October is cybersecurity month. When deciding what to write about, I recalled a surprising fact: Most people have not heard of the “dark web”. It is out there though, and it’s important to know where it resides and why it is considered “dark” in nature. Once you grasp an understanding of the dark web, there are things you can do to prevent becoming a victim of cybercrime.
3 Layers Down
To really understand what the dark web is, the first thing to know is there are essentially three layers to the world wide web (www):
- Surface Web
- Deep Web
- Dark Web
1. Surface Web
This is the web the everyday person uses on their smart devices and/or personal computers. The sites accessed on the surface web have been indexed by DNS (domain name servers) web servers that provide specific pages to a web browser by resolving an alphanumeric web address (e.g. www.timothydimoff.com) to the website’s actual IP address. This is in reality a 14 digit numeric location on a web server structured the following way “1111.2222.3333.44”.
The easiest way to understand this concept is to understand what happens when you enter in directions in a car. When an address is entered, the actual data being utilized by the GPS technology is the global coordinates for the address (e.g. longitude, latitude). So, your Garmin, for example, allows you to enter in 123 Main Street, Akron, OH, but identifies the numerical longitude and latitude in order to build directions to the specific location based upon the coordinates where you are currently located.
The most important thing to note about the surface web is that only websites that have been indexed by a web server are accessible to the public. In other words, the website’s IP address is fully disclosed to world wide web servers, enabling the website to be searched by mainstream search engines (Google, Bing, Yahoo etc.) by anyone with an internet-ready device.
2. Deep Web
The next layer down is called the deep web. It is often confused with the dark web, but that’s because it is not readily accessible to the public at large. It consists of a multitude of online data points stored on web servers ultimately connected to various databases. Here not all websites are indexed and when reached, the sites are often password protected, blocking user access to backend databases. Your eyes might be glazing over right now, so think of it as eating in a restaurant.
You are served the food you ordered (= surface web), but you are not allowed in the kitchen or inside the delivery trucks that brought the ingredients that were used to create the food on the plate (= deep web). What is important to you is the food you are served. You know it was cooked in the kitchen because food was delivered to the restaurant, but you are not privy to the whole process.
This also accounts for why no one really knows how big the deep web is today, but it is estimated to be 400 to 550 times bigger than the surface web. In other words, what you see on the surface web is a small representation of information/data that is visible to the public at large. But it is important to note the deep web isn’t intentionally “hidden” from you. This is where the dark web comes into play.
3. Dark Web
Intentionally hidden or inaccessible locations on the internet constitute a small portion of the world wide web called the dark web (aka “darknet”).
These locations are the result of:
- Failed online companies
- Technical errors/failures
- Internet service provider disputes
- Abandoned addresses once used by the US military in the earliest days of the internet
These forgotten properties can then be set up as a blog, forum, chat room, or private gaming server. They are often used for illicit exploitation (sometimes for only a few seconds before they are returned to disuse).
These sites are:
- Resistant to indexing (there is no “dark Google)
- Require special browsers (e.g. Tor) for search
- Require the user to know the exact location (IP address) of a website
The dark web is where someone can be anonymous. This is especially important for people who engage in illegal or illicit activities (e.g. hire hitmen, engage in human trafficking, and exchange child pornography). Therefore, tech savvy criminals flock there to create marketplaces where illicit goods such as narcotics, firearms, and stolen credit card numbers are bought and sold. However, not all dark web activity is criminal and degenerate in nature, but it does make the visitor vulnerable to hackers on the other end of the line.
Don’t panic. Entering in a search word in Google will not open the door to a dark web location. An end user must intentionally seek a location on the dark web. So, don’t live in constant fear of the world wide web. If you do have the need to access the dark web when seeking information outside mainstream channels (e.g. your job in law enforcement, investigative services), do so with extreme caution.
With that said, it is important to take the blinders off and take precautions. Unless you live completely “off-the-grid”, chances are your personal data has already been compromised. So, the issue is no longer prevention, but protection. According to AARP, consider the following so you don’t become a victim of cybercrime:
- Freeze your credit
- Monitor your accounts
- Set up a password manager
Overall, be careful online. Use common sense, and don’t go looking for trouble. The dark web is out there, but the choice to enter it is up to you.
Tim Dimoff Can Help Protect Against Cybersecurity Threats
The internet is a vulnerable place, but knowledge is power to protect against cybercrime. Tim can help your organization learn how to effectively address basis cybersecurity to safeguard your internet practices to protect you from scams, viruses, identity loss and more with his presentation Basic Cybersecurity Pitfalls and Preventions. Contact Tim to schedule today.