Beneath the Surface of the Web

The Surface Web

The Surface Web is the area of the web that is indexed by search engines and easily reachable via any web browser. Imagine going to your browser, navigating to a search engine, searching for information about zoo animals and then reading about them on Wikipedia. Everything you just did was on the Surface Web. As you can imagine, however, not all information that lives on the online is indexed and searchable.

The Deep Web

You wouldn’t want someone to be able to search for and access your bank account information, would you? That’s where the Deep Web comes in. The Deep Web houses internet content that is available on the web – but is not indexed and searchable from a web browser. Instead this information can only be accessed by those who have the proper authorization. While the Deep Web has a legitimate, legal purpose — as the name suggests — the Dark Web was created for more nefarious purposes.

The Dark Web

The Dark Web, which is commonly confused with the Deep Web, is only a subset of the Deep Web. It is comprised of the services and websites running on the Darknet and has notoriously been used for illegal transactions. The appeal to malicious adversaries is that the Darknet provides an avenue to communicate and exchange information with the comfort of anonymity. The Darknet encompasses a means of anonymous communication in the electronic form for users looking to sell or obtain information, materials and/or goods that would not be readily available on non-encrypted, public networks.

Dark Web Assessments

Items and information sold on the Dark Web span everything from drugs to credit card numbers. So how do you — as an individual, company or agency — assess and determine if your information is for sale, has been sold, or is otherwise exposed on the Dark Web? The most thorough way is by performing a manual assessment. Since the Dark Web operates quite differently than the Surface Web — it is highly recommended that an experienced professional be utilized to perform an assessment.

In order to perform active reconnaissance, the individual will likely utilize VPN services as well as the Onion Router network in order to connect to the Dark Web while maintaining anonymity. Known and discovered forums will be used to perpetuate a willingness to discover related data that may be available for sale on the black market. Tools will then be used that allow for data scraping and crawling of Dark Web sites for keywords that may match related data. Once potential sites are discovered, attempts will be made to crawl and scrape readily available information from that specific site.

While doing a one-time Dark Web assessment is a great step forward — it is important to note that the results of an assessment will always be dictated by the availability of the data during the assessment period only. There is a chance that data has in fact been breached and stored, but not yet been released. It is highly recommended that assessments be performed on a recurring basis — especially if it is being done in response to an actual breach — to ensure that the data is not present.

Feel free to reach out to us at Assurit if you’re looking to complete a proactive assessment or are performing post-breach forensics. Our Dark Web experts would be glad to help.