What Security Pros Need to Understand About the Dark Web

Sue Marquette Poremba


Modernizing Authentication - What It Takes to Transform Secure Access

More than 6,000 marketplaces on the Dark Web sell ransomware toolkits for inexpensive prices. No wonder, then, that ransomware has exploded in instances and dollars paid in ransoms over the past 12 months. It’s easy to find, if you know where to look, and cheap to execute.

That’s just one example of the nefarious underbelly of the internet. Even its name sounds sinister. Media reports talk about the types of information sold on the Dark Web in the aftermath of serious cybersecurity incidents – beyond ransomware, this is where bad actors can buy credit card and financial records or get access to passwords and user logins or Social Security numbers.

However, the Dark Web has many uses, both legal and illegal. It is a key enabler of the cybercrime economy.

“It’s important for security professionals to familiarize themselves with what hackers have access to on the Dark Web to better understand what they need to defend themselves against,” said Isabelle Dumont, vice president at Lacework. “From toolkits that enable novice hackers to mount an attack to stolen credentials, everything can be acquired on the Dark Web.”

Here are some basics of what you should know about the Dark Web.

The Different Levels of the Web – Surface Web

There are different levels to the web and to understand them is necessary to understanding the underpinnings of the cyberworld’s black market. First there is the surface level, which is simply the internet that is indexed and easily found using common search engines. Or the part of the web that most of us use every day. “This is where most surfing is tracked and indexed by firms such as Google and Microsoft. Yet only around 17 percent of the entire internet is indexed and accessed by the general public,” explained John Kronick, director of cybersecurity solutions at PCM, Inc.

Deep Web

The Deep Web is the part of the internet that is not indexed; therefore, you need to know the address of the web page to access it. You can’t simply use a search engine to find a website. The vast majority of the web is Deep Web.

Dark Web

The Dark Web is interconnected within the Deep Web, however, it requires special browsers/configurations to access and the main purpose is to protect privacy and remain anonymous, explained Joseph Carson, chief security scientist at Thycotic. “The main purpose of the Dark Web is to protect privacy using a combination of routing and encryption, and of course this can be used for both legal and illegal purposes.”


A darknet is any overlay network that can be accessed only with specific software, configurations, or authorization, often using non-standard communications protocols and ports, explained Kronick. “Two typical darknet types are friend-to-friend networks and privacy networks such as Tor and Onion. The reciprocal term for an encrypted darknet is clearnet or surface web when referring to search engine indexable content.”

Connection to Silk Road

The Dark Web has been heavily associated with Silk Road, according to Carson, which was a market platform used for selling illegal drugs. This connection resulted in the large negative assumption that Dark Web is only used for illegal or criminal activities. While it is true that cybercriminals turn to the Dark Web for illegal behaviors, it is also used for secure and private communications for journalism, testing of new internet services, or simply to avoid monitoring of your internet activity.

Other Terms to Know

According to Anthony Aragues, VP of Security Research at Anomali, other important Dark Web terms to know include:

  • Crypters: tools that encrypt malware in order to bypass detection by Antivirus engines
  • Binders: tools used to trojanize a legitimate program with a malware sample
  • Rippers: actors on forums identified as ripping off and scamming other users without delivering useful services or contraband
  • Hard Candy: another term for child porn
  • Doxing: revealing someone’s name, address, phone number and other personal information
  • Full Cards: credit card info with names, number, expiration and CCV

The Insider Threat

There is a Dark Web insider threat that organizations must be aware of, said Aragues. “Any connection to or from the Dark Web within your company’s network can put you at risk, including employee use of the Dark Web on work devices or use of employee work credentials to access Dark Web services. Any data dumps that include direct mentions of your company or specific employees within underground hacker forums is a major red flag that you are at risk, and particularly if it includes a call to arms directed at you.”

What Criminals Are Doing

Some of the commodities you’ll find for sale and behaviors to monitor on the Dark Web, according to Anurag Kahol, CTO with Bitglass, include:

  • Tor traffic – organizations should be watching for traffic routed through Tor nodes, indicative of sensitive data being exfiltrated.
  • Malware and C&C hosts – same as above. Traffic hitting these destinations suggests a breach – either insiders or outsiders with access to the corporate network.
  • Credentials for sale – the Dark Web is in part a marketplace for illicit goods and activities. Credentials that provide complete access to an organization's cloud apps are often sold on the Dark Web.
  • PII – as with credentials, information on employees, customers, and clients may be sold on the Dark Web.

Best Practices to Keep Sensitive Information from the Dark Web

Christian Lees, chief information security officer with InfoArmor, shared the following best practices to keep your sensitive information from being compromised on the Dark Web:

  • Company email addresses should never be a secondary qualifying address for gmail.
  • A cloud service used for work - like Box, Azure or Dropbox - can be the employee's company email but should always have a different password than their company login.
  • Understand that threat actors are superb at “connecting the dots” on social media and other sources, for whale phishing and generalized targeted phishing purposes.
  • CISOs and HR should work together on the issue of employees' use of digital assets and company URL.
  • HR needs to get more security savvy.

Why Security Pros Need to Understand the Dark Web

“Once you understand the scope of what’s available to criminals, it’s a lot easier to rationalize how to defend an organization from cyberattacks,” said Carson. “It’s no longer about detecting malware or a suspicious file. Security teams need to stay on top of every single anomaly in their environment, from unintended misconfigurations that hackers will take advantage of (the easiest path) to inappropriate use of privileged accounts, to appropriation of resources in the cloud.”

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post
Jul 3, 2018 12:01 PM Samantha Reede Samantha Reede  says:
Really impressive article! I appreciate your efforts that you have shared about security pros which everyone need to understand on the dark web. Reply
Oct 26, 2018 8:41 AM eve hunt eve hunt  says:
"Hey there, You’ve done a great job. I will definitely digg it and personally recommend to my friends. I’m sure they’ll be benefited from this site" Reply
Oct 26, 2018 11:41 AM Ross Alisha Ross Alisha  says:
On the deep web there are also lots of legal sites, that for some reasons want to remain anonymous... well I think nothing you cannot already find on the normal web, but one can always go surfing the deep web by curiosity. At the end, everyone says that the deep web is much bigger than the "known web", so probably a lot of people are fascinated by this fact, and are more and more curious to take a look at the deep web. As one simply surfs the deep web without watching pedopornography, buying illegal things and doing other illegal things, he can satisfy his curiosity... however yes, I agree to the fact that we shoud not do anything of particular on the deep we: if someone is curious, after he has satisfied his curiosity, I think he can forget about the deep web and not go there anymore! Reply
Dec 3, 2018 8:42 AM Amit bishnoi Amit bishnoi  says:
Surfing dark web is not illegal but doing illegal things are not appreciated. Security should always be on top while surfing the dark web. Nice article. Thanks for writing. Reply
Jan 21, 2019 10:24 AM Moses Brodin Moses Brodin  says:
Interesting article. I also assumed the darknet was illegal! You suggest having a look but I have to say I'd be worried about going on it due to the seeming randomness of the addresses. I might find myself in the middle of some horrific and not least illegal activity unwittingly. Then there would be the knock on my door to arrest me for viewing child porn or something equally sinister. Reply
Feb 8, 2019 10:35 AM Victoria Tegg Victoria Tegg  says:
The exact size size of the deep web is unknown. The pages exist in database and therefore couldnt be indexed by search engines. But i think the value that holds within it is a lot more important than its size. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.