Skip to main content

Should we worry about the 'dark web'?

ASU professor discusses this mysterious part of the net for Cybersecurity Awareness Month

October 19, 2016

Hackers on the "dark web" claimed to be selling information stolen from the Office of Personnel Management. A recent study found that more than 80 percent of dark web activity was related to pedophila. And if you've heard of bitcoin, chances are the story had to do with a dark web transaction involving something illicit.

But what is the dark web? Is it really so dastardly? Paulo Shakarian, director of Arizona State University's Cyber-Socio Intelligent Systems Laboratory and a researcher with the Global Security Initiative, is a resident expert who helps track down viruses and malware for sale on the dark web. He talked to ASU Now as part of national Cybersecurity Awareness Month. 

Question: The internet is more than just what you can search for in Google. Can you provide a basic rundown of what the dark and deep webs are?

Answer: The “surface internet” — or “clearnet” — is the internet we all consult to read the news, check our email and communicate on social media. It's the most transparent network, and the number of sites surpassed the billion mark in 2014. Sites that are restricted either because they address a small subset of the world population, like your library’s internal catalogue, or is sensitive in nature, like medical records, are not indexed and hence not returned on commonly used search engines. This is generally referred to as the "deep web."

The dark web relies on specific protocols, of which the most commonly known is Tor. Sites hosted on these crypto-networks will not render in your traditional browser. The term “darknet” refers to an earlier, smaller version of the dark web comprised of crypto-networks in general or Tor specifically.

Q: Is all the activity on the dark web illegal? Does it have its own culture?

A: By no means. Tor is widely used by journalists, political dissidents and human rights activists in regions suffering under repressive regimes. Privacy conscious citizens worldwide enjoy anonymous browsing without being targeted by custom advertisements on each site. Some tech-savvy folks put up a website on Tor just to say they’ve done it. However, there are ghastly contents out there as well: child pornography, assassination services, marketplaces offering all kinds of illicit goods and social media populated by pedophiles, drugsters, financial fraudsters and others.

Our lab is researching malicious hackers in particular. We do notice a distinct culture: The avatars they are choosing are oftentimes depicting popular underdogs and anti-heroes (e.g. the Joker of “Batman – Dark Knight,” and references to “Fight Club” abound). Furthermore, hackers use their very particular way of written communication and replace letters w1th num83r5 (referred to as “leet-speak”). They use their own slang: “leet” or “1337” refers to elite or highly skilled hackers whereas “noobs”/”n00bs” or “newbies” are new to the hacking world. The most derided are ScriptKiddies: hacker wannabes.

Q: Is government/law enforcement doing anything to ensure illegal things aren’t happening there?

A: Since I’m not in the government, I don’t think I can answer that question, but it's Cybersecurity Awareness Month, and every year the Department of Homeland Security brings awareness to the issue:

Q: What should regular people do to protect themselves from being victims of crime on the dark or deep web?

A: If you absolutely have to go and explore the dark web yourself, please install a virtual machine on a computer that has absolutely no data stored on it. The virtual machine is easily reimaged in case your browsing catches some malware. There is some very sophisticated malware “in the wild” that absolutely detects its environment and attempts to escape a Virtual Machine (VM) or Sandbox (commonly used for reverse engineering) and goes onto the computer itself — that’s why it's a good idea not to keep any data on that computer. Best, of course, is to stay away entirely.

As to the Clearnet:

• Practice password safety: choose a sAf3 P4ssW0rd adhering to recommended safety standards, choose a distinct password for each site, change it frequently — if you have to keep a list of passwords, try to keep it offline.

• Don’t be click-crazy.

• Keep backups of your data and/or work off an external hard drive, so you don’t have to pay and thus perpetuate ransomware attacks (disconnect your backup hard drive as often and as long as possible).

• Read up — you’d be amazed what’s out there! Over time you will gain situational awareness, which will enable you to protect yourself.

• Be critical of online services in how they are storing and dealing with your data.

More Science and technology


Two teenagers hug and smile at each other.

ASU study: Support from romantic partners protects against negative relationship stress in teens

Adolescents regularly deal with high levels of stress, which can increase the risk of substance use and experiencing mental health challenges such as anxiety or depression. Stress can also affect…

A large bluish-white planet in space.

ASU scientists help resolve 'missing methane' problem of giant exoplanet

In the quest to understand the enigmatic nature of a warm gas-giant exoplanet, Arizona State University researchers have played a pivotal role in uncovering its secrets. WASP-107b has puzzled…

Digital rendering of cells.

Study finds widespread ‘cell cannibalism,’ related phenomena across tree of life

In a new review paper, Carlo Maley and Arizona State University colleagues describe cell-in-cell phenomena in which one cell engulfs and sometimes consumes another. The study shows that cases of this…