You could be forgiven for thinking the Dark Web is some kind of kids’ fantasy trilogy, but despite the undeniably romanticised name, the Dark Web is very real, and – in part, at least – very sinister.
But it also has the potential to act as an early warning system to alert you to the theft of your credentials – passwords, email addresses, and so forth – before they get sold and used to compromise you or your business.
Here’s what you need to know.
Dark? Deep? Net? Web? Let’s throw some light on the subject…
The Dark Web, like everything shadowy, invites misunderstanding, and so it’s often confused with other concepts like the Deep Web, or darknet networks, or indeed used as a synonym for them.
But Wikipedia’s definition of the Dark Web is pretty clear:
“The dark web is the World Wide Web content that exists on darknets…that use the Internet but require specific software, configurations, or authorization to access. The dark web forms a small part of the deep web, the part of the Web not indexed by web search engines…”
So, the Dark Web is on the Web, but unlike most other Web resources it’s on the Deep Web, meaning you can’t search freely for it, and you can’t go freely to it.
Now, if you’re smelling a rat already, hold your horses. Plenty of content hosted on the Web is not fully searchable or accessible – company extranets, internal project microsites, closed groups on social media – so surely the Dark Web could just be an alternative way of legitimately hosting this kind of content?
Faceless, traceless, anonymous: the Dark Web’s secrets
But there’s a crucial difference.
Conventional Web content – even if it’s not fully searchable or accessible – still enables its users and originators to be identifiable in some way (through profile information, domain name ownership, IP addresses and so forth).
The Dark Web, on the other hand, is built on a platform that was conceived from the ground up to anonymise both the hosting of websites (through a service called I2P) and the identity and location of users (through a browser and network called Tor).
The Dark Web’s networks are heavily encrypted and routed through a large number of intermediate servers, creating dense layers of scrambled data that are pretty much impossible to peel away one by one and decrypt. (For this reason, “Tor” stands for “The Onion Routing”!)
No IP address data, no geolocation data, no personally identifying information – it’s the perfect environment in which to host websites, chat with people and exchange files, utterly anonymously.
And in fairness, much of it is innocuous, anyone can access it (there are plenty of web pages that tell you how), and the Dark Web reportedly accounts for only about 3% of Tor’s use. Facebook has even built a Dark Web version of its service that attracts over a million visitors per day!
But it was never going to be very long before such deep-rooted anonymity was subverted. According to a 2016 study from researchers at King’s College London, criminal activity forms the majority of the content that Tor accesses on the Dark Web – including drugs, weapons, illicit finance, illegal pornography, fraud, hacking, phishing and more.
Had your identity stolen? Password been compromised? Email address gone somewhere it shouldn’t?
They’ll all be for sale in a market on the Dark Web – and often for the equivalent of just a few pounds, as the neat (but scary) personal information calculator on this site shows!
So, the Dark Web’s selling our data and we can’t do a damned thing about it?
Not quite. We’re fighting back.
Think of the only pub in a deprived area that is blighted by criminality. You wouldn’t go there by choice, and you wouldn’t associate with many of the people who do. You’d probably want it shut down.
But the local police? They love that pub. Why? Because it brings together all the miscreants, and all their chatter, in one place. All it takes is a few carefully placed listeners to turn a bastion of lawlessness into advance warning of the next heist.
And so it is with the Dark Web – it has become an unexpected weapon in the fight against stolen credentials and data. This is because technology is now available from IT partners that can proactively compare what’s on the Dark Web with your business’s store of credentials and other sensitive data, and immediately alert you to a match, so that you can take action to limit the risk.
That murky old Dark Web just got a lot more transparent!