The dark web is the underworld of the internet. A place where criminality thrives and anything is available—for a price.
Nobody knows for sure how large the dark web is. The best estimates suggest dark web markets handle around $1.7 billion annually. Data accounts for a huge chunk of that activity.
Dark websites buy and sell every type of personal data, from credit card numbers to voter registrations. Criminals use that data to profile targets and make cyber attacks more deadly.
That's why understanding the dark web is a cybersecurity must. Companies and private users need protection against data theft and know how to respond if their data is compromised.
This blog will explore the darkest corners of the web. We will examine the dark web and how it differs from the deep web. We will also provide tips for protecting your data from dark web sellers.
Key takeaways
The dark web includes web content that search engines cannot access and users cannot reach with standard browsers.
Dark web content differs from the surface web, which is accessible via Google and browsers. The deep web is not indexed by search engines but can be accessed by browsers. The dark web is inaccessible without a Tor browser.
The dark web initially sought to evade censorship and ensure privacy. However, it later became linked to criminality as anonymous marketplaces and cryptocurrencies emerged. Law enforcement bodies routinely close markets, but buying and selling continues.
Goods available on the dark web often include narcotics, counterfeit medications, weapons, and stolen data. Users can purchase almost any illegal items via anonymous payment methods. Many customers are cybercriminals, intent on leveraging personal data to access bank accounts or company networks.
Safeguard data to keep it away from dark web sellers. Security measures include using VPNs, applying strong password policies, and controlling network access. Businesses should use dark web monitoring to detect potential data breaches early and mitigate the risk.
Dark web definition
The dark web refers to encrypted internet sites that are not indexed by traditional search engines. Users can only access dark web content with the Tor browser.
This browser anonymizes a user's identity and traffic by encrypting and "bouncing" data around a series of globally distributed nodes. This process, known as onion routing, makes it difficult for outsiders to tell what content users access, enabling surveillance-free transactions or communication.
How does the dark web work?
The public internet or surface web is constructed from visible servers and web content identified by public IP addresses.
The dark web also features server-hosted content, but dark web sites lack standard identifiers or are excluded from indexing by website owners. Search engines cannot dark web sites to their indexes and search results.
Almost 99% of web content is thought to evade search engines. This includes data protected by password portals, obsolete files, and anything Google's algorithms decide is irrelevant. However, not all this data qualifies as part of the dark web.
To be part of the dark web, sites must be invisible to a standard web browser and search engines.
How the dark web ensures anonymity
The dark web requires non-standard protocols and encryption techniques. Browsers like Tor (The Onion Router) use special protocols to generate encrypted entry points. These protocols use a layered encryption model. This wraps data packets in many layers.
Tor also plots complex pathways for dark web data. As data passes between nodes, layers of encryption peel away, like the skin of an onion. There is no traceable connection between the entry point and the destination. Users remain anonymous as long as Tor operates.
Tor differs from standard browsers in other ways. No identifiable traffic passes between users and their ISP. Tor clears cookies and browsing data after every session. It also disables geolocation features that can reveal a user’s location.
Standard browsers can access most internet content, even if it does not appear in Google results. But the dark web is different.
Experts estimate the dark web comprises around 0.03% of unindexed content. The amount of hidden data is rising, though, and even 0.03% is a large amount of information.
Difference between surface web, deep web, and dark web
Before we dive deeper, let's clear up a common misconception by defining some key terms. We cannot talk about the "dark web" without understanding how it excludes the surface web and the deep web.
Surface web
The surface web is the outer layer of the internet that web browser users see. When you run a Google query, the search engine delivers results from the surface web.
Algorithms process indexed data, assessing its relevance and quality. In the process, search engines miss a huge amount of data. Ideally, this doesn't matter because indexers collect the most relevant information and ignore everything else.
For instance, Google might return a set of Amazon landing pages for a query about sports jackets. Searches won't include back-end metadata or private vendor pages that require passwords. Users only see publicly accessible product listings.
Estimates vary, but it's safe to say the surface web comprises about 10% of the total internet.
Deep web
The deep web comprises internet data that is not indexed by search engines. Deep web data is not really "hidden" from ordinary browsers. Content may only be accessible with login credentials, but you don't need Tor or similar layered encryption tools.
Deep web content includes data stored behind log-in portals or paywalls. Social media profiles are a good example. However, most deep web content is mundane website data like unused or out-of-date files. Site owners use the robots.txt file to redirect search engines and avoid excessive traffic.
Estimates vary about the size of the deep web, but it forms around 90% of internet content.
Dark web
The dark web is a subset of the deep web that exists in the shadows. This hidden web features everything we cannot see without special tools.
Because of this, estimating dark web traffic is almost impossible. The same applies to monitoring dark web criminal activity. It's hard to know whether your personal data is being sold online. Companies cannot tell when hackers conspire beyond surveillance to plan attacks.
When was the dark web created?
The dark web started life in 1999 in the research lab of University of Edinburgh student Ian Clarke. As part of his computer science degree, Clarke wrote a landmark paper on "a Distributed, Decentralised Information Storage and Retrieval System."
In 2000, he released a working version of his project called Freenet. Clarke's goal was to provide members of the public with total anonymity. As concerns about online privacy and government censorship grew, Freenet was a natural progression. Nobody called it the "dark web’ —at least not yet.
Ironically, US intel agencies made the next leap forward, releasing the Tor network in 2004. Scientists at the Office of Naval Research created Tor to enable anonymous battlefield and intelligence activity. However, the creators successfully argued for public release.
The designers realized that decentralized routing and layered encryption needed a large community of users. That's why they launched the Tor Project and fine-tuned the Tor browser in 2008.
Tor could not function without a large user community, even if that meant the government losing control—which is exactly what happened.
In 2009, a shadowy website called Silk Road started to make headlines. Based on the dark web, Silk Road thrived as cryptocurrencies expanded. Dark web marketplaces soon sold everything from narcotics and firearms to pornography, pirated software, and prescription medication.
The FBI raided Silk Road founder Ross Ulbricht in 2013 and closed the site, but the dark web remains a thriving marketplace. Silk Road 2.0 appeared immediately, followed by Diabolus Market and OpenBazaar.
The dark web has also become notorious for more than illegal goods. A 2022 study found 24.6 billion pairs of credentials available for purchase. The dark web now functions as a credentials brokerage, providing access to vast private databases.
Cyber attackers obtain passwords via data breaches. Other criminals buy stolen data to use in phishing or other cyber attacks. Prices are easily affordable, with credit card details retailing for around $120 and single passwords costing just $10. It's a cybersecurity nightmare.
Why does the dark web exist?
Given the criminal activity associated with the dark web, it's natural to ask why the dark web exists. Scientists developed the underlying technology with noble purposes in mind. The ONS and Ian Clarke never wanted to encourage crime, but their creations made the dark web possible.
The dark web's creators set out to protect individual privacy. By the late 1990s, early enthusiasm about the internet gave way to fears about crime and surveillance. People needed ways to browse and communicate anonymously. Tor and Freenet were effective solutions.
The dark web is still a valuable privacy tool. Media organizations like the BBC, the New Yorker, and ProPublica use dark web tools to allow censorship-free browsing in repressive countries.
Is the dark web illegal?
The legal situation surrounding the dark web is pretty simple. Using dark web tools is legal, but using the dark web to commit criminal acts is not.
The benefits above are probably why the dark web remains legal and supported by some governments. Tor is the most reliable way to escape the attention of authoritarian states.
Balancing anonymity against credential thefts and illicit selling is hard, but states tend to see legality as a better option.
Note: Some countries suppress dark web usage. China, Russia, and Vietnam all prohibit Tor usage (with variable success). Keep that in mind if you use Tor when traveling.
Types of threats on the dark web
The dark web may be legal, but it's not safe. Many critical threats make the dark web dangerous. Here are just a few of the most concerning examples:
Illegal activity. When users access the dark web, it's easy to become involved in criminal activities. Dark web marketplaces peddle illicit drugs, firearms, and even stolen information like medical and legal documents. Buying stolen or prohibited items brings the risk of legal consequences.
Malicious software. The dark web is unregulated. Dark web forums you visit could direct you to malware and compromise your device. They could also direct you to illegal content without warning. There's no way of knowing.
Hacking. Dark websites are havens for data thieves and other hackers. These actors are happy to target customers or casual dark web visitors alike.
Ransomware-as-a-Service. Dark web vendors now sell off-the-shelf ransomware kits, allowing almost anyone to mount cyber-attacks. Groups like REvil and GandCrab provide specialized software that leverages stolen data.
Webcam attacks. One of the scariest dark web hazards is webcam hijacking. Attackers target visitors with unsecured cameras. They may then deploy remote administration tools to blackmail targets or use the camera to gather data.
Data breaches. The dark web is a global hub for originating and executing data breaches. Nobody is safe. For instance, in March 2024, communications giant AT&T reported a data breach involving 73 million records. Stolen data was available on the dark web from 2019. And AT&T is just the tip of the iceberg.
Law enforcement. Criminality is everywhere on the dark web, but so is law enforcement. Users risk detection and prosecution if they engage in illicit behavior. Never assume that contacts are who they say they are.
What is the dark web usually used for?
As the list above suggests, much dark web activity is either borderline or totally illegal. However, not all dark web activities break the law.
Almost anything prohibited by national laws appears on dark web markets. It's common to find vendors selling drugs, weapons, medical records, prescription medications, and illegal images or videos. There are few limits on what is bought and sold.
Researchers investigating the cross-border wildlife trade found 153 endangered species for sale on 50 dark web forums. Democracy is even on the shelves. One incident found 40 million US voter registrations selling for $2 each.
Anything goes. Marketplaces are hard to track as they come and go. After Silk Road closed, Dream Market became a go-to vendor for opiates. AlphaBay expanded the use of niche crypto-currencies, while DarkMarket focused on selling personal information. All have closed, but successors continue.
The dark web has other uses, though. It's not all about selling illegal goods. The dark web is also used to:
Access paywalled academic journals and enable research sharing.
Evade censored or geo-blocked content.
Search the web without ads or cookies of any kind.
Share information confidentially, for example, about protests or whistle-blowing.
Find essential medications at affordable prices.
Is your business data on the dark web?
There are some positive uses of the dark web, but we need to be aware of the dangers. Most importantly, every internet user and company must know if their data is available via dark websites. And we need ways to prevent this.
Let's start with a simple process to check whether your information is on the dark web.
Firstly, don't enter the dark web alone. Individual users lack the contextual data and tools to penetrate dark web defenses. Logging onto Tor and searching your name won't work.
Companies worried about leaked credentials should use in-depth threat exposure management platforms like NordStellar.
Dark web monitoring solutions leverage huge databases of exposed credentials. Scanners constantly analyze databases of compromised credentials and scan dark web forums and marketplaces for keywords related to your business data.
How to keep your company data off the dark web
Searching the dark web for confidential data can be imprecise. A smarter solution is preventing the disclosure of your company data in the first place.
Dark web criminals are clever and ruthless, but cybersecurity measures deter even the most skilled data leeches. Many companies fail to put those barriers in place. That's why dark web markets thrive, but it doesn't have to be like that.
Here are some tips to secure your data and ruin the bottom line of dark web data vendors:
Protect traffic with a Business Virtual Private Network (VPN). VPNs encrypt traffic and hide your data in transit. Secure every endpoint with VPN coverage to block data thieves.
Guard your credentials like a hawk. Credential theft or brute forcing allows criminals to access your network and steal user or customer data. Enforce strong, regularly-changed passwords. Add multi-factor authentication for all log-ins. Apply Zero Trust principles to minimize access to sensitive data.
Be smart about phishing. Phishing encourages users to click dangerous links, leading to malware infections and data loss. Implement advanced DNS filtering solutions to prevent access to websites used in phishing attacks. Train employees to spot phishing emails and explain why phishing awareness is a critical data protection issue.
Use dark web monitoring. Dark web monitoring is a must-have for companies handling sensitive data. Remember the AT&T case. It took 5 years to uncover the data breach, resulting in millions of dark web sales. Monitoring informs you immediately about data exposure. It also helps you tweak your security posture to prevent cyber attacks.
Put in place holistic dark web protection. Don't apply password security, VPN coverage, and access controls independently. Gather everything together in one, like NordLayer’s threat protection setup. That way, you can anticipate and neutralize threats before they cause problems.
The tips above will protect companies who do not intend to access the dark web.
But what if you need to use the dark web safely? In that case, extra data security measures come into play.
Be very cautious about exposing confidential information on dark web forums. Never mention your name, employer, phone number, or address.
Never trust dark websites. There is no SSL encryption on the dark web, and nobody certifies dark web sites as safe to use. Remember that when entering discussions or buying goods.
Don't click links on forum posts. The same applies to links. Dark web links could easily be malicious or lead you to illegal content. As a rule, avoid clicking unknown links if possible.
Disable Java and ActiveX. You may already have done this, but disable these frameworks before firing up Tor. Both are notoriously vulnerable to exploits, especially by dark web residents.
Separate dark web browsing from critical assets. Ideally, only use Tor inside a well-defended network segment. Create a secure zone with minimal east-west movement. If the worst happens, this should restrict the damage.
Tips on how to protect business information from data theft
Hidden data marketplaces are alarming, but could also be a good thing. Knowledge about the dark web should motivate us to update our data security practices.
How can you safeguard sensitive information and stay one step ahead of data thieves? Let's finish this blog with some data security essentials.
Check statements for financial anomalies
Cyber fraud often shows up first in your company finances. Don't assume everything is fine. Checking cash flows for unusual payments is always a wise move.
Criminals often take small amounts regularly instead of withdrawing huge sums in one transaction. Minor unauthorized payments could be an early warning that business data and credentials are available on the dark web.
Lock down critical business data
If users in your business access the dark web, network segmentation is essential. Network segmentation creates secure zones within the network architecture. These zones are protected by firewalls and access controls, admitting authorized users but blocking everyone else.
Protect sensitive data within safe zones, and consider creating quarantine zones for dark web browsing. The more barriers there are between business data and dark web users, the better.
Monitor the dark web for data breaches
Stay aware of known data leaks and monitor dark web marketplaces for your business data. Dark web monitoring services scan materials on the dark web, alerting you rapidly should data theft occur.
Take advantage of security alerts provided by financial companies and online vendors. Banks and payment processors like PayPal enable customized alerts to flag suspicious activity.
The same applies to everyday business tools like social media and email. Google and Facebook enable activity alerts and they supplement dark web monitoring.
Remember: thieves may buy social media credentials on the dark web and use them to acquire more information. Any alerts are potentially worrying.
Update your security tools
Finally, only use reputable security software to safeguard devices and apps. Avoid free VPNs or virus checkers. These tools may not work effectively and could even deliver malicious software. Stick to trusted vendors and regularly patch security tools to stay ahead of attackers.
The dark web is one part of the cybersecurity puzzle, but it provides a great reason to improve your cybersecurity game. Safeguard data, learn about dark web threats, and adopt a cautious approach. But if you have any concerns, expert help is easy to find.
Contact the NordLayer team to discuss dark web threats and fine-tune your business security.
