Close

Lifting the lid on the dark web

Aura Information Security principal consultant / cyber evangelist Paul W. Poteete explains what exactly the dark web is, what it does - and whether or not you should be there.

The ‘dark web’ is a term which is increasingly coming into public prominence. But just what is the dark web and how does it affect the average business or person, if at all? The short answer is that it does have an effect and can be how hacking and other instances of malicious use of computer systems is perpetrated.

 What the dark web is

The dark web is an ‘alternative’ internet which isn’t visible to regular browsers, like Firefox, Chrome, Internet Explorer and others. Instead, the encrypted dark web can only be viewed with a specific browser called TOR. TOR itself originally stood for ‘The Onion Router’. Having said that, there are gateways available on the open Internet that redirect normal connections to Dark Web content.  

Sometimes replacing an .onion link with .onion.to or .onion.direct or a few other extensions will route open traffic to Dark Web content.  Special care should be taken to protect your connection when using the Dark Web, as illegal content is embedded within open content.

Without going into too much technical detail, it’s worth having a quick look at that odd name. It comes from a concept known as ‘onion routing’ which was developed at around the same time the Internet first went public (in the early-mid 1990s) and describes a technique where internet access is ‘nested’ in layers like the layers of an onion. Through encryption, each layer is kept completely ‘separated’ from the other – meaning that the dark web is completely anonymous and it is impossible to trace people’s activity on it.

How to access the dark web

Accessing the dark web isn’t difficult. Downloading TOR is as simple as downloading any other software from the internet: do a search, find the link, download and install. It is as easy as that, which means anyone can get onto the dark web within a matter of minutes.

It isn’t illegal to access the dark web, either. Whether doing so will attract the attention of government agencies is not certain, but governments do tend to monitor how the Internet is being used to identify possible instances of illegal activity.

What’s being on the dark web like?

Being on the dark web isn’t anything at all like viewing the regular internet. There is little attention paid to modern user interfaces and the immediate impression you’re likely to get is that you’ve teleported yourself back into the late 1990s. It is clunky, it doesn’t look particularly good and it isn’t as simple to navigate from one place to another. Beyond that, many of the .onion sites are transient in nature; one minute they’re online, the next they’re gone.

Most users need to spend some time familiarising themselves with the dark web – and there isn’t any shortage of guides available to do that.

What can be done on the dark web?

Once on the dark web, it is possible to connect with people doing all kinds of illegal activities. Gun running, human trafficking, false identification papers and drugs can be found and procured through the dark web. With the anonymity afforded by TOR, nobody knows who you are in real life, and nobody knows who the (purported) vendors of such products and services are. Although TOR provides a substantial level of anonymity when using the browser, after a purchase is made, attributing the client directly to the illegal purchase is often a simple process. 

Also available are hacking tools, or hackers for hire; with virtual goods, the necessity for real-life transport or transacting is completely eliminated, making this one of the more ‘convenient’ uses of the dark web for those seeking to cause mayhem on a target.

Typically, transactions on the dark web are made using cryptocurrency (such as Bitcoin), which once again, is untraceable. Bitcoin currency is used for both legal and, due to the anonymity afforded, illegal activities.  The exchange rate is fluctuant and varies from day to day on the Internet, causing increased interest in the alternative currency and hesitance to become involved.  It is believed that Bitcoin mining will no longer be profitable around 2036-2048; however, the value of bitcoins may continue for many years after mining ceases.

Should you be on the dark web?

Unless you are a researcher, security professional, or law enforcement, the answer to that one is probably a simple ‘no’. But it is worth knowing that it is there and that it often plays a role in the hacks and other incidences of malware which can affect everyday businesses.

Paul W. Poteete is principal consultant / cyber evangelist at Aura Information Security.