Illuminating the dark web

Solomon Ghberemeskel
| 2/25/2022
Illuminating the dark web

Organizations need to go beyond what’s on the surface to understand the mysteries of the dark web.

The internet is generally accessible to the public, but users might not be aware of one part of it: the dark web. Given that activity on the dark web is shrouded in mystery, organizations should take proactive steps to identify threats and implement intelligence systems and surveillance tools to mitigate cyber risk and strengthen their cybersecurity maturity.

Sign up to receive the latest cybersecurity insights on identifying threats, managing risk, and strengthening your organization’s security posture.

What is the dark web?

Before defining the dark web, it’s helpful to first understand what the surface web and deep web are. The surface web refers to the network that users access on a daily basis, where content is available to anyone who has an internet connection. The surface web is what most people mean when they say internet. It’s akin to a public library, where anyone can peruse stacks and access books.

The deep web is a section of the web in which content is not indexed by surface search engines such as Google, Bing, or DuckDuckGo in order to protect certain information from public view and access. Content on the deep web includes password-protected accounts, business and government databases and intranets, and private sites. In the library analogy, the deep web would be a restricted section that everyday patrons can’t access.

The dark web is web content that exists on darknets. Darknets are overlay networks that use a section of the internet and require specific software, certain configurations, or a separate type of authentication in order to gain access to the information contained within. If the surface web is the library and the deep web is the restricted section of the library, the dark web is a cipher that is hidden across pages in books all around the library – visible only to those who know where to look.

Because the dark web is a collection of publicly available websites that conceal the IP addresses and other identifying information of the servers that host them, it allows the IP addresses (and their users) to remain anonymous. These websites can be accessed by any online user with an internet connection, but it’s difficult to determine who is behind those websites.

Rather than using traditional search engines, users access these sites via the Onion Router (Tor), an open-source privacy network that creates layers of separation between the user and the website. Each server relay, or node in the network, knows the location of only the next node because of the encryption in place, providing anonymity to the user.

Who uses the dark web?

Some regard the dark web as a perilous place – a meetup point for extremist groups, drug traffickers, cybercriminals, and federal agents. These groups use the anonymity and security of the dark web to exchange ideas, goods, services, and intelligence around the world.

To promote and maintain their unlawful operations, cybercriminals have found a home on the dark web. For instance, after hackers compromised one major retailer in 2013, they sold its consumer data on the dark web. Several illicit marketplaces on the dark web offer unlawful items and services for sale or purchase.

A well-known example of such a marketplace is the Silk Road. In 2011, Ross Ulbricht, also known as Dread Pirate Roberts, developed the Silk Road, a dark web site that allowed users to privately purchase goods (like illicit drugs) with cryptocurrencies for two years before the U.S. government shut it down. The Silk Road marketplace produced millions of dollars in income for its users throughout the course of its nearly two-year life span.

While law enforcement has targeted and shut down some of these marketplaces, new ones continually spring up in their place. According to a recent study, 57% of the content on the dark web consists of “illegal content like pornography, illicit finances, drug hubs, weapons trafficking, counterfeit currency, terrorist communication, and much more.”

Despite the fact that it is commonly used for criminal behavior, the dark web is also a powerful tool for political opposition and activism. While simply prohibiting the use of the Tor network in order to minimize and eliminate web-based crime might seem prudent, many governments have determined that doing so would violate fundamental rights and liberties.

Crypto and the dark web

When it comes to tracking down criminals, law enforcement has traditionally relied on tracing the financial transactions stemming from illegal activities. As a result, new forms of financial transactions such as cryptocurrencies have become increasingly prevalent on the dark web. Cryptocurrencies are digital assets that rely on cryptography to safeguard transactions. Bitcoin is the one of the most well-known forms of crypto, and it’s the cryptocurrency of choice of many threat actors.

A decentralized control system known as blockchain has driven crypto’s rise to prominence. In blockchain, a single ledger is maintained by a group of computers that are linked together, and users exchange crypto through their own ledgers. Users engage in transactions with a certain level of confidence but without the need for the involvement of an impartial third party or know-your-customer rules.

Crypto can be used for virtually any type of monetary transfer, so bad actors are particularly drawn to it because it helps shield their illegal operations. At the same time, the dark web provides users with near-total anonymity and an ideal atmosphere for criminal activities. This cumulative anonymity allows criminals and other bad actors to engage in illegal and antisocial behavior without being seen by the vast majority of people, both online and offline.

How organizations can protect themselves

So, what steps should organizations take to protect the confidentiality, integrity, and availability of their sensitive data from the dangers lurking on the dark web?

Hackers often use the dark web to sell or exchange login credentials and online identity data, ranging from Social Security numbers and credit card numbers to usernames, passwords, and direct remote access. To entice potential buyers, hackers often call out any high-profile names of affected organizations and even offer free samples of the data. Some hackers simply post compromised data without expectation of payment, which creates an opportunity for savvy investigators to identify compromised data and access before it gets used maliciously.

Organizations should implement intelligence systems and surveillance tools to identify instances of leaked data or credentials so that resulting risks can be mitigated. Dark web monitoring or intel-gathering solutions can programmatically provide alerts of impending threats and leaked sensitive data. Some come as components in larger threat intelligence solutions and can include:

  • Data-gathering teams with access to dark web forums and sales sites
  • Scanners or bots to scrape well-known dark web sites
  • Bulk digital feeds and easily digested, executive-level reports
  • Notification of identified leaked credentials with confidence intervals of data validity

In addition to monitoring for leaked data, organizations can take more proactive steps to avoid leaking that data in the first place, including:

Why preventive measures are critical

While the dark web is not part of day-to-day business activities, understanding what it is and what dangers lurk there is critical. Organizations can take preventive measures via dark web monitoring tools to protect themselves and identify risks before they become losses. Taking these steps to strengthen their overall security postures can help organizations keep criminals at bay and shine a light on the mysterious dark web.


Is there a topic you’d like to read about?

Let us know.