The Internet is an intrinsic part of our lives and livelihood. We’re all familiar with what’s called the surface Web, which are all the sites that you find when Googling for information. But then you hear terms like ‘Dark Web’, ‘Deep Web’, and even ‘Gray Web’. You may wonder if they are just different terms for the same thing. It’s important to know how each of these terms differs so you know where to look for threats and protect your organization.
The Gray Web – What is it?
This is part of the surface Web that is used by fraudsters. Unlike the Dark Web, no special browser is needed to access it. The Gray Web is where you can find forums on topics such as cracking tools and hacking tips that are often centered around eCommerce as a target. Ido Rozen, a cyber researcher, says the Gray Web is “the perfect place for a fraudster to easily share tips and exploits about eCommerce fraud with others who may not have access to the Dark Web.”
You can also find Websites to download copyrighted material such as music, movies, games, software, and even Netflix credentials. Some downloads contain malware for the fraudsters to later conduct a hack of the unsuspecting user. Law enforcement agencies don’t pay a lot of attention to the Gray Web, so users don’t feel the need to be anonymous.
Deep Is Not Dark
Many mistakenly believe the Deep Web and Dark Web are synonymous, but they are distinctly different. Just like the surface Web and even the Gray Web, the Deep Web does not require a special browser as the Dark Web does. The Deep Web contains all the Web sites on the Internet that cannot be indexed by Web crawlers. Examples of sites on the Deep Web are those that require a login to access such as, bank accounts, Netflix accounts, and social media accounts. Other content on the Deep Web includes private files like medical records, legal documents, and sites that have blocked search engine crawlers. Because the Deep Web contains valuable information like login credentials and personal data, fraudsters will target these Deep Web sites to steal data and sell it on the Dark Web.
Untangling The Dark Web
The concept that we know today as the Dark Web set it’s foundation in the early 2000s. In March of 2000, Freenet was released to allow a censorship-resistant way to use the Web. It also opened the way for the sharing of illegal pornographic material and pirated data. One of the key tools used on the Dark Web today was first released in 2002 – Tor aka The Onion Router. Users gain greater anonymity online when using Tor because it encrypts Internet traffic and passes it through a series of nodes. Ironically, it was the U.S. Government that developed Tor so their operatives could remain untraceable.
There are a lot of myths about the Dark Web that it’s important to clarify:
It’s hard to access: False.
Although you can’t use just any browser, all that’s needed is to download and install a special browser like Tor. Users of the Dark Web will often use a VPN to further hide their identity and location, but it’s not required to access the Dark Web.
It’s illegal to access the Dark Web: False.
Although the Dark Web is oftentimes used for illegal activities, in many countries it’s not illegal to access it. Some people use the Dark Web for legitimate reasons, but prefer to remain anonymous.
The Dark Web is only for technical professionals: False.
Besides the illegal activities on the Dark Web, political dissidents and privacy advocates also use it for it’s anonymity. Well-known organizations like Facebook and DuckDuckGo have Web sites on the Dark Web. It’s not as convenient to use as the surface Web, but anyone of average technical prowess can use it.
What’s for sale on the Dark Web? Fraudsters who have hacked into systems and stolen data, oftentimes turn to the Dark Web to sell what they've gathered. Common items for sale include credit card data, credentials, and even fingerprints. Cryptocurrency is the preferred payment method for transactions. The price tag for these items may be surprising, with username/passwords selling anywhere from $.10 to $1 and fingerprints selling for about $2 each.
Gain The Tactical Advantage
The illicit activities of fraudsters are happening across the Gray, Deep, and Dark Web. But the real battle against fraudsters is on the Deep and Dark Web where it’s much more difficult to track their activity. Choosing the right Cyber Threat Intelligence platform can be the best weapon to win the war to protect your organization and your customer’s data. Deploying a CTI solution will allow you to monitor and gather data on what’s happening on the Deep and Dark Web get alerts on activity specific to your organization.