Numerous data leaks appeared on the dark web in the second quarter of 2020. At the end of May, for instance, Cyble found a government database containing the personal information of more than 20 million Taiwanese citizens for sale on an underground web marketplace. That was less than two weeks before The Economic Times reported on a dark web data leak involving BEML, an Indian public sector undertaking.
These incidents paint the dark web as a dangerous place where malicious actors traffic in other people’s personal information. But is that all there is? Are there other security risks concerning the dark web? And can a person have a legitimate cause for visiting the dark web?
This post will endeavor to explore those questions and more. But it’s important to start off slow. It will therefore start off with a definition.
What Is the Dark Web?
CSO Online notes that the dark web constitutes a subset of what’s called the “deep web.” This area of the Internet consists of anything that Google and other search engines have not previously indexed. Content on the deep web, which is estimated to comprise as much as 99% of the Internet, is therefore not accessible via these familiar “surface web” search engines.
The dark web is therefore the part of the deep web that is intentionally hidden for the sake of privacy. It’s not very large in size. According to CSO Online, “most estimates put it at around 5% of the total internet.” Meanwhile, threat intelligence provider Recorded Future found that dark websites available via The Onion Router (TOR) Project accounted for just 0.005% of the entire World Wide web.
What Is the Dark Web Useful for?
The dark web is useful for anything that requires greater privacy than that which is available when using the surface web. That’s not to say the surface web itself doesn’t offer sufficient privacy to users. More commonly, it’s a question of to what extent governments and law enforcement authorities leverage the surface web in an attempt to crack down on “threats.”
Some of these threats pose a larger danger to society. Take the data leaks cited above. Those types of security incidents threaten the digital and financial security of millions of people. This consequence is especially concerning when government agencies are the ones victimized, as these entities might store numerous categories of information for each individual. It therefore makes sense that malicious actors would seek to monetize such data on the dark web away from the prying eyes of normal users and government bodies.
Data leaks aren’t the only type of malicious activity in which nefarious individuals seek to engage on the dark web, either. Malware authors can leverage the privacy afforded by the dark web to offer various types of attack tools for sale. These capabilities include phishing kits, Ransomware-as-a-Service (RaaS) platforms, remote access trojans, exploits, botnets and other emerging threats. Users might also abuse the dark web for drugs, child pornography, counterfeit goods and/or sex trafficking.
That said, not everything on the dark web is illegal. The International Monetary Fund (IMF) makes this point in an F&D article:
For individuals living under oppressive regimes that block large parts of the internet or punish political dissent, the dark web is a lifeline that provides access to information and protection from persecution. In freer societies, it can be a critical whistle-blowing and communication tool that shields people from retribution or judgment in the workplace or community.
Indeed, the IMF explained that many organizations such as The New York Times and the Central Intelligence Agency maintain a website on the TOR Network. These websites enable individuals to share sensitive information without necessarily revealing their identities. In that sense, individuals can elect to become sources by their own volition.
How to Access the Dark Web
Given the threats described above, ordinary users should think twice before visiting the dark web. They should also never consider accessing it unless they have a specific purpose in mind. By entering the dark web for curiosity’s sake, for instance, users could needlessly expose themselves to array of digital threats.
That being said, users can take certain precautions to ensure that their visit to the dark web goes as smoothly as possible. These safeguards include the following:
- Don’t Think that TOR Alone Will Protect You: The TOR browser enables a user to navigate the dark web. But the software offers only so much protection. In accordance with the recommendations of Digital Trends, users should therefore consider installing Tails to conceal their IP address as well as leveraging a VPN for additional protection.
- Take the Necessary Precautions Beforehand: Before they open the TOR browser, a user should make sure that their computers are as safe as possible. They can do this by upgrading their computers’ OS to the latest version. They should also close any and all applications that aren’t essential to their visit to the dark web as well as disable the webcam and microphone functions.
- Don’t Immediately Jump Back into the Surface Web: When they’re done visiting, users should shut down their computer. They should then carefully observe their computers’ behavior upon startup and scan their computers for malware. Only if no strange activity is evident should users consider enabling their computer’s normal functions and opening their apps.