The dark web can be a great resource, providing access to information that you won’t find on the regular internet.
But it can also be a—excuse the pun—dark place. There’s plenty of undesirable content you need to avoid. At best, it can be offensive; at worst, it could be highly illegal.
Let’s take a closer look at some of the worst things you might find on the dark web.
1. Crypto Scams
If you’ve been following the news, you’ll know that crypto scams are already commonplace across the regular web. The problem even forced Facebook to issue a blanket ban on crypto ads in mid-2018 (though the ban has now been partially lifted).
It should probably come as no surprise, therefore, to learn that crypto scams are even more common on the dark web.
The scammers use the same techniques as on the regular web, but the lack of regulation means they are less likely to be shut down by ad networks, forums, and other places where the scams pop up.
Note: If you would like to learn more, we discussed some of the most common crypto scams on our sister site, Blocks Decoded.
2. Exit Scams
Exit scams occur when a seller stops shipping products but continues to take orders and money.
Because the items sold on the dark web are often illegal (guns, drugs, etc.) and payments are made in Bitcoin or other cryptocurrencies, the buyer has no avenues for redress or compensation.Advertisement
Some of the most famous exit scams on the dark web include Olympus Market and Empire in September 2018, and the Evolution darknet market in 2015.
The owners of the Evolution market reportedly walked away with more than $12 million in Bitcoins that were in escrow.
3. Hoaxes on the Dark Web
The dark web is full of hoaxes—almost all of which want you to part with your money in exchange for nothing in return.Advertisement
Understandably, the hoaxes come in many forms; people are creative.
Some of the hoaxes are on the sickening end of the spectrum. Probably the most well-known example is that of “red rooms.” The rooms purport to show live torture of animals and humans, as well as live rape and even murder.
We’re not saying they are all fake—we have no desire to do the required research, but the received wisdom among regular dark web users is that that they are at best staged and at worst a money-grabbing scam.
One particular incident in August 2015 promised the torture of seven ISIS prisoners, even claiming that the viewers could direct the action via an interactive chat. There was quite a buzz around the event on Reddit and 4chan.
Then, three minutes before the action was due to begin, the site went down. Half an hour later it was back, thanking people for taking part. When the “source footage” was eventually uploaded, the camera froze every time the torture was about to start.
A suspiciously fake-looking FBI seizure notice popped up a few days later.
Other hoaxes take advantage of people who want to use illegal services (like hitmen, often referred to as the Nigerian princes of the dark web) and buy illegal products. If you ever try to procure these services and products, you’ll almost always end up out of pocket.
Anti-terrorism authorities have uncovered multiple instances of terrorist groups using the dark web to coordinate their actions.
In early 2015, it was discovered that the Al-Hayat Media Center, which is affiliated with ISIS, launched a new dark web site to disseminate information. Its regular web site even had explicit instructions on how to access the dark web content.
Rawti Shax (an offshoot of the Kurdish jihadist group Ansar al-Islam) was also found to have a dark web presence in October 2015.
After the 2015 Paris attacks, the Anonymous hacktivist group managed to gain control of one such ISIS-sympathizing site and replace it with a Prozac advert.
5. Illegal Pornography
Illegal pornography is rife on the dark web. The biggest issue is arguably that of child pornography and its associated pedophile rings.
In 2015, the FBI famously busted a massive child porn site on the dark web by using malware, exploits in Adobe Flash, and other hacking tricks. The authorities gained control of the North Carolina server and let it run for two weeks before shutting it down.
Here’s how the court filing explained the FBI’s approach:
Pursuant to that authorization, on or about and between February 20, 2015, and March 4, 2015, each time any user or administrator logged into Website A by entering a username and password, the FBI was authorized to deploy the Network Investigative Tool (NIT) which would send one or more communications to the user’s computer. Those communications were designed to cause the receiving computer to deliver to a computer known to or controlled by the government data that would help identify the computer, its location, other information about the computer, and the user of the computer accessing Website A. That data included: the computer’s actual IP address, and the date and time that the NIT determined what that IP address was; a unique identifier generated by the NIT a series of numbers, letters, and/or special characters) to distinguish the data from that of other computers; the type of operating system running on the computer, including type (e.g., Windows), version (e.g., Windows 7), and architecture (e.g., x86); information about whether the NIT had already been delivered to the computer; the computer’s Host Name; the computer’s active operating system username; and the computer’s MAC address.
In the end, the FBI compromised more than 1,000 computers, and it arrested three men.
And child pornography isn’t the only problem. Content that lies in a legal grey area—such as revenge porn—is also a massive problem that the authorities are struggling to grapple with.
6. Phishing Scams
We’re all familiar with how phishing scams work on the regular web. And if you’re semi-computer-literate, you probably back yourself not to get caught out.
On the dark web, it’s much easier to fall victim due to the way web addresses are presented. For instance, take the 2016 example of a DuckDuckGo phishing attempt.
Here’s how the site’s .onion domain should look:
And here’s how the phishing domain looked:
Are you confident that you’d spot the differences while browsing at speed?
Worse still, in some instances, the fake sites aren’t just duplicating their intended targets—they been proven to be proxies for the real sites. In practice, that means they can perform man-in-the-middle attacks and either steal or modify data as it passes through the fake site.