Computer Security | Network Security | iphone Security | Identity Security | Credit Card
Computer data is one of your most valued assets.
How do you keep it safe?
The “bad guys” A.K.A., the Hackers, want to break into your computer and your online account verses breaking into your home.
As our society moves more and more data onto the cloud your data becomes more and more vulnerable and harder to secure and monitor.
There is no single method of attacking. It’s not as simple as keeping your password secure.
So, how can you do to protect your data?
Fill Out the Contact Us form to see how vulnerable your data is using Dark Web, ID Agent, our partner.
FAQ About the Dark Web
WHAT IS THE DARK WEB?
The Dark Web is a hidden universe contained within the “Deep Web”- a sub-layer of the Internet that is hidden from conventional search engines. Search engines like Google, BING and Yahoo only search .04% of the indexed or “surface” Internet. The other 99.96% of the Web consists of databases, private academic and government networks, and the Dark Web. The Dark Web is estimated at 550 times larger than the surface Web and growing. Because you can operate anonymously, the Dark Web holds a wealth of stolen data and illegal activity.
HOW ARE THE STOLEN OR EXPOSED CREDENTIALS FOUND ON THE DARK WEB?
Dark Web ID focuses on cyber threats that are specific to our clients’ environments. We monitor the Dark Web and the criminal hacker underground for exposure of our clients’ credentials to malicious individuals. We accomplish this by looking specifically for our clients’ top level email domains. When a credential is identified, we harvest it. While we harvest data from typical hacker sites like Pastebin, a lot of our data originates from sites that require credibility or a membership within the hacker community to enter. To that end, we monitor over 500 distinct Internet relay chatroom (IRC) channels, 600,000 private Websites, 600 twitter feeds, and execute 10,000 refined queries daily.
HOW DOES DARK WEB ID HELP PROTECT MY ORGANIZATION?
Our service is designed to help both public and private sector organizations detect and mitigate cyber threats that leverage stolen email addresses and passwords. Dark Web ID leverages a combination of human and artificial intelligence that scours botnets, criminal chat rooms, blogs, Websites and bulletin boards, Peer to Peer networks, forums, private networks, and other blackmarket sites 24/7, 365 days a year to identify stolen credentials and other personally identifiable information (PII).
DOES THE IDENTIFICATION OF MY ORGANIZATION’S EXPOSED CREDENTIALS MEAN WE ARE BEING TARGETED BY HACKERS?
While we can’t say definitively that the data we’ve discovered has already been used to exploit your organization, the fact that we are able to identify this data should be very concerning. Organizations should consult their internal or external IT and/or security teams to determine if they have suffered a cyber incident or data breach.
DATA SOURCE LOCATIONS & DESCRIPTIONS: WHERE DO WE FIND DATA?
Dark Web Chatroom: compromised data discovered in a hidden IRC; Hacking Site: compromised data exposed on a hacked Website or data dump site; Hidden Theft Forum: compromised data published within a hacking forum or community; P2P File Leak: compromised data leaked from a Peer-to-Peer file sharing program or network; Social Media Post: compromised data posted on a social media platform; C2 Server/Malware: compromised data harvested through botnets or on a command and control (C2) server.
IDENTIFIED METHOD USED TO CAPTURE/ STEAL DATA: HOW WAS THE DATA STOLEN OR COMPROMISED?
Tested: the compromised data was tested to determine if it is live/active; Sample: the compromised data was posted to prove its validity; Keylogged or Phished: the compromised data was entered into a fictitious website or extracted through software designed to steal PII; 3rd Party Breach: the compromised data was exposed as part of a company’s internal data breach or on a 3rd party Website; Accidental Exposure: the compromised data was accidentally shared on a Web, social media, or Peer-to-Peer site; Malicious / Doxed: the compromised data was intentionally broadcast to expose PII.
WHAT DOES PASSWORD CRITERIA MEAN?
Password Criteria is designed to allow you or your clients to identify what their on-network password criteria is in order to put a higher alert status on credential exposures that may meet these criteria. It allows you to enter minimum lengths, number of letters, numbers, special characters and capital letters
SOME OF THIS DATA IS OLD AND INCLUDES EMPLOYEES THAT ARE NO LONGER WORKING FOR US. DOESN’T THIS MEAN WE ARE NOT AT RISK?
While employees may have moved on from your organization, their company issued credentials can still be active and valid within the 3rd party systems they used while employed. In many cases, the 3rd party systems or databases that have been compromised have been in existence for 10+ years holding millions of “zombie” accounts that can be used to exploit an organization. Discovery of credentials from legacy employees should be a good reminder to confirm you’ve shut down any active internal and 3rd party accounts that could be used for exploit.