Dark Web

Villains and Vigilantes—Citizens of the Dark Web

In the popular consciousness, the dark web is mostly known as the meeting place of terrorists and extortionist hackers. While there are other, less malicious players afoot, corporations and organizations need to know the real dangers and how to protect against them. Part two of two

Ariel Yosefi and Avraham Chaim Schneider 15:1912.12.19
To truly understand the dark web you need to understand who is using it, for what purpose, and to what degree. In part one we called the dark web a den of thieves and a front for freedom fighters. Lyrical prose aside, the description was technically accurate, if incomplete.


Current estimates place the number of unique URLs in use on the dark web at roughly 60,000. Obviously, we are talking about destinations here, not users. However, these destinations essentially form the dark web’s “marketplace” (to use the term loosely), and profiling this marketplace offers a largely representative, albeit incomprehensive view of dark web demographics.


Citizens of the dark web. Photo: Shutterstock Citizens of the dark web. Photo: Shutterstock



For simplicity’s sake, we can divide dark web users into five primary categories: anonymous users, corporations, criminals, state actors, and anti-State actors. Each have their own motivations and habits:


Anonymous users refers to individuals looking for anonymity for personal reasons. Some might be pursuing deviant, albeit not technically illegal behavior. A few may be whistleblowers acting against companies, organizations, or institutions. Others of the more libertarian sway may simply wish to keep their personal browsing patterns free from the touchy-muchy tentacles of big data crawling machines like Google and Microsoft.


Corporations are keenly aware of the existence of the anonymous user and a few have set up a dark web presence of their own to cater to this group of digital agoraphobes, including the New York Times and Facebook.


Mostly though, companies are motivated by self-preservation, responding to the threat of hackers sharing deep web vulnerabilities capable of granting access to corporate databases. Cyber firms specializing in dark web monitoring offer these corporations their services, which mainly involve crawling, scraping, and analyzing dark web data for traces of client names, products, and user information. The idea is to head off a breach before it occurs, or if it is too late for that, to at least plug up the dam before it fully bursts.


Make no mistake, the threat is real. A 2019 study managed to identify over 20 million stolen credentials from Fortune 500 companies spanning 10 different industries across the globe.


Criminals are perhaps the most notorious group on the dark web, and for good reason. In addition to seeking ransoms from corporate or other entities following successful data breaches, this intrepid shadow-class of businessman, with little to no moral moorings whatsoever, are paddling in any and all products and services that are at the very least detested, more often criminalized by mainstream markets. With cryptocurrency fueling the engine, everything from child exploitation to gun running, fraud to murder, can all be found on Amazon-like marketplaces, conveniently categorized, complete with user reviews and checkout carts.


Much of these offerings are scams in-and-of-themselves, with newbie TOR surfers frequently being taken in and having to chalk up their financial losses to lessons learned, as one element still lacking on the dark web is a Better Business Bureau.


State actors: the U.S. started it all and it never left the fray. But many more have joined the game since then, and the dark web has become a small part of a far larger cyber war with as many fronts as there are conflicts, including U.S.-China, Russia-Ukraine, India-Pakistan, and so on. No government agency is safe, with recent hacks of top secret US Naval intelligence and a stunning attack on Russia’s FSB underscoring this point.


Anti-state actors: championed altruistically by some of the original researchers on the TOR project (Roger Dingledine, Nick Mathewson, Paul Syverson, and Steven Murdoch), they are the original rationalization for allowing TOR to go public despite the possible negative consequences of such a bold move.


For oppressed people under the thumb of tyrannical regimes, the dark web has become at minimum a release, and on a greater scale a means of insurrection. It is the anonymity of the dark web that affords anti-government users the ability to fight back against the likes of China and Iran, regimes ruthlessly vigilant when it comes to crawling the internet to snuff out any and all activity deemed a threat to their stronghold on the reins of power.


Interestingly, terror, for the most part, makes up a small portion of TOR sites, perhaps for the same reasons the dark web has not gone mainstream as some have predicted. At least in one respect, terror has a similar digital goal as that of any respectable aspiring organization—notoriety.

This is not to discount privacy concerns, which continue to be a vocal gripe of the masses. But basic marketing and group-think psychology always worked against the notion that privacy concerns would trigger waves of migration from the surface web to the dark web. The whole idea of social media is to be social, and if we are including in this description the posting of visual media to platforms, the reality is that most people are not interested in true anonymity.


As for freedom-fighting individuals, the technical barrier to dark web entry has always been a curbing factor. That is to say nothing of the fact that dark web anonymity is by no means fool-proof. Oppressive governments are not sitting idly by while resistance pockets seek to undermine their authority. The mere thought of cyber units crawling the farthest corners of the network, imagined to be armed with unknown technology specifically designed to ferret out regime traitors, will inevitably keep many of the more cautious-minded users at bay.


Corporations, on the other hand, can be expected to increase their presence dramatically as the dark web becomes more of a threat to their data. Expect to see dark web monitoring become a mainstay of international standards like ISO and NIST, with auditors demanding to see results from companies’ latest dark web monitoring sessions.


And we haven’t even discussed offensive business intelligence, another possible use of the dark web that requires more exploration and much experimentation.


The most alarming trend of the dark web, however, is the growing scourge of cyber criminals, profiting off the ideals and enabling the technologies of governments and libertarians alike. Words cannot accurately capture the horrific abuses anonymity, cryptocurrency, and streaming bandwidth have invited. It is certainly true that these crimes were being committed long before the dark web came about, but the ease of serviceability brought on by the digital marketplace may be significantly increasing the volume of these crimes. As far as the degree of depravity of the crimes themselves, nothing brings out creativity quite like an audience, which is now available on demand and with a profit incentive to boot.


Progress is being made technologically to identify and arrest these criminals, and there is an increase in international law enforcement cooperation. But the game of cat and mouse never truly ends, and when confronted with the crimes themselves, when stats and figures become faces and stories, one cannot help but ask whether the dark web’s benefits justify the costs, a question all its users will likely have to grapple with for as long as the dark web exists.


Ariel Yosefi is the head of the technology and regulation department, at Israel-based law firm Herzog Fox & Neeman. Avraham Chaim Schneider is coordinator of the firm’s cyber and innovation media project.