By RON FRECHETTE
In last month's article, Healthcare Practices Hammered by Data Breaches and Ransomware in 2017, we discussed the importance of protecting PHI and why it is so valuable to cybercriminals. We mentioned the Dark Web which sparked lots of questions. So, for this month, we thought it would be good for physician offices and their staffs to begin learning more about the differences between the Surface Web, Deep Web and Dark Web. It is important for us to understand these components of the web to better protect our practice and patients from becoming victims of cybercrimes.
The Internet and World Wide Web
Let's take a step back and start with a basic understanding of the Internet and World Wide Web interact together. The Internet was built in the sixties by the Defense Advanced Research Projects Agency (DARPA). It is basically a massive group of computer networks interconnected across the world that link everyone together. The World Wide Web was invented in 1991 in, of all places, a nuclear particle physics research lab near Geneva, Switzerland. The WWW consists of protocols used by web browsers that talk to servers that allow us share content and files over the internet. Think of your voice or other forms of data transferred via a phone line. The world wide web works very similar on the internet. Now, let's take a look at the different areas of the World Wide Web.
The Surface Web
The Surface Web consists of any web pages a search engine like Yahoo, Google or Bing can find and index. The Surface Web represents about four percent (4%) of what is visible to the public on the web.
The Deep Web
The Deep Web consists of about 7.5 petabytes of space and makes up about 96% of the internet, about 500 times larger than the Surface Web. It encompasses all sites that are not indexed by standard search engines. We are on the Deep Web more often than we realize. For instance, logging on to any website that requires certain credentials to access your account would be considered, "on the Deep Web." Basically, the Deep Web is invisible to everyone at the Surface Web level which is why we hardly hear about it. One of the biggest draws of the Deep Web is the ability to access an endless list of various (legal and illegal) on-line marketplaces anonymously. In order to access the Deep Web, you must download a dedicated browser from a specific website. The Onion Router (TOR) is most commonly used although there are alternative solutions. This action may send a red flag and prompt the FBI and/or a few other law enforcement agencies to begin keeping an eye on you... especially if you decide to venture into The Dark Web!
The Dark Web
The Dark Web consists of servers that cannot be accessed by search engines. Not much of anything positive happens on the Dark Web. On the contrary, you have access to sites that promote illegal drug sales, child pornography, prostitution, human trafficking, weapons trading, buying counterfeit money, watching live murders, and hiring a hitman. You name it... you can most likely find it on the Dark Web. And let's not forget our global terrorist friends. Yes, they too have a place in the Dark Web that allows them to communicate, recruit and transfer assets anonymously. The Dark Web is also the place where cyber criminals come to buy and sell all the Protected Health Information (PHI) they steal from us. In closing, we cannot emphasize enough how dangerous it is for anyone to be on the Dark Web. Everyone is masked in anonymity with the intention of causing people massive harm in their lives. It's about as close to hell as you can get on-line. And rest assured, if you attempt to access the Dark Web, you will most likely be receiving a visit from the FBI, your local friendly law enforcement agency and quite possibly a cybercriminal or two who may have uncovered your true identity.
Ron Frechette, Co-Founder & Managing Partner of GoldSky Security is a cybersecurity and healthcare entrepreneur who over the last several years dedicated his career to helping enterprise companies reduce the risks of cyber-attacks. Ron left the enterprise security world in 2015 and co-founded GoldSky Security, LLC. Ron's vision is to build cybersecurity firms across the US that exist to help small-midsize businesses implement affordable cybersecurity solutions. Ron can be reached at firstname.lastname@example.org