In Too Deep: The Dark Web and Its Denizens

The Internet you browse is just the surface -- and what's beneath should alarm you.

Flickr. The Internet you browse is just the surface of the web -- and what's beneath should alarm you.

If you are like most people, what you access on the web is merely one layer on the surface of what is really out there. What you can reach with an ordinary commercial web browser is less than 20 percent of the Internet. But with the right tools and the right skills, you could enter the dark web, which best guesses estimate represents some 81 percent of the Internet. This is the domain of hackers and terrorists, dealers in the illicit, traders of everything from cyber weapons to child pornography and almost anything else imaginable.

Think of the Internet as a layer cake. What ordinary users access intentionally is the cake’s fairly thick layer of icing. Below that are other layers sometimes called the “deep web.” Without realizing it, people access the deep web very frequently. Buying a plane ticket, ordering something from Amazon, or signing up for medical insurance: all involve accessing the deep web. This normally invisible area comprises, among other things, the parts of the Internet that house, control, and process the databases that enable those kinds of transactions. In theory, they are secured from unauthorized access. But as we all know, that security is often very weak in practice. The so-called dark web is a special part of the deep web. Think of it as the bottom layer of the cake, where things are particularly inaccessible unless you know exactly how to reach them.

That metaphor is a gross simplification, of course. The Internet is not anything like a layer cake. It is a network of processors, of which your computer, your phone, and in some cases your car, thermostat, and refrigerator are parts. It is a network of unimaginable complexity, and no one has mapped it in meaningful detail. The bulk of it was built over only the last two decades; current estimates show that human society globally now generates as much information every day as it did from the dawn of civilization up to the year 2000. Many of the systems processing all that information constitute the so-called deep web; the dark web, part of the deep web, can only be accessed by means outside the experience of most Internet users. Primary among these are deep web browsers, of which Tor is the best known. It is important to understand that you cannot get on the dark web unless you are anonymous. Anonymity is more than part and parcel of the dark web: it is built into its fundamental fabric.

Unsurprisingly, minuscule exposure, technical sophistication, and anonymity have combined to create a system that thrives in parallel to the open Internet. A great deal of the activity taking place there is — as in its open counterpart — commercial. But it is a commerce in commodities that could never be bought or sold on the open Internet. You can order marijuana or heroin to be shipped by mail and can pay for your order using cryptocurrencies such as Bitcoin, an anonymous payment system based on block chain technology, where a “public” ledger replaces a trusted third party such as a bank.

But recreational drugs are perhaps the least disturbing items available via the dark web. Snuff films, child pornography, stolen credit-card data and other personal identity information, even human substances like saliva, organs, and other biologicals: all come into the marketplace. Contract killers offer their services, complete with pricing on targets ranging from civilians to political leaders. A site called White Wolves Professionals has offered services ranging from the murder of a “Citizen” for $25,000 (presumably U.S. dollars), to that of a “CEO Company” for $250,000, to the assassination of a “Hight politican” for $15,000,000. They require a 50 percent deposit in cash. Another offer, from someone called “fritz,” is priced at €100,000 for a “High rank government official.” A service called “C’thulhu (a literary reference to the chief god within the pantheon created by fantasy writer H. P. Lovecraft in the 1920s) offered a long disclaimer about risk, advising that those not ready to take risks should not contact “this kind of organizations” [all sic]. Bad grammar and faulty punctuation may lend such offers an eerily comic air, but that doesn’t mean anyone can discount them entirely.

Other criminal entrepreneurs can be found in these precincts as well. Theft, done by (supposed) professionals, is for sale. An entrepreneur called Dangler has offered not only to steal on order, but also to sell the user items he has already stolen. These range from expensive toys to expensive clothes. There are even offers to sell human slaves. A site called Black Death was reported to have women for sale with opening bids of $150,000, but the reality of at least some of the individuals was later called into question. Weapons of all kinds are for sale. This includes malware and the services needed to deploy it. Sites like “Rent-a-Hacker” have offered the services of a professional hacker to “solve your problems, destroy your enemys” [sic]. An organization or even an individual with only relatively modest means can hire the talent to mount a fairly devastating cyber penetration, whether to steal data or to disrupt.

Much of the talent operating in this environment is very young, and large, less-agile entities like companies and governments have difficulty competing (although they do in fact hire such talent, for both white-hat and black-hat work). In addition to hacking, there are several new services available through the dark web. Document exploitation (or docex) is an emerging trend: manipulating data in situ rather than stealing it. Encryption capabilities are also sold on the dark web, and these are providing a mounting challenge to governments. End-to-end encryption, if done well, can make the encrypted data essentially inaccessible to others in any feasible time frame. This could change if workable quantum computing arises, but for the moment the computer power necessary to crack hard encryption means it can be done only very selectively.