Most of us tend to think of the internet as a single destination, accessible via the browsers installed on our laptops and smartphones. But over the years, the web has evolved into three different areas: the public web; the private web or deep web; and the darknet or dark web.
The public web is the internet that most of us are familiar with: sites run by leading dot-com companies, SaaS sites that provide software to run our common email and corporate applications, and so on.
This is information that flows freely between our computers, daily. These sites are searched and recognized by Google and other search engines. If you have an online security tool, this is the part of the web that is your focus.
But when we switch to the private web or deep web, we come to a part of the online universe that search engines cannot easily index or cover from security tools. This includes private intranets, instant messaging services like WhatsApp, chat rooms and online discussion forums, as well as private databases that are behind multiple firewalls or are not acknowledged via the public internet.
Until a few years ago, most cybercriminals were not focused on using these areas to establish themselves on corporate networks, but that has changed. As messenger use took off (with Microsoft Teams, Slack and other services), opponents created tools that can take advantage of the lack of security built into these services. This makes instant messaging the primary target of opportunity for phishing attacks, in particular – as an example of the growing threats that can be found in private web sources.
Finally, there is the dark web. This part of the digital world is much more difficult to understand. Like the private web, these sites strive to not appear in search indexes, mainly because some of them offer illegal goods and services, such as drugs, stolen data (including credit card numbers) and tools for online infringement. Not all of its content is illegal, but there are many that can be questionable.
Examples of such content on the dark web include:
- Places, where you can hire a cybercriminal to break into networks;
- Drugs and other illegal items;
- Lists of usernames / passwords obtained through data breaches;
- Tutorials on how to use computing tools, especially those related to hacking, malware creation, exploitation and code breaking;
- Financial data about companies that may be available on a public website or data
- Compromised sites and suspicious domains for sale;
- “Undetectable” malware source codes, which are for sale;
- Directories of command and control servers for lease, aiming at launching DDoS and other attacks;
- URLs of file sharing sites with malware;
- Censored content of all kinds.
To access the dark web, a special browser called Tor is usually required. Most estimates attribute its popularity to about 5% of the total internet traffic and content. They use .onion domain naming conventions instead of .com or .net. Even Facebook has its own presence on the dark web.
Why would legitimate companies have these sites? They can help your developers understand how to use them and protect your data. In addition, using browsers like Tor, people who live in countries where access to even sites considered harmless are restricted, can access them, making it difficult to track the sites they have visited.