Believe it or not, all websites you can visit using a regular browser and find on a search engine account for only about 5% of the total Internet.
Photo by Luca Bravo on Unsplash
This multitude of easily discoverable online resources is referred to as the surface web.
What about the rest? More than 90% of web pages in existence represent what’s called the deep web. These are protected from unauthorized use through paywalls or authentication forms, and their content is beyond the reach of surface web search engines’ crawlers. A classic example is your email account no one else is permitted to access, or a piece of scientific research only registered users can view.
There is one more subset of sites collectively dubbed the dark web. They aren’t indexed by search engines and cannot be accessed with a normal web browser like Chrome, Firefox, or Safari. To navigate around this shadowy territory populated by .onion sites, you have to use the privacy-centric Tor Browser. It routes all connections through hundreds or even thousands of randomly picked relay points, thus making it infeasible to attribute your online sessions to you.
Many users find it difficult to understand the difference between deep web and dark web. Although the two concepts overlap (the dark web is considered to be a part of the deep web, and neither of them is searchable with the likes of Google), using them interchangeably is a misconception. Let’s eliminate the ambiguity.
First off, the dark web is only a tiny fraction of the deep web. Secondly, while the deep web is browser-neutral, the only way to access sites on the dark web is to use the Tor Browser that’s built around the onion routing technology for anonymous communication. And with the robust privacy architecture and data encryption at its core, the dark web is home to a slew of sketchy sites that sell illegal drugs, firearms, stolen identities, passwords, and pornographic materials forbidden by law.
Now that you know the fundamentals of the World Wide Web’s composition, let’s take a closer look at its darkest building block. The following paragraphs reflect 5 facts about the dark web you might have been unaware of.
- The dark web doesn’t boil down to illegal activities
Whereas the dark web has earned a bad rap for a plethora of nasty practices it propels, its privacy-first architecture allows perfectly benign uses. For instance, it can be leveraged for secure communication in totalitarian regimes where discussing certain subjects in the open can get users in trouble.
In addition, many trustworthy online services have a presence in the .onion zone of the Internet to offer more privacy to their audiences and help bypass location-based censorship. Facebook has been available as a Tor hidden service since 2014. The same goes for well-known news media outlets, such as The New York Times, Deutsche Welle, and BBC.
The dark web is also a long-standing bastion for surveillance-free journalism and political whistleblowing (think Edward Snowden), allowing reporters and activists to chat or spread the word about things that might get them on authorities’ radar.
- To visit a site on the dark web, you have to know the exact URL
Surfing around the dark web requires certain skills and connections with other residents of this secretive Internet segment. In other words, every action is deliberate and you’ll need to enter a specific URL in Tor Browser. While some addresses leading to reputable or quasi-legitimate websites are made publicly available via repositories on the surface web, the vast majority of them are only shared with restricted groups of people.
Cybercriminal forums, for example, are off-limits to the average layman. To access them, a user needs a special invitation and must prove he or she isn’t a security researcher or an undercover police officer. As a rule, providing evidence of a criminal record is the main criterion.
- The dark web is a safe haven for the ransomware economy
To step up their operations security (OPSEC), ransomware distributors host the entirety of the victim interaction infrastructures on .onion sites. Furthermore, combining malicious encryption with data theft is a major trend in this area of cybercrime, and it also relies on the anonymity provided by Tor.
To name and shame non-paying victims, crooks set up .onion leak sites to which they upload files covertly extracted from the networks of breached organizations. Since the public exposure of sensitive business records is potentially devastating for the reputation of any brand, the odds of succumbing to felons’ demands increase significantly.
- Roaming across the dark web can get your device infected
Since the dark web is a decentralized and unregulated environment, it is laden with malicious scripts and dangerous programs waiting to be downloaded behind the scenes, such as keyloggers, file-encrypting ransomware, botnet malware, and scareware. To top it off, it harbors numerous phishing scams aimed at obtaining personal data or spreading predatory code. Therefore, if you venture into visiting this area of the Internet, consider using a virtual machine and installing a reliable antivirus tool.
- The dark web is a goldmine of threat intelligence data
Dark web monitoring is an indispensable component of modern security-as-a-service (SaaS) frameworks. A prime example is attack surface management (ASM) geared toward inventorying an organization’s digital posture from an external adversary’s perspective. These tools scan “underground” resources for keywords that correlate with a customer’s proprietary information.
By knowing what enterprise credentials, databases, and other sensitive assets have been dumped on the dark web, businesses can strengthen the most vulnerable areas. That being said, security providers increasingly frequent this shadiest territory of the World Wide Web to expand the horizons of their reconnaissance.
Summary
The dark web is undoubtedly the most clandestine part of cyberspace, but it’s not necessarily evil. Not only do its privacy-hardening characteristics lure criminals, but they also bring tamper-proof communication to the fingertips of dissidents, human rights activities, whistleblowers, and people who can’t put up with the scourge of ubiquitous surveillance on the surface web. However, if you decide to explore what it’s like to be on the darkest side of the Internet, be careful – it’s not a safe place to go.