By Rezaul Karim, 14 April 2025
The dark web has been depicted as a long-standing hub for crimes, where illegal activities such as drug dealing, financial fraud, weapon sales, murder for hire, stolen credit cards and ransomware gangs are easily accessible to the public.
But the dark web is more than just horror stories. Today, the technology synonymous with crimes is a tool for journalists, activists, hacktivists, and whistleblowers to share secrets while retaining their anonymity.
Surface web, deep web, and dark web
The publicly indexed part of the web, known as the surface web, consists of approximately four to five percent of the internet. These are websites such as newspapers, blogs, Wikipedia, etc., that can be accessed through traditional search engines and don’t require any special efforts or credentials to access.
The deep web contents aren’t indexed by search engines and encapsulates 90-96% of the internet. It includes private or password-protected sites which are hidden for security concerns but are accessible with the appropriate credentials. Examples include bank account information, insurance records, or subscription-based content.
The dark web is a subset of the deep web that is estimated to make up from 0.01 percent to five percent. Contents of the dark web are intentionally concealed and designed for anonymous communication. The data in this part of the internet uses encrypted networks and non-traditional URLs requiring special software, and thus is not indexed by search engines.
Origins of the dark web
On 20 March 2000, a peer-to-peer, decentralised network known as Freenet was released and marked the first recorded instance of the dark web, which was commonly referred to as the darknet [1]. Computer scientist Ian Clarke developed the project, allowing for people to visit the internet anonymously without fears of being tracked by authorities or governments. He described it, in his thesis for Edinburgh University titled ‘A Distributed Decentralised Information Storage and Retrieval System,’ as a network to allow people to communicate freely without being tracked.
A popular tool for accessing the dark web is TOR (The Onion Router) network, developed on 20 September 2002, by scientists Roger Dingledine and Nick Mathewson. Through TOR browser, users can navigate the dark web’s contents and reach hidden websites. Funded by the US Naval Research Laboratory as a way to communicate with intelligence sources around the world without getting tracked, the tool anonymises online activities and protects online privacy. The TOR project [2] was released publicly in 2004, and is the most popular publicly available access to the dark web.
Dark web crimes
Because the dark web isn’t catalogued by search engines, and special software is required to access websites hosted on the network, it’s become the perfect environment where criminals can thrive.
One of the cases that brought dark web activities to public attention involved Ross Ulbricht, who in 2013 was arrested by the FBI [3]. In 2010, Ulbricht started developing an online marketplace hosted on the dark web called Silk Road where users could buy and sell drugs, other illegal products and services anonymously. It was hosted on the dark web from 2011 to Ulbricht’s arrest. Reuters reported that drug dealers and others made over $200 million in illegal trades on the marketplace using bitcoin.
In his 2013 indictment, Ulbricht, who ran the site using the pseudonym ‘Dread Pirate Roberts’ after a character from The Princess Bride, was found to have committed seven crimes using the dark web. These included: conspiracy to launder money, conspiracy to commit computer hacking, conspiracy to traffic narcotics by means of the internet, and continuing a criminal enterprise. It marked the first highly publicised case involving use of the dark web to commit crimes. Ulbricht was found guilty and sentenced to life in prison with no possibility of parole, however President Donald Trump pardoned Ulbricht in January 2025, saying his sentence was too harsh.
Today many crimes can be committed using the dark web including illicit trades like drug sales. Moreover, there are money laundering services on the dark web where criminals pay online to have their ill-gotten money cleaned.
Most ransomware gangs have a presence in the dark web today, where they announce their attacks. The ‘ransomware as a service’ business model has contributed to the recent spike in ransomware attacks.
Good intentions
On the contrary, the dark web is also used for legitimate purposes, with journalists, whistleblowers, and social or human rights activists often using it to communicate securely. This is especially the case in countries with strict censorship laws or suppression of free speech, with the dark web serving as a platform where people can communicate freely, expose corruption, or share intelligence with each other.
Financial crime risks
The dark web has made it easier for criminals to get away with financial crimes [4], including cyberattacks on financial institutions, money laundering, sales of credit card numbers, identity theft, extortions, blackmail, ransoms, and ransomware attacks on individuals and companies.
In the past few years, cases of financial fraud have also spiked, partly fuelled by the dark web, where criminals are able to interact and share techniques and targeted next victims. According to Cybernews, financial fraud-related listings comprise a significant portion of dark web activities, accounting for over 34% of total listings.
Take credit cards and identity theft, for instance. Users of the dark web can easily purchase our credit card numbers, log into legitimate shopping sites like Amazon and make a purchase using your credit card while masquerading as you – all without being detected. Today, there are hundreds of thousands of credit cards for sale on the dark web, and chances are you might be one of the victims whose credit card number is stolen. Unfortunately, you will never know until it’s too late and these criminals have used all your hard-earned money.
Ratcheting up cyber defence
The dark web is a precautionary tale of how powerful technology can be turned into a force of evil by bad actors. The chances of falling victim to these criminals are also very high, and as you go through your normal life, you have to consider the possibility that there is someone on the dark web with your credit card number, social security number, your name, address, and that they don’t mean good for you. A recent complaint filed in the US District Court for the Southern District of Florida revealed that a cybercriminal group posted “National Public Data” on a dark web forum for sale at a price of $3.5 million. This is considered as one of the largest data breaches in history [5] and a serious concern for all.
Your business’s next cyberattack may also be from the dark web, along with the method of ransom payment demanded by the cybercriminals. Therefore, the dark web issue is a public one that needs to be taken seriously. Ignorance about such a platform is a huge gamble and may have serious consequences.
In 2023, businesses experienced 70% more ransomware attacks [6] compared to 2022. Although ransomware payments slightly dropped in the following years, we should remain vigilant about such attacks as they might resurge at double intensity in the future. Thus, businesses should develop a response plan, data backups, layered security measures, as well as educate staff on cybersecurity best practices.
About the author
Rezaul Karim, Advisory Board Member at Compliance Week, is a financial crime compliance expert with over a decade of experience. He has held multiple compliance assistant vice president roles at HSBC, and is a published author, speaker, and thought leader.
This article has been republished with permission from Compliance Week, a US-based information service on corporate governance, risk, and compliance. www.complianceweek.com