When Dorothy left Kansas by traveling over the rainbow to Oz, she left the security of familiarity for a potentially dangerous and unknown world. Similarly, today, when the elements of our personally identifiable information (PII) travel from the familiarity of the World Wide Web to the potentially dangerous and unknown dark web, the security of our identity can be put at risk. But unlike Dorothy, who was warned to not pay attention to the man behind the curtain, for us to thwart identity theft it is important to not only pay attention to the man behind the curtain but also know what the curtain is.
Our Kansas is the World Wide Web, typically where we go when surfing the web. It is where we access public websites to do banking, online shopping, socializing with friends on Facebook, Snapchat, texts and emails; all the things we can access with our web browser through search engines or URLs (Uniform Resource Locators).
Cohabitating on the internet, underneath the World Wide Web are the “deep web” and the “dark web” — two ecosystems of sketchy activity and criminal behavior rife for identity theft and trafficking in stolen PII. In this lucrative black market, user credentials can range in price from a $1 for email logins, to $10 for Netflix access, and $15 for iTunes accounts. Financial data such as credit cards can go for as little as $100 for two credit cards, to $350 for 10 cards, and $240 for PayPal user ID and passwords.
The deep web lurks just below the surface with countless sites that do not show up in search queries because they actively block search engines and are not linked to from other sites. They do not want to be “found,” requiring you to know their specific address. These types of sites are often used to exploit illicit or illegal content, such as stolen credit card numbers, Social Security numbers (SSN), or child pornography. You cannot just drop in from the sky; you have to know where to go and how to get in.
On the dark web only bad witches inhabit this land and they guard carefully against unwanted access in order to keep their secrets and maintain their anonymity. Access to the dark web does not come through standard web browsers; it requires distinctive software, configurations, non-standard communication protocols and ports, as well as specific information.
Neither the deep web nor the dark web are safe places to navigate. They are the realm of criminal activity inhabited by malware, illegal content, viruses, stolen data, and unscrupulous individuals and cartels ready to take advantage of all who travel this enticing yet perilous “yellow brick road.”
Take appropriate precautions so your information doesn’t end up with the man behind the curtain of the dark web or deep web; eternal vigilance is the price of safety on the web. Ensure the sites you visit are the actual sites you planned to visit, and ensure the sites are secure when entering credit card information, other financial data, or PII by validating that the URL starts with “https://” indicating the communications between your browser and the website you are accessing are encrypted.
Do not click on links from unfamiliar sources or in unexpected emails; type in the site you want to visit and validate that the URL is correct. These web safety tips and others found in the Privacy section of the Office of the DON CIO website will help keep your information from ending up on the deep web or dark web.