Guide To The Dark Web

The Marketplace for Breached and Stolen Data

hacker
Shawn Stewart

Shawn Stewart

Mr. Stewart has 25 years of experience with hundreds of international, commercial, military, and government IT projects. He holds certifications with ISC2, Cisco, Microsoft, CompTIA, ITIL, Novell, and others. He has a Masters in Cybersecurity, a Bachelors in IT, a Minor in Professional Writing, and is a published author.

The Dark Web is a section of the Internet “hidden” from the open Internet, the one we can search and access freely. These servers and networks are invitation-only and you must have the proper credentials to enter. Typically, it is a place where buying and selling of illegal items take place, a digital black market. You must use untraceable cryptocurrency, and items for sale range from Social Security numbers and credit cards to SHOCKINGLY illegal stuff. Some of which is pure nightmare fuel. surprised cat

Why Is It Dark?

You can’t access the Dark Web like you can Amazon. The servers don’t use friendly, fully qualified domain names like www.homedepot.com. So, when certain antivirus and software companies claim to “search” the Dark Web for your information, well, they’re full of crap. That would essentially make them felons by mere association. You also can’t accidentally stumble onto the Dark Web by clicking through a PornHub link. Haven’t tried it but I get that question often, for a friend of course.

How does it work? I’ll simplify it, then explain it deeper. I have a server that I connect with a public IP address to the Internet. Anyone in the world can access it if they know how. Read how the Internet works here (Link). I prevent the server from responding to most communications, especially web crawlers and search engines like Google. I won’t give it a friendly name because domain names require registration. Yes, you can privatize your name, but if I’m selling illegal drugs on the open Internet, a subpoena gets past all that. Then, the Feds know I own cheapmexicanviagra.com.

drunk chihuahua on the beach

Not All In The Dark

It is a felony to access my server without expressed written permission. When I say expressed, I mean like taping Monday Night Football, as in it must be in writing and signed by the owner. I set up login accounts for those I want to allow in and give them the specific port they can use for a login prompt. They can get in directly, but I, like all smart companies, use a Virtual Private Network (VPN) to give my guests encrypted access to my network.

I won’t say the NSA can’t crack it because I’m convinced they can crack anything on the market, either through brute force with a supercomputer or backdoor master keys. I don’t care what you say; they already have backdoors for everything else, thanks to the Patriot Act. The tech we have follows Moore’s Law, which states that computing power doubles every 18 months. I don’t believe this applies to the government. They could very well be a century ahead. We’re being fooled into buying the new iPhone as a technological advance because it now comes in yellow. That’s not a technology enhancement; that’s marketing lies!

Girl using rope to pull the words "But I Digress"

The Dark Web is just a private network where illegal transactions take place. Technically, every protected network you can’t see from the open Internet, Fortune 500 companies, pharmaceuticals, walmart.com, any place that requires a login, is Dark. My “Dark Web” is actually a MineCraft server. Why waste a felony on Viagra? Also, companies and individuals must register their public IP addresses. Dark Web entry points bounce through a compromised or stolen connection to cover where it’s really going. Others will manipulate IP routing tables to forward traffic to the final destination.

Seeing In The Dark

So how do companies claim to have access to the Dark Web? What they have access to are called pastes or file dumps. Pastes are teaser data to show what type of data is for sale, typically emails, passwords, social security numbers, addresses, and credit card numbers. File dumps are recovered databases provided by the breached company to allow people to search for their information. You can search your own email and phone number at www.haveibeenpwned.com.

Honestly, no one is hidden anymore. If you have a social security number, you’re known. There isn’t a database out there that hasn’t been compromised. Mark Zuckerberg said privacy is dead. Well, your history is definitely compromised; I agree with that. You can’t change your social security number. You’d lose your credit overnight, gone, kaput, and that’s by design.

business man using rope to pull the words "But I digress"

When Equifax was hacked, that was the last straw for those of us with a credit history. Buying habits, credit records, income, addresses, and social security numbers all flooded the Internet. Ever notice how you get very specific phishing emails that appear to be from places you have an account? All that was in the Equifax dump.

Privacy Is Dead?

So, that’s it, then? Is privacy dead? Game over? No. The only way to protect yourself from breached data sold on the Dark Web is to keep different passwords for EVERY online account you have. Assume every password you’ve had for over six months (or less) has already been compromised. Companies typically don’t report breaches until MONTHS after the data has been stolen and sold. Learn how to protect yourself here. (Read our Consumer Breaches article

Need Help?

Reach out to us! We’re all in this together. Visit our contact page to submit an inquiry. Also, please follow us on social media for the latest updates.

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *