Inside the Dark Web: 4 Misconceptions and How Security Teams Can Change Minds and Benefit

While the dark web offers a haven for criminals and serves as inspiration for Hollywood blockbusters, it’s much more mundane in real life. Still, many businesses feed into the fallacies surrounding the dark side of the Internet, ultimately delaying their ability to protect employees and consumers.

Our industry really needs to shed some light on the largest misconceptions associated with the dark web. Equipped with these new insights, we can empower security pros to explore the dark web and gain knowledge that will strengthen their security posture. But before we can debunk any misconceptions, companies must first understand the basics.

The dark web resides on a portion of the Internet where communications and transactions are carried out anonymously. Separate networks like TOR, Blockchain DNS, I2P, and ZeroNet make up the dark web and have different access requirements and resources. Cybercriminals and threat actors typically use these networks to securely and secretly coordinate crime functions, and openly discuss terrorist tactics, techniques and procedures (TTPs). The dark web also serves as a marketplace to buy or sell goods or services, such as credit card numbers, social security numbers, all manners of drugs, and stolen subscription credentials. It’s a long list.  

There’s also practical value for legitimate security organizations to access the dark web. Cybersecurity teams can track for evidence of attacks in various stages of execution. Today, companies are applying intelligence requirements processes to determine what they should do with the information they discover, like monitoring for vulnerabilities that are weaponized in malware families. To monitor the dark web successfully, organizations should carefully weigh options between people and technology. They must invest in both: people deliver context and expertise, while technology helps teams scale.  

Now that we understand a bit more about the dark web, let’s dive into the four biggest misconceptions:

Misconception: The dark web doesn’t have a good side.

Reality: Dissidents and civil rights advocates use the dark web to communicate in repressive governments around the world.

Understandably, the dark web gets a lot of bad press, which leads many to believe that it’s inhabited exclusively by nefarious types. However, it has many benign practices that organizations can partake in. For example, the Tor network was initially developed by the United States Naval Research Laboratory to protect U.S. intelligence communications from surveillance. Anonymity and protection from surveillance have made the Tor network and other parts of the dark web an invaluable tool for dissidents and civil rights advocates under repressive regimes, journalists, and whistle-blowers. The New York Times makes its website available as a Tor Onion Service for readers in countries that block access to the newspaper’s regular website, or who worry about their web activities being monitored.

Misconception: The dark web houses the majority of digital threats facing businesses.

Reality: Security pros find important communications tools on the dark web.

Contrary to popular belief, the dark web does not serve as a home to a majority of digital threats facing businesses. Although it includes a few thousand sites, it only makes up a relatively small portion of the deep web. People are often surprised to learn that more digital threats appear on the surface web than on the dark web. Communication, collaboration and transactional tools are all available on the dark web. These include forums and chat rooms, email and messaging applications, blogs and wikis, and peer-to-peer file-sharing networks.

Misconception: Organizations can’t mediate or anticipate dark web threats.

Reality: Security teams comb the dark web to prevent future attacks and takedown bad sites.

Although organizations can’t influence sites or marketplaces found on the dark web, the material found there can help discover sites and social media accounts on the surface web used for launching attacks, carrying out phishing campaigns, and selling counterfeit and stolen goods. By leveraging insights from the dark web, security pros can regularly “takedown” those websites and accounts from the surface web.

Misconception: Monitoring the dark web takes money – and it’s slow.

Reality: Doesn’t have to be that way with the right mix of people and technology.

Monitoring the dark web requires some skill, but it isn’t necessarily a slow and expensive process. Typically, organizations gravitate towards data loss protection (DLP) services, which ensure sensitive data doesn’t get lost, misused, or accessed by unauthorized users. Having the right technologies and people, and sometimes with outside DLP services, companies can prevent attacks and at a relatively modest cost.

Habitually categorized as an asylum for criminals of all stripes, the dark web holds an opportunity for organizations hoping to detect data breaches and anticipate and thwart attacks. While other companies are already profiting from monitoring and tracking certain areas of the dark web, others struggle to even understand and dispel its misconceptions. With some minimal investment, companies can establish comprehensive visibility across multiple digital networks. This will let them discover threats sooner and take action wherever attackers are vulnerable along their kill chain. With this level of visibility and understanding, companies can shed their fear of the dark web and have confidence in their digital risk protection program.

Zack Allen, director, Threat Intelligence, ZeroFOX

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.