The Internet is like an iceberg: There's the part that's visible, and then there's the rest. When we use the Internet, we regard it as a vast, limitless expanse of data. And yet the Internet that we're exposed to is only a small part of the entire Web. As C.J. List-Handley pointed out in the 2008 fourth edition of Information literacy and technology, "Approximately 80 percent of the information on the Web belongs to the 'invisible Web'." As its name implies, the invisible – or "deep" – web comprises the parts of the Internet that people don't see. Activity in the deep web isn't indexed by major search engines, meaning it's not among the trillions of Web pages that Google searches on a near-constant basis. Consequently, information in the deep web cannot be accessed by conventional methods. Far from being a user-friendly realm, this is an area that's off limits to everyday computing users. It should be no surprise, then, that the deep web is a haven for cyber crime.
Exploring the depths
There's not a critical consensus on how much of the Internet is visible versus "dark," but according to an NEC research study published in Nature, search engines only show you one in 3,000 Web pages in existence, which means that Google – which you thought knew everything – is in reality only privy to 0.03 percent of the Web. There's a huge difference between the 80 percent invisible Web statistic cited by List-Handley and the 99.97 percent figure in the NEC study. What these discrepancies point to is a single clear fact: We cannot know the full extent of the deep web. But there are a few things we can say with a high level of certainty:
- The deep web is experiencing the fastest growth of any area on the Internet.
- Content in the deep web is generally protected with a high degree of security. Beyond evading search engine indexing, those placing data in the deep web are likely to secure it with passwords, form-controlled entry restrictions and frequent coding changes.
- There are hundreds of billions of unique documents in the deep web.
- The deep web is one of the key communicative mechanisms for highly illicit practices like drug trafficking, child pornography and cyber crime.
To understand how the deep web plays a central role in the development and proliferation of cyber crime, it's best to state some brief facts about its three main networks, TOR, I2P and Freenet:
- TOR: Believe it or not, TOR initially came about as an invention created by the U.S. Naval Research Laboratory. It has existed for 13 years now, and was launched as a means of enabling anonymous communications that would be free from the possibility of network surveillance. TOR relies on a system of multi-layered encryption based on a large network of volunteer nodes. TOR nodes are impossible to trace in a straightforward way since they are randomly assembled. This random assemblage culminates in an exit node that is not aware of its point of origin, thus solidifying an anonymizing system.
- I2P: I2P emerged in the early 2000s as a way for peer-to-peer distributed communication to happen anonymously. Its sole function is to provide stealthy hosting opportunities for users who wish to host things like mail, Web and bittorrent. Whereas TOR is circuits-based, I2P relies on a system of virtual tunneling.
"Every node in an I2P network is a router," stated a Trend Micro report. "It creates and maintains a pool of inbound and outbound virtual paths. For example, if node A wants to send a message to node B, it routes the message to one of its outbound tunnels together with the information needed to reach one of B's inbound tunnels."
- Freenet: Whereas I2P is geared toward accommodating dynamic Web functions like mail and IRC – functions with always-moving parts – Freenet is better equipped to deal with static sites. In terms of its point of origin, it predates I2P. As a platform, it's less robust than TOR or I2P, but it's still a resource that deep web participants can turn to to either: (1) launch deep web marketplaces for illicit good; and (2) communicate with each other.
What this all amounts to: The Silk Road example
To illustrate how the deep web and cyber crime intersect, it's best to describe this convergence with a concrete example. In 2011, a Tor-based website emerged in the deep web. The site, called Silk Road, quickly gained momentum thanks to the unique marketing concept behind it. In a phrase, it was to become the "Amazon of illegal things" – an online repository of drugs, guns and other products you couldn't dream of buying on legit sites like eBay and Amazon. Despite the clear illegality of its operations, Silk Road began to run like a well-oiled machine. In fact, it swiftly became a booming business, with millions in Bitcoins – equivalent to over $1.2 billion in revenue – flowing out of the operation.
The success of Silk Road was short-lived, as was the business career of its founder, Ross Ulbricht. Eventually, the feds caught up both to Ulbricht and Silk Road, shutting down the site and arresting its founder. Before Ulbricht's arrest, he'd been popularly viewed as an almost heroic Internet figure – a man of the people who gave them what they wanted. After he was nabbed by the FBI, a widespread campaign arose calling for his exoneration, with Facebook groups and websites cropping up in support of Ulbricht. But it was only when Ulbricht was brought to trial that the criminal extent of his actions came to light.
A look at Ulbricht's criminal conduct reveals not only his guilt, but also the terrifying potential of the deep web as a vehicle for cyber crime. As prosecutors revealed, Ulbricht didn't only use the deep web to run his guns and drugs site – he also used it to attempt to carry out violence on those who stood in his way. In March 2013, as prosecutors showed, Ulbricht reached out to one Silk Road user soliciting the murder of another user. At the time, this murder-for-hire plot was carried out in utter secrecy – because it happened in the deep web.
Unfortunately, this is hardly an isolated incident as far as deep web interactions go. It's a place where contract killers can be purchased for hire, thanks to the relatively untraceable nature of TOR and the other deep web networks. With the reality that the deep web is a breeding ground for illicit activity, it's no surprise that it's the place where the cyber criminal collective is growing.
Stopping the crimes of the future
WIRED calls the deep web the "proverbial safe house for cyber criminals," and it's from this characterization that one can best grasp the role of the dark web in cyber crime. Indeed, the deep web is not itself a criminal threat. Instead, it's the ultimate place of refuge for threat actors. As the cyber criminal realm becomes increasingly globalized and sophisticated, the reliance on the deep web as a means of concealment will become greater.
"Security professional are worried about the movement of cyber criminals from the surface web to the deep web," the WIRED article stated. "The black market dealing in sophisticated malware and zero-day vulnerabilities is on the path to cultivate and levels away from the prying eye of the law, turning ordinary people with no technical expertise into cybercriminals and spawning a 'cybercrime-as-a-service' culture."
What the growing involvement of cyber criminals in the deep web signals is a need for businesses to invest more time and effort in building out their security policies. After all, deep web cyber crime all but guarantees that advanced targeted threats will emerge with both greater sophistication and frequency. Here are some of the steps businesses need to take to prepare for the threat of deep web-entrenched cyber crime:
- Paying better attention to cyber crime headlines internationally: The deep web is a meeting ground for cyber criminals all over the globe. It's a place where primarily a single currency – Bitcoin – is used to buy and sell malicious strains. As a result, the deep web will make cyber threats travel faster, so that today's new Russian malware strain could easily become tomorrow's problem for businesses in the United States. The global connectedness of cyber criminals means businesses need to make more of an effort to keep tabs on cyber crime on the international level.
- Equipping employees with the tools they need to identify threats: There are few things more damaging for business networks than ill-informed employees. A business can have the most robust security software out there, but if its staffers don't know the best practices regarding cyber crime, then that software won't protect the company from threats. In order to encourage cyber awareness, enterprises need to regularly address cyber issues at events like staff meetings and company retreats.
- Outfitting networks with endpoint security solutions: A vulnerable business endpoint is a cyber criminal's key into an enterprise network. Even a single such vulnerability can spell disaster for a business. That's why it's imperative for all organizations to cover each and every endpoint. This would be a laborious task for an IT team operating without helpful solutions, but thanks to endpoint security software, the job of comprehensive protection becomes significantly easier. For all businesses, securing endpoints should be a top priority. Unfortunately, many companies currently don't view it this way, waiting to do anything proactive until they're hacked. With the kind of developments taking place in the deep web, targeted hacks will become a lot more common – and will increasingly hit businesses that aren't prepared to deal with these threats.