How Your Passwords Can End Up on the Dark Web

The dark web is a vast and mysterious space that lies deep underneath the internet as we know it. On the good side, the dark web can provide anonymous and highly secure communication channels for privacy-conscious individuals who want to maintain their anonymity online. But on the other side of the coin, the dark web can be a hotbed for criminal commerce. Cybercrime is a digital cornerstone for the dark web, and this industry thrives on hacking services and the sale of stolen data. But what exactly is the dark web, and how can my personal information end up on this mysterious platform?

Deep Web — Photo by soumil kumar via pexels

What is the Dark Web?

The dark web is a mysterious and spacious part of the internet that is usually inaccessible to the surface-level internet that we know of. To access the Dark Web, the software requires a special browser called Tor. The dark web is a small subset of the deep web, a much larger pool of interconnected systems that cannot major search engines cannot index. Experts have estimated that the dark web comprises approximately five percent of the deep web and that the deep web is a much larger counterpart of the dark web. It usually contains classified information or copyrighted materials blocked for indexing by major search engines. Organizational paywalls, medical records, and fee-based content are just some examples of the type of content available on the deep web.

The dark web is a mysterious and chaotic place. It’s a place where anonymous users can get together to conduct commercial transactions or share information. The series of networks comprising the dark web was intentionally designed to be hidden from search engines and casual internet users. That means casual internet users can’t stumble upon the dark web by accident since it requires Tor before you can access it.

Developers built Tor for extra privacy, and it’s because of its network that all information and locations on the dark web are well-encrypted. And while money remains as the medium of exchange on the surface internet, the darknet relies on cryptocurrencies for its denomination. This describes a payment system where anonymous purchasers pay anonymous vendors.

Unsurprisingly, criminals are taking advantage of this anonymous payment scheme. Bitcoin and Monero are the most popular currencies among dark web buyers, and many people gravitate towards Bitcoin for highly secure and anonymous transactions.

The Good and the Bad Side of the Dark Web

Desktop on Table — Photo by negative space via pexels

The inherently anonymous nature of the dark web makes it an ideal place for free thinkers and truth seekers, but it is also a highly attractive platform for criminals to put up shadowy markets. These websites cater to niche markets with special tastes in illegal things. This deep layer of anonymity is the very thing that attracts both good and bad elements of the platform. Both legitimate actors and cybercriminals co-exist on the platform, giving it a delicate nature. This is following the concept of equal protection by means of an anonymous network.

The Positive Side

Good Side of Dark Web — Photo by burst via pexels

The dark web has always received a bad rap from the public. Most people who have never accessed the platform believe that only cybercriminals and hackers lurk there. But in reality, the dark web is an excellent space for legitimate web platforms. Plenty of ordinary folks with the right software are able to visit the series of dark web networks. The dark web plays host to a number of legitimate websites, and reports indicate that many more websites from the regular internet are planning to have a presence there.

The dark web is also perceived by some as the ultimate avenue for free speech and transparency. Journalists and dissenters flock to it to express themselves about important political issues. The dark web also hosts its own version of Facebook for anonymous socializing. It also has its own version of WikiLeaks for all forms of exposes.

The Dark Side

Bitcoin symbol with drugs — Photo by roger brown via pexels

The dark web is infamous for the illegal activities taking place there. It’s been touted as a place where the curious, the desperate, the addicted, and the downright evil converge. And as you can expect from this twisted paradise, there is a smorgasbord of illegal items sold on the dark web. Items like drugs, counterfeit money, fake documents, and deadly weapons are available.

The use of cryptocurrencies is also ideal for buyers and sellers who wish to remain anonymous. After all, both parties can do away with pleasantries and uncomfortable exchanges of potentially incriminating information. Aside from featuring the standard set of illegal items, the dark web also features weird items that you would never see for sale on the surface internet. Examples include human blood, human body parts, and equipment for hacking computers. A few websites even advertise hackers for hire to do your bidding against people you hate.

But perhaps the most disturbing items to ever grace the dark web are the thousands, in some cases millions, of stolen personal information. Hackers often put the information they have stolen onto the dark web for financial gain. Anonymous users can purchase the data by piece or in bulk, depending on what they need. Hackers charge more for personally identifiable information (PII) like names, addresses, and social security numbers. PII is a gold mine that fraudsters use to get to your finances. But interestingly, the price that hackers usually charge for PII has reportedly decreased due to the oversupply of such information on the dark web. Reports of oversupply appear to corroborate the escalation in the number of international companies’ data breaches over the past few years.

How Can My Personal Data End up on the Dark Web?

Market research institute Statista reported that 71 percent of data breaches are financially motivated. Meanwhile, 95 percent of breached records came from the government, retail, and technology sectors. Hackers go after specific types of data or PII that are useful for accessing financial services or to steal money directly from your account. A majority of hackers act alone, but around 36.5 percent of them are involved in organized crime. Hackers also vary in their methods. Some look for individual targets at random. Others may execute carefully planned attacks against large corporations.

Hackers have a wide selection of tools and software at their disposal to carry out attacks, such as fake websites, fake emails, and fake software. The objective is to get you to open a link or download software that will introduce malware to your device. Trojans and rootkits are devious forms of malware that steal your information. Hackers also use keystroke logging software and network analyzers. These capture passwords as you log them or while your data packets are in transit. Hackers are also known to take advantage of insecure networks (i.e. public Wi-Fi) to hack into nearby devices.

Big data theft is considered a subscale of identity theft. It has to do with the large-scale theft of customer information from a large business or enterprise. Big data theft can have serious financial and reputational consequences for affected companies. IBM’s Cost of Data Breach revealed that a data breach can cost a major company up to $3.92 million. This includes expenses, damage control, repair, lawsuits, and fines. The annual global cost of cybercrime is also expected to reach up to $6 billion by 2021.

What Are Notable Examples of Big Data Leaks?

A decade earlier, reports of data breaches comprising the data of a few million people were few and far between. Nowadays, reports of data breaches concerning thousands or even millions of customer data have become a weekly or monthly occurrence. And as more and more companies experience crippling security breaches, the wave of compromised data sets is also rising. In 2019 alone, there were 2,013 confirmed data breaches worldwide. Facebook, Microsoft, Amazon, and Adobe are just some of the few familiar names affected by these attacks. Hackers targeted various data types such as email accounts, account information, and log-in passwords of their users.

There have been a number of notable data breach reports throughout the years, but some stood out for the sheer scope of the resulting damage and number of victims. In 2013, document management firm Adobe reported the theft of three million encrypted customer credit card records as well as login data for an undetermined number of user accounts. In 2016, adult dating app Adult Friend Finder reported a breach of 212.2 million accounts, including names, email addresses, and passwords. Just last year, Australian graphic design website Canva reported an attack that exposed 137 million user accounts.

Perhaps one of the largest data hacks ever recorded was the one that happened to Equifax. The hackers made off with the data of more than 147.9 million users of one of the United State’s largest credit bureaus. The company was faulted for software vulnerabilities and late reporting.

There are many more examples of data breaches with equally dire consequences, and experts expect more cases to take place. They report that hackers always look for new gateways to commit new forms of identity theft. Users will continue to be exposed to threats of their data getting compromised unless protection against such attacks steps up.

Is Law Enforcement Active on the Dark Web?

Computer codes — Photo by tima miroshniche via pexels

Here is an interesting fact about the dark web. The anonymized Tor network on which the dark web is built began as an experimental project by the Department of Defense. The government created the anonymized and encrypted network to protect US spies’ sensitive communications. Other security-conscious companies and agencies who needed a secure network also used Tor to carry out their activities. It didn’t take long for criminal organizations to migrate their activities onto the dark web, and the dark web became the perfect playing field for them to reach out to customers from all over the world. It took some time for governments to pay serious attention to the illegal activities in the dark web, and they deployed agencies such as the NSA and the FBI to monitor the platform’s activities.

The already-notorious dark web became front and center in 2013 when the FBI shut down the Silk Road, the largest marketplace for illegal items and services on the dark web. The entire operation was a slow and painstaking process that took the FBI two years to complete. They also needed special equipment to de-anonymize the networks one by one. A few years after the Silk Road incident, the FBI also shut down AlphaBay and Hansa, two of the closest successors to Silk Road. Many considered the operation as the largest sting operation ever held against the dark web. The public expects more operations to take place in the future.

The Dark Web, Law Enforcement, and Data Theft Issues

Dark web and law enforcement — Photo by pixabay via pexels

Law enforcement presence on the dark web continues to grow. Unfortunately, many agencies are still not in the position to effectively deal with criminal elements that leverage the highly anonymized structure of the dark web. De-anonymizing Tor networks can be slow and difficult to navigate, and criminal elements frequently switch their location on the dark web to avoid detection. The lack of actionable research about the dark web also affects law enforcement. Many governments and legislative agencies are still grappling with the concept, and there is no existing legislation honing in illegal activities on the dark web.

The volume and scope of criminal activities on the dark web also pose an issue for law enforcement. There are also too many websites and levels of criminal activities on the dark web, and resource-strapped law enforcement can only pick and choose which battles to fight. And even if the federal agencies do manage to shut down websites that sell stolen information, complete recovery of stolen data would be impossible. Once your data is out there, it has already been compromised and is no longer safe to use. Hackers usually duplicate valuable information that they’ve gathered multiple times and store them on various databases. You can expect that there would be more than one copy of your data in the hacker’s possession.

And you’ve probably wondered about this at least once, but law enforcement agencies cannot simply shut down the dark web. First of all, the dark web is not illegal and has a legitimate use for the public. The Tor network is also an intensely complicated network with servers spread out across the world. It would take a gargantuan effort to shut it down. Even if they succeed, people can use the servers to simply create new networks.

How to Find Out if You’ve Been Hacked

At this point, we might need to clarify the difference between identity theft and identity fraud. Identity theft in its simplest definition is when someone steals or copies your PII. Identity fraud occurs when that person commits fraud or illegally access accounts that don’t belong to them using your identity, mostly for financial gain. These two crimes are distinct from each other, but hackers often commit them hand in hand. Hackers usually have two options after successfully stealing data. They can either use the data to commit fraud themselves or post the data on the dark web in exchange for money. One thing is clear, though: your data can only be used for illicit gain once it is on the dark web.

Signs That You’ve Been Hacked

Have you ever tried logging into your account, only to find that your password was changed just a couple of hours ago? With the prevalence of cybercrimes, identity thefts, and identity frauds, we can’t stress the importance of having multiple methods to protect yourself enough. Identity fraud cases are a race against time. The earlier you find out about it, the better. Everyone should know the signs of hacking and what actions to take before any serious damage can be done.

Hackers use multiple entry points for stealing your private information, but the most common and easiest entry point is through malware. Hackers use specialized malware to do different things, depending on what they want to achieve. Trojans and rootkits copy your files while ransomware locks down your files in exchange for ransom. Other forms of malware simply delete your files or corrupt them to the point where they can’t be accessed. There are a few telltale signs of a malware-compromised device, which in turn serve as a potential warning that your data could be compromised.

Signs of Malware-Infected Systems and Compromised Data

Malware infected computer — Photo by michael geiger via unsplash

Disappeared and corrupted files. If some of your files have gone missing or you can’t open a file, this could be a sign of a compromised device.
You’re sending your contacts spam email. Getting a notification that you’ve been sending out spam to your friends is a major sign that your email has been hijacked. Spammers usually use hijacked email addresses when sending out spam emails to reach out to more email addresses.
Your PC contains software you don’t remember installing. Potentially unwanted programs, also called PUPs, are malicious software that often contain malware. PUPs often arrive bundled with malware, and some even consider these programs to be malware in themselves.
Your PC has slowed down significantly. A slow running computer is the most common symptom of malware infection. Your device may be infected with a virus if your operating systems and programs take longer to start up. Malware also tends to take up storage space, which leaves little room for other programs and files.
You’ve noticed an unexplainable spike in your network activity. Malware are very similar to actual viruses that work double-time to harm your computer system, and the malware’s undisclosed activities may cause unexplained spikes in network traffic. Network usage spikes usually take place as a result of malware trying to mask malicious activities or malware attempts to force login to several devices.

Signs of Identity Fraud and Compromised Data

Computer hacking — Photo by thedigitalway via pixabay

A small percentage of hackers carry out identity thefts for personal motives, but most of them carry it out for financial gain. For the majority of hackers, their primary objective is to gain access to financial services or your personal bank accounts. Once hackers have posted your data on the dark web, the next logical step is for buyers to use your data to try to get into your bank accounts. This is why it’s important to monitor your financial accounts and credit cards to watch out for potential signs of fraudulent activities.

The key here is to catch fraudulent activities as soon as they happen and before the hackers can bleed out your bank account or damage your credit scores. The federal government allows identity fraud victims to report their findings within sixty days at most to report unauthorized charges made through your account after the fact. Once you have sufficiently proven fraud, you can limit your liability to a maximum of $500. If you wait longer than sixty days to report fraudulent activity, you could be liable for all charges.

Red Flags to Look Out For

Here are some of the signs to look out for to indicate that someone else has taken over your accounts. Report your suspicions to local police, your bank, and the Internal Revenue Service (IRS). You may need to file an identity theft affidavit in the process, but catching the fraud early can help save your account from thievery and preserve your credit history.

Signs of Account Takeover and Fraud

Hacked Bank Account on the dark web — Photo by teguhjatipras via pixabay

Receiving new credit cards you didn’t sign up for. If you receive a credit card that you don’t remember signing up for, a hacker or third-party most likely signed up for it using your information.
Experiencing a sudden drop in your credit rating. A high credit rating is a key factor for loan and credit card applications, and having your account hacked is an easy way to get your credit rating down in just a few months. If you experience a sudden drop in your credit rating by more than fifty points in a few months, this could be a sign that someone else has been using your account.
Surprise bills for services you haven’t used and past due notices for products you didn’t buy. A glaring sign is if you get a call from your dentist or doctor’s office about a bill that you haven’t paid for a service that you didn’t get. Another is when you notice an unpaid due on your credit card that you didn’t make.
Debt collectors soliciting payment for debts you didn’t make. If you suddenly receive a letter from a debt collector or bailiff regarding debts you didn’t make, someone else has been borrowing money in your name.
The IRS informing you that more than one tax return was filed in your name. If someone gets their hands on your social security (SSS) number, they can file a tax return claiming a fraudulent refund. If the IRS informs you that it has received more than one tax return within the same tax year, your SSS number may be compromised.
Sometimes hackers commit identity fraud in the simplest of means: by taking over your social media. If you get locked out of your social media or professional networking accounts or find posts on your account that you didn’t make, these are glaring signs that your account may have been hacked.

Safeguarding Your Data and Preventing Fraud

Safeguarding Data on the dark web — Photo by geralt via pixabay

The theft of your personal data from your computer or from a remote server run by an organization with your details can have serious consequences on your financial stability and creditworthiness. Fortunately, there is an increasing number of options you can take to protect your private information. These methods aren’t perfect, but at the very least they can make it much harder for hackers to get into your account. And in case they do manage to get in, you’ll be able to catch them immediately. Lucky for you, there are a couple of methods that you can use to protect yourself from becoming a victim.

General Steps to Prevent Identity Theft and Fraud

Account Fraud — Photo by pixabay via pexels

Follow the best practices when it comes to password management. Always use strong passwords that incorporate both characters and numbers. Change your passwords frequently and never share them with other people. Use a reliable password manager to manage and encrypt passwords that you use across multiple applications. Find yourself struggling to remember multiple passwords? It may be time to pick out a reliable password manager to help you out.
Use antivirus and anti-malware software regularly. Antivirus software can scan your system for traces of malware and eliminate that threat accordingly. Most malware works in extremely stealthy ways, so you never know when your computer gets tracked. If you’re not sure which software to install, learn about the best antivirus brands available that track and eliminate malware from your devices.
Safeguard your Wi-Fi network with the right VPN services. Most browsers and websites already have updated security features. However, these systems only concern the data that passes through the software and not on external applications. A VPN can encrypt data not just in your web browser but also in other apps to prevent malware from getting a glimpse of your data while on transit. VPNs also hide your IP address in the process. Set up your VPN with this ultimate guide.
Be mindful of where you share personal information and with whom you share it. Most people don’t care about privacy when it comes to casual interactions and social media. But this complacency can lead to danger. Never share your personal information with people who ask for it for no legitimate reason. Be very discerning when it comes to conversations with people you don’t know well. Always think before you post and speak.
Follow tried-and-tested cybersecurity practices and employ robust network security practices for work and organizational spaces.

Special Steps to Prevent Identity Theft and Fraud

Data Security on the dark web — Photo by fernando arcos via pexels

Freeze your credit report. A credit freeze blocks access to your credit information and prevents creditors from accessing your credit history. Most creditors need your credit report to extend credit or open a new account. This should make it much harder for identity thieves to act behind your back.
Sign up for credit monitoring services to stay updated on your financial status. Credit monitoring services track changes in your credit activity regularly. Examples of activities they track include if someone makes a large purchase or opens a new account using your details. The service also tracks credit reports and credit scores to scan for sudden changes. More advanced credit monitoring services even include the real-time scanning of the dark web by specialists.
Check websites that provide comprehensive lists of compromised databases. Several websites exist mainly to keep track of data breaches that occur across the internet. The Have I Been Pawned website is the go-to site of most people for tracking incidents of data breaches around the world.
Employ a dark web monitoring tool. Dark web monitoring tools actively scan the dark web for traces of your personal and financial information. Dark web monitoring tools also track highly erratic websites on the dark web. Some even go so far as to monitor restricted sites where your personal information could be sold.

Final Thoughts

The dark web is a vast and mysterious space that embodies the ideals of market anarchism and libertarianism. The dark web has gained a negative reputation for being a haven for illegal activities. No one can dispute that criminal organizations are using this platform. However, it’s important to remember that this wasn’t the originally intended purpose. Criminal activities committed on the platform are not exclusive to the platform. The illegal activities on there are also present on the surface internet, albeit hidden from public view. All of these crimes had existed long before the dark web even existed.

There is little we can do to stop the influx of stolen data into the dark web. The good news? We still have various methods at our disposal to protect ourselves and make identity theft harder.