Introduction to Cybersecurity and Dark Web (Part 2)

The term dark web is part of the WWW and known as invisible/hidden web. The content on the dark web remains hidden and cannot be searched through conventional search engines. The content only exists on personal encrypted networks or peer-to-peer configurations, and it is not indexed by typical search engines. Therefore, the large part of the internet that is inaccessible to conventional search engines is known as deep web (invisible web). Everyone who uses the web virtually visits what could be reflected as deep websites on a daily basis without being aware.

The deep web is the anonymous internet where it is much difficult for hackers, spies, or government agencies to track internet users and have a look on which websites they are using and what they are doing there.

Web Levels

There are various levels of deep web; for instance, the lower level (level 1) is generally comprised of the “open to public” part of the web, and the upper level (called level 5) is known as dark web which is not accessible by normal web browser and needs to get The Onion Router (Tor) network or some other private network. The following table gives a brief understanding of the level of dark web:

Level 1Common webLevel 2Surface Web Reddit Digg Temp email servicesLevel 3Bergie Web Google locked results Honey ports Freehive, Bunny Tube, etc.Level 4Charter Web Hacking Groups Shelling Networking AI theorist Banned videos, books, etc.Level 5Onion sites Human trafficking, bounty hunters, rare animal trade Questionable materials Exploits, black markets, drugs

Web Categories

This section describes the three different levels of web such as the public web, the deep web, and the dark web.

Public web: It typically refers to the unencrypted or non-dark net. This traditional WWW has relatively low-base anonymity, with most websites routinely identifying users by their IP address.

Deep web: It refers to internet content that is not part of the surface web. This means that instead of being able to search for places, you have to visit those directly. They’re waiting if you have an address, but there aren’t directions to get there. The internet is too large for search engines to cover completely; thus, deep web is largely present. The deep web generally mentions the web pages which are invisible by traditional search engine.

Dark web: It is part of the WWW and part of the deep web which can only be accessible by specific software, configurations, or authorization, often using nonstandard communication protocols and ports. The Onion Router is used to access the dark website which is called Tor network.

The following figure shows the differences between deep web, dark web, and internet.

Dark Net

The term dark net is part of dark deep web, and it is a collection of networks and technologies used to share digital content. The dark net is hidden from the users who use to surf with normal or standard browser, and it is also hiding the web address and server locations. The following table shows the difference between surface web, deep web, dark web, and dark net.

Surface WebDeep WebDark WebDark NetDescriptionContent that search engine can findContent that search engine cannot findContent that is hidden intentionally–Known asVisible web, indexed web, indexable web, lightnetInvisible web, hidden web, deep net–Underbelly of internetConstitutesWebWebWebNetworkContentsLegalLegal + illegalIllegalIllegalInformation Found4%96%––BrowserGoogle Chrome, Mozilla Firefox, Opera, etc.–Tor BrowserFreenet, Tor, GNUnet, I2P, OneSwarm, RetroShare

The Implication of the Dark Web Crime

Security in the dark web is crucial for building confidence and security in the use of information technologies so as to ensure trust by the information society. Lack of security in cyberspace undermines confidence in the information society. This is especially the case with many intrusions around the globe resulting in the stealing of money; assets; and sensitive military, commercial, and economic information. With information flowing through boundaries of different legal systems connected to different networks around the globe, there is a growing need to protect personal information, funds, and assets, as well as national security. As a result, cybersecurity is gaining interest by both the public as well as the private sectors.

With the emerging applications of computers and IT, cybercrime has become a significant challenge all over the world. Thousands of cybercriminals attempt every day to attack against computer systems to illegally access them through the internet. Hundreds of new computer viruses and spam are released every month in an attempt to damage computer systems or steal or destroy their data. Such threats are expensive, not only in terms of quantity but also in terms of quality. In recent years, experts are becoming more concerned about protecting computer and communication systems from growing cyberattacks including deliberate attempts to access the computer systems by unauthorized persons with the goal of stealing crucial data; to make illegal financial transfers; to disrupt, damage, or manipulate data; or execute any other unlawful actions.

As computer security has advanced, maintaining network persistence has grown harder. As per the Australian Cyber Security Centre (ACSC) report (ACSC, 2017, p. 28), the culture has adapted to this environment, focusing on low-risk, high-reward targets to achieve their goals, with a focus on the development of social engineering methodologies to implement new attacks.

Further to this, the ubiquitous nature of the internet has allowed these nefarious individuals to gain increasingly detailed profiles of individuals through exploitation and analysis of their digital footprints. This has resulted in higher rates of spear-phishing attacks, identity theft and fraud, and the development of highly specialized malware tools.

There are many risks and pitfalls in cybersecurity incident that can seriously affect computer and network systems. It can be due to improper cybersecurity controls, man-made or natural disasters, or malicious users. The following section mentions some major incidents in the cyberspace.