The Dark Web Guide

The dark web hosts both lawful and illicit activities and is often associated with privacy-focused forums, marketplaces, and hidden services that are not indexed by standard search engines.

Dark Web Monitoring

What is the dark web? 

The Dark Web is notorious and widely known in the world at large. A decade ago, this might not have been the case. As cyber attacks accelerate and nefarious actors all over the globe seek to more rapidly connect with buyers of illegal goods and information, the term Dark Web has entered the lexicon in a prominent way.

The Dark Web was leveraged by the United States Department of Defense as a means of communicating anonymously. Its talent for keeping activity anonymous remains, but now protects malicious actors instead of innocent citizens of a given country.

The Dark Web is a place where sellers of illegal drugs, identities, information (passwords, account numbers, etc.) weapons, and many other illegal forms of physical materials and digital information look to traffic these materials across borders. In terms of cybersecurity, the Dark Web is a place where Ransomware-as-a-Service kits and phishing methodologies are traded and leveraged daily.

We really can’t put too fine a point on this fact: When it comes to cybersecurity in particular, the Dark Web is the sourcing ground for attackers to get the tools they need to disrupt your organization and business. Accordingly, it’s become paramount for security teams all over the world to respond faster than ever.

What are the types of darknets? 

The types of darknets that can access the Dark Web number many. A darknet is essentially the means by which a person accesses content on the Dark Web. Let's take a look at some of the more common examples of available darknets:

  • Tor (The Onion Router) - An open-source toolset designed to enable anonymous communication, Tor sessions redirect traffic through a volunteer network of thousands of relays that conceal the originating location from network tracking and analysis tools.
  • Zeronet - This is a decentralized network of peer-to-peer users leveraging Bitcoin private keys rather than IP addresses. The private key allows changes to be made that then propagate through the network. 
  • Tribler - This is an open-source BitTorrent client that allows anonymous peer-to-peer connections. 
  • Invisible Internet Project - An anonymous, peer-to-peer solution using over 50,000 volunteer computers to allow random routing paths through the network, the possible number of routes available with the Invisible Internet Project makes surveillance and tracking very unlikely. 
  • Riffle - This is a network anonymity tool developed at MIT to deal with issues related to TOR functionality. It is typically much faster than Tor-based networking. 
  • GNUnet - This is a decentralized, peer-to-peer networking framework that operates over most common connection types and protocols (WiFi, Bluetooth, HTTP/S, TCP, and UDP). It allows for communication, encryption, and peer discovery. 

How to access the dark web

In attempting to access the Dark Web, there’s an invisible line that a person acknowledges they’re crossing – or maybe they don’t. Either way, no one is accessing the Dark Web with a sense of optimism.

Tor, for example, uses multi-layered encryption to create anonymous communication over a computer network. Unpacking these layers of encryption is sort of like peeling an onion.

Is it illegal to access the dark web? 

This is where things might get just a bit confusing, as the Dark Web is nearly synonymous with illegal activity. Indeed, the vast majority of activity taking place there is illegal.

So, believe it or not, it’s not illegal to access the Dark Web; there are actually reputable brands and companies who have sites accessible via the Dark Web. It can simply be a dangerous proposition to peruse the Dark Web and engage with whoever you may meet, especially if it means revealing any personal data.

What is the dark web used for? 

The Dark Web is used by cybercriminals to buy and sell illegal goods and services, coordinate attacks, distribute malware and phishing kits, and share other prebuilt exploits. But, perhaps a big surprise to anyone thinking the Dark Web is just for criminal activity, it can also be leveraged for legitimate purposes. Let's now take a look at both use cases. 

Legitimate uses for the dark web

There are many authoritarian governments across the globe, and people living under such regimes often need to anonymously communicate. In fact, it can often be much safer for people in such circumstances to use the Dark Web over a virtual private network (VPN).

Many governmental organizations, several newspapers, and myriad tech organizations have a presence on the Tor network, which keeps their identities anonymous when interacting with the Dark Web. Reasons for this could be to show a commitment to privacy or allow people to pass them information anonymously. The Guardian newspaper has a SecureDrop facility on Tor – as does the CIA – which uses it for virtual walk-ins for anyone wanting to confidentially pass them information.

Accessing and using Dark Web protocols such as Tor is not illegal; it's just been adopted as the platform of choice by many bad actors who undertake illegal activities.

Nefarious uses for the dark web

The protections afforded people looking to be anonymous for legitimate reasons also provide the same anonymity for cybercriminals and criminals operating in the real world who desire private communications. While the amount of traffic is small compared to the e-commerce taking place on the open web, there is no denying that the Dark Web is a haven for bad actors and illegal e-commerce activities.

The illegal content traded on the Dark Web black market and the illegal activity on the Dark Web is spread over a wide range of activities that law enforcement agencies and internet service providers (ISPs) spend a significant amount of time attempting to combat. Nefarious-use examples include:

  • Sale of illicit goods on Dark web marketplaces: Recreational drugs, illegal drugs, healthcare drugs (pharmaceuticals legal in some jurisdictions, but not all), firearms, and other items regulated on conventional commerce channels
  • Cyberattack solutions and information: Sensitive information (like social security numbers, bank account details, credit card numbers) and other personally identifiable information (PII) such as authentication credentials for business systems and personal social media accounts
  • Political activity: Governments using bad actors who advertise on the Dark Web to undertake activities that they wouldn't want to be made public
  • General criminal activity: Cybercrime activity such as money laundering via cryptocurrency exchanges and the sale of stolen credentials for services as seemingly mundane as Netflix and other popular web entertainment companies

Many of these illegal activities use Bitcoin and other cryptocurrencies for transactions so that the sellers and buyers can remain anonymous. This makes it difficult for law enforcement agencies like the FBI, CIA, and international partner organizations to disrupt illicit activities. It is not impossible, however, as evidenced by the tracking and disruptions of Dark Web networks such as the Silk Road. 

Some additional examples of materials for sale on the Dark Web could include: 

  • Financial information: This is data that details access to bank accounts, wealth-management information, investments, and other private monetary information related to individuals or businesses. 
  • Governmental secrets: This category includes any information related to a nation's defense or active military/cyber-intelligence campaigns. 
  • Trade secrets: This type of data denotes information as to how a business might maintain a competitive advantage within its industry. 
  • Physical materials that aid in theft: An example from this category would be "skimming" devices that steal credit card data from point-of-sale platforms. 

What is the difference between the deep web vs the dark web? 

The difference between the deep web and the dark web is not necessarily the “findability” of information that exists on either, as both of these types of online information repositories feature data that is not indexed by search engines like Google or Bing. The main difference can be described by the following two aspects:

  • Legality of content: Illegal content of the type we discussed above is the primary material available on the Dark Web. If you have the right browser to access dark sites, then chances are a bad actor is going to be able to access nefarious content – and potentially purchase it, should they so desire – without any roadblocks in between.
  • Accessibility of content: That brings us to the differentiator between the Dark and Deep Web: accessibility. Content on the Deep Web typically isn’t of the nefarious sort, but it is usually gated. Examples of this would include private/encrypted files, content only available to paying customers or subscribers, and internal networks like a company intranet.

These differences aren’t necessarily clear-cut, as there are overlapping aspects between the Deep and Dark Web. As opposed to the Surface Web – also known as the Open Web – where anyone with an internet connection can access public-facing websites all over the world, the Deep and Dark Web are attempting to house information that doesn’t necessarily want to be found. Therefore, it’s likely that not all deep- and dark-web file repositories represent good intentions.

As stated earlier, neither of these connected content repository networks are illegal to access. Indeed, they must frequently be accessed by cybersecurity organizations conducting threat hunts or defending their networks or those of their clients.

For instance, if a threat actor is in possession of stolen data from a large healthcare provider, security personnel acting on behalf of the company are likely to conduct a large portion of that investigation throughout the Dark Web. Threat intelligence gathered from the Deep and Dark Web is likely to help future threat hunting teams when analyzing telemetry from beyond their own networks, such as the Deep and Dark Web.

How to protect your data from the dark web

These days, it can seem increasingly difficult to protect valuable assets and data from the reaches of threat actors. This is particularly true for enterprise organizations working with sensitive data in key sectors like healthcare, energy, and finance. That’s why it’s more critical than ever to go on the offensive.

Gain visibility into hacker communities

Cybercriminals lurk in the dark web to methodically coordinate their attacks, sell illicit goods, distribute malware and phishing kits, and share other prebuilt exploits. Go behind enemy lines to identify threat actors and their intentions at the earliest stages so you can properly prepare your defenses.

Get early warnings of targeted attacks 

With proper monitoring resources, you can gain visibility into threat actors and their activities. This includes accessing restricted channels and automating intelligence gathering to anticipate attacks targeting your organization, employees, and customers.

Discover new hacking tools and ransomware kits

Monitor exclusive dark web forums and the private channels of threat actors. In this way, you’ll uncover new cybercriminal tactics and tools used to automate attacks, test for weaknesses, and scam your employees and customers. It’s important to step into their shoes to understand how perpetrators can and will attack you.

Understand and engage Your adversaries

It’s critical to use a Dark Web monitoring solution that can keep a continuous eye on your adversaries and engage with threat actors. From these activities, the solution should be able to gather data samples, uncover motives, and help you deploy smarter cybersecurity workflows.

Learn more about the dark web

The Dark Web: Rapid7 Blog Posts

Whitepaper: Dark Web 201