Vijilant

Cybersecurity for the Healthcare Consolidator

Dark Web Scanning – Nope

By

Walk away from Dark Web scanning services

The Dark Web

You probably have heard of the “dark web” before.  This is the part of the Internet not accessible by traditional web search engines.  Some people also call this the Deep Web although the dark web is a subset.

So, the dark web is not indexed by search engines.  That’s why bad guys like it.  The dark web* is where child pornographers, money launderers, bad hackers, stalkers, drug dealers, human traffickers, and arms merchants  hang out.    This marketplace uses crypto-currency like bitcoin to exchange “value”.   One other note on the deep web . . .it makes up 96% of the Internet.  What normal people use on a daily basis makes up 4%.  Yep.

Illegitimate Services From Legitimate Companies

Certainly one of the more insidious services being offered by seemingly legitimate companies is Dark Web Scanning services.  These services claim to let you know if any of your personal, business, or patient data is breached and for sale on the dark web.  Not to mince words here, and to come right to the point – Don’t Do It.

These services from companies like Experian, LifeLock/Norton and others prey on the insecurities.  People, small businesses and physician practices who feel exposed, vulnerable and overwhelmed when it comes to cybersecurity are the target.  It also gives you a peek into the DNA of these companies and why you probably should not be doing business with an organization that intends to take advantage of you.  Sort of like the cyber criminals that make you scared in the first place.

Here Is Why You Walk Away

To keep from going down a technical rabbit hole, here is the gist of the fallacy of deep web scanning:

  1. Too big.  This space is gargantuan and any scanning service could never do more than scratch the surface.  Remember the dark web is 2,300% larger than the normal web.
  2. Not searchable.  The dark web cannot be indexed so how can you search it?  You can search for dark web addresses randomly but that would take even NSA millions of years to find them all.
  3. Mental Model.  If you have breached a business, obtained stolen family jewels, and now want to sell that information….would you really make that accessible for people to see? 
  4. Does anybody really believe that Experian  is out in the dark web market, actually buying this information for bitcoin, and then matching that to their subscriber’s personal information?  Not a chance.  And if they are, aren’t they guilty of driving up the value of the stolen information?

So, you may see stories or blog posts about how these companies discovered personal or patient information on the dark web.  Do not put ANY weight on these reports.  If discovered, your PII (personally identifiable information) surfaced by:

  • accident
  • posted by a disgruntled employee or other amateur
  • found on the regular web
  • became visible through some sort of law enforcement action

Plain and simple.

*As of this writing a google search produces 29,800,000 results for the search term “dark web” so there is no shortage of information on the subject.