Into the Deep: A Deep and Dark Web Primer

In June of 2018, 35 alleged black market vendors were arrested for selling drugs, weapons and other contraband worth over $23.6 million over the dark web. This undercover operation was a collaborative effort between several U.S. agencies including the Department of Justice, Homeland Security Investigations, the Secret Service, the DEA, and the Postal Inspection Service. By portraying themselves as black market vendors, U.S. law enforcement was able to penetrate dark markets and consequently shed more light on a still secretive place.

Oftentimes more attention yields more questions. What is the deep web? What is the dark web? Are they the same thing? Is it dangerous to visit deep or dark sites? What types of threats exist here and how are businesses countering risks?

In this article three main parts of the web will be discussed; the surface web, the deep web and the dark web. Before diving into the deep and dark web, it’s best to know how the standard World Wide Web works.

World Wide Web (Surface Web, Clearnet)

The World Wide Web (WWW) was created by Sir Tim Berners-Lee in 1989. The three main technologies that make up the WWW are Hypertext Markup Language (HTML), Hypertext Transfer Protocol (HTTP) and Uniform Resource Identifiers (URI) most commonly called a URL.

It contains web pages and websites that can be accessed from a web browser (Firefox, Chrome, Internet Explorer and Opera) using common search engines (Google, Bing, and Baidu).

How search works:

  • Using Spiders, search engines crawl the WWW to discover public-facing websites and follow links on those sites to capture the path to indexable data.
  • Once data has been obtained it’s stored on the search engine’s servers in an index.
  • When a user searches for a term or types their question into a search engine they are returned results from the index and not from the internet itself.

A sampling of websites found on the WWW includes YouTube, Facebook, Amazon, and Wikipedia. The WWW is also known as the “Surface Web” and “Clearnet” since most sites identify users by their IP addresses and have low to zero encryption.

What is the Deep Web?

Google 404 Error Message

The general public is more familiar with Deep Web sites than they may believe. The Deep Web is comprised of accessible, non-indexed websites that traditional search engines can’t find. It includes private and confidential information from your webmail, government sites, academic journals, standalone pages, company, and university intranets and databases to name a few. Additional examples of Deep Web sites include the specific URL used to message your contacts through Facebook Messenger or WhatsApp.

If you pay for a subscription to access The New York Times or The Washington Post sites, you’ve visited the Deep Web. The Deep Web makes up the majority of online content and is essential for keeping your information private and off public search results.

The Dark Web Defined

Tor I2P logos

The definitions of the deep web and the dark web are not interchangeable in nature. The dark web is a fragment of the deep web. It is concealed, restricted and only indexed by Dark Web Search Engines. The content found here ranges from secure communications for whistleblowers, journalists, and governments; outlets to circumvent persecution from oppressive countries and regimes; illegal marketplaces; pirated media, scams and much more. Like the WWW and the Deep Web, the Dark Web can be used for good or bad.

Users cannot browse the Dark Web by traditional methods. They require a special browser like Tor, AKA The Onion Router to gain access. Tor is both a free software and an open network. It helps protect users against network surveillance and traffic analysis. Tor and other darknets like Freenet and I2P, aid in protecting user privacy and identity online.

Business Threats on the Dark Web

Dark Markets

These marketplaces found on the dark web can be used to trade, share and buy sensitive information on companies and individuals in exchange for cryptocurrencies. Many dark marketplaces exist in their own geographies and local languages, making understanding threats and targets difficult to identify without local language knowledge. Selling and buying corporate data is a major dark market offering, and with the year over year uptick in data breaches affecting businesses across industries, it’s only a matter of time before a business is breached.

A sample of dark market offerings:

  • Data dumps
  • Personally identifiable information
  • Network vulnerabilities and exploits
  • Counterfeit documents
  • Counterfeit goods
  • Exploit kits
  • Malware
  • Items stolen during acts of intellectual property theft
  • Cryptocurrency trading
  • Stolen credit card information

Paste Sites and Forums

On the dark web hackers can identify impactful vulnerabilities and start reporting on them via forums, paste sites, and other dark web locations. Exploits for select vulnerabilities are then developed and shared on these dark web resources. Businesses that have visibility to these conversations can make the difference in stopping or mitigating a breach.

Damaged consumer confidence, abandoned mergers, and regulatory fees are only a few of the consequences companies can face in the wake of being exploited on the dark web. A more robust approach to deep and dark web investigations is recommended to safeguard your business. Your company’s growth can rely heavily on maintaining visibility into the conversations going on around your industry, company and third parties.

It is important to note not all dark web resources and activities are illegal. There are some communities that are anti-establishment and/or pro-privacy and believe they should be able to act without oversight.

Countering Business Threats with Deep and Dark Web Investigations

Deep and dark web investigation services can inform businesses about their exposure risk on the dark web and identify if their company data has been compromised. When a cyber event occurs, companies should observe best practices to determine whether sensitive information has been distributed online.

Knowing where to look for compromised information, understanding how your efforts can expose your company to additional threats, and what to do once you find the data are critical next steps to mitigating risk. Including deep and dark web investigations in your security program can help mitigate damages to reputation, compliance penalties, company downtime and unexpected costs.

Deep and Dark Web Investigations Benefits:

  • Actionable intelligence
  • Locating sensitive data exposed through unsecure file transfers
  • Detecting data leaks through staff oversight
  • Compromised employee accounts and company servers
  • Finding consumer data being sold underground
  • Stolen financial data (credit, debit, PayPal & other systems)
  • Tracking money launderers
  • Detection of compromised credit cards
  • Detection of compromised terminals and POS
  • Locates Botnet depositories
  • Monitors the dark web for stolen corporate documents
  • Identify consumer data and stolen financial data (credit, debit, PayPal and other systems)
  • Track money launderers
  • Dark web scrapes can help locate and identify missing persons

Countermeasures:

  • Proprietary security measures
  • Custom search string creation
  • Digital marketer identification
  • Ongoing deep/dark web monitoring

Companies are using deep and dark web investigations to locate confidential information and secure their business assets. When these services are combined with information found on the Surface Web, unique insights can be uncovered that will help measure your company’s risk.