It’s time to shine a light on one of the internet’s most obscure and nefarious places: the dark web. This network, known for providing anonymity, draws both privacy advocates and cybercriminals to its corners. In this article, we will explore how the dark web functions, the types of people who visit its sites, the illicit goods and services exchanged there, and how we surveil its activities for intelligence purposes.

The internet is made up of three separate layers. The dark web, the deep web, and the surface web.

The surface web is the portion of the web which is commonly accessed by individuals on a daily basis. It encompasses all websites that are searchable and easily discoverable through search engines such as Google.

The deep web is extensive and varied, and not searchable by conventional search engines. This tier consists of confidential information, such as individual databases, online storage, and protected corporate or organizational networks, which can only be accessed with specific login credentials.

The dark web is located at probably the most profound level of the internet, only reachable through specific software like The Onion Router (Tor). Tor encrypts users’ internet traffic, hiding their identities as well as locations, which makes it extremely difficult to track their online actions.

Although the dark web may be used lawfully for free speech protection or censorship avoidance, its lack of traceability has also made it a haven for illicit activity such as illegal trading and cybercrime.

The dark web draws privacy seekers as well as cybercriminals. The following people are its main users:

1. Cybercriminals

Cybercriminals use the dark web for anonymity. They sell stolen data, plan cyberattacks, and trade illicit goods like drugs, weapons, and counterfeit documents. The fastest-growing type of ransomware is ransomware-as-a-service (RaaS), where attackers rent pre-packaged ransomware kits without technical skills.

2. Researchers

Cybersecurity experts track new threats via the dark web. Through filtration of forums and marketplaces, researchers collect intelligence on malware, vulnerabilities, and criminal techniques that companies can use to build defenses before an attack hits them.

3. Law Enforcement

Law enforcement agencies operate undercover in illegal marketplaces and cybercriminal networks using the dark web. Through infiltration and surveillance, they collect evidence, track transactions, and take down big dark web operators.

4. Privacy Advocates

Not all dark web users are criminals. Privacy aware journalists, activists and whistleblowers use the dark web to defend their identities in countries where censorship and government surveillance are routine.

The dark web is notorious for its illegal marketplaces, which trade a range of illicit goods and services. Here are some of the most common:

1. Stolen Personal Information

Cybercriminals frequently buy and sell personal data like social security numbers, login credentials, and payment details. This data is often harvested from large-scale breaches and sold in bulk, making identity theft and fraud rampant.

2. Corporate Secrets

Hackers sell access to compromised corporate networks and company data. Cybercriminals can leverage such data for ransom or extortion, and financially sabotage businesses.

3. Illegal Goods

Drugs, weapons, and counterfeit documents are easily found on dark web marketplaces. Fake passports and other identity documents aid criminals in committing fraud and evading detection.

4. Leaked Databases

Whole databases like financial records or government intelligence are sold on the dark web. These are used by cybercriminals for use in phishing campaigns, fraud, etc.

Cybercriminals make use of the dark web to host auctions where they sell stolen data or offer access to hacked systems. Hackers frequently offer “initial access points” for sale, which serve as entryways into networks which enable other parties to carry out attacks without needing to penetrate the system directly.

Image: An example of the different access points for sale

RaaS is also now just about the most dangerous service on the market. It allows new cybercriminals to lease ransomware tools to perform their own attacks. The initial creators of these tools generally take a slice of the profits. This type of offering has substantially increased the amount of ransomware attacks worldwide, as the complex barrier for entry is decreased.

As cybercriminals continue to evolve, so must your defense strategy. At BlackFog, out threat intelligence team is committed to staying ahead of the latest threats. Our proactive approach ensures that our software and tools are always updated to protect you from a range of cybercrime methodology.

BlackFog is a preventative cybersecurity solution that protects your organization from ransomware, extortion, and other cyberthreats 24/7—with no human intervention—with an emphasis on preventing data exfiltration via our advanced ADX technology.

Don’t wait for the next ransomware attack wave; take proactive action now and secure your most valuable assets.