Dark Web Monitoring

What is the Dark Web?

Perhaps the best way to understand the Dark Web is to compare the Web to the physical world. Like the world, the web consists of locations (addresses) that are for some reason hidden or restricted from general access. These Web addresses cannot be found in a normal browser search, but exist nevertheless.  Any web location that a mainstream browser cannot be directly find is called the “Deep Web”.

There are many legitimate reasons for Deep Web sites. For example, academics may set up specialized knowledge exchange sites and privately accessible data dumps, which may be proprietary. Similarly, some organizations may not advertise access points to their internal IT environment on a mainstream browser. These sites typically use only the numeric IP address, and don’t have a language “alias”. Password accessible sites, and commercial locations that are behind a paywall are also considered “Deep Web”. Note that a standard browser may access many Deep Web points, but the accessor must have the actual numeric IP address, and often a password.

The Dark Web is a subset of the Deep Web, but Dark Web sites are encrypted, and thus inaccessible to people who cannot decrypt the site. Most of these sites use an encryption tool known as the Tor Encryption Tool. Tor’s primary function is as an internet browser that conceals a user’s actual browsing location. Tor therefore enables users to browse the Web anonymously.

There are plenty of valid reasons for a person to anonymously browse the internet. People may anonymously browse to  privately perform legal but potentially embarrassing activities or search and access to the outside world from within restrictive regimes. Using a Tor browser can also automatically decrypt most Tor Encrypted sites.  Despite a majority relatively legitimate sites present on the Dark Web, there are a large number of sites for unsavory purposes. The sites are often market places for illegal drugs, weapons, criminal items such as credit card numbers, stolen data, and worse.

What is Dark Web Monitoring?

Dark Web Monitoring is a proactive protective process. If a hacker  obtains personal information about you, or one of your system users, they may sell it to a criminal. The criminal may then access your systems, hijack your online identity, steal money from your bank accounts, or purchase items using your credit cards. Dark Web monitoring is simply performing a regular (typically daily) search on the Dark Web. The application looks for mentions of your name, or identifying numbers (such as Social Security numbers) or data bits (such as passwords) associated with your organization’s name.

However, Dark Web monitoring is not as simple as setting up the Dark Web equivalent of a Google search. First, as mentioned above, Dark Web sites are encrypted, and require a specialized browser for use. Second, Dark Web sites are generally not readily accessible to the general public. Therefore, service providers require a database of sites, particularly Dark Web sites where identity information may be sold or traded. Third, as might be imagined, Deep Web sites for selling and trading illegal items are constantly changing to evade legal authorities. So, a service provider must somehow discover new and emerging illegal transaction sites. Some of the more sophisticated providers use proprietary algorithms to source likely new sites that are marketplaces for stolen data. Fourth, some Dark Web monitors employ agents to pose as prospective buyers of information to help find these sites and associated criminals. The concern is that some of these agents may actually participate in illegal activities in the course monitoring, which may make using them ethically questionable. Finally, there is a lot of potential for “false positives” if the Dark Web sweep is undifferentiated and unverified. As the typical response for a false positive is to change passwords, and cancel cards, frequent false positives constitute a nuisance for the organization. Therefore, Dark Web threats require some indicator of credibility, and the basis of the credibility in addition to the information found.

ETTE Can Help

ETTE has partnered with ID Agent, a dedicated Dark Web monitoring service provider to provide these services for your organization for an affordable price per user per month. ID Agent’s flagship product, Dark Web ID, combines human and sophisticated Dark Web intelligence with search capabilities. This combination allows the application to identify, analyze and proactively monitor for your organization’s compromised or stolen employee and customer data.

As a responsible service provider, ETTE presents actual data evidence that ID Agent has analyzed and validated. We deliver solid justification for not only simple defenses such as password changes, but also added security measures, such as 2FA or employee security training. ETTE can deploy DarkWeb ID across your entire user base in minutes. Dark Web ID integrates seamlessly within your IT environment. The application easily combines with proactive cybersecurity tools as DNS Filtering, Event Tracking, 2FA, Next Gen Endpoint Protection, or Managed Firewall Services.

A related product, Spotlight ID, is also available. Spotlight ID provides comprehensive personal identity protection for you and your staff. The application extends protection through social media monitoring, and the monitoring of personal email in addition to corporate email credentials. Spotlight ID can be provided as a service to key executives of an organization, or to all users, potentially as a benefit of employment with your organization.