The internet is ubiquitous in our daily lives, like electricity; and just like electricity, we use it without being aware of its nuances. The increase in cyberattacks, however, has made the dark web prominent as we hear of it being used by hackers. What is the dark web and is there a risk of us accidentally stumbling into this part of the internet and facing adverse consequences? Let’s find out.

Surface Web vs Deep Web vs Dark Web

Internet vs Web

We may use the terms ‘internet’ and ‘World Wide Web’ synonymously but they are not the same: the internet is the infrastructure that allows computers to communicate. The World Wide Web (WWW) is one of the services that use the internet, and the one that we are most familiar with. The WWW is a method to access webpages and the content they link to that is stored on web servers. We use a browser to access these webpages using HTTP or HTTPS protocols. The internet is larger than just WWW; the File Transfer Protocol (FTP) is an example of a service that uses the internet but is not part of the WWW.

The World Wide Web can be further segregated into 3 parts: Surface Web, Deep Web, and Dark Web. Before we dive into the dark web, let us understand the differences between the parts.

Surface Web

The surface web is what we usually think of as the World Wide Web. It consists of the portions of the WWW that are indexable and accessible through a search engine. News, ecommerce, and corporate websites are usually on the surface web. The surface web is publicly accessible with common web browsers like Google Chrome, Microsoft Edge, or Mozilla Firefox, without restrictions. The surface web is also known as the clearnet due to its public accessibility.

Deep Web

The deep web is the part of the World Wide Web that is not indexable by search engines and therefore we cannot find deep web content through internet searches. Deep web content includes our email, private social media, our bank records, and paywalled/subscription-based content. We may use the surface web to arrive at a landing page where we will need to provide a password to access deep web content e.g., we access webmail through a login page that is available on the surface web but once we provide our username and password we enter the deep web to view and send emails. A corporate intranet is also part of the deep web.

The deep web is usually accessible through the same web browsers that we use to access the surface web.

Dark Web

The terms ‘dark web’ and ‘deep web’ are sometime used interchangeably, which is incorrect. The dark web, also known as the darknet, is a subset of the deep web. It is not indexable by search engines, like the deep web, but unlike most of the deep web the dark web places significant emphasis on privacy and anonymity. Communications are encrypted and traffic may be anonymised to prevent tracing the source. The dark web includes websites that use the Tor network, and have a ‘.onion’ domain. Websites on the dark web cannot be accessed through conventional web browsers and require a special Tor browser for access. Therefore, there is no risk of accidentally entering the dark web.

Legality

The surface, deep, and dark web are not inherently linked to legal or illegal content or activity. The surface web can be used to conduct illegal activity, and the dark web can be used for legal activity. The BBC, Facebook, The New York Times, and X (Twitter) are just some of the examples of legitimate websites that have a .onion version available on the dark web. Such versions are created to enable journalists, whisteblowers, and other users operating in hostile environments to communicate safely and access uncensored news. The onion routing technology was originally developed by the U.S. Naval Research Laboratory and released to the public domain by the US government to allow safe, anonymous, and unrestricted access to information, which is why the dark web matters. Therefore, all dark web activity cannot be considered to be illegal.

How Hackers Use the Dark Web

The privacy and anonymity offered by the dark web appeals to cyberattackers as well, as they don’t wish their activity to be traced to them.  Hackers can use the dark web to

1. Host Hacker Websites
2. Communicate Privately

A. Host Hacker Websites

Hackers have dark web websites for purposes similar to legitimate websites on the surface web: to publicise their activities and host files. Black hat hackers create cyberattacks such as ransomware and advertise them for sale through their dark web websites for other cyberattackers to use. This model is known as Ransomware-as-a-Service (RaaS) and can include a basket of services including assistance to negotiate with victims. Other forms of malware and vulnerability exploits, and data exfiltrated through cyberattacks, can also be offered for sale.

Black hat hackers may also use their dark web websites to release data stolen in cyberattacks, either as a tactic to exert pressure on a victim to pay a ransom to avoid further release of data, or to carry out their threat of releasing data when a victim refuses to pay. Such released data can be used by other threat actors for identity theft or phishing attacks on those whose data has been released e.g., they can apply for loans in the victim’s name that the victim will need to repay.

B. Communicate Privately

Threat actors use the anonymity and encryption that are foundational to the dark web to communicate privately without fear of exposure, both amongst themselves and with victims during ransom payment negotiations. They may also use the dark web to communicate anonymously with journalists and other stakeholders who wish to speak to them.

Staying Safe On the Dark Web

While there are legitimate reasons to use the dark web, the vast majority of netizens do not need to use the dark web and we recommend not venturing into the dark web unless you have a critical need to do so (as a journalist or whistleblower). There are many dangerous elements present in the dark web and the risks outweigh the benefits from satisfying your curiosity. If you must venture into the dark web, avoid unnecessary interaction, only visit the websites you need to, avoid downloading any files, and use a robust antivirus like K7 Ultimate Security to protect yourself.

Stay Safe From the Dark Web

Hackers may leak stolen data on the dark web. To stay safe, follow the two-pronged approach of preventing data from leaking and avoiding attacks that leverage leaked data such as phishing.

Enterprise Protection

Businesses should deploy endpoint security products like K7 Endpoint Security to identify and block malware that can launch attacks and steal data, and block phishing links. Cybersecurity services like K7’s Vulnerability Analysis and Penetration Testing (VAPT) can identify weaknesses in cyber defences before hackers find them. Large enterprises can use an Extended Defence and Response (XDR) platform like K7 InfiniShield that integrates security event data from any source for AI-enhanced, real-time, MITRE ATT&CK based threat detection. Employees should also be trained on the basics of cyber hygiene and identifying social engineering/phishing to stop attacks that don’t depend on technology.

Individual Protection

Individuals should use robust antivirus like K7 Ultimate Security on their desktops/laptops and mobile devices to block malware and phishing links. Use data leak monitoring sites like Have I Been Pwned to check if your passwords have been leaked and change them immediately if they have. Be aware of phishing techniques and read messages with scepticism to avoid phishing attacks that rely on persuasion rather that technology.

FAQs

1. What is the dark web?

The surface web is a part of the World Wide Web that is publicly accessible through search engines and conventional browsers. The deep web is not accessible through search engines but can be accessed through conventional browsers. The dark web is a subset of the deep web that emphasises anonymity and can only be accessed through special browsers.

2. Is it illegal to use the dark web?

Using the dark web is not inherently illegal, and legitimate websites do have versions available on the dark web. However, there is a great deal of illegal activity on the dark web and it is advisable to avoid the dark web unless you have a compelling reason to do so.

3. Why do hackers use the dark web?

Hackers use the anonymity offered by the dark web to host their websites that offer their services, leak the data they have stolen, and to communicate without revealing their identity.