Why HaveIbeenpwned & Co is not enough
For many, darknet and deepweb monitoring only means finding logins in darknets. Services like “Have I been Pwned?” (https://haveibeenpwned.com/) but also many commercial offers give the impression that it is only about such access data. This is problematic for various reasons. For one thing, the access data almost never concerns services of one’s own organization, but mostly third-party companies with which the employees have registered. In many cases, such third-party websites are even purely private in nature. For the individual user, it is of course annoying if his Netflix account is hacked, but the risk is insignificant for his own company. Such leaks are only significant if the same or similar passwords are used as in one’s own organization or if the servers of third-party companies are actually used for business purposes. For example, a leaked Dropbox account may also contain internal company data. The more exposed an employee is, the more likely he is to be the target of social engineering attacks. In this respect, a certain risk can also be assigned to leaks found on privately used websites. However, there are many other aspects that should be taken into account when it comes to darknet and deepweb monitoring:
- It is not only about access data, but any kind of sensitive data. This can be personalized data (PII), credit card details and many other areas. If you only focus on accounts & passwords, you have a much too narrow perspective on the possible data leakage. The darknet is a hidden part of the internet that is often used for illegal activities and can be a source of various types of data that may pose a risk to companies, including:
- Confidential company information: Trade secrets, confidential business plans, financial records, and other sensitive information that can be sold to competitors or used to harm the company.
- Customer data: Personal information of customers, including names, addresses, credit card numbers, and other sensitive information that can be used for identity theft or fraud.
- Employee data: Personal information of employees, such as Social Security numbers, home addresses, and bank account information that can be used for identity theft or blackmail.
- Intellectual property: Stolen copyrighted material, trade secrets, and other intellectual property that can be sold or used to harm the company.
- Malware and hacking tools: Malicious software and hacking tools that can be used to compromise a company’s systems and steal sensitive information.
- In addition to employee data such as logins or credit cards, senstive technical data can also impact your organisation. Examples are developers who briefly put an unsecured database with customer data on the Internet for test purposes. Or web administrators who store sensitive company data on unprotected cloud data storage devices such as S3 or Azure. All of these areas also need to be monitored during deep web monitoring.
- In the preparation phase of hacking attacks, information about vulnerabilities is exchanged in hacker forums and Telegram chat channels. In preparation for a phishing attack, a domain similar to that of the victim is reserved and lists of targets and users are exchanged anonymously in paste pages. Thus, all these domains must also be included as part of a darknet monitoring: The reservations of all new domains on the Internet, which have similarities to one’s own domain, the chats in Darknet, Discord or Telegram channels and, of course, all paste pages on which anonymous users can be found.
Leave a Reply