Arm your security team with the tools, techniques, and insights to uncover hidden threats. Learn to identify risks early and strengthen your defenses with actionable intelligence.
Dark Web vs. Deep Web vs. Gray Web
Share:
The Internet is an intrinsic part of our lives and livelihood. We’re all familiar with what’s called the Surface Web, which are all the sites that you find when Googling for information. But then you hear terms like ‘Dark Web,’ ‘Deep Web,’ and even ‘Gray Web’. You may wonder if they are just different terms for the same thing. It is essential to distinguish between the these terms as they are not interchangeable, even though they do overlap significantly, so that you know where to look for threats and protect the security of your organization.
Differentiating Parts of the Web
What most people think of as the “Internet” or the world wide web is actually what is known as the Surface Web. This is the part of the Internet that is visible to search engines like Google and accessible via normal web browsers. The Gray Web is referred to the part of the Surface Web where fraudsters discuss or research their activities. However, the Surface Web represents only the tip of the iceberg when it comes to the internet – the majority of it is actually hidden.
The Deep Web, which includes sites accessible via normal browsers but not visible to search engines, makes up a much larger portion of the Internet. The Dark Web, which is only accessible via special web browsers, uses the same network infrastructure as the Surface and Deep Web but is completely distinct from it.
The Gray Web, Deep Web, and Dark Web are all valuable sources of threat intelligence, but many organizations limit their information-gathering efforts to the Surface Web. Expanding their reach – through the use of Dark Web monitoring tools – can be invaluable to a corporate cybersecurity and risk management program.
What is the Deep Web?
Not all of the Internet is intended for public consumption. The Deep Web houses web pages that are designed for restricted use and are protected by registration portals, paywalls, etc. These Deep Web sites are not indexed by search engines, making them impossible to find via traditional search engines like Google, Bing, etc.
Unlike the Dark Web, sites on the Deep Web can be accessed using normal web browsers like Firefox, Google Chrome, and Safari. Also, these sites are often linked to publicly accessible pages, making them findable and accessible by users with the right login credentials and willingness to pay. For example, sites like Netflix are reachable from search engines, but the videos hosted on the site are only accessible to users who have created an account and paid a subscription fee.
Deep Web sites include private databases, restricted content, and other sources of in-depth information about companies and their operations. This makes these sites valuable sources of information if the content is accessible. However, the access restrictions on the Deep Web can make this information more complex and difficult to access.
What is the Dark Web?
The Dark Web, a subset of the Deep Web, is intentionally hidden from your standard search engines, and is much more difficult to access as all its data is encrypted. Web pages on the Dark Web can only be accessed using the Tor browser, and users need to know the URL of the website to find it. Dark Web sites are designed to offer anonymity and privacy, and many marketplaces offering illegal goods and services, forums where cyberattack campaigns are discussed, and other illegal discussions are hosted on the Dark Web. This makes Dark Web sites a rich source of threat intelligence for organizations; however, the design of the Dark Web can make this information difficult to find.
What is the Gray Web?
The Gray Web part of the Surface Web that is used by fraudsters. Unlike the Dark Web, no special browser is needed to access it. The Gray Web is where you can find forums on topics such as cracking tools, and hacking tips, often centered around eCommerce as a target. A cyber researcher, Ido Rozen, says the Gray Web is “the perfect place for a fraudster to share tips easily and exploits about eCommerce fraud with others who may not have access to the Dark Web.”
You can also find websites to download copyrighted material such as music, movies, games, software, and even Netflix credentials. Some downloads contain malware for the fraudsters to hack the unsuspecting user later. Law enforcement agencies don’t pay much attention to the Gray Web, so users don’t feel the need to be anonymous.
Difference Between Deep Web & Dark Web
Many mistakenly believe the Deep Web and Dark Web are synonymous but they are distinctly different. Like the Surface Web and even the Gray Web, the Deep Web does not require a special browser like the Dark Web.
The Deep Web contains all the Web sites that Web crawlers cannot index. Examples of sites on the Deep Web that require a login to access include bank accounts, Netflix accounts, and social media accounts. Other content on the Deep Web include private files like medical records, legal documents, and sites that have blocked search engine crawlers. Because the Deep Web contains valuable information like login credentials and personal data, fraudsters will target these sites to steal and sell data on the Dark Web.
Who Uses the Dark Web?
The Dark Web is designed to provide privacy and anonymity to its users by encrypting and anonymizing the traffic by using darknets. However, these features can be used for both legitimate and malicious purposes. On the positive side, the privacy and anonymity of the Dark Web are important for dissidents, journalists, whistleblowers, and freedom of speech advocates – the ability to communicate without being identified protects their safety. This is the primary reason why the US NRL developed the TOR technology used by most Dark Web visitors. However, the Dark Web is more famous for its illegal uses. Cybercriminals take advantage of the privacy and anonymity that the Dark Web provides for a variety of purposes. Dark Web marketplaces are used to buy and sell illegal goods and services. Forums hosted on the Dark Web host discussions on successful and ongoing cyberattacks, newly discovered vulnerabilities, and other details of cyberattacks. Dark Web users also use the platform to exchange tips and tools for performing different cyberattacks and fraudulent activities.
History of the Dark Web
Since the Dark Web is hosted on a darknet, its history is linked to the development of encrypted and peer-to-peer networks that run on top of the Internet. The Dark Web first emerged with the creation of Freenet in the early 2000s. Freenet was designed to allow peer-to-peer, anonymous communication to protect against censorship. The Onion Router (TOR) technology used by the TOR browser and the Dark Web was created by a project funded by the US Naval Research Lab (NRL). The goal of TOR was to allow secure communication by intelligence sources in dangerous environments and has since been adopted by the general public for secure, anonymous browsing. The scale and impact of the Dark Web expanded with the development of cryptocurrencies like Bitcoin, which allow semi-anonymous financial transactions to be performed on the Internet. This made it easier to buy and sell services on the Dark Web without going through financial institutions and helped to enable the growth of ransomware, ransom Distributed Denial of Service (DDoS), and other extortion-based attacks.
What is the Dark Net?
Since the Dark Web is a collection of websites that are only accessible via darknets, let’s take a moment to define what darknets are. Darknets are encrypted overlay networks that sit on top of the public Internet. These include peer-to-peer and privacy-focused networks and can only be accessed using special tools like the TOR browser. These networks use the infrastructure of the Internet for communications, but access to them is restricted. Darknets are designed for anonymity and privacy, making them ideal for criminals to communicate and buy and sell illegal goods and services. Famous illegal marketplaces like the Silk Road are hosted on the Darknet. By encrypting all traffic and making it difficult to determine the source and destination of web traffic, darknets make it more difficult to identify and attribute illegal activities and communications on the Internet.
The Dark Web Browser
Darknets and Dark Web sites are encrypted, peer-to-peer networks that are only accessible via certain tools. Most Dark Web users use the TOR browser, which is designed to make the Dark Web easier to navigate. TOR gets its name (The Onion Router) from the fact that all traffic is wrapped in multiple layers of encryption that are unwrapped by different people, making it impossible to learn both the source and destination of a request. The TOR browser provides improved privacy and anonymity on the public Internet and makes it possible to access .onion sites on the Dark Web.
Myths About the Dark Web
The concept known today as the Dark Web set its foundation in the early 2000s. In March of 2000, Freenet was released to allow a censorship-resistant way to use the Web. It also opened the way for sharing illegal pornographic material and pirated data. One of the key tools used on the Dark Web today was first released in 2002 – Tor, The Onion Router. Users gain greater anonymity online when using Tor because it encrypts Internet traffic and passes through several nodes. Ironically, the U.S. Government developed Tor so their operatives could remain untraceable.
There are a lot of myths about the Dark Web that it’s important to clarify:
It’s hard to access: False
Although you can’t use just any browser, all that’s needed is downloading and installing a special browser like Tor. Users of the Dark Web will often use a VPN to hide their identity and location further, but accessing the Dark Web is not required.
It’s illegal to access the Dark Web: False
Although the Dark Web is often used for illegal activities, it’s not illegal to access it in many countries. Some people use the Dark Web for legitimate reasons, but prefer to remain anonymous.
The Dark Web is only for technical professionals: False
Besides the illegal activities on the Dark Web, political dissidents and privacy advocates also use it for anonymity. Well-known organizations like Facebook and DuckDuckGo have Web sites on the Dark Web. It’s not as convenient as the Surface Web, but anyone of average technical prowess can use it.
What’s for sale on the Dark Web? Fraudsters who have hacked into systems and stolen data oftentimes turn to the Dark Web to sell what they've gathered. Common items for sale include credit card data, credentials, and even fingerprints. Cryptocurrency is the preferred payment method for transactions. The price tag for these items may be surprising, with usernames and passwords selling anywhere from $.10 to $1 and fingerprints selling for about $2 each.
Gain the Tactical Advantage
The illicit activities of fraudsters are happening across the Gray, Deep, and Dark Web. But the real battle against fraudsters is on the Deep and Dark Web, where tracking their activity is much more difficult. Choosing the right Cyber Threat Intelligence platform can be the best weapon to win the war and protect your organization and customer data. Deploying a CTI solution will allow you to monitor and gather data on what’s happening on the Deep and Dark Web get alerts on activity specific to your organization.
