Jonathan Shuffler

Dark Data: Why is it Important?

/in , /by

Data you find on the Internet is without a doubt vast and extensive, however, its sources are often hidden and out of reach to all but the most technically savvy.  Often, we find ourselves waking up in the morning to learn of another large database breach containing millions of SSN’s that were discovered leaked on the “Dark Web.”  It is in that moment we wonder where the data came from, how it got there, and if our personal information is at risk. It is a scary time because of all the unknowns.

The data found on the Dark Web, and not through typical means (i.e., Google search), is often referred to as “Dark Data.”  This type of data, by nature, often contains illegally obtained, sensitive information. The malicious individuals that share or sell dark data on Dark Web forums and marketplaces take care to maintain their anonymity.

Although the Dark Web is considered a part of the Internet that is seemingly harder to reach by nature compared to the rest of the Internet – it is important that the security industry as a whole strives to obtain this data in order to better protect assets that may be at risk.  This isn’t easy; in order to obtain Dark Data, one must typically do business with the malicious individuals looking to share or sell said data.

Take the trove of recent database dumps from breaches affecting large organizations, such as MyFitnessPal, for example.  The malicious individual who originally obtained this data sold it on the Dark Web. Essentially, the only way for a security researcher to obtain and verify the legitimacy of the data breach at that time would be to purchase it.  It is for this reason that Dark Data is not only hard to obtain, but the possession and trade of this stolen data borders in a legal grey area – making it difficult to work with.

Once Dark Data is obtained, one question remains – what is the right way to handle this data and move forward?  Typically, one should notify the organization affected so that they may take proper steps to recover from the incident.  Then, that data should either be deleted, or stored securely to prevent it from being shared. The notion is that once the data is on the Internet, there is no way to take it back – the Dark Data shared on the Dark Web is no exception to this rule.