Innovation

Four misleading myths about the Dark Web

Combat Dark Web threats by understanding their reality. The Dark Web can threaten your data security. Don't compound the risk by believing these misconceptions.

istockwildpixel.jpg

Image: iStock/wildpixel

It's too easy to fear the dark. The hidden, encrypted internet known as the Dark Web has earned a reputation as a monolithic, mossy rock under which lurks criminals and black hat hackers. Over the past decade the network has accumulated a number of spooky stories and urban legends. While devious activity does exist on the underground internet, the Dark Web is little more than a series of websites accessible only using a secure web browser.

Today, all data is vulnerable. "If you run a cloud business it's likely that sooner or later, your data will leak," Rapid7's Tod Beardsley told TechRepublic in a recent interview. "You need to have an idea ahead of time about how you're vulnerable, and how your team will respond." A trove of sensitive business data already exists on the dark web. To respond appropriately and quickly to data leaks, business must be able to separate Dark Web facts from myths. These are four of the biggest misconceptions about the encrypted internet.

Myth: The Dark Web is difficult to access.

The Dark Web is loaded with criminals and nefarious activity. Good thing it's complex and hard to access, right? Wrong. The Dark Web is easy to access. Though the software needed to securely access the Dark Web was once kludgy and complex, modern tools are easy to install and take minimal configuration. Step one, download the Tails operating system and Tor browser. Step two, find a solid, open source VPN. Step three, read this TechRepublic article. Step four, fire up your security tools and dive deep.

The Dark Web's popularity has risen congruent with the popularity of the Tor browser. Initially developed by the US Naval Research laboratory, Tor has been used by members of the intelligence community since the mid-1990s. The modern version of Tor began as a complicated suite of plugins for the Firefox web browser. Strong security required proper configuration, and the plugins would often slow the browser to a crawl.

Over the past decade, business and consumer awareness of and demand for encryption grew, and security-enabling tools like Tor, and its mobile counterpart Orbot, became easier to use. The market for the Dark Web also grew.

But be careful. Simply because the Dark Web is accessible doesn't mean it's safe.

Myth: The Dark Web is anonymous.

On the internet nobody knows you're a dog. Because the Dark Web and .onion URLs, the top level domain designated for encrypted sites, are accessible only by using Tor and SSL hackers, government officials, and curious bystanders are free to browse the secret web with full anonymity, right? Think again. Even on the Dark Web, with the right tools and a little gumption, there is no guarantee of privacy. Woof.

Tor works by creating a secure connection between the user's web browser and a network of machines, then tossing the originating IP address through several disparate relay points within the network. In theory, these "onion layers" mask the browser's point of origination.

Though Tor and SSL can provide a certain degree of technological security, your behavior on the traditional internet, or clearnet, can impact your anonymity on the Dark Web. Famously, Silk Road founder Ross Ulbricht left several digital artifacts, including his Gmail address, on clearnet forums related to his Dark Web activity. Ulbricht's digital bread crumb trail helped the FBI uncover his IRL identity.

In September 2015 FBI director James Comey alluded to the how the agency fights criminal activity on the Dark Web. The FBI has allegedly developed malware that allows investigators to peek at user behavior and perhaps trace IP address activity. ZDNet reported recently that the law enforcement agency will seize from criminal sites. These honeypots allow the government the opportunity to deploy malware and gather user activity data.

Myth: Alone in the dark.

The biggest mistake businesses large and small can make regarding the Dark Web is to pretend it doesn't exist. After the FBI took down the Silk Road, dozens of other niche markets took its place. With a slick interface and well organized ecommerce-like storefront, AlphaBay, one of the largest black markets on the Dark Web, makes shopping for stolen credit card data a breeze.

Fortunately for companies, there's no need to track the Dark Web alone. One technology in particular, Matchlight by Terbium Labs, helps business monitor and locate stolen Dark Web data like stolen source code, employee social security numbers, and other proprietary trade documents.

A number of companies offer Dark Web security services:

Myth: The Dark Web is all dark.

There are a number of fun and legitimate reasons the Dark Web has grown rapidly.

  • Strongbox is The New Yorker's Wikileaks-style encrypted information sharing service.
  • Facebook's Dark Web site receives over 1 million visitors per month.
  • Not Evil is the Dark Web's anti-Google. [link requires Tor]
  • Deep Web Radio is a Dark Web streaming radio station and music playlist to accompany your exploration. [link requires Tor]
  • OnionWallet is a bitcoin escrow and wallet service. [link requires Tor]
  • Developed at CERN, ProtonMail is a secure web-based email service.
  • Cats, because the Dark Web is still the web. And the web is mostly cats. [link requires Tor]

READ: Enterprise encryption: Trends, strategic needs, and best practices(Tech Pro Research report)

Though the Dark Web is increasingly accessible, the encrypted web is not necessarily safe, and the potential to encounter dubious or obviously illegal content is high. TechRepublic does not condone illegal or unethical activity. Offensive material can sometimes be just a click away. Never break the law, and browse safely at your own risk. Use the Dark Web for legal purposes only.

We're interested in your feedback and thoughts about why and how SMBs and enterprise companies use the Dark Web. Your comments below are welcome.

Read more

About Dan Patterson

Dan is a Senior Writer for TechRepublic. He covers cybersecurity and the intersection of technology, politics and government.

Editor's Picks

Free Newsletters, In your Inbox