The Dark Web Explained: How It Works & Why It's So Dangerous

What Is the Dark Web? What Happens There?

While most people access the internet through common web browsers like Google Chrome, Safari, and Edge, there are deeper levels of the internet that aren't accessible by the average user.

The Dark Web is a collection of websites, forums, and marketplaces that are only accessible by using the Tor browser. This specialized browser grants users a level of anonymity that is especially appealing to cybercriminals, hackers, and government operatives who want to hide their identity.

However, while many people choose to talk about the Dark Web in cryptic terms to stir up fear, it's not just a space for criminals.

In this guide, we'll explain what the Dark Web is and how it relates to the other layers of the internet, clear up common misconceptions about what happens on the Dark Web, and explain the real risks and dangers that the Dark Web poses to your digital security and identity.

{{show-toc}}

What Is the Surface Web?

The internet comes in layers: visible, deep, and dark.

Most people only interact with the visible or "surface web." These are the nearly two billion public websites you can access through search engines — from Wikipedia to public sector websites and news sites. However, this is just the tip of the iceberg.

Based on some estimates [*]:

The surface web makes up a mere 10% of the entire web — with the majority of web pages remaining hidden from the average user.

Why is this the case? Because not all the information you can access online belongs in the public domain.

So if we see just 10% of what’s actually on the internet, where is the rest of it?

Dark Web Vs. Deep Web: What's the Difference?

Most of the digital content in the world is not accessible via web search engines.

This colossal amount of information exists on the Deep Web (or “hidden web”), where almost all online activities take place.

You actually use the Deep Web as part of your daily routine. Every time you log into your email account, check your online banking details, or use social media, you’re on the Deep Web.

The Deep Web hosts information that usually requires a username and a password to access, mainly for security and privacy-related reasons.

Some entities of the Deep Web include:

• Databases
• Social media apps
• Online banking
• Email
• Intranets
• Forums
• Paywall-protected content

Many of the activities on the Deep Web involve personally identifiable information, such as medical and legal documents, financial records, academic research, intellectual property, confidential commercial data, and more.  

While you may not be using the term Deep Web daily — or ever — it’s part of your life more than you realize.

Still, this is not the same as the Dark Web, a term you’ve likely seen around. The Dark Web is yet another fraction of the internet that’s not equivalent to the Deep Web. Let’s look at the reasons behind its negative reputation.

📚 Related: What Is Dark Web Monitoring? (Get a Free Dark Web Scan) →

Why Does the Dark Web Exist?

While no one can pinpoint the origins of the Dark Web, it’s now referenced in mainstream conversations about technology and digital security as the seedy source of many security issues.

Essentially, the Dark Web uses a cluster of nodes and networks called “darknets.” These include — but aren’t limited to — peer-to-peer networks — small and big — including Tor and Freenet.

Those who want to browse and use the Dark Web need to use specialized software, such as the Tor browser. Because it’s such a big part of internet activity, it’s worth noting how this Dark Web browser works and why it exists.

What Is the Tor Browser?

Developed in the mid-1990s to keep U.S. intelligence communications from prying eyes, the Tor Project is the preferred method to access Dark Web content.

The Onion Router (hence the Tor acronym) uses three layers of encryption and a specific internet traffic routing mechanism to ensure complete anonymity. It combines strong layers of encryption with the ability to randomly bounce internet traffic through the Tor network of relays.

This high barrier entry to the Dark Web exists to protect user identities, online activities and location, and maintain their anonymity.

By using the Tor browser, internet users can access the Dark Web to communicate and share data in confidence, without the risk of being traced. Most users on the Dark Web are logged into a Virtual Private Network (VPN) to further conceal themselves.

Some use the Tor Project and Freenet as synonyms for the Dark Web, but that’s incorrect. The Tor network and other networks that use onion routing emerged to protect online communications; not to support criminal actions.

The people who need the Dark Web so they can keep doing their dangerous — but not necessarily illegal — work are:

• Whistleblowers
• Dissidents of oppressive regimes
• Activists
• Journalists who must protect their sources
• Law enforcement
• Intelligence agencies
  

As you’d expect, misguided individuals or those with clear criminal intent have found a way to use this level of anonymity to cover up their illicit activities and — up to a point — evade law enforcement agencies.

📚 Related: How To Block Websites on iPhones and iPads [4 Ways] →

Why Is the Dark Web So Dangerous? What Can I Find There?

Cybercriminals and other malicious actors rely heavily on the capabilities of the Dark Web in various unlawful ways. The hotspots for illegal activity on the Dark Web are marketplaces and forums where bad actors transact illegal products and services.

Some of the illicit products lawbreakers and scammers peddle on these black markets include stolen and counterfeit data which comes in many varieties:

• Personal data. (Also called PII or personally identifiable information) This includes full names, home addresses, phone numbers, birth dates, Social Security numbers (SSN), hacked email addresses, and many more details that can pinpoint you as an individual.
• Financial data. Stolen credit card details, online banking usernames and passwords, credentials for cryptocurrency accounts, banking and insurance records, and much more.
• Online account login data. Typically comprising username-password combinations, which provide access to accounts ranging from social media to ride sharing and video streaming services to paid professional services. Even logins to genetic testing and antivirus products are in demand.    
• Medical data. (Also called PHI or personal health information) This covers your medical history, prescriptions, biometric data (including fingerprints and images of your face), test results, billing information, and other sensitive details. In the wrong hands, this can culminate in medical or even fingerprint identity theft.
• Confidential corporate data. Includes classified information such as intellectual property, patents, competitive intelligence, and other operational details.
• Forged data. Most notably fake passports, stolen driver’s licenses and IDs, bank drafts and more.

{{hacker-view-widget}}

Other illicit marketplaces on the Dark Web

Besides personal information yielded from data breaches and various other types of cyber attacks and online scams, these black markets also offer illegal drugs, access to emerging cyber threats and viruses, and even hitmen for hire [*].

The most notorious of all Dark Web marketplaces was Silk Road which, at its peak, catered to over 100,000 buyers.

Founded by Ross Ulbricht in 2011, the website became the most popular black market, especially for narcotics traffickers. The FBI shut down Silk Road in 2013, but version 2.0 came briefly back online before law enforcement took it down for good.

Ross Ulbricht received two sentences of life in prison, along with three other convictions. The U.S. government seized over $1 billion worth of bitcoin throughout the entire takedown operation and the decade following it.

In addition to the possibility of making big money on these Dark Web marketplaces, people seek the Dark Web for other reasons as well. This part of the internet also hosts vast amounts of child pornography, with some websites reaching tens or hundreds of thousands of users.

As a hub for criminal activity, the Dark Web offers more than just “products” to anyone willing to buy and consume. It also offers services that enable cybercriminals to launch attacks with little technical knowledge or experience.

📚 Related: How To Find Out If Your Information Is on the Dark Web →

How to safely access the Dark Web

The Tor Browser is the easiest way to access Tor and thus, the Dark Web. It is available for free download and installation on the official website. You can use a VPN and your existing browser's private/incognito mode to hide your Tor Browser download.

The Tor Browser is currently available only for Windows, Mac, Android, and Linux. Once connected, you'll have access to dark net websites called “Tor hidden services". Instead of “.com” or “.org”, Dark Web addresses trail with a “.onion“.

What Types of Services Can Cybercriminals Access on the Dark Web?

While personal information may seem invaluable to you, cybercriminals trade personal information for a mere few dollars on the black markets that exist on the Dark Web.

Details for credit cards carrying a balance up to $1,000 cost $150 on average, while stolen online banking login details (for an account with a balance of at least $100) go for just $40.

A hacked Uber rider account goes for just $4, and a Netflix account with a paid one-year subscription is worth $44. More out-of-reach commodities such as a French passport can cost up to $4,000.

Marketplaces on the Dark Web even feature rating and review systems, so potential buyers can identify “trustworthy” sellers. With all these features, and the appeal of cybercrime riches, it’s no wonder these black markets are experiencing a huge rise in supply, according to the Dark Web Price Index.

Besides selling personal data and compromised accounts, cybercriminals also sell:  

• Off-the-shelf software exploits (exploit kits). Toolkits that cybercriminals use to attack vulnerabilities in systems so they can then distribute malware.
• Ready-to-use malicious software (malware). Ransomware, information stealers, keyloggers (to record every key pressed on a device), spyware, adware, rootkits (notoriously difficult to spot and stop), Trojans and worms (with self-replicating capabilities).
• Malware-as-a-service. A subscription-based model that rents the software and hardware cybercriminals need to carry out attacks, complete with malicious software, a distribution network, a range of targets and even technical support, and a personal dashboard to manage the project.  
• Software vulnerabilities. Unknown to the software maker (called zero-days), cybercriminals can use this to infiltrate organizations incognito.
• Access to networks of compromised devices (botnets). The computing resources malicious hackers need to carry out their attacks.
• Distributed denial of service (DDoS). Offerings that use extensive botnets to flood victims’ systems with so much traffic that it takes them offline along with the services they supply.
• Cybercriminal training. Tutorials, guides, and other types of content that support the upskilling of bad actors in various roles.
• Money laundering (money muling). Enables scammers to disseminate the money that they steal, extort, or otherwise take from their victims — and turn it into clean, untraceable cash.
  

Your data could already be on the Dark Web

Because this offering is so extensive and affordable, the Dark Web is the ideal breeding ground for criminals. Even more of a threat, hackers looking to make a lot of money and profit off people and companies around the world have found a way to do it — fast and at scale.  

The Dark Web’s abilities to provide airtight confidentiality has created an environment conducive to crime of all sorts.

Unfortunately, chances are that at least some of your data is already in a private data leak somewhere on the Dark Web, hidden in one of the illegal websites, forums, blogs, and data repositories that live in that hidden “corner” of the internet.

How Do Cybercriminals Monetize the Dark Web?

• Using stolen personal data for all types of financial fraud and identity theft.
• Using stolen confidential information to extort companies and individuals, even threatening to leak it on the Dark Web.
• Using financial information to make unauthorized payments for goods and services, drain bank accounts, take unlawful loans, and derive other illegal monetary benefits.
• Use username-password combinations in automated, widespread attacks to gain access to even more accounts, steal even more data, and sell it for a profit on the Dark Web.
• Infect devices with malicious software to either harvest additional data, use it in subsequent attacks, or extort victims for money — which is what ransomware does.
• Disrupt an organization’s operations so that their value depreciates, their reputation takes a hit, and they risk costly long-term damage.
• Defraud organizations through business email compromises, by stealing intellectual property and selling it to competitors, or by holding their systems hostage until they pay a hefty ransom.
• Specialized criminal groups thrive since it’s easier to combine stolen data with compromised infrastructure and malware. This means even less-skilled malicious hackers can launch cyber attacks and start a lucrative business.

Lots of criminal activity happens on the Dark Web because it offers the anonymity that enables hackers and scammers to go undetected — but only up to a certain point.

📚 Related: What To Do if Your SSN Is on the Dark Web →

Is the Dark Web Illegal?

Despite its menacing name, the Dark Web is not illegal per se, nor is it unlawful to access it. However, the undeniable fact is that most of the activities that happen on the Dark Web are related to criminal actions.

What Are Some Dangers of the Dark Web?

• You risk your freedom and could face severe legal consequences. If you are caught buying an unauthorized firearm or illegal drugs, or end up on a child pornography website while browsing the Dark Web, you could face steep legal action.‍
• No security provisions. This part of the internet doesn’t include security provisions like the ones you’re used to on the World Wide Web, such as built-in protection against malicious websites in your web browser. For example, both Chrome and Firefox warn you about dangerous websites that steal your data in phishing attacks. This doesn't happen on the Tor browser.‍
• Risk of device infection. Unless you're protected by a unique cybersecurity setup, going on the Dark Web means you'll risk infecting your devices with malware, ransomware, and trojan horse viruses.‍
• Financial scams. Given the illicit nature of conversations and interactions on the Dark Web, you can even get caught in a scam or become an unwitting accomplice and risk prosecution.

The data speaks for itself

Reported cybercrime damages added up to $6.9 billion dollars as per data released in 2022 [*]. Since only a fraction of cyberattacks and incidents actually get reported, the harm is much more extensive.

To stifle the source of these problems, law enforcement is constantly monitoring the Dark Web and organizing takedown operations to dismantle criminal organizations that have built illegal businesses under the cover of anonymity.

For example, in January 2021, Europol announced it had taken down DarkMarket, “the world's largest illegal marketplace on the dark web.” Boasting half a million users, over 2,400 sellers and over 320,000 transactions reaching more than 140 million euros, this marketplace was one of the most active on the Dark Web in recent times.

In October 2021, law enforcers in nine countries carried out Operation Dark HunTOR, in which Europol simultaneously arrested 150 alleged suspects in Europe and the US.

“More than €26.7 million (USD 31 million) in cash and virtual currencies have been seized in this operation, as well as 234 kg of drugs and 45 firearms. The seized drugs include 152 kg of amphetamine, 27 kg of opioids and over 25,000 ecstasy pills.”

Europol’s Deputy Executive Director of Operations, Jean-Philippe Lecouffe, took this opportunity to remind criminals that “the law enforcement community has the means and global partnerships to unmask them and hold them accountable for their illegal activities, even in areas of the Dark Web.”

Hydra Market (Hydra), one of the world's largest and longest-running darknet markets, was seized by the Justice Department in April 2022 [*]. Since 2015, Hydra has received approximately $5.2 billion in cryptocurrency, accounting for 80% of all darknet market transactions in 2021.

Such cyber attacks often mean painful circumstances for its victims:

• Putting patients’ lives at risk when hospitals get infected with ransomware.
• Causing school closures that affect children, teachers, and their families [*].
• Blocking access to local government resources, which often affects vulnerable people.
• Provoking gas and water shortages, which directly affect the quality of life for many.
• Disrupting transportation systems and other consequences that threaten people’s safety and health, including your own.

📚 Related: 14 Hidden Dangers of Identity Theft That Can Ruin Your Life →

Can I Find my Data on the Dark Web?

The reality is that you won’t realize how extensive your personal data exposure is until you look at the hard data.

That’s why people who try Aura's Dark Web Scanner are shocked to see how much of their sensitive information is exposed just by running a scan of their email address.

The scanner specifically assesses your risk of identity theft, account hijacking, home title (i.e., deed fraud) and credit theft, spam and robocalls, and also how likely it is that data brokers might sell your personal information.

It’s unnerving to realize that other people treat your private information as a commodity. It can even be infuriating to see that information brokers’ activities aren’t even illegal because they claim to be using information that already exists in the public domain.

If it’s legal for them to sell your data in plain sight, imagine what cybercriminals are doing on the Dark Web with stolen personal information and their complete disregard for laws or regulations.

That's why family identity theft protection and financial fraud protection are key security layers needed to keep your life safe and secure.

Once your personal information is stolen and leaked through data breaches, it becomes scattered across the web, becoming impossible to delete that information from the internet. However, you can get alerts when unauthorized activity surfaces on your credit report, or whenever your details appear on Dark Web sites, data brokers’ lists, or even in public records.

📚 Related: Is Identity Theft Protection Really Worth It? →

Can Someone Sell My Data On the Dark Web?

It’s not wrong to assume that your personal information is on the Dark Web. If your personal details can be found on web search engines, then they’re most likely available on the Dark Web, too.

To recap, there are three ways your personal details end up on the internet, be it on the visible World Wide Web, part of the Deep Web, or on the Dark Web:

• Through your passive digital footprint (metadata). The data you inadvertently leave online when you use the internet. This includes your IP address (which also reveals your physical location), what kind of device you have, the websites you visit (browsing history), the type of web browser and search engines you’re using (Chrome, Firefox, etc.) and lots more details.
• Through your active digital footprint. This represents the information you willingly post online — from pictures to posts to videos, articles, and other details you disclose when you make purchases online (home address, phone numbers, etc.) and when you interact with service providers, friends, and a host of other entities.
• Through information other entities disclose about you. This includes governmental organizations, companies that offer credit reports, and data brokers that harvest and compile data about you so that they can sell a consolidated profile to companies that want to target you with ads.
  

Is My Identity at Risk on the Dark Web?

Starting from your email address, a persistent malicious hacker or scammer can scrape numerous details that can be used for financial fraud, identity theft, and many more types of cyber attacks.

To find out if your information is leaked on the Dark Web — you can rely on Aura’s identity theft protection service.

Aura extensively monitors your personal information, bank accounts, passport and driver's license IDs, and other sensitive data that can be found on the internet including on Dark Web sites.

And if you have no idea what to do if your identity is stolen, Aura has your back.

With Aura, you'll receive instant notifications if someone opens a new bank account using your name, if unauthorized activities appear on your credit report, or if any of your sensitive data is compromised in the event of a data breach. Any of these scenarios are a crystal clear warning sign of identity theft.

What Do I Do if My Personal Information is On the Dark Web?

If you've confirmed that your personal information is leaked on the Dark Web, you have an elevated risk of identity theft and financial fraud.

That's why many people today prefer an identity theft protection service in combination with a financial and credit fraud protection solution. It’s much more effective to catch early signs of fraud when you find out about new inquiries on your credit file, like new credit cards or bank loans, in near-real time.

For example, with Aura, you'll have access to a Fraud Resolution team with 24/7/365 customer support to guide you through a critical situation in which you feel exposed or uncertain.

📚 Related: The 10 Best Dark Web Monitoring Services in 2023 →

Can I Remove My Information From the Dark Web?

There is no reliable method of removing your sensitive data from the Dark Web. Once it’s out there, you cannot reverse the process. That’s why the defense is the best offense, so it's worthwhile to be leveraging a service that monitors your personal data for you.

If you get an alert that Aura has discovered your data on Dark Web sites, the most effective action you can take is to contact Aura Customer Support. Aura's team works with you to create a remediation plan to secure your credit cards, bank accounts, and IDs to prevent identity theft or fraud.

Following that step, you should change your usernames and passwords immediately.

For added peace of mind, your Aura plan comes equipped with a ​​$1,000,000 insurance policy that covers eligible losses resulting from identity theft.

Take Action Against Identity Theft

You don’t have to become a cybersecurity expert to understand the mechanics of the Dark Web.

Now, you can also explain to others how their shared Netflix password exposes them to fraud, or why the Dark Web is not just for criminals but also for dissidents and other people fighting for legitimate ideals.

Ready for ironclad identity theft protection? Try Aura's 14-day free trial.