The so-called ‘dark web’ is an Internet space hidden from standard search engines.. In this, users can hide their identity and location using camouflaged IP addresses – which identify the devices being used for the search – that can only be accessed through specialized browsers.
This term should not be confused with the so-called ‘deep web’, which is that part of the Internet that can only be accessed through a login or that has a paywall. Most Google services, which require a user account – this is the case of Gmail or Drive – or social networks – Facebook, Instagram, TikTok – are examples of this.
To access the content of the ‘dark web‘You cannot use browsers like Google or Safari, but it can be found in all those networks that make up the ‘dark web’, known as ‘darknets’, for access to which specialized ‘software’ is necessary. Some of the best known are The Onion Router (TOR), ZeroNet or I2P.
These browsers are capable of isolating each website visited to guarantee a completely private and anonymous experience. In this way, they hide the IP address and the activity recorded during browsing.
According to data provided by Google, the ‘dark web’ only encompasses 0.1 percent of the total content on the Internet. However, as it is a space that is used to carry out private and anonymous actions, it can result in illegal activities.
So much so that it is commonly used to avoid law enforcement and sell stolen personal information. Even for other illegal activities such as drug trafficking or data security breaches carried out by cybercriminals.
COMPANIES, THE MAIN OBJECTIVE
Users’ sensitive and confidential information can end up on the dark web in different ways. Data breaches are commonly associated with attacks by malicious actors who steal data through methods such as phishing or the deployment of malware.
Thus, cybercriminals can access user information illegitimately and, once they obtain it, they go to the ‘dark web’ to negotiate with the victims to recover said information or sell it to other people.
This scenario is increasingly common for companies, which have become the main objective of this type of campaigns. As Kaspersky’s Digital Footprint Intelligence team has been able to verify, an average of 1,731 monthly messages have been observed on the ‘dark web’ referring to the sale, purchase and distribution of company databases and internal corporate documents. Between January 2022 and November 2023, in fact, almost 40,000 messages of this type were detected.
Furthermore, according to data collected by the cybersecurity company, one in three companies has been mentioned on the ‘dark web’ for the sale of their confidential information or access to data infrastructures.
HOW TO CHECK IF YOUR DATA IS ON THE ‘DARK WEB’
There are cases in which leaks are carried out more discreetly and, therefore, it is more difficult to know if users’ personal data has been dispersed across the ‘dark web’, although there are signs that may indicate that it has been filtered the information.
For example, if you receive an alert that you wanted to change the email address or recovery phone number of an account, it is possible that the account is in the hands of cybercriminals and has been leaked.
One option to check if personal data has been leaked is to search for it in the aforementioned ‘darknets’, with tools such as TOR. This alternative may entail some risks, if you do not know how to navigate properly, how to handle said software or how to search for the allegedly leaked information.
To avoid this scenario, there are some analysis tools such as the one provided by Google through the Google One subscription, which allows you to configure a user profile to monitor the ‘dark web’ and thus know if user information has been affected. in data security breaches, as the firm explains on its website.
This tool is included in all Google One subscription options and includes data such as name, address, phone number, email, and login credentials. However, for those users who do not have this service, checks can also be carried out with the username or email for free, as long as a personal Google account is used through the link one.google.com .
Once the analysis has been carried out, Google will offer a summary of results, showing whether the data you are looking for has appeared on the ‘dark web’ and, if it has been found, at what time and how it was leaked.
You can also use other similar alternatives such as the ‘online’ tool Have I Been Pwned, which is also free and its function is to scan between “multiple database violations” to collect information so that users can see if their data is found. between said leaks.
WHAT TO DO IF YOUR DATA IS ON THE DARK WEB
Once certain personal data has been revealed on the ‘dark web’, Users affected by these leaks can take some measures to increase security in services or accounts that may have been affected.
In this sense, one of the first measures that must be carried out is changing passwords, so that, if the credentials of an account have been published on these networks, malicious actors cannot access them.
On the other hand, in the event that data related to bank accounts has been compromised, it is advisable to contact the bank or branch in question to report what happened and check whether an attempt has been made to access the account or whether access has been made. to steal money
In order to prevent other users from being harmed, close contacts should also be notified of the leak. In this way, they will be able to remain alert to attempted phishing messages or malware attacks that are sent from personal accounts that have been leaked.
However, it is also important to take prior security measures to prevent, when an account data has been leaked, malicious actors from being able to access it or carry out other actions with dangerous consequences.
Therefore, two-factor authentication (2FA) must be activated, which adds an additional layer of security when logging into an account. Thus, a system is implemented in which, instead of just entering a password to log in, an extra security code or key is required.
Likewise, it must be taken into account that the passwords chosen must be made up of uppercase and lowercase letters, as well as numbers and special characters to increase their security.
Source: EUROPA PRESS
