Dark web definition

The dark web is a part of the internet that isn't indexed by search engines. You've no
doubt heard talk of the “dark web” as a hotbed of criminal activity — and it
is. Researchers Daniel Moore and Thomas Rid of King's College in London classified
the contents of 2,723 live dark web sites over a five-week period in 2015 and found
that 57% host illicit material.

A 2019 study, Into the Web of Profit, conducted by Dr. Michael McGuires at the
University of Surrey, shows that things have become worse. The number of dark web
listings that could harm an enterprise has risen by 20% since 2016. Of all listings
(excluding those selling drugs), 60% could potentially harm enterprises.

You can buy credit card numbers, all manner of drugs, guns, counterfeit money,
stolen subscription credentials, hacked Netflix accounts and software that helps you
break into other people’s computers. Buy login credentials to a $50,000 Bank of
America account for $500. Get $3,000 in counterfeit $20 bills for $600. Buy seven
prepaid debit cards, each with a $2,500 balance, for $500 (express shipping
included). A “lifetime” Netflix premium account goes for $6. You can hire hackers to
attack computers for you. You can buy usernames and passwords.

[ Prepare to become a Certified Information Security Systems Professional

with this comprehensive online course from PluralSight. Now offering a 10 -day
free trial! ]
But not everything is illegal, the dark web also has a legitimate side. For example,
you can join a chess club or BlackBook, a social network described as the “the
Facebook of Tor.”

Note: This post contains links to dark web sites that can only be accessed with
the Tor browser, which can be downloaded for free at https://www.torproject.org.

Dark web tools and services that present enterprise

risk
The Into the Web of Profit report identified 12 categories of tools or services that
could present a risk in the form of a network breach or data compromise:

 Infection or attacks, including malware, distributed denial of service (DDoS) and

botnets
 Access, including remote access Trojans (RATs), keyloggers and exploits
 Espionage, including services, customization and targeting
 Support services such as tutorials
 Credentials
 Phishing
 Refunds
 Customer data
 Operational data
 Financial data
 Intellectual properter/trade secrets
 Other emerging threats

The report also outlined three risk variables for each category:

 Devaluing the enterprise, which could include undermining brand trust, reputational
damage or losing ground to a competitor
 Disrupting the enterprise, which could include DDoS attacks or other malware that
affects business operations
 Defrauding the enterprise, which could include IP theft or espionage that impairs a
company's ability to compete or causes a direct financial loss

Dark web browser

All this activity, this vision of a bustling marketplace, might make you think that
navigating the dark web is easy. It isn’t. The place is as messy and chaotic as you
would expect when everyone is anonymous, and a substantial minority are out to
scam others.

Accessing the dark web requires the use of an anonymizing browser called Tor. The
Tor browser routes your web page requests through a series of proxy servers
operated by thousands of volunteers around the globe, rendering your IP address
unidentifiable and untraceable. Tor works like magic, but the result is an experience
that’s like the dark web itself: unpredictable, unreliable and maddeningly slow.

[ Is your data being sold? What you need to know about monitoring the dark web. |
Get the latest from CSO by signing up for our newsletters. ]

Still, for those willing to put up with the inconvenience, the dark web provides a
memorable glimpse at the seamy underbelly of the human experience – without the
risk of skulking around in a dark alley.

Dark web search engine

Dark web search engines exist, but even the best are challenged to keep up with the
constantly shifting landscape. The experience is reminiscent of searching the web in
the late 1990s. Even one of the best search engines, called Grams, returns results
that are repetitive and often irrelevant to the query. Link lists like The Hidden
Wiki are another option, but even indices also return a frustrating number of timed -
out connections and 404 errors.

Dark web sites

Dark web sites look pretty much like any other site, but there are important
differences. One is the naming structure. Instead of ending in .com or .co, dark web
sites end in .onion. That’s “a special-use top level domain suffix designating an
anonymous hidden service reachable via the Tor network,” according to Wikipedia.
Browsers with the appropriate proxy can reach these sites, but others can’t.

Dark web sites also use a scrambled naming structure that creates URLs that are
often impossible to remember. For example, a popular commerce site called Dream
Market goes by the unintelligible address of “eajwlvm3z2lcca76.onion.”

Many dark websites are set up by scammers, who constantly move around to avoid
the wrath of their victims. Even commerce sites that may have existed for a year or
more can suddenly disappear if the owners decide to cash in and flee with the
escrow money they’re holding on behalf of customers.

Law enforcement officials are getting better at finding and prosecuting owners of
sites that sell illicit goods and services. In the summer of 2017, a team of cyber cops
from three countries successfully shut down AlphaBay, the dark web’s largest source
of contraband, sending shudders throughout the network. But many merchants
simply migrated elsewhere.

The anonymous nature of the Tor network also makes it especially vulnerable to
distributed denial of service attacks (DDoS), said Patrick Tiquet, Director of Security
& Architecture at Keeper Security, and the company’s resident expert on the topic.
“Sites are constantly changing addresses to avoid DDoS, which makes for a very
dynamic environment,” he said. As a result, “The quality of search varies widely, and
a lot of material is outdated.”

SALTED HASH
Get a hands-on, inside look at the dark web | Salted Hash Ep 25

Commerce on the dark web

The dark web has flourished thanks to bitcoin, the crypto-currency that enables two
parties to conduct a trusted transaction without knowing each other’s identity.
“Bitcoin has been a major factor in the growth of the dark web, and the dark web has
been a big factor in the growth of bitcoin,” says Tiquet.

Nearly all dark web commerce sites conduct transactions in bitcoin or some variant,
but that doesn’t mean it’s safe to do business there. The inherent anonymity of the
place attracts scammers and thieves, but what do you expect when buying guns or
drugs is your objective?

Dark web commerce sites have the same features as any e-retail operation,
including ratings/reviews, shopping carts and forums, but there are important
differences. One is quality control. When both buyers and sellers are anonymous,
the credibility of any ratings system is dubious. Ratings are easily manipulated, and
even sellers with long track records have been known to suddenly disappear with
their customers’ crypto-coins, only to set up shop later under a different alias.

Most e-commerce providers offer some kind of escrow service that keeps customer
funds on hold until the product has been delivered. However, in the event of a
dispute don’t expect service with a smile. It’s pretty much up to the buyer and the
seller to duke it out. Every communication is encrypted, so even the simplest
transaction requires a PGP key.

Even completing a transaction is no guarantee that the goods will arrive. Many need
to cross international borders, and customs officials are cracking down on suspicious
packages. The dark web news site Deep.Dot.Web teems with stories of buyers who
have been arrested or jailed for attempted purchases.

SECURITY
How the dark web has gone corporate

Is the dark web illegal?

We don’t want to leave you with the impression that everything on the dark web is
nefarious or illegal. The Tor network began as an anonymous communications
channel, and it still serves a valuable purpose in helping people communicate in
environments that are hostile to free speech. “A lot of people use it in countries
where there’s eavesdropping or where internet access is criminalized,” Tiquet said.

If you want to learn all about privacy protection or cryptocurrency, the dark web has
plenty to offer. There are a variety of private and encrypted email services,
instructions for installing an anonymous operating system and advanced tips for the
privacy-conscious.

There’s also material that you wouldn’t be surprised to find on the public web, such
as links to full-text editions of hard-to-find books, collections of political news from
mainstream websites and a guide to the steam tunnelsunder the Virginia Tech
campus. You can conduct discussions about current events anonymously on Intel
Exchange. There are several whistleblower sites, including a dark web version
of Wikileaks. Pirate Bay, a BitTorrent site that law enforcement officials have
repeatedly shut down, is alive and well there. Even Facebook has a dark web
presence.

“More and more legitimate web companies are starting to have presences there,”
Tiquet said. “It shows that they’re aware, they’re cutting edge and in the know.”

There’s also plenty of practical value for some organizations. Law enforcement
agencies keep an ear to the ground on the dark web looking for stolen data from
recent security breaches that might lead to a trail to the perpetrators. Many
mainstream media organizations monitor whistleblower sites looking for news.
 Staying on top of the hacker underground
Keeper’s Patrick Tiquet checks in regularly because it’s important for him to be on
top of what’s happening in the hacker underground. “I use the dark web for
situational awareness, threat analysis and keeping an eye on what’s going on,” he
said will. “I want to know what information is available and have an external lens into
the digital assets that are being monetized – this gives us insight on what hackers
are targeting.”

If you find your own information on the dark web, there’s precious little you can do
about it, but at least you’ll know you’ve been compromised. Bottom line: If you can
tolerate the lousy performance, unpredictable availability, and occasional shock
factor of the dark web, it’s worth a visit. Just don’t buy anything there.

More on the dark web

 What is the Tor Browser? How it works and how it can help you protect your identity
online
 10 things you should know about dark web websites
 Is your data being sold on the dark web?
 17 steps to being completely anonymous online
 Scan the dark web for threat intelligence
 Be afraid of the dark web – or learn to monitor it
 OPSEC: Using a fake name for a dark web marketplace purchase
 How online black markets work
 The dark web goes corporate

This article is published as part of the IDG Contributor Network. Want to Join?

Next read this

 7 security incidents that cost CISOs their jobs

 Two tips to make multifactor authentication for Office 365 more effective
 9 policies and procedures you need to know about if you’re starting a new security
program
 "Penn Test" challenge helps infosec team think like attackers
 Top 5 states for cybersecurity jobs
 2020 cybersecurity trends: 9 threats to watch
 8 cheap or free cybersecurity training resources
 Macy’s breach is a game-changing Magecart attack
 CrowdStrike, Ukraine, and the DNC server: Timeline and facts

Related:

 Data Breach
 Data Security

 Cyber Crime

 Technology Industry

Darren Guccione is the CEO and co-founder of Keeper Security, Inc., creator of
Keeper, the world’s most popular password manager and secure digital vault.
Keeper is the first and only password management application to be preloaded with
mobile operators and device manufacturers including, AT&T, Orange, America Movil
and HTC. Keeper has millions of consumer customers and the business solution
protects thousands of organizations worldwide.
Follow





Copyright © 2019 IDG Communications, Inc.

What is security's role in digital transformation?

Today's top stories

P r e vi o u s

 1

 2

 3

 4

N e xt
 5

Peeping into 73,000 unsecured security cameras thanks to...

How and why deepfake videos work — and what is at risk

What is WannaCry ransomware, how does it infect, and who...

What is biometrics? 10 physical and behavioral identifiers...

Marriott data breach FAQ: How did it happen and what was...

The 6 biggest ransomware attacks of the last 5 years

What is security's role in digital transformation?

7 security incidents that cost CISOs their jobs

5 ways to improve your security posture in 2020

Moving security operations to the cloud

Winning the war for cybersecurity talent

2020 cybersecurity trends: 9 threats to watch

California Consumer Privacy Act (CCPA): What you need to...

CURRENTLY READING
What is the dark web? How to access it and what you'll find

The 18 biggest data breaches of the 21st century

What is the Tor Browser? And how it can help protect your...

15 signs you've been hacked -- and how to fight back

General Data Protection Regulation (GDPR): What you need to...

10 things you should know about dark web websites

What is phishing? How this cyber attack works and how to...

What is IAM? Identity and access management explained

Why you don't need an RFID-blocking wallet

What is OAuth? How the open authorization framework works

9 policies and procedures you need to know about if you’re...

What is SIEM software? How it works and how to choose the...

The CSO guide to top security conferences, 2020

Ransomware explained: How it works and how to remove it

What is Zero Trust? A model for more effective security

What is personally identifiable information (PII)? How to...

9 types of malware and how to recognize them

Peeping into 73,000 unsecured security cameras thanks to...

How and why deepfake videos work — and what is at risk

What is WannaCry ransomware, how does it infect, and who...

What is biometrics? 10 physical and behavioral identifiers...

Marriott data breach FAQ: How did it happen and what was...

The 6 biggest ransomware attacks of the last 5 years

What is security's role in digital transformation?

7 security incidents that cost CISOs their jobs

5 ways to improve your security posture in 2020

Moving security operations to the cloud

 Winning the war for cybersecurity talent

2020 cybersecurity trends: 9 threats to watch

Sponsored Stories

Discover the Most Expensive Homes in Los Angeles Mansion Global

Porsche-Designed Superyacht, Royal Falcon One, Hits the Market Mansion
Global

9 Reasons Why Going to a Singapore University Is Beneficial. Singapore
Management University

This list will match your mood with your favorite food GMA News

This method only takes a few seconds a day but completely changes
the way you feel. www.besthealthadvices.com

I cured my arthritis in just 1 week thanks to this... www.besthealthadvices.com

What is Magecart? How this hacker group steals payment card
dataHomepage

Rise of the DPO in wake of India’s Data Protection BillHomepage

Amid growing privacy concerns, data scientists outline
strategies for safe… Homepage

 Philippines is quieter at night: new anti-snore clip is selling there for
cheapsimplediscountfinder.com

Philippines : New Wifi Booster Stops Expensive
Internettechdiscountdeals.com

SPONSORED LINKS
 CSO_textlink/redirect_1/20-12/20
 Unisys Security Solutions: Protect What is Most Critical to You

CSO OnlineCSO provides news, analysis and research on security and risk
managementFOLLOW US






 ABOUT US
 CONTACT
 PRIVACY POLICY
 COOKIE POLICY
 MEMBER PREFERENCES
 ADVERTISING
 IDG CAREERS
 AD CHOICES
 E-COMMERCE LINKS
 CALIFORNIA: DO NOT SELL MY PERSONAL INFO

Copyright © 2020 IDG Communications, Inc.

Explore the IDG Network descend