We've all heard of the dark web, but a lot of us only have a murky idea about what it is. On this episode of Stimulus Tech Talk, we discuss the ins and outs of the dark web and what business owners need to know about protecting their data.
Understanding the Dark Web
The dark web represents a significant portion of the internet where nefarious activities thrive. It serves as a hub for the trade of illicit goods and services, including drugs, terrorism-related activities, money laundering, and more. While the term has appeared in popular culture, many people remain unclear about what it entails. Stimulus Technologies CEO, Nathan Whittacre defines the dark web as a segment of the internet where bad actors communicate and engage in illegal transactions, often behind layers of encryption and anonymity. The infamous Silk Road is one such example, a notorious marketplace for illegal products and services that the FBI eventually shut down.
Regulating the Dark Web is a Global Challenge
The dark web exists in a complex digital landscape, encompassing various jurisdictions worldwide. Different countries have varying degrees of control and regulations, making it challenging to curb its activities. The United States has strict regulations in place, but the international nature of the internet requires extensive collaboration to combat dark web activities. Some nations even actively support hacking and other malicious activities associated with the dark web, further complicating the fight against cybercrime.
How is the Dark Web Accessed?
Contrary to common misconceptions, accessing the dark web isn't as simple as switching to a different browser like "Dark Web Chrome" or "Dark Web Safari." To enter this digital underworld, one must possess prior knowledge, specialized tools, and often an invitation. The dark web is not indexed by traditional search engines, and its sites are intentionally obscured, necessitating familiarity with specific networks and technologies. This distinction sets it apart from the deep web, which includes password-protected or subscription-based content but remains accessible to the general public.
How Does Personal Data End Up on the Dark Web?
One of the most alarming aspects of the dark web is the presence of personal data stolen from various sources, including hacked websites and companies. Hackers frequently infiltrate large corporations like LinkedIn or Target and then sell the pilfered data on the dark web. This data often includes usernames, passwords, birthdates, social security numbers, and addresses. Given the frequency of data breaches, individuals and businesses should assume that their information may already be circulating on the dark web.
Steps to Help Protect Business Data From Ending up on the Dark Web
For small and medium-sized enterprises, safeguarding sensitive data, such as personal identifiable information (PII) and protected health information (PHI), is paramount. Companies must implement robust security measures to protect against data breaches and cyberattacks. These measures include:
-
- Employee Training: Ensuring that employees understand and practice digital hygiene is essential. Employees often become the last line of defense against cyber threats.
-
- Password Management: Encourage employees to use password managers and unique passwords for different accounts to prevent unauthorized access.
-
- Security Monitoring: Employ 24/7 security monitoring and employ next-generation antivirus software to detect and mitigate threats in real-time.
-
- Email Protection: Implement advanced email security solutions to filter out malicious emails and links, reducing the risk of phishing attacks.
-
- DNS Filtering: Use DNS filtering to block access to potentially harmful websites and bolster overall cybersecurity.
Businesses and individuals alike must stay vigilant and employ robust security measures to protect themselves in the digital age. While complete protection is challenging, a combination of employee training, password management, security monitoring, and advanced cybersecurity solutions can significantly reduce the risk of falling victim to the dark web's perils. In a world where privacy is becoming increasingly elusive, proactive cybersecurity measures are more critical than ever.
Stimulus Tech Talk: Demystifying the Dark Web: What Business Owners Should Know transcript
SUMMARY KEYWORDS
web, dark, employees, access, monitoring, protect, information, password, website, company, hackers, nefarious, sites, username, people, data, password managers, personal identifiable information, sherry, software
SPEAKERS
Intro, Sherry Lipp, Nathan Whittacre
Intro 00:00
You're listening to Stimulus Tech Talk. A conversation based podcast created by stimulus technologies covers a range of topics related to business and technology.
Sherry Lipp 00:14
Welcome to Stimulus Tech Talk. I'm Sherry Lipp, marketing manager here at stimulus technologies. And I'm here with our CEO Nathan Whittacre. And today we are going to be talking about very popular topic, the dark web. And good afternoon, Nathan.
Nathan Whittacre 00:30
Good afternoon, Sherry could have a nefarious topic not a not a popular topic that we talk about a lot. Surely?
Sherry Lipp 00:38
That's true. Well, I think everybody's heard the term but I don't know that everybody really knows what it is. So maybe we can get started by kind of talking about what do we mean when we say the dark web?
Nathan Whittacre 00:53
Yeah, it's it's a common term out there. I was watching a TV show the other day, and it was an older show, it's almost 10 years old, and one of the episodes had a discussion about the dark web on it. So definitely been, you know, referenced in pop culture, we talked about it, in IT circles quite a bit. And I think a lot of people don't quite know what we mean, when we say the dark web. And really what it is, is it's a portion of the internet, which is considered a large portion of the internet that is used to trade and nefarious stuff. So that could be drugs, it could be terrorists, it could be money laundering, it could be, you know, whatever it may be, it's a portion of the web that's used to communicate bad information, bad actors live there and communicate this information back and forth. So it's where it's bought and sold, and a big portion of the dark web, you might have heard of Silk Road, which was around a long time ago and shut down by the FBI about 10 years ago. But, you know, that was, that was a huge load site or location that wasn't accessible, you know, on Google searches, but, you know, people got on there and bought and sold drugs or, or people or, you know, it's just was a bad place. And the FBI finally was able to shut that down. But there's so much other portions of the dark web that have proliferated that aren't part of Silk Road, and they're still around today.
Sherry Lipp 02:34
So is the web, what kind of regulations are there? I mean, it's worldwide. So obviously, there's a lot of different countries involved is that why there, why the dark web exists, because we can't regulate everything?
Nathan Whittacre 02:47
Yeah, so the these sites live in the internet, which is, you know, connected all over the world. And, you know, there's tons of different jurisdictions, and some of them have more lax laws and or not able to enforce the laws. And so the United States government has a lot of regulations around this. But you know, it takes a lot of international effort to crack down on these on these sites, and a lot of them live in countries that actually actively support, you know, hacking and other activities associated with the dark web. So, you know, you're looking at bad actor countries like North Korea, or Russia or, you know, even China that support these activities in cyber attacks against the United States or other allies. So, and it's just impossible, unless we disconnected from each other. From a worldwide standpoint, it would be impossible to disconnect, the ability to communicate this across the world. So, you know, there's a lot of regulations from a US standpoint, but they don't reach outside, and we have to interconnect with the rest of the world and other countries have, you know, firewalls set up that they don't allow, you know, access to US sites, but we allow pretty much everything to come through into the US. And so that opens us up, because we have much more freedom in the US than some of these other countries, it opens us up to, you know, many more attacks and the information to be able to be transmitted across easily. And a lot of it's encrypted. So you can't know the authorities can't access this directly, because it is protected by levels of encryptions. And, you know, it's it's obscure, so you can't just directly see the site. You can't just do a Google search and say, show me where the bad stuff is. And it come up, you know, it's, it's, it's protected, and you have to be in on these networks.
Sherry Lipp 04:53
So you're saying the dark web is not something that somebody can just log into, which I think is when I was searching about this a little bit, that seems to be a common perception that it's like a site you go to and login.
Nathan Whittacre 05:06
No, it's not like, you know, you switch your browser, to the dark web browser, you know, there's not dark web Chrome or, you know, or Safari. You have to know about this stuff. And, you know, a lot of it's because of encryption technology, like VPNs, you have to be connected and know how to access it, to be able to, to engage in it. So it's not something that you can just do a Google search, and find where the sites are, it's, you have to have prior knowledge, and a lot of them are invited, you have to be invited into. So it's not something that's just easily accessible by by anybody. You know, in the movies that make it seem so easy. It's like, oh, yeah, just go to this website, and then you have access to it. It's, it's not like that.
Sherry Lipp 05:07
Yeah, yeah, I think movies can just kind of slap the name Dark Web in there. And, and that's kind of it. And there's another term kind of similar deep web. But it's my understanding that those that it's not the same thing as the dark web.
Nathan Whittacre 06:10
Yeah, there's a definite difference. So, you know, it's, it's often described, the internet is described as an iceberg. You know, we have the part of the iceberg that's above the, you know, the sea. And that's what's accessible to everybody. You know, our stimulustech.com website. And these public websites that are out there are searchable by search engines. And you can access that information without any special authentication. But there's, you know, two portions of the web that's below the surface. The first one we talked about, which is the dark web, that you have to have specific invitation and access to where this nefarious, you know, work goes on. But the other portion is the deep web, which the dark web is a subset of, but the deep web is anything that's protected by maybe username and password, or you've had to pay for the content. So, you know, think about when you log into your banking website, you have to have a username and password, and hopefully some type of two factor authentication to get access to your banking data. You don't want Google searching and publishing your bank account. You know, if you search up, you know, Sherry Lipp, you don't let it suddenly show your bank account information, your your Social Security records, you know, your tax returns all this, but you share you with with the right credentials can get access to all that data. Or if you have a subscription to let's say, The New York Times and Wall Street Journal that they have some private articles that you have to have a login and password to get access to. That's all part of the deep web. So it's basically obscured without direct access. And that's the majority of the web, you know, you think about all this content you have to pay for like Netflix or Disney plus, or Hulu, that's also protected by, you know, paid to play feature or a paywall. And that's the majority of the content on the internet now is behind some type of protection that doesn't allow the general public to access it without without a username and password beforehand.
Sherry Lipp 08:19
Okay. So getting into you know, we always get warnings about you know, our information or personal information aren't getting on the dark web, how does it get there?
Nathan Whittacre 08:30
So generally, it's websites get hacked, or companies get hacked. You know, a lot of the information that's out there on the dark web, is because, you know, a hacker group went into a company, like LinkedIn, or Target or one of these large companies that have information on a lot of different people. And then they publish that information that they're able to get and sell it to other people. And so generally, it's hacking into these large companies, and then selling those lists out on the dark web. So I just, you know, personally, I take the assumption that my information is out there on the dark web to be bought and sold, because there's been so many websites and so many organizations that have been compromised, that, you know, this idea of of privacy anymore, is completely out the window, you know, there's just, you know, from usernames and passwords to your birthday, social security number, your home addresses, I mean, all that information is most likely available on the dark web as much as you try to protect it. Even our federal government's been hacked and that information has gotten out there. So it's just it's there. And it's and that's come over the years as as this information has been stolen.
Sherry Lipp 09:59
So when it comes to to smaller, you know, small or medium businesses, what kinds of things should they be, what kind of information might get out there from them?
Nathan Whittacre 10:10
So small businesses need to be careful and understanding protecting themselves, especially against the personal identifiable information such as their employees, records, if they're in the healthcare industry, healthcare records, any confidential information that they're collecting on them on their clients, or employees, especially if they're in the finance field. So you know, a lot of these hacks that happen in businesses, they're not just after the company, they're after the information they have. So they might, you know, confidentially get in, if they can get into your servers, they'll try to exfiltrate that data out, and then use it to be sold on the dark web. So and then not cause any damage to your organization directly. But certainly damage your company by getting that information out of your out of your company. So you know, the PII or Personal Identifiable Information, or PHI, which is the health care records, is really the most important stuff that companies protect. And we all have it. I mean, if you have an employee, if you've ever processed a credit card, all that information is somewhere stored on your systems or your vendor systems, and you're responsible to protect it.
Sherry Lipp 11:27
How can businesses check to see what information has gotten out there or can they?
Nathan Whittacre 11:36
So there is a way to look for the basic stuff like if your username and password or your email addresses have been part of these large hacks that are done out there. And we help companies do that check when we onboard them, or when we do an analysis for them. So we have some software we have that has access to these known stolen lists. So that's, that's something that we recommend monitoring. From a personal standpoint, too, I recommend setting up credit monitoring to see you know, if any of your information is, you know, credit reports being pulled, or if people are registering new credit against your account, things like that. So, you know, I think it's important personally to set up monitoring, and then as a company to set up a monitoring of your usernames and passwords and email accounts. And just understand the hygiene of your employees on the dark web. Because No, unfortunately, what happens is a lot of the employees are using the same usernames and passwords across multiple sites. And so they use the same password that's stolen on the say, a news website. And then suddenly, that's the password they use for your company's bank account information. That's how they can get in and get access to more sensitive data. So, you know, practicing good hygiene, and then monitoring what, you know, what usernames and passwords have been stolen in the past and make sure your employees aren't using those again.
Sherry Lipp 13:14
And what steps do companies take? What if they find out those kinds of passwords are out there?
Nathan Whittacre 13:21
you know, forcing their employees of using different passwords, like setting up a password manager for their employees. You know, there's a lot of different ones out there. But there are, you know, we recommend using a different password for every website you go to and password managers are really the only way to do that. And so, you know, having a company-wide password management system is a good way of of having that digital hygiene, and then monitoring if the employees data is stolen periodically. But you know, and then training of the employees of that type of good digital hygiene
Sherry Lipp 14:02
What steps, what do you think are the best steps in addition to the monitoring that businesses can use to prevent these kinds of leakage of personal data?
Nathan Whittacre 14:16
Well, it's hard, I don't think you can ever 100% protect against it. Any company that says that, you know, you can do X, Y, and Z and be 100% protected. It's just, it's not possible the hackers just only have to be right once and they're constantly attacking us all the time. So there are things you can do to you know, put up enough walls, the hacker's gonna go to another company and you know, I mentioned password managers. You know, having good defense internally, the multi layer defense and we talked about in our security package, having security monitoring 24/7 Having a good antivirus next generation antivirus system on AI protection of your email accounts, there's so many things that businesses should be doing today to protect against this because the arsenal that hackers have bringing after even small businesses is pretty immense. And then the last line of defense, is that employee training that we just talked about, so that they're aware of what's going on and, and can better protect themselves against it.
Sherry Lipp 15:24
Yeah, I think that, you know, we can't say more about employee training, we mention it pretty much every topic we, we discuss, because it is probably one of the most important lines of defense, and we did do an entire episode on employee on employee risk. So that definitely is one of the most important things.
Nathan Whittacre 15:47
Yeah it certainly is. Employees are the company's last line of defense, but also, you know, their worst enemy to say, you know, one employee can make a mistake that can cost a company a lot of a lot of time and money. So, one, wrongly clicked link, or, you know, not, you know, clicking on the wrong email or downloading the wrong software can cause a significant amount of damage, so, and we're leaving it to the employees to not do that. So giving them the tools necessary, as much as possible, and then making sure that they're, they're doing that kind of stuff by having that monitoring on their systems, monitoring, as in, you know, making sure those, you know, those emails that are coming through, and the information that sent back and forth is fully legitimate. And the software is just having to get better and better each day.
Sherry Lipp 16:47
To kind of wrap this up, when we talk about monitoring, what do we do at Stimulus or, you know, a company that does monitoring, what does that mean or entail?
Nathan Whittacre 16:58
So a lot of it has to be automated, because there's so much data that comes in and out of systems. So we do a multi prong approach. You know, we have software that's monitoring and managing the email protecting against, you know, links that are clicked, they're all checked, to make sure they're legitimate websites, and you're not clicking on a website, that's nefarious. We do on the desktops multiple different pieces of software like DNS filtering, which I believe we've talked about to make sure that you're going only to legitimate websites, having next generation antivirus on the desktops, that's linked with a 24/7 security operation center that's looking for any alerts or issues. Zero trust, where we're only allowing applications that are supposed to be running on the computer to run on the computer. And a lot of this is automated and then backed by security, and IT professionals, when these alarms get lit up, and then we can remediate things as they come in. So it is it's not something that you can just check on once a week or once a month, it's a constant vigilance. Because like I said, it's, you know, we have to be right 100% of the time, and hackers only have to be right once and that's why we have to employ so many tools to protect our clients.
Sherry Lipp 18:23
All right, well, that is great information, always important to keep our data secure. Thanks, Nathan.
Nathan Whittacre 18:30
Thank you Sherry as always and you know, the dark web is a scary place and you don't want to end up on there. But I think from just kind of wrapping up at the end of the from a personal aspect to is just just understand that privacy is is something that doesn't really exist anymore. So I just have to be monitoring and and vigilant about what happens out there. So it's a it's a scary world we live in, but you can live normally as long as you have the right protections in place.
Sherry Lipp 19:02
Thank you and thanks, everybody.
Nathan Whittacre 19:04
Thanks. Have a good day.
