What is the dark web?
We shine a light on the often unsavoury corners of the World Wide Web
There's an area of the internet that isn’t normally visible to everyday users and isn't readily accessible using conventional methods of search. This hidden layer, commonly known as the dark web, is just as ominous as its branding suggests, and can only be reached using a virtual private network (VPN) or a specific web browser such as The Onion Router (Tor).
Although there are a number of ordinary services on the dark web that rely on the additional anonymity and privacy that the dark web provides, there are many others that use this for nefarious purposes. The dark web has become synonymous with illegal activity, a place where criminal marketplaces can operate without fear of interception by law enforcement agencies. As such, services that would otherwise be classed as illegal on the internet, such as the sale of drugs, weapons, and hacked personal data, or managed services that specialise in ransomware, are able to thrive.
This element of the internet is also part of the deep web, which is known as parts of the internet that aren’t indexed by search engines for many different reasons – ranging from supporting online banking mechanisms to protecting criminal activity. Considering this, these portions of the internet can only be accessed through using a direct URL or specific IP address.
Given the link between the two, the terms 'dark web' and 'deep web' are often used interchangeably, although they refer to distinct concepts. The deep web, broadly speaking, covers every non-indexed portion of the internet, including those areas that are entirely legal, such as government databases and academic research.
How does the dark web work?
Because search engines such as Google and Bing don’t index contents of the dark web, users must instead download a specialist browser like Tor.
Well-known for its high level of anonymity, Tor leverages dozens of proxies to route user data. In the process, it conceals the user’s internet protocol (IP) address so third parties can’t track their activities. This makes it an attractive tool for people looking to commit crimes and evade justice.
Richard Hughes, head of technical cyber at cyber security consultancy A&O IT Group, explains that users who take the Tor dark web route must first download software that uses the Tor network for routing traffic. Typically, this will be the Tor Browser.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Hughes explains that users will have access to a proxy to receive, encrypt, and transfer connections to a Tor network relay node as part of the installation process. Traffic will travel through three nodes before reaching its destination, and very little information will be shared with each node.
“None of the relay nodes have the full detail of the path the traffic takes from the source device to the destination. Each relay node only has visibility of the device before it and the device it forwards to,” he says.
“For this reason, only the exit relay node knows the destination of the traffic and the destination does not know from where the traffic originated. The three relay nodes are also changed regularly adding another layer of complexity for anybody attempting to trace traffic.”
How do I access the dark web?
If you really want to access some of the murkier parts of the web, you'll need a specialist browser. The most common dark web-accessing software is Tor, which not only encrypts a user's traffic but also passes their machine's IP address through a layer of Tor nodes referred to as 'onion layers'.
These layers are proxy servers operated by thousands of volunteers across the globe and make identifying a user's IP address and tracking them across the dark web pretty much impossible.
Such routing means using Tor isn't exactly a speedy way to surf websites, and you'll need to know the site you want to go to rather than search for it, but it's secure and opens up a host of sites that would normally be hidden from view.
Alternative networks such as the 12P and Freenet also exist, but Tor is the most widely used.
What do sites on the dark web contain?
Pretty much anything their operators want. As the dark web is out of sight from law enforcement and ISPs, a lot of illegal activity goes on there, from buying guns and drugs to facilitating terror plots or ordering assassinations.
The dark web is essentially the murky underbelly of the web, but it also provides a place where whistleblowers can more securely talk to journalists without being snooped on by oppressive regimes or corrupt organisations.
It can also be a font of hard-to-find information not posted on mainstream websites or can act as a way for legitimate sites to offer their services with an extra degree of privacy. Facebook, for example, offers a dark web portal to its social network.
How criminals make use of the dark web
The dark web is best described as the criminal underworld in virtual form and has a wide variety of nefarious use cases.
Cyber criminals, in particular, use the dark web to profit from their hacks and breaches by selling stolen data to the highest bidder. For example, a hacker group that launched a ransomware attack on NHS Dumfries and Galloway published sensitive information about staff and patients on the dark web.
In another incident of this kind, following the high-profile Santander and Ticketmaster breaches that stemmed from insecure Snowflake instances, it was reported that hackers had listed hundreds of Snowflake credentials on a dark web forum.
Not even governments, which presumably would take robust cyber security measures, are safe from the dark web. There have been recent warnings of stolen data belonging to UK Members of Parliament ending up on the dark web, and in the US, documents about Pentagon contractors were also discovered.
Cyber criminals also use this part of the web to sell their services to others. In July, Kaspersky warned that hackers were selling botnets — a network of breached devices for conducting distributed denial-of-service attacks, spying on victims, and more — for $99 on dark web forums and Telegram channels.
David Emm, principal security researcher at Kaspersky, estimates that “hundreds of deals” happen on the dark web daily. As well as selling stolen data and illegal services, he explains that cyber gangs are using the dark web to recruit hackers to their fold and to offer access to company networks.
“One particular growing trend is the sale of pre-existing access to company networks, streamlining efforts for attackers, with more than 6,000 dark web messages advertising such offers between January 2022 and November 2023 according to Kaspersky data," Emm explains to ITPro.
But it’s not just hackers who benefit from the dark web. Criminal gangs use it to sell drugs, weapons, counterfeit money, and all sorts of illegal products.
Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, the Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan. You can follow Nicholas on Twitter.