The Dark Web: What Lies Beyond The Light?

June 25, 2019 Security and Compliance, MOVEit

The Dark Web. You've heard the term. It pops up in mainstream news stories about illegal goods, stolen identities and credit card fraud. It's a kind of digital boogeyman for ordinary users and IT pros alike, making it easy to mistake fear for facts and hype for helpful advice. Here's a look at what lies beyond the light. How do you get there? Who's waiting when you arrive? And what's really for sale?

Scratching the Surface

First up: definitions. Any content you can find on the internet using a search engine is part of the Surface Web — think Wikipedia entries, company websites and e-commerce sites. Anything that isn't part of this indexed content, such as password-protected pages, content behind paywalls and company intranets, comprises the Deep Web, which makes up approximately 90 percent of the internet. The term is often used interchangeably with Dark Web, but this is inaccurate; sites in the Dark are those that aren't visible via search engine and can't be found using a regular browser.

Related Article: SMBs: A Hacker’s Treasure Trove 

Getting Inside

So how do you access the Dark Web or Darknet, as it's sometimes called? Start with The Onion Router (TOR) software, which permits access to the anonymous network of the Darknet. It's a simple download. After you open it, you can use the familiar-looking Web browser to access "hidden services," which have Web addresses ending in .onion instead of the more familiar .com or .org. It's also a good idea to invest in a virtual private network (VPN) or other proxy server connection to ensure that your connection with this Web can't be monitored by anyone else.

What's for Sale?

The Darknet does a brisk trade in things both legal and illicit. It's also largely recession-proof; despite multiple law enforcement busts over the last few years, the illegal drug trade in the Darknet sees more than $100 million moved per year, according to WIRED. Weapons, ammunition and pornography are all popular market verticals, but that's just the beginning. ZDNet reports that the Dark Web is "something of an eBay" for certain items, such as old video-game consoles, DVDs and mobile devices — both fake and legitimate. It's also a haven for hacktivists who prefer to remain anonymous because of social pressure or government restrictions. Business Insider, meanwhile, compiled a list of oddities for sale, including:

  • Guides to immortality.
  • On-demand 3D printing, "anything from guns to skimmers."
  • Beach sand.
  • Realistic silicone masks.
  • Fake coupons for grocery-store products.

Put simply? If you want it, you can find it in the dark.

The ID Problem

No discussion of the Dark Web is complete without mention of identity theft. Stolen credit card numbers (100 in a bundle), Netflix account details, bank logins and e-commerce credentials are all for sale if you know where to look.

According to BGR, there's a well-regulated market for this kind of data. Stolen credit and debit cards go for $5 to $30 in the United States; bank logins for a $2,200 balance are $190; and online payment credentials range from $20 to $300. Want TV? HBO NOW or HBO GO accounts are just $10, and premium sports streaming starts at $15. It gets worse: full-on identities are also for sale, including everything from an individual's name and date of birth to his home address, phone numbers and login details for all social and online accounts.

This is one of the main reasons why many law-abiding citizens seek access to the Dark Web — to see if they've been the victim of ID theft. If that's your aim, start with sites like Rescator or Ran$umBin. Both offer a place for criminals to upload details of stolen identities or credit cards — and, unlike earlier versions of Dark sites, also pride themselves on customer service and responsiveness. Much like traditional e-commerce storefronts, this next generation of illegal sellers has a vested interest in keeping buyers happy. With just a few general inquiries, you can find out just how deep your ID theft goes and determine if it's worth paying the price of recovery or starting from scratch.

Below the surface is the Deep Web, and under this lies the Dark. Getting in is easy, but go with caution: Nothing is off-limits when the lights go out.

Doug Bonderud