The Dark Web Challenge

The Dark Web is the part of internet which is not easily accessible to users and requires special web browsers.[1] It enables anonymous activities through web browsers like The Onion Router (Tor) and other similar software.[2] Due to its technological underpinnings, the dark web is used for both legitimate and illicit purposes. Illicit purposes may include trading stolen data, drugs, weapon supply, etc. On the other hand, dark web is also put to use by intelligence agencies and law enforcement departments to monitor illicit activities.

The Dark Web is a bustling marketplace where one can buy and sell anything.[3] As a hidden segment of the internet, accessing dark web requires special software like Tor and anonymous network layers like I2P. For instance, Tor employs an onion routing system, which encrypts the information that moves through a number of relays by volunteers. Another distinctive feature is the multi-layered encryption that makes it difficult to identify the user. The decentralised nature coupled with continuous adaptation of cybercriminals makes it challenging for law enforcement agencies to monitor and combat activities in the domain.

Given the intrinsic anonymity that the dark web offers, takedown of one marketplace is quickly followed by the creation of similar platforms by threat actors. Successful law enforcement operations like the shutdown of marketplace Silk Route, which left a vacuum, was swiftly filled by new marketplaces such as Alpha Bay, Hansa and Ghost Market. These illegal marketplaces utilised advanced encryption and complex structures to evade detection. International efforts like Operation Disruptor (2020), Operation SpecTor (2023), Operation Cookie Monster (2023)[4] also suggests global agreement on confronting threats emanating from dark web. These international operations dismantled multiple dark web websites leading to multiple arrests.

Access to stolen data and the value attached to it makes the dark web a suitable place for such transactions. The data available for sale includes credit card details, personal identity and even classified data. Therefore, these activities pose a major threat to individual privacy as well as national security. In fact, compromised data can potentially be put to use to deploy various cyber threats.

For instance, Iranian-linked threat actors have stolen personal and confidential data of one of Israel’s high-ranking military officials and a nuclear scientist. This was followed by releasing some screenshots and personal pictures of the scientist working at the Soreq Nuclear Research Centre.[5] The data related to former defence minister director general and Israel’s ambassador to US and some other senior officers[6] were released on Telegram. The Office of Israel’s Prime Minister denied that the images leaked on Telegram belonged to Israel’s Atomic Energy Commission’s facility.

Cyber Security and Recent Indian Initiatives

In India, a report released by Website Planet[7] claimed that a database consisting of data worth 496.4 GB was leaked[8] and released on Dark Web related Telegram group. The stolen data had information related to military personnel, teaching professionals, police officers, railway staff and many others. The data, linked to Thought Green Technologies and Timing Technologies, included crucial and personal data[9] like biometric information and identification marks.

India has faced considerable challenges in its efforts to combat drug trafficking through darknet marketplaces such as DrugXpress. These platforms utilised advanced technologies, including rapid delivery systems and encrypted communication, making it increasingly difficult for authorities to intercept messages and make timely arrests.

The widespread adoption of such sophisticated cyber tools has resulted in a surge of cybercrimes, including significant financial losses for individuals across the country. On an average, hundreds of people are affected by cyber fraud on a daily basis, with annual losses reaching several crores of rupees.[10] Estimates suggest that these financial damages will continue to grow, highlighting the urgent need for enhanced cybersecurity measures.[11]

India has implemented a comprehensive cybersecurity strategy over the past decade. It focuses on institutional reforms, legislative enhancements, technological advancements and international collaborations. The establishment of the Indian Cyber Crime Coordination Centre (I4C) and National Critical Information Infrastructure Protection Centre (NCIIPC) have streamlined cybercrime investigations and threat analysis. The amendments to IT Act and the formation of the sector-specific Computer Emergency Response Teams have enhanced the management of incidences.

India’s commitment to technological innovation which may include Quantum Cryptography and Cyber forensic laboratories, had led it to achieve Tier-1 status in the Global Cybersecurity Index 2024.[12] The Indian government has been taken decisive actions to fortify cybersecurity and combat threats that come from the Dark Web. The Digital Personal Data Protection Act, 2023 and its Draft Rules of 2025,[13] establish stringent guideline for data security. This emphasises transparency and explicit user consent. In addition to further safeguard the financial data, SEBI now monitors the Dark Web for Market Infrastructure Institutions.[14] This ensures a proactive threat detection.

The Union Budget 2025 allocated Rs 1,900 crore[15] to bolster cybersecurity initiatives and protect critical infrastructure. The government has launched coordinated efforts focusing on dismantling criminal networks exploring the Dark Web, particularly those related to drug trafficking.[16] The government is actively raising awareness among the public,[17] educating the citizens on best practices to lower the risks in cybersecurity. These multi-faceted initiatives underscore India’s commitment towards a safe digital ecosystem, by addressing cyber threats through robust legal frameworks, financial investments and proactive enforcement strategies.

Addressing this problem requires a well-resourced and highly skilled cybersecurity workforce, but India currently faces a shortage of trained specialists in this field. The understaffing of cybercrime units hampers coordinated efforts to respond swiftly and effectively to cyber incidents.[18] As the demand for cybersecurity professionals continues to rise, increasing investment in training and recruitment will be essential to protect against evolving cyber threats.

Plugging the Vulnerabilities

Poor cybersecurity practices amplify vulnerabilities. To address this, there is an urgent need to spread awareness and organise workshops pertaining to cyber hygiene. While encrypted communication tools protect privacy, their misuse for illegal coordination calls for the tech company collaboration to balance security and user rights. The growing prevalence of IoT devices exposes critical vulnerabilities. This requires stringent security standards and public awareness.

Furthermore, international agreements to unify cybercrime protocols and facilitate intelligence sharing are also essential. Countering extremist groups and their recruitment can be achieved through online counter-narratives and community engagement. Lastly, the marketplace for tools targeting critical infrastructure necessitates robust cybersecurity investment and public–private partnerships. By addressing these multifaceted issues proactively, authorities can boost national security and create a safer digital ecosystem. AI-based cyber deception tools can be used for predictive modelling and enhanced training purposes.

A thorough understanding of the Dark Web, including how it operates and its potential impacts—both positive and negative—is essential for ensuring societal and national security. In rapidly digitising countries like India, where cybercriminals frequently devise new tactics, being prepared for emerging threats is crucial. Governments should implement laws that grant law enforcement agencies the necessary authority to carry out their responsibilities effectively in the face of evolving cyber challenges.

Equally important is the responsibility of ordinary citizens in maintaining cybersecurity. Raising awareness and improving knowledge about the risks and safe practices associated with technology use is essential for public protection. Efforts to educate the population should be supported by non-governmental organisations and community groups, which play a key role in disseminating information and fostering a culture of responsible digital citizenship. By combining legislative action with community engagement and individual responsibility, a stronger and more secure digital environment can be achieved.

Views expressed are of the author and do not necessarily reflect the views of the Manohar Parrikar IDSA or of the Government of India.

[1] “The Dark Web Explained”, CrowdStrike, 11 February 2025.

[2] Ibid.

[3] CSO Online.

[4] Lawrence Abrams, “The Law Enforcement Operations Targeting Cybercrime in 2023”, Bleeping Computer, 1 January 2024.

[5] “Alleged Iran-linked Hackers Leak Data of Israel Nuclear Scientist, Defence Official”, Middle East Monitor, 11 November 2024.

[6] Raphael Kahan, “Iranian Hackers Claim to Breach Nuclear Research Centre System in Israel”, Y Net News, 10 January 2024.

[7] Prasanth Aby Thomas, “Data Leak Exposes Personal Data of Indian Military and Police”, CSO Online, 28 May 2024.

[8] Ibid.

[9] Ibid.

[10] “Nearly 700 People Falling Prey to Cybercrimes in Delhi Every Day: DCP Cyber Crime Cell”, The Hindu, 20 July 2024.

[11] “India Projected to Lose Rs 20,000 Crore to Cybercrime in 2025: CloudSEK Report”, The 420, 5 March 2025.

[12] “Global Cybersecurity Index 2024”, ITU Publications, Report, 2024.

[13] “Draft Digital Personal Data Protection Rules”, Ministry of Electronics and IT, Government of India, 5 January 2025.

[14] “Mandatory Dark Web Monitoring for Indian Companies: SEBI Bolsters Cybersecurity Measures”, Cyber Express News, 15 March 2024.

[15] Akanksha Upadhyay, “Union Budget 2025 Allocates Over ₹1,900 crore for Cybersecurity Amid Rising Digital Frauds”, CNBC TV18, 1 February 2025.

[16] “Dark Web, Cryptocurrency, Drones Continue to Pose Challenge: Amit Shah”, The Economic Times, 11 January 2025.

[17] “Safeguarding India’s Digital Landscape Key Government’s Initiatives to Enhance Cybersecurity Awareness”, Press Information Bureau, Ministry of Electronics and IT, Government of India, 25 July 2024.

[18] “India’s Poor Cyber Awareness: Lack of Board-buy in and Digital Literacy Damaging Security Levels”, The Security Company, 16 March 2023.