top of page
  • Writer's pictureYaniv Hoffman

How Does The Dark Web Work

The internet has changed everything from the way we work to the way we play, way we learn and definitely the way we live.

There is so much stuff in the internet, most of which you don’t even know exist.

If you want something, anything, whether It be a service or product, legal or illegal, immoral or unethical, the internet has it! You can choose to use it for good or bad.

Like much of the surface web we use every day, the Dark Web is full of websites, forums and services that we can be used, but its hidden under a layer of protection.

The dark web is the haven for illegal online activity and it goes deeper, much deeper than you might imagine.

It’s a place where criminals, predators, spies, drug and human trafficker lie.

You can access it in a min if you wanted, but should you?

The Iceberg

You can breakdown the internet into 3 separate categories

  • First off – Surface Web – is the visible surface layer that we use on a daily basis to reach all commonly public facing websites (YouTube, Wiki, Facebook, forums like reddit and so on). These websites are labeled with registry operators like “.Com” or “.Org” and indexed by popular search engines such as Google Chrome, IE, Safari, Firefox. If you want to visualize the entire web like an iceberg, the surface web will be the portion above the water. From statistical standpoint, this collective of websites and data makes up under 4% of the total internet

  • Yet if you want to find things like email accounts, financial accounts, legal files and medical records, these things usually are hidden under password protected websites and this is what is called the Deep Web. The deep web lies below the surface and accounts around 94% of all websites. Making it so large that it’s impossible to discover what webpages are active at any given time. To simplify it, basically “if you can’t find it on google its technically the deep web”. I understand it may sound not cool as much, but it’s like the surface web with just a bit more secrecy.

  • But even further deeper than the deep web, in a very concealed place that few will ever interact with or even see, lies a secretive place where websites encrypt their existence, sliced without IP address to make them nearly unrecognizable and can only be accessed by users with special SW to completely mask their identities. Here anything and everything goes!!! We have reached the Dark Web!

Breaking down the construction of the dark web reveals key layers that make it an anonymous haven

  • No webpage indexing by search engines

  • Virtual traffic tunnels via randomize network infrastructure

  • Inaccessible by traditional browsers due to its unique register operator. Also its further hidden by various network security elements like firewalls and encryption

But how does it work? How can you hide from the rest of the world on something that pretty much everyone has access to?

Funny enough, the US gov thought this through over 20 years ago and wanted to protect their communication online.

Thus, in md 1990’s, researchers at the US naval lab began to work on something called “The Onion Routing Project”. Onion Routing protects data sent by wrapping it with multiple layers of encryption, where the most inner layer contains the original message.

Let’s use an example - Say you wish to get a message from point A to point B, but you don’t want to move it directly, you have to go through 3 midpoints. A, B and C.

The message is than wrapped in 3 layers of encryption. Each layer only knows where the message came from and where to send it next. Nothing else, so the message remains hidden and each midpoint, a layer of encryption stripped.

Eventually, after traveling through all the points, the final layer is stripped and message is revealed.

The encryption allows the data to be sent to and from multiple places without being vulnerable to interception in between , darknets like TOR can exist.


From a visual look, It seems like any other normal web browser, but through it, you can access web pages that aren’t available to the general public. So looking at the operators in the surface web that finish with .com or .org, with TOR you can access “.onion” websites.

Who Uses the Dark Web ?

Like everything in today’s world, it divides between the bad guys and good guys


  • Financial fraudsters – that interested in financial gains, who drive extortion and ransomware attack

  • Social engineers – who is selling phishing templates to lure victims and steal their credentials

  • Malware users

  • Black hat hackers – Try to break into security systems and have malicious intent

  • Narcotics dealers/users

  • Traffickers of illicit goods & services – Dealers and users that trade with illegal merchandise


  • White hat hackers – Are ethical computer hacker, or security expert who specialize in pen testing and other testing methodologies that ensure the security of his organization

  • Hobbyists (Gaming, crypto, tech) – Forums of gaming like WoW, Fortnight and etc ……

  • Journalists – Try to gain knowledge on this world to publish the world

  • Law enforcement

  • Intelligence agencies – Track the bad guys

  • Security professionals – That want to learn about methodology, tools and plans of bad actors in order to protect their orgs

Type of threats Actors on the dark web

Threat actors can also be categorized into 4 main groups, where high experience bring high reward and sophistication

  • Scripts Kiddies – majority are script kiddies. They are not these expert hackers wearing hoodies in their parents basement with matrix stuff going on behind them, smashing on their keyboards. A lot of are very young, even teens. They don’t know to write code, they are not expert in hackers, but they come on and figure out how to do it.

  • Proficient hackers – These are people that really know to do things. They carry on more sophisticated attack. Selling their services

  • Crime syndicates – Have top professional hackers. What separate them is that they have physical infrastructure. They have money mills, bank accounts, they know ways to move money and these groups can do much larger crime.

  • APT – Gov actors

Threat Types

Looking at the threat types, and even combining them with the actors we just talked about, again its reward vs complexity

  • Checkers

  • Crackers – Bad actors with malicious intent that try basic level of penetration, such as brut force…..

  • Fraud

  • Spamming

  • Phishing – more sophisticated attacks to lure victim into revealing sensitive info that can be used for malware deployment, data theft and ransomware that we lately here like Colonial pipeline attack and JBS in USA with $4.4M and $11M ransom respectively

  • Crypto miners

  • Ransomware

  • Known exploits

  • Card Sniffers

  • Zero day exploits – To the most concerning zero days vulnerabilities that are actually unknown vulnerabilities that can exploit traditional security systems if not based on behavioral AI and ML

Why it’s so lucrative?

To give you an idea about size of the dark web market and the revenue they bring, it’s imperative to look at this graphs from Chainalysis (The people that are watching the bitcoin and crypto currency transactions and flows).

We can see that in 2020, the darknet revenue peaked to $1.7B worth of crypto currency probably due to the pandemic that caused more people to go online.

These numbers are definitely the reason behind the extreme motivation for recent months attacks and unfortunately a sign for future to come.

Taking another look at the dark web market share and groups, you can notice one group in particular named Hydra that controls 75% of the market while other groups are coming and going (either closed by law enforcement agencies or reinvent themselves under new identity).

How to protect yourself from the Dark Web

Here are some steps as a precaution to keep your information and private life off the dark web

  • Identity theft monitoring – it’s critical that you keep your private info from being misused. All kinds of personal data can distribute online for a profit. Passwords, physical addresses, bank accounts and SSN circulate in the Dark Web all the time. So keep your password rolling, stay away from shady websites and links, don’t open emails and attachment you are not familiar with, use 2FA and don’t store it in unprotected place, regularly check your credit cards reports and establish fraud alerts

  • Antimalware and antivirus protections – are crucial to prevent malicious actors from exploiting you. End point security programs are comprehensive to cover both identity monitoring and antivirus defenses.

9 views0 comments
bottom of page