The dark web. The name raises all kinds of questions. What is the dark web, really? Where is it? Can anyone hop on it?
Answering these questions can help you stay safer online.
The story of the dark web is a complicated one. It’s a small and highly anonymous layer of the internet. As a result, it has a reputation for harboring criminal activity. We often mention the dark web in our blogs, typically when the conversation turns to identity theft, data breaches, and stolen personal information. Rightfully so. Plenty of cybercrime can get traced right back to the dark web.
Yet cybercriminals didn’t create the dark web. And they’re far from the only people who use it. News outlets like the BBC and the New York Times have a presence there, as does the U.S. Central Intelligence Agency (CIA). Journalists, activists, and everyday citizens use it as well, often to work around oppressive censorship. Even Facebook is there, providing people access to the social media site in regions where it’s blocked.
Anonymity reigns on the dark web. It was designed to work that way. With that, it’s home to a mixed bag of activity, legitimate and illicit alike. Yet that anonymity doesn’t stop us from putting a face onto the dark web—from understanding what it is, where it is, and what transpires there.
That starts with a look at the internet and the two primary layers that make it up.
The layers of the internet: The surface web and the deep web
If you visualize the internet as an ocean, you’ll find it populated with websites and collections of data at all depths. Yet, the typical internet user only has access to the first few feet, a layer of the internet known as the surface web.
The sights you’ll see within the surface web will look familiar. It’s all the blogs, shops, social media sites, and so on that you visit regularly. And it’s easy to get to. You only need to fire up your browser and go. All the sites are public facing. With a quick search, you can find them.
In all, the surface web contains any destination you can reach through search. To put it more precisely, the surface web accounts for areas of the internet that search engines can “crawl” and index for search. Estimates vary, yet the surface web accounts for roughly 4 to 5% of the internet.
Now, enter the deep web, the next 95% of the internet that is not searchable. Yet, that’s not to say that you don’t travel down into its depths from time to time. In fact, you likely do it daily. Any time you go through a paywall or use a password to access internet content, you’re entering the deep web. The content found there is hidden from search. Examples include logging into your bank account, accessing medical records through your healthcare provider, or using corporate web pages as part of your workday. Even streaming a show can involve a trip to the deep web. None of that content is searchable.
As such, the overwhelming majority of activity within the deep web is legitimate. So while this layer of the internet runs deep, it isn’t necessarily dark. The dark web is something altogether different.
What is the dark web?
The dark web lives within the deep web. Like the other depths of the deep web, it’s not searchable. The people behind the websites and data collections on the dark web intentionally keep them hidden from search. And the reasons vary. Some of them are entirely legitimate, others questionable, and several are outright illegal in nature.
Its origins go back to the 1990s, when the U.S. Department of Defense developed the dark web as a means of anonymous and encrypted communications. That story might sound familiar. It’s quite like the origin story for the broader internet. That had its roots in the Department of Defense as well. So, just as the broader internet eventually became available to the public, so did the dark web as well.
Getting there requires a special browser because the protocols for the dark web differ from the surface web. Moreover, these browsers strip web traffic of identifiable information, encrypt it, and send it through a series of server jumps. The browsing traffic will appear to go through a server in one country, then a different server in another, and then another.
These steps make it highly difficult to identify the person using the browser. On the flip side, it makes it difficult to identify the people hosting the sites and services on the dark web as well.
Without question, privacy is everything on the dark web. For good and for bad.
Legitimate uses of the dark web
While the notion of the dark web typically gets raised in the context of cybercrime and other illegal activity, it has legitimate uses. Some of these use cases include:
Well-regarded news outlets such as the BBC and Pro Publica maintain a presence on the dark web to ensure that anyone can access their reporting. This includes people in nations and regions where certain news sources are censored.
For the particularly privacy-conscious, the dark web hosts several resources for encrypted communication. That includes email clients, internet chat, and even social media sites.
Anonymous tips are a part of national security, law enforcement, and journalism as well. The private nature of the dark web confers an additional degree of anonymity to tipsters.
The dark web isn’t a place everyday internet users will need, or even want, to go. It’s far more complicated than the surface web—and going in without taking several security measures can make the trip a risky one.
The dark web as a marketplace for cybercrime
This is where the rubber meets the road from an online protection standpoint. The dark web is also a marketplace for hackers and bad actors. In several ways—as a place to purchase and rent malware, a repository for stolen information, and a place to communicate and coordinate attacks.
For starters, the dark web is populated with dark marketplaces. And difficult-to-trace cryptocurrency is the coin of the realm. With dark web stores stocked with ready-made malware kits, bad actors can launch attacks with little need for technical expertise. Others have done the work for them.
Cybercrime groups of all sizes prop up these shops, which they also use to rent out other services for attacks. For example, a small-time bad actor could easily lease a botnet to wage an attack that slows a targeted website to a crawl. Some cybercrime groups will provide hackers who can run attacks on someone else’s behalf, creating a mercenary “hacker for hire” gig economy.
Likewise, information stolen from a data breach can end up in dark web marketplaces as well. The personal information posted in these marketplaces can range anywhere from emails and passwords to in-depth information like tax numbers, health information, and driver’s license numbers. Some of it goes up for sale. Some of it gets dumped there for free. With the right information in hand, cybercriminals can commit acts of identity theft. That includes claiming unemployment benefits and tax refunds in someone else’s name. In extreme cases, it can lead to bad actors can outright impersonate their victims, racking up debts and criminal records along the way.
Some hacking groups sell hacked accounts outright. For a couple hundred dollars, they offer up login and password information for bank accounts that have a couple thousand dollars in them. Also available, pre-hacked email, social media, and online payment accounts. If it’s hackable and has value, it’s likely for sale on the dark web.
Protect yourself from hackers and bad actors on the dark web
With all this shady activity on the dark web, you might wonder how you can protect yourself. In fact, you can take several steps to help prevent your information from finding its way there. And you also can take other steps if your information unfortunately does end up on the dark web.
Installing online protection software is the first step. Online protection software can help prevent many of the attacks bad actors can purchase on the dark web. It protects against ransomware, adware, spyware, and all manner of malware, whether it’s pre-existing or entirely new.
Yet today’s online protection goes far beyond antivirus. Comprehensive protection like ours protects your privacy and identity as well. It can monitor your identity and credit, create strong passwords, and clean up your personal information online.
Monitor your identity:
An identity monitoring service can actively scan the dark web for personal info like your date of birth, email addresses, credit card numbers, personal identification numbers, and much more. In the event you fall victim to identity theft, our identity theft coverage and restoration can provide up to $1 million in coverage to cover the costs. Plus, it provides the services of a recovery expert with limited power of attorney to help you repair the damage done.
Keep an eye on your credit:
If you spot unusual or unfamiliar charges or transactions in your account, bank, or debit card statements, follow up immediately. That might indicate improper use. In general, banks, credit card companies, and many businesses have countermeasures to deal with fraud. Moreover, they have customer support teams that can help you file a claim if needed.
Given all the accounts you likely have a credit monitoring service can help. McAfee’s credit monitoring service can help you keep an eye on changes to your credit score, report, and accounts with timely notifications and provide guidance so you can take action to tackle identity theft.
Create and maintain strong, unique passwords:
With the high number of accounts you need to protect, creating strong, unique passwords for each one can get time consuming. Further, updating them regularly can become a time-consuming task. That’s where a password manager comes in.
A password manager does the work of creating strong, unique passwords for your accounts. These will take the form of a string of random numbers, letters, and characters. They will not be memorable, but the manager does the memorizing for you. You only need to remember a single password to access the tools of your manager.
Close old, risky accounts:
The more online accounts you keep, the greater the exposure you have to data breaches. Each account will have varying degrees of personal and financial information linked to it. And that means each one carries a varying degree of risk if it gets breached. Moreover, some sites and services protect data better than others, which adds another dimension of risk. Closing old and particularly risky accounts can decrease the risk of your personal and financial information winding up in the hands of an identity thief.
With security and savings in mind, McAfee created Online Account Cleanup. It finds and requests the deletion of unused accounts and protects your personal data from data breaches as a result. Monthly scans across your online accounts show a risk level for each account and help you decide which ones to delete.
Use two-factor authentication:
Two-factor authentication is an extra layer of defense on top of your username and password. It adds a one-time-use code to access your login procedure, typically sent to your smartphone by text or call. Together, that makes it tougher for a crook to hack your account if they get hold of your username and password. If any of your accounts support two-factor authentication, the few extra seconds it takes to set up is more than worth the big boost in protection you’ll get.
Protect yourself from cybercriminals on the dark web
The “dark” in the dark web stands for anonymity. And with anonymity, all kinds of activity follow. Good and bad.
From a security standpoint, the dark web is a haven for all manner of cybercriminals. Understanding how they use the dark web can help you protect yourself from their activities. You have tools for prevention, and you have resources available if your information ends up there or leads to identity theft.
By putting a face on the dark web, you put a face on cybercrime and can help reduce the risk of it happening to you.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.