Better understanding the Dark Web can help average internet users evaluate their online risks and take appropriate measures for protection.
The terms Deep Web and Dark Web get tossed around pretty lightly in TV shows and true crime stories. Most popular culture consumers have no idea what the terms really mean and that they are not 100% interchangeable. A better understanding of the various levels of “web” is necessary to help users assess the risks of their online and real-world activities.
There are three general areas of the internet. The Surface Web represents about 5% of the total web. These are sites that are indexed and searchable by anyone (or any bot) with a browser.
The Deep Web is the unindexed internet. It includes anything behind a login screen. The information on the Deep Web is not available for search engines to “see” but if users have the URLs they can visit the sites.
The Dark Web is anything that’s intentionally hidden and anonymous. It represents a very small subset of the Deep Web. You need a special browser that conceals your IP address to visit the Dark Web. Using the Dark Web requires caution not unlike visiting the Surface Web. However, you have to keep in mind that you will definitely encounter criminals and other ne’er-do-wells.
Potentially Legitimate Uses of the Dark Web (Gray Areas)
While the Dark Web is where illicit activity takes place, it is also used for other fringe reasons–gray areas that may or may not violate the law depending on jurisdictions.
For instance, journalists covering problematic regimes may communicate with sources on the Dark Web. Whistleblowers and other informants may also use the Dark Web to share sensitive information. And cryptocurrency services perform their transactions on the Dark Web as well.
Illegal Activity on the Dark Web
Truly illegal activities on the Dark Web include drug trafficking, murder-for-hire, sales of illegal pornograhpy, weapons trading, and a variety of hacker-for-hire services. Ransomware victims are also required to pay ransoms through Dark Web sites. And compromised data is available for sale too.
Large marketplaces for illegal goods and services rise and fall regularly on the Dark Web. Silk Road was the first headline-making service. It ran from early 2011 to late 2013, and its founder is now serving a life sentence for a wide variety of crimes. White House Market is the most recent anonymous Dark Web trading post to suddenly shutter its doors. It’s potentially linked to a recent bust by the U.S. Department of Justice, but details are still unknown. Whenever one marketplace falls, there are another two or three ready to take its place. The Dark Web is likely here to stay.
If I’m Not on the Dark Web, Why Should I Care?
Most law-abiding citizens have zero interest in the activities of the Dark Web. And they assume that just staying off these sites and away from the shady figures that inhabit them is enough. Unfortunately, it’s still possible to become a victim.
Consumer research site Comparitech recently published a report about the availability and cost of various services on the Dark Web. The costs of these services should put everyone with an online presence (read: everyone) on high alert to what is possible for not very much money.
Comparitech found that social media hacking was the most commonly advertised cyber service. For only $230, a hacker will swipe credentials for a victim’s account. The buyer can use that access to either alter the account or spy on the victim.
Personal attacks are the “most expensive” items on offer. Though at around $550, they are attainable for almost anyone bent on major revenge. These types of attack often include framing victims for terrible things and can be truly damaging relative to the low cost of entry.
DDoS attacks are typically priced by the duration of the downtime and average only $26/hour.
Other niche services include altering COVID-19 vaccine databases to add names; altering search engine results to affect search rankings; and changing grades on university or grade school transcripts.
Sadly, the Dark Web is full of plenty of personal data. If your data was compromised in any kind of a breach, it’s likely available for sale somewhere on the Dark Web.
Since schools often lack the cybersecurity practices necessary to combat ransomware attacks, they’ve become a favorite target of hackers. An NBC News report shows that reams of childrens’ data are available for sale. Data leaked from attacks on schools may include childrens’ names, social security numbers, and dates of birth, as well as information on their families’ immigration status, race, and financial situation. Parents have encountered issues with thieves using their kid’s data to open a credit card or take out a loan for a car.
How to Combat
Once personal information is on the Dark Web, it’s essentially impossible to retrieve. The best defense is to avoid being compromised in the first place.
All the standard advice about cybersecurity applies here. Use a password manager to keep your passwords complex and unique. Enable two-factor or multi-factor authentication wherever it’s available. Reduce your online footprint as much as possible. Encourage your local schools to improve funding and focus on cybersecurity. And make sure your business has good protocols for working from home, regular training on phishing scams, and a plan for disaster recovery in the event of a ransomware attack or other breach.