What was once a foreign concept to many internet users, the dark web is making its presence known on the surface web.

The everyday web surfer may be under the impression that the dark web is a foreign entity that couldn’t affect them in a million years; however, this is unfortunately a frivolous fallacy. As the number of internet users grows, so does the number of users with bad intentions, and while these users used to claim the dark web as their primary domain, more and more are expanding their base of operations to the everyday internet, or surface web. While this is a scary concept, it actually could make it easier for investigators to catch these cybercriminals. As many investigations will require secure, anonymous access to both the surface web and the dark web in order to chase down leads wherever they go, maximize on pivot points and corroborate information, the increasingly-blurred line between the two platforms can prove beneficial for investigators.

Mirroring between the surface web and the dark web

While the vast majority of the clear web is safe from dark web intrusion, the fact is that there is some mirroring between the two, and the possibility of more mirroring lingers. For a better understanding of the concept of mirroring, the hit Netflix series "Stranger Things" actually has some strong comparisons to the idea of mirroring between the clear web and the dark web. In Hawkins, Indiana, the real world and the Upside Down, as it’s called in the series, are separated by gates, or portals, that appear and materialize throughout the town at random times. In the show we see characters enter these portals and transfer between the Upside Down and the real world seemingly at will – at least, most of the time. Of course, the dark web isn’t as outwardly scary as an oozing portal or a monstrous Demogorgon, but it is a lot more real.

Although there are definitely good reasons for using the dark web – it can be a safe haven or lifeline for political dissidents in censored, authoritarian regimes to see and receive news, for example – the dark web can be considered the Upside Down of the internet. While similar to the surface web that we use every day (it has the same trappings such as sites, marketplaces and forums), it is often filled with nefarious things. Despite our best efforts to keep the two separate, though, the dark web has found ways – gates, if you will – to bridge itself and the clear web: much like the original gate to the Upside Down in Hawkins National Laboratory and many other smaller gates that pop up in the town, the “original” gateways to dark web browsers – Tor, BBS, etc., – still exist and are widely used, but smaller and closer-to-home gateways are popping up more frequently and in the one place you would hope not to see them – the surface web.

Craigslist and the dark web

So, what is the dark web doing on the clear web exactly? Specifically speaking, sites such as Craigslist and apps like Telegram are ripe with crossover between the clear and dark web. That's right, when you went on Craigslist to look for a cheap new car, you were actually toeing the line with the surface and the mysterious and nefarious dark web. Craigslist has a shady history of advertising services on the clear web, either explicitly or ambiguously, such as murder-for-hire and under-the-table drug peddling, and Telegram’s easy-to-use features and general lack of moderation has led some to dub it the new dark web. While these are obviously neither advocated for by these sites nor the bulk of their content and traffic, their presence on these surface web sites is still prevalent and alarming. So too is the apparent lack of clear action by site admins to crack down on them, particularly on Craigslist.

Of course, anyone can download Tor and gain access to the dark web, so it’s not as if the dark web infiltrating the clear web makes it exponentially easier or likelier to encounter dark web activities, but the fact that dark web posts are leaking over to the surface web is still a scary concept for those who just want to browse the Internet in peace and occasionally peruse some deals on Craigslist. Fortunately, though, the presence of dark web activities on clear web sites can actually be useful for investigators; since these are clear web sites, it is inherently easier, at least to some degree, to track down the original posters of these nefarious ads – giving investigators a bread crumb trail to their identity, and with it the ability to make arrests and hold responsible parties accountable.

Dark web sites through clear web eyes

Illicit personal ads are not the only way to access glimpses of the dark web on the clear web; in fact, you can access much more of the dark web on a surface web browser with simple link manipulation. While they do pose some semblance of a security risk, it is possible to use Tor proxies and add .ly or .cab to the end of a Tor link, allowing you to view the dark web site in your current surface web browser, be it Chrome, Firefox or anything else.

This is a risky move for investigators as it could potentially compromise your anonymity via your digital fingerprint, but it could be helpful in identifying lower-end hackers and criminals if they aren’t careful and expose their dark web searches on their surface web browser. For more on Tor proxies, check out what Michael James from the OSINT Curious Project had to say on our podcast, NeedleStack.

With sites like Craigslist and tools like Tor proxies allowing malefactors to further blend the dark web with the surface web, the ability to safely and securely investigate on both platforms is imperative. Although the integration of the dark web into the clear web may be slim in the grand scheme of things, its presence is nevertheless dangerous and important for investigators to understand. Investigators can utilize this platform mirroring to their advantage, by using the crossover to better track their targets across the web and gather as much information and evidence as possible from as many sources as possible.

So the next time you’re browsing Craigslist for a used Honda Civic or sending messages on Telegram, know to be wary of who you interact with, but also know that these cybercriminals’ days of online felony are likely numbered.

To learn more about how Authentic8 keeps investigators safe as they research — including on the dark and light web — check out Silo for Research >