The dark web is a term that frequently sparks sinister thoughts, with images of hooded hackers and nefarious groups lurking in the shadows waiting to digitally lash out and steal your goodies. In actuality, the dark web is merely a digital world of anonymity, rather than an exclusive space for malicious behavior.
Even so, the dark web has a significant impact on our digital activities and how we secure our information. To get a better understanding of what the dark web is, how it operates and what we need to know to protect ourselves, we chatted with Don Pezet, the CTO and lead edutainer for ITProTV.
What Is the Dark Web?
The dark web is a version of the internet that allows for anonymous usage. It functions the same way that the internet does, except that activity isn’t indexed in the search engines you use, allowing you to conduct activities that are not monitored by any governing entity.
“Because of the anonymous nature of the dark web, we don’t know what is happening there,” Pezet said. “That doesn’t mean there are aren’t good things happening on the dark web, we just can’t see them.”
The dark web consists of content on the world wide web that is only accessible from specialized web browsers. When many people think of the dark web, they are likely thinking of the Tor (the onion router) network. The Tor network is free and open-source software that many people use to anonymize their online activities.
To access the dark web, a person only needs to use an anonymizing browser, such as Tor. The browser takes your request or search and routes it through a series of proxy servers that make your IP address unidentifiable.
The Good, the Bad and the Ugly of the Dark Web
There are multiple benefits and dangers surrounding the dark web. Let’s take a look at the good, the bad and the ugly traits of the dark web.
Like the internet itself, the dark web was a communication tool invented by the government. Tor was originally developed by the U.S. Navy as a way to communicate with clandestine groups and other people seeking refuge from oppression, who may need to anonymously access internet connections or escape censorship.
To help enable this kind of communication, individuals with the U.S. Naval Research Lab launched the first version of Tor. They originally intended the onion router to be an open network to increase transparency and enable uncensored use of internet resources.
As with any anonymized tool, Tor can also be used for criminal and malicious activity. The ability to engage with others without any surveillance allows for sinister types to participate in criminal activity without fear of being identified.
The dark web allows everyone to mask their identities. As such, the dark web has given rise to various forms of criminal activity, identity theft, malware for sale, black market transactions and various other illicit tasks. In fact, one darknet market known as the Silk Road operated for several years with that exact purpose before being shut down by the FBI in 2014.
What Kind of Threats Exist on the Dark Web?
The dark web provides the perfect environment for exploitation of information. There are a variety of cyberthreats that originate with the dark web that are dangerous to both individuals and organizations.
One cyberthreat to individuals involves the selling of information obtained in a breach.
“When those credentials get compromised, it’s almost guaranteed they’re on the dark web,” Pezet said. “The credentials may be years invalid, but they’re often sold again and again.”
To truly protect yourself, Pezet recommends that you should assume your information is already being exploited.
“Always exercise best practices, never use the same password. Use multifactor authentication (MFA) when possible. Act under the assumption that you have already been compromised,” he said.
The dark web is also a marketplace for common vulnerabilities and exposures (CVEs).
“When a responsible security pro identifies a vulnerability, they report it to a valid source, they fix it, then they announce it to the world,” Pezet said. “When an unethical hacker discovers a vulnerability, they don’t disclose it. They use it themselves to exploit info or they go to the dark web auction sites and sell it to the highest bidder.” He warns that zero-day exploits are particularly valuable on the dark web and sell for top dollar.
Cyberthreats from the Dark Web and How to Mitigate Them
While there are many malicious things that come from the dark web, Pezet cautions that there are also good elements to consider. The key is understanding what you’re dealing with in order to protect yourself and your business.
“Cybersecurity pros need to know that the dark web has good uses and bad uses,” Pezet said. “It was originally designed to help people in adverse conditions be able to communicate with other people around the world. Imagine living in an oppressive regime and needing some way to reach out and ask for help.”
Despite the good that can come from the dark web, there is no doubt that criminal behavior does take place, and it often comes at the cost of our personal information. Pezet warns that cybersecurity professionals need to be monitoring for dark web traffic to mitigate risk to systems.
“An attacker can use Tor to access your network and you would have a blind eye to that traffic or those activities,” he said.
The dark web provides the doorway to your systems, which prevents you from tracking that activity. To protect against this risk, Pezet suggested implementing a number of security measures so that you can identify anomalous traffic to keep malicious individuals from compromising your information.
“Make sure you are constantly analyzing your traffic,” he cautioned. “You need packet inspection, intrusion detection systems (IDS) and intrusion prevention systems (IPS). You have to be proactive and get those put in place. You should always be logging activity on your network so you can track it and remediate.”
Ultimately, you can prevent dangers from the dark web by detecting dark web traffic and implementing safeguards against anonymous activity.
Get more cybersecurity tips and tricks sent right to your inbox by subscribing to CompTIA’s IT Careers Newsletter. As a bonus, we’ll give you 10% off your next purchase.