What Does the Dark Web Mean?
The dark web, also known as the DarkNet, is comprised of websites whose IP addresses are intentionally hidden. Dark web content is accessed over encrypted overlay networks that use the public Internet but require a special kind of software to act as an overlay network gateway.
The dark web is used by criminals and shoppers on the black market, as well as by law enforcement and journalists, so it has both positive and negative aspects. On the positive side, the dark web allows government agencies to share classified information.
On the negative side, the dark web has become a marketplace where customers can shop for illicit goods and services and even leave reviews, just as on the public-facing Internet.
The dark web is a subset of the deep web, a term used to describe web content that is not intended to be crawled by traditional search engines. In contrast, website content that is indexed and can be accessed through traditional search engines is known as clear web content.
The dark web is infamous as the default trading place for illegal merchandise and services. It is hidden, secretive, and, for the most part, decidedly unpleasant.
What is the Dark Web? We explain it to you.
The Internet vs. The Web
In casual conversation, we tend to use “Internet” and “web” interchangeably. When we tell someone to “go on the Internet” or “go on the web,” we mean the same thing, and it starts with firing up a browser. But in reality, the Internet and the web are two very different constructs.
The Internet is an interconnected network of computers. It supports many different services. One of these is the World Wide Web, or “web.” If you think of websites as buildings – shops, factories, cinemas, and libraries – the Internet is the roads and highways linking them together.
The Internet is the infrastructure that allows network traffic to arrive at the websites, just like roads are the infrastructure that allows human traffic to find its way to the shopping mall.
Apart from the web, the Internet supports services like email, Remote Desktop Protocol, the Domain Name System, and the Network News Transfer Protocol. These and many more are delivered over the Internet, and none of them are websites. They make use of the Internet infrastructure, but they’re not serving up web pages.
Clear Web vs. Deep Web, Dark Web
The web, as you know it, the publicly accessible set of websites that are indexed by Google, Bing, Yahoo, and other search engines, contains approximately 55 billion web pages. This is called the clear web.
That’s an impressively large number, but there’s an even greater amount of material on the Internet that isn’t indexed by search engines and is not publicly visible. The back-end data storage of Gmail, Google Drive, Microsoft Office 365, OneDrive, Amazon Web Services, and Microsoft’s Azure platform, for example, are all Internet-connected repositories that are not accessible to the general public.
Only specifically authorized owners and users of the data can access it.
Governments, the military, NASA, and, in fact, many enterprises have private data that is accessible to authorized users over the Internet but which is hidden from the rest of society. This type of private but Internet-connected data is held in what is named the deep web. The deep web is estimated to be 400 to 550 times larger than the clear web.
The dark web is a part of the deep web. It provides anonymity for the websites located on it and for the users of those sites. The dark web is used for a lot of different purposes, both legal and illegal. It is built out on top of a collection of overlay networks.
Imagine a scattered collection of computers that are connected to the Internet. They are inaccessible using the standard network protocols because they have their own unique encrypted protocols. Because nothing else speaks their protocol, the usual Internet routing and dispatching services cannot handle their traffic. So the owners of these non-conforming computers need volunteers to run dedicated routing nodes that understand their private protocols. That provides a means to send traffic between these computers.
This is called an overlay network. It uses the infrastructure of the Internet but is completely divorced and separate from anything else using the Internet. Which means it cannot be seen.
The dark web is made up of several different overlay networks. Each one behaves like an independent Dark Web. They are accessed using specific software tools such as The Onion Router (Tor), Invisible Internet Project (I2P), or the Tails operating system. Websites on the Tor overlay network have .onion suffixes and websites on the I2P overlay network have .i2p suffixes, pronounced: “eep.” They won’t show up on Google, and they cannot be viewed or accessed using a normal Internet browser – only on a dark web browser.
The Tor overlay network is probably the largest dark web network. Tor was initially developed by mathematicians and computer scientists at the United States Naval Research Laboratory as a means of providing secure and anonymous network communications.
Tor uses a technique called ‘onion routing’ to send its encrypted traffic through an overlay network of c. 7000 volunteer-run Tor nodes to provide very secure anonymity.
Why People Use the Dark Web
It is this very anonymity, of course, that makes the dark web such an attractive proposition for criminals. This has resulted in the dark web becoming synonymous with drug sales, gun sales, illegal pornography, stolen credit card numbers, ID theft, and cybercrime.
Malware, ransomware, and crypto-jacking source code and toolkits are readily available for purchase to allow a would-be cybercriminal to set up shop. There are literally thousands of .onion and .i2p websites acting as marketplaces, each one like a nightmare version of eBay.
The various vendors are sorted into different categories according to what they offer – drugs, stolen credit card details, weapons, and so on. You can pick a category and search or browse through the different listings until you make your selection.
To make a purchase, you must pay in the designated cryptocurrency. If the marketplace is selling to the “public,” they often ask for payment in Bitcoin (BTC). This is because Bitcoin is the easiest cryptocurrency for the casual dabbler to obtain.
Criminal-to-criminal sales, or sales of highly sensitive materials, are usually transacted in another cryptocurrency such as Monero. This provides another level of obfuscation for the criminals to hide behind because Monero can only be purchased using another cryptocurrency. This increases the levels of obscurity they hide behind.
By definition, the vendors are all criminals. Not surprisingly, then, a lot of the dark web is fraudulent. After all, if someone orders a batch of drugs, but they never take delivery of them, they can’t very well take it up with trading standards.
To counteract this, the more sophisticated marketplaces allow buyers to leave star ratings for vendors and to give feedback regarding quality of product, speed of delivery, and reliability. Other dark web websites include escrow systems that hold the money for a transaction and only release it to the vendor when the buyer receives their purchase.
The dark web even makes it possible to engage with criminal service providers who offer Cybercrime-as-a-Service. This new service industry for cybercriminals is one of the most impactful disruptors that has drastically altered the threat landscape for businesses of all sizes.
The dark web marketplaces are full of criminals offering to conduct ransomware, cryptojacking, and distributed denial-of-service attacks on your behalf for a fee.
Often, with the ransomware attacks, there is no money required upfront. The service provider simply takes a cut of the profits. This means anyone can harness the destructive power of these debilitating attacks, and to do so requires neither IT skills nor financial investment.
The more sophisticated Cybercrime-as-a-Service providers even supply a dashboard for their customers to log in to, allowing them to monitor the progress and success rate of their ransomware campaign.
How to Get on the Dark Web
To safely access the dark web, you’ll need to use specific tools designed to navigate its encrypted network. Start by downloading the Tor Browser from the official Tor Project website. It’s a specialized browser that lets you access the Tor network so that you can reach .onion websites, which are the staple of the dark web.
Once Tor is installed, connect to a Virtual Private Network (VPN) before you open the browser. A VPN will mask your IP address, adding an extra layer of security and anonymity. With Tor Browser open, you can connect to the dark web by entering the complete .onion URL of the website you wish to visit. Unlike the Clear Web, dark web sites aren’t indexed by search engines, so you won’t find these addresses through Google or Bing. Instead, you’d typically find them via specific directories or forums within the dark web itself.
Be cautious as you navigate the dark web. Don’t download unknown files or click ads. Importantly, stay within legal boundaries, as it hosts a mix of both legal and illegal activities.
Legitimate Uses of the Dark Web
Most of what is on the dark web will make you want to bleach your eyes, but there are other, respectable, uses that this technology has been put to.
SecureDrop is an open-source whistleblower submission system for media organizations to securely accept documents from anonymous sources. It runs on the Tor network. The Associated Press, The Washington Post, The New York Times, The CBC, ProPublica, and more use this service.
Journalists in repressive regimes use Tor to alert the outside world to social injustice and human rights abuses.
Tor allows law enforcement officials to visit dubious websites and services without leaving compromising tracks. If an IP address from a government or law enforcement agency was found in the site’s logs, it would reveal the site was under surveillance.
It allows you to bypass state censorship. When Turkey blocked access to ProtonMail, the secure and encrypted email service, the only way residents in Turkey could access it was via ProtonMail’s .onion site.