Demystifying the “Dark Web”

by Laura Zaroski
PDF: Socius Cyber Article_Demystifying the dark web

We often hear reference to the “deep” or “dark” web. What exactly is the deep or dark web?Is it as illicit and scary as it is portrayed in the media?  This article will provide a brief overview and explanation of different parts of the web, and will discuss why you just might want to go there.



The surface web or “Clearnet” is the part of the web that you are most familiar with. Information that passes through the surface web is not encrypted and users movements can be tracked.  The surface web is accessed by search engines like Google, Bing or Yahoo. These search engines rely on pages that contain links to ÿnd and identify content. Search engine companies were developed so that they can quickly index millions of web pages in a short time and to provide an easy way to find content on the web. However, because these search engines only search links, tons of content is being missed. For example, when a local newspaper publishes an article on its homepage, that article can likely be reached via a surface web search engine like Yahoo. However, days later when the article is no longer featured on the homepage, the article might be moved into the site’s archive format, and therefore, would not be reachable via the Yahoo search engine. The only way to reach the article would be through the search box on the local papers web page.  At that time, the article has left the surface web and has entered the deep web. Let’s go there now…


The deep web is a subset of the Internet and is not indexed by the major search engines. Since the information is not indexed, you have to visit those web addresses directly and then search through their content. Deep web content can be found almost anytime you do a search directly in a website – for example, government databases and libraries contain huge amounts of deep web data.  Why does the deep web exist? Simply because the Internet is too large for search engines to cover completely. Experts estimate that the deep web is 400-500 times the size of the surface web, accounting for over 90% of the internet. Now lets go deeper…


The dark web or “darknet” is a subset of the deep web. The dark web refers to any web page that has been concealed because it has no in-bound links, and it cannot be found by users or search engines unless you know the exact address. The dark web is used when you want to control access to a site, need privacy, or often because you are doing something illegal. Virtual private networks (VPNs) are examples of dark web sites that are hidden from public access unless you know the web address and have the correct log in credentials.

One of the most common ways to access the dark web is through the Tor network. The Tor network can only be accessed with a special web browser, called the Tor browser. Tor stands for “ The onion router” and is referred to as “Onionland.”  This “onion routing” was developed in the mid-1990s by a mathematician and computer scientists at the United States Naval Research Laboratory with the purpose of protecting U.S. intelligence communications online.  This routing encrypts web traffic in layers and bounces it through random computers around the world. Each “bounce” encrypts the data before passing the data on to its next hop in the network. This prevents even those who control one of those computers in the chain from matching the traffic’s origin with its destination.  Each server only moves that data to another server, preserving the anonymity of the sender.

Because of the anonymity associated with the Tor network and dark web, this portion of the Internet is most widely known for its illicit activities, and that is why the dark web has such a bad reputation (you might recall the infamous dark web site, Silk Road, an online marketplace and drug bazaar on the dark web). It is true that on the dark web you can buy things such as guns, drugs, pharmaceuticals, child porn, credit cards, medical identities and copyrighted materials. You can hire hackers to steal competitors secrets, launch a DDOS attack on a rival, or hack your ex-girlfriends Facebook account. However, unlike the size of the deep web, the dark web accounts for only about .01% of the web.

Some would say that the dark web has a bad rap as not everything on the dark web is quite so “dark”, nefarious or illegal. Some communities that reside on the dark web are simply pro-privacy or anti-establishment, who want to function anonymously, without oversight, judgment or censorship. There are many legitimate uses for the dark web. People operating within closed, totalitarian societies can use the dark web to communicate with the outside world.  Individuals can use the dark web news sites to obtain uncensored new stories from around the world or to connect to sites blocked by their local Internet providers or surface search engines. The site is used by human rights groups and journalists to share information which could otherwise be tracked. The dark net allows users to publish web sites without the fear that the location of the site will be revealed (think political dissidents)  Individuals also use the dark web for socially sensitive communications, such as chat rooms and web forums for sensitive political or personal topics.


TAKEAWAY: Don’t be afraid – dive deeper!

Download the Tor browser at and access the deep/dark web information you have been missing. Everything you do in the browser goes through the Tor network and doesn’t need any setup or conÿguration from you. That said, since your data goes through several relays, it can be slow, so you might experience a more sluggish internet than usual when you use Tor.  However, preserving your privacy might be worth the wait.  If you are sick of mobile apps that are tracking you and sharing your information with advertisers, storing your search history, or ÿguring out your interests to serve you targeted ads, give the Tor browser a try.


Florida cities named most at-risk for storm surge flooding, but number of flood policies remains low

A recent study named Tampa as the U.S. city most vulnerable to storm surge flooding, with four of the top eight cities in the country all in Florida.

The study, “Most Vulnerable U.S. Cities to Storm Surge Flooding” was released in August by Karen Clark & Company (KCC) which specializes in catastrophe risk management. The study puts loss estimates for Tampa at $175 billion for residential, commercial, and industrial properties in the event of a “100 year hurricane”, i.e. a major hurricane with a 1-in-100 chance of occurring in a given year (or a 1% chance of being equaled or exceeded each year).

tampafloodingWhile that number is staggering, what’s worse is most of the flood damage potential is not currently insured. A recent AAA survey found that 76% of Florida residents surveyed did not have flood insurance, and 54% were not aware of the 30-day waiting period for a new flood policy. Despite not having flood insurance, 51% of those surveyed were concerned about flooding during hurricane season, as they should be.

The KCC report stated, “A severe storm with the right track orientation will cause an enormous buildup of water that will become trapped in the bay and inundate large areas of Tampa and St. Petersburg.” The highest point of Tampa is only 48ft, with the majority of residents living far below this elevation. Homes in low risk zones account for 20% of flood claims, and just 2 inches of water in a 2,000 sq. foot home can cost an estimated $21,000.

But the risk extends well beyond Florida. As seen with Hurricane Katrina and the recent floods in South Carolina, anyone is susceptible to severe flooding and a “1,000 year storm”. Many people affected by Katrina were uninsured. South Carolina has roughly 2.2 million housing units but fewer than 200,000 policies, though damages from the recent flooding so far have been estimated at well over $1 billion.

Steve Harper surveys a flooded house from his boat Wednesday, April 8, 2009 in northeastern Madison County, Fla.

Even for those who do have flood insurance, in most states the limits are $250,000 or $500,000, and an excess policy is needed for more coverage.

Socius Insurance Services Inc. is able to place excess flood insurance for commercial or habitational risks and can also provide deductible buyback programs. “This policy bridges the gap between what you pay and what the carrier wants you to pay in regards to the deductible,” explains Derick Stitik, Senior Vice President of Socius Tampa and Property Practice Leader for the company. Socius also provides wind and excess wind policies, which are also important when protecting your property from severe weather risks.

Find out more about Socius Insurance Services’ property products and their specialty in large catastrophe schedules on their website. You can also learn more about flood and wind insurance here.

Your money or your data! A Discussion of Ransomware

Your client, ABC Corp. is going about their business and then they get this message:

socius - moneyordatea

The above is a typical ransomware message according to a recent Symantec Security Response report. What’s next? Pay the “ransom” and move on? Ransomware is a type of malware or malicious software, that is designed to block access to a computer or computer system until a sum of money is paid. After executing ransomware, cyber criminals will lock down a specific computer or an entire system and then demand a ransom to unlock the system or release the data. This type of cyber crime is becoming more and more common for 2 reasons:

  1. Cyber criminals are become increasingly more organized and well-funded.
  2. A novice hacker can easily purchase ransomware on the black market

According to the FBI, this type of cyber crime is increasingly targeting companies, government agencies, as well as individuals. The most common way that criminals execute their evil mission is by sending attachments to an individual or various personnel at a company. The busy executive proceeds to  open up  the file, sees nothing, and continues with his work day. However, once the file has been opened, the malware has been executed and Pandora has been unleashed from the box! Now that the malware has been unleashed, a hacker can take over the company’s computer system or decide to steal or lock up key information. The criminals then make a “ransom” demand on the company for a certain dollar amount. The ransom is usually requested in bitcoins, a digital currency also referred to as crypto-currency that is not backed by any bank or government but can be used on the internet to trade for goods or services worldwide. One bitcoin is worth about $298. Surprisingly, the amounts are generally not exorbitant (sometimes as nominal as $500 – $5,000 dollars). The company then has the choice to pay the sum or to hire a forensics expert to attempt to unlock their system.

Socius Monthly Article_Your Money Your Data

The best way companies can attempt to guard against such cyber crime attacks is by educating employees on the prevalence and purpose of malware and the danger of opening suspicious attachments. Employees should be advised not to click on unfamiliar attachments and to advise IT in the event they have opened something that they suspect could have contained malware. Organizations should also consider backing up their data OFF the main network so that if critical data is held hostage they have a way to access most/part of what was kidnapped. Best practices also dictate that company systems (as well as individual personal devices) be patched and updated as soon as the upgrades are available.

Finally, in the event you are a victim of a ransom attack, you would need to evaluate whether or not that compromise of your data/system also constitutes a data breach incident. If the data hijacked is encrypted, notification is likely not necessary (as the data would be unreadable by the hacker). However, in the event the data was not encrypted, or that you cannot prove to the authorities/regulators that it was, notification to clients or individuals is likely necessary.


Cyber extortion is more prevalent than most people realize because such events are not generally publicly reported. In order to protect against this risk, we recommend that companies employ best practices with respect to cyber security and that they consider purchasing a well tailored cyber policy which contains cyber extortion coverage. Such coverage would provide assistance in the event a cyber extortion threat is made against the company, as well as fund the ransom amount in the event a payment is made.

Please feel free to contact your Socius producer if you would like to discuss cyber extortion coverage.

This article was authored by Kevin Kershisnik, Laura Zaroski, and Cynthia Zimmerman of Socius Insurance Services. 

About Socius Insurance Services, Inc.
Socius Insurance Services, Inc. is a property/casualty and management liability wholesale broker based in San Francisco, with regional offices in Los Angeles, CA; Elgin, IL; Birmingham, AL; and Tampa and Miami, FL. Socius specializes in D&O, E&O, EPL, property & casualty and umbrella coverages. Founded in 1997, the company currently has approximately 50 employees, and is privately held.

Meet our new Claims Consultants

Socius_Complex Claims_V4

Enlarge the image to meet our Socius Claim and Coverage Assistance Team!

To better service our clients, we have expanded and updated our Claim Reporting Process and Claim Consulting Services. 

As you know, Socius always strives to provide you with the best service in processing your clients’ claims and answering any claim and coverage questions.

In the past, our optional claims reporting service was handled by our claims liaison, Rob DeGroat. In an effort to provide more efficient service to you, we are moving the claims reporting service back to your broker service team. Please process claims going forward as follows:

  • If you want Socius to process claims, submit them to the Socius broker team members with whom you bound the policy.  By transferring this role back to the team, we feel that we’ll be able to provide you with more timely service since you’ll be dealing with the people who know you and your clients.
  • As before, you and your clients can also report claims directly to the carrier if you prefer.


Whenever difficult claims or complex coverage scenarios arise, Socius has dedicated consultants who stand ready to assist you with:

  • analyzing and interpreting a reservation of rights letter or denial of coverage that has been issued by a carrier
  • resolving problematic claim issues to the greatest extent possible and in the most efficient manner
  • answering complex coverage questions

23rd National Conference on Employment Practices Liability Insurance, with Laura Zaroski

Come see Socius’s Laura Zaroski and other industry leaders speak at the upcoming ACI EPL Conference in New York on July 27-28. The conference will take place at the Carlton Hotel on Madison Avenue.

Topics include:

  • Identifying New Opportunities in the EPLI Market
  • Minimizing Exposures to EPL Risks
  • Defending Against the Newest Claims
  • Reducing Litigation and Settlement Costs

This event will fill up quickly, so register now by calling 1-888-224-2480, faxing your registration form (link below) to 1-877-927-1563, or registering online at

Please click here for more information, including the session schedule and your registration form .

Cyber Risk Management: How Do I Start?

Hardly a day goes by without a newsSocius-Monthly-Article-Cyber-Risk-Management jpg
flash about another cyber breach. Since
security breaches have become a daily occurrence, I sat down with Jeremy Henley at ID Experts to discuss the most common ways that companies are being breached and how companies can start to assess their cyber security risk profile.

Question: Jeremy, what are the most
common ways that you are seeing small to mid-size companies being breached?

Answer: One of the common ways that
companies are being breached by hackers is that the hackers exploit vulnerabilities in the company’s security network. This includes the company’s failure to update software or upgrade their systems, as well as the failure to have the appropriate checks and balances in place. Small to mid-sized businesses are particularly vulnerable as they often don’t have the IT staff or budget to continually upgrade and update their systems as their organizations change and grow. The second most common way companies are breached is through simple employee negligence. This would include a company’s failure to train and educate their employees on basic cyber security. For example, the failure to educate employees on the risks of downloading private data onto a portable device that is not encrypted as well as the failure to educate employees as to how to identify Publishing scams that ask them to open suspect emails or attachments. Companies need to educate their employees about the dangers of connecting to unsecured Wi-Fi connections at the airport or Starbucks when they are doing work that includes logging into sensitive company systems. If someone is spoofing the airport Wi-Fi you are essentially sharing everything you are doing online with that attacker.

Question: Once clients realize the security risks they face in today’s world, clients often ask where they should start with respect to updating their network security. Do you have any guidance for them?

Answer: I advise our clients to start by asking themselves three questions: 1) What data are we collecting? This is important as it will help them determine what regulations they may need to comply with (HIPAA /HITECH, PCI, and 47 State Breach Notication Laws, etc.), 2) How are they managing the data that they have? This includes examining what technology the company is using, if they are creating multiple layers to their security with firewalls and anti-virus and if they are creating policies and procedures and training their employees as to security safeguards, and 3) I would ask the company to examine who they are sharing the data with. Specifically, which vendors or clients have access to their
systems and ask those vendors what security and privacy policies they have in place (if any)? You might consider requiring your vendors to provide proof of a security audit or insurance in the event they are the cause of a breach of info that you were trusted with.

Question: What role does cyber insurance play with your clients?

Answer: Cyber insurance has been invaluable to many of our clients as most cyber policies include pre-breach education tools, employee training information as well as sample security policies or an incident response plan. Some carriers also work with us to provide risk assessment and penetration testing so that weaknesses can be identified and corrected prior to a breach incident. In my experience, the most valuable part that Insurance plays is that the insured is able to fund an appropriate response in the wake of a breach. Clients that do not have cyber insurance usually do not have a budget set aside to deal with this unfortunate event, and after a breach do not have the funding to adequately fund the most appropriate response, therefore, limiting their ability to respond to the signicant reputational, financial and legal ramications that such an
incident can cause to their organization.

This article was authored by:

Laura Zaroski, Esq., VP of Management and Professional Liability at Socius Insurance Services, a wholesale broker, located in the Chicago office. Laura can be reached at 312.382.5373 or

Jeremy Henley is the Director of breach services at ID Experts. ID Experts brings simplicity to the complex world of privacy incident response by providing a complete solution that focuses on limiting the occurrence of a breach, preparing for the inevitable and then providing a one stop solution to breach response including

forensics, crisis PR, printing and mailing, call center services and a variety of identity monitoring and protection. We thank Jeremy for his time. If you have further questions regarding cyber insurance or risk management, please contact your Socius Producer.