The Dark Web Is Hidden In Plain Sight

Sites on the so-called Dark-Web, or Darknet, typically operate under what seems like a privacy paradox: While anyone who knows a dark web site’s address can visit it, no one can figure out who hosts that site, or where. It hides in plain sight.

But changes coming to the anonymity tools underlying the darknet promise to make a new kind of online privacy possible. Soon anyone will be able to create their own corner of the internet that’s not just anonymous and untraceable, but entirely undiscoverable without an invite.

Over the coming months, the non-profit Tor Project will upgrade the security and privacy of the so-called “onion services,” or “hidden services,” that enable the Dar net’s anonymity.

While the majority of people who run the Tor Project’s software use it to browse the web anonymously, and circumvent censorship in countries like Iran and China, the group also maintains code that allows anyone to host an anonymous website or server, the basis for the darknet.

So what is the Darknet or Dark Web?

The Dark Web is a term that refers specifically to a collection of websites that exist on an encrypted network and cannot be found by using traditional search engines or visited by using traditional browsers.

Almost all sites on the so-called Dark Web hide their identity using the Tor encryption tool. You may know Tor for its ability to hide your identity and activity. You can use Tor to spoof your location so it appears you're in a different country to where you're really located. When a website is run through Tor it has much the same effect.

Indeed, it multiplies the effect. To visit a site on the Dark Web that is using Tor encryption, the web user needs to be using Tor. Just as the end user's IP address is bounced through several layers of encryption to appear to be at another IP address on the Tor network, so is that of the website. So there are several layers of magnitude more secrecy than the already secret act of using Tor to visit a website on the open internet - for both parties.

Thus, sites on the Dark Web can be visited by any web user, but it is very difficult to work out who is behind the sites. And it can be dangerous if you slip up and your identity is discovered.

Not all Dark Web sites use Tor. Some use similar services such as I2P, such as the Silk Road Reloaded. But the principle remains the same. The visitor has to use the same encryption tool as the site and, crucially, know where to find the site, in order to type in the URL and visit.

Infamous examples of Dark Web sites include the Silk Road and its offspring. The Silk Road was (and maybe still is) a website for the buying and selling of recreational drugs. But there are legitimate uses for the Dark Web. People operating within closed, totalitarian societies can use the Dark Web to communicate with the outside world.

And given recent revelations about US- and UK government snooping on web use, you may feel it is sensible to take your communication on to the Dark Web.

The Dark Web hit the headlines in August 2015 after it was been reported that 10GB of data stolen from Ashley Madison, a site designed to enable bored spouses to cheat on their partners, was dumped on to the Dark Web.

Hackers stole the data and threatened to upload it to the web if the site did not close down, and it has now acted on that threat. Now the spouses of Ashley Madison users have begun to receive blackmail letters demanding they pay $2500 in Bitcoin or have the infidelity exposed.

In March 2015 the UK government launched a dedicated cybercrime unit to tackle the Dark Web, with a particular focus on cracking down on serious crime rings and child pornography. The National Crime Agency (NCA) and UK intelligence outfit GCHQ are together creating the Joint Operations Cell (JOC).

What is the Deep Web? Dark Web vs. Deep Web

Although all of these terms tend to be used interchangeably, they don't refer to exactly the same thing. An element of nuance is required. The 'Deep Web' refers to all web pages that search engines cannot find. Thus the 'Deep Web' includes the 'Dark Web', but also includes all user databases, webmail pages, registration-required web forums, and pages behind paywalls. There are huge numbers of such pages, and most exist for mundane reasons.

We have a staging version of all of our websites that is blocked from being indexed by search engines, so we can check stories before we set them live. Thus for every page publicly available on this website (and there are literally millions), there is another on the Deep Web.

Use an online bank account? The password-protected bits are on the Deep Web. And when you consider how many pages just one Gmail account will create, you understand the sheer size of the Deep Web.

This scale is why newspapers and mainstream news outlets regularly trot out scare stories about '90 percent of the Internet' consisting of the Dark Web. They are confusing the generally dodgy Dark Web with the much bigger and generally more benign Deep Web. Mixing up the act of deliberately hiding things, with that of necessarily keeping pages away from search engines for reasons of security or user experience.

What is the Dark Internet?

Confusingly, 'Dark Internet' is also a term sometimes used to describe further examples of networks, databases or even websites that cannot be reached over the internet. In this case either for technical reasons, or because the properties contain niche information that few people will want, or in some cases because the data is private.

A basic rule of thumb is that the phrases 'Dark Web' or 'Deep Web' are typically used by tabloid newspapers to refer to dangerous secret online worlds, the 'Dark Internet' is a boring place where scientists store raw data for research. The Deep Web is a catch-all term for all web pages that are not indexed for search, the others refer to specific things.

How to access the Dark Web

Technically, this is not a difficult process. You simply need to install and use Tor. Go to www.torproject.org and download the Tor Browser Bundle, which contains all the required tools. Run the downloaded file, choose an extraction location, then open the folder and click Start Tor Browser. That's it. The Vidalia Control Panel will automatically handle the randomised network setup and, when Tor is ready, the browser will open; just close it again to disconnect from the network.

Depending on what you intend to do on the Dark Web, some users recommend placing tape over your laptop's webcam to prevent prying eyes watching you. A tinfoil hat is also an option.

The difficult thing is knowing where to look. There, reader, we leave you to your own devices and wish you good luck and safe surfing.

And a warning before you go any further. Once you get into the Dark Web, you will be able to access those sites to which the tabloids refer. This means that you could be a click away from sites selling drugs and guns, and, frankly, even worse things.

Wired:             PCAdvisor:

Stolen Health Records Flooding Dark Web Markets:       Tor: Mystery Spike In Hidden Addresses:

The Dark Web: anarchy, law, freedom and anonymity:

 

« Cyber Incidents Hit 85% Of Global Companies
Visualisation Tech Helps Police Process Complex Data »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

RSA Conference

RSA Conference

RSA Conference conducts information security events around the globe that connect you to industry leaders and highly relevant information.

Arsenal Insurance Company

Arsenal Insurance Company

Arsenal is an insurance provider based in Moscow, Russia. Services offered include Cyber Risk insurance.

Avatao

Avatao

Avatao is an online training platform for building secure software, offering a rich library of hands-on IT security exercises for software engineers to teach secure programming.

Georgia Cyber Center

Georgia Cyber Center

Georgia Cyber Center is dedicated to training the next generation of professionals through education and real-world practice while also supporting innovation in new technologies for online defenses.

Polyrize

Polyrize

The Polyrize continuous authorization platform for SaaS and IaaS stops tomorrow's public cloud cyber threats, today.

Baker Donelson

Baker Donelson

Baker Donelson is a law firm with a team of more than 700 attorneys and advisors representing more than 30 practice areas including Data Protection, Privacy and Cybersecurity.

Titans24

Titans24

Titans24 is a Software-as-a-Service security platform for web applications. It prevents attacks on business websites that are protected under 11 cyber-security layers.

Sonrai Security

Sonrai Security

Sonrai Security delivers an enterprise security platform focused on identity and data protection inside AWS, Azure, and Google Cloud.

SuperCom

SuperCom

SuperCom are a global secure solutions integrator and technology provider for governments and other consumers facing organizations around the world.

Bloc Ventures

Bloc Ventures

Bloc Ventures is an investment company providing long-term, ‘patient’ equity capital to early stage unquoted deep technology companies.

PacketViper

PacketViper

PacketViper’s Deception360 actively defends networks with deception-based threat detection and automated response to both external and internal cyber threats.

Oman Technology Fund (OTF)

Oman Technology Fund (OTF)

Oman Technology Fund aims to make Oman the preferred destination for emerging tech companies in the region, and an attractive and stimulating destination for venture capital.

IriusRisk

IriusRisk

IriusRisk is an open Threat Modeling platform that automates and supports creating threat models at design time.

AdronH

AdronH

AdronH is a company of Cyber Security consultants. We support companies and public institutions with their digital transformation to new and secure business platforms.

Geobridge

Geobridge

Geobridge was one of the first information security solutions providers to support cryptography and payment applications for payment processors, financial institutions and retail organizations.

Centum Digital

Centum Digital

Centum Digital provide services, products and solutions specialized in communications engineering, control and signal intelligence.