When the Web Goes Dark

Updated: Jun 27, 2019



The Dark Web is the digital black market on steroids. You may not hear about them at your country club or the church social, but the amount of money they generate for cybercriminals is in the billions.

by Daniel Tobok


What is the Dark Web?

Believe it or not, only four per cent of the web is indexed and can be found using commercial search engines like Google Chrome, Safari, Firefox, and Explorer. Regular websites on the internet are indexed, controlled, monitored, and policed. That leaves 96 per cent of the internet; this is the Deep Web. The Deep Web is comprised of information from academic institutions, companies and governments – vast databases that really can’t be accessed by a search engine as they’re behind passwords and paywalls.

The Dark Web is an even smaller portion of the Deep Web. It’s not indexed, controlled, monitored, or policed by anyone because the pages have no meta tags or metadata associated with them. Think of the Dark Web as “The Wild West” meets “The Sopranos.” Both the Deep Web and the Dark Web have been around as long as the internet.

Websites on the Dark Web don’t have multi-media content, nice graphics, lovely colours, or stunning photography. They look like Web 1.0, meaning websites designed between 2001 and 2005. What they do have is a lot of data and information. Nor do Dark Web sites have .com, .org, or .gov extensions but rather .onion and often have just a series of random numbers and letters as the URL, making them hard to find. The Dark Web even has its own Wikipedia equivalent – an Onion site called The Hidden Wiki – that gives direct links to Dark Web sites.

You need a browser like Tor or Freenet to access the Dark Web. If you know the URL of a particular Dark Web site, you can type it in. With many sites, you need an invitation from someone that includes special instructions on how to get to the website. Importantly, you need to take some serious precautions to mask your identity while surfing the Dark Web, so you can’t use the Microsoft Windows operating system while doing so.


Who is on the Dark Web?

The Dark Web is where some of the most evil psychopaths, sociopaths, and criminals hang out. You wouldn’t want your sister to marry any of these characters – or even bring one home for Sunday dinner to meet the family. Basically, it is a department store where you can buy or access the following: government secrets leaked by vigilante hackers; illegal firearms; illegal porn and weird sexual fantasy videos; human slavery; child porn; every type of illegal drug; strange job postings by governments that fuel conspiracy theories; stolen passport numbers; stolen credit card information; stolen intellectual property and trade secrets; hackers-for-hire to steal your ex’s credit card or get into her Facebook account (think of it as craigslist for hackers); ransomware as a service; thieves-for-hire; hitmen-for-hire; instructions and manuals for every sick thing you can think of, like how to be an undetected pedophile and abduct children; and human experiments, including funding, effects, and documentation of various substances on the human body.

The Dark Web is the digital black market on steroids, and it exists because there is a lucrative market for all these activities. You may not hear about them at your country club or the church social, but the amount of money they generate for cybercriminals is in the billions.


Why is the Dark Web dangerous?

The Dark Web is a dangerous place for a number of reasons. First, the sociopaths and cybercriminals who operate these sits make it a priority to know exactly who is visiting their nefarious websites, as they have every interest in protecting their hefty income streams. This makes cyber tourism a dumb reason to check out the Dark Web, especially if you don’t know what you’re doing. Remember the old adage: curiosity killed the cat. Just because you can’t see who operates Dark Web sites doesn’t mean they can’t see you. Actually, the exact opposite is true. The Dark Web has some of the best old-school cybersecurity around – and we’re not talking Google Analytics, here folks!

If you’re sure you want to take a deep dive into the darkness, you need to do a lot more to protect yourself. A virtual private network (VPN) can mask a user’s location and gives the user a layer of protection. But even that is risky for novices. The moment you start associating with criminal groups or try to enter a particular chatroom or join a particular group, they want to know exactly who you are. They will screen you to make sure that you’re not an Interpol mole who will penetrate their inner circle, get them arrested, and spoil their lucrative trade. If you don’t know what you’re doing, there’s a good chance you will end up being monitored in real-time by cybercriminals.

It’s very easy for cybercriminals to hunt you down. Typically, they send you a file, they look at the file and it will tell them your location. This is not something out of Mission Impossible II. This is real and easy. And, it has been around for a very long time. So, your safety and that of your family and friends can be put at risk if you engage with any of the people on the dark side of the web.

Second, much of the Dark Web is stolen intellectual property (IP) or copyright infringement. Intellectual property is the lifeblood of many corporations: stuff that has been in the R&D labs for years and the fruit of hundreds of millions of dollars. Companies can proactively partner with cybersecurity firms, to see if any of their intellectual property has been stolen and if it’s being offered to the highest bidder on the Dark Web. Interacting with cybercriminals on the Dark Web is not a DIY project; these critical counterintelligence jobs should only be tackled by the best cybersecurity people!

Third, when you want to pay for Dark Web activities or ransomware, you don’t use PayPal, Interac, credit cards, or wire transfers. You pay for stuff with Bitcoin or other cryptocurrencies and this presents its own set of unique challenges. Cryptocurrency transactions are anonymous: there’s no need to verify your ID to create a digital wallet. Cryptocurrencies are decentralized, meaning they aren’t controlled by a centralized government. They are totally digital; no physical object exists, no paper money, no gold, etc. It’s all code on an electronic ledger. And cryptocurrency transactions can’t be reversed; once completed, they can’t be undone. There is no back button.

Cryptocurrencies provide cybercriminals with speed and high throughput; thousands of transactions can be processed at a time. Cryptocurrencies also use extensive cryptography: the creation of coins, the transactions, the digital wallets and public ledgers that store transactions are all encrypted. Lastly, converting cryptocurrency to cash is easy. Cryptocurrencies can be sold for currency on an exchange, much like Forex trading.

For all these reasons, cryptocurrencies are ideal for cybercriminals and tricky for someone with no experience to navigate them without getting scammed. When trading cryptocurrencies, it’s wise to engage a reputable cybersecurity company that has conducted negotiations in cryptocurrencies.


What can be done about the Dark Web?

The Dark Web is there because it enables a few people to make a ridiculous amount of money with very little effort. But here’s the rub: unfortunately, not much can be done about it! There are thousands of Dark Web sites in many different languages; most police forces don’t have the cyber-sleuthing skills to deal with white-collar or other types of financial crime, and police offices worldwide have their hands full dealing with hard crime. Cyber sleuthing also requires a very long timeline and a lot of money. It took 10 years to catch Osama bin Laden. Why? He knew enough to “go dark,” meaning he ceased having a digital footprint in favour of a very small, trusted inner circle that no one could penetrate. This is old-school espionage. And, bin Laden did it in plain sight, in Pakistan!

For the most part, businesses need to know what is out there and how to protect themselves. If your intellectual property gets stolen, if your executives are the victims of a phishing scam and a corporate or trust account is emptied before a long weekend, if 10 million credit card records are stolen, or an employee clicks on yet another funny cat video that contains ransomware and locks up all your servers, you’re on your own. Don’t bother calling the police.

For most organizations, that means taking precautions to keep software patches up to date, never being in a hurry to conduct financial transactions on behalf of the company, being leery of last-minute account changes for financial transactions, changing IT administrator passwords often, training employees on how phishing scams work, and conducting proactive penetration testing to test the security of your internet network. And let’s not forget paying attention to your gut.

So, the moral of the story is: don’t whistle in the dark. If you see something, say something. 

0 views