Dark Web

What is the Dark Web?

The Dark Web is a hidden universe contained within the “Deep Web”- a sub-layer of the Internet that is hidden from conventional search engines. Search engines like Google, BING and Yahoo only search .04% of the indexed or “surface” Internet. The other 99.96% of the Web consists of databases, private academic and government networks, and the Dark Web. The Dark Web is estimated at 550 times larger than the surface Web and growing. Because you can operate anonymously, the Dark Web holds a wealth of stolen data and illegal activity.

In simple terms:

What is the “Dark Web Protection” ?
Short answer: “Identity Theft Protection” for your company

The Dark Web is the ‘black market’ of the internet.

You may think of it as a place where

“If you had stolen credit card numbers, this is where you would go to sell them…”

“ And if YOUR credit card shows up here, you better cancel it fast!”

This is a service that monitors/reports if your company’s information is for sale on the internet.

This is critical because with a user name and password, you are much closer to full identity theft, not just one lost credit card.

With just an email address and password, a hacker may gain access to your entire network, client list, client files, ANYthing that the real employee could  – and more.

For example, I could pretend to be your employee and send a Ransomware email to anyone and it would effectively be from ‘YourCompany.com’ so the recipient would naturally trust and open it, and be hacked.   All due to an email from ‘YourCompany.com’

Your employee wouldn’t do such a thing, but a hacker surely will.

Your low monthly fee is buying you a ‘watchdog’ service.  We scour the web every day checking whether your credentials (anything tagged with ‘@YourCompany.com’) are showing up in the “back alleys” (aka ‘Dark Web’) of the internet, and report to you immediately.  Similar to the above stolen credit card example, YOU need to take appropriate action (like changing passwords). It can’t stop bad people from stealing, but it can notify you ASAP so that you can nip it in the bud ASAP.

This  is an added monitoring service, completely outside the scope of your office and internal operations.

One client compared it to their ‘Life Lock’ identity theft protection that he and his wife each pay $50/month.

Oh, and “compromised credentials” is a blanket term that means any of the stuff that hackers want from you, like username, password, credit card information, birth dates, etc. Anything that hackers can use to pretend to be you, invariably for nefarious reasons.

How does Dark Web ID help protect my organization?

Our service is designed to help both public and private sector organizations detect and mitigate cyber threats that leverage stolen email addresses and passwords. Dark Web ID leverages a combination of human and artificial intelligence that scours botnets, criminal chat rooms, blogs, Websites and bulletin boards, Peer to Peer networks, forums, private networks, and other black-market sites 24/7, 365 days a year to identify stolen credentials and other personally identifiable information (PII).

Does the identification of my organization’s exposed credentials mean we are being targeted by hackers?

While we can’t say definitively that the data we’ve discovered has already been used to exploit your organization, the fact that we are able to identify this data should be very concerning. Organizations should consult their internal or external IT and/or security teams to determine if they have suffered a cyber incident or data breach, but in any event, you need to take IMMEDIATE ACTION to change the exposed credentials and continue monitoring.

Some of this data is old and includes employees that are no longer working for us. Doesn’t this mean we are not at risk?

While employees may have moved on from your organization, their company issued credentials can still be active and valid within the 3rd party systems they used while employed. In many cases, the 3rd party systems or databases that have been compromised have been in existence for 10+ years holding millions of “zombie” accounts that can be used to exploit an organization. Discovery of credentials from legacy employees should be a good reminder to confirm you’ve shut down any active internal and 3rd party accounts that could be used for exploit.

I see fake emails (false positives). Why is this important?

Fake email accounts are routinely created by employees as a “throw away” when wanting to gain access to a system or piece of data. However, fake email accounts are frequently created to facilitate well-crafted social engineering and/or phishing attacks. Often, the identification of fake email accounts indicates that an organization has been targeted by individuals or groups in the past.

The password identified does not meet our network criteria. Why should we care about this?

Employees often recycle passwords throughout their work and personal networks. If your internal requirement is to have a capital letter and special character, it’s common practice for employees to use a password they are familiar with, and add a capital letter and exclamation mark. (Example: Exposed Password: cowboys, Variation: Cowboys!, Cowboys1, Cowboys!1, and so on.) Knowing this, hackers will run scripts using metasploit frameworks (hacking and pentesting tools) to “brute force” their way into an unsuspecting system.

Any “Best Practices” for individual users or Corporate IT on frequency of password change or actually changing your personal or professional email?

Please refer to the National Institute of Standards and Technology’s (NIST) Special Publication 800-63B Digital Identity. A link to SP800-63B can be found here: https://pages.nist.gov/800-63-3/sp800-63b.html

If your personal data is found on the Dark Web, can it be removed?

Once the data is posted for sale within the Dark Web, it is quickly copied and distributed (re-sold or traded) to a large number of cyber criminals, within a short period of time. Once the information has been posted and copied, it is public forever.

Why is “Dark Web Protection” essential?

One simple example:

Imagine what can happen if even one of your employees is careless with his or her emails and their user/password becomes ‘in play’ on the Dark Web.  A Bad Guy (to use a polite term) uses it to send an email from this employee, from your company to everyone in sight on your contact list.  Naturally, they open it because “It’s from you, a ‘trusted’ source”. But it is a ransomware attack that YOU just sent them. The jury is out to the extent of your liability if carelessness on your part allowed this crime, but there is no question that your clients will blame you.

And that’s the good, lightweight scenario. What is further possible:

Once they have a valid user/password, they can often access other aspects of your company’s resource and do all that a spiteful employee could, including the disabling of safeguards on your company’s computers, and ransoming them.  Sadly, the ‘down side’ is almost endless.

How does Panatech’s Dark Web protection save me?

In simple terms, our software ‘crawls the web 24/7’ looking in the places that the Bad Guys go to buy and sell your information for nefarious purposes.  We hope to be among the first to find when your credentials become ‘in play’ and alert you immediately so that you can take remedial action and mitigate the exposed vulnerability.