The dark web is a layer of the internet that cannot be found by search engines and requires specific software and authorization to access. The dark web allows users to have encrypted, private access to information, websites and marketplaces. The sites that make up the dark web are similar in content and style to the surface web, but the traffic is routed and shared differently, making it more difficult to find original sources of content.
The internet that we use for everyday activities — like browsing, searching or reading the news — is known as the surface web, and is also referred to as the “open” or “clear” web. It is the traditional format of the web, composed of open pages easily accessed by search engines on any browser.
The next layer of information on the internet is known as the deep web, which contains unindexed content, often hidden in databases and research papers and protected by paywalls.
The dark web is the area of the internet that can only be accessed by using a specific software and is designed to safeguard its website owners’ anonymity.
Unlike its deep web and dark web counterparts, the surface web is truly open, with information conveniently indexed and available for common search engines to collect and present to users in response to their queries.
The information on the dark web is accessible only through darknets such as Tor (The Onion Router), ZeroNet, Freenet and I2P. The multi-layer encryption mechanism routes users’ data through several servers, where data from one network node can only be decrypted by the next node along the route before it reaches the destination endpoint. This helps prevent location tracking and preserves confidentiality and anonymity among the dark web users and hosts.
The dark web is commonly associated with criminal activity, containing sites dedicated to ransomware, Bitcoin-based money laundering schemes, financial fraud forums and marketplaces featuring hacking products and services. It even offers pages dedicated to social networking where members who distrust traditional platforms share personal stories and form interest groups. The dark web can greatly benefit online investigations — researchers can follow leads, corroborate or disprove information and track data leaks. It can also provide context of how illegal marketplaces operate and what tactics criminals use to commit hacks and fraud.
The dark web, like anywhere on the internet, comes with cyber risks. Simply clicking on a link or visiting a site could introduce malicious content to the researcher’s machine and network even when using a VPN. Just logging in with their work or personal computer without any additional precautions could put the investigator’s environment at risk or reveal their identity, affiliation and intent due to browser information leakage.
But the dark web is especially rife with cyberthreats. Site owners often plant trackers and other malware to gain intelligence on who’s visiting their site.
The researcher's digital fingerprint, can give away information about them and the company or agency they work for through the browser. Even the language that their device is set to or the browser they choose may give away important context that could tip off investigative targets. This could lead not only to retaliation (cyber or physical) but disrupt the investigation due to disinformation or a target going into hiding. Beyond malware and hacking risks, investigators could be at risk when accessing blogs or marketplaces known for criminal activity – the researchers themselves might arouse suspicion from law enforcement.
To mitigate these risks, online investigators who use the dark web have a few things to consider — security, cloaking identity, legality and compliance.
Dark web sources are an essential part of OSINT (open source intelligence gathering), but unlike the surface web, these hidden layers of the internet contain additional threats that investigators need to be aware of. Investigators need to protect themselves, their organizations and their research by controlling the details they disclose to sites in the course of their investigation. For the best protection when using the dark web, investigators should use a purpose-built solution, such as Silo for Research: Dark Web. Proper tools can help protect researchers from tipping off investigative targets, track activity and seamlessly integrate with their companies IT network and policies.
For more information on dark web investigations, see: