With the recent takedown of the illegal marketplace AlphaBay, we have been hearing more about the term “Dark Web”.  That mystical place where all sorts of information is accessible. What is the dark web? The dark web are webpages that reside on darknets. Those darknets are hidden networks on the internet that require specific software, configurations and authorizations to access. Those web pages are not indexed by search indexes (like Google or Yahoo), meaning that you cannot find them easily. It’s a haven for hackers, drug dealers, arms dealers, etc.

But wait; it’s not that simple. The dark web is only a small portion of the “Deep Web”. Confused yet? Let’s break it down.

Surface Web

This is what people use everyday. Anything that can be indexed and found by a search engine. Search engines (Google, Yahoo, Bing) depend on links to find and identify content. Indexing is what made the internet so user friendly. It’s easy for everyday users to find content on the World Wide Web or for the purists: The Surface Web. There is still lots of illegal activity happening on the surface web. However, it’s hidden in plain sight and relatively easy to protect your organization against malicious code originating from it.

Deep Web

This includes anything that a standard search engine cannot find. Let’s say you want to travel to Ecuador and use booking.com to search for a flight and hotel. You enter your desired dates and destination then click search. The results returned by a search on booking.com is considered Deep Web content because it’s not indexed by a standard search engine. You cannot get that data using links. Government database and libraries are good examples of deep web content. Most of its content is available to the public however you must use specific websites and forms to find it. There are ways for hackers to manipulate deep web content, so always be careful what your web servers can access. You wouldn’t want your corporate financial data exposed to the general public.

Dark Web

The dark web is a small portion of the Deep Web intentionally hidden and inaccessible through standard web browsers (as described earlier). Dark webpages are hosted on darknets, which are hosted on overlay networks like the TOR (The Onion Router) and I2P (Invisible Internet Project) networks. Once you get access to an overlay network you can browse the dark web. Some sites require authorization, some do not. Preventing usage of those overlay networks on your corporate network must be a factor in securing your network.

To sum it all up

Think of it like an iceberg. The surface web is the tip of the iceberg. The deep web is everything that is underneath the water and the dark web is under the water but requires special scuba gear to reach.

The surface web is immense. It’s already impossible to estimate its size. To think that the deep web and dark web are exponentially bigger is a scary thought.