Who Is

watching out for you?

In today's world you need to understand a few more things...

Who Is

knocking on your virtual front door?

It could be someone down the block or from the Bloc

What’s the state of the Deep and Dark Webs?

Christopher Budd, Trend Micro

2-July-2015 Two years of researching the Deep and Dark Webs.


The Surface Web is what we live in every day – the Google Web.

The Deep Web is the totality of websites that you cannot access thru standard means. Websites that are non-traditional domains, on the Onion network. The Deep Web is not inherently anonymous. The Dark Web, which is a subset of the Deep Web, is.

“Within the Deep Web we talk about the Dark Web or the DarkNet, sites only available thru anonymizing capabilities such as Tor,” said Christopher Budd, Global Threat Communications Manager, Trend Micro. “Our Forward Threat Group built a tool they call the Deep Web Analyzer. It essentially takes a census of what it can find on there. This is a good contrast with other reports on the Deep or Dark web, because our folks spent two years systematically scouring to see what’s actually there.”

The Trend Micro scanner has found links that go back to the Surface Web. Not surprisingly these are sites typically associated with malware and malware infection. Over 25% of links from the Deep Web to the Surface Web involve child exploitation.

“The paper reports findings, some of what validates the more dilettantish stories,” Budd said. “You can find drugs, guns and money. And activists who are trying to stay ahead of oppressive authorities, by meeting and sharing information anonymously.”

The report also mentions Silk Road* marketplace.

“Taking down a marketplace has negligible impact, because another one springs up” Budd said. “So long as there is demand, another supplier will happily step in. Pretty much anything is for sale on the black market. Some of the things we’re finding is you’ve a version of the Internet that is outside of the controls we’ve come to expect. For example, language is a bit of a throwback to the Wild Wild West.”

Other research indicates the Deep Web is used with malware. Versions of CryptoLocker are using Tor and ransomware, instructing people to make their payments to sites in the Deep Web. They provide instructions on how to download a browser that connects to the Deep Web. Essentially bad guys can direct unsophisticated users how to make payments on the Deep Web.

“Three years ago you had to be a security expert to get on there,” said Budd. “Now more and more people can get on it, thanks to new, easily used tools. Journalists in oppressive regimes use anonymity for protection.”

Online crime is business. Like any business it evolves and borrows techniques and capabilities from professional software development. You can rent services and buy services that come with support. You pay for an exploit kit to deliver malware and if you’re having trouble with it, contact Tech Support.

“The key thing is the Deep Web is being integrated into cybercrime and malware,” Budd said. “It throws up roadblocks to law enforcement by taking the threat actors out of the picture.”

Trend Micro researchers are preparing reports every few weeks on cybercrime and the Internet. They have learned English is the most common language of Dark Web sites. And there are more Russian URLs on the Dark Web than any other.

“I don’t think anyone has done what we have as far as being systematic and comprehensive, to get arms around this thing,” said Budd. “We’re the last generation that can remember what life was like before the Internet. Similar to how my grandparents talk about long distance phone calls.”


*Eager to punish anyone who dares to conduct business without reporting every tiny detail to them, USA authorities spent untold amounts of time, money and human resources from multiple agencies to track down those involved. After a blatantly unfair trial the alleged Silk Road founder received life in prison without parole.