What is the Dark Web?

What is the Dark Web, and why should you monitor it?

The Dark Web is difficult to define without relying on the famous “think of the internet as an iceberg” analogy. The reason this analogy (shown in this image) is so prevalent, is because it truly is an effective and accurate representation of the internet as it is today (2021).

The Dark Web, Explained

The “surface web”, or the portion of the iceberg that is above the waterline is an insignificant portion of the iceberg in total. Around 5-10% of the iceberg protrudes above the surface, and around 5-10% of the “internet” consists of the “surface web”

The Surface Web is exactly as it sounds – it is the content delivered on the surface, viewable to all. Your company’s website, google search results, free to view news websites, Wikipedia entries, and other similar items are the “surface web”

The next portion, and vast majority of the iceberg is the middle section, denoted by the space between the yellow and purple lines on the image. This middle section is referred to as the “Deep Web”. The Deep web is compromised of access-controlled information – Things behind a “log in” page. Your email, your bank records, your health information records, company shared data, and other similar items are examples of the “Deep Web”

At the bottom of the picture, below the purple line, is the bottom “peak” of the iceberg. It is at the extreme depths of the ocean and hidden in shadow – difficult to get to. This is the truest part of the analogy – as difficult as it is to reach the bottom of the iceberg, so holds true the “Dark Web”. The Dark Web is a special section of the internet, reachable only with special tools and knowledge, where two main activities take place. There is legitimate transfer of information, interaction, and planning around democratic activities and protests – valid uses of the technology. The other use is for illicit trade and actions – extortion, sex trafficking, drugs, and the sale of information illegally obtained. This information brokerage service is where your concern around the Dark Web resides.

When someone compromises a website, say “ABCOrganization.com” – they do so with one or more of a set of goals. They might have done so to prove a point and/or strike a blow against ABCOrganization – they wished to cause the company damage. They may have done it for fame and recognition. Or they did it for monetary gain. The monetary gain represents most compromises – Cybercrime represents more revenue to organized crime than all other forms of crime combined (1). This financial incentive drives the current cyber-crime environment.

When that malicious actor gets access to ABCOrganization’s information systems, one of the most common targets is the “username and password” database used to control access to ABCOrganization’s website. Once they have this database, the risks multiply exponentially.

  • The hacker can use the database to attempt to steal identities of the impacted users (You may have names, dates of birth, addresses, and other identifying information in ABCOrganization’s systems).

  • The hacker can take the database and sell it on the darkweb to other parties for their use (more on this soon)

  • The hacker can use the database in their own attacks.

The next question to answer is “why would anyone want a copy of ABCOrganization’s username and password database, they only sell X to people?” The answer is twofold. First, the most common username for a website is your email. A list of emails is incredibly valuable in and amongst itself – You can send all sorts of attacks against someone’s email [91% of all cyberattacks begin with a malicious email (2)]. If you follow the thread of logic further however, the email/username is ½ of what you need to access any system.

The second part relies on humans being creatures of habit. Most people tend to form habits – we eat the same meals at restaurants, we go to the same places, we form routine. One of those routines is in our passwords – if we find one that works, often, we will use the same password, or password schema, repeatedly. The hacker might not care about ABCOrganization and their product line of widgets, but they do care about XYZBANK and their financial data. If you use the same username (your email) and the same password to get into both systems, the hacker does not have to break into a bank to get access to your money – they just have to hack the widget company.

Now we come to the crux on why we should monitor the Dark Web – The Dark Web is where stolen credentials (the username and password database from our ABCOrganization example) are bought and sold. The hacker can go online and purchase a database for sale, load it into their system, and attempt compromises using the combinations automatically against the 500 most common websites over a period of days, and never trip an alarm on those systems. If you have reused passwords, or your passwords follow a simple to guess schema, the hacker can log in as you into your sensitive “Deep Web” systems and start launching further attacks. A Dark Web monitoring solution can alert you when one of these databases is listed for sale that contains your email, which allows us to respond before someone can launch an attack against us, or our organization.

If you’re concerned around what your exposure might be, or not currently monitoring the risks to your organization on the DarkWeb, Doberman can help. Click here to get a free dark web report on what exposure currently exists, as well as complimentary 20-minute call to review your report and what actions you can take to mitigate the risks for your organization.



(1): Michael George, CEO – Continuum, Navigate Conference 2018.

(2): Deloitte collected 7.19.2021- https://www2.deloitte.com/my/en/pages/risk/articles/91-percent-of-all-cyber-attacks-begin-with-a-phishing-email-to-an-unexpected-victim.html

Iceberg image collected royalty free 7.19.2021 from Vectorstock.com (https://www.vectorstock.com/royalty-free-vector/iceberg-vector-2941130)

« More Posts