At OWL Cybersecurity, we believe in the importance of education. Much of the terminology we use to discuss darknet content is common to those familiar with information security or computer networking but like a foreign language to the general reader. Below are a selection of key terms and definitions you will find helpful as you learn more about the darknet and how it is relevant to both you and your business. Keep an eye on both this page and our Blog, as we will continue to add to this list of terms over time in blog posts and updates.
Alias: A screen name intended to conceal a user's identity, with little to no ties to the user's actual personal information.
Bitcoin: One of the most popular cryptocurrencies in use today. As of publication date (3/24/17), 1 Bitcoin = 984.35 U.S. dollars.
Blockchain: Essentially a distributed database. Information within a blockchain is publicly shared across all participating users or machines. With regards to Bitcoin, the Bitcoin blockchain is a public record of all Bitcoin transactions which helps to verify transactions and prevent double spending.
Botnet: A network of computers, or other IoT devices, infected with malware and being used (often unknowingly by device owner(s)) to send spam or support DDoS or other attacks.
Brute Force Attack: The trial-and-error entry of passwords and/or passphrases until the correct one is guessed and entry is gained.
Carding: The practice of stealing and selling credit card information.
Clearnet: The "regular" internet (non-Tor), often referred to as the surface web.
Cryptocurrency: Virtual currency that employs cryptography for security purposes.
DARKINT: Short for darknet intelligence, DARKINT encompasses actionable data from the darknet and other interconnected sources, including Tor, IRC channels, hacker forums, FTP servers, paste sites, high-risk surface internet and more.
Darknet: The darknet is a network, built on top of the internet, that is purposefully hidden; it has been designed specifically for anonymity. Unlike the deep web, the darknet is only accessible with special tools and software - browsers and other protocol beyond direct links or credentials.
Darknet Market: A marketplace website hosted on a darknet (such as Tor), setup to provide the sale of goods and services while maintaining anonymity of vendors and buyers; also known as a cryptomarket.
Dark Web: Another way of referring to the darknet.
Denial of Service (DoS): A malicious attack on a network that is executed by flooding a server with useless network traffic, exploiting the limits of TCP/IP protocols and thus rendering the network inaccessible.
Domain Name Server (DNS): The internet’s equivalent to a phonebook. On the surface web, this consists of a routing table, translating a character based domain name (ending in *.com, *.net, etc.) to the server’s IPv4 32-bit IP address. In the darknet, a special set of Tor DNS servers correlate the *.onion sites to the source, usually through a series of proxies to obscure the server’s identity.
Dox: The act of posting or publicizing an individual's personally identifiable information (PII), commonly done to expose said individual's true identity or for other, typically malicious, purposes.
Encryption: The process of converting data to an unrecognizable or "encrypted" form. It is commonly used to protect sensitive information, including files, storage devices, and data transfers, so that only authorized parties can view it.
Exit Scam: A scam in which a darknet market admin or vendor shuts down operation while stealing as much money as possible from their users and/or buyers in the process.
Firewall: Hardware and/or software that is specifically designed to protect a network or system from unauthorized access through employing specific rules to control and direct incoming and outgoing network traffic.
Forum: A digital environment where ideas and topics can be discussed freely among users. Members of forums generally log in with a screen name or alias to post and comment on content. Forums differ from real-time internet messaging and chat rooms in that the topics and information are not intended to be discussed real-time but instead posted for all users to see over a more extended period of time.
Grey Hat: Refers to a hacker who might utilize black hat hacking methods with an ethical, or "white hat," intent.
Hacking: The process of identifying targeted computer information systems of interest and employing a computer program to gain unauthorized access to the target system.
Related Content: What is the Darknet?
Hidden Service: Another term for a .onion (Tor) site.
Honey Pot: A website or hidden service setup by law enforcement in an attempt to attract and identify individuals who participate in illegal activity.
Internet Relay Chat (IRC): A popular text-based chat service enabling users connected to a server to communicate with each other in real-time.
IP Address (aka Internet Protocol): A unique string of numbers separated by periods that identifies a computer connected to the internet, e.g. 192.168.10.2 (iPv4).
Malware: Malicious software designed to access a system and perform unwanted actions on behalf of a third party.
Metadata: Refers to data that provides information about a certain item's content. For example, an image may include information that describes how large the picture is or when the image was created, while a text document may contain information about the author of the document, or the IP address of the document's author, and so on.
Mirror site: A site with the same content as another site but a different domain.
Open Source: Open source refers to any program or software that is freely available to the public. Unlike commercial software, open source programs can be modified and distributed by anyone and are often developed as a community.
OPSEC: Standing for "Operations Security," OPSEC is a term that originated from military jargon and has since become popular with the information security industry. In general, OPSEC refers to the standards by which a person or organization should function to ensure that a security breach (of any nature) does not occur. For example, leaving the pin code to a company's entrance key pad written on a sticky note where roaming eyes can see it might be considered negligence of company OPSEC.
Packet: A formatted unit of data routed between its origin and a destination. Data packets are used in internet protocol (IP) transmissions to navigate the internet and darknet.
Pastebin: A surface net site used to publicly post and store text for a certain, often short, period of time. Pastebin ties closely with the darknet as it is an easy way to anonymously share information without the need for a specialty based browser, such as Tor.
Payload: Data being carried or transmitted, typically the functional piece of a computer virus.
Peer-to-Peer (P2P): An ad-hoc connection of computers where information can be passed directly between the participants. In a P2P, each node of the network functions as both the server and the client.
PhaaS: A new term that refers to a phishing package that is offered in SaaS format. These packages are sold on the darknet and provide everything a novice hacker might need to run a phishing scam, including templates, tech support and tutorials.
Phishing: A data collection method used in social engineering. Phishing targets sensitive information (usernames, passwords and credit card details), often for malicious intent, by disguising itself as a trustworthy entity in an electronic communication. See spoofing below.
Protocol: Refers to the scheme in which internet content is retrieved and displayed to a browser. Tor and the darknet leverage “non-standard communication protocol” which refers to the complex set of onion proxy methods to obscure the identity of the requestor and the content server. Protocol can also refer to a method of financial transaction, e.g. bitcoin.
Relay (aka node): Within Tor there are over 7,000 relays, mostly internal. When a request to access a particular hidden service is made, the browser calculates the optimal route through a series of relays, exchanging cryptographic keys between nodes, to display the content without disclosing the IP address of the request originator.
Router: The hardware used to forward packets of information along a network, performing the traffic directing functions of the internet.
Sandbox: An isolated, controlled environment within which potentially dangerous programs are run. In a Sandbox, one can install, open and examine computer applications, potential phishing emails or infected documents without threatening the safety of the rest of the computer (or any place outside of the sandboxed environment).
Scraping: In the context of web scraping, this term describes the process of harvesting large sets of data from websites and storing the content in a database on a local computer or server.
Screen Name: The name a user employs to communicate with others online.
Social Engineering: Psychological manipulation of people into performing actions or divulging confidential information.
Spoofing: The process of falsifying the origin of network communication (via the internet) in order to mislead or misdirect the recipient. Example: A fake email from your bank asking you to validate credit card or personally identifiable information.
Tor (aka The Onion Router): A free web browser designed for anonymous internet browsing and protection against network traffic analysis; the most commonly used tool for accessing and browsing the darknet.
Tumble: A method of scrambling or anonymizing the source of one’s bitcoins.
Username: A string of characters used to log in to a computer information system.
VPN: A Virtual Private Network (VPN) is a means of re-routing a connection to the internet through privacy enhanced "tunnels," providing the subsequent internet traffic with an added layer of security and anonymity.
Wiki: Like the surface net site Wikipedia, a darknet wiki is a website that allows registered users to collaboratively write and edit content directly from their browser. Example: The Hidden Wiki.
Zero-day: A security gap or vulnerability in a piece of software or a system that is not yet known to the software or system vendor. Once discovered, it may be exploited by attackers using a zero-day exploit.