There’s the World Wide Web, and then there’s the less understood and presumably nefarious Dark Web — but not all who use the Dark Web have malicious intent. So what is the Dark Web, and why would cybersecurity companies access underground exchanges in search of valuable data and intellectual property when there is so much criminal activity going on there?

Layered within the darkness are rays of intellectual light that are hugely beneficial to organizations for a variety of reasons. Many make the assumption that the Dark Web is bad, likely because of the connotation of the word “dark.” Couple that with the ability for users to browse anonymously and do as they please with little to no consequence, and it’s understandable that the masses approach what lurks in the darkness of the anonymous web with trepidation.

What Is the Dark Web?

While some may envision the most heinous criminals intermingling in a sort of virtual haunted house, a 2017 academic study titled “Graph Theoretic Properties of the Dark Web” found that the Dark Web is more a collection of dark silos than a web of connectivity. Researchers Virgil Griffith, Yang Xu and Carlo Ratti wrote that they analyzed the Dark Web “because it’s an interesting unexplored data set” and “on the face of it, the World Wide Web and the Dark Web are immensely similar.”

Many believe that the key distinction between the World Wide Web and its perceived underbelly is the societies inhabiting each. The study found that in the dark, there is much less of a web that joins the society of users together. “Unlike the WWW, the Dark Web is a place of isolation,” the researchers wrote.

Yet, not all who access the Dark Web are malicious. “There are actually four dark nets,” said Ran Geva, CEO of Webhose, in an interview. “The oldest and biggest one is the Tor network, which was originally designed by the U.S. Naval Research Laboratory to be a secure network for intel-gathering. There are three more: I2P, Zeronet and Freenet.” Those that followed in Tor’s footsteps were also created for anonymity and information liberation, not for illicit purposes.

Who’s Surfing the Dark Web?

To ensure that your security controls don’t prohibit users from being able to access information that can drive business productivity and actually enhance your overall security posture, it’s important to understand the users of the Dark Web. As an introvert, I’m inclined to see the Dark Web through a different lens. I appreciate the solitude and the ability to search for information without being tracked, and I’m not alone. Users from countries with censorship policies use the Dark Web to surf anonymously and reach content that is otherwise difficult to find.

People who want to leak important information may also use the Dark Web to publish sensitive information. Then there are users who just want to browse the web without being tracked. Additionally, many reputable organizations leverage previously unindexed data via the Dark Web and use it to their benefit.

Legitimacy Influx

As is often the case, the good things that happen on the Dark Web rarely make headlines. Most news stories report on the illegal exchange of goods and other criminal activity that happens there, but cybercriminals are not the only internet users who wish to remain anonymous.

Increasingly, consumers are experimenting with anonymized web browsers like Tor for their routine internet searches. As more users start to receive targeted ads based on their web searches, they will start to see great value in keeping their search habits private. In the December 2017 issue of IPPro The Internet, Michael Bednarek and Kristina Montanaro Schrader of Adams and Reese noted that a move toward anonymous commerce “presents a significant threat to the business model of Google, Facebook and other companies that derive much of their revenue from tracking users online and targeted advertising.”

Gathering Threat Intelligence

Exchanges within the Dark Web also facilitate collaboration and information sharing. Cybersecurity experts monitor exchanges where sophisticated adversaries often engage in discussions about hacking topics. By eavesdropping on these conversations, security analysts can gain insight into new and emerging threats.

Many organizations also use threat intelligence and mitigation platforms to monitor and analyze attacks. The intelligence gathered on the Dark Web allows them to defend against threats to their own assets and applications, and stay abreast of new vulnerabilities being sold in underground marketplaces. “The data helps brands learn when they are mentioned in a negative context — as in a vulnerability, hack attempt or leaked information,” Geva said.

Leveraging previously unindexed data on the Dark Web also helps fight money laundering by correlating bitcoin addresses with illegal activities. Security analysts can locate the places where illegal trade is happening as a means of luring the criminals into a trap.

Dark Analytics

While there are risks to enterprises attempting to garner unindexed data from the Dark Web, the benefits of anonymity allow them to extract previously untapped business, customer and operational insights by investigating unstructured and hidden or undigested data. In the same way that security companies monitor exchanges for threat intelligence, businesses leverage new search tools designed to help users target scientific research, activist data or even hobbyist threads.

Dark data can be discovered from a variety of sources, one of which is the Dark Web. Enterprises are learning to use this body of untapped data from multiple domains to drive business decisions. Still, according to Geva, they have no way of knowing who is collecting the data, who is using it or what it is being used for. That’s why it’s crucial for security leaders to understand who is using the Dark Web, why they are using it and how the data they find can affect the organization’s security posture.