Using open source intelligence (OSINT), “Recorded Future” team explored the surface, deep, and dark parts of the web and investigated the links between them.
Below Free White Paper on: How You Can Use the Dark Web for Threat Intelligence
There is a lot of talk about the Dark Web these days, not least about how cybercriminals use it to spread malware, leak intellectual property, and publish user account credentials.”Recorded Future” decided to explore the Surface, Deep, and Dark parts of the Web to see what information is available and how it is connected. What they found was that there really is no sharp border between them. Information tends to seep into the Surface Web from its darker parts, and it is more appropriate to talk about one Web, with di erent shades of darkness. The logic behind this is that brokers of illicit information on the Dark Web need to market their products, and hence need to post links to them on the Surface Web (Brian Krebs has noted the same1).Using Recorded Future’s real-time threat intelligence we can identify paste sites and forums as primary nodes of communication between the Surface and Dark Web, and show how these are used to link to both TOR/Onion sites and various download sites.This connectivity allows us to harvest and analyze metadata (such as link patterns, activity levels, and topics) about the Dark Web from the Surface Web, giving us access to valuable information for threat analysis.