February 24, 2015 By Douglas Bonderud 3 min read

How much of the World Wide Web is readily available to search engines? Chief information security officers and IT security professionals know the amount of data hidden from plain sight is substantial — something akin to an iceberg carrying nine-tenths of its weight below the surface.

However, according to a new Global Commission on Internet Governance report, the number is much larger. Just 0.03 percent of the so-called Deep Web is available to search engines, while the even-deeper Dark Web is deliberately hidden and unavailable when using standard browsers.

Such a massive piece of virtual real estate that is essentially unmonitored by Internet oversight agencies raises the question: Is there any hope for cybersecurity in the dark?

Deep Web Versus Dark Web

To understand the effect of Dark Web data, it is first important to separate the Deep Web from its shadowy counterpart. The report, “The Impact of the Dark Web on Internet Governance and Security,” defines the Deep Web as “a class of content on the Internet that, for various reasons, is not indexed by search engines.” For most major engines, this lack of indexing is tied to profit. While the information is readily available to those who look, so few are interested that actively crawling for this content provides little to no return on investment.

The Dark Web, meanwhile, is “a part of the Deep Web that has been intentionally hidden and is inaccessible through standard Web browsers.” Powered by networks such as TOR and I2P, this hidden Web makes it possible for users to remain entirely anonymous. While in some cases, this anonymity is used simply as a way to protect free speech or for government agencies to keep top-secret data under wraps, there is another side to this darker corner of the Web filled with cybercrime, the transfer of illegal goods and even terrorism. Are Internet governance and cybersecurity even possible in this environment?

Here Comes the Calvary

According to a recent Naked Security article, it’s only a matter of time before law enforcement and other agencies gain some measure of control over the Dark Web. The article likens the existing hidden Web to the Wild West — even though it was once larger than the settled territories of the United States, even this lawless land eventually found itself bound by law and order.

According to the Global Commission on Information Governance report, the following are six key monitoring areas that are essential to the success of any governance effort:

  1. Mapping the Hidden Services Directory: Both TOR and I2P use a distributed hash table system to hide database information. Strategically deployed nodes could monitor and map this network.
  2. Customer Data Monitoring: There will be no monitoring of consumers themselves, but rather destination requests to track down top-level rogue domains.
  3. Social Site Monitoring: This includes watching over popular sites such as Pastebin to find hidden services.
  4. Hidden Service Monitoring: Agencies must “snapshot” new services and sites as they appear for later analysis, since they disappear quickly.
  5. Semantic Analysis: A shared database of hidden site activities and history should be built.
  6. Marketplace Profiling: Sellers, buyers and intermediary agents committing illegal acts should be tracked.

The bottom line for businesses? While the Dark Web does not pose any immediate or obvious threat, it exists nonetheless and operates as a catchall both for users seeking anonymity and those looking to operate outside the law. Monitoring this hidden corner of the Web is by no means impossible. It comes down to the choices nation-states and private companies are willing to make. How much light must be thrown at the Dark Web to make it safe, while still respecting the right to Internet anonymity? Is a known darkness better than none at all?

Image Source: iStock

More from

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today