Don’t Lose Sight of the Dark Web

There’s a reason why the dark web is, well, dark. For one thing it’s literally impossible to see unless you have the right tools and protocols to keep you anonymous and (mostly) untraceable. Beyond that, it’s other kinds of dark like mysterious, immoral and dismal. It’s also not for amateurs. Even veteran cyber security professionals dare not go it alone. Like me, you should limit your interaction to articles with screen shots taken by those who know their way around.

The dark web is essentially composed of peer-to-peer networks and websites that sit on top of darknets, a series of dark networks you are not meant to see. Darknets are as old as the Internet itself, literally meaning a network secluded from the rest.

Every Day is Black Friday in the Black Market

The dark web is accessed using anonymous browsers and networks like Tor (aka Onionland), I2P and Freenet. Most people who surf to it are there to do one of two things: buy something or sell something (or perhaps a little bit of both). Every day is the cyber criminal’s personal Black Friday at the black market. And they’re not there for flat-screen TVs. They are there buying and selling illegal drugs and stolen pharmaceuticals, cyber-weapons in the form of malware kits, physical weapons like handguns and rifles, counterfeit currency, forged documents, and stolen credit cards.

It’s hard to measure the extent of the dark web. Forums and marketplaces come and go. For some perspective and context, the top three dark web markets currently list more than 150,000 individual items, with half of them in the form of illegal drugs.

Does that Credit Card Come in a Large?

Although capitalism may seem to be thriving underground, the rules are not exactly the same. For one thing, there are none. Laws and regulations don’t exist because, well, criminals aren’t terrific at following them let alone developing and enforcing them. Plus, they tend to steal from one another.

For reasons like these a buyer’s or seller’s reputation means more than anything else, not unlike it would on eBay. If the cybercriminal wants to be successful, they better have a good rep. In return, repeat customers get incentives like badges and discounts to keep coming back.

Amongst that odious shopping list of items available on the dark web is one thing that we all have in common: credit card information. For anywhere between $10 and $200 you can buy yourself an account number and many or all of its associated identifiers like cardholder name, mailing address, email address, PIN, password, and CCV code. The price can vary based how much information surrounding a single account is available, and how easy it is to monetize the stolen goods. A stolen account tied to an electronics superstore, for example, would net more per card than even a luxury retailer. It’s a lot easier and faster to sell a stolen Xbox on Craig’s List than, say, a Louis Vuitton handbag. Next, factor in loyalty and rewards programs. Using a stolen card racks up reward points, essentially another form of currency a cybercriminal is all more than happy to cash out for you.

Keep Your Cards to Yourself

Have you heard how painful and prolonged it is to rebuild a credible identity out of a stolen one? If you have, multiply it by ten. It’s super hard. It’s a lot easier, though, to take some simple steps to keep your credit card information in your own hands.

  • Check your bank and credit card account statements every month and make sure all the charges are yours and no one else’s.
  • Monitor your credit report. Many credit card companies offer access to credit monitoring services for free, making it easy to see if someone has tried to open a new account in your name, or spent a lot using an existing one.
  • Don’t use simple passwords and don’t use the same password for multiple accounts. Instead, get yourself something super easy and secure to manage passwords for you.

If you’re looking for more tips, we wrote a whole post on keeping your credit cards safe online.

When you’re considering what to use to store your passwords, it might seem easy to just let your browser do it – but it’s not the most secure option. And it doesn’t offer features like generating secure passwords, sharing, form fill (to make it easier to shop on legit ecommerce sites).

LastPass stores your passwords securely and can generate a unique, strong password for each and every account you have. You don’t need to remember a single one. All you need is a secret passphrase that only you know in order to access your vault. Your forms autofill with what you want filled in, based on information that’s easy to update and manage. Beyond passwords you can add credit card account information, ATM PINs, social security numbers, license plate numbers* and anything else you’d want to jot down on the equivalent of a sticky note kept exclusively in a bank vault.

Let the professionals keep tabs of what’s lurking around the dark web. You can do your part by keeping your credit cards out of inventory.

*License plate numbers may not be a secret but I can never remember my new one, so I store it in LastPass which makes it very easy to pull it up when I need it.   

15 Comments

  • Karen Duchaine says:

    I bought last pass premium and used it several years. One day I began having difficulty using it on any mobile device. My passwords would not
    Populate and I had to look at the password to type it in myself. That is still happening so I only use the free version now. But I’m still having to look at the password most of the time. When it does populate, the site I’m going to doesn’t recognize the browser so I have to go through verification steps every single time.
    So I am too afraid to have last pass create passwords for me, because I know it doesn’t work all the time. If you have more than one account for a site, that creates a problem too.
    I really liked last pass and I would use pemium and recommend to everyone if these things could be fixed.

  • Henriette C Humes says:

    Thanks! It is good to learn !

  • Randy Snakenberg says:

    Thanks, I will now use my LastPass regularly.