Deep Web is the internet that cannot be accessed through standard search engines or the pages that are not indexed in any way.
Top 3 Misconceptions About the Deep Web
Deep Web & Dark Web are the Same
Dark Web is classified as a small portion of the Deep Web that has been intentionally hidden and is inaccessible through standard web browsers. Dark Web and Deep Web, neither can be search-indexed but large sections of the the Deep Web, unlike the darknets that form the so-called Dark Web, do not need any special censor-resistant software for access. The Dark Web, on the other hand, can only be accessed through various platforms that allows anonymity, the best-known and most widely-used among which happens to be Tor. Other platforms like I2P and Freenet are also generally referred to as being parts of the Dark Web.
This is a Anonymous Platform
Amidst all the disturbing material found in the Dark Web, the fact remains that anonymous communication networks are a boon for many activists, reporters, researchers and whistle-blowers who simply need the anonymity, without which, their lives and livelihoods may be in grave danger
Deep Web is Only used for Illegal Goods & Services
Dark Web has flourished a thriving trade of all that is illegal and unacceptable in civil society. In their book Cryptopolitik and the Darknet, researchers Daniel Moore and Thomas Rid claimed that around 57% of the Dark Web includes illicit content. Yet, a large part of the darknets manage to stay within the legal and ethical boundaries for the most part. Tor hosts a vast majority of the websites on the Dark Web. Deep Web is primarily infamous for drug dealing, assassin hiring but if we look on the other side of the coin, Deep web is used by whistle blowers, hacktivists and revolutionaries.
>> Hands-on workshop: Dark Web for Threat Intelligence @SACON Pune
What Can be Found in Deep Web?
The Deep Web Includes the below but is not limited to the below
- You can get Multi-URL mega-databases that are very large for standard search engines to index.
- Records, certificates, name directories, library indexes ..& more
- Sensitive information like : Email id, Passwords, Password-protected and members-only websites
- The back-end dashboard of any sort of individual account, whether it be banking, social platforms, email services, etc. This is only available after an account is logged into and accessed. Then, the URL changes to a private address accordingly.
- Two-party user-to-user communications or threads on social media, chat services, messaging platforms, etc.
There are several tools used for reaching these parts of the internet. The TOR (The Onion Router) maintains the most popular tool for Dark Web access. Their primary product is the Tor browser. The .onion websites are opened only through TOR browsers. If you think you are completely anonymous though, think again. Law enforcement routinely shuts down and prosecutes sites and people doing illegal things on the Dark Web. Tor is the preeminent anonymising platform in the virtual world, and has been recommended by various human rights organisations as a shield for activists and dissidents fighting oppressive regimes around the world. cyber-security researchers are also known to use Tor to test firewalls and provide emergency DNS lookup services in case of DNS failures.
What Should a CISO be Concerned About?
Once a CISO is aware of what is available on the dark web, deep web or surface web, its easier to take steps to defend & protect those data from being used by the attackers. Any connection to or from the dark web within your company network can put you at risk (Dark Web Insider Threats)
- Exposed DB Servers & S3 Buckets (due to misconfigurations etc.)
- Exposed applications & websites, files & documents which are accessible
- Exposed services like APIs, FTP Servers etc.
- Personnel data which is available freely on the internet, including email addresses, phone numbers etc.
For more information on how to Discover & Map your Applications & Services which are publicly exposed on the internet, intentionally or unintentionally: Click Here
>> Hands-on workshop: Dark Web for Threat Intelligence @SACON Pune
Source: DarkWebNews Blog, FireCompass Shadow IT Page
Comments