The darknet is the hidden face of the web. It contains pages which are not indexed by search engines, many of them providing illegal information or services. On the darknet you can find stolen data or sensitive data that could be used for massive cyberattacks. So, could your company’s data be found on the darknet?

Deep web or Dark web?

First, there is a distinction between deep web and dark web (or darknet). The web can be compared to an iceberg:
– some part can be reached by search engines such as Google: the visible web (the tip of the iceberg)
– some part contains a vast amount of non indexed websites: the deep web (the hidden part of the iceberg)
– the most hidden part especially contains pages concerning illegal activities such as mafia, crime or terrorism : the darknet (the bottom of the iceberg)

To access hidden websites, you need to access an anonymous network such as Tor, through a specific browser. The Tor network enables you to access websites which top level domain is .onion.
Surfing on Tor is completely anonymous, which explains why this underground network is used by criminals but also by activists and people living in countries censuring the Internet.


Why would your data be available on the darknet?

Following a data theft, information can be displayed on the darknet for different reasons:
– personal data selling : mail addresses, social security numbers, bank account IDs… All these data have a trading value, as they can be used for spamming, identity theft, money theft…
– blackmailing of legitimate data owners
– ideological reasons : denouncing of abusive practices, compromising information disclosure… Attackers might have political or religious motivations.

Furthermore, information about the IT infrastructure of some companies can be found on the darknet. They can be found by people gathering information for the purpose of executing targeted cyberattacks.

How to know if your data is available on the darknet?

Before investigating the darknet, you should ask about the security level of your infrastructure and applications. Web applications are especially vulnerable to attacks. Securing the data stored in these applications is a first necessary step in order to avoid data leaks on the web (either on the visible or the hidden web).

After that, you should limit unnecessary exposure on the web. Doing this will reduce the attack surface that can be exploited by hackers. So, it makes sense to investigate the hidden web and detect available information about your company. Then you will be able to clean the data and sometimes even detect a security incident that had not been detected within the company.

Surfing on the hidden web is not easy, as websites are not indexed. You need to know the pages URLs or to use underground web crawlers. Risks of being hacked are high.
But there are also recent tools that make it possible to crawl the darknet and establish a cartography of information about a company. It can only be a partial statement, for instance limited to the Tor network. But still, this is an extremely important step that expands data leakage monitoring possibilities for cybersecurity experts.

The darknet becomes a new field of investigation for all cybersecurity professionals.