At OWL Cybersecurity, we believe in the importance of education. Much of the terminology we use to discuss darknet content is common to those familiar with information security or computer networking but like a foreign language to the general reader. Below are a selection of key terms and definitions you will find helpful as you learn more about the darknet and how it is relevant to both you and your business. Keep an eye on both this page and our Blog, as we will continue to add to this list of terms over time in blog posts and updates.
Alias: A screen name intended to conceal a user's identity, with little to no ties to the user's actual personal information.
Bitcoin: One of the most popular cryptocurrencies in use today. As of publication date (3/24/17), 1 Bitcoin = 984.35 U.S. dollars.
Blockchain: Essentially a distributed database. Information within a blockchain is publicly shared across all participating users or machines. With regards to Bitcoin, the Bitcoin blockchain is a public record of all Bitcoin transactions which helps to verify transactions and prevent double spending.
Carding: The practice of stealing and selling credit card information.
Clearnet: The "regular" internet (non-Tor), often referred to as the surface web.
Cryptocurrency: Virtual currency that employs cryptography for security purposes.
DARKINT: Short for darknet intelligence, DARKINT encompasses actionable data from the darknet and other interconnected sources, including Tor, IRC channels, hacker forums, FTP servers, paste sites, high-risk surface internet and more.
Darknet: The darknet is a network, built on top of the internet, that is purposefully hidden; it has been designed specifically for anonymity. Unlike the deep web, the darknet is only accessible with special tools and software - browsers and other protocol beyond direct links or credentials.
Darknet Market: A marketplace website hosted on a darknet (such as Tor), setup to provide the sale of goods and services while maintaining anonymity of vendors and buyers; also known as a cryptomarket.
Denial of Service (DoS): A malicious attack on a network that is executed by flooding a server with useless network traffic, exploiting the limits of TCP/IP protocols and thus rendering the network inaccessible.
Domain Name Server (DNS): The internet’s equivalent to a phonebook. On the surface web, this consists of a routing table, translating a character based domain name (ending in *.com, *.net, etc.) to the server’s IPv4 32-bit IP address. In the darknet, a special set of Tor DNS servers correlate the *.onion sites to the source, usually through a series of proxies to obscure the server’s identity.
Dox: The act of posting or publicizing an individual's personally identifiable information (PII), commonly done to expose said individual's true identity or for other, typically malicious, purposes.
Exit Scam: A scam in which a darknet market admin or vendor shuts down operation while stealing as much money as possible from their users and/or buyers in the process.
Firewall: Hardware and/or software that is specifically designed to protect a network or system from unauthorized access through employing specific rules to control and direct incoming and outgoing network traffic.
Forum: A digital environment where ideas and topics can be discussed freely among users. Members of forums generally log in with a screen name or alias to post and comment on content. Forums differ from real-time internet messaging and chat rooms in that the topics and information are not intended to be discussed real-time but instead posted for all users to see over a more extended period of time.
Hacking: The process of identifying targeted computer information systems of interest and employing a computer program to gain unauthorized access to the target system.
Hidden Service: Another term for a .onion (Tor) site.
Honey Pot: A website or hidden service setup by law enforcement in an attempt to attract and identify individuals who participate in illegal activity.
Internet Relay Chat (IRC): A popular text-based chat service enabling users connected to a server to communicate with each other in real-time.
IP Address (aka Internet Protocol): A unique string of numbers separated by periods that identifies a computer connected to the internet, e.g. 192.168.10.2 (iPv4).
Mirror site: A site with the same content as another site but a different domain.
Packet: A formatted unit of data routed between its origin and a destination. Data packets are used in internet protocol (IP) transmissions to navigate the internet and darknet.
Pastebin: A surface net site used to publicly post and store text for a certain, often short, period of time. Pastebin ties closely with the darknet as it is an easy way to anonymously share information without the need for a specialty based browser, such as Tor.
Peer-to-Peer (P2P): An ad-hoc connection of computers where information can be passed directly between the participants. In a P2P, each node of the network functions as both the server and the client.
Phishing: A data collection method used in social engineering. Phishing targets sensitive information (usernames, passwords and credit card details), often for malicious intent, by disguising itself as a trustworthy entity in an electronic communication. See spoofing below.
Protocol: Refers to the scheme in which internet content is retrieved and displayed to a browser. Tor and the darknet leverage “non-standard communication protocol” which refers to the complex set of onion proxy methods to obscure the identity of the requestor and the content server. Protocol can also refer to a method of financial transaction, e.g. bitcoin.
Relay (aka node): Within Tor there are over 7,000 relays, mostly internal. When a request to access a particular hidden service is made, the browser calculates the optimal route through a series of relays, exchanging cryptographic keys between nodes, to display the content without disclosing the IP address of the request originator.
Router: The hardware used to forward packets of information along a network, performing the traffic directing functions of the internet.
Scraping: In the context of web scraping, this term describes the process of harvesting large sets of data from websites and storing the content in a database on a local computer or server.
Screen Name: The name a user employs to communicate with others online.
Spoofing: The process of falsifying the origin of network communication (via the internet) in order to mislead or misdirect the recipient. Example: A fake email from your bank asking you to validate credit card or personally identifiable information.
Tor (aka The Onion Router): A free web browser designed for anonymous internet browsing and protection against network traffic analysis; the most commonly used tool for accessing and browsing the darknet.
Tumble: A method of scrambling or anonymizing the source of one’s bitcoins.
Username: A string of characters used to log in to a computer information system.
Wiki: Like the surface net site Wikipedia, a darknet wiki is a website that allows registered users to collaboratively write and edit content directly from their browser. Example: The Hidden Wiki