What is the dark web?
The dark web is a layer of the internet that cannot be found by search engines and requires specific software and authorization to access. The dark web allows users to have encrypted, private access to information, websites and marketplaces. The sites that make up the dark web are similar in content and style to the surface web, but the traffic is routed and shared differently, making it more difficult to find original sources of content.
What’s the difference between the surface, deep and dark web?
The internet that we use for everyday activities — like browsing, searching or reading the news — is known as the surface web, and is also referred to as the “open” or “clear” web. It is the traditional format of the web, composed of open pages easily accessed by search engines on any browser.
The next layer of information on the internet is known as the deep web, which contains unindexed content, often hidden in databases and research papers and protected by paywalls.
The dark web is the area of the internet that can only be accessed by using a specific software and is designed to safeguard its website owners’ anonymity.
Unlike its deep web and dark web counterparts, the surface web is truly open, with information conveniently indexed and available for common search engines to collect and present to users in response to their queries.
How the dark web works
The information on the dark web is accessible only through darknets such as Tor (The Onion Router), ZeroNet, Freenet and I2P. The multi-layer encryption mechanism routes users’ data through several servers, where data from one network node can only be decrypted by the next node along the route before it reaches the destination endpoint. This helps prevent location tracking and preserves confidentiality and anonymity among the dark web users and hosts.
Why is the dark web important to investigators?
The dark web is commonly associated with criminal activity, containing sites dedicated to ransomware, Bitcoin-based money laundering schemes, financial fraud forums and marketplaces featuring hacking products and services. It even offers pages dedicated to social networking where members who distrust traditional platforms share personal stories and form interest groups. The dark web can greatly benefit online investigations — researchers can follow leads, corroborate or disprove information and track data leaks. It can also provide context of how illegal marketplaces operate and what tactics criminals use to commit hacks and fraud.
What risks are associated with investigating on the dark web?
The dark web, like anywhere on the internet, comes with cyber risks. Simply clicking on a link or visiting a site could introduce malicious content to the researcher’s machine and network even when using a VPN. Just logging in with their work or personal computer without any additional precautions could put the investigator’s environment at risk or reveal their identity, affiliation and intent due to browser information leakage.
But the dark web is especially rife with cyberthreats. Site owners often plant trackers and other malware to gain intelligence on who’s visiting their site.
The researcher's digital fingerprint, can give away information about them and the company or agency they work for through the browser. Even the language that their device is set to or the browser they choose may give away important context that could tip off investigative targets. This could lead not only to retaliation (cyber or physical) but disrupt the investigation due to disinformation or a target going into hiding. Beyond malware and hacking risks, investigators could be at risk when accessing blogs or marketplaces known for criminal activity – the researchers themselves might arouse suspicion from law enforcement.
How to safely investigate on the dark web
To mitigate these risks, online investigators who use the dark web have a few things to consider — security, cloaking identity, legality and compliance.
- Security: Web isolation, or isolating the browsing activity from the researcher’s device and network can help eliminate the risk of malware. Using a cloud-based browser allows for safe access to the dark web, while providing users with a familiar browsing experience. By isolating a user’s session on cloud infrastructure, clicking on a malicious link or visiting a suspicious website doesn’t put their organization at risk — the code from the website is never executed on the user’s computer.
- Cloaking identity through managed attribution: The dark web was built for anonymity, but darknets still have many ways to discern the identity of their users and relay this information to webmasters. To conceal their identity and the purpose of their dark web investigations, researchers need to manipulate the details of their digital fingerprint. Managed attribution allows them to control what webmasters can see about them, keeping investigators’ identities and their missions hidden from the subjects of their research.
- Legal and compliance considerations for dark web investigations: Before commencing dark web investigations, each organization should create a protocol for when and how to access the dark web according to their risk tolerance, regulations and legal considerations. Purpose-built online investigation solutions like Silo for Research help enforce compliance with policy and audit features — as well as provide the needed security, managed attribution and workflow capabilities.
Investigating on the dark web – how to get started
Dark web sources are an essential part of OSINT (open source intelligence gathering), but unlike the surface web, these hidden layers of the internet contain additional threats that investigators need to be aware of. Investigators need to protect themselves, their organizations and their research by controlling the details they disclose to sites in the course of their investigation. For the best protection when using the dark web, investigators should use a purpose-built solution, such as Silo for Research: Dark Web. Proper tools can help protect researchers from tipping off investigative targets, track activity and seamlessly integrate with their companies IT network and policies.
For more information on dark web investigations, see: