Since today is Halloween I wanted to find a "spooky" topic to discuss, and what better than this scary thing we are hearing more and more about, the Dark Web" The problem is that I HATE the term “Dark Web” how many people use it, especially places like the media, advertising, marketing and the like. There is a reason you will see many times here at LogicCloud IT use will use quotes or air quotes when we are referencing it, and the goal is that after reading this you will understand why. Knowledge is power, and as an IT person I feel it is my duty to inform and protect. So I am going to help shed a little light and information on this whole "Dark Web" thing to make it a little less scary.
So why use the term “Dark Web” then if I have a hatred for it? Well, sadly we have to since that is what people are getting fed by media, advertising, marketing and others who have spread so much FUD (fear, uncertainty and doubt for those of you not in the know) around this whole “Dark Web” thing that it is the pretty much the only name that comes to many people's mind when someone starts talking about identity theft, stolen credentials and the like. I mean, you are here aren’t you? If a search brought you here I’ll bet it likely included the words Dark Web in it. So unfortunately we are kind of stuck with it if we want to get the word out about something like breached credentials and the like.
There is this great article on Lexology that I love to reference when people ask about the “Dark Web” since it does a nice job exploring at a very high level what it is, what kinds of information is available for purchase there and how it impacts small businesses. The problem is that it does miss some very important points that need to be said. In light of that, I thought it would be good to use that as a template (cough, copy and paste, cough) so I could extrapolate on some of the points and help shine a little light on several things concerning the “Dark Web”. I mean, why build a whole new house when the current structure is the same, new and solid? Right? Also this way it is one less site you have to sign up for and get 75 marketing emails a week.
What is the Dark Web?
The REAL Dark Web (notice no quotes), is the part of the internet which is not accessible through traditional search engines or browsers and is often associated with a place used for illegal criminal activity, and a bunch of other really, REALLY messed up stuff (more on that below). While cybercriminals do tend to use the Dark Web as a place to buy and sell stolen information, there are also many sites within it that do not engage in criminal, immoral or degrading activity at all and can be very interesting and entertaining. For many, the most appealing aspect of the Dark Web is actually its ability for anonymity. Many times this anonymity is so they can feel much freer to express how they really think about things, especially in countries that aren’t as freedom of speech as here in the good ole USA.
Why the quotes for “Dark Web” then?
I’m glad you asked. To keep it short so we can dive deeper into other things, when many in the media, advertising, marketing and other sectors reference the “Dark Web” (yep, quotes are back) they aren't referring to the actual Dark Web only, but they are also including in the Deep Web and the entire internet in general, to encompass literally anywhere that stolen data might sit into a single term that has a nice ominous ring to it. Reference the pretty photo above that someone made and I sto…borrowed for this post. The reality is that most compromised data is actually freely available or for purchase outside of just the actual Dark Web, you just have to know where to look. In fact many have begun to show that there is more data available on the regular interwebs that the actual Dark Web.
What is available on the Dark Web?
Literally anything. Stolen things like email credentials, credit cards or card numbers, account information from financial institutions, forged real-estate documents, compromised medical records, social security numbers, drivers’ licenses, birth certificates, and even entire “wallets” of compromised information on one person are super common and easy to find for free or just a few dollars. Those are just some of the non-disturbing things you can find, there are lots of very disturbing things that can be found too. What kinds of things? Well let’s just say people is just one example of some of the dark things that can be stumbled upon; yes, literally... Human trafficking on the Dark Web and the regular internet is sadly a very real thing. A lot of white hats and just techies that know where and how to look and interact have helped in various ways to help people both as lone individuals or entire organized groups; some remaining anonymous, some public, and everything in-between. What else? Well let’s just keep it at a blanket g-rated statement of, what you think is a zip file full of password text files and Shoulder Surfing photos and videos can many times have some not-so-fun “random” things thrown in since someone thought it would be funny. Believe me, most of us techs who venture into uncharted depths of the Dark Web or vast corners of the internet (more on that in the next section) for good reasons, such as alerting clients when we find their email and passwords so they can take extra action, have downloaded or seen some things that can't be un-seen. Cybercriminals aren’t always the best with naming schemes, for a reason, QW1231PT43Pa$.zip could literally be anything and posted right out in the open on an un-indexed cloud file sharing system on the plain ole internet or burred deep in the dark web and all you have to go by is chatter, at best, as to what it might be. What can I say… Cybercriminals … Nuff said?
What is available on the Non-Dark Web?
You would think the regular internet that your friends, parents or grandparents are using is cleaner, but it isn't. Sadly, the exact same things are available, just not as blatantly out in the open and harder to find if you don't know where to look, and yes that also includes all kinds of the same stuff from the dark web that you don’t want to look at or know about. All these unmentionables on both webs are just one of the many reasons anyone who is purposely navigating these dark corners of both webs and downloading random files that have a lot of chatter use things like virtual machines and separate old phones, computers, hard drives, and other technology that isn't our everyday use item. Just from a non-security reasoning standpoint, if you've ever had to reformat your phone or gotten a new PC you had to setup from scratch you know how much of a pain it is; now imagine having to do that a couple times a month or more because of getting it infected with ransomware, botnets, down-loaders, worms, viruses and the like. All I can say is that if you ever meet an actual full time white hat, tell them thank you, buy them a drink... they likely need it. I know I do, and I am just someone who dabbles in data gathering when I have some spare time, for now. But I digress, moving along.
There is a lot of fear around the dark web, and rightfully so. The problem is that the dark web itself isn’t a thing to get yourself in a panic about. It can be a very useful tool, especially to those in countries that have restricted speech, or whole country firewalls implemented by the government blocking access to many things in the free world. It allows people to use it as part of a tool-set to for remaining anonymous and because of how it is routed, bypass many government firewalls to get access to information their government has censored. What should bring some panic is what some people are choosing to use it for because of its good uses. Just like many things here in America, we don’t have a system problem with the Dark Web, we have a people problem. This is even more evident because almost all the same things can be found right on the regular internet as well.
On the same token, I am not advocating that your grandparents, parents, or even yourself go download a browser that can be used to access the Dark Web and start surfing away all willy-nilly either. An analogy that I like to give people is that of you visiting a city in a country that you’ve never been to and don’t know the language. What I mean by that is that in itself, there is absolutely nothing wrong with it or going there so long as you have a guide who can help you get familiar with the city, or you have done a lot of research on where to go, where not to go, what you should be on the lookout for and what to bring with you. Without the right information you could easily wonder into the “bad part” of town and if you don’t know how to get around and handle yourself there are many people you run into that would take advantage of that, sometimes just because you are there.
I hope this has helped to shine a little bit of light on this whole “Dark Web” thing for you and gave you some valuable information so that the next time someone tries to sell you a "Dark Web" tool or protection, you can at least have an informed discussion to make sure you know if it is just the Dark Web it applies to, or if it is for dark data found anywhere on the interwebs. I like that term, dark data; just thought of it now; so if I am the first to use it, you heard it here first folks, lets make it a new buzzword!