Is your business data on the Dark Web? Learn how to find out if you've been compromised in this step-by-step guide to accessing the underbelly of the internet.
The Dark Web is easy to find. With the right tools, and a stomach made of steel, anyone can access and browse the internet's underbelly. Lurking under the surface of the clear web—sites we visit every day with traditional web browsers and search engines—are indeed black markets loaded with stolen credit card information, black hat hackers, and human and drug traffickers.
The Dark Web, the deep web, and darknet are spooky-sounding phrases that refer to websites that mask their IP address and can only be accessed using encryption-friendly tools like The Onion Router. TOR is an open source project best known for developing a Firefox-fork web browser pre-loaded with a number of hard-coded security and encryption enhancements. TOR allows users to obfuscate browsing activity by scrambling a user's IP address through a secure and distributed network.
The TOR project also develops Tails, a live, pre-configured Linux distribution that will run on almost any computer. Popularized by Edward Snowden, Tails runs as a discrete operating system on USB flash drives. Tails provides additional layers of security so that Dark Web browsing is not tied directly to a user's machine. Tails also allows users to store encrypted files, run email programs and PGP, and run the TOR browser.
SEE: The Dark Web: A guide for business professionals (free PDF) (TechRepublic)
The modern Dark Web's notorious reputation is well-earned, and the hidden internet is undeniably dangerous. Though encrypted websites have existed for more than a decade, the Dark Web rose to mainstream prominence alongside the Silk Road, the now-defunct "Amazon for Drugs." YouTube is loaded with Dark Web horror stories, and the Hidden Wiki serves as a portal to the criminal underground.
There are also number of legitimate reasons users may want to access the Dark Web. The web's substratum is populated by mainstream web companies like Facebook, political activists, and journalists who need to communicate and share sensitive information. The United Nations, FBI, and CIA use the encrypted internet to monitor terror groups like Daesh and keep tabs on criminal profiteers. Corporate IT departments frequently crawl the Dark Web in search of stolen corporate credit card information and compromised accounts.
How to safely access and browse the Dark Web
Step 1: Plan ahead.
There are plenty of reasons companies and individuals may want to access the Dark Web. SMBs and enterprise companies in particular may want to monitor Dark Web portals for stolen corporate account information. Individuals may want to monitor sites for evidence of identity theft. Facebook's encrypted site, located at facebookcorewwwi.onion, is a feature-rich method of accessing the social network using end-to-end encryption.
- Set a goal, make plans, and stay focused. Be mindful of purpose. Make sure you know what information you're looking for and why you're logging on to the encrypted web. For example, if you're a reporter and need to communicate with sources, focus on PGP, email, and encrypted communication. If you're searching for credit card information, look for Silk Road-type markets that sell hacked data.
- Get what you need, safely disconnect TOR and Tails, then log off.
Step 2: Obtain a new USB flash drive.
Purchase a new 8 GB or larger USB flash drive. Make sure you use a fresh, unused drive. You will install Tails, and Tails only, directly on your storage device.
Step 3: Prepare your local machine.
Ideally, use a fresh laptop. This isn't an option for most users, so instead do everything in your power to secure and isolate mission-critical information.
- Back up critical data and local files.
- Make sure your hardware is optimized and malware-free.
Step 4: Download Tails and TOR.
Step 5: Browse safely.
Common portals and search engines:
Encryption is strong, but not impenetrable. The FBI discovered and exploited vulnerabilities in the TOR network. Though the agency refused to disclose the source code used to penetrate the network, undoubtedly law enforcement agencies around the world monitor and operate on the Deep Web. Members of the TOR project vowed to patch network holes and strengthen the protocol.
SEE: Encryption policy (Tech Pro Research)
TechRepublic does not condone illegal or unethical activity. Offensive material can sometimes be just a click away. Browse at your own risk. Never break the law. Use the Dark Web safely, and for legal purposes only.
What do you think about why and how SMBs and enterprise companies use the Dark Web? How do you educate your employees about the Dark Web? We welcome your comments and tips in the article discussion.
Editor's note on March 11, 2019: This article was first published in July 2016. We have added recently published resources about the Dark Web.
- 3 ways dark web data trade will change in 2019, and how to protect your business (TechRepublic)
- Starting at $40, hackers can attack your business with services bought on the dark web (TechRepublic)
- How the Dark Web and cryptocurrency aid the propagation of cybercrime (TechRepublic)
- 127 million user records from 8 companies put up for sale on the dark web (ZDNet)
- A basic guide to diving in to the dark web (ZDNet)
- Dark Web 101: Your guide to the badlands of the internet (CNET)
- The dark web is where hackers buy the tools to subvert elections (CBS News)
- Get more must-read cybersecurity coverage (TechRepublic on Flipboard)