The Dark web: Protecting Australians Against Identity Theft


The dark web is a growing hotspot for cybercrime in Australia, with personal information being traded for financial gain. Find out more.

The dark web is a place where cybercriminals can access illegal goods and services, including exchanging stolen personal data that can be used to steal your identity. Scouring this part of the web is important to know if your information or accounts are on sale. We take a comprehensive look at the dark web, how monitoring works, and how you can protect yourself better.

What is the dark web?

The world wide web, which we use daily, is a system that allows for the access and exchange of information over the Internet - the dark web is a part of this network. However, users of the dark web value anonymity, which makes it a prime spot for illegal activities; in the same way two people might meet in a dark alley to pay for illegal goods and services, cybercriminals can meet anonymously on the Dark web to buy and sell information illegally, too.

One way to better understand how this works is to understand the other parts of the web:

Surface web: This is made of up webpages that are indexed by search engines like Google or Bing – these are the websites that are used daily by most people. This is a very large part of the worldwide web but not the largest.

Deep web: These are webpages that are not readily accessible and have some type of wall preventing just anyone from visiting. This includes everyday sites like your email account, your banking websites, your healthcare information portal, and includes many websites that require a step to authenticate you before allowing access, such as a log in or a paywall. This makes up the largest part of the worldwide web, with estimates reporting that the Deep Web is hundreds of times bigger than the Surface Web.

Dark web: The dark web is a set of anonymously hosted websites within the deep web that are accessible through special software which aims to protect anonymity - accessing this part of the web requires software that aims to protect anonymity. Dark web sites include online marketplaces for buying and selling illicit goods, including personal information that can be used for identity theft.  

You are unlikely to stumble onto the dark web as sites cannot be accessed through Google or standard browsers, but your information could end up on an illegal marketplace – this personal data can then be used by cybercriminals. Therefore, you need to take steps to protect your information and be aware when it has been compromised.

Australia adds $10bn to cybersecurity budget

While we enjoy the many benefits that an increasingly digital life offers, it also raises new and unexpected risks. The combination of new technology and the amount of information we share online means cybercrime causes considerable damage.

The Australian Institute of Criminology (AIC) reported that identity crime increased to a staggering $3.1 billion in 2019. 2.1 million Australians (11%) experienced one or more types of personal fraud in 2020-21, according to the Australian Bureau of Statistics (ABS).

Because of the growing risk from cyber threats, the Australian Signals Directorate (ASD) – the country’s electronic spy agency – will double in size. The Australian government announced in March 2022 that it is allocating $10bn to the ASD and is focusing on developing its offensive cyber operations.

The government said that this funding, which will be spread over 10 years, will support the agency to “keep pace with the rapid growth of cyber capabilities of potential adversaries”. This signals the attention paid on the cyber capabilities of other countries and rogue groups that could seek attack critical infrastructure.

Critical infrastructure can mean anything from machinery software to national databases of personal information. It is easy to see why threat actor might want to hack into important systems and access large amounts of personal information.

Why does Dark web monitoring exist?

Dark web monitoring sweeps the dark web for any suspected data breaches and identifies stolen or confidential information. This services then alerts you to take immediate action.

As you would not know if your information has been stolen and shared, it allows enables you to gain awareness and act quickly if you are notified that your information has been found on the dark web.

For instance, if you learn that your email address or an account number has been found on the dark web, you can update the password you use to log into that account to a new, unique and complex password.

How does dark web monitoring work? 

Dark web monitoring is a service which regularly searches places on the dark web where information is traded and sold, looking for your information. It works by scouring collections of stolen personal information and alerting you if your details are found.

It is important to be aware that scans can’t find everything, as there is no way to search through the entire dark web. A scan can uncover when your data has been exposed, but it can’t find every instance of this because not all personal data is exposed in data breaches. 

For example, paper documents or forms containing your personal information may be left unprotected and exposed in an office or even in your home.

We go beyond easily accessible sites and marketplaces, patrolling private forums, social web, deep web and dark web to detect exposed information and stolen data with our advanced monitoring technology. You can then take the right steps to limit the potential damage.

How is the dark web accessed?

While the dark web can be a dangerous place, using the special browsers allows you to use the Internet if privacy is a key concern. 

The most well-known is The Onion Router (TOR) browser. This is a network that bounces your internet traffic through different and random nodes – the browser wraps your traffic in encryption every time this happens and creates the ‘onion’. This makes it very difficult to track and strengthens protection of privacy and security.

Using your day-to-day browsers in private browsing or incognito mode does not substantially protect your privacy, as they do not stop the collection of your online activity. The TOR browser, however, does achieve this – meaning it’s easy to see why an average person might want to use this in certain situations.

Once you have the TOR browser, you can use it as your normal browser to maintain your privacy, but you can also use it to access sites on the dark web – the average person must be careful using this part of the web as clicking on a few unknown links can take you to dangerous areas, where criminals can seek to take advantage. 

What happens if your information ends up on the Dark web?

If your personal information is stolen and shared on the dark web, cyber criminals can use your details to nefarious ends by using this information to do things on your behalf – this is identity theft  or fraud. Victims can experience severe issues and after discovering that their identities have been stolen and financial details been compromised, must act quickly to limit further damage.

While cybercriminals will mostly cause direct financial impact, victims can also suffer emotionally, physically, and socially.

If you discover your personal data has been stolen and is for sale on the dark web, you must act swiftly to reduce the harm from criminals. There are some core steps to protect yourself:

1. Passwords

Security experts recommend you change your passwords every time you discover that your personal information has been exposed. Never use the same passwords on multiple sites, and make sure your new passwords are complex and difficult to guess.

The more complicated your passwords — using a series of letters, numbers, and symbols — the better.

2. Notify your financial services providers and monitor statements

If a scan finds that your credit card or bank account numbers are compromised, call your financial services companies. This includes banks and credit card companies. You might need to cancel those accounts and open new accounts with new credit/debit cards to keep your financial information safe.

Study your credit card statements carefully, looking for any suspicious purchases. If you do notice fraudulent charges, immediately contact your card provider. If you contact your bank or the card provider promptly upon discovering the charges, you may not be held liable for charges made by thieves.

It’s important to report fraud quickly and if you do find fraudulent purchases, make sure to request a new credit card and account number from your card provider.

3. Stay vigilant of your accounts

Some of your accounts will have access to sensitive data that cybercriminals can use. You must keep an eye on your emails, social media accounts, and any other online accounts that you’ve given personal information.

Noticing any unusual activity can be an indicator that the account has been compromised, which allows you to act quickly and stop the threat actors from doing more harm.

How does personal information end up on the Dark web? 

There are many ways that threat actors can steal your information, the range and sophistication of these methods changes quickly, but the key techniques include taking advantage through scams, phishing, malware and poor network security.

Scams: This is the general term for the different ways cybercriminals can steal your identity. Scams include phishing emails, social media, SMS messages on your mobile phone, fake tech support phone calls, scareware and more.

Phishing: This is the most common scam today. Internet thieves prey on unsuspecting users by sending out emails. In these emails, a cybercriminal tries to trick you into believing you are logging into a trusted website that you normally use. Once they have your login details, they can access your accounts and information. Learn more about common social media phishing attacks here.

Malware: This is short for malicious software and refers to software that has been intentionally designed to cause disruption. As software has a very broad range of uses, it can cause harm to a computer, server, client, or computer network. This means malware can be made to access personal data and gain unauthorised access to information, accounts, or systems.

Network security: This a broad term that includes software and hardware, as well as any processes or configurations that relate to your network and data. Poor network security or big vulnerabilities in certain parts of the network make it easier for cybercriminals to get inside. Threat actors have developed many tools that can identify weak links in the chain, which sometimes is people.

How to protect your personal information from appearing on the dark web

There are different ways to protect yourself, including having strong and different passwords for all your digital accounts, making sure you have all the right and up to date security tools, and are aware of all the ways criminals can target you.

Strengthening your online security includes:

  1. Good password hygiene
  2. Watching out for social media scams
  3. Knowing the telltale signs of phishing 
  4. Watch out for malware
  5. Regularly checking your bank statement for unusual activity

Find out more about these tips here.

As scammers are getting smarter and more sophisticated, educating, and preparing yourself goes a long way in reducing the harm they can cause. Understanding how these criminals work will help you protect against their attacks.

While it’s impossible to stop every attempt to steal your personal information, you can reduce the risk by staying vigilant and taking the right steps. Monitoring the dark web for your data allows you to know when criminals have tried to steal your identity and take quick action to mitigate the damage.

To learn more about the dark web and how to strengthen your cyber protection, contact us.

Norton logo
  • Norton
Norton empowers people and families around the world to feel safer in their digital lives

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.