The dark web (also called the darknet) is often associated with images of midnight hackers and secretive villains working in solitude. In reality, the deep web and darknet are hives of communal activity spanning all hours. These areas of the internet are used by people seeking anonymity for a variety of reasons, both illicit and lawful in nature.
Security professionals and public safety officials have a vested interest in discovering threat intelligence on the deep web and darknet. This intelligence allows organizations to detect and prevent threats of all kinds—But first, what exactly are the deep web and dark web?
The deep web, sometimes called the invisible web, includes websites and data sources that are unindexed and non-discoverable by search engines, such as Google, within the surface web. The deep web is estimated to be at least 400-500 times the size of the surface web.
The deep web includes online pages that are restricted by passwords and paywalls (such as personal social media accounts and online banking dashboards), or dynamic and encrypted networks. The term “deep web” is not interchangeable with the darknet/dark web—it includes the darknet/dark web.
The darknet/dark web is a more hidden subsection of the deep web and requires special software, such as a Tor browser, to access. The dark web offers users total anonymity. This is why a great deal of nefarious activity, including illegal goods sales, human exploitation, and discussion around illegal topics, happens there.
Accessing the dark web is not illegal in itself, even though dark web activities are often illegal. User anonymity means that the dark web is also sometimes used for less destructive activities, such as circumventing government censorship and protecting whistleblowers.
Contrary to popular belief, darknet data is not difficult to access—but it is very difficult to navigate, since pages are not indexed or regulated. Inexpert darknet browsing can be dangerous, and discovering anything specific or useful is extremely time-consuming.
How Does The Darknet Achieve User Anonymity?
Darknet users achieve anonymity with onion routing. A user’s data is sent through multiple layers of encryption before reaching its destination, making its origin anonymous. These encryption layers are analogous to the layers of an onion.
Tor (acronym for “The Onion Router”), the most popular dark web browser, uses this encryption method. Tor is a free software browser that conceals the user’s IP address, which then inhibits any personal or metadata collection.
What Do Deep Web And Darknet Sites Look Like?
Most sites and published information on the deep and dark web take the shape of either a marketplace, discussion forum, or breached data dump:
Below is an overview of the types of websites that are active in the deep and dark web. This list is not exhaustive—sites are constantly changing as they are removed or added.
Deep web marketplaces often aim to remove “the middleman” involved in surface web commerce. Buyers and sellers on deep web marketplaces use cryptocurrencies and engage directly to avoid fees associated with typical payment methods like Paypal. Many dark web marketplaces don’t cater specifically to illicit exchanges, however illegal activity is often difficult to track or manage.
Many cloud-based messaging services are considered to be within the deep web. These services are used widely for discussing or creating games, exchanging payments between users, and discussing shared interests with varying degrees of security. Some deep web messaging apps are fully encrypted, whereas others allow users to create their own servers and host private, password protected, or public channels within those servers.
While messaging apps in and of themselves are not necessarily designed to host illegal activity, there have been many reports of phishing scammers using these types of apps as a method of contact with victims. Others have been linked to adult, narcotic, or otherwise NSFW (Not Safe For Work) content. Discord, for example, is linked to discussions about illegal activity as well as the alt-right movement. In August 2017, it was discovered as a planning tool for organizing the “Unite the Right” rally in Charlottesville, VA.
The Open Web can be defined as an open network that is decentralized (control is shared by many parties), accessible (anyone can participate without requesting permission) and open-source (anyone can modify or improve it).
It can also be defined by what it isn’t: the internet’s “walled gardens” where content is centrally controlled and monetized (Facebook and Google, for example). These walled gardens provide an easier and more curated user experience, but at the cost of certain freedoms—algorithms control what content is published, and publishers are restricted to services that are built by the sites.
Content on the open web is publicly accessible but not necessarily indexed by common search engines like Google. Pastebin and Craigslist are both examples of open websites.
Tor was created by the U.S. Naval Research Laboratory in the 1990’s aiming to enable secure government communications. It’s now the most commonly used network for navigating the dark web. Tor sites have .onion as their top-level domain.
Tor contains a number of discussion forums which tend to serve a somewhat ill-intentioned user base. Online hate-groups use these forums to hold anonymous discussions including planning criminal and violent acts. The now-defunct 8chan, for example, is associated with the 2019 Christchurch mosque and San Diego synagogue shootings. The latter’s perpetrator posted links to his manifesto and Facebook page before committing the attack. The site has 35,000 daily users.
What exactly are criminals doing on the dark web? Most corporate security professionals and public safety officials are seeking crimes and evidence of crimes related to stolen and illegal goods, conducting drugs and human trafficking, planning attacks, selling and leaking data and information, money laundering, and fraud.
The following are some specific examples of darknet activity:
The following are specific industries that actively pay attention to deep web and dark web sites to find and mitigate common threats:
Public Safety Professionals (police agencies and federal defense):
Corporate Security Agencies:
Whether or not you search for them, security threats are prevalent on the deep and dark web. Although much of the activity on these sites is benign, deep and dark web threat intelligence is crucial for organizational security and public safety.
Deep and dark web sites are extensive and constantly changing. OSINT training and tools that gather deep and dark web data can support organizations with the discovery and mitigation of threats related to data breaches, illicit goods exchange, and exploitation.