Taylor Breland

Cyber Security Analyst.

7 minute read

Lately I feel like I’ve seen and heard the dark web being brought up in more mainstream conversations about data security. Most notably, “Dark web scanning” has been a major marketing selling point that various companies have claimed that they can do to notify you if your information is on the dark web. Ok…but what the hell is the dark web? Hint, it’s not dark mode google chrome, or a place on the web that only black people visit. All jokes aside, we’re going to explore what the dark web is, and hopefully after reading this you’ll have a better understanding of what exactly this means in relation to cyber security.

Let’s Jump In The Deep End

In order to better understand what the dark web is, we have to first understand what the normal web is. You right now are on the World Wide Web. This is the collection of resources or pages interlinked through the HTTP protocol that are accessible over the internet. The internet and WWW are not the same thing, even though they are conflated often. The internet was created almost 50 years ago by the military, whereas the world wide web wasn’t invented until 1989 by Tim Berners-Lee. The best analogy for differentiating the internet and WWW is imagining a city. Think of all of various roads, pipes, etc. that are needed to sustain the infrastructure of the city. This is the internet. Now imagine all of the different storefronts, businesses, etc. where people can visit. This is the WWW. You used a “road” on internet to get you to this “storefront,” which is this website. Pretty neat!

We’ve all used google before to search for information on the internet. Google is acting as your guide or map on the various roads to get you to your destination. It’s just a search engine. But how does google or any search engine get all of the content it shows to you? What they’re really doing is indexing various pages on internet and presenting them to you based off of your search query. Why is this important? With indexing, we can organize and present content in a reasonable way for the end user to access. Google indexes a lot of websites/information through their various algorithms, which is what makes them the multi billion dollar company they are. It truly is amazing how much content there is out there. What about the content you can’t find on google though? Hmm…

You may have heard the term “deep web” before. If you haven’t, I’m sure you’ve seen the picture or heard of the analogy of the true amount of content out there on the internet as represented by an iceberg (see below). The area below the surface of the iceberg, where the majority of it is, represents the deep web. The surface represents the surface web. Now remembering what search engines do by indexing content, the deep web is nothing more than the content that has not been indexed.

You might be thinking, “Wouldn’t we want to index everything?” And that’s a fair point.

There’s actually a lot of content on the web that we don’t want indexed….like our bank account information. While (insert your bank here) main website may be indexed to be easily found, the content behind your actual account information is considered to be part of the deep web. This is why the deep web accounts for the majority of all web content. I’m sure you can think of other examples of deep web content in your every day use of the web. Considering how powerful google is and the insane amount of information they index, it’s interesting to think what truly is out there…

Internet

Come To The Dark Side

So we’ve already established that the deep web is just the non-indexed content out there on world wide web. So what is the dark web specifically? Well, if you’ve heard the rumors about the content on the dark web, you might guess that it most certainly is not and DOES NOT want to be indexed for everyone to see. It’s really just a subset of the deep web, with some special circumstances. Illicit activities ranging from drug sales, hiring hitmen, and purchashing stolen credit information is all fair game on the dark web. You can bet that the bad people are using whatever advanced cyber security tactics in order to stay hidden and continue to operate efficiently.

To keep it short, the dark web can be accessed by using special software that is capable of connecting to the domains that hosts content. Most notably, the TOR browser is infamous for being the gate keeper to access the dark web. This software is free and is available to download from its main site.

Warning! Do not download Tor or try to access the content on the dark web unless you know what you’re doing. There is a reason why it is hidden. Worst case you might access websites with content you do not want to see, which may be illegal. In addition, you may also inadvertently download malware or a virus.

Actual Dark Web websites

Here are some screenshots and information about current(ish) and mostly former dark web web sites.

The Hidden Wiki: Hidden

The Hidden Wiki was a place where people can come to find links to many different dark web sites hosting a variety of content. Think about it like a library of links. The singular site is since shut down, but forums like these exist in many parts of the dark web.

The Silk Road:

Silk

The Silk Road was a major dark web e-commerce site that specialized in the selling of illegal drugs and basically anything that people were willing to offer; fake passports, guns, etc. The deals were done in bitcoin and assured that there could be no trace back to the original buyer. It has been shut down for quite awhile after the FBI managed to arrest the owner. I recommend reading more about the site and how significant it actually was during its peak.

Pink Meth:

Pink

Pink Meth was a site that was dedicated to revenge porn. People would upload revealing pics of their exes for everyone else on the site to see. The exes would then be extorted into providing money otherwise their pics would get leaked to the greater internet. This site was also shut down by the FBI awhile ago, but it goes to show you that the stuff on the dark web is quite scary.

Ok, But Does All This Really Matter?

The truth is that people have their information compromised every day. The best thing that we as good cyber citizens can do is at least know what is out there, but more importantly know how to protect ourselves. This brings me back to my first point at the beginning of the article. You probably have heard of some kind of “dark web scanning” offered by some security company that will inform you when your information has been seen on the dark web. This is great, but this does not protect your data once already compromised.

Suppose Company X has their data stolen and it gets hosted on the dark web. If your credit card or social security information is included in the breach, the service can’t take it off the dark web, and it probably can’t find every single instance of it on the dark web as well. There’s probably a chance some of you reading this, including myself, have information out there on the dark web either presently or maybe sometime in the past. To be clear, I’m not saying what these companies are offering is bad. You should definitely try to enhance your cyber security posture with these kinds of services, and take whatever remediation steps necessary if you are compromised. However, before making a commitment to a service and paying money, you should at least be knowledgable of what they’re offering.

If anything, there’s more pressure on companies to protect your information more so than the user, and there definitely should be. We trust these companies with our personal information that can be used to essentially ruin our lives if used in a nefarious way. As the threats evolve in cyber space, more money and resources are going to have to go towards security programs for these companies to ensure that your data is secure. We can’t control companies being compromised. However, we can be safe while browsing the web in a myriad of ways;

  • Having good passwords
  • Not clicking on random links/attachments on emails
  • Viewing/downloading content from trusted sites
  • Use some damn common sense

The dark web is going to continue to exist for a long time to come, but that’s not the only threat to cyber securtiy, rather another avenue the bad people use to do their activities.

Thank you for reading!

You May Also Enjoy

Happy New Years!

less than 1 minute read

Happy New Years everybody! Here’s to hoping that your year is filled with joy, excitement and fulfillment of your goals. I have a feeling that the cyber sec...

Exploiting Log4shell

5 minute read

This article is intended to show the Log4shell exploit in action. If you’re unfamiliar with what Log4shell is, please read this article. Essentially, we’re g...

Log4shell Vulnerability

5 minute read

WHEW, it certainly has been one hell of a year for cyber security, and it’s only getting more intense. You may have heard of the recent vulnerability dubbed ...

Finding Passwords with Wireshark

8 minute read

So we’ve already seen how we can collect credentials through using SET (Social Engineering Toolkit). Now let’s see how we can get credentials using a network...