The Internet is an intrinsic part of our lives and livelihood. We’re all familiar with what’s called the surface Web, which are all the sites that you find when Googling for information. But then you hear terms like ‘Dark Web,’ ‘Deep Web,’ and even ‘Gray Web’. You may wonder if they are just different terms for the same thing. It’s important to know how each of these terms differs, so you know where to look for threats and protect your organization.
The Gray Web – What is it?
This is part of the surface Web that is used by fraudsters. Unlike the Dark Web, no special browser is needed to access it. The gray web is where you can find forums on topics such as cracking tools, and hacking tips, often centered around eCommerce as a target. A cyber researcher, Ido Rozen, says the Gray Web is “the perfect place for a fraudster to share tips easily and exploits about eCommerce fraud with others who may not have access to the Dark Web.”
You can also find websites to download copyrighted material such as music, movies, games, software, and even Netflix credentials. Some downloads contain malware for the fraudsters to hack the unsuspecting user later. Law enforcement agencies don’t pay much attention to the Gray Web, so users don’t feel the need to be anonymous.
Deep Is Not Dark
Many mistakenly believe the Deep Web and Dark Web are synonymous but distinctly different. Like the surface Web and even the Gray Web, the Deep Web does not require a special browser like the Dark Web. The Deep Web contains all the Web sites that Web crawlers cannot index. Examples of sites on the Deep Web require a login to access, such as bank accounts, Netflix accounts, and social media accounts. Other content on the Deep Web includes private files like medical records, legal documents, and sites that have blocked search engine crawlers. Because the Deep Web contains valuable information like login credentials and personal data, fraudsters will target these sites to steal and sell data on the Dark Web.
Untangling The Dark Web
The concept is known today as the Dark Web set its foundation in the early 2000s. In March of 2000, Freenet was released to allow a censorship-resistant way to use the Web. It also opened the way for sharing illegal pornographic material and pirated data. One of the key tools used on the Dark Web today was first released in 2002 – Tor, The Onion Router. Users gain greater anonymity online when using Tor because it encrypts Internet traffic and passes through several nodes. Ironically, the U.S. Government developed Tor so their operatives could remain untraceable.
There are a lot of myths about the Dark Web that it’s important to clarify:
It’s hard to access: False.
Although you can’t use just any browser, all that’s needed is downloading and installing a special browser like Tor. Users of the Dark Web will often use a VPN to hide their identity and location further, but accessing the Dark Web is not required.
It’s illegal to access the Dark Web: False.
Although the Dark Web is often used for illegal activities, it’s not illegal to access it in many countries. Some people use the Dark Web for legitimate reasons, but prefer to remain anonymous.
The Dark Web is only for technical professionals: False.
Besides the illegal activities on the Dark Web, political dissidents and privacy advocates also use it for anonymity. Well-known organizations like Facebook and DuckDuckGo have Web sites on the Dark Web. It’s not as convenient as the surface Web, but anyone of average technical prowess can use it.
What’s for sale on the Dark Web? Fraudsters who have hacked into systems and stolen data oftentimes turn to the Dark Web to sell what they've gathered. Common items for sale include credit card data, credentials, and even fingerprints. Cryptocurrency is the preferred payment method for transactions. The price tag for these items may be surprising, with usernames and passwords selling anywhere from $.10 to $1 and fingerprints selling for about $2 each.
Gain The Tactical Advantage
The illicit activities of fraudsters are happening across the Gray, Deep, and Dark Web. But the real battle against fraudsters is on the Deep and Dark Web, where tracking their activity is much more difficult. Choosing the right Cyber Threat Intelligence platform can be the best weapon to win the war and protect your organization and customer data. Deploying a CTI solution will allow you to monitor and gather data on what’s happening on the Deep and Dark Web get alerts on activity specific to your organization.