While many of us have heard about the Deep Web and Dark Web, it is essential to distinguish between the two terms as they are not interchangeable, even though they do overlap significantly.

What most people think of as the “Internet” or the world wide web is actually what is known as the Surface Web. This is the part of the Internet that is visible to search engines like Google and accessible via normal web browsers. However, the Surface Web represents only the tip of the iceberg when it comes to the internet – the majority of it is actually hidden.

The Deep Web, which includes sites accessible via normal browsers but not visible to search engines, makes up a much larger portion of the Internet. The Dark Web, which is only accessible via special web browsers, uses the same network infrastructure as the Surface and Deep Web but is completely distinct from it.

The Surface Web, Deep Web, and Dark Web are all valuable sources of threat intelligence, but many organizations limit their information-gathering efforts to the Surface Web. Expanding their reach – through the use of Dark Web monitoring tools – can be invaluable to a corporate cybersecurity and risk management program.

What is the Deep Web?

Not all of the Internet is intended for public consumption. Some web pages are designed for restricted use and are protected by registration portals, paywalls, etc. These deep web sites are not indexed by search engines, making them impossible to find via Google, Bing, etc.

Unlike the dark web, sites on the deep web can be accessed using normal web browsers like Firefox, Google Chrome, and Safari. Also, these sites are often linked to publicly accessible pages, making them findable and accessible by users with the right login credentials and willingness to pay. For example, sites like Netflix are reachable from search engines, but the videos hosted on the site are only accessible to users who have created an account and paid a subscription fee.

Deep web sites include private databases, restricted content, and other sources of in-depth information about companies and their operations. This makes these sites valuable sources of information if the content is accessible. However, the access restrictions on the deep web can make this information more complex and difficult to access.

The web Iceberg - surface web, dark web and deep web

What is the Dark Net?

Since the Dark Web is a collection of websites that are only accessible via darknets, let’s take a moment to define what darknets are. Darknets are encrypted overlay networks that sit on top of the public Internet. These include peer-to-peer and privacy-focused networks and can only be accessed using special tools like the TOR browser. These networks use the infrastructure of the Internet for communications, but access to them is restricted. Darknets are designed for anonymity and privacy, making them ideal for criminals to communicate and buy and sell illegal goods and services. Famous illegal marketplaces like the Silk Road are hosted on the Darknet. By encrypting all traffic and making it difficult to determine the source and destination of web traffic, darknets make it more difficult to identify and attribute illegal activities and communications on the Internet.

What is the Dark Web?

The Dark Web, a subset of the Deep Web, is intentionally hidden from your standard search engines, and is much more difficult to access as all its data is encrypted. Web pages on the Dark Web can only be accessed using the Tor browser, and users need to know the URL of the website to find it. Dark Web sites are designed to offer anonymity and privacy, and many marketplaces offering illegal goods and services, forums where cyberattack campaigns are discussed, and other illegal discussions are hosted on the Dark Web. This makes Dark Web sites a rich source of threat intelligence for organizations; however, the design of the Dark Web can make this information difficult to find.

History of the Dark Web

Since the Dark Web is hosted on a darknet, its history is linked to the development of encrypted and peer-to-peer networks that run on top of the Internet. The Dark Web first emerged with the creation of Freenet in the early 2000s. Freenet was designed to allow peer-to-peer, anonymous communication to protect against censorship. The Onion Router (TOR) technology used by the TOR browser and the Dark Web was created by a project funded by the US Naval Research Lab (NRL). The goal of TOR was to allow secure communication by intelligence sources in dangerous environments and has since been adopted by the general public for secure, anonymous browsing. The scale and impact of the Dark Web expanded with the development of cryptocurrencies like Bitcoin, which allow semi-anonymous financial transactions to be performed on the Internet. This made it easier to buy and sell services on the Dark Web without going through financial institutions and helped to enable the growth of ransomware, ransom Distributed Denial of Service (DDoS), and other extortion-based attacks.

Who Uses the Dark Web?

The Dark Web is designed to provide privacy and anonymity to its users by encrypting and anonymizing the traffic by using darknets. However, these features can be used for both legitimate and malicious purposes. On the positive side, the privacy and anonymity of the Dark Web are important for dissidents, journalists, whistleblowers, and freedom of speech advocates – the ability to communicate without being identified protects their safety. This is the primary reason why the US NRL developed the TOR technology used by most Dark Web visitors. However, the Dark Web is more famous for its illegal uses. Cybercriminals take advantage of the privacy and anonymity that the Dark Web provides for a variety of purposes. Dark Web marketplaces are used to buy and sell illegal goods and services. Forums hosted on the Dark Web host discussions on successful and ongoing cyberattacks, newly discovered vulnerabilities, and other details of cyberattacks. Dark Web users also use the platform to exchange tips and tools for performing different cyberattacks and fraudulent activities.

Dark Web Browser

Darknets and Dark Web sites are encrypted, peer-to-peer networks that are only accessible via certain tools. Most Dark Web users use the TOR browser, which is designed to make the Dark Web easier to navigate. TOR gets its name (The Onion Router) from the fact that all traffic is wrapped in multiple layers of encryption that are unwrapped by different people, making it impossible to learn both the source and destination of a request. The TOR browser provides improved privacy and anonymity on the public Internet and makes it possible to access .onion sites on the Dark Web.

More Useful Resources

Ever wonder what the Dark Web really is? How it got started? How it became the dangerous place it is? More importantly, what kind of threats are lurking out there, why you need to know about them and what you can do about them?
In our recently published State of the Underground Annual Report, we take a bird’s eye view on underground activity in 2020 and compare it with what we observed in 2019 and then we dared to make some predictions for 2021. Here are some highlights.
How much bad stuff actually happens on the dark web and how quickly? To answer those questions, we recently published a video showing the volume of worrisome activity that happens on the dark web in a typical minute.

See how Cybersixgill’s automated, real-time threat intelligence from deep, dark, and surface web sources provides better defense against cyberattacks.