The Dark Web
The dark web is the World Wide Web content that exists on darknets, overlay networks that use the Internet but require specific software, configurations, or authorization to access. The dark web forms a small part of the deep web, the part of the Web not indexed by web search engines, although sometimes the term deep web is mistakenly used to refer specifically to the dark web.
The darknets which constitute the dark web include small, friend-to-friend peer-to-peer networks, as well as large, popular networks like Tor, Freenet, I2P, and Riffle operated by public organizations and individuals. Users of the dark web refer to the regular web as Clearnet due to its unencrypted nature. The Tor dark web may be referred to as onionland, a reference to the network’s top-level domain suffix .onion and the traffic anonymization technique of onion routing.
Darknet websites are accessible only through networks such as Tor (“The Onion Routing” project) and I2P (“Invisible Internet Project”). Tor browser and Tor-accessible sites are widely used among the darknet users and can be identified by the domain “.onion”. While Tor focuses on providing anonymous access to the Internet, I2P specializes in allowing anonymous hosting of websites. Identities and locations of darknet users stay anonymous and cannot be tracked due to the layered encryption system. The darknet encryption technology routes users’ data through a large number of intermediate servers, which protects the users’ identity and guarantees anonymity. The transmitted information can be decrypted only by a subsequent node in the scheme, which leads to the exit node. The complicated system makes it almost impossible to reproduce the node path and decrypt the information layer by layer. Due to the high level of encryption, websites are not able to track geolocation and IP of their users, and users are not able to get this information about the host. Thus, communication between darknet users is highly encrypted allowing users to talk, blog, and share files confidentially.
A February 2016 study from researchers at King’s College London gives the following breakdown of content by an alternative category set, highlighting the illicit use of .onion services.
In July 2017, Roger Dingledine, one of the three founders of the Tor Project, said that Facebook is the biggest hidden service. The Dark Web comprises only 3% of the traffic in the Tor network.A December 2014 study by Gareth Owen from the University of Portsmouth found that the most commonly hosted type of content on Tor was child pornography, followed by black markets, while the individual sites with the highest traffic were dedicated to botnet operations (see attached metric). Many whistleblowing sites maintain a presence as well as political discussion forums. Sites associated with Bitcoin, fraud related services and mail order services are some of the most prolific.
Botnets are often structured with their command and control servers based on a censorship-resistant hidden service, creating a large amount of bot-related traffic.
Bitcoin services such as tumblers are often available on Tor, and some – such as Grams – offer darknet market integration. A research study undertaken by Jean-Loup Richet, a research fellow at ESSEC, and carried out with the United Nations Office on Drugs and Crime, highlighted new trends in the use of Bitcoin tumblers for money laundering purposes. With Bitcoin, people can hide their intentions as well as their identity. A common approach was to use a digital currency exchanger service which converted Bitcoin into an online game currency (such as gold coins in World of Warcraft) that will later be converted back into money. It has been shown possible that Blockchain and cryptocurrency can be used to regulate the dark web.
Commercial darknet markets, which mediate transactions for illegal drugs and other goods, attracted significant media coverage starting with the popularity of Silk Road and Diabolus Market and its subsequent seizure by legal authorities. Other markets sell software exploits and weapons. Examination of price differences in Dark web markets versus prices in real life or over the World Wide Web have been attempted as well as studies in the quality of goods received over the Dark web. One such study was performed on Evolution, one of the most popular crypto-markets active from January 2013 to March 2015. Although it found the digital information, such as concealment methods and shipping country, “seems accurate”, the study uncovered issues with the quality of illegal drugs sold in Evolution, stating that, “… the illicit drugs purity is found to be different from the information indicated on their respective listings.” Less is known about consumer motivations for accessing these marketplaces and factors associated with their use.
Hacking groups and services
Many hackers sell their services either individually or as a part of groups. Such groups include xDedic, hackforum, Trojanforge, Mazafaka, dark0de and the TheRealDeal darknet market. Cyber crimes and hacking services for financial institutions and banks have also been offered over the Dark web. Attempts to monitor this activity have been made through various government and private organizations, and an examination of the tools used can be found in the Procedia Computer Science journal. Use of Internet-scale DNS Distributed Reflection Denial of Service (DRDoS) attacks have also been made through leveraging the Dark Web. There are many scam .onion sites also present which end up giving tools for download that are infected with trojan horses or backdoors.
Scott Dueweke the president and founder of Zebryx Consulting states that Russian cryptocurrency such as WebMoney and Perfect Money are behind the majority of the illegal actions. In April 2015, Flashpoint received 5 million in funding to invest to help their clients gather intelligence from the Deep and Dark web.
There are numerous carding forums, PayPal and Bitcoin trading websites as well as fraud and counterfeiting services. Many such sites are scams themselves.
Hoaxes and unverified content
There are reports of crowdfunded assassinations and hitmen for hire, however, these are believed to be exclusively scams. The creator of Silk Road, Ross Ulbricht, was arrested by Homeland Security investigations (HSI) for his site and allegedly hiring a hitman to kill six people, although the charges were later dropped.
There is an urban legend that one can find live murder on the dark web. The term “Red Room” has been coined based on the Japanese animation and urban legend of the same name. However, the evidence points toward all reported instances being hoaxes.
On June 25, 2015, the indie game Sad Satan was reviewed by Youtubers Obscure Horror Corner which they claimed to have found via the dark web. Various inconsistencies in the channel’s reporting cast doubt on the reported version of events. There are several websites which analyze and monitor the deep web and dark web for threat intelligence.
Phishing and scams
Phishing via cloned websites and other scam sites are numerous, with darknet markets often advertised with fraudulent URLs.
Puzzles such as Cicada 3301 and successors will sometimes use hidden services in order to more anonymously provide clues, often increasing speculation as to the identity of their creators.
There are at least some real and fraudulent websites claiming to be used by ISIL (ISIS), including a fake one seized in Operation Onymous. With the increase of technology, it has allowed cyber terrorists to flourish by attacking the weaknesses of the technology. In the wake of the November 2015 Paris attacks an actual such site was hacked by an Anonymous affiliated hacker group GhostSec and replaced with an advert for Prozac. The Rawti Shax Islamist group was found to be operating on the dark web at one time.
Within the dark web, there exist emerging social media platforms similar to those on the World Wide Web. Facebook and other traditional social media platforms have begun to make dark-web versions of their websites to address problems associated with the traditional platforms and to continue their service in all areas of the World Wide Web. Bands with restricted content such as Christian Church have made use of the deep web.