Dark Web vs. Deep Web - What can you find there?

Many have heard of the Dark Web, as it is often depicted in movies and books. But what exactly is it? The regular Internet that people use in their everyday lives belongs to the so-called “Surface Web” and accounts for only 10% of the total amount of data on the World Wide Web. The Deep Web can be thought of as an intermediate layer between the Surface Web and the Dark Web. The Deep Web is characterized in particular by the fact that it cannot or should not be found via classic search engines or directory services. In concrete terms, this often involves platforms such as forums or community boards on which people exchange information in a kind of “closed society”. Copyrighted works (films, music or eBooks) are often exchanged on such platforms. On special themed boards, leaked access data or instructions for hacking are also offered. Entry to these closed societies is usually by invitation and recommendation of a member.

Dark Web vs. Deep Web - What can you find there? Image by stories/Freepik

The dark web, on the other hand, is not part of the regular Internet. Access to the separate network is only made possible by using the TOR browser. This browser is used to connect to the so-called Tor network. TOR stands for “The Onion Router” and refers to the software required for access. This connects you to one of several thousand nodes, which then enable switching and data transmission within the Tor network. An important principle within this network is the so-called onion routing, whereby the requesting user remains anonymous to the web server of the requested platform. This is achieved by constantly changing routes via different nodes. This ensures that the user’s identity remains anonymous.

So what exactly can be found on the dark web and who uses it? In short: all sorts of things. As in the Deep Web, there are numerous forums on the Dark Web where you can not only exchange information, but also sell and buy data, accounts and the like. In addition, the range of criminal goods and services on offer is being expanded by weapons, ammunition and instructions on how to build bombs. In addition to these obviously illegal offers of the dark web, the anonymity of the Tor network also protects civil rights activists, journalists and persecuted minorities in countries with restricted freedom of speech. Thus, a blanket condemnation of the technology used for the Tor network would be wrong.

A wide variety of goods and services are offered for payment on both the Deep Web and the Dark Web; here is a small selection:

Darknet Marketplace

  • A Netflix account with an annual subscription can be bought for about €25.
  • PayPal accounts with a minimum balance of €100 are available for about €10.
  • A driver’s license or passport can be purchased in a wide price range. Prices vary depending on the country and whether a digital copy or a (supposed) original is to be sent by mail.
  • Stolen bank data and access to online banking.
  • Premium malware starting at €5,500 for 1,000 installations. Prices vary here as well, depending on region and promised success rate/lifetime.

For your own protection and to prevent your own accounts or personal information from ending up on the dark web, there are different options.

Protect Your Data While Surfing the Web

  1. VPN: You can use a VPN yourself when you connect to a public Wi-Fi.
  2. AV Software: You are highly recommended to install anti-malware/anti-virus software.
  3. Unique passwords: It is important that you always choose a new password and do not use a variation of existing passwords or even the same password as used on another account.
  4. Passwordmanager: To keep track of multiple passwords, it is recommended to use a password manager.
  5. Being skeptical: If you are asked to open a file or provide your personal information, you should always be sure that you are on a safe and legitimate website.
  6. Know your Enemy: Criminals often get data through phishing, what it is and how you can protect yourself can be found here: Phishing, What Is It All About? (Part 1) und Phishing, What Is It All About? (Part 2).

If you are worried that your data has been stolen, you can use the Identity Leak Checker from the University of Bonn.

For the protection of employee as well as customer accounts Identeco offers suitable products: Identeco: Our Products.

Representation of a three-part iceberg. The superficial tip is called the Surface Web. The so-called everyday web, accessible with common browsers (e.g. Chrome, Edge, etc.). It comprises only 10% of the total data volume of the Word Wide Web. The first level underwater is called the Deep Web. There are special requirements to access it (e.g., invitation). Basically, this secluded area is not dangerous or criminal. You can find the first addresses and links to advance into the dark web. The lowest level of the iceberg is assigned to the Dark Web. For access, a special browser is needed (The Onion Router, called Tor Browser), it is well known for illegal activity in principle and allows the purchase of accounts, bank accounts, documents and malware.
Figure: Illustration of the different levels of surface web, deep web and dark web using a two-thirds sunken iceberg.

Reading Time:
4 min
Published:
:
Aura Pop & Rene Neff

Contact an Expert

Do you have any further questions or need specific help? Write us a message or arrange a meeting directly.

Show more

  1. Verify Login Credentials to Protect against Credential-Stuffing Attacks

    Verify Login Credentials to Protect against Credential-Stuffing Attacks

    Users to Verify Their Login Credentials to Protect against Credential-Stuffing Attacks Checking credentials against leaked login information is an important safeguard to protect against credential stuffing attacks, as it helps prevent the use of stolen credentials. When users check their credentials on a platform that matches whether the data has been leaked in the past, they can determine whether their credentials may have already fallen into the hands of attackers. If so, they should change their password as soon as possible and, if necessary, consider other security measures such as enabling two-factor authentication.

    Reading Time:
    8 min
    Published:
    :
    Rene Neff
  2. Risks to Users and Operators of Online Platforms from Credential-Stuffing Attacks

    Risks to Users and Operators of Online Platforms from Credential-Stuffing Attacks

    Risks to Users of Online Platforms from Credential-Stuffing Attacks Credential stuffing attacks pose a high risk for users of online platforms. Criminals’ access to online accounts can lead to financial damage, for example when purchasing goods with stolen credit cards or by exploiting access data to paid offers. Credential-stuffing attacks also pose a risk of identity theft, as attackers may have access to personal information and documents when they access an account.

    Reading Time:
    4 min
    Published:
    :
    Rene Neff

Get to the blog