Dark web definition\n\nThe dark web is a part of the internet that isn't indexed by search engines. You've no doubt heard talk of the \u201cdark web\u201d as a hotbed of criminal activity \u2014 and it is. Researchers Daniel Moore and Thomas Rid of King's College in London classified the contents of 2,723 live dark web sites over a five-week period in 2015 and found that 57% host illicit material. \n\nA 2019 study, Into the Web of Profit, conducted by Dr. Michael McGuires at the University of Surrey, shows that things have become worse. The number of dark web listings that could harm an enterprise has risen by 20% since 2016. Of all listings (excluding those selling drugs), 60% could potentially harm enterprises.\n\nYou can buy credit card numbers, all manner of drugs, guns, counterfeit money, stolen subscription credentials, hacked Netflix accounts and software that helps you break into other people\u2019s computers. Buy login credentials to a $50,000 Bank of America account, counterfeit $20 bills, prepaid debit cards, or a \u201clifetime\u201d Netflix premium account. You can hire hackers to attack computers for you. You can buy usernames and passwords.\n\nNot everything is illegal, the dark web also has a legitimate side. For example, you can join a chess club or BlackBook, a social network described as the \u201cthe Facebook of Tor.\u201d\n\nNote: This post contains links to dark web sites that can only be accessed with the Tor browser, which can be downloaded for free at https:\/\/www.torproject.org. \n\nDeep web vs. dark web: What\u2019s the difference?\n\nThe terms \u201cdeep web\u201d and \u201cdark web\u201d are sometimes used interchangeably, but they are not the same. Deep web refers to anything on the internet that is not indexed by and, therefore, accessible via a search engine like Google. Deep web content includes anything behind a paywall or requires sign-in credentials. It also includes any content that its owners have blocked web crawlers from indexing.\n\nMedical records, fee-based content, membership websites, and confidential corporate web pages are just a few examples of what makes up the deep web. Estimates place the size of the deep web at between 96% and 99% of the internet. Only a tiny portion of the internet is accessible through a standard web browser\u2014generally known as the \u201cclear web\u201d.\n\nThe dark web is a subset of the deep web that is intentionally hidden, requiring a specific browser\u2014Tor\u2014to access, as explained below. No one really knows the size of the dark web, but most estimates put it at around 5% of the total internet. Again, not all the dark web is used for illicit purposes despite its ominous-sounding name.\n\nDark web tools and services \n\nThe Into the Web of Profit report identified 12 categories of tools or services that could present a risk in the form of a network breach or data compromise:\n\nThe report also outlined three risk variables for each category:\n\nRansomware-as-a-service (RaaS) kits have been available on the dark web for several years, but those offerings have become far more dangerous with the rise of specialized criminal groups like REvil\u00a0or GandCrab. These groups develop their own sophisticated malware, sometimes combined with pre-existing tools, and distribute them through "affiliates".\u00a0\n\nThe affiliates distribute the ransomware packages through the dark web. These attacks often include stealing victims' data and threatening to release it on the dark web if the ransom isn't paid. \n\nThis business model is successful and lucrative. IBM Security X-Force, for example, reported that 29% of its ransomware engagements in 2020 involved REvil. The criminal groups that developed the malware gets a cut of the affiliates' earnings, typically between 20% and 30%. IBM estimates that REvil's profits in the past year were $81 million.\n\nDark web browser\n\nAll this activity, this vision of a bustling marketplace, might make you think that navigating the dark web is easy. It isn\u2019t. The place is as messy and chaotic as you would expect when everyone is anonymous, and a substantial minority are out to scam others. \n\nAccessing the dark web requires the use of an anonymizing browser called Tor. The Tor browser routes your web page requests through a series of proxy servers operated by thousands of volunteers around the globe, rendering your IP address unidentifiable and untraceable. Tor works like magic, but the result is an experience that\u2019s like the dark web itself: unpredictable, unreliable and maddeningly slow.\n\nStill, for those willing to put up with the inconvenience, the dark web provides a memorable glimpse at the seamy underbelly of the human experience \u2013 without the risk of skulking around in a dark alley. \n\nDark web search engine\n\nDark web search engines exist, but even the best are challenged to keep up with the constantly shifting landscape. The experience is reminiscent of searching the web in the late 1990s. Even one of the best search engines, called Grams, returns results that are repetitive and often irrelevant to the query. Link lists like The Hidden Wiki are another option, but even indices also return a frustrating number of timed-out connections and 404 errors.\n\nDark web websites\n\nDark web websites look pretty much like any other site, but there are important differences. One is the naming structure. Instead of ending in .com or .co, dark web websites end in .onion. That\u2019s \u201ca special-use top level domain suffix designating an anonymous hidden service reachable via the Tor network,\u201d according to Wikipedia. Browsers with the appropriate proxy can reach these sites, but others can\u2019t.\n\nDark web websites also use a scrambled naming structure that creates URLs that are often impossible to remember. For example, a popular commerce site called Dream Market goes by the unintelligible address of \u201ceajwlvm3z2lcca76.onion.\u201d\n\nMany dark websites are set up by scammers, who constantly move around to avoid the wrath of their victims. Even commerce sites that may have existed for a year or more can suddenly disappear if the owners decide to cash in and flee with the escrow money they\u2019re holding on behalf of customers.\n\nLaw enforcement officials are getting better at finding and prosecuting owners of sites that sell illicit goods and services. In the summer of 2017, a team of cyber cops from three countries successfully shut down AlphaBay, the dark web\u2019s largest source of contraband, sending shudders throughout the network. But many merchants simply migrated elsewhere.\n\nThe anonymous nature of the Tor network also makes it especially vulnerable to DDoS, said Patrick Tiquet, Director of Security & Architecture at Keeper Security, and the company\u2019s resident expert on the topic. \u201cSites are constantly changing addresses to avoid DDoS, which makes for a very dynamic environment,\u201d he said. As a result, \u201cThe quality of search varies widely, and a lot of material is outdated.\u201d\n\nFor sale on the dark web\n\nThe dark web has flourished thanks to bitcoin, the crypto-currency that enables two parties to conduct a trusted transaction without knowing each other\u2019s identity. \u201cBitcoin has been a major factor in the growth of the dark web, and the dark web has been a big factor in the growth of bitcoin,\u201d says Tiquet.\n\nNearly all dark web commerce sites conduct transactions in bitcoin or some variant, but that doesn\u2019t mean it\u2019s safe to do business there. The inherent anonymity of the place attracts scammers and thieves, but what do you expect when buying guns or drugs is your objective?\n\nDark web commerce sites have the same features as any e-retail operation, including ratings\/reviews, shopping carts and forums, but there are important differences. One is quality control. When both buyers and sellers are anonymous, the credibility of any ratings system is dubious. Ratings are easily manipulated, and even sellers with long track records have been known to suddenly disappear with their customers\u2019 crypto-coins, only to set up shop later under a different alias.\n\nMost e-commerce providers offer some kind of escrow service that keeps customer funds on hold until the product has been delivered. However, in the event of a dispute don\u2019t expect service with a smile. It\u2019s pretty much up to the buyer and the seller to duke it out. Every communication is encrypted, so even the simplest transaction requires a PGP key.\n\nEven completing a transaction is no guarantee that the goods will arrive. Many need to cross international borders, and customs officials are cracking down on suspicious packages. The dark web news site Deep.Dot.Web teems with stories of buyers who have been arrested or jailed for attempted purchases.\n\nAs in the real world, the price you pay for stolen data fluctuates as the market changes. According to Privacy Affair's Dark Web Price Index 2021, these are the most current prices for some of the data and services commonly traded over the dark web:\n\nIs the dark web illegal?\n\nWe don\u2019t want to leave you with the impression that everything on the dark web is nefarious or illegal. The Tor network began as an anonymous communications channel, and it still serves a valuable purpose in helping people communicate in environments that are hostile to free speech. \u201cA lot of people use it in countries where there\u2019s eavesdropping or where internet access is criminalized,\u201d Tiquet said.\n\nIf you want to learn all about privacy protection or cryptocurrency, the dark web has plenty to offer. There are a variety of private and encrypted email services, instructions for installing an anonymous operating system and advanced tips for the privacy-conscious.\n\nThere\u2019s also material that you wouldn\u2019t be surprised to find on the public web, such as links to full-text editions of hard-to-find books, collections of political news from mainstream websites and a guide to the steam tunnels under the Virginia Tech campus. You can conduct discussions about current events anonymously on Intel Exchange. There are several whistleblower sites, including a dark web version of Wikileaks. Pirate Bay, a BitTorrent site that law enforcement officials have repeatedly shut down, is alive and well there. Even Facebook has a dark web presence.\n\n\u201cMore and more legitimate web companies are starting to have presences there,\u201d Tiquet said. \u201cIt shows that they\u2019re aware, they\u2019re cutting edge and in the know.\u201d\n\nThere\u2019s also plenty of practical value for some organizations. Law enforcement agencies keep an ear to the ground on the dark web looking for stolen data from recent security breaches that might lead to a trail to the perpetrators. Many mainstream media organizations monitor whistleblower sites looking for news.\n\nStaying on top of the hacker underground\n\nKeeper\u2019s Patrick Tiquet checks in regularly because it\u2019s important for him to be on top of what\u2019s happening in the hacker underground. \u201cI use the dark web for situational awareness, threat analysis and keeping an eye on what\u2019s going on,\u201d he said will. \u201cI want to know what information is available and have an external lens into the digital assets that are being monetized \u2013 this gives us insight on what hackers are targeting.\u201d\n\nThere are also many tools that can be use to monitor the dark web and scan for personally identifiable information and even respond to attacks.\n\nIf you find your own information on the dark web, there\u2019s precious little you can do about it, but at least you\u2019ll know you\u2019ve been compromised. Bottom line: If you can tolerate the lousy performance, unpredictable availability, and occasional shock factor of the dark web, it\u2019s worth a visit. Just don\u2019t buy anything there.\n\nEditor's note: This article, originally published in January 2018, was updated on November 17, 2020, to add information on ransomware as a service. It was updated again on July 1, 2021, to add data on prices paid for stolen data.