Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

What you need to know about the deep and dark web

By Alberto Casares
cyber web freepik

<a href='https://www.freepik.com/vectors/technology'>Technology vector created by rawpixel.com - www.freepik.com</a>

April 5, 2021

Billions of searches take place on the surface web every day. Synonymous with Google, this part of the web is indexed by search engines. Try searching your name and you’ll likely be met with thousands if not millions of results, a few of which are familiar to you – your social media profiles, bio on your employer’s website, mentions in the news. The surface, or “clear” web, is only the tip of the iceberg, as vast as it may seem. In fact, it makes up only 4% of the entire World Wide Web. A much larger chunk of the web, the deep web, lies beneath the surface and is not indexed by search engines – but it is still just as important for security professionals to monitor.

What sort of information is rarely available on the surface web? Medical records, bank account information, and so much more. This deep web content is not indexed because it is either password protected, behind a form, the volume of information is very high (e.g., tweets), etc. Parts of the deep web are commonly used and just as mundane as the surface. It is a bit of a misnomer to refer to the deep web as “hidden”, but you do need to know where the information is located, because Google will not help you to discover it. If you have ever signed into your email, for instance, you’ve browsed the deep web. A subset of the deep web, the dark web, is notoriously known as a clandestine haven for crime (think: Silk Road), but this is not entirely the case. ProPublica, The New York Times and even Facebook all have onion sites. Yes, onion – I’ll cover this shortly.

It is true, however, that the anonymized and encrypted nature of the dark web lends itself to criminal activity. Virtual currency, such as Bitcoin, is widely used alongside other cryptocurrencies due to its almost anonymous nature. In all my years monitoring these underground communities, I’ve seen everything from drugs to weapons to large data sets amassed from breaches, being bought, sold, and traded.

To access the dark web, you must download a browser that anonymizes your communications, such as Tor. Tor and other dark web networks make it difficult to trace a user’s internet activity, thus masking their traffic. The original technology behind Tor, also known as “onion routing”, was actually developed by the United States Navy and, to this day, nearly half of its funding comes from the U.S. government.

In the wake of COVID-19, cybercrime has increased. A September 2020 Microsoft report found that the first half of 2020 saw an approximate 35% increase in total attack volume compared to the second half of 2019, with threat actors leveraging the security gaps that come with remote workforces. Further, the volume of dark web users also surged during this lockdown period. An increase in cybercrime and dark web users is a formula that keeps security professionals up at night.

As scary as it may seem, there’s a good chance you have had – or currently have – personally identifiable information (PII) that has been exposed or for sale on the dark web. It is not an exaggeration to say that millions of accounts are compromised every year, and billions of exposed credentials continue to circulate in underground communities. My firm’s 2020 Breach Report found that there were more than 18 billion raw identity records being passed around through these underground marketplaces. Threat actors will use this information, which can be found on forums and private channels, to compile digital profiles of citizens and businesses, fueling a host of identity-based attacks. Sometimes, PII is sold, but just as often, it is leaked.

A fact people often find funny is that these dark markets run very much like a business. People can leave reviews for websites, report scams to the community, and even correspond with customer support. The average prices for different identity record types vary by country, type of account, etc., but in 2019, we found that social security numbers went for roughly $67; passports around $53; drivers licenses about $48; credit cards nearly $41; and tax IDs were just under $29.

Despite the vast amount of data already circulating on the dark web, all is not lost. To safeguard your identity and information, the first and simplest step you can take is to stop reusing credentials. Everyone seems to understand that reusing passwords is bad, but, according to a recent LastPass survey, most people do it anyway. Only changing a character or two among your various passwords isn’t enough. Use unique, complex passwords for all accounts (a password manager can help), and implement multi-factor authentication, when possible. If you suspect your credentials have been compromised, reset you password to render the data obsolete. Include as little personal information about yourself online, and, when filling out forms, only put down what is required (e.g., if an address or phone number isn’t mandatory, don’t list it). Finally, err on the side of caution when browsing the web – don’t visit suspicious sites or click on sketchy links/attachments.

Businesses need to prevent their information from getting into the wild with enhanced security measures and cyber awareness training. Once sensitive information is exposed, which is almost an inevitability at this point, it is important to implement processes and tools to swiftly get alerted. The sooner organizations and individuals know about the breach, reset credentials, and lock down networks, the less damage occurs. Simply put, the deep and dark web is just as important to monitor as the indexed web.

KEYWORDS: cyber security Dark Web information security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Alberto Casares is VP of Risk Protection at Constella Intelligence. He is a Deep and Dark Web expert, researcher, and investigator who is passionate about security and how breached and leaked data can be used to protect citizens and organizations across the globe.

 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC0919-Edu2-Feat-slide1_900px

    What Do You Need to Know About the California Consumer Privacy Act?

    See More
  • data-privacy-fp1170x658v579.jpg

    What organizations need to know about the new CPRA legislation

    See More
  • Revised NIST Cyber Security Framework - Security Magazine

    5 Things You Need to Know about the Revised NIST Cybersecurity Framework

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing