While it may sound like a place described in a sci-fi novel; the ‘Deep Web’ and in turn, the ‘Dark Web’ are a little-known force that is altering virtual security, data protection, and the growth of virtual economies.
In 2013, news sites were quick to report a takedown of the now infamous and defunct online or virtual black market, the Silk Road. This site was a hidden virtual market which was predominantly used to buy and sell illegal drugs, weapons and in some cases, the contracting of criminal activities such as kidnapping and assassination. This illicit version of eBay or Amazon operated entirely outside the search parameters of what is now known as the ‘Clear Web’, and cannot be found or indexed by any of the database search sites we normally use such as Google or Yahoo.
If one imagines the Internet as an iceberg; websites and applications we use on a day-to-day basis make up only its tip. The vast majority of the world’s networked data actually lies beneath the surface in the virtual environment of the Internet that is generally called the ‘Deep Web’. Here, we find data that can only be accessed with security-key protocols such as academic journal sites, company intranet networks, and secured corporate databases.
Sites such as Silk Road existed in what is called the ‘Dark Web’. This area of the Internet is a hidden corner of the World Wide Web that cannot be accessed without special software that anonymises the user and their activities (such as Tor or I2P).
Because online activity on the ‘Dark Web’ cannot be traced, the ‘Dark Web’ has seen the growth of various virtual black-markets and communication networks for criminal and terrorist activities. Likewise, similar market sites to the Silk Road utilise crypto-currency, such as Bitcoin to enable transactions, thus creating a robust virtual and as yet unmeasured economy that rivals real world economies.
The ‘Dark Web’ virtual market AlphaBay, which was taken down in 2015 alarmingly enabled transactions worth up to an estimate of $1b in just one year. 
The risks that the ‘Dark Web’ poses to regular businesses depends on the kind of data and information those businesses own.
Some examples of risks the ‘dark web’ possess for users include:
- Private customer data such as credit card numbers can be hacked, then bought and sold in ‘Dark Web’ virtual markets to be used by malicious hackers and organisations for identity theft and fraud;
- High-profile cyber-attacks such as the one on the dating website Ashley Madison in 2015, utilised private information that had been hacked and stored in the Dark Web;
- The recent WannaCry malware that infected the British NHS network in early 2017 was likely developed and sold on the ‘Dark Web’ to black hat hackers.
The concept of the ‘Deep Web’ and ‘Dark Web’ is difficult to grasp. When considering your cyber security regime it is important to remember the following:
- Be informed, stay alert and on top of the latest issues in cyber security
- Back-up databases onto offline servers on a regular basis
- Consider researching and purchasing cyber insurance schemes to protect against financial losses
Unfortunately, governance and legislation informing the access and use of the ‘Deep Web’ cannot keep up with online developments. It is difficult to protect yourself or your business from a threat of which little has been learned or measured.
While not every aspect of the uncharted ‘Deep Web’ is criminal or even unsavoury (many users navigate the Dark Web to avoid having their online activities captured by marketers on search engines), it is crucial to understand the risks that this unknown world can pose for the user.
Awareness of the existence of the ‘dark web’ can, at the very least, inform your security regimes for the future.
If you require advice and support in developing or improving your organisation’s cyber security regime please do not hesitiate to contact Agilient.
The Agilient Team