What is a dark web scan and do you need one?

(Image credit: Shutterstock / Trifonenkolvan)

Should you invest in a dark web monitoring service? With 80% of successful data breaches tied to weak or compromised passwords, it’s a wise investment.

Here’s how dark web scans work:

Most of the internet is hidden

As of October 2020, the “Indexed Web,” also known as the “clear web” or the “surface web,” contains over six billion websites. These are all the sites, from social media channels to shopping platforms to personal blogs, that are indexed on public search engines such as Google, Bing, and DuckDuckGo.

About the author

Craig Lurey is CTO at Keeper Security

As large and sprawling as it is, the surface web represents only about 1% to 4% of the internet. The remaining 96% to 99% of pages aren’t indexed in public search engines, for one of two reasons:

  • The pages are hidden behind a paywall, protected by login credentials, or are set to block web crawlers. About 95% of “hidden” sites fall into this category. These include pages such as membership sections of subscription sites, online banking portals, the admin section of a company’s WordPress blog or cloud services installation, and the content of individual Gmail accounts.
  • The pages are part of the dark web. In addition to being intentionally hidden from public search engines, they can only be accessed using a special anonymizing browser called Tor, which renders users’ IP addresses unidentifiable and untraceable

Understanding dark web scans

Despite its ominous-sounding name, not all sites on the dark web are set up for nefarious purposes. For example, millions of people worldwide live under authoritarian government regimes where access to the surface web is censored and closely monitored by the authorities. Political dissidents, protesters, and whistle-blowers use dark web sites to access information, organize, and communicate with the outside world without fear of their activities being intercepted.

For this reason, Facebook, DuckDuckGo, and legitimate news outlets have special Tor sites which direct traffic through an overlay network to conceal users’ location and usage, and investigative reporters use the dark web to facilitate confidential communication with whistle-blowers and other informants.

However, the anonymity of Tor and the dark web also attracts criminal activity, such as online marketplaces for illicit goods and services -- including cybercriminal forums that hawk stolen data, including credit card and Social Security Numbers, medical records, and login credentials.

Dark web scanning services monitor these cybercriminal forums, keeping an electronic ear to the ground and alerting you if any of your passwords show up.

Why invest in a dark web monitoring service?

Even if you are diligent about password security measures such as using strong, unique passwords, a password manager, and multi-factor authentication (2FA), your login credentials could still be stolen if one of the sites or apps you use is breached.

Since the COVID-19 pandemic forced millions of people around the world to start working, studying, shopping, communicating, and seeking entertainment online, all of us have more online accounts than ever before, and cybercriminals are hitting popular apps and websites hard/

Typically, data breach victims are the last ones to know that their information has been compromised. It can take organizations months, even years to detect a breach, and not all organizations are diligent about notifying victims in a timely fashion. It took Marriott Starwood nearly four years to discover that its reservations system had been compromised, and the company waited nearly three more months to notify the nearly 500 million customers impacted.

The sooner you find out that your login credentials have been compromised, the faster you can take action to protect yourself. The compromised password should be changed immediately. Depending on the nature of the account that was compromised, you may want to take additional action. For example, if your bank account or credit card credentials were compromised, you may want to contact your financial provider to prevent unauthorized purchases, and put a freeze on your credit report to prevent criminals from opening up additional lines of credit in your name.

Are their any limitations?

Because of the very nature of the dark web it can’t be “searched” as easily as searching the surface web using Google. While dark web search engines exist, none of them approach Google’s scope. The closest comparison is what it was like to search the surface web in the mid- to late-1990s, before Google existed.

Dark web scans don’t scan the entire dark web; that would be impossible. Instead, they monitor known cybercriminal forums and marketplaces where data dumps are frequently put up for sale. However, this isn’t an indictment of dark web scans. A robust dark web monitoring service will catch the overwhelming majority of incidents where your personal information has been put up for sale.

The best way to think of dark web monitoring services is to look at them as one tool in your arsenal to protect yourself against cybercrime. No cybersecurity defense is perfect, but that’s why it’s important to pair solutions for layered protection. A dark web monitoring service, paired with good password security practices and a password manager, will provide comprehensive protection against nearly all password-related cyberattacks at an affordable price.

Craig Lurey is CTO at Keeper Security