What is the dark web and how does it work in 2024? The dark web is part of the internet that exists beyond the reach of conventional search engines. While it has gained notoriety for illicit activities, the dark web also serves legitimate purposes for those seeking privacy and anonymity online. Whether for criminal purposes or privacy, usage of the dark web is increasing. In April of 2023 there were about 2.7 million daily visitors to the dark web, and research shows that 56.8% of the content on the dark web is illegal in some way. So, let’s take a tour of some of the important things to know about the dark web.
Please note that the dark web is NOT safe, and you can get malware just by visiting some sites on the dark web. We recommend that you do NOT use the dark web unless you are in a sandboxed environment.
Uses of the Dark Web
Before we dive into how the dark web works, let’s look at WHY people use the dark web. It’s not always for illegal activities. The anonymity of the dark web attracts both legitimate and criminal users. Some legal uses include:
- Secure communication for journalists and whistleblowers
- Circumventing censorship in oppressive regimes
- Privacy-focused social networks and forums
- Academic and research databases
However, the dark web is also known for hosting illegal marketplaces and services such as:
- Ransomware and extortion sites
- Drug and weapons sales
- Stolen data and login credentials
- Counterfeit currency and documents
- Hacking tools and services
- Law enforcement agencies actively work to shut down criminal operations on the dark web, but the anonymous nature of the network makes this challenging.
What is the Dark Web and How Does It Work?
The dark web refers to encrypted online content that is not indexed by standard search engines and requires a special browser. The dark web makes up a small portion of the deep web, which is any part of the internet not accessible through search engines like Google, and contains things like cloud storage, email systems, and medical records. Some key characteristics of the dark web include:
• It uses encryption to hide user identities and locations
• Websites have .onion domain extensions instead of .com, .org, etc.
• It requires specific software like the Tor browser for access
• Content is not indexed by search engines
• Sites and services frequently change addresses
Now, let’s address the “how it works” portion of the question.
The dark web functions by using a technology called onion routing to obscure the source and destination of internet traffic. You travel a “circuit,” which is a path through the network that consists of a:
1. Guard node: Node “A” below is the entrance computer that is a trusted source and must be authorized.
2. Middle node: Node “B” below is a node that can’t talk directly to the source or destination.
3. Exit node: Node “C” is the last stop before your destination.
Image 1: Graphic of a dark web circuit using onion routing.
This process makes it extremely difficult to trace the original user or their location. The encryption and routing provide anonymity for both visitors and website operators on the dark web. For more information on how encryption works, watch our video on the difference between public and private key encryption.
Accessing the Dark Web
As we mentioned earlier, you need special software like the Tor browser to access the dark web. But how do you know where to go when the dark web does not have reliable search engines? Because dark web sites can go live and offline very quickly, you need a regularly updated guide. You can connect to the dark web by using a clear web (regular internet site) like Tor.taxi that provides a list of current popular sites (you would then access the site in the Tor browser) and can alert you to active scams. Here’s a screen shot of Tor.taxi:
Image 2: Screenshot of the Tor.taxi guide.
You will also want to consider navigation advice from sites like Dread, which is a dark web forum like Reddit that features news and discussions around darknet markets. As you can see in the screenshot below, it offers a wide array of topics, and a forum with links to current dark web marketplaces.
Image 3: Screenshot of Dread dark web forum.
Once you have accessed a market, you will find ads for everything from guns to stolen credentials and data. Here is an example of a listing for a full stolen profile: 
Image 4: Dark web marketplace listing selling full information profile.
You can also see how inexpensive it is to buy malware and hacking tools on the dark web. In the image below, you can see that a criminal can acquire an untraceable information harvesting program for only $10. 
Image 5: Dark web marketplace listing for an information harvester.
Here’s another ad for a Remote Access Trojan malware program for only $45. 
Image 6: Dark web marketplace listing for RAT malware.
How do criminals buy with confidence? Much like on the clear web marketplaces, most dark web marketplaces have seller ratings and reviews to help them select reliable vendors with high-quality (if illegal) products.
The Rise of Evil AI
What is the biggest change in the dark web? Just like the clear web, it’s the arrival of generative AI. Dark web AI platforms are making it easier for criminals to plan and launch cyberattacks. Just like you have ChatGPT for the clear web, for $100 you can get a membership to an evil AI, with no guardrails, that can write malware, ransomware, high-quality phishing emails, and more. It will also give you detailed instructions and advice on how to plan and execute these criminal attacks. Check out the screenshot below for an example of the WormGPT on the dark web. 
Image 7: The evil AI WormGPT.
How to Avoid Being a Listing on Dark Web Ransomware and Extortion Sites
To avoid becoming a target of cyber threats originating from the dark web, it’s essential to take proactive security measures. While the dark web is often a planning ground for cybercriminals before an attack and a marketplace for your stolen data, the actual attacks occur on your infrastructure. Therefore, focusing on protecting your organization’s environment is crucial. The top strategies include:
- Penetration testing. Ethical hackers test your network's defenses for security gaps and vulnerabilities.
- EDR and XDR. Detection and response software to protect your endpoints.
- Continuous vulnerability scanning. Automated software that helps you catch zero-day vulnerabilities, missed patches, and more.
- Cloud and M365 configuration reviews. Small configuration errors can cause large security gaps. Configuration reviews identify and correct these errors.
- Good cyber-hygiene.
- Enable phishing-resistant MFA whenever available.
- Use a strong password manager or passwordless authentication solutions.
- Train all employees of the basics of cybersecurity.
The Future of the Dark Web
As technology evolves, so too will the dark web. Law enforcement is becoming more adept at infiltrating criminal networks, while privacy advocates push for stronger protections. Some key trends to watch include:
- Increased use of cryptocurrencies for anonymous transactions
- More sophisticated encryption and anonymity tools
- Growth of decentralized marketplaces
- Ongoing law enforcement activities targeting cybercrime
- Potential regulation of encryption and anonymity technologies
The Dark Web in Context
It's important to understand that the dark web makes up only a tiny fraction of the internet. While it does enable some criminal activity, it also plays a vital role in protecting privacy and free speech online. As with any technology, the impact of the dark web ultimately depends on how it is used. Remember, accessing the dark web is NOT safe. If you choose to access it, you should do so from a sandboxed computer with strong security controls.
We hope you found this information on how the dark web works helpful. If your organization needs help with proactive security such as technical testing, advisory and compliance services, cybersecurity solutions, and training, please contact us. We’re ready to help!
This blog is distributed with the permission of LMG Security.
ABOUT LMG SECURITY
LMG Security is a full-service cybersecurity firm, providing one stop shopping for a wide array of cybersecurity services. Whether you need virtual CISO or regulatory compliance consulting services, testing, solution integration, training or one of our many other services – our expert team has you covered. Our team of recognized cybersecurity experts have been covered on the Today Show and NBC News, as well as quoted in the New York Times, Wall Street Journal, and many other publications. In addition to online cybersecurity training, LMG Security provides world-class cybersecurity services to a diverse client base located around the United States and internationally.
