Whether you’re an expert or know nothing about it, something in our brain rightfully associates the term “Dark Web” with criminal activity.
The Dark Web can be a scary place. It’s home to thousands of web pages used to facilitate virtually any illegal activity you could imagine. But, it’s not that simple — the World Wide Web is massive, and the Dark Web is just one part of it.
Confused yet? Let’s learn more about the Dark Web, how it plays a role in the World Wide Web, and find out what really goes down in the online underground.
Understanding web layers: Surface and Deep Web
Before we get into the fun part, we need to first understand how the World Wide Web is structured. It’s divided into two main layers — the Surface Web and the Deep Web. The two layers are differentiated by the way in which web pages layers can be accessed, viewed and shared with and by others.
The Surface Web refers to the most familiar area of the web. Pages that live on the Surface Web can be indexed and aggregated by search engines using keywords, URLs and the content within the page itself.
The Surface Web is what we’re used to. We use the Surface Web for almost everything we visit online. At the end of 2016, there were approximately 334.6 million registered web domains on the Surface Web. Just two months later in February 2017, there were over 1.2 billion.
However, the Surface Web is by far the smallest layer when compared to the Deep Web. In fact, over 90 percent of websites on the World Wide Web live in what’s known as the Deep Web.
The Deep Web is reportedly 4,000 to 5,000 times larger than the Surface Web. Unlike Surface Web pages, Deep Web pages are not indexed by search engines.
While the term may seem ominous, you’ve probably used the Deep Web without knowing it. If you’ve logged into an online banking account and viewed your bank statement or accessed a secure online portal for healthcare or academic purposes, you’ve surfed the Deep Web.
Don’t be alarmed! The Deep Web can be used for legitimate purposes. Think of it as a way we keep certain information away from public view. Pages that allow you to view your bank account statement, medical information or other pages that are governed by secured access limitations will not be included in search engine results.
The relationship between the Deep Web and the Dark Web is critical in understanding how the online underground works. While the Deep Web refers to any web page that cannot be indexed by search engines, the Dark Web refers to the deepest part of the Deep Web.
We see URLs like .com, .org and .net all over the Surface Web. These URL endings are used to tell us information about where the page was originated. But on the Dark Web, URLs end in .onion to indicate that they are hidden sites and cannot be accessed without a special Web browser like The Onion Router (TOR).
Deep Web vs. Dark Web
Understanding the Dark Web can be confusing. But, it’s important to know that the Dark Web is not “technically” its own Web layer. However, many refer to the Dark Web as its own entity because of how different it is when compared to the Deep Web.
The Dark Web can only be accessed through certain Web browsers designed specifically for surfing the Dark Web. Unlike normal Web browsers, browsers like TOR will randomize the information coming both to and from your device, which allows all participating parties on the Dark Web to remain anonymous. As a result, most illegal activity online is conducted on the Dark Web.
You may be thinking: “If the Dark Web requires a special browser, why would anyone do it in the first place?” But, research shows that there are more people surfing the Dark Web than you may think. In fact, 20 percent of all global TOR browser users within the first two months of 2017 were from the United States.
The Dark Web and identity crime
Criminals often profit from data breaches by trading stolen information on black market websites. However, the Dark Web can play many roles when it comes to identity crime – especially in data breach events.
Acquiring the “goods”
Data breaches are often caused by malicious software, or “malware,” installed by criminals to capture sensitive information. One common type of malware used in data breaches is one that collects debit/credit card information from point of sale systems. Criminals can use the Dark Web to acquire the malware that will be used in their data breach plans.
Profit from data
There’s no question that data breaches are profitable to identity thieves. One way that criminals capitalize on breached information is by selling it through online black market sites. Prices vary based on the type of information and how the information is bundled. For example, one report found that a batch of 1,000 Gmail accounts went for $200. However, the same report found that stolen health insurance information ranged from $1,200 to $1,300. Another example is specific to credit card data. A random chip card could be priced at $5-8 per card, but when paired with a bank ID number, date of birth and other identifying information, the cost can go up to $30.
Dumping the data
Another way that criminals use breached information is by dumping it on the Dark Web. Data dumping is exactly how it sounds — criminals take large batches of information and “dump” it online, allowing access to that information for anyone on the web. Like the rest of the internet, information travels far and wide at extremely high speeds. One security vendor who dumped a batch of fake information on the Dark Web found that it was viewed over 1,100 times across 22 countries in just 12 days.
How to keep your information off the Dark Web
If your information reaches the Dark Web, it’s very likely that it’s already been misused. Preventive steps and awareness are key in protecting your information from falling into the wrong hands:
- Create strong passwords that include upper and lowercase letters, numbers and special characters. Be sure to change them every 90 days, and avoid reusing them for multiple online accounts.
- If a data breach occurs, act sooner rather than later. If you believe you’ve been impacted by a data breach event, take the following steps to properly secure your information to prevent any further damage:
- Find out which parts of your information were compromised.
- Regularly review your bank statements for signs of suspicious activity.
- Request your credit reports from the three major credit bureaus to look for suspicious credit activity on your file.
- Consider placing credit freezes or fraud alerts to add an extra layer of protection to your credit files.