
- Mechanics Behind Ransomware-as-a-Service
- The Art of Fileless Malware
- ZLAB MALWARE ANALYSIS REPORT: RANSOMWARE-AS-A-SERVICE PLATFORMS
- Which Are the Most Exploited Flaws by Cybercriminal Organizations?
- 5 New Threats Every Organization Should be Prepared for in 2018
- Memcrashed: The Dangerous Trend Behind the Biggest DDoS Attack Ever
- Open source threat intelligence tools & techniques
- Global Cost of Cybercrime on the Rise
- An Enterprise Guide to Using Threat Intelligence for Cyber Defense
- The Five Largest Ransomware Attacks of 2017
- Intellectual Property Crimes in the Dark Web
- Top 5 Smartest Malware Programs
- Is Russian Intelligence Using Tainted Software to Access Corporate and Government Networks?
- Vault 7 Leaks: Inside the CIA's Secret Kingdom (July-August 07)
- DragonFly 2.0: The Alleged Nation-State Actor Hits the Energy Sector Again
- Russian APT Groups Continue Their Stealthy Operations
- Massive Petya Attack: Cybercrime or Information Warfare?
- SAP SECURITY FOR CISO: SAP Attacks and Incidents
- Role of Threat Intelligence in Business World
- WikiLeaks Vault 7 Data Leak: Another Earthquake in the Intelligence Community
- Past and Present Iran-linked Cyber-Espionage Operations
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Threat Intelligence
Dark Web hacking tools: Phishing kits, exploits, DDoS for hire and more
Threat Intelligence
Threat Intelligence
Threat Intelligence
ATP group MontysThree uses MT3 toolset in industrial cyberespionage