What is the difference between the Surface Web, The Deep Web and the Dark Web?

Surface Web, Deep Web, Dark Web

These three terms are often a source of confusion, especially in connection with cybercrime and where that comes from.

If you think that search engines like Google (there are more!) know about everything on the internet, you'd be wrong. Some stats from from Worldwidewebsize.com show at the start of November 2017, search engines have indexed at around 4.57 billion pages .

The section of the internet that is being indexed by search engines is known as the “Surface Web” or “Visible Web”. Now, 4.5 billion pages is a lot, but you'd be surprised to know that in reality it's only 10 percent of the whole web. It's the "surf" of the ocean of the whole internet. The reason search engines can see the surface web is through their web crawlers that read the website data, index it, and follow the links. So, what is the 90% that lies under the surface?

How is the Deep Web different from the Surface Web?

The main difference is that the Surface Web can be indexed, but the Deep Web cannot. You can still access it though. You yourself spend a lot of time in the Deep Web, but you probably do not know it. Deep web site examples are:

  • Websites you can only get in with a username and password, like email and cloud service accounts, banking sites, and even subscription-based online media restricted by paywalls
  • Companies’ internal networks and various databases
  • Education and certain government-related pages
  • Dynamic content, coming from a database where the page you see was displayed as a result of a query you put into that page's search box or a form (Crawlers can’t do these things.)

Note that bits and pieces of the data out of the Deep Web may be picked up by search engines in the case of a data breach or targeted attack.

And how is the Dark Web different from the Deep Web?

At the moment, the Dark Web is defined as a layer of information and pages that you can only get access to through so-called "overlay networks", which run on top of the normal internet and obscure access. You need special software to access the Dark Web because a lot of it is encrypted, and most of the dark web pages are hosted anonymously.

There are several tools used for reaching these parts of the internet. The TOR (The Onion Router) maintains the most popular tool for Dark Web access. Their primary product is the Tor browser. If you think you are completely anonymous though, think again. Law enforcement routinely shuts down and prosecutes sites and people doing illegal things on the Dark Web.

On the Tor network, internet traffic is directed through the network of random relays. The browser builds a route of encrypted connections, one-by-one. Each relay knows only the previous and the next relays, but full connection route stays almost untraceable. The Multiple layers of encryption resemble the structure of an onion.

Why is the Dark Web looked at as a Safe Haven for Internet Crime?

Greater anonymity allows cyber criminals to do their thing, and the rise of the Bitcoin cryptocurrency which allows incognito payments, has also contributed to illegal trade.

According to article “Cryptolitik and Dark Net”, published by Thomas Rid and Daniel Moore (King’s College London), out of 2723 active sites found on Tor Dark web during several weeks, 1547 or 56.8 percent contained illicit material of some kind.

Dar Net Site Categories

It turns out that a majority of cybercriminals, selling everything from compromised personal and financial data to drugs and hacking tools, constitute over half of Dark Web contents.

The Dark Web is a very convenient venue for cybercrime's underground economy, but you see their social engineering attacks as spear phishing emails in your inbox, and on compromised websites in the Surface Web.

So now you know the difference between the Surface, Deep, and Dark Web!

What is your organization's actual social engineering attack surface? 

We have something super cool for everyone, customers and non-customers both, and there is no cost.

Many of the emails addresses and identities of your organization are exposed on the Surface Web and easy to find for cybercriminals. With that email attack surface, they can launch social engineering, spear phishing and ransomware attacks on your organization.

Our NEW Email Exposure Check Pro goes even further to identify the at-risk users in your organization by crawling business social media information and scouring hundreds of breach databases, many of them in the Dark Web. This is done in two stages:

First Stage: Does deep web searches to find any publicly available organizational data. This will show you what your organizational structure looks like to an attacker, which they can use to craft targeted spear phishing attacks.

Second Stage: Finds any users that have had their account information exposed in any of several hundred breaches, using Have I Been Pwned. These users are particularly at-risk because an attacker knows more about that user, up to and including their actual passwords!

Your EEC Pro Reports: We will email you back a summary report PDF of the number of exposed emails, identities and risk levels found. You will also get a link to the full detailed report of actual users found, including breach name and if a password was exposed.

This is so important that even if you already ran your one-time no-charge legacy EEC, you are eligible to try the new Pro version. Run your complimentary one-time Email Exposure Check Pro here. Results come back in a few minutes:

Get Your Free Report

PS: Don't like to click on redirected buttons? Copy/Paste this in your browser:


Grateful acknowledgement to George Paliy.




Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews