A term that often pops up when talking about cyber criminals and organized hacking groups is the Dark Web- a mysterious space ruled by spy-like ‘cloak and dagger’ policies and inherently portrayed negatively by the media.

But is it really all it’s made out to be? Is every user on the Dark Web malicious? Is there any reason you should get on the dark web? And most importantly, why is it that more and more, IT security companies are focusing their efforts on exploring this frontier?

To answer these questions, we must first clear some misconceptions and define the Dark Web. The Internet can be broadly divided into three aspects of web. These are the Surface Web, the Deep Web and the Dark Web.

The Surface Web refers to the normal internet that we browse day in and day out and includes anything that can be crawled & normally indexed by popular search engines. This is generally believed to be less than 10% of the whole web.

Next is the Deep Web – this is the area of web to which access is controlled. Search engines may not be able to crawl through it and you may not be able to directly access it, because in some cases it is protected by passwords; or simply because no hyperlinks to such content exist for one to browse. This is where most- almost 80-90%- of web content exist. This does not mean there is anything illegal in such content, this could be anything like companies’ databases or any internal information for which the intended audience is limited.

If we go further into the next layer of web, we find the Dark Web. This section is intentionally hidden so as not to be accessible by standard web browsers.

Great- So How do I get There?

The Dark Web requires a specialized web browser to access. Instead of the familiar .com that we’re used to seeing web addresses end in, sites on the Dark Web are often appended with the .onion suffix. The specialized browser allows a user to surf the Dark Web similar to a traditional browser, except that due to the nature of routing and encryption, they can do so with anonymity. Navigating the Dark Web also requires knowing where to go and resources such as Dark Web Wikis help users find sites of interest.

Access into some Dark Web sites is controlled too, as they want law enforcement, reporters and others to keep away. Some Dark Web sites are accessible by invitation only and some may even require you to prove your skills, often by hacking some websites, before access is granted.

All this Secrecy- Surely Something’s Fishy

While admittedly, the Dark Web is used for illegal activities, it isn’t only leveraged for this purpose. In fact, European security research firm Intelliagg found that only 48% of websites on the Dark Web engaged in activities considered to be illegal by US or UK law. The 52% of others catered to file sharing, discussion boards, or content platforms.

The main attraction of the Dark Web is that it offers anonymity- but it is up to the uses to chose what they want to do with this. So, while the Dark Web is no doubt utilized for nefarious purposes, there are also a number of sites on the Dark Web that aren’t set up for malicious intent.

In face, there are plenty of websites that maintain pages on the Deep Web (again, note the differentiation between this and the Dark Web), and have perfectly valid reason for this. For example, online publications might host an article on their website and prevent it from being indexed by search engines before they are sure they want to make it ‘live’. Other legitimate services have launched themselves on the Dark Web too- perhaps one of the most prominent examples being Facebook which launched its own Dark Web presence (https://facebookcorewwwi.onion/) in 2014.

That said, one may find market places, similar to eBay, selling things like leaked credentials, credit card data, forged documents, malware kits; some even with a “buy back” guarantee if they don’t work. The anonymity of the financial transactions related to these purchases is also maintained by use of cryptocurrencies like Bitcoin. You may also find “hackers” discussing new vulnerabilities, attack campaigns or attack targets.

Should I Get on the Deep/Dark Web?

Most users would end up utilizing the Deep Web without even knowing it and there’s nothing wrong with this. With regard to the Dark Web however, most users should be able to get all they need from the internet without having to access this.

While not all content on the Dark Web is malicious, it is a tricky place to navigate as often, sites aren’t what they appear to be.  There are several unlabeled or mislabeled links, or sites that are disguised as one thing and turn out to be much worse!

Moreoever, cybercriminals can track your activities on the Dark Web through traffic analysis methods such as timing analysis and tracing data manipulation. It is therefore possible for them to undo the anonymity of the Dark Web. This enables them to know the user’s IP and the sites they are visiting. So while I wouldn’t recommend accessing the Dark Web, if you MUST, make sure not only use the specialized browser but also a reliable VPN client.

You Mentioned Security Companies…

Due to the nature of content available on dark web, it is important for security focused organizations to consider intelligence from the Dark Web to be an important aspect of their security strategy and therefore included in their Security Operations Center (SOC).

Intelligence from the Dark Web can help businesses become aware of breaches related to their industry vertical, planned attack campaigns, and new vulnerabilities which may impact their organization.

Getting this visibility from the Dark Web can be very tricky, hence there are security companies that specialize in offering this as a service. They basically harvest information from the Dark Web and make it available to organizations as part of the service. It’s like accessing “useful” Dark Web content without actually being on it.

To summarize, it’s important for organizations to include intelligence from Dark Web in their security strategies, this will help them better predict & respond to cyber security breaches.

Blog by:

Majid Khan, MSS Architect at Help AG