If you hang out online long enough—particularly in cybersecurity circles—you will eventually hear the term “dark web”. The term is becoming more and more pervasive as sort of a catch-all “bogeyman” for everything shady or malicious online, so it may not even seem like a real thing, but it is. So, what exactly is the dark web and why does it matter to you?
Layers of the Web
Let’s start with what the dark web is. I will use an analogy to explain.
Think of the internet like a city. There are well-lit highways and main streets where most of the activity goes on. There are, however, some more obscure side streets and back roads where you can find an occasional gem off the beaten path. There are also some back alleys and shady areas that you avoid even in the daylight and definitely don’t want to venture down in the dark.
There are basically three similar layers to the web. The surface web is what we think of by default as the web. When you search Google or Bing, the results you get will generally keep you on the areas of the internet that are safe and well-lit. The invisible web—or deep web—contains all of the content that is accessible via the web but is not indexed or searchable. Online banking sites, web-based email, and a variety of other resources are out there on the obscure side streets and back roads of the deep web. Then you have the dark web. The dark web is out there, but it requires some extra effort to access—like knowing the secret knock to get into a speakeasy—and contains a mixture of shady, bizarre, and completely illegal activity you expect to find in back alleys and shady areas.
Understanding the Dark Web
Common perception is that the dark web is a cesspool of illegal activity. That may be partially true, but the primary thing that sets the dark web apart from the surface web is anonymity. Individuals use things like the Tor browser to hide their identity and obfuscate the source and destination of internet traffic. Some people simply value privacy and want to prevent internet providers, retailers, or government agencies from tracking their online activity.
One intrepid journalist ventured out onto the dark web back in 2015 to see what he could find. He found a wide variety of things as innocuous as people selling carrots or pretzels, to templates to counterfeit Gucci handbags, and a “wish pill” that promised to make your wish come true if you take it.
The anonymity aspect also makes the dark web an ideal place to conduct overtly unethical and illegal activity online as well, though. Even though the origin of the dark web is not necessarily malicious or illegal, researchers studied thousands of websites on the dark web and found that 57 percent hosted illicit material of some kind.
Why Should You Care about the Dark Web
There are hundreds of illicit marketplaces on the dark web, but one of the most notorious is Silk Road. Silk Road sold a variety of things, but the platform was primarily an online drug market. The FBI shut down the site in 2013. It is estimated that Silk Road generated roughly $1.2 billion in sales.
The larger concern for a business or average individual, however, is that the dark web also serves as a clearinghouse for buying and selling stolen credit card data, banking information, and account credentials. When you see the headline du jour of a massive data breach, there’s a good chance that the compromised data will end up in a marketplace on the dark web.
In a recent article on CSOOnline.com, Darren Guccione described some of the shady things you can buy on the dark web:
“You can buy credit card numbers, all manner of drugs, guns, counterfeit money, stolen subscription credentials, hacked Netflix accounts and software that helps you break into other people’s computers. Buy login credentials to a $50,000 Bank of America account for $500. Get $3,000 in counterfeit $20 bills for $600. Buy seven prepaid debit cards, each with a $2,500 balance, for $500 (express shipping included). A “lifetime” Netflix premium account goes for $6. You can hire hackers to attack computers for you. You can buy usernames and passwords.”
Protecting Yourself against the Dark Web
Data breaches are a fact of life and companies and individuals often find out they’ve been compromised when their sensitive data is found on a dark web marketplace. Dark web scanning is important—especially for businesses—to proactively scan to detect when stolen credentials or other sensitive data are discovered out there in the internet back alleys. Awareness that your data is compromised and available to the highest bidder gives you an opportunity to take action to prevent or stop attacks.
