What is the Dark Web? What Happens There?
As the biggest global system that holds information about everything (and almost everyone), the internet comes in layers: visible, deep, and dark. And some layers have exponentially more data than others.
The internet has become more complex by the day, but it’s also intimidating. With so much we don’t know and cannot control, it’s normal to feel anxious, especially when we run into news and reports about the Dark Web. We instinctively associate this ominous name with something threatening.
But while some choose to talk about the Dark Web in cryptic terms to stimulate fear, this guide will demystify it with straightforward answers about the Dark Web, what happens there, and how it affects your digital security.
What is the Surface Web?
The internet runs far deeper and wider than any of us can imagine. Case in point, the “surface web” — which we know as the World Wide Web — is a mere 10% of the entire web based on estimates.
So the nearly two billion public websites you can access through search engines — from Wikipedia to public sector websites and news sites — are just the tip of the iceberg. While that number keeps changing every second, most web pages on the internet remain hidden from the average, every day user.
Why? Because not all the information we can access online belongs in the public domain.
So if we see just 10% of what’s actually on the internet, where is the rest of it?
Dark Web vs. Deep Web: What's the Difference?
Most of the digital content in the world is not accessible via web search engines.
This colossal amount of information exists on the Deep Web (or “hidden web”), where almost all online activities take place.
You actually use the Deep Web as part of your daily routine. Every time you log into your email account, check out your online banking details, or use social media, you’re on the Deep Web.
The Deep Web hosts information that usually requires a username and a password to access, mainly for security and privacy-related reasons.
Some entities of the Deep Web include:
- Social media apps
- Online banking
- Paywall-protected content
Many of the activities on the Deep Web involve personally identifiable information, such as medical and legal documents, financial records, academic research, intellectual property, confidential commercial data, and more.
While you may not be using the term Deep Web daily — or ever — it’s part of your life more than you realize.
Still, this is not the same as the Dark Web, a term you’ve likely seen around. The Dark Web is yet another fraction of the internet that’s not equivalent to the Deep Web. Let’s look at the reasons behind its negative reputation.
Why Does the Dark Web Exist?
While no one can pinpoint the origins of the Dark Web, it’s now referenced in mainstream conversations about tech and digital security as the seedy source of many security issues.
Essentially, the Dark Web uses a cluster of nodes and networks called “darknets.” These include – but aren’t limited to – peer-to-peer networks small and big, including Tor and Freenet, which organizations and individuals operate and use.
Those who want to browse and use the Dark Web need to use specialized software, such as the Tor browser. Because it’s such a big part of internet activity, it’s worth noting how Tor works and why it exists.
What is the Tor Browser?
Developed in the mid-1990s to keep U.S. intelligence communications from prying eyes, the Tor Project is the preferred method to access Dark Web content.
The Onion Router (hence the Tor acronym) uses three layers of encryption and a specific internet traffic routing mechanism to ensure robust anonymity. It combines strong layers of encryption with the ability to randomly bounce internet traffic through the Tor network of relays.
This high barrier entry to the Dark Web exists to protect users’ identities, online activities and location, and maintain their anonymity. By using the Tor browser, internet users can access the Dark Web to communicate and share data in confidence, without the risk that this can be traced back to their real identities. Most users on the Dark Web are logged into a Virtual Private Network (VPN) to further conceal themselves.
Some use the Tor Project and Freenet as synonyms for the Dark Web, but that’s incorrect. The Tor network and other networks that use similar routing emerged from the need to protect online communications, not to support criminal actions.
The people who need the Dark Web so they can keep doing their dangerous – but not necessarily illegal – work are:
- Dissidents of oppressive regimes
- Journalists who must protect their sources
- Law enforcement
- Intelligence agencies
As you’d expect, misguided individuals or those with clear criminal intent have found a way to use this level of anonymity to cover up their illicit activities and – up to a point – evade law enforcement.
Why is the Dark Web So Dangerous? What Can I Find There?
Cybercriminals and other malicious actors rely heavily on the capabilities of the Dark Web in various unlawful ways. The hotspots for illegal activity on the Dark Web are marketplaces and forums where bad actors transact illegal products and services, which fuel the underground economy.
Some of the illicit products lawbreakers and scammers sell and buy on these black markets include stolen and counterfeit data which comes in many varieties:
- Personal data. (Also called PII, personally identifiable information) which includes full names, home addresses, phone numbers, birth dates, Social Security numbers, hacked email addresses and many more details that can pinpoint you as an individual.
- Financial data. Stolen credit card details, online banking usernames and passwords, credentials for cryptocurrency accounts, banking and insurance records, and much more.
- Online account login data. Typically comprised of username-password combinations, which provide access to accounts ranging from social media to ride sharing and video streaming services to paid professional services — including genetic testing and even antivirus products.
- Medical data. (Also called PHI, personal health information) which covers your medical history, prescriptions, biometric data (including your fingerprints and images of your face), test results, billing information from medical facilities, and other sensitive details. This can lead to medical identity theft or even fingerprint identity theft.
- Confidential corporate data. Includes classified information such as intellectual property, patents, competitive intelligence, and other operational details.
- Forged data. Most notably fake passports, stolen driver’s licenses and IDs, bank drafts and more.
Besides personal information yielded from data breaches and various other types of cyber attacks and online scams, these black markets also offer illegal drugs, access to emerging cyber threats and viruses, and even hitmen for hire.
The most notorious of all Dark Web marketplaces was Silk Road which, at its peak, catered to over 100,000 buyers. Founded by Ross Ulbricht in 2011, the website became the most popular black market, especially for narcotics traffickers. The FBI shut down Silk Road in 2013, but version 2.0 came briefly back online before law enforcement took it down for good.
Ross Ulbricht received two sentences of life in prison, along with three other convictions, and the U.S. government seized over $1 billion worth of bitcoin throughout the entire takedown operation and the decade following it.
In addition to the possibility of making big money on these Dark Web marketplaces, people seek the Dark Web for other reasons as well. This part of the internet also hosts vast amounts of child pornography, with some websites reaching tens or hundreds of thousands of users.
As a hub for criminal activity, the Dark Web offers more than just “products” to anyone willing to buy and consume. It also offers services that enable cybercriminals to launch attacks with little technical knowledge or experience.
What Types of Services Can Cybercriminals Access on the Dark Web?
While personal information may seem invaluable to you, cybercriminals trade personal information for a mere few dollars on the black markets that exist on the Dark Web.
Details for credit cards carrying a balance up to $1,000 cost $150 on average, while stolen online banking login details (for an account with a balance of at least $100) go for just $40.
A hacked Uber rider account goes for just $4, and a Netflix account with a paid one-year subscription is worth $44. More out-of-reach commodities such as a French passport can cost up to $4,000.
Marketplaces on the Dark Web even feature rating and review systems, so potential buyers can identify “trustworthy” sellers. With all these features, and the appeal of cybercrime riches, it’s no wonder these black markets are experiencing a huge rise in supply, according to the Dark Web Price Index.
Besides selling personal data and compromised accounts, cybercriminals also trade and sell the elements for needed to launch cyber attacks, espionage, and other malicious activities on the Dark Web:
- Off-the-shelf software exploits (exploit kits) – toolkits that cybercriminals use to attack vulnerabilities in systems so they can then distribute malware.
- Ready-to-use malicious software (malware) – ransomware, information stealers, keyloggers (to record every key pressed on a device), spyware, adware, rookits (notoriously difficult to spot and stop), Trojans and worms (with self-replicating capabilities).
- Malware-as-a-service – a subscription-based model that rents the software and hardware cybercriminals need to carry out attacks, complete with malicious software, a distribution network, a range of targets and even technical support, and a personal dashboard to manage the project.
- Software vulnerabilities - unknown to the software maker (called zero-days). Cybercriminals can use this to infiltrate organizations without being spotted.
- Access to networks of compromised devices (botnets) - which supply the computing resources malicious hackers need to carry out their attacks.
- Distributed denial of service (DDoS) - offerings which pool the power of extensive botnets to flood victims’ systems with so much traffic that it takes them offline along with the services they supply.
- Cybercriminal training - via tutorials, guides, and other types of content that support the upskilling of bad actors in various roles.
- Money laundering (money muling) - enables scammers to move around the money that they steal, extort, or otherwise take from their victims — and turn it into clean, untraceable cash.
Because this offering is so extensive and affordable, it has significantly lowered the barrier to entry. Even more of a threat, hackers looking to make a lot of money and profit off people and companies around the world have found a way to do it – fast and at scale.
The Dark Web and cryptocurrencies’ abilities to provide comprehensive confidentiality created an environment conducive to crime of all sorts.
Unfortunately, chances are that at least some of your data is already in a private data leak somewhere on the Dark Web, hidden in one of the illegal websites, forums, blogs, and data repositories that live in that hidden “corner” of the internet.
How Do Cybercriminals Turn Their Dark Web Activities Into Cash?
- Using stolen personal data for all types of financial fraud and identity theft.
- Using stolen confidential information to extort companies and individuals, even threatening to leak it on the Dark Web.
- Using financial information to make unauthorized payments for goods and services, drain bank accounts of cash, take loans in victims’ names, and derive other monetary benefits illegally.
- Use username-password combinations in automated, untargeted attacks (“spray and pray”) to gain access to even more accounts, steal even more data, and then sell it for a profit on the Dark Web.
- Infect devices with malicious software to either harvest additional data, use it in subsequent attacks, or extort victims for money – which is what ransomware does.
- Disrupt organizations’ activities so their value depreciates, their reputation takes a hit, and they risk costly long-term damage.
- Defraud organizations through business email compromise scams, by stealing intellectual property and selling it to competitors, or by holding their systems hostage until they pay a hefty ransom.
Specialized criminal groups are thriving since it’s easier than ever to combine stolen data with compromised infrastructure and malware. This means even less-skilled malicious hackers can launch cyber attacks and start a lucrative illegal business.
Lots of criminal activity happens on the Dark Web because it offers the anonymity that enables hackers and scammers to go undetected – but only up to a certain point.
Is the Dark Web Illegal?
Despite its menacing name, the Dark Web is not illegal per se, nor is it unlawful to access it. However, the undeniable fact is that most of the activities that happen on the Dark Web are related to criminal actions.
What Are Some Dangers of the Dark Web?
- You risk your freedom and could face severe legal consequences - If you are caught buying an unauthorized firearm or illegal drugs, or end up on a child pornography website while browsing the Dark Web, you could face steep legal action.
- No security provisions - This part of the internet doesn’t include security provisions like the ones you’re used to on the World Wide Web, such as built-in protection against malicious websites in your web browser. For example, both Chrome and Firefox warn you about dangerous websites that steal your data in phishing attacks. This doesn't happen on the Tor browser.
- Risk of device infection - Unless you're protected by a unique cybersecurity setup, going on the Dark Web means you'll risk infecting your devices with malware, ransomware, and trojan horse viruses.
- Financial Scams - Given the illicit nature of conversations and interactions on the Dark Web, you can even get caught in a scam or become an accomplice and risk prosecution without even realizing it.
To picture the loss that cybercrime is inflicting on its victims, let’s look at a few key numbers.
Reported cybercrime damages added up to $4.2 billion dollars in 2020 alone. Since only a fraction of cyberattacks and incidents actually get reported, the harm is much more extensive.
To stifle the source of these problems, law enforcement is constantly monitoring the Dark Web and organizing takedown operations to dismantle criminal organizations that have built illegal businesses under the cover of anonymity.
For example, in January 2021, Europol announced it had taken down DarkMarket, “the world's largest illegal marketplace on the dark web.” Boasting half a million users, over 2,400 sellers and over 320,000 transactions reaching more than 140 million euros, this marketplace was one of the most active on the Dark Web in recent times.
In October 2021, law enforcers in nine countries carried out Operation Dark HunTOR, in which Europol simultaneously arrested 150 alleged suspects in Europe and the US.
“More than €26.7 million (USD 31 million) in cash and virtual currencies have been seized in this operation, as well as 234 kg of drugs and 45 firearms. The seized drugs includes 152 kg of amphetamine, 27 kg of opioids and over 25,000 ecstasy pills.”
Europol’s Deputy Executive Director of Operations, Jean-Philippe Lecouffe, took this opportunity to remind criminals that “the law enforcement community has the means and global partnerships to unmask them and hold them accountable for their illegal activities, even in areas of the Dark Web.”
Some of the most despicable examples of cyber attacks that originate from Dark Web transactions include:
- Putting patients’ lives at risk when hospitals get infected with ransomware.
- Causing school closures that affect children, teachers, and their families.
- Blocking access to local government resources, which often affects vulnerable people.
- Provoking gas and water shortages, which directly affect the quality of life for many.
- Disrupting transportation systems and other consequences that threaten people’s safety and health, including your own.
Can My Personal Information Be Found on the Dark Web?
You may be wondering if your personal information exists on the Dark Web. The reality is that you won’t realize how extensive your personal data exposure is until you look at the hard data.
That’s why people who try Aura's Dark Web Scanner are shocked to see how much of their sensitive information is exposed just by running a scan of their email address.
For example, when you run a free check with Aura's Identity Guard Dark Web Scanner, we specifically assess your risk of identity theft, account hijacking, home title (i.e., deed fraud) and credit theft, spam and robocalls, and also how likely it is that data brokers might sell your personal information.
It’s unnerving to realize that other people treat your private information as a commodity. It can even be infuriating to see that information brokers’ activities aren’t even illegal because they claim to be using information that already exists in the public domain.
If it’s legal for them to sell your data in plain sight, imagine what cybercriminals are doing on the Dark Web with stolen personal information and their complete disregard for laws or regulations.
That's why family identity theft protection and financial fraud protection are key security layers needed to keep your life safe and secure.
Once your personal information is stolen and leaked through data breaches, it becomes scattered across the web, becoming impossible to delete that information from the internet. However, you can get alerts when unauthorized activity surfaces on your credit report, or whenever your details appear on Dark Web sites, data brokers’ lists, or even in public records.
Can My Personal Information Be Sold on the Dark Web?
It’s not wrong to assume that your personal information is on the Dark Web. If your personal details can be found on web search engines, then they’re most likely available on the Dark Web, too.
To recap, there are three ways your personal details end up on the internet, be it on the visible World Wide Web, part of the Deep Web, or on the Dark Web:
- Through your passive digital footprint (metadata). The data you inadvertently leave online when you use the internet. This includes your IP address (which also reveals your physical location), what kind of device you have, the websites you visit (browsing history), the type of web browser and search engines you’re using (Chrome, Firefox, etc.) and lots more details.
- Through your active digital footprint. This represents the information you willingly post online — from pictures to posts to videos, articles, and other details you disclose when you make purchases online (home address, phone numbers, etc.) and when you interact with service providers, friends, and a host of other entities.
- Through information other entities disclose about you. This includes governmental organizations, companies that offer credit reports, and data brokers that harvest and compile data about you so that they can sell a consolidated profile to companies that want to target you with ads.
Can My Identity Be Stolen on the Dark Web?
Starting from your email address, a persistent malicious hacker or scammer can scrape numerous details that can be used for financial fraud, identity theft, and many more types of cyber attacks.
To find out if your information is leaked on the Dark Web – you can rely on Aura’s Identity Theft Protection service.
Aura extensively monitors your personal information, bank accounts, passport and driver's license IDs, and other sensitive data that can be found on the internet including on Dark Web sites.
And if you have no idea what to do if your identity is stolen, Aura has your back.
With Aura, you'll receive instant notifications if someone opens a new bank account using your name, if unauthorized activities appear on your credit report, or if any of your sensitive data is compromised in the event of a data breach. Any of these scenarios are a crystal clear warning sign of identity theft.
What Do I Do if My Personal Information is Found on the Dark Web?
If you've confirmed that your personal information is leaked on the Dark Web, that means you’re facing an elevated risk of identity theft and financial fraud, so you need to act fast in order to minimize the risks.
That's why many people today prefer an identity theft protection service that's combined with a financial and credit fraud protection solution. It’s much more effective to catch early signs of fraud when you find out about new inquiries on your credit file, like new credit cards or bank loans, in near–real time.
For example, with Aura, you'll have access to a Fraud Resolution team with 24/7/365 customer support to guide you through a critical situation in which you feel exposed, uncertain, and afraid.
Can My Personal Information Be Removed From the Dark Web?
There is no reliable method of removing your sensitive data from the Dark Web. Once it’s out there, you cannot reverse the process. That’s why the defense is the best offense, so it's worthwhile to be leveraging a service that monitors your personal data for you.
If you get an alert that Aura has discovered your data on Dark Web sites, the most effective action you can take is to contact Aura Customer Support. Our team works with you to create a remediation plan that helps you secure your credit cards, bank accounts, and IDs to prevent identity theft or fraud.
Following that step, you should change your usernames and passwords immediately.
Take Action Against Identity Theft
You don’t have to become a cybersecurity expert to understand the mechanics of the Dark Web.
Now, you can also explain to others how their shared Netflix password exposes them to fraud, or why the Dark Web is not just for criminals but also for dissidents and other people fighting for legitimate ideals.