Cyber Bytes & Insights – Bite-Sized Cyber Training
The Cyber and Fraud Centre Scotland is delighted to launch a new training series, providing practical, hands-on exercises to boost cyber security readiness. Our Cyber…
SBRC’s ethical hacker, Jeremy, discusses the use of the dark web and why some are drawn to it for legitimate reasons.
The dark web has become a hot topic in recent years, with many misconceptions and confusion around its purpose and use. In popular culture, the dark web is often used as a catch-all term for the place to find any illegal content online, with many first hearing about it from stories of the Silk Road, the most infamous of many online marketplaces for illegal drugs.
The dark web itself is far from illegal though, despite misconceptions it contains all kinds of content, and just like the ordinary World Wide Web, some of that is legitimate and some of it isn’t. The only real constant on the dark web is anonymity. First of all, we need to clear up some terminology. Bear with me here…
The World Wide Web is composed of three main sections. The web as most people know it, containing all the commonly used sites, can be called the “Surface Web”. This part of the Web is indexed by search engines. This means that when you search for something using Google, or when you click a link to cyberfraudcentre.com, you are browsing the surface web. It is publicly accessible, using any modern web browser.
Next is the “Deep Web”, by far the largest part of the World Wide Web. This includes any part of the page which cannot be found using search engines. This could be for several reasons, but is commonly because the site’s owner has prevented search engines from indexing it, although you may still be able to browse there using a direct URL.
Other reasons could be that you must be logged in to access it, or because that site is somehow encrypted. So, when a site is referred to as being on the deep web, it just means it cannot be found by normal search engines and might not be publicly accessible. A good example of this is a private Facebook profile. Its content cannot be found by a search engine like Google because you must be logged in to Facebook to view it.
Finally then, the ‘Dark Web’, is the part of the web which is deliberately hidden and difficult to get to. The main attraction of the dark web, for all of its users, is anonymity. To access it, you often have to use an anonymous web browser such as The Onion Router (TOR), or some other form of Virtual Private Network or web proxy to protect your identity. Many people also use these services for privacy reasons even when browsing the surface web, and many sites (such as Facebook) cater to dark web users too.
The baked-in anonymity of the dark web serves all kinds of purposes, and many legitimate users take advantage of that. Investigative journalists, whistle-blowers, political activists, even ordinary citizens avoiding the surveillance of oppressive governments. Essentially, anyone who wishes to remain anonymous.
Unfortunately, this means that the dark web is also a haven for criminals who wish to hide their activity from the authorities. In 2019, a study by King’s College researchers estimated that 57% of active sites on the dark web host illicit content. Examples include arms and drug trafficking, identity theft, illegal pornography, extremism, and malicious hacking and exploit trading. While the majority of the dark web isn’t useful to the ordinary person, these hacking forums can be of big interest to cyber security professionals.
Threat Intelligence is a field of cyber security that relates to identifying potential threats and searching for evidence of past data breaches. Ethical hackers can monitor online hacking forums to remain aware of the latest vulnerabilities and exploits long before they are reported in the news.
Malicious hackers might list the IP addresses of organisations they have found to be vulnerable, potentially tipping off security professionals. Data leaks, such as the recent leak of half a billion Facebook users’ personal information, are traded mostly on the dark web, so monitoring for information such as email addresses and usernames can help you spot a previously unknown data breach or compromised account.
Hopefully, this blog has cleared up the mess of terminology and misconception around the dark web. In any case, while the use of the dark web is not illegal, much of the content is – so be careful what you click on!
You should also make sure you never give away personal information or download files from sources you aren’t certain of. Take the correct precautions, no matter what part of the web you’re browsing.
SBRC’s ethical hacking team can provide a series of cyber led presentations as part of our Professional Cyber Services. Click here to find out more.