HOW CAN DARK WEB ID HELP MY ORGANIZATION?
Our service is designed to help both large and small organizations detect and manage potential cyber threats to their organization. Dark Web ID leverages a combination of human and artificial intelligence that scours botnets, criminal chat rooms, blogs, websites and bulletin boards, Peer-to-Peer networks, forums, private networks, and other black market sites 24/7, 365 days a year to identify personally identifiable information.
DO THESE EXPOSED CREDENTIALS MEAN MY ORGANIZATION IS GETTING TARGETED?
Although these exposed credentials don’t signify that your organization is being directly targeted, the information is still readily available on the dark web. Leaving your organization vulnerable in the future if preemptive steps aren’t taken.
HOW ARE THE EXPOSED CREDENTIALS FOUND ON THE DARK WEB?
Dark Web ID focuses on cyber threats that are specific to your environments. We monitor the Dark Web and the criminal hacker underground for exposure of our clients’ credentials to malicious individuals. We accomplish this by looking specifically for our clients’ top-level email domains and IP addresses. When a credential is identified, we harvest it. While we harvest data from typical hacker sites like Pastebin, a lot of our data originates from sites that require credibility or a membership within the hacker community to enter. To that end, we monitor over 500 distinct IRC channels, 600,000 private websites, 600 twitter feeds, and execute 10,000 refined queries on a daily basis.
CAN I TRACK PERSONAL EMAIL ACCOUNTS FOR COMPROMISES?
We allow for up to 5 personal email addresses per organization to be tracked.
WHAT DO THE DIFFERENT COMPROMISE TYPES MEAN?
• Keylogged/Phished – Indicator that there may be malware
on an employee’s computer.
• Breach – 3rd party website was hacked
• Not Disclosed – Information is not available in data pull.
WHAT DO THE DIFFERENT SOURCE TYPES MEAN?
• ID Theft Forum - An IRC forum, chat room, or member only
site (where credentials are required to gain access) where
cyber criminals go to buy, sell, or trade PII and financial
data.
• Social Media – Typically Myspace or LinkedIn.
• Webpage – 3rd party website where company email was
used.
WHAT DOES PASSWORD CRITERIA MEAN?
Password Criteria is designed to allow you or your clients to identify what their network password criteria is in order to put a higher alert status on credential exposures that may meet this criteria. It allows you to enter Minimum Lengths, number of letters, numbers, special characters and capital letters.
WHAT DOES IT MEAN WHEN A PASSWORD HAS A LONG SERIES OF RANDOM NUMBERS AND LETTERS?
Typically this means the password is hashed/encrypted. These passwords can be “cracked” or decrypted through multiple websites available.
I SEE FAKE EMAILS (FALSE POSITIVES), WHY IS THIS IMPORTANT?
There are a variety of reasons hackers use fake emails, without speculating too far, these can be used for phishing type attacks. You should consider blocking these emails from your systems.
SOME OF THIS DATA IS OLD AND INCLUDES EMPLOYEES THAT ARE NO LONGER WORKING FOR US?
While some of the data we pull in might be considered older, employees still in many cases use the same or similar passwords. In regards to former employees, there is still a good opportunity to confirm you’ve shut down any privileges their account may still have.
ARE THERE ANY SPECIAL CREDENTIALS NEEDED TO INVESTIGATE THE DARK WEB?
To download the “TOR” browser and access the dark web, no. Many dark web IRCs and member driven marketplaces require privileged credentials to access. Again, I do not recommend that you access the dark web without an IT professional with dark web experience. If you do, remind the professional to use VPN.
NONE OF THESE PASSWORDS MEET OUR NETWORK CRITERIA, WHY SHOULD WE CARE ABOUT THIS?
Employees often use similar password throughout their work and personal networks. If your internal requirement is to have a capital letter and special character, it’s common practice for employees to use a password they are familiar with and add a capital letter and explanation mark. (Example: Exposed Password: cowboys, Variation: Cowboys!) Hackers are able to run brute force scripts that run hundreds of variations of passwords in order to find a match.
IF YOUR PERSONAL DATA IS FOUND ON THE DARK WEB, CAN IT BE REMOVED?
Once the data is posted within the dark web, it most likely will be copied and distributed (resold or traded) to a large number of cyber criminals, within a short period of time.
WHAT IS THE DIFFERENCE BETWEEN AN ADMINISTRATOR USER AND STANDARD?
The standard user does NOT have access to view passwords.
WHAT IS A BREACH?
A data breach is an incident where personally identifiable information (PII), such as an individual’s name and social security number, driver’s license number, medical record or financial record is potentially put at risk because of exposure.
HOW DO BREACHES HAPPEN?
Breaches most commonly happen through a cyber hack. Cyber criminals, typically aiming to profit off of stolen credentials, either hack into a user’s account with a login and password, trick a user into downloading malicious software, or otherwise gain access to a company or consumer’s internal data. Other causes of breaches include insider theft, accidental exposure, third party breach, or employee negligence.
IF PERSONAL INFORMATION IS TAKEN IN A BREACH, WILL IT BE USED FOR IDENTITY THEFT?
Not necessarily, but consumers should take measures to ensure their PII is not used maliciously. There are several ways this can be done: by placing a fraud alert on their credit file; by placing a security freeze on their credit report; and by using credit and non-credit monitoring services.