Unveiling the Dark Web: Its Implications for Businesses

Understand the Dark Web's uses and risks, and best practices for businesses to safely navigate the underbelly of the internet.

Stu Sjouwerman, CEO, KnowBe4

August 2, 2023

4 Min Read
An eye with a brown pupil against a background of a dark cloud and white numbers. Darknet concept.
Alena Ivochkina via Alamy Stock

To an average user, the internet feels infinite. But what if what is seen on Google or Bing is just a fraction of all the content that exists? According to the Center for Internet Security, the internet can be divided into three main segments:

First, the surface web, or what we use every day with HTTP.

Next is the deep web, or websites that are either not indexed or are explicitly blocked from search engines. These can include corporate databases, transactional data, anything that’s password protected and not meant to be easily accessible.

The third segment is the Dark Web, the part only accessible via specialized browsers such as Tor (short for “The Onion Router”). Because this layer offers high levels of anonymity and privacy, it lends itself to criminal activities, the trading of contraband and illegal goods and services.

Who Uses the Dark Web?

Some users of the dark web are just regular surfers consuming content in anonymity; some are researchers; some are there to access or download pirated, adult, or restricted content; others are users from authoritarian countries like China and North Korea, where global access to online information is restricted or suppressed. The dark web is also a hotbed for threat actors and organized crime syndicates engaged in all kinds of nefarious activities.

 From a cybercrime perspective, there are three main groups:

  • Hacktivists:People or groups that promote a certain political agenda or social ideology, using the dark web for anonymous communications, to organize protests, to forge alliances with other hackers and to disrupt, spy, steal or leak information. Well-known hacktivists include Anonymous, Legion of Doom, Masters of Deception, and Chaos Computer Club.

  • State-sponsored actors:Typically supported by adversarial nation states, these attackers are involved in activities related to spreading disinformation, reconnaissance, intellectual property theft, disruption of critical infrastructure, or other destructive pursuits.

  • Cybercriminals:A generic label for adversaries involved in the business of cybercrime for profit. Threat actors that manufacture and deploy malware, offer phishing and ransomware services, steal intellectual property and compromise systems.

What Can One Find on the Dark Web?

The dark web is a collection of forums, marketplaces and online communities that operate like regular websites with the exception that law enforcement is absent. Since users can easily conceal their identities and hide their geographical location, they openly share racist and extremist content; discuss matters pertaining to hacking, malware, and data leaks; drug trafficking, weapons, child pornography, etc.

The dark web contains whistleblower websites where users can leak confidential info about their employer or business associates. On dark web marketplaces, cybercriminals openly advertise and sell hacking services, malware tools, phishing and ransomware kits, cryptocurrency exchange services, deepfake services, and more.

Like a wild west frontier, it is easy to buy stolen credit cards, PII (personally identifiable information) and massive quantities of log-in passwords and credentials. Stolen ransomware data is also put up for sale or auction. One can search and filter by country or industry. Sellers even allow prospects to browse files before they purchase the data.

Why Businesses Should be Wary of the Dark Web?

A random visit to the dark web by an employee can expose the entire organization to harm. Therefore, it is highly advisable that businesses educate employees on the dangers the dark web poses. Managers should run phishing simulations and train users to be wary of Tor-based web addresses that end with “.onion” instead of .com, .net, .edu, or .gov. Reports show cybercriminals obfuscating dark web links in social media URLs, luring unsuspecting users to enter. Organizations should update their cybersecurity policies and caution against use of the dark web. Educate employees that downloading a Tor application is against company policy and actions such as posting confidential data can lead to suspension or litigation.

How to Safely Research the Dark Web

While it is highly recommended that ordinary businesses do not venture into this area, there are certain situations (such as determining whether company data has been leaked), and occupations or businesses (e.g., journalists, law enforcement, security researchers), where individuals may need to explore or research. Recommended best practices for accessing dark web sites:

  • Set up a proxy internet connection using virtual machines. Leverage a non-corporate VPN to access the Tor network.

  • , a tracking method more invasive than cookies. Use a Tor browser to protect your IP address while staying anonymous.

  • Don’t assume that because the Tor browser is anonymous, it’s secure. Any traffic passing through the browser, whether it's encrypted or not, is being decrypted and then re-encrypted at every site. Anyone could be collecting data that you are putting through.

  • Once you’re done accessing the dark web, don’t use the same machine or network to access the corporate intranet or elsewhere.

While the above security best practices are important, a majority of security incidents are caused by users that are not trained. This is why organizations must invest resources in building a culture of security, making employees aware of threats before indulging in irresponsible and risky behavior such as accessing the dark web.

About the Author

Stu Sjouwerman

CEO, KnowBe4, KnowBe4

Stu Sjouwerman is founder and CEO of KnowBe4, developer of security awareness training and simulated phishing platforms, with over 60,000 customers and more than 45 million users. He was co-founder of Sunbelt Software, the anti-malware software company acquired in 2010. He is the author of four books, including “Cyberheist: The Biggest Financial Threat Facing American Businesses.”

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights