The internet is the network that connects different computers, servers, and nodes. Instead, the web is a service that permits every device to display some content: the web pages. Yet, not all the data on the web are visible in the same way.
The web is like an egg:
The shell is the “surface web“;
The white is the so-called “deep web“;
The yolk is the so-called “dark web“.
Indeed, through standard search engines (GOOGLE, BING), we can see only a tiny part of the internet pages: the surface web (roughly 10 % of the total web pages).
Some web pages are accessible only with a password or encryption (the deep web): the content of an email account or an online banking account.
Some others are accessible only using specific software: the dark web (sometimes comprehended into the deep web, but technically different). You can access these websites otherwise locked using the software TOR (free download).
Most illicit activities are publicised on the dark web due to navigating without divulging identifying information.
Usually, a destination website knows some information about your connection. For example, whether you connect from a specific city in Europe or the US (through the IP address). By contrast, when using TOR, the traffic passes through multiple nodes (computers) before arriving at the destination website, hiding the origin data with misdirection.
Suppose you are connecting from your house in Rome to a website in New York. In that case, the traffic first passes through London (first node, or guard node), then through Buenos Aires (second node, or middle node), then through Tokyo (third node, or exit node), and then reaches New York. No node supposedly knows the entire path, guaranteeing the anonymity of the users: a significant advantage for cybercriminals.