by Chris Cowen, Cyber Security Expert, US Dept. of Defense

So what is this Dark Web everyone is talking about?

So in order to understand the Dark Web we need to put it within the content of the larger web. There are basically three parts to the world wide web. They are as follows the surface web, the deep web, and the Dark Web.

The surface web is everything that’s publicly available and accessible through the search or by typing a URL into your browser. The deep web, also known as the invisible web, is all the content on the web that is not indexed by standard search engines, such as email clients, online banking websites, or pages that are inaccessible to crawlers (software that indexes the web for search engines). Some of those pages can still be accessed if you have the URL while others require you to have login credentials. According to expert estimates, the deep web is 500 times larger than the surface web.

The Dark Web, however, is a totally different beast. The Dark Web is a tiny fraction of the web that is only accessible through specialized software such as the Tor browser. However, the term “Dark Web” is also often used to refer to the darknet, the overlay networks that are used to anonymize communications and obfuscate both the origin and destination of internet traffic.

So now that we know what the Dark Web is who uses it?

The main characteristic of the Dark Web is its anonymity, which makes it appealing to a number of actors. Like all innovative tools, the Dark Web is an instrument to shady and illegal activities, such as child pornography and the sale of drugs, firearms, and stolen credit card numbers.

One of the most famous cases that involve the Dark Web is that of Silk Road, the first modern online black market that was created on the Dark Web. The website was shut down in 2013 and its founder is serving a life sentence in prison. Naturally, many other similar websites have sprouted in recent years. Earlier this year, AlphaBay, another Dark Web marketplace claimed that it made $600,000 and $800,000 a day, but has since been shut down by law enforcement.

However, the Dark Web is also being used for many other activities that are most legitimate (though not necessarily legal, depending on your perspective). Edward Snowden, the famous whistleblower who exposed the U.S. government’s mass surveillance program, used the Dark Web to send information to reporters and media outlets. Journalists and activists also use the Dark Web to avoid being traced by autocratic governments or other actors that might want to harm them. In countries where the government restricts access to specific websites and social media networks such as Facebook, Twitter, and YouTube, Dark Web tools can help circumvent censorship.

So how do people access the Dark Web?

The most famous tool to get on the Dark Web is the Tor browser. With Tor, you can access websites whose address ends with the .onion extension. These are websites that are exclusively available on the Dark Web and can’t be accessed through normal browsers. Tor enables you to access all the other surface and deep websites with the added benefit that it anonymizes your browser traffic by encrypting it and deflecting it across several computers called Tor nodes before sending it to its destination.

However, there are several things you should know about Tor:

• Tor’s browsing experience is considerably slower than normal browsers because of the anonymization technique.

• Some websites block traffic coming from Tor browser.

• While Tor protects you from eavesdropping and surveillance, it won’t protect you from websites that contain malicious content.

Navigating the Deep Web and Dark Web

Traditional search engines often use “web crawlers” to access websites on the Surface Web. This process of crawling searches the web and gathers websites that the search engines can then catalog and index. Content on the Deep (and Dark) Web, however, may not be caught by web crawlers (and subsequently indexed by traditional search engines) for a number of reasons, including that it may be unstructured, unlinked, or temporary content. As such, there are different mechanisms for navigating the Deep Web than there are for the Surface Web.

Users often navigate Dark Web sites through directories such as the “Hidden Wiki,” which organizes sites by category, similar to Wikipedia. In addition to the wikis, individuals can also search the Dark Web with search engines. These search engines may be broad, searching across the Deep Web, or they may be more specific. When using Tor, website URLs change formats. Instead of websites ending in .com, .org, .net,etc., domains usually end with an “onion” suffix, identifying a “hidden service.” Notably, when searching the web using Tor, an onion icon displays in the Tor browser.

Tor is notoriously slow, and this has been cited as one drawback to using the service. This is because all Tor traffic is routed through at least three relays, and there can be delays anywhere along its path. In addition, speed is reduced when more users are simultaneously on the Tor network. On the other hand, increasing the number of users who agree to use their computers as relays can increase the speed on Tor.
Tor and similar networks are not the only means to reach hidden content on the web. Other developers have created tools such as Tor2web that may allow individuals access to Tor-hosted content without downloading and installing the Tor software. Using bridges such as Tor2web, however, does not provide users with the same anonymity that Tor offers. As such, if users of Tor2web or other bridges access sites containing illegal content, they could more easily be detected by law enforcement than individuals who use anonymizing software such as Tor.

Government use of the Dark Web

Law Enforcement
Just as criminals can leverage the anonymity of the Dark Web, so too can law enforcement. Law enforcement may use this to conduct online surveillance and sting operations and to maintain anonymous tip lines. While individuals may anonymize activities, some have speculated about means by which law enforcement can still track malicious activity.

Military and Intelligence

Anonymity in the dark web can be used to shield military command and control systems in the field from identification and hacking by adversaries. The military may use the dark web to study the environment in which it is operating as well as to discover activities that present an operational risk to troops. For instance, evidence suggests that the Islamic State (IS) and supporting groups seek to use the Dark Web’s anonymity for activities beyond information sharing, recruitment, and propaganda dissemination, using Bitcoin to raise money for their operations. Military and intelligence agencies can monitor these activities and employ a variety of tactics to foil terrorist plots.


Because of the anonymity provided by Tor and other software, the Dark Web can be a playground for nefarious actors online. There are also many researcher and law enforcement/intelligence agencies that also navigate the Dark Web to protect the public for which they serve. But if you are not within either the law enforcement and or intelligence community it is better to stay out of the dark web. But by understanding the Dark Web you can understand this shadowy world and the danger that lurks within it. As always I would tell to protect your personally identifiable information so that you do not become a victim of one of the bad actors within the Dark Web.

About the Author

Chris Cowen is currently the Cyber Security Subject Matter Expert with the US Department of Defense (DOD). Mr. Cowen has worked within Information Technology for over 20 years within both the corporate and government space. He is currently focused in the area of enterprise security and researching emerging trends within the information security space. Prior to working for US DOD Mr. Cowen worked for the United States Capitol Police where he coordinated multijurisdictional events that required working closely with other domestic and international law enforcement agencies, these events included The President’s State of the Union Address and multiple United States Presidential Inaugurations. Mr. Cowen is a Certified Information Systems Security Professional (CISSP). He is also a Certified Ethical Hacking (CEH) and a Certified Information Security Manager (CISM). He has been a featured speaker at conferences around the world this includes speaking in Qatar, Kazakhstan, Estonia, Ukraine, United Kingdom, Kingdom of Jordan, China, and India.