Threat Intelligence Blog

Posted November 2, 2015

banner_web

By: Cyveillance Analyst

Compromised personal data, criminal services, drug and weapons markets, and illegal pornography are all part of the network of hidden sites now commonly referred to as the “Dark Web,” also known as the  “Dark Net” (or “Darknet”). The term conveys not only the secrecy of how this underground channel operates, but also the illicit content often exchanged and sold within it.

The terms Deep WebDeep Web: The part of the World Wide Web that is not discoverable by means of standard search engines, including password-protected or dynamic pages and encrypted networks. and Dark Web are often used interchangeably, but they are different. While both are parts of the Internet that are not indexed by traditional search engines, and therefore not easy for the average user to find, the Deep Web is reachable via a standard browser and does not require special tools or niche software to access.

On the other hand, the Dark Web is a subset of the Deep Web that cannot be accessed via standard browser and runs off a different protocol (i.e., not standard HTTP/HTTPS) and/or requires a special software or browser to access. Additionally, since Dark Web sites and channels are hidden, you often need to know their specific URLs or other information to find them. This is why the Dark Web is the hardest area for white hat security experts to monitor.

The Dark Web is a prime environment for all types of illicit activities and various unregulated marketplaces selling goods and services ranging from counterfeit documents to illegal drugs and guns.  The amount of content available on the Deep and Dark Web is massive, and according to some estimates, may be as much as 500 times greater than what is visible to conventional search engines.

How Do You Access the Dark Web?

The vast majority of Dark Web sites and marketplaces can be accessed via The Onion Router Project (Tor), or Tor Hidden Service Protocol, a special browser that allows connected users to maintain anonymity by spoofing their location and hiding their identity. A smaller number of Dark Web visitors also use a similar tool called I2P, or Invisible Internet Project. In comparison to Tor, I2P is a newer anonymizer tool that also provides access to the hidden web; however, it is not as frequently utilized by the average Dark Web visitor. Similar to Tor, I2P hosts sites that are not accessible through general search engines, and anonymizes traffic by ping-ponging location information from proxy to proxy. Both of these systems encrypt web traffic in onion-like layers by bouncing location data through random computers around the world, masking the identity of a user. Similarly, a website that itself runs Tor — known as a Tor hidden service — can only be visited by Tor users.

Tor Use On the Dark Web

Tor can be used for a wide variety of purposes, not just to access the Dark Web. The browser was originally created by the U.S. Government to allow protected online communications. Today, Tor can be used for law-abiding privacy purposes, such as anonymous browsing of the visible net (non-Dark Web sites), circumventing censorship, and skirting surveillance. Additionally, activists, criminals, journalists, law enforcement officers, the military, privacy advocates, whistleblowers, and others use the Tor browser every day. News outlets such as The Guardian and The New Yorker host Dark Web drop sites for anonymously leaked tips and documents. In 2011, for example, Dark Web drop sites were used by some bloggers, journalists, and online activists to protect their identity while discussing the Arab Spring uprisings. The use of Tor to access the Dark Web accounts for only three percent of Tor usage.

What’s Sold There?

One of the first Dark Web marketplaces to popularize the trade of illicit merchandise via Tor was Silk Road – a legendary drug marketplace established in 2011 that, despite multiple attempts by the FBI to shut it down, continues to exist. The Silk Road had 13,000 drug listings and 1,400 vendors at the time of its closure in 2013. Although it’s one of the most well-known, it is far from the only illicit marketplace selling drugs, weapons, and other illegal services to those who know how to search for them. Staff and community members from the original Silk Road continue to band together to keep the bustling Bitcoin-based narcotics economy alive, regardless of continuous takedown efforts by law enforcement. There is even a new version, Silk Road Reloaded, which was launched on I2P.

Dark Web sites come and go frequently, so estimates for the size of the Dark Web fluctuate and are not definitive. According to a Tor Project study in 2014, there were an estimated 30,000 unique hidden services websites on the Tor network, making up around 3.4 percent of the total network traffic.  Additionally, the newly-launched robust Tor search engine called Onion.city (think Google, but for Tor sites) currently indexes about 350,000 pages, and has only been around since February 2015.

Buyers pay for services and merchandise on the Dark Web in crypto-currencies such as Bitcoin, the de facto currency of the black market. Last year, marketplaces on the Dark Web frequently processed more Bitcoin transactions than the legitimate Bitcoin payment processor, BitPay.

The Dark Web is the most lawless part of the Internet, and presents a tough problem for law enforcement to solve.  Law enforcement and governments are increasingly trying to crack the Dark Web crime rings that operate via Tor. Despite the constant game of whack-a-mole, a series of recent undercover investigations have been successful in taking down some of the most egregious Dark Web sites. For example, a six-month joint investigation between agencies in the United States and Australia led to the arrest of a gun vendor and a dozen buyers. Additionally, recent busts of child pornography crime rings demonstrate some of the successes in combating crime in the Dark Web.

Cyveillance recommends staying security-conscious while perusing the Dark Web and avoiding any interaction while on Tor. We highly suggest using VPN whenever you use Tor, to ensure an additional layer of anonymization. We also recommend adhering to the Tor Project’s own security guidelines, such as disabling browser plugins like Flash, RealPlayer, QuickTime, and others, as they can be manipulated into revealing your IP address. Similarly, avoid installing additional add-ons or plugins into the Tor Browser, as these may bypass Tor or otherwise compromise your anonymity and privacy.

Check out our Dark Web infographic below, and contact us for more information on Cyveillance solutions for your organization.

DarkWeb_infographic_600

Additional Posts

Cyveillance Weekly Phishing Report – November 3, 2015

  Phishing Report: Top Targets Week of October 25 - 31, 2015 Author: Robert McDaniel   ...

Using Privacy to Enhance Security

  By Michael Perry October is National Cyber Security Awareness month (#CyberAware). In ...