Surface, deep, and dark web: What is it all about?The internet, as we all know it, is called "surface web" compared to the deep and the dark web. The surface web, also known as "visible" or "open" web, is formed by millions of indexed websites, including e-commerce platforms, which anyone can access through search engines such as Google. However, the surface web is just the tip of the iceberg and only contains a minimal fraction of all the content, databases, and servers on the deep web.
On the deep web, we can find all existing databases and non-indexed websites with massive amounts of protected data and files, both public and private, that are not freely accessible via the surface web. The "hidden" web also hosts companies and governmental agencies’ intranets, that is, internal networks that enable these organizations to communicate as well as save and manage their data. The deep web contains all domains necessary for the operation of the world wide web.
The dark web or darknet, in turn, is a relatively small portion of the deep web. It comprises non-indexed websites and platforms that, differently from the deep web, are mainly used to engage in illicit activities. Users must have special codes or credentials to access and use the websites. Domains are usually anonymized using powerful data encryption and protection tools to ensure that threat actors operating there cannot be identified and, therefore, brought to justice.
How is illegal e-commerce conducted on the darknet?The dark web hosts a myriad of marketplaces where users can buy and sell all kinds of prohibited goods and criminal services. 'Dark marketplaces' such as AlphaBay, ASAP (both these marketplaces shut down in 2023), Tor2door, DarkFox, and many others collectively hold hundreds of thousands of listings, a significant percentage of which are fraudulent, as they offer personal account logins, stolen identities, forged documents, and counterfeit money.
On these marketplaces, darknet vendors offer stolen passports in physical format, which could sell up to 4,000 U.S. dollars if it belongs to a Maltese citizen, or around 3,000 U.S. dollars if it is a European Union passport, such as from France, the Netherlands, Poland, or Lithuania. Other illegal digital products for sale include hacked social media accounts and social media followers, with a price tag as low as two dollars per 1,000 followers on Instagram or Twitch, credit card details, e-wallet and cryptocurrency verified accounts, and many other types of hacked accounts. The list of product offerings on the dark web goes on indefinitely.
Threats also lurk on the open and the deep webMajor e-commerce platforms, including some of the highest-grossing companies in the world, make the perfect target for threat actors operating in all parts of the web. One of the strategies fraudsters use to profit from the good name of legitimate online retailers and marketplaces is known as "domain spoofing". It consists of creating a website resembling that of some of the most established brands in the market, mimicking their domains, to harvest access details from unknowing customers. Chinese platforms Taobao and Alibaba were found to be among the most impersonated e-commerce domains in the world, with almost 5,000 fake websites each.
To operate, e-commerce companies store their databases and intranets on the deep web. Hackers may find vulnerabilities in these repositories and illegally retrieve private data, such as admin logins, to exploit themselves or sell on the dark web. Companies such as Wayfair or Aliexpress have had over 4,000 employee credentials compromised on the deep web as of late 2022. By tracking deep web mentions of their brand, e-commerce companies can monitor interest from dark agents in hacker forums and implement counteracting measures to prevent future data leaks and other cybersecurity threats.