The Dark Web is known as a marketplace for criminal activities. However, the public sector should not turn a blind eye to this shadowy side of the web, as it also presents opportunities for better protection.
For many, the term ‘Dark Web’ evokes images of illegal markets, hackers, and criminal networks. Yet that’s only part of the story. According to Vandy Berten, researcher at Smals Research, the government should not only fear the Dark Web but also learn to understand it and even use it.
“Tor and the Dark Web were not originally built for criminal activity, but to protect citizens from censorship and repression,” he emphasizes during a presentation. Berten wants to alert the public sector about Dark Web threats while also encouraging them not to bury their heads in the sand.
Below the Surface
The internet we use daily, despite its millions of websites, is just the tip of the iceberg. Below the visible layer lies the deep web: the non-indexed zone where emails, SharePoints, and internal databases reside. Digging even deeper, you’ll find the
It’s sometimes claimed that Tor is a tool for hackers, but that’s incorrect. The technology was initially developed with a noble purpose: protecting privacy. Not against advertisements or marketing cookies, but against state censorship and surveillance. In repressive regimes, Tor is used by journalists and activists.
Peeling the Onion
Tor works completely differently from a classic internet browser. “Tor offers not just encryption, but also anonymity. No one knows the complete route that a data connection takes,” Berten explains.
The technique works according to the so-called onion principle: each data packet is encrypted multiple times and passes through various voluntary relays. No single node knows both the sender and the destination. This makes it virtually impossible to identify a user. Therein lies the paradox of Dark Web technology: it shields criminal activity just as effectively from police and security services.
Privacy is Not Anonymity
During his session, Berten makes an important distinction between anonymity and privacy. Anonymous means no one knows who you are; private means no one knows what you’re doing. On the regular web, it’s difficult to maintain both. Your IP address, cookies, browser settings, and even screen resolution together form a digital fingerprint.
In theory, you leave no traces on the Dark Web, but it requires more discipline. “Anyone who uses their real email address or bank card becomes immediately traceable,” says Berten. Even small mistakes, like logging in outside Tor or a file with metadata, can reveal an identity.
The Ugly Face of the Dark Web
The Dark Web’s negative connotation is not unwarranted. Browsing in Tor takes you to a very different side of the internet than when using Chrome or Edge. The user experience is slow, confusing, and full of dead links. In the dark recesses of the Dark Web, you’ll find numerous criminal marketplaces selling drugs and weapons, hacker forums, and websites where people can bid on personal and company data stolen during cyber attacks.
read also
“Rise of dark LLMs lowers the barrier to cyberattacks”
According to Berten, thousands of such full dumps from ransomware groups are currently circulating. These include data linked to Belgian public institutions and dozens of private companies from the IT, pharmaceutical, and banking sectors. “Once data ends up on the Dark Web, it stays there forever,” he warns.
The value of this data for cybercriminals cannot be underestimated. Medical data is worth ten to twenty times more than financial information. Hospitals are therefore an attractive target. Besides stolen data, the Dark Web also circulates fake documents, counterfeit medicines, hacking tools, and child pornography.
Belgian Services Are Following Along
While law-abiding citizens should stay as far away as possible from the Dark Web, Belgian government institutions rightly don’t ignore it completely. They are examining whether monitoring the Dark Web is feasible in search of information about criminal activity. Some examples Berten provides:
- Sciensano conducted a pilot project in 2020 on ‘designer drugs’ sold via the Dark Web.
- FPS Finance searched for cyber intelligence feeds that include Dark Web sources in 2019.
- Myria looks at international cooperation for online channels to detect human trafficking.
- FPS Public Health and FAMHP study the trade in medical data and counterfeit medicines.
- The Federal Police is involved in detecting cybercrime in cooperation with Europol.
The Centre for Cybersecurity Belgium (CCB) plays more of a coordinating role. The CERT.be team actively monitors data breaches and leaked login credentials on the Dark Web. Organizations can register via atwork.safeonweb.be to receive alerts when their data appears, and report incidents via notif.safeonweb.be
“The CCB doesn’t initiate legal investigations but provides technical and administrative support to victims,” Berten emphasizes. “Those who want to prosecute criminals still need to go to the police.”
Are You Allowed to Look?
Visiting the Dark Web and using Tor are not illegal under Belgian law. It only becomes illegal when you actually participate in criminal activity. Civil servants also have a reporting obligation: anyone who encounters illegal content must report it.
However, Berten advises proceeding with necessary precautions and only entering the Dark Web if really necessary. There are commercial platforms that offer paid structural monitoring services, and the CCB also assists companies. Those wanting to know if an email address has been leaked can use free services on the ‘safe’ part of the web, such as HaveIbeenpwned.
From Threat to Opportunity
For companies and public institutions, data breaches are the biggest threat from the Dark Web. Once passwords or databases end up there, they become public. Yet Berten also sees opportunities for law enforcement. Governments can use the Dark Web to better understand the threats.
“Tor isn’t just a playground for hackers,” he says. “It’s also a valuable tool for transparency and source protection.” In some countries, media and NGOs deliberately use the Dark Web to share information securely. For the government, it can also be a means to protect journalists or activists.
Careful Exploration
Government institutions wanting to monitor the Dark Web can start small. “An initial exploration doesn’t require major investment: just time, a secure internet connection outside the internal network, and some knowledge of Tor,” says Berten.
It’s important not to confuse monitoring with investigation. “The goal is to acquire information, not to infiltrate,” he says. The police remain responsible for investigation and prosecution.
An Enduring Reality
Smals Research’s conclusion is nuanced: the Dark Web isn’t going away. It’s technically impossible to shut down the network, and its anonymity makes detection complex. “What gets leaked stays online forever,” Berten summarizes. “But understanding how the Dark Web works can help you protect yourself better.”
For the public sector, this means a change in mentality. Not looking away, but learning to look. Not just defending, but also observing. And above all, collaborating. Because in a world where data is the new currency, the line between threat and opportunity can be surprisingly thin.