The internet is widely regarded as the epitome of never-ending innovation and creativity. It is considered the most fascinating, wild, and phenomenal creation in the history of humanity. According to a study, 95 percent of all the world’s information is digitized and accessible on the internet. If you even begin to think about how big the internet is, your brain might start to hurt. One way to answer this question is to consider the total amount of data held by the biggest online service providers (SPs)—that is, Google, Facebook, Amazon, and Microsoft. Science Focus estimates that these tech giants collectively store at least 1,200 petabytes of data. That is 1.2 million terabytes, which is equal to approximately 1,200,000,000,000,000,000 bytes (Mitchell, 2021).

If information is power in the digital/online age (and it is), then Google has the right to claim that it is the most influential company in the world. It dominates almost every sector it is getting into, as it has collected, digitized, arranged, and presented more information than any other company in the world’s history. According to reports, Google owns more than 90 percent of the worldwide search market. More than 2 trillion Google searches are made every year (BroadbandSearch, 2021). To put this in perspective, that works out to more than 5 billion searches every day, 228 million every hour, 3 million every minute, and 63,000 every second.

This chapter gives an overview of the broad research, with a particular focus on cybercrime and the Dark Web. Understanding what cybercrime is, the various types, and how to protect yourself from it will help to keep our society running and stay safe online. Subsequently, the chapter briefly discusses two popular Dark Web access tools (The Onion Router (TOR) browser and the Invisible Internet Project (I2P)). Specifically, this chapter covers the following topics:

• Classification of major cybercrimes
• Types of cyberattacks
• Evolution of cybercrime
• The internet’s three primary levels
• Dark Web access tools

While the digital dimension may (on different levels) improve people’s lives, it leaves them vulnerable to emerging threats, potentially with severe implications. The internet has acted as a new pathway for criminals to conduct their activities and launch attacks with relative obscurity. Cybercrime, also known as computer crime, refers to activities carried out by means of electronic devices, computers, or the internet to conduct illegal acts (European Commission, 2021). The majority of cybercrime is conducted by hackers or cybercriminals who are after financial gain. However, there are times when cybercrime tries to harm systems or networks for factors other than economic profit. The following list classifies three major categories of cybercrime:

• Crimes against people: This type of cybercrime aims to exploit human weaknesses, such as greed and naivety. It includes cyberstalking and harassment, extortion, defamation, credit card fraud, identity theft, human trafficking, distribution of child pornography, and so on (Panda Security, 2021).
• Crimes against properties: Some online crimes take place against properties, such as a computer or a server. This category of cybercrime includes cyber vandalism, virus transmission, cybersquatting, copyright infringement, cyber trespass, distributed denial-of-service (DDoS) attacks, and so on (Swier Law Firm, 2021).
• Crimes against governments: This kind of cybercrime may significantly impact a nation’s sovereignty. Cybercrimes against a government include accessing confidential information, cyberwarfare, industrial espionage, network intrusions, cyberterrorism, and so on (Arora, 2016).

These days, cybercrime is running rampant. Warren Buffet, the billionaire mogul and philanthropist, believes that cybercrime is the number one issue with mankind and that cyberattacks are a much bigger threat to humanity than nuclear weapons. Mass attacks in cyberspace may even constitute a threat to international peace and security. Cybersecurity Ventures has estimated that the global cybercrime damage costs in 2025 will reach 10.5 trillion US dollars. The following figure shows the global cybercrime damage costs in 2021 (Morgan, 2020):

Figure 1.1 – Global cybercrime damage costs in 2021

With the pandemic (COVID-19) worsening and a fatigued remote workforce, the potential attack surface for cybercriminals has expanded dramatically. Cyber-related crimes continue to rise in scale and sophistication, and every day, essential services, businesses, and individuals become victims of malicious/harmful cyberattacks. Even though cyberattacks are not tangible as physical attacks are, they can be as impactful and devastating (Lallie et al., 2021). Some critical cybersecurity statistics and trends are set out here:

• The worldwide cybersecurity market is projected to reach 170.4 billion dollars in 2022 (Contu et al., 2018)
• Data breaches exposed 36 billion records in the first half of 2020 (Goddijn, 2020) 
• 94 percent of malicious malware is delivered via email (Phishing Box, 2019) 
• The average cost of a single data breach was 3.86 million US dollars in 2020 (IBM Security, 2020)
• Human error is to blame for 95 percent of cybersecurity breaches (Hourihan, 2020)
• In 2020, the average time to identify and contain a breach was 280 days (IBM Security, 2020)

As can be seen, taking cybersecurity seriously is of vital importance. Nowadays, data has become the most valuable asset in the world, and applying proper cybersecurity techniques may protect individuals and organizations from severe damage. You might be asking how to fight cybercrime given its ubiquity. Here are some wise recommendations for preventing cybercrime on your computer and your personal data:

• Keep your operating system and software updated: By maintaining an updated operating system and software, you can use the most recent security fixes to safeguard your machine.
• Use antivirus software: It’s wise to use antivirus software to defend your PC from threats. You can scan, identify, and get rid of hazards with antivirus software before they become a problem. You may rest easy knowing that this protection is helping to safeguard your computer and your data against cybercrime. Maintain antivirus updates to get the best level of security.
• Use strong passwords: Use secure passwords that are impossible for anyone to guess, and don’t save them elsewhere. Or, to make this simpler, use a trustworthy password manager to generate strong passwords at random.
• Never open attachments in spam emails: By clicking on links in spam emails, other unsolicited messages, or unknown websites, consumers can also become victims of cybercrime. To maintain your online safety, avoid doing this.

It is predicted that fast-paced changes in technology will cause a dramatic increase in cyberattacks. The following section describes the various types of cyberattacks, as well as how cybercrime has evolved throughout the years.

Types of cyberattacks 

Digitalization is no longer part of a 1930s science-fiction movie. It is the past, present, and future of humankind. Digital transformation has positively changed almost every aspect of people’s lives, but at the same time, it has brought with it many downsides. Cyberattacks have moved beyond harming computers, networks, and smartphones. Cybercriminals can attack literally anything with a heartbeat or an electronic pulse—for example, people, cars, refrigerators, railways, coffee machines, planes, baby monitors, power grids, drones, nuclear facilities, and so on.

A cyberattack refers to an action where a threat actor (attacker)—or a group of threat actors—attacks a computerized information system to steal, manipulate, alter, or destroy confidential data (Pratt, 2021). Because of the internet’s global existence, hackers can be physically positioned anywhere in the world and still cause harm. While an attacker can use various techniques to penetrate a system, most cyberattacks rely on similar methods. Here is a list of the most common types of cyberattacks:

• Phishing attack: Phishing is a popular type of cyberattack where hackers send deceptive messages to unsuspected users. These messages appear to come from reputable sources—that is, friends, family, colleagues, banks, internet service providers (ISPs), and so on. Most phishing messages are delivered via email, and their goal is to do the following (Phishing.org, 2021):
  1. Steal sensitive data such as credit/debit card numbers and login credentials.
  2. Install malware on the victim’s machine. The information obtained by the hackers can be used to steal the victim’s identity, request money, or seek thrill/pleasure.
• Malware attack: Malware is a general term used to describe malicious software. This type of software is maliciously installed on a user’s system (without their consent) and can perform various harmful tasks (McAfee, 2021). Spyware, ransomware, viruses, and worms are all types of malware attacks. Some forms of malware, such as ransomware, are designed to extort the victim in some way. This is done by purposefully encrypting their files and then demanding a fee to be paid to get the decryption key (Ovide, 2020).
• DoS attack: This type of attack works by using compromised devices to flood the targeted system with requests in order to disrupt its normal functioning. A DoS attack aims to make the system inaccessible to its intended users—that is, employees, clients, account holders, and others. Services affected may include emails, websites, and online banking. Also, attackers have the ability to use multiple compromised devices and cause even more harm. This is known as a DDoS attack (Weisman, 2020).
• Structured Query Language (SQL) injection attack: An SQL injection is considered the number one threat to web applications. It occurs when an attacker interferes with the queries an application (website) makes to its backend/server-side database. The hacker injects malicious code into the server and forces the server to display the user’s database contents—for example, usernames, passwords, secret questions, and other information. An SQL injection is usually used to bypass authentication, disclose confidential information, or alter data (Ping-Chen, 2011).

Cyberattacks have a number of detrimental repercussions. When an attack is conducted, it may result in data breaches, which may cause data loss or manipulation. Companies suffer financial losses, a decrease in customer trust, and reputational harm. We employ cybersecurity to prevent cyberattacks. Networks, computers, and their component protection from unwanted digital access are known as cybersecurity.

Evolution of cybercrime

Cybercrime’s evolution is easy to trace and coincides with the evolution of the internet itself. The internet provides a rich environment for criminal activity, ranging from vandalism to human trafficking to intellectual property theft.

The early years

Cybercrime first appeared in telecommunications and specifically with phone phreaking, which topped in the 1970s. Phone phreaking is a slang term coined to describe people who exploit hardware and frequency vulnerabilities of telephone signaling in order to make free calls (Madsen, 2019). Exploring telecommunication systems was not (and is not) illegal in and of itself, but exploiting this technique to get reduced phone rates is illegal. As landline communications became more secure, phone phreaking became much less common (Brush, 2021).

The time computer security turned real was around 8:30 p.m. on November 2, 1988. That night, a malicious virus, called Morris Worm, was propagating at a remarkable speed on the internet (Federal Bureau of Investigation (FBI), 2018). It was one of the first worms distributed via cyberspace and received mainstream attention. This kind of advanced software quickly transformed itself into the first large-scale DDoS attack. Systems around the globe were overwhelmed, and around 10 percent of the world’s computers malfunctioned (Seltzer, 2013). Apart from privately owned computers, the worm took down computer servers in government facilities, hospitals, military bases, and so on. The actual damages were difficult to quantify, but it is estimated that the episode resulted in multi-million-dollar losses (Capitol, 2018). 

The 1990s to 2000s

Although there was cybercrime at the beginning of the internet’s creation, the first big surge of cybercrime came with phishing emails in the 1990s. Phishing is a type of social engineering attack (the practice of deceiving people to obtain valuable information). Phishing has made it easy to send numerous scams and/or viruses to people’s email inboxes. Phishing emails often imitate a trusted source, such as a phone provider (National Cyber Security Center UK, 2019). They often include official-looking graphics, email addresses, and dummy websites to trick the user. Hackers send these kinds of emails to steal passwords and bank account numbers or to infect systems with viruses (Alkhalil et al., 2021).

Post-2000s

At the beginning of the 21st century, cybercrime was no longer controlled by criminals who were hacking computer systems just for fun or notoriety. The growth of the digital economy had changed the criminal landscape dramatically. Criminal gangs introduced a professional element into the world of cybercrime. Cybercrime had become so popular that well-organized networks of criminals started collaborating to pull off massive heists over the internet (Heussner, 2011). The following are some forms of cybercrime that appeared at the beginning of the millennium and still exist today:

• Cyber extortion: This type of cybercrime occurs when hackers steal and hold electronic files of an individual or a business until a demanded ransom is paid. Cyber extortion includes actions such as ransomware, email ransom campaigns, and DDoS attacks (McMillan, 2017).
• Attacks against critical infrastructures: Commonly attacked critical infrastructures include the energy, water supply, and health sectors. Transportation, public sector services, and telecommunications are also vulnerable. Such attacks draw the attention of several law enforcement authorities and pose an exaggerated risk (Allianz, 2021).
• Cyberterrorism: The potential damage cyberterrorism can cause provokes considerable alarm. Numerous cybersecurity experts, private companies, and politicians have publicized the possibility of criminals hacking into governmental and private computer systems. Cyberterrorism has the potential to cause severe damage to any country’s military, financial, and service sectors (Weimann, 2004).
• Online human trafficking: This kind of cybercrime is a serious and growing problem. Digital technology and the internet are fueling worldwide growth in human trafficking. The internet provides traffickers with enormous potential to seek out and groom marginalized individuals. Sexual perpetrators can scan the internet to find vulnerable individuals of all ages (Allen, 2019).
• Exploitation of children: There is also a very real and nasty side to cybercrime. Almost every day, criminal gangs are being caught with child pornography. Never before has it been so easy for pedophiles to come into contact with children. This kind of material can be found all over the internet, including the notorious Dark Web (Broadhurst and Ball, 2021).

Cybercrimes are a global threat and are more rampant than ever in the year 2022. With the COVID-19 pandemic worsening and a fatigued workforce, the potential attack surface for cybercriminals has increased in size dramatically. Cybercriminals and the sophisticated technologies they use are often based abroad, making international cooperation between agencies essential. Apart from disrupting the current generation of cybercriminals, it’s of vital importance to prevent young individuals from slipping into cybercrime. Regional organized crime units, as well as international law enforcement—for example, the FBI, Interpol, and Europol—must encourage young people with cyber skills to use their knowledge wisely and avoid any cyber-related illegal activities.

The internet’s three primary levels 

The internet is an immense archive that contains vast amounts of data. Web data extraction, also known as web scraping or web harvesting, is one of the most advanced tools for gathering information from around the internet. Such tools can help companies with the following:

1. Gaining market and competitive intelligence
2. Keeping up to date with changes to compliance and regulation terms
3. Staying abreast with developments in their industry

This level of data extraction provides access to a large repository of content that is usually hidden (Cerami, 2017). The following screenshot shows the internet’s primary levels (How big is the Internet, 2018):

Figure 1.2 – The three primary levels of the internet

The internet consists of three levels: the Surface Web, the Deep Web, and the Dark Web. Each one of them is unique and is being used for specific things:

• The Surface Web: The Surface Web, also known as the Indexed Web, Visible Web, or Lightnet, is anything you can find on the regular World Wide Web. It is readily available to the general public and the primary entry point for most people. This portion of the internet consists of websites indexed by regular search engines—that is, Google, Bing, Yahoo, and so on. It has only around 5 percent of what is available on the internet. The Surface Web can be accessed using standard web browsers that do not require special configuration—for example, Mozilla Firefox, Microsoft Edge, Google Chrome, Opera, Brave, and so on (Center for Internet Security, 2021).
• The Deep Web: The Deep Web is below the Surface Web and accounts for approximately 90 percent of all internet traffic. It contains most of the internet’s data, and standard search engines do not index its contents. In fact, the Deep Web is so large that it is impossible to precisely estimate how many pages or websites it has. Specifically, it includes websites that require authentication to access them—that is, usernames and passwords. Most of the Deep Web’s contents are related to academic journals, private databases, and medical records. The Deep Web also includes the portion of the internet known as the Dark Web (Kaspersky, 2021).
• The Dark Web: The Dark Web includes sites that cannot be found by conventional search engines and can only be accessed via specialized browsers. When compared to the Surface Web, the Dark Web is significantly smaller, and it is considered a part of the Deep Web. Using the screenshot shown earlier, the Dark Web is at the bottom tip of the submerged iceberg. To navigate this portion of the internet, you need special programs such as the TOR browser. This program will connect you to an overlay network that will mask your IP address, making your online activity highly anonymous. The Dark Web can be used for legitimate purposes as well as to conduct criminal activities related to fraud, weapons, drugs, child pornography, assassinations, human trafficking, zoophilia, and so on (Guccione, 2021).

To sum up, the following are some significant variations between the Dark Web, the Deep Web, and the Surface Web:

Figure 1.3 – Surface Web versus Deep Web versus Dark Web

In conclusion, you must realize that the Dark Web is not a place you decide to visit one morning. Understanding that the majority of ISPs hunt for users of TOR-like services—the most typical entrance point—requires some thought. Use one of the many tutorials available to you if you really want to access the Dark Web to learn how to set it up and where to begin.

The Dark Web is often confused with the Deep Web, but it is essential to understand that these two are different entities. In simple terms, the Dark Web is a unique portion of the Deep Web, approximately 0.01 percent of it. There are a few distinguishing characteristics that a website must meet to be considered a Dark Web site. A Dark Web site must only be able to be accessed anonymously through a specialized browser such as TOR, Freenet, or I2P. Specifically, websites accessed through the TOR browser have the .onion domain suffix, a special top-level domain name referring to an anonymous onion service (Porup, 2019). The following screenshot shows what the full onion URL of the popular search engine DuckDuckGo looks like (DeepOnionWeb, 2019):

Figure 1.4 – DuckDuckGo onion URL

TOR is the most popular and most used Dark Web browser. As of October 2022, it has approximately 2 million users worldwide (TOR Metrics, 2022). A simplistic interpretation of TOR is that of an open source browser, which is actually an adaption of the Firefox browser. In a TOR network, thousands of volunteers around the world run relays (servers) that route traffic. The traffic is relayed and encrypted multiple times as it passes over the TOR network (TOR Project, 2021). Only a handful of alternative technologies can match TOR’s sophisticated features. The fact that all TOR users look alike on the internet makes TOR one of the most elite cyberspace technologies of all time.

Another popular Dark Web tool is I2P. I2P is an anonymous network like TOR, and it utilizes the end-to-end encryption standard. This standard is a secure communication method that stops other people from accessing packets of data while they are transmitted from one end system to another (Astolfi, Kroese, and Oorschot, 2015). The main difference between TOR and I2P is that I2P does not rely on a centralized database of server nodes, as it uses garlic routing rather than TOR’s onion routing. Garlic routing is an improved browsing technology and an extension of onion routing, and like garlic cloves, it works by encrypting multiple messages together into a layered encryption standard. The garlic technology increases data speed and makes it more difficult for attackers to perform traffic analysis. I2P’s decentralized approach has two significant advantages: better scalability and no trusted central party (Ali et al., 2016).

Due to the COVID-19 pandemic, more of people’s everyday activities have taken place at home. They include distance education, virtual offices, digital entertainment, online shopping, and doctor visits. However, this problem has increased the risk of attacks through the internet. The FBI stated that the number of cyberattacks reported from January to May 2020 was nearly the same as the number of cyberattacks for the entire year of 2019.

Several factors can affect potential victims’ vulnerabilities, including the following:

• Individual behavior
• Online activities
• Personal traits
• Attitudes about technology

It’s thus crucial for mental health services to know about the possible effects of cyberattacks and patient risks. This scenario can include the impact of internet-based mental health services during the coronavirus outbreak.

The Dark Web is the content of the internet that can only be accessed by using specialized browsers. Users must use specific software, configurations, and authorization to browse this hidden part of the World Wide Web. Responses to Dark Web crime are more efficient, coordinated, and effective when they are collaborative and multidisciplinary in their problem-solving. By thoroughly investigating the Dark Web’s ecosystem, this book will propose and analyze a cross-sector system for combating crime on the Dark Web more effectively. The next chapter extensively reviews the existing literature in order to identify gaps and answer the research question. Great emphasis is given to the Dark Web’s most common types of cybercrimes as well as to the Dark Web’s ecosystem.