Exploring The Depths Of The Dark Web

Adam Darrah, Director of Threat Intelligence Services at ZeroFox, shares his insights on the dark web and why organizations should be monitoring its depths.

Article thumbnail image

Did you know that less than 5% of the total internet is commonly accessible and visible for everyone? That’s what we call the “surface web”, and it’s what most of us might use to carry out our everyday tasks. 

But what about that other 95%? 

Google the term “dark web”, and you’ll be met with a series of iceberg-related images and analogies. And they all go a little something like this: 

  • The surface web is the tip of the iceberg—it’s where public-facing, freely accessible sites live, and those that can be located and accessed via search engines like Google
  • The deep web is everything below the surface of the water, and is estimated to account for 90% of the internet—it contains pages that aren’t publicly accessible or indexed by search engines, including databases, intranets, and more
  • The dark web is a small component of the deep web—it sits at the bottom of the iceberg, where sites can only be accessed using specialized software and browsers

But what’s really lurking in the depths of the dark web?

We spoke with Adam Darrah, Director of Threat Intelligence Services at ZeroFox, to find out more about what the dark web really is, why people might access it, and how keeping an eye on dark web activity can ultimately benefit organizations.

Darrah spent eight years as an intelligence analyst with the United States federal government, advising on a variety of security priorities that affected foreign policy decision making. He went on to join Vigilante in 2019, and now brings this extensive knowledge and experience to his role as Director of Intelligence at ZeroFox.

ZeroFox leverages both artificial and human intelligence to provide protection and recon services for organizations around the globe. This includes brand reputation protection, contextual insights, and takedown services, as well as external threat intelligence.

“It’s a lethal combination,” Darrah tells us. “You’ve got the tech, you’ve got the social media monitoring, you’ve got external threat intel coming in from the deep and dark web.”

But what really is the dark web, and why might someone want to access it?

The Dark Web Is For Everyone

Rhetoric around the dark web is paved by misconceptions. 

“When you say ‘dark web’, people freak out,” Darrah says. “They think everything’s drugs, human exploitation, body parts.

“But in fact, the dark web is a worldwide network of privacy advocates. It’s an ecosystem where you can go and enjoy more privacy than when using the surface web.”

Darrah explains that privacy is one of the key reasons why someone might want to access the internet via the dark web. For example, when using Google, Darrah tells us, we legally give organizations permission to monitor and store our data and browsing habits. This can be “very intimate”, he adds, “where you go when no one’s watching.”

The dark web enables people who might be uncomfortable with that to reduce their digital footprint and enjoy a more anonymous presence online. “The dark web is simply an ecosystem that provides the user a much more sophisticated possibility to remain—well, not anonymous—but retain their privacy.”

“If you want to minimize your digital footprint, the dark web is an acceptable place to be. You’re not breaking the law. You’re not circumventing some Geneva Convention. And it’s not scary—you’re not going to get a pop-up ad saying ‘give me your organs!’

“It’s just a bit like using the internet in the late nineties—it’s a litter slower because it bounces around a lot. And if you try to go to normal websites, you’ll definitely get challenged more because they’ll be like ‘ah, this is a known Tor node!’

“The dark web is for everyone, really. I’m wearing a polo shirt. I’ve got three kids, for crying out loud! I’m a normie!” 

Privacy Can Be Abused On The Dark Web

With increased privacy comes numerous benefits for users concerned about advertisers collecting their data. But alongside that comes the potential for users to abuse this higher level of anonymity.

“There are small corners of the deep and dark web—the dark web especially—that obviously are disgusting,” Darrah says. He likens the dark web to a city—in certain neighborhoods, there’s no reason for the everyday individual, who values law and order, to be there. But that doesn’t mean the city as a whole is unsafe.

We should also emphasize that these are small areas. In fact, a recent study suggests that on an average day, less than 7% of users are likely to use The Onion Router—or, Tor—to access the dark web for “malicious purposes”.

But it’s the skepticism and mystique around the dark web that gives organizations blind spots, with regards to their security defenses. 

“A lot of organizations are scared to death of it—and dark web actors know that,” Darrah says.

“These bad actors know that most companies don’t have a large presence on the dark web and that their identity is much more protected there than on the surface web. There are less safeguards in place, less checks and balances, and these underground forums and markets allow you to become anyone you want. You’re protected by the nature of the ecosystem—that’s very appealing to them.” 

It’s because of this anonymity, this level of protection, that bad actors might feel more comfortable in targeting organizations and overtly engaging in more suspicious activity. 

So, while the dark web is an ecosystem offering enhanced anonymity for privacy-conscious individuals, we should acknowledge that there’s always the threat of this being abused for malicious intent. 

And if your organization doesn’t have someone on the dark web to be your eyes and ears, could you unknowingly be their next target?

Knowing What’s Out There

During the first half of 2021, ZeroFox Threat Research noted a 50% increase in ransomware attacks, as well as the emergence of new groups and increased operations in others. 

The threat landscape is certainly evolving as time goes on—so how can organizations better protect themselves against targeted attacks? Does having access to the right intel at the right time play a part in this? And can having a presence on the dark web benefit organizations? 

According to Darrah, listening out on the dark web for whispers surrounding your industry or location and keeping an eye on what’s going on in these underground communities can help you prepare for a potential attack. 

“When you have eyes and ears in some of these places, you have access to these data brokers that like to tell people ‘Hey, ransomware guys, I’ve got access to this company that’s based in Norway that has an annual revenue of $1.2 billion. Anybody interested?’”

With that information, you can assess your risk of attack and start putting in place the necessary measures to mitigate this risk. You might also be able to tip off clients and organizations you know in those industries and locations, to let them know they might be vulnerable.

“It’s definitely an advantage over the adversary—and a very gifted adversary at that! You definitely don’t want to pick a fight with a ransomware group.”

Knowing How Not To Stand Out

But while the dark web is for everyone, gaining access to the right information can be tricky.

Reputation is everything when it comes to navigating the dark web and finding information that’s both useful and accurate. And while you might think you blend in, these forums and communities can spot suspicious behavior—especially law enforcement—from a mile away, according to Darrah. 

“These communities are very sharp—and they’re very keen on staying low key,” Darrah says. “And there’s decorum. There are rules that are enforced by the collective in these underground communities.

“Reputational currency is almost of the same value as monetary currency. And so, one of the ways to flex that reputation in forums is to tell people what you know.

“But, if you’re coming in there throwing your weight around and asking really direct, silly questions, people aren’t going to talk to you. They’re not going to tell you things that are accurate. They’ll flag you as somebody suspicious and get you banned.”

Darrah advises that to get more informative answers and better intelligence from these underground communities, partnering with an experienced third party can help.

“Why not get somebody that speaks the language and can get you the best information? It’s good to have a friend that has a friend, and that can help you out and show you around.

“At ZeroFox, we’re in some closed forums and groups, and we have native language capabilities around the world that mean we can not only linguistically blend in, but culturally, as well.

“We have experience being out there. We know how to act. We know how to blend in, and which clothes to wear based on the neighborhood you’re in. We know how not to stand out. And we know which questions not to ask.” 

Darrah’s Advice For Organizations

“There’s a saying in Washington DC,” Darrah says, “that goes: ‘There’s no such thing as an intelligence success—there’s only good policy.’ Because, you know, obviously it wasn’t the intel that saved the day!”

Darrah’s advice to organizations currently struggling to contextualize the threats that might be facing their organizations on the dark web is to “just think about it. Put it to the test! And trust your security people. They’re very gifted, and they care about your reputation and systems. Give them the bandwidth to try out a vendor—or even, have them try out looking around themselves on the dark web. 

“Just put it to the test and see what happens.”

Thanks to Adam Darrah for participating in this interview. If you’d like to learn more about the ZeroFox platform and how it works, visit their website here: