Surface Web, Deep Web, and Dark Web

Learn here about the three parts of the Internet, what you can find in each of them and what risks you expose yourself to when you surf without taking the necessary measures and precautions.

Introduction

To speak of the Internet is to speak mainly of the global, decentralized computer network of millions of interconnected computers and devices that enable the exchange of information through a common language. 

Through the Internet, it is possible, among many other things, to transfer data, access many resources and services, and connect and maintain real-time communications with other people. 

For all these reasons, it has been said that this network has become a fundamental tool for today's society: not only has it changed the way we interact and communicate, but also the way we educate, learn, work, produce, and, of course, entertain ourselves. 

But beyond all the advantages offered by the Internet, we must not ignore the risks and threats it represents, for example, addiction to being connected, fraud, scams, identity theft, kidnapping, data theft and other cyber attacks, extortion, fake news, misleading advertising, as well as the sale and purchase of illegal products and services. 

With this in mind, it is important to know how the Internet is built, everything you can find in each of its parts, and what dangers or threats you can be exposed to when you surf the net without taking the necessary measures and precautions that is when you do not manage these types of risks. 

In this Pirani Academy ebook, you will learn about key terms such as Surface Web, Deep Web, and Dark Web, the characteristics they have, as well as the risks that can materialize, and good practices to manage and deal with them on the Internet so that you can better protect both your personal information and that of the organization.

Nueva llamada a la acción

What is the Surface Web?

The Internet is made up of three distinct parts or zones. The first is the Surface Web or Clearnet, the superficial or visible web that is publicly accessible and is, therefore, the best known. Many people compare it to the tip of an iceberg, what is above the water. 

This part contains all the information indexed by search engines that anyone can access from a traditional web browser such as Google Chrome, Safari, Microsoft Edge, Firefox, Yahoo, and Bing.

What's on the Surface Web?

On the surface of the Internet are public websites, social networks, email services, and images and videos that are freely available when you search. 

In other words, this first zone comprises all the sites commonly used to check the news, make online purchases, research a topic of interest, attend a webinar, entertain oneself, and much more. 

All of these types of sites are easily identified by registration operators such as .com and .org, and when you enter one of them, a server can identify the user's IP (Internet Protocol). 

On the other hand, it is important to remember that the Surface Web, according to experts, represents less than 5% of everything on the Internet. Although most of the content can be considered safe, this area is not free of threats, such as sites for phishing attacks or information theft. Therefore, it is important to know how to navigate safely and take precautions in this area of the Internet.

What is the Deep Web?

The second part or zone of the Internet is known as the Deep Web, Invisible Web, or Hidden Web, i.e., the Deep Web is invisible or hidden because it is below the surface, the known.

In this part, unlike the Surface Web, the content is not public, which means it is inaccessible through the commonly known search engines. Deep Websites are usually characterized by using passwords or other security features or simply telling search engines not to crawl or index them.

What's on the Deep Web?

The invisible or hidden zone of the Internet, which is quite large (more than 90%), there are all kinds of content, for example:

  • A paywall, i.e., protects traditional web pages, but access is restricted to users with a paid subscription.
  • Draft blog posts and web pages that are being redesigned and have yet to be public.
  • Dynamic pages that generate content specific to each user when consulting databases or performing online banking transactions. 
  • Academic journals, scholarly archives, and digital libraries.
  • Databases with public and private archives that are not connected to other parts of the Web.
  • Private cloud storage accounts include Google Drive, Microsoft OneDrive, Dropbox, Box, and iCloud. 
  • Managers used to manage websites.
  • Intranets are the internal networks of organizations or governments for communication and control of private and confidential information. 
  • Cartographic data, legal proceedings, government information, and, in general, any resource or content restricted to the public, both legal and illegal. 

It is worth noting that the Deep Web also provides confidentiality, identity protection, and online security for users such as journalists, activists, and social leaders who must remain hidden to protect their lives for various reasons. 

For all of the above, it is important to understand that in this second part of the Internet, the vast majority of content and information is benign or legal. Many of the sites here are hidden to protect the data and privacy of users, such as financial information, email communication, legal files, and health documentation (medical records). 

But within the Deep Web, there is also illegal content. This part is called the Dark Web.

What is the Dark Web?

The first thing you should know about the third part or zone of the Internet, the Dark Web, is that it is part of the Deep Web, so it is intentionally hidden from conventional search engines. In addition, it uses security measures such as firewalls and encryption. In the iceberg analogy, it would be the lower tip, which is more submerged. 

One of the main characteristics of the Dark Web is the use of masked IP addresses, and it is only possible to access this area through a special software or browser that gives access to Darknets: all those private and non-indexed networks that are used to maintain anonymity on the Internet.

What's on the Dark Web?

As mentioned, the dark web is made up of Darknets. One of the most popular is called TOR, which uses the registry operator or .onion domain; there is also I2P (.i2p), Freenet, and ZeroNet. 

Generally speaking, these Darknets make it possible to keep the user's activity anonymous and, theoretically, avoid being tracked. However, as in other areas of the Internet, there are also security risks when accessing them. 

According to cybersecurity and cybercrime prevention experts, those who make use of the Dark Web do so, among other reasons, to:

  • Ensure anonymity.
  • Navigate in sites that have a high probability of not being easily traced.
  • To carry out illicit activities. 

In line with this, the contents that can be found here are mostly of illegal activities, for example:

  • Sale and purchase of drugs.
  • Sale of conventional weapons and ammunition and even weapons of mass destruction (chemical).
  • Child pornography.
  • Cybercriminals steal credit card data through phishing attacks.
  • Organized cybercrime.
  • Sale of exotic animals.
  • Fake identity documents (passports, driver's licenses, and others).
  • Piracy (illegal downloading of music and multimedia content).
  • Hacker services. 
  • Disruptive or violent content.

In short, it is possible to find all kinds of criminal products or services on the Dark Web. 

However, this is not the only thing, as there is also a percentage of legal or legitimate content, such as academic information, books, reports, and research, as well as publications by journalists, activists, and human rights organizations seeking to avoid censorship and tell what is happening in their territories (conflict zones or where there is oppression by governments) without risking their lives. 

Risks in the Dark Web

Risks are in all parts or areas of the Internet. However, it is important to know and consider which ones can materialize when surfing the Dark Web, seeking anonymity and greater privacy.

risks-of-surfing-the-dark-web

1. Malicious software

Malware is one of the main risks when surfing the Dark Web. Indeed, according to Kaspersky Lab, a computer security company, "it is present and fully active throughout the dark web." 

On some portals in this area of the Internet, malware allows cybercriminals to carry out their attacks and infect unwary or careless users, as is often the case on the Surface Web. 

Some types of malware to which those who surf the Dark Web without being cautious or aware of what can happen may be exposed are:

Keylogger

In general terms, it consists of hardware or malicious software that tracks and records all the keys pressed on the computer without the user's knowledge. 

They are used to capture confidential information such as passwords, personal data, bank details, and emails, among others, to be exploited by third parties to commit crimes. 

Botnets or botnets

This is a set of computers or devices, called bots, that have been infected with a type of malware and are, therefore, under the control of an attacker who manages them remotely. 

Botnets or botnets can coordinate cyberattacks such as distributed denial of service (DDoS) or large-scale spam campaigns. 

Ransomware

This type of malware allows a cybercriminal to encrypt the information on the hard drive of a device or server, i.e., the user cannot access their files or stored data because a third party controls them. In other words, your data is hijacked, so the cybercriminal usually asks for a large amount of money to release it.

In conclusion, visiting sites on the dark web without implementing adequate precautions and security measures make the user highly vulnerable and more likely to be targeted by cyber attackers, who can easily access your information.


Create free account

 

2. Scams

In addition to cyber-attacks that can materialize through different types of malware, fraud, and scams are quite common on the Dark Web, which can occur in various forms, for example, when trying to buy a product or contract a service. 

As mentioned above, the dark web mainly hosts content related to illegal activities, so it lends itself to criminals offering a supposed product or service (weapons, data, human trafficking, hired assassins, and others) to defraud customers easily, who are usually willing to pay a high sum of money in exchange for what they are looking for. However, no one can guarantee they will receive what they paid for, which is often done through cryptocurrencies. 

Fraud and phishing scams are another way this risk can materialize in the Dark Web, where cybercriminals can create fake sites to steal users' identity and personal information to extort or sell it to third parties.

 

3. Linking to illegal activities

Being a user of the dark web is not illegal. However, being a part of the Internet quite widely used to facilitate all kinds of illegal activities, many websites here are continuously monitored and investigated by the authorities (governments, police, international bodies) to dismantle them and avoid perpetuating crimes. 

Therefore, visiting these websites and making any kind of request or transaction can link a person to a crime, since, in one way or another, he or she may be an accomplice to it. 

Similarly, investigators often infiltrate the Dark Web: a person could be visiting a page selling drugs, but in reality, it is a site that is controlled by an authority to find criminals and dismantle criminal networks. 

Like these, there are other latent risks on the dark web, such as being exposed to content that can be quite vulnerable, offensive, or violent for many users, which can negatively impact mental and emotional well-being. 

For all of the above reasons, before considering entering the Dark Web, cybersecurity experts recommend being aware of the risks and threats to which you may be exposed and answering key questions such as: is it necessary to do so? what is my objective? what am I looking for? how do I protect myself from its risks? among others.

Best practices for Internet risk management

Considering that the Internet, beyond being a medium that facilitates and enables many of the activities we perform every day, is also a medium with a large number of risks and potential threats, it is increasingly necessary to take precautions and manage their risks properly, thus preventing falling into the hands of cybercriminals and compromising personal and organizational information. 

In this sense, some recommended good practices that you should keep in mind for the prevention and management of risks on the Internet are:

1. Use security software.


It is essential to have an adequate antivirus program to help you detect, block, and eliminate viruses and, in general, any malware that could indicate a cyber attack. But it is not enough just to have it. It is also key to keep it updated to the latest version of your chosen program. 

 

2. Use strong and secure passwords.

Whether you access your personal or company email, your bank account, or any other website or application where you have an account, use strong and unique passwords.

That is, avoid having the same password for all your accounts, as well as including personal information (date of birth, child's or pet's name, neighborhood of residence, etc.) and use at least 8 characters between uppercase, lowercase, numbers and special characters such as dashes, dots, asterisks or others. 

In addition, it is advisable to have a password manager: it will not only help you remember them but also protect them. Some examples are 1Password, Google Password Manager, Microsoft Authenticator, NordPass, and Keeper.

 

3. Verify that you are in the right place.

This means that before logging in or leaving your data on a website, check that it is the page you want to access, that everything is correct in the URL, and that the connection is secure. 

Likewise, if you receive an email, text, or WhatsApp message with a suspicious link, do not click on it. Check the sender's data very well to avoid falling into phishing. 

 

4. Avoid connecting to public networks.

If possible, never connect to the Internet through a public WiFi network. Everything you do can be easily exposed to cyber criminals so that you can become one of their victims. 

If you need to use this type of network, do not use it to perform banking transactions or access private and sensitive information. 

 

5. Use secure browsers.

Whether you search the Surface Web or the Deep Web, do it through reliable browsers. You can enter the Deep Web, for example, through TOR or Whonix.

On the other hand, in the business environment, it is important:

  • Have well-defined internal security policies. It is important to socialize them with all employees, who must understand and comply with them in performing their duties. 
  • Give access to information only to those who are entitled to it. Depending on the characteristics of the information (private, restricted, or public), access should be granted to the different profiles of the organization. 
  • Periodically train personnel. Constant training and awareness-raising are key to achieving a culture of IT security in the company, which implies, for example, that all personnel make good use of the information to which they have access, use strong and secure passwords, do not share information with just anyone and report on time any suspicious activity or incident that may negatively affect the organization. 
  • Use a technological tool for information security risk management. Software such as Pirani's ISMS helps organizations easily manage the various security risks to which information assets are exposed. 

Among other functionalities, ISMS allows us to inventory assets, evaluate risks, create and qualify controls, have action plans, identify threats and vulnerabilities, and more. Relying on a tool like this is key for more efficient and effective risk management.

If you have questions and need more information about our management systems, you can schedule a meeting with one of our experts. You can also create your Pirani Free plan account and get started today.

Let's talk! 15 minutes to clear your doubts

Try Pirani for free

And learn how we can help you make risk management in your organization a simpler and more efficient process.

 

 

Create free account