Part One: What is the Dark Web?

What is the Dark Web?

When someone starts talking about the dark web, it's not uncommon to hear about some pretty rough stuff like hitmen for hire, black market drugs, underground organ sales and hackers for hire hiding in the dark. So what is the dark web? Why does it exist? How can it affect your business? Although there are many ways criminals can hurt your company, hopefully this series will help you understand what the dark web is, what risks might come from ignoring it and how you can actively protect yourself and your intellectual property from harm.

Over the past couple of years, traditional news outlets have started mentioning the “dark web” more frequently than ever before. The stories reinforce the assumption that the dark web is a hidden and nefarious corner of the internet where criminals hide and do business. Although that is partially true, the dark web is much more than the internet’s version of the Star Wars spaceport Mos Eisley. This blog is the first in a short series of blogs that will explain what the dark web is, where it came from and how its existence and users can affect your enterprise and personal life.

When someone talks or writes about the dark web, they are generally referring to one of two things. First, they may be talking about the vast quantity of data that is not indexed by search engines such as Google, Bing, Yahoo, DuckDuckGo etc. Search engines use automated programs called spiders to ‘crawl’ websites and make them searchable. If the internet could be compared to the ocean, these programs are like nets that only catch content on or near the surface. Anything not found and indexed by search engines is part of the ‘deep web.’ Second, they may be discussing the hidden services sites that are only available through special browsers like TOR.

The first reference is a bit misleading. In tech and security parlance, there is a difference between the terms “deep web” and “dark web.” However, outside of security circles, those terms are often used interchangeably. The deep web traditionally refers to the content that is beyond the reach of the search engines. This can be virtually anything from private forums requiring login credentials to pages that employ CAPTCHAs to sites serving dynamic or scripted content. The deep web also includes countless databases of information that isn’t indexed because search engines don’t look at things that aren’t linked in other sources.

The dark web, on the other hand, refers to those areas of the internet that are designed for people to browse anonymously. The Onion Router (TOR), the Invisible Internet Project (I2P) and Freenet are software bundles that allow users to visit hidden sites created to be seen only by people with the proper privacy software in place. TOR is the most widely used of the three and users can tell at a glance if a site is accessible only from TOR because websites being hosted on the hidden service end in .onion instead of the .com, .org and .net classifiers commonly used on the clear web. Because these sites can only be accessed with special software, they are, by definition, part of the deep web.

So why do these types of websites and browsers exist? We can thank the United States government for them. TOR was originally designed by the Naval Research Lab as a way for people living under oppressive governments to be able to browse the internet without fear of retribution. The way it was designed also gave users access to content that was being actively blocked by their country, like international news in China or activism in the Middle East. Essentially, TOR was a way for people to break the law in their home countries by giving them free access to information. It is reportedly used by activists and dissident groups in Egypt and Iran. In 2004 the project was released open source and The Tor Project was created as a non-profit organization and it is maintained by volunteers and researchers.

Although it was created to subvert surveillance abroad, TOR works the same way here in the United States. Instead of dissident groups fighting for freedom, criminal organizations, child abuse sites and black markets found they could use the project to avoid law enforcement in the United States. It is a haven for drug dealers, pedophiles, and black hat hackers. Because of the nature of the dark web and TOR in particular, it makes it very difficult for the police and intelligence community to know who is who and find ways to stop them. This is why threat intelligence is so important. Seeing attacks starting to form in the planning phase can give organizations the ability to shore up their defenses. Finding user information like emails and passwords can give businesses a head start on alerting customers and changing passwords.

Next Blog Post:

Look forward to learning some of the things that are happening on the dark web including black markets, anonymous message boards, and perhaps some of the legitimate uses as well. Later in the series we will take a closer look at how the dark web is changing the way companies have to look at threats, both inside and outside of their organizations.