Cyber protection has always been about language. Its very name was the focus of several publications back in the day that sought to clarify how “cyber” is distinct from conventional infosec. When it became popularised, the word “Advanced Persistent Threats” was still under criticism, with many critics believing that such nation-state attacks were not even APTs, since their attacks had nothing “advanced” about them from a technological point of view. As I discussed in my previous post, “Threat Information” is also a concept that covers a broad spectrum of packages, creating consumer uncertainty.
The Dark Web as a word is no different, despite being around in its present form for almost 15 years and a household name with parallels in tv shows and even Disney cartoons. Speak to technology experts interested with investigating the Dark Network and you would potentially end up providing different feedback as to what it is and what it is made up of. Some say that the Dark Web is another concept of the TOR anonymizing network, whilst others suggest that the Dark Web consists mostly of dissident pages, with only a limited amount of criminal behaviour. These arguments are disputed by some, which means that there is no consensus about precisely what this word applies to.
As the Dark Web is more than just a common culture , it is important to provide a clear description for it, but its surveillance is a big offering in the security industry. Lack of transparency contributes to misconceptions that create discrepancies between consumer preferences and vendor deals as a result. We have quite a few conversations on the subject as a forum, and multiple participants tend to have varying and sometimes opposing views as to what it is. The Dark Web borders are not necessarily transparent, and many pages fall in a grey field. This divergence in views is not for a lack in justification. Despite this, I felt it would be worth trying to describe, once and for all, what the Dark Web Actually actually. Please remember that only my own views are the following.
Given that the Dark Network is predominantly referenced in the protection sector in the form of intelligence work, we need to look at it from that angle, from the eyes of an intelligence project, to better describe the nature of the Dark Web. This will help people understand what the Dark Web is, but also what it isn’t, almost as critically.
The Dark Network is not a TOR synonym. If an intelligence operation finds an automated platform selling stolen credit cards, if it has a dot-onion address, does it consider the platform significant only? If a site is hosted on the clearweb, with a standard dot-com domain, does it instantly avoid being relevant? (domains of TOR sites have an onion TLD) What about the numerous Dark Web pages that have both transparent web and TOR domains? Is only a version of TOR relevant? Of course, the answer to all these questions is no.
TOR is an application that is intended to provide internet privacy. Many Dark Web sites are not on TOR simply because they do not require or use other technology for this privacy. There is no need for anonymity for sites hosted on “bulletproof hosting” platforms, hosting systems run by criminals for criminals who disregard law enforcement removal demands. Since they can’t be taken down, if their position is identified, it doesn’t matter. Some sites mask their location through other means, such as legal anti-DDoS programmes that obscure the IP address of the server when they first redirect all traffic through their servers. In the view of a Dark Network intelligence activity, only because one tool is being used and not another does not describe whether it is or is not important.
The accessible web, the deep web, and the dark are another often-used means of describing the Dark Web by categorising the various “webs” that exist. According to this definition, all the pages that have been indexed by search engines are available on the web and can thus be searched. The unseen network, which is several times bigger than the accessible network, is all the services that can not be found-the intranet of internal enterprises, sites that have not been indexed by search engine crawlers, as well as sites that are not connected to anything. According to this definition, the Dark Web is the portion of the invisible web that, due to unauthorised operation, does not wish to be discovered.
While this concept is equivalent to what the Dark Web actually is, it is also imprecise. If you know what to look for, there are plenty of card forums and electronic credit card sellers that can be found on Google and other search engines. Moreover, not only can you access to some of the Dark Web platforms, but search engines have been able to index their content, too. They should be part of the visible web by this grouping, but their material is evidently hidden. Only because it was indexed by a search engine, should such a site become insignificant to an intelligence operation?
The truth is that many users with differing technological skills are part of the Dark Web. This is also true for the participants who run pages in these circles. And do not have the technological expertise to better prohibit their pages from being indexed by search engines. Maybe others don’t really care. There’s plenty of carding, hacking and other nefarious practises on legal platforms, such as social media, bringing things a step further. Will the importance of the material shift for an intelligence activity only based on where it was posted? Again, the conclusion is no, and we can grasp what the Dark Web is by the removal process.
The only thing that is important from an intelligence point of view in deciding if a source is important is the information. If the material is illicit or controversial which is the sort of information that is dealt with by the Dark Web surveillance activity, it may be labelled as “Dark Web.” The “Dark Web” is not actually a venue, but a process.
There is carding, paedophilia, jihadism, piracy and other forms of illicit material that can all be categorised as Dark Web. This operation is diverse. In a way, with their own tools, code of behaviour, threat actors, vocabulary and functions, there are several “Shadow Webs”. If you need to consider the “Dark Web” as a destination, it is the websites devoted to such activities, as well as the “enclaves” of official websites such as Facebook and Telegram where those activity takes place in different communities. Where the platform or enclave is located, which procedures or resources are used to guarantee that this material stays available, or how the hosting was actually set up, does not matter. The material is it.