Dark Web Monitoring | Chapters
Dark Web Monitoring

The Basics of the
Dark Web

Be the first to know when the companies you trust get hacked

Laptop with hands about to type

You’re a smart consumer. You read the news and you know that the Dark Web isn’t a place where you want to see your information end up. But what do you really know about the Dark Web?

For many, the answer is not much. With a murky and complicated reputation, the Dark Web has a pretty bad wrap; it’s portrayed as a dangerous and frightening place that serves as a safe haven for criminals and illegal activity. But once you peel back a few layers, things get more complicated.

The Onion

To begin understanding the Dark Web, it can be beneficial to think about the internet as an onion: it has multiple layers. Unlike an onion, slicing into the internet probably won’t make you cry... but then again, we can’t promise anything.

Get urgent security alerts delivered to your inbox.

The searchable internet is a big, huge place: you can find information on almost anything (and in quite a few languages) with the right search terms. However, all of the information that can be found through search engines is just the tip of the iceberg.

Any webpage that can be found through a web search tool such as Google, Bing, or Yahoo, is content found on the Surface Web. This is layer one. Any page you cannot find through a web search tool is known as the Deep Web. This is layer two and three.

web search

Here’s an example: if you go to a news website, you can click on different links, which will take you to different news articles. This is effectively what a search engine does: it sends out a web crawler to click from link to link and index the pages that it lands on. Once a page has been indexed, it will be visible in results from search engines. The Surface Web, indexed by search engines, is visible and accessible to everyone with an internet connection.

linked web pages

Then there’s information that cannot be indexed by search engines and will not show up in search results. Here’s another example: if you’re booking a flight and would like to view the available options, you first head to the airline’s website. The airline’s website is part of the Surface Web, as you can find it from entering the airline’s name into a search engine.

However, when you type your travel dates into the airline’s website and click “search”, the resulting information about available flights will be pulled from the Deep Web. This flight information is stored privately on the Deep Web, where it can be accessed and changed only by the airline.

person browsing booking website

The airline’s website is a part of the Surface Web, or the first layer of the onion. The airline’s flight availability is a part of the Deep Web, or the second layer of the onion.

The Iceberg

We’ve tackled the onion. Now on to the iceberg. And why, you ask, is the internet akin to an iceberg?

When you think about how many times you use search boxes on websites, such as in the airline example, and how much information needs to be stored on the Deep Web in order to make all of those search boxes function, you might start to see the comparison take shape.

Think about an iceberg. The Surface Web is equivalent to the part of the iceberg that’s visible above water. We can see it with our naked eye. It accounts for maybe 10% of the web.

documentpassportpillpillpillid-badgecredit cardcredit cardpillpillbitcoinbitcoinbitcoinbitcoin
documentdocumentdocument foldercredit card
portraitid cardsocial security cardbitcoinbitcoin

The Deep Web is the part of the iceberg that sits underneath the water, not visible to the naked eye. To see it, you’d need to know how to look underwater, and where to look underwater. It accounts for at least 90% of the web. Holes in Deep Web information security are sometimes how hackers get access to customer data during data breaches. However, the Deep Web itself is pretty unexciting. It’s simply where information is stored.

The Dark Web is where it gets, well, darker.

The Dark Web

The Dark Web is a relatively tiny portion of the Deep Web. Instead of being protected, pages and data can be accessed by the anyone, as long as they know the specific URL to access the page. Remember: the Deep Web is unsearchable. There is no Dark Web Google that allows you to search for what you’re looking for. There are some exceptions to this which we’ll cover later, but broadly: either you know a Dark Web URL, or you don’t.

Identity Guard Feature Spotlight

Get 30 days FREE!

Dark Web Monitoring

Identity Guard goes where no search engine goes. It analyzes billions of data points from across the dark web to find your data before bad guys do.

A Brief History of the Dark Web

The Dark Web as we know it began to take shape in the year 2000. In March of that year, Freenet was released. Freenet is a “free software which lets you anonymously share files, browse and publish ‘freesites’ (web sites accessible only through Freenet) and chat on forums, without fear of censorship”. The introduction of Freenet allowed users to anonymously share files by utilizing decentralized data.

Freenet is still around today, and its biggest contribution to the idea of the Dark Web was this: because the files being shared by users on Freenet were decentralized, there was (and is) no way to track who was uploading or downloading what content.

This anonymity allowed pirated content, illegal information, and illicit images to be shared freely and without consequence.

In 2002, the next building block of the Dark Web fell into place. Researchers wanted to know if there was a way to create internet connections that didn’t reveal who was talking to who.

Knowing that this could be extremely beneficial to intelligence operations, the U.S. Naval Research Lab took on the challenge in pursuit of a solution. And in 2002 The Onion Router, commonly known as TOR, was released.

By routing internet traffic through multiple servers and encrypting it each step of the way, TOR allows users to be anonymous and largely untraceable while on the internet. And with the freedom of anonymity, similar activities began occurring using TOR that occurred with the introduction of Freenet: illegal and illicit information could be shared with no repercussions.

We’ll talk more about the implications of these freedoms in a future chapter.

Along with the anonymity that TOR granted users on the Surface Web, a “darknet” of sites began to become available only to TOR users. These sites were unable to be indexed by search engines and existed on the Deep Web.

In 2009 came the last building block: cryptocurrency.

bitcoin logo

In 2009, Bitcoin was established as the first viable cryptocurrency. Bitcoin allows users to exchange currency with relative anonymity. While it is somewhat possible to trace transactions made with Bitcoin, it isn’t easy. So, for all intents and purposes, we’ll call Bitcoin anonymous.

With the advent of anonymous computing and the anonymous exchange of funds, the Dark Web as we know it was born: Amazon for criminals.

Now, instead of just being a place where illegal information could be exchanged and completely off the record conversations could take place, the Dark Web became a place where illegal, anonymous transactions could be made.

The first popular black-market site on the Dark Web, known as the Silk Road, sold it all. Drugs, weapons, illicit images of children – it was all there, and it was all for sale. What else could be bought and sold on the Silk Road? Identities. Names, credit card numbers, and Social Security numbers all had a price tag.

Now that you know how the Dark Web started – what did it become?

The Wild West of
the Internet

As the Dark Web began to take its current form, it earned a nickname: the Wild West of the internet. As a few minutes on a black marketplace will teach you, the Dark Web is a lawless and untamed place, partner - and there ain’t room for the both of us.

But even despite the veil of secrecy and the wild west atmosphere of the Dark Web, it actually isn’t all that mysterious. In fact, anyone with an internet connection and a bit of know-how can access the Dark Web.

Accessing the Dark Web

To access the Dark Web, you’ll need a browser that’s able to access the Tor network. And that’s pretty much it.

person using smartphone

Tor stands for “The Onion Router”, and sites that are hosted within this darknet carry a “.onion” domain instead of “.com”. Regular browsers, like Chrome and Safari, are unable to access onion sites.

Onion Routing uses a network of connection points to obscure where traffic originated from and what its ultimate destination is. When someone using the Tor browser accesses the Tor network, their traffic is routed through several different nodes, which gives the user’s location and their web traffic several layers of encrypted protection.

onion routing network

When using Tor to access the internet, these layers of encryption make it difficult to track web traffic back to a specific user. However, it isn’t impossible. As there are plenty of illegal dealings that occur on onion sites, law enforcement has a vested interest in trying to pin down who is using the Tor network, and for what.

There is more than one darknet that makes up the Dark Web. However, when there are news stories or you hear talk of data being sold on the Dark Web, the Tor network and its collection of onion sites is typically what’s being referred to.

Uses of the Dark Web

The Dark Web has a long list of uses (some nefarious, and others perfectly legal), but they all center around one idea: anonymity.

By accessing the Tor network through a privacy-centered browser and leaving little evidence to trace their internet traffic back to their identity, the Dark Web protects dissidents in oppressive regimes while, at the same time, harboring criminals and allowing terrorists to disseminate their views.

In 2010, the Middle East was seeing the beginnings of what we now regard as the Arab Spring. All around the region, citizens wanted to come together to protest their oppressive governments. They were looking for a way to organize themselves, and found space to do so on the internet. Using social media, like-minded people could share thoughts and opinions, discuss their political views of their country, and organize marches and protests.

people protesting

But there was a problem. In many of these countries, the government was monitoring or heavily censoring the internet connections and online activity of its citizens.

Facebook events for protests were mysteriously being deleted. Outspoken Twitter accounts were seeing suspicious activity, and in some cases, having their tweets deleted. Social media, once a powerful tool for communication and organization on the internet, was being censored and controlled.

With no platform to organize on, what could an oppressed people do?

They moved to the Dark Web. With the Tor browser masking the location of the internet traffic, citizens were able to remain anonymous, which limited government interference. This allowed users to freely speak their minds and continue to organize.

Some other positive uses of the Dark Web include helping intelligence operatives communicate without revealing their whereabouts, allowing investigative journalists to maintain their and their sources anonymity, and aiding in the dissemination of free and independent press to countries that utilize state sponsored news and media.

However, anonymity isn’t always used for the greater good.

It’s also infamous for helping to create spaces on the Dark Web where illegal activity can thrive.

Most subjects that would be taken down or policed on the Surface Web, such as child pornography, human trafficking, and the exchange of extremist or violent ideas, have found a home on the Dark Web.

And just as the Dark Web can be used as a place for positive freedom of expression, that, too, has its downsides. The Dark Web is a known outlet for terror groups to both recruit and plan attacks. Migrating to the Dark Web has allowed groups such as Al Qaeda and ISIS to hide their identities and operate in secret.

Then there are the Dark Web black markets, where users can make purchases that range from home and garden supplies to illegal weapons.

Your identity is at risk. Get protection FREE for 30 days.

All plans include...

$1 Million Insurance
IBM Watson® AI

Black Markets

The most well-known Dark Web black market is the Silk Road, which was famously shut down by the FBI in October 2013. Iterations of the Silk Road have cropped up and been taken down several times in the years since, and many other black marketplaces have filled the space in the Silk Road’s wake.

On a Dark Web black marketplace, one of the most common goods you’ll find for sale is personal information. “Fullz” is the term used for a complete set of someone’s personally identifiable information (PII), which is likely to include someone’s name, date of birth, home address, and Social Security number.

In a 2017 analysis of Dark Web marketplaces, the business intelligence firm Flashpoint found that the price of fullz ranged anywhere from $1 to $8, with information being bought in bulk selling for a lower price point per fullz. If a fullz contains more complete identifying information, such as a specific bank account number or intel on if the consumer has a high credit score, it will raise the price. A single identity that has a 700+ credit score can be found priced around or above $60.

personally identifying documents

In a 2017 analysis of Dark Web marketplaces, the business intelligence firm Flashpoint found that the price of fullz ranged anywhere from $1 to $8, with information being bought in bulk selling for a lower price point per fullz. If a fullz contains more complete identifying information, such as a specific bank account number or intel on if the consumer has a high credit score, it will raise the price. A single identity that has a 700+ credit score can be found priced around or above $60.

personally identifying documents with price tags

If this seems like an inexpensive cost for a criminal to pay in order to steal someone’s identity, it’s because it is.

Due to the sheer volume of data breaches that have occurred in the last few years, more consumer’s PII is being sold on the Dark Web than ever before: more available PII means a more competitive market, and drives prices down.

Visitors to Dark Web black markets will also find credit card information, bank statements, and even passports for sale.

We knew identity theft wasn’t a joke, but did you know it was so easy?

What is Dark Web

How can Identity Guard help?

When talking about Dark Web Monitoring, there are two key facts to keep in mind:


Websites on the Dark Web can’t be indexed by a traditional search engine, so their contents won’t show up in traditional web search results


Personally Identifiable Information (PII) is sold and traded on Dark Web black market sites

When thinking about Dark Web Monitoring, these two facts might seem almost contrary – how can the Dark Web be monitored if the contents of black markets can’t be indexed and searched?

Good question.

How does Dark Web Monitoring work?

Because the Dark Web isn’t able to be indexed, Dark Web Monitoring tools are built by hand by those who have extensive knowledge of and access to Dark Web black markets.

After they’ve been made, Dark Web Monitoring tools act a lot like a tool that you might be familiar with: Google Alerts.

phone displaying google alerts

When setting up a Google Alert, a user can input a term that they’d like the internet to be scanned for. In this case, let’s say it’s their name: Jane Smith. Jane goes to her Google Alerts page, types in her search term as “Jane Smith” and selects the frequency, choosing that she’d like to receive a Google Alert at most once a week.

Each week, to fulfill this Google Alert, Google will send a web crawler out on to the internet to look for any new search engine results that mention “Jane Smith”. The crawler will collect the results, and then send them to Jane’s inbox. Because the Surface Web is indexable, the crawler will click from page to page searching for Jane Smith’s name until it’s completed a satisfactory search.

web crawling diagram

Dark Web Monitoring is similar to Google Alerts, but for your personal information being sold on Dark Web black markets.

If you’ve signed up for a Dark Web monitoring or identity theft protection tool before, you may be familiar with the term “watchlist”. When a user adds personal information (such as their name, email address, or Social Security number) to their watchlist, it’s then searched for and continuously monitored on the Dark Web. This is the equivalent of Jane Smith using her name as the search term for her Google Alert. Your watchlist tells the Dark Web Monitoring tool what information to look for on the Dark Web.

Most professional Dark Web monitoring tools can search for:

diagram of personally identifying information categories

When a Dark Web monitoring tool strikes a match, finding information on the Dark Web that is also on a user’s watchlist, the user is sent a notification. This notification gives the user a heads up about what specific information is for sale.

Instead of sending a web crawler out to automatically click from link to link, the creators of a Dark Web Monitoring tool must assemble a list of onion sites that they would like the monitoring tool to crawl for PII. This list of onion sites has to be closely watched and maintained, as black market sites may get taken down or become inactive without warning.

Dark Web Monitoring tools are often created by those who have extensive professional experience dealing with the Dark Web. This history tends to give them a high level of access to black market sites, making the tools more effective. These creators may be white hat hackers, or even former NSA agents.

You also might not want to, as there are graphic images and descriptions on the Dark Web that can be tough to avoid.

person syncing devices

Not all Dark Web Monitoring tools are created equally. The expertise and access of those creating the tool will affect how conclusive the results of the search are. And because the idea of Dark Web Monitoring has only recently risen to popularity, companies are acting quickly to get tools on the market. This swiftness can cause performance and results to be lackluster, leaving some users to believe that Dark Web Monitoring isn’t all that useful.

When you consider a Dark Web Monitoring tool, name and brand matters. Look for names that you know and trust to deliver results. When you sign up, you’ll be adding some of your most personal information to your watchlist, and you want to make sure that you trust that provider to take proper care of your data.

Finding Your Information
on the Dark Web

There is a direct path from data breaches to identity theft, and it runs right through the Dark Web.

data breach to identity theft infographicdata breach to identity theft infographic

Not all of the information exposed from data breaches will make is way on to the Dark Web, but a large amount of it will. If you’ve signed up for a Dark Web Monitoring tool and it has turned up results about your information on the Dark Web, don’t panic.

Well, feel free to panic a little. It’s undeniably scary knowing that your information is out there and at the mercy of others. It can be a hard feeling to fight off, so if you need to, here’s just a little room to panic.

Ready? Here we go.

Good job. It’s much easier to figure this out with a clear mind.

Being alerted to the fact that your information is for sale on the Dark Web is the best thing that can happen to you. It certainly might not feel like it, but being in the know gives you the ability to take action and to protect yourself. Taking preventative actions allows you to limit the amount of damage that can be done if your information is indeed used to commit identity theft or fraud.

So what exactly can you do? It depends on what information has been found on the Dark Web.

Your Email Address and Password Were Found on the Dark Web

Seemingly the most common casualty of a data breach, having your email and password exposed on the Dark Web can feel a little inconsequential, but danger has a way of hiding in plain sight.

Have you ever re-used the same password for more than one account? Everyone’s answer to this question is likely to be yes, even security experts. We know that, and so do cyber criminals buying email and password combinations from Dark Web black markets.

In an act known as “credential stuffing”, cyber criminals will use your exposed email and password combination from one website and attempt to log into many, many other websites to see if that password has been re-used.

Any account that contains financial information (from highly sensitive bank accounts to restaurant loyalty accounts) can hold value to a criminal. They’ll empty your bank account, order fifteen $100 Uber gift cards, or even re-sell your Netflix or Hulu log in to make money off of it.

If you’ve been alerted that your email address and password have been found on the Dark Web, your best move is to change your passwords (especially your email password) immediately.

credit cards

Your Credit or Debit Card Number Was Found on the Dark Web

While credit card fraud can be a headache, your credit card number may be one of the least consequential pieces of your personal information that can land on the Dark Web. While there’s a high likelihood that this PII being exposed may lead to fraudulent charges on your credit or debit cards, you shouldn’t be liable for any charge that is truly fraudulent.

If you discover that your debit or credit card information has been found on the Dark Web, you’ll want to take a few steps.


Request a new card immediately


Check your credit and bank statements and report any fraudulent charges to your bank


Pull your credit report and make sure that you recognize every account

drivers license

Your Passport Number or Driver’s License Was Found on the Dark Web

Unlike PII such as your credit card or Social Security number, there are few mechanisms in place other than Dark Web Monitoring that will alert consumers to the fact that their Passport or Driver’s License information has been compromised.

Contrary to what Hollywood may have you believe; stolen identification card information doesn’t often lead to criminals’ jet setting around the world in your name. A more likely scenario is that a criminal will use the information on your driver’s license or passport to defeat two factor authentication and account recovery, further enforcing a stolen identity that they may have built.

If your passport or driver’s license information has been found on the Dark Web, your first step should be to report the theft to the State Department. Then, even if international travel plans aren’t in your future, it’s time to get a new identification card. Even though you’re a victim of theft, you’ll still need to foot the bill for this – unless you hold an identity theft protection insurance policy.

Your Social Security Number Was Found on the Dark Web

Our society relies heavily on Social Security numbers to be the key that independently unlocks the ability to open bank accounts and credit cards, apply for loans, and obtain identification documents like driver’s licenses and passports.

If your Social Security number is found on the Dark Web, there are two types of consequences.

• Credit

A criminal can use your Social Security number to open a credit card, run up a bill, and leave the account unpaid. They can also walk into a car dealership and apply for a lease on a car, drive it off the lot, and let the account go unpaid.

Any account that has a credit aspect to it, such as a credit card, a loan, or a car payment, is added to your credit file and will appear on your credit report. Your payment history on the account will factor into your credit score. If a credit card is fraudulently opened in your name using your Social Security number and the balance is left unpaid for months, it’s likely that your credit score will be taking a nosedive.

This can have a ripple effect, as your credit score helps determine things like your interest rates and approval for loans. While fraudulent damage can be erased from your credit file with some time and effort, if you have any plans to buy a house, buy a car, or go back to school, it may need to be put on hold.

• Social Engineering

Here’s the other kicker: your Social Security number can be used by criminals to apply for federal identification cards (like driver’s licenses and passports). Using these identification cards, criminals can attempt to impersonate you in order to gain access to other personal information, such as bank account and credit card information.

If your Social Security number has been exposed in a data breach, it’s not only a hassle, but can be bad news for your credit score or bank account. Advice for what you need to do next can vary, but ultimately, the answer is ongoing vigilance over every aspect of your identity. Once your Social Security number has been exposed, it’s one cat that isn’t going back in the bag.

So...What Now?

In 2018 Eva Velasquez, the CEO of the Identity Theft Resource Center, said that

“Given the prevalence of data breaches and other data compromises, the likelihood that your data is available on the Dark Web is probable.”

In 2019, the total amount of security breaches increased in by 11%.

The chances that your information will end up on the Dark Web are rising. And while this is an intimidating notion, it can also be helpful, as it allows you to take preventative action instead of waiting for something bad to happen.

Here’s what you can do to help yourself feel protected and prepared.

person viewing credit report

• Pull Your Credit Reports

How closely do you monitor your credit?

In 2018, credit card fraud was the leading type of identity theft reported to the FTC. And credit card fraud doesn’t just account for stolen credit card numbers.

80% Credit Card Fraud Graph

80% of credit card fraud complaints submitted to the FTC in 2018 were about new accounts that had been fraudulently opened in consumer’s names without their knowledge or consent.

To perform a thorough audit of the accounts that are open in your name, you’ll need to get your hands on your full and official credit report.

Your credit report provides a detailed record of every account open in your name, as well as the balances of those accounts. The entries you see on your credit report can include open credit cards, student loans, auto loans, inquiries into your credit, and the payment history on a given account.

To request your credit report, you’ll need to contact the three major credit bureaus: Experian, Equifax, and TransUnion

Thanks to the Fair Credit Reporting Act (FCRA), passed in the 1970’s, every citizen is entitled to one full, free annual credit report from each of the three credit bureaus once a year.

With 3 major credit bureaus and 12 months in a year, you’ll want to consider requesting a credit report from one major credit bureau every four months to optimize your access and visibility.

Even if there are no other signs that your identity has been compromised, this is a task that you should consider adding to your to-do list today. And if this new 4-month routine sounds a little daunting, there are credit monitoring services that can help do it for you.

• Change Your Habits

Some of the most common habits that increase your risk of identity theft can be easily broken and, in this arena, small changes will see big results. We’ve compiled a list of the 5 most common habits that increase the risk of identity theft. Here are the top 2:


Sending Sensitive Data via Email or Messaging

When was the last time that you walked away from your computer with the screen still on?

One of the hidden risks of online communication stems from messaging apps and emails. These tools make our lives infinitely easier: we send off important information to colleagues and friends in a matter of seconds.

But every email or message exists in two places: in the sender’s account, and in the recipient’s. You can take steps to limit your risk (by setting up two factor authentication, encrypting your messages, and only sending personal information to those that you know and trust via email) but no matter what precautions you take, your message may still end up exposed on the recipient’s screen.


Choosing Weak Passwords

You live in the digital age, which means you’ve heard this once before. You know that each of your passwords should be unique, and you’re also acutely aware of the uphill battle that is remembering unique passwords.

But there’s a reason why warnings to use unique passwords are everywhere: passwords are the front door to your digital life. If someone can unlock the front door, they’ve got access to everything inside the house.

If there’s one habit to break in order to increase your online security, then this is the one.

breaking identity theft habits ebook banner ad

• Sign Up for a Dark Web Monitoring Tool

As discussed in “What is Dark Web Monitoring”, finding a Dark Web Monitoring tool that’s been built by and is maintained by security professionals is extremely useful. Being able to take action on data that’s been compromised – whether it’s changing an exposed password, cancelling a credit card, or freezing your credit – allows you to minimize the damage that can be done with your PII floating around a black marketplace.

Additionally, information being sold on the Dark Web isn’t a one-time issue. Once PII is listed for sale, it’s typically sold and re-sold (then used and re-used) to try and commit fraud. Once information is exposed, the name of the game becomes ongoing vigilance, and that’s what a Dark Web Monitoring tool can offer you.

person on laptop

• Sign Up for Identity Theft Protection

At first pass, the term “identity protection” may seem slightly misleading. No one can completely stop or protect you from identity theft, and any product that claims it can is peddling false information.

However, there are huge advantages to leveraging an identity theft protection service, and one of them is increased visibility into your personal information and how it’s being used. This type of visibility allows you to see smoke before there’s fire, when there’s still time to limit the damage that can be done to your reputation through identity theft. This type of visibility is best afforded through professional, reliable identity theft protection services.

There’s another huge benefit to identity theft protection: insurance.

And arguably, having an identity theft insurance plan in place is the best thing that you can do for your peace of mind in today’s digital world. Why? At the risk of sounding like a broken record, because nothing, and no one, can stop identity theft. The only thing that anyone can do is help you identify and recover from it.

If you can’t stop identity theft from happening, the best thing that you can do is be prepared.