Gaining access to dark web and deep web sources can be extremely powerful – if you focus on relevant use cases. The most successful strategies we observe have clear requirements, such as fraud detection, threat monitoring, and finding exposed credentials.

However, monitoring these sources is challenging, and few solutions have sophisticated coverage. Deep and dark web linksspans a huge range of potential sources; marketplaces, closed forums, messaging apps, and paste sites. Few companies span all these sources; fewer still have capabilities to go beyond simple scraping of sites.

Unfortunately, there is a lot of FUD (fear, uncertainty, and doubt) concerning the dark web. Iceberg analogies have been common for several years, ostensibly demonstrating the deep and dark web is significantly larger than the open web. In truth, the dark web only contributes to a small chunk of cybercrime – we must consider additional sources to get a truer sense of the threat landscape.

The dark web is an area of the internet that is only accessible with specific browser software, such as Tor or I2P. It is a web of anonymity where users’ identities and locations are protected by encryption technology that routes user data through many servers across the globe – making it extremely difficult to track users.

The anonymity of the dark web makes it an attractive technology for illegal purposes. Unfortunately, gaining visibility into criminal locations is difficult: it requires specialized knowledge, access to closed sources, and technology that’s capable of monitoring these sources for misuses of your data.

However, let’s first dispel some misconceptions about the dark web.

Assumption 1: The dark web is synonymous with the criminal internet. While the dark web is home to lots of crime, it also hosts many legitimate companies like New York Times and Facebook who offer Tor-based services, as well as generally benign content. The dark web is not synonymous with cybercrime.
Assumption 2: The dark web is the same thing as the deep web. To clarify, the deep web is broadly defined as anything that is not indexed by traditional search engines. Unsurprisingly, the deep web is also home to criminality – but so too is the clear web. The dark web does not monopolize cybercrime.
what is the dark web

Simply because it isn’t accessible by a traditional search engine, it does not mean the deep web is necessarily interesting. Most of the data on the deep web is mundane or “normal”; for example, email or Facebook accounts might fall under this definition as they require registration to see the content. While some deep and dark web sites are valuable sources, you need to know what you’re looking for, otherwise it’s easy to waste time and resources.
Is the Dark Web Illegal? An Introduction

The Dark Web allows users to remain anonymous through encryption. This is attractive to anyone involved in illegal activity, such as child pornography, sex trafficking, illicit drugs, or counterfeit goods. But it also may be useful for anyone living in an authoritarian state wishing to communicate with the outside world, as well as providing a safe space for whistleblowers. So while it’s not illegal to visit the Dark Web, it provides access to illegal activities.

Web sites that exist on the Dark Web are encrypted (and thus difficult to track), most commonly through the Tor encryption tool. Therefore, most Dark Web users access those sites using the Tor browser. There are other encryption tools and corresponding browsers such as I2P (these are not universal, by design) and you have to know the exact URL in order to access the site. There’s no “Google” for the Dark Web because that kind of indexing would provide a breadcrumb trail for investigators.

Another layer of anonymity involves the way payments are processed. Silk Road, for example, only accepted payment via Bitcoin, which is an unregulated cryptocurrency. As with the Dark Web generally, there’s nothing illegal about using Bitcoin. But the anonymity of Bitcoin payments is attractive to those making illegal transactions.

The Difference Between Dark Web and Deep Web

The term “Deep Web” refers to web sites that can’t be found by search engines, but that doesn’t necessarily mean they’re part of the Dark Web. For instance, the Deep Web includes things like web forums that require registration, news sites that exist behind paywalls, and other pages that aren’t necessarily secret but also not worth (or blocked from) indexing by search engines. The content management systems used by website operators to upload and manage content also are part of the Deep Web, for example.

But the Deep Web — by far the largest segment of the internet — also includes the Dark Web, since it also can’t be tracked or indexed by search engines. The terms are often interchanged, but they refer to distinctly different things. Also, keep in mind that the term “Dark Internet” is where raw data for scientific research is stored and isn’t synonymous with the Dark Web.

Law enforcement action didn’t stop there – on May 7, 2019 an internationally coordinated operation led to the takedowns of two more dark web marketplaces, Wall Street Marketplace and Valhalla Marketplace (Silkkitie). In the same operation, law enforcement simultaneously disabled one popular dark web news source and review page, DeepDotWeb. DeepDotWeb did not sell contraband; instead, administrators profited from promoting criminal sites and marketplaces through affiliate links. Its recent seizure displayed law enforcement’s willingness to target more of the illegal trade network beyond the marketplaces – including promoters and launderers.

In our dark web research report, Seize and Desist: The State of Cybercrime in the Post-AlphaBay and Hansa Age, we explored the impact of these dark web marketplace seizures. While a large chunk of cybercrime (especially Russian-speaking) was largely undisrupted, a breach of trust occurred in dark web criminal trade. This breach of trust caused criminals to consider new ways for generating trust in the underground.

While dark web markets, such as Tochka and Empire, certainly still exist, no market has yet risen to the prominence of Silk Road, AlphaBay, or Hansa. New criminal marketplaces continue to crop up, but they struggle to grow or decide to tread lightly with the growing fears of law enforcement disruptions and takedowns. To grow, these criminal marketplaces need a solid reputation, financing to scale, security to maintain current users, and trust to gain more traction.

There are some interesting candidates, however. Marketplace, run by the former administrator of the prestigious Exploit[.]in hacking forum, who coincidentally now leads the emerging XSS forum (formerly Damagelab), is an up and comer in the dark web market. Focused purely on cybercrime; MarketMS is near peerless.

Law enforcement is not the only force looking to disrupt the criminal community; their peers can be just as adversarial.

The Olympus Marketplace, an emerging dark web marketplace, ceased operations as the administrators reportedly conducted an exit scam – stealing user funds in the process. When AlphaBay and Hansa were seized, Olympus was a reputable, English-speaking marketplace that was expected by many to fill the void, but being the main marketplace comes with a hefty price. Time, money, and fear of getting caught loom too large for vendors and administrators who are continually choosing security over greed.

How Dark Web Crimes are Investigated

Because of the anonymous nature of the Dark Web, investigators have their work cut out for them. One of the main ways to catch criminals is by going undercover online, which can sometimes lead to real-life connections when, for example, an officer posing as a seller obtains the buyer’s mailing address. Also, the target of an investigation may slip up and reveal personally identifying information. In fact, an investigator with the Internal Revenue Service found an incriminating comment by Silk Road’s Ulbricht along with his email address, which would lead to his eventual arrest.

Since many of the transactions conducted via the Dark Web are completed by the U.S. Postal Service, police sometimes are able to match online clues with surveillance footage, handwriting analysis, and other clues. They may even find fingerprints on the package, potentially revealing the sender’s identity. Following the money also can be effective, even though the anonymous nature of Bitcoin makes that much more difficult. Still, the Department of Homeland Security has a dedicated task force focused on tracking money laundering via cryptocurrencies.

Other approaches involve the use of sophisticated technology and hacking techniques. For example, the FBI used malware to go after child pornography site Playpen. The software caused users who clicked on the forum to reveal their real IP addresses, which were then sent to investigators. Another hacking technique exploited a vulnerability in the Tor browser, allowing investigators to see the IP addresses of Dark Web marketplaces and users. Ultimately, it’s a game of cat-and-mouse.


Please enter your comment!
Please enter your name here