Click clear of the dark side of life

City talk | Michael Gazeley 21 Jan 2019

As more of our lives move from the physical to the digital, vast pools of personal data are aggregating in databases so large they almost defy imagination.

The companies behind these databases are, however, clearly not doing enough to secure them from cyber-criminals.

Hardly a week goes by without an announcement of a colossal data breach at a famous firm.

Cathay Pacific lost 9.4 million customer records, Marriott lost 500 million guest accounts, Yahoo! lost three billion membership records. These are just three examples; there are already over 3,000.

Full names, birth dates, mobile phone numbers, home phone numbers, physical addresses, bank account details, credit card numbers, ID card and passport numbers, medical records, travel itineraries, information about children, personal photographs and videos - the list goes on.

As more of us become repeat victims of breaches, the ability of hackers to combine a person's data into comprehensive digital identities for high quality identity theft grows.

Think about it. When you call your bank, credit card firm or mobile phone operator, a person will typically ask the same few questions to make sure that you are indeed you. What is your ID card number? Full name? Birthdate? Home address? And so on.

The problem with this ritual is that all the answers can almost certainly be found within the aggregated data breaches, which are posted on the Dark Web. By sharing your data on the Dark Web, hackers may collectively know more about you than you do.

So what's the Dark Web?

In a truly remarkable case of art imitating life, it turns out only 4 percent of the world wide web is visible to normal search engines like Google, just as only 4 percent of the physical universe is made up of matter we can see and touch.

Beneath what is called the Surface Web is the Deep Web, which makes up the remaining 96 percent, a subset of which is the Dark Web.

There is nothing intrinsically bad about the Deep Web, but the vast majority of people, firms and organizations do not want their data to be public - and for good reason.

Company accounts, product designs and customer data are examples of the types of information that need to be actively protected. This is what makes up the Deep Web. It consists of all the data kept from public view.

The Dark Web is deliberately hidden in the world wide web, and cannot be accessed without special knowledge and tools. Perhaps the most famous tool is TOR - "The Onion Router" - developed by the US Naval Research Laboratory to help protect intelligence traffic sent over the internet.

Different tools are used to access different Dark Nets, which in turn make up parts of the Dark Web, all with the primary goal of everyone involved (except, of course, victims) remaining anonymous.

The Dark Web is not only about criminality.

Political dissidents for example often communicate using the Dark Web to protect themselves, but there is no doubt this part of the internet constitutes its hidden and often very disturbing underbelly.

While not everything that happens on the Dark Web is criminal, almost everything that is criminal and online is happening on the Dark Web: Drugs. Sex. Firearms. Even murder for hire.

Whenever a major hack is carried out, typically resulting in a massive data breach, personal data usually ends up on the Dark Web. There are currently over 5.6 billion sets of hacked credentials already posted, and the number is growing fast.

While it is hard to track people by name - imagine how many Bobby Browns there are - it is easy to track people by an e-mail address. That is why when you want to reset your password, for example, most websites offer to e-mail you a clickable link.

It is exactly because more and more identifiable e-mail addresses are part of increasing numbers of third-party data breaches, which have been posted on the Dark Web by hackers, that monitoring such posts and taking action is vital.

Changing passwords regularly is as critical as choosing hard-to-figure passwords. But perhaps the smartest move is to use a completely different e-mail account with a unique and complex password for each important aspect of your digital life. Separate every bank, credit card and work account.

If hackers are going to aggregate your data to attack you, defend yourself by making it almost impossible to aggregate your data.

Michael Gazeley is managing director of Network Box Corp.

Search Archive

Advanced Search
December 2021

Today's Standard