Shining Some Light on the Dark Web

Manoj Pandey*

The dark web creates different types of images among people, based on their broad understanding of how internet and World Wide Web work. The name itself conjures up pictures of something dark, shady, like the spider web at a dark corner waiting to snare an insect. The reality is not too far from such a stereotype, but a bigger devil lies in the details. This article is an attempt to look at the devil with a dispassionate eye. 

Before we try to explore the dark web, let us be clear about some related terms so that we are on the same page.

Explaining commonly used expressions

  • Surface web: The part of the World Wide Web that can be indexed and searched by search engines. 
  • Deep web: The part of the World Wide Web that is not visible to search engines because they cannot crawl such websites/webpages and index them into their databases. Websites behind passwords, private forums, online banking, encrypted messaging, videos behind paywalls, and the dark web entities are some examples of the deep web. 
  • Dark web: A small part of the deep web, which cannot be accessed using search engines as well as common methods of accessing the web content. Anonymity technologies have to be used for creating content on the dark web and accessing it.   
  • Darknet: Digital network in which users make use of internet but can share content in a way that it becomes very difficult to be detected. Users are mostly anonymous, and access needs special authorization. Though some darknets (e.g. private, password-protected networks) may be publicly known, darknets serve the purpose of the dark web and are therefore its communication backbone.
  • Onion: The common domain for websites on the dark web, which can be surfed with Tor browser. So, we have websites such as and on the surface web, but websites on the dark web have URLs like example.onion.
  • Tor (=The Onion Router): A software that allows users to surf the web and dark web anonymously. Tor browser is the most popular web browser that uses the routing (=visiting a website through a circuitous route) technology.
  • Cryptocurrency: A digital currency that is not issued by a central bank but is maintained through distributed ledger technologies (e.g. blockchain). The coin, the currency in a cryptocurrency system (e.g. Bitcoin), is a piece of data that is used for monetary exchanges. Since there is no central agency to maintain record of transactions, it becomes very difficult to track money exchanges and users.

The beginning of the dark web

Much of human communication happens in private. That applies to online communication and other types of exchanges. Banking transactions, emails and encrypted messaging on WhatsApp are some common examples of online exchanges of confidential type. In such exchanges, the people or organizations taking online actions and the types of actions are not hidden beyond a point; specific messages or transactions are encrypted for legitimate purposes. These online activities are carried out through normal internet. 

Privacy was a concern from the day digital communication began, even before the arrival of the internet. Many early networks were private, and it is likely that some of these were being used for anti-social and criminal purposes. It is known that illicit drugs were being discussed on bulletin boards and forums even as early as 1980s. In the following years, part of such discussion moved to the internet, and secrecy was enforced using private networks and password-protected websites. 

As the internet was an open network that could be easily tracked, it was used by drug peddlers for sharing information rather than transactions. In the 2000s, cyber-attacking and carding (=unauthorized use of credit/ debit cards) also became popular subjects of discussion on the net. If the desperadoes were yet, learning the tricks of online trade, policing agencies of most countries were even more ignorant and incapable of tracking and neutralising them online. 

In the mid-1990s, a concept called onion routing had originated. What it meant was that like an onion with multiple layers, data could be made to travel through layers, each layer adding anonymity to the source of the data. In actual operation, data was routed through different servers and was encrypted at each step. Thus arose Tor or The Onion Routing

In 2002, a project funded by the US Naval Research Laboratory came out with Tor code with the aim of developing a network for safer communication with intelligence sources around the world. It was soon released under a free and open software licence. A not-for-profit entity, The Tor Project, now works for evolution of Tor and maintains the Tor browser. 

The lofty purpose of the dark web and its dark, shady side

The development of Tor as well the existence of Tor Project have a noble purpose behind them: secure communication, either for defence purposes or for securing digital rights of people. On its website, Tor Project flaunts its contribution towards hiding activists’ identities and their access to blocked resources during The Arab Spring and for facilitating Snowden’s exposes. It also says, “We… fight every day for everyone to have private access to an uncensored internet, and Tor has become the world’s strongest tool for privacy and freedom online.”

Anybody can make use of the anonymity and privacy protection by downloading the Tor browser and doing their online activities on it. Using this browser, one can visit standard web pages as well as those on the dark web, with a very low risk of being tracked by surveillance agencies and others. One can browse sites with suffix .onion only by using the Tor browser.

There are other anonymity networks, the most popular (after Tor) being I2P and Freenet. I2P (Invisible Internet Project) allows peer-to-peer sharing of information in a completely anonymous environment. Freenet allows people to anonymously share files, browse and make websites that can be accessed only through Freenet software.

There are many other ways to ensure anonymity and privacy while using computers, not all of them using internet. For example, Tails is a portable operating system that can be carried on a USB drive. It allows the user to make all computer operations anonymously, and leaves no trace of activity on the host computer. Such software are dark in the sense that they provide anonymity and privacy,but may not be considered dark web when internet is not used for primary networking. 

A number of activists, corporates and governments keep their accounts on the dark web for secret communication. dark web is also popular among investigative journalists and whistle-blowers. The dark web keeps communication going when oppressive rulers, mafia or enemy agencies want to track people down. Some people are believed to be using the dark web routinely to be safe from fraudsters and to avoid their personal data going in the hands of corporates or government agencies. 

Hacktivists (=hacking activists) are supposed to be quite active on the dark web. These people try to hack websites of organizations or governments which they consider oppressive, illegitimate, or harmful to common people or the society. Ethical hackers, the ones who help agencies break into illegal and anti-social networks and entities on the web, are also active on the dark web.    

Interestingly, a good number of young people visit the dark web to learn and share new technologies that are not available on the surface web. Patented and secret technologies, and cracked software (=whose password or licence key has been broken open), are reported to be available on the dark web, often free.

Agencies and experts in law enforcement, intelligence and cybersecurity also have presence in the dark web. It is believed that major intelligence agencies have deeply penetrated darknets with assumed identities. American and European agencies and Interpol have been able to close many networks (some mentioned later) by compromising criminal networks and e-marketplaces on the dark web.  

A number of cybersecurity firms now regularly monitor the dark web and provide dark web related services (e.g. early warning about data theft) to corporate and other high profile clients. They also are present on the dark web, overtly and covertly.

But beyond legitimate reasons for being on the dark web, much of this space is infested with criminal minds, so much so that many people take the dark web to be inherently nefarious. The dark web is still very small, consisting of about two lakh servers, but that should be no consolation because (a) it is growing at an exponential rate, and (b) it has become the breeding ground for organized crime, and its harm-potential is growing by the day. 

There are three basic reasons shady operators are on the dark web:

  • Information: For exchanging information and know-how on illegal activities.
  • Transaction: For sale and purchase of illegal/ illicit goods and services.
  • Action: For committing or hiring out crimes. 

These are the main illegal/ illicit activities prevalent on the dark web:

  • Trade in narcotic drugs and poisons
  • Trade in arms and ammunitions 
  • Organ trade
  • Trade in wildlife
  • Counterfeit currency trade
  • Crime services such as assassination on hire
  • Trade in stolen, hacked data (e.g. personal details, bank details, passwords, card data)
  • Trade in anonymous SIM cards, phished credit cards, fake passports, fake degrees, and other duplicated or fake IDs
  • Trade in malware (e.g. viruses, trojans, ransomware)
  • Hacking and cyber-attacks services
  • Human trafficking
  • Child pornography
  • Extortion
  • Terrorism

The dark web is also full of scams: defrauding the fraudsters. Because there is no law and no monitoring authority, people sell fake data or sell codes that do not work. Some big scams have taken place on the dark web in recent years. Big e-marketplaces on the dark web also have a system of customer feedback to flag scammers, but in absence of any set protocol, people get fleeced. In a couple of known big scams, sellers and transaction managers disappeared with millions of dollars without shipping merchandise to buyers.

Shady activities on the dark web have a cyclical pattern: These go down when there is a major crackdown by authorities or an internal scam takes place. Soon, new entities arise and the activities again shoot up. 

How big is the dark web?

It is not possible to precisely estimate the size of the dark web in terms of the numbers of websites present, services offered and users. Similarly, the size of entities and value of transactions are difficult to estimate. Let me share some available estimates; be aware that some of these estimates may be far off the reality.

  • The consensus estimate from tech monitoring sources about the size of the dark web is that it could be no bigger than 5 percent of the total web. (Compare that to the web we know that is open to all and is not protected by passwords, etc. – the surface web – is just about 4 percent!)
  • In 2021, Tor browser is supposed to have about 2 million active users. 
  • A 2017 scan of the dark web using .onion sites found that out of the services available on the dark web, only about 15 percent were operational. Of course, that scan was done after closure of two major services that year.
  • It is estimated that Russians make the biggest chunk of Tor users, followed by Americans, Iranians and Germans. A 2019 study found over 30% of North Americans regularly accessing the dark web. In a 2019 sample survey by Statista, Indians were found to be on top in the use of technologies for surfing the dark web.
  • Most of Tor usage, in terms of number of users, is supposed to be for avoiding surveillance.
  • There are about a lakh servers connected to the dark web.  
  • More than two-third of dark web users are male. Persons aged 18-35 years make about two-thirds of users.
  • In 2020, 22 billion new records were added to the dark web.  Most of them were fake, unreliable, obsolete or of little value.
  • About a fifth of the dark web is being used for avoiding surveillance, sharing and learning technology, and other non-illicit purposes.
  • The dark web is supposed to harbour about 50 thousand terror groups. 
  • There were about 2400 sellers and 5 lakh users on the top dark web e-marketplace before it was closed recently. There are many such, but smaller, markets on the dark web.   
  • The most traded items on the dark web include illicit drugs and chemicals, followed by weapons, malware, and products and services for hacking.
  • The dark web activity is supposed to be growing at an exponential rate, and in 2021 has become four times of what it was three years ago. 

E-commerce on the dark web

The dark web may not look big in other terms, but it is really big in terms of trade in harmful and dangerous merchandise and services. 

Trade in illicit drugs on the dark web is reported to have started by the end of the twentieth century. In 2006, e-commerce took firm roots in the dark web, with the establishment of The Farmer’s Market. This marketplace turned huge over the years, and drugs remained the main commodity traded. It had to close shop in 2012 after a crackdown by the US drug enforcement agency. It was easier to track and capture its sellers and buyers because commercial transactions had to be made through open ways such as PayPal. 

In 2011, Silk Road was opened as an e-commerce marketplace, with features comparable with over-ground marketplaces such as Amazon and Flipkart. As Bitcoin was used for transactions, it became much more difficult for the authorities to track transactions and through them the users. It was finally taken down two years later by the US authorities, but by then it had established a strong template for e-commerce, and showed to the potential customers the promise of the dark web. 

A large number of new transactional sites opened and are still opening, and with more sophisticated tools for anonymization (=making oneself untraceable) and rapid adoption of cryptocurrencies in recent years. 

In 2021, after a multi-agency operation, DarkMarket, the largest illegal e-marketplace on the dark web, was taken down. It had 2400 sellers and nearly 5 lakh users. All kinds of drugs, counterfeit money, stolen or counterfeit credit card details, anonymous SIM cards and malware were traded on DarkMarket. Before that, flourishing e-markets such as AlphaBay, Hansa and Wall Street Market had been closed down, but thanks to the resilience of the dark web, new marketplaces arose quickly.

Let me give a glimpse of data leaks and hacks, and how they are traded on the dark web:

  • In May this year, AllWorldCards website placed data of about one million credit cards free on the dark web.  
  • It is reported that card details of 100 million users from Juspay servers were stolen over many years and were being sold for an undisclosed amount through 2020-21.
  • A media report earlier this year says, details of over 330 thousand cryptocurrency users of a particular exchange were available on the dark web.  
  • Indians’ hacked data being sold on the dark web includes compromise of servers of Air India (for many years up to February 2021). In 2020, personal data of 2.9 crore (29 million) Indian jobseekers was available on the dark web. Data from server leaks of Dominos India was reported to be sold in May 2021 for Rs. 45 million. 
  • As part of an international operation, the India’s Narcotics Control Board (NCB) arrested a drug mafia in June 2021. It was revealed that criminals were using the dark web extensively for running the racket, and the kingpin was active on a number of e-markets on the dark web. NCB has also confirmed the use of bitcoins for transactions in illicit drugs. 

Let me also give you some figures to show how easily and cheaply the products and services related to cyber-attack are being transacted on the dark web markets:

Cyberattacks and malware are supposed to be the highest traded digital items on the dark web.  

  • A 2020 study found that government issued IDs, cyberattack services, exploitative kits, data leaks and customized all-in-one packages were the main categories of items transacted on dark web markets. 
  • Services, software and data are available on the dark web at incredibly low rates. For example, in 2020, cyberattack services were available from as low as $45 a day, a ransomware kit could be had at $9, payment fraud software sold even at $10, and a US bank log was available at $25. 
  • It is reported that one can get an all-in-one package consisting of online banking login details, high quality US driving licence, hacked Facebook account, stolen credit card details and a national ID card for about a thousand dollars. 

Recent trends

Of late, some reports of falling popularity of Tor networks have appeared in the press. On the other hand, rising trade and the adoption of the dark web even by small-time criminals and fraudsters points towards its continued fast growth in the future. 

It is reported that while forums earlier accounted for a significant amount of exchanges on the dark web, their popularity has gone down in recent years because of crackdown by authorities that led to tracking the participants. Though criminals depend on the dark web a lot for initial contacts and other communication, final deals are struck on end-to-end encrypted services such as Telegram. 

It is greatly worrying that the cost of compromising accounts and stealing sensitive data has become very cheap, which can incentivize this activity among unemployed youth or small-time criminals looking for avenues for making quick money. In fact, a study has found that young adults in the age group 16-25 are becoming quite active on the dark web to learn and then offer hacking services. The reward seems to be big enough to lure more into this: according to a report, top hackers based in India earn 16-times the median salary of a software engineer.

Another worrying development is that mainstream hackers and malware purveyors have graduated from selling data to ransomware attacks and extortion. It is reported that some big players are selling leaked data on the dark web and simultaneously threatening the victim to pay up or their data would be released on the web too.

During and after COVID-19, the dark web has been used for selling fake testing kits and vaccines, and for faking identities for receiving benefits from relief agencies. Due to shortages in the open markets, a grey market for PPE kits, and HCQ and other medicines, also operated during the peak of the pandemic.

As said earlier, most transactions on the dark web now take place using cryptocurrencies. Central banks the world over are trying to coordinate to somehow control cryptocurrencies, but efforts have mostly failed so far. 

On the other hand, coordination among national, regional and global cyber-policing agencies has resulted in some big successes in breaking dark networks and booking criminals. But that is almost always a post-facto operation and does not even serve as a deterrent for determined criminals and mafias.  

For nations and societies, the dark web will pose more serious challenges. Cyberwarfare and cyber-terrorism, which are going to be even bigger than physical war and terrorism very soon, will exploit the dark web to a much greater extent.

Leave aside nations that are rogue by all counts, all nations have a legitimate goal to defend themselves. In doing so, they fight with others when their interests clash. So, nations are likely to use the dark web to meet their perceived national interests and make it a battlefield. That may or may not secure individual nations, humanity is likely to be the loser.

Taking the reports and estimates about the dark web as plausible, I am tempted to infer that the harm potential of the dark web will keep rising at a fast pace. Authorities will not only remain one step behind the criminals in adoption of new technology, they will sometimes work at cross-purposes with other agencies. We also cannot rule out evolution of the present dark web into a sort of dark hole that is much more powerful and dangerous. 

I close the discussion on this rather sombre note and leave a piece of  advice as the tailpiece.  

The takeaway for individuals

There is no doubt that the dark web is full of criminal operators. It is better not to venture into it even in the face of grave provocation, such as the need to take on a life-threatening adversary or in the face of oppression by  authorities. For maintaining one’s privacy and even for complete anonymity, there are many options that are legal and much safer, including the use of end-to-end encrypted messaging apps, VPN (virtual private network), sharing of documents after password-protecting them, and so on. 

Visiting the dark web for fun or experimentation is also fraught with danger. As discussed earlier, the place may be very dangerous for casual visitors because they do not know the tricks of the trade. Besides, there is a big risk of falling prey to scammers and raiders. Though Tor browser and other anonymity technologies make tracking extremely difficult, there are pirates  and spies in the dark web who can break that too – and that breach can be much more dangerous than hacking in the open web.  

We need to appreciate the harm potential of the dark web – especially the fact that hacking services are available on the dark web at a very small price – and secure our sensitive information in all possible ways. 

Further reading:


*Manoj Pandey is a former civil servant. He does not like to call himself a rationalist, but insists on scrutiny of apparent myths as well as what are supposed to be immutable scientific facts. He maintains a personal blog, Th_ink

Disclaimer: The views expressed in this article are the personal opinion of the author and do not reflect the views of which does not assume any responsibility for the same.

Image credit: Image by Gerd Altmann from Pixabay


Please enter your comment!
Please enter your name here