Uncovering Dark Web- Why it is Dangerous as it Sounds

Inderjeet Singh
11 min readAug 29, 2021

--

Individuals accessing the Internet are habituated to an endless virtual world of information associated with Facebook, Twitter, Instagram, Google Chrome, Internet Explorer, Social Networking and e-commerce sites. Very common phrase “Just Google it” to find any information of interest can be accessed on a click of the mouse, purchase goods from number of e-commerce websites and have them delivered to your doorstep.

While Internet appears to be a flat ecosystem on its surface, there are actually different layers at play. In reality, Internet can be broadly divided into Surface Web or clear web and Deep Web. Dark Web is part of Deep Web, but these two different Internet layers vary quite a bit, especially with regards to content. But the Internet has a dangerous, colossal secret: The Dark Web.

Surface Web consists of web pages which are indexed by the popular search engines such as Google, Yahoo, Yandex etc and accessible through standard browsers. The Surface Web, occupying 4 % to 10% of the internet, contains those websites with visible contents resulting from search engine indexing. The Surface Web contains several billion websites and documents with diverse subsets which can be indexed by most search engines. Beyond the Surface Web exist the Deep Web and the Dark Web.

The next layer, the Deep Web, includes millions of databases and dynamic web pages that often reside behind paywalls or require passwords. Deep Web- the term was coined by Mike Bergman founder of Bright Planet, also termed it as limited-access network, consists of that data on the net which is although available for access but cannot be searched using simple web crawling search mechanism and it includes private sites (requires credential to access it), unlinked sites, blocked sites (requires answer a CAPTCHA to access), dynamic web pages (requires complete URL to access it), Non-HTML or scripted content, and a network which in not open for every user. While it is technically impossible to accurately measure the size of the Deep Web, some estimates put it at 500 times the size of the Surface Web. It requires intense query processing and optimization to access such contents, even the resources of such content. It mainly consists of archived databases or dynamic pages.

· Data can be accessed via special automated or manual querying process.

· Webpages may or may not be linked.

· URLs are also hidden from the traditional search engines.

· Needs the harvesting of unstructured big data.

Most of the Deep Web isn’t bad in any way, it’s just the content that is blocked from search engines for security reasons. There are few Deep Web search engines that let you explore some of the content. Deep Web comprises mostly of legal content that is not listed on search engines and requires special permissions to access such as bank records, password protected pages, encrypted chat records, email correspondence, paid streaming services, and many more.

However, there’s the interesting part of the Deep Web: The Dark Web. Dark Web describes a layer beneath the deep web in the Internet protocol stack that orthodox search engines like Google, YouTube, Yahoo, Bing, Baidu and Yandex cannot index. A very small, hard to access allocation (0.01%) of the Deep Web is called the Dark Web, a part of the Internet that isn’t accessible through search engines at all, and also much more. It’s is called an anonymous Internet. The Dark Web operates on a deeper layer of the Internet that thrives on anonymity On the Dark Web, here, no one knows your identity and no one knows who is behind any website.

Dark web sites are not freely available to the public, with Internet Protocol addresses being hidden to ensure confidentiality and anonymity. Dark Web pages tend to be unreliable, coming and going regularly, leaving directories peppered with dead links as websites disappear or change locations.

Dark Web isn’t all evil. Residents of countries with high censorship, transgender individuals in repressive regions, and undocumented immigrants possess the right to information access and need privacy protection to exercise that right. The Dark Web provides all the method of protecting their personal information and privacy amid the incursion of data collection practices. A large part of it are just normal forums, blogs, essays, etc. Because of the protection offered by the Dark Web and its hidden services, activists in oppressive regimes are free to exchange ideas and organize themselves and then there’s the bad stuff — contract killers, child porn, drugs, and other nasty stuff which share the same benefits of anonymity as the good sites.

At the core of the Dark Web is an intricate array of routing that provides anonymity for users accessing it. Unlike the Surface Web and most parts of the Deep Web, the Dark Web involves special technology to access the websites hosted there. Dark Web content cannot be indexed by any of the search engines such as Google, Yahoo and Bing etc. By design, Dark Web has been intentionally hidden and it is not accessible through standard browsers.

Dark Web can be accessed through “The Onion Router” (TOR) browser. While on the browser, the software masks both the user’s IP Address and location by routing it and rerouting it with all the other TOR browser users through hundreds of servers, scrambling the data. Dark Web sites run on a special server which delivers content to TOR browsers. TOR, a modified version of the Firefox browser, remains the most prominent tool of Dark Web users. It uses a set of encryption tools, services, and nodes that hide and change IP addresses and encrypt data to and from computers, protecting both the visitor and the website operator address, and making your connection untraceable. TOR routes connections through a series of relay nodes running open source software that is encrypted, as it is routed. These relays form the infrastructure of the TOR network, passing information through layers of anonymizing encryption.

When on the TOR browser, users can gain full access to anonymous, deregulated web browsing. TOR creates a virtual and encrypted tunnel which allows people to hide their identity and network traffic, and allow them to use internet anonymously. There has been lot of buzz TOR network and Dark Web, because most of the Dark Web sites carried out transactions through anonymous Crypto currencies such as Bitcoin, using peer to peer networks which is based on cryptography principal.

The US Naval Research Laboratory had developed the TOR browser as a means of protecting government communications using a secure method of routing and the system soon developed into a non-military project. In 2004, the software became public and was offered as a free service to advance unconstrained access to the Internet for those who face persecution for online communication. Like many innovations, it became subverted and began to connect illegal goods and services to willing customers

What Types of Content Can Be Found on the Dark Web? A wide variety of content can be found on the Dark Web. Some of the broad categories of content that may be found there include:

· Blogs

· Books

· Chat

· Counterfeit goods and services

· Currency exchange services

· Directories

· Discussion forums

· Drugs

· Fraud

· Gambling

· Guns and other weapons

· Hacking services

· Hosting services

· Marketplaces

· Search tools

· Social Media

· Terrorism

· Whistleblower content and resources.

· Hidden Wiki

It is on these criminal Dark Web sites that all kinds of malware, like Ransomware, Ransomware-as- a-Service are bought and sold. Other goods and services purchased, sold, and leased on these Dark Web cybercrime websites include login credentials to bank accounts, personal information stolen through data breaches, skimmers (devices to attack credit card processing equipment and ATMs), and ATM manuals that include default passwords.

Dark Web uses layered encryption and does not use Domain Name Servers (DNS) or IP addresses. Dark Web sites have a different naming structure to those of regular sites. While regular sites end with .com or .co, dark websites end with .onion extension. Onion domains are not controlled or managed by Internet Corporation for Assigned Names and Numbers ICANN and these sites are hosted on limited-access network infrastructure requires special software — TOR to access it. The special suffix designates an anonymous hidden service, accessible through the TOR network. Only Dark Web browsers with the appropriate proxy can reach these sites.

This makes it difficult to track the identity and locations of users, as their data routes through a large number of servers. Essentially, a user’s communications bounce around to different servers around the world to help keep them private.

Just as the users can purchase products through sources such as Amazon and eBay on the Surface Web, TOR users can purchase illegal products or services through Dark Web counterparts. There are many different markets available on the Dark Web selling variety of stolen and illegal products, including weapons, drugs, and stolen information.

There are also more specialized markets to purchase cybercrime services, showing us why cybercriminal activity is so common. These nearly-anonymous cybercrime markets make it much easier for less experienced cybercriminals to distribute malware or target businesses. Some of the products and services readily available include:

· DDoS Services — $7 per hour

· Email Lists — $50 for 500,000 emails

· Botnets — $60 Daily

· Basic Malware — $10 Average

· Ransomware Kits — Free — $1000 (Free normally includes a cut of the ransom)

· Compromised Website — $10 — $15

· ATM Skimming Devices — $400

· Online hacking tutorials — 0$ — $500

· Money mules for hire — % of the money

One of the most frequently asked questions about the Dark Web is: “do these guys ever get caught?” It is difficult for authorities to take down Dark Web sites due to a number of factors, including TOR’s multi-layered encryption, criminals using anonymous VPNs, sites being hosted in different countries (without strong cyber-laws), and the use of bitcoin or other Cryptocurrencies (nearly untraceable) when purchasing illegal good or services, rather than transacting through a Bank.

Despite these factors, the short answer is, Yes; the bad guys are getting caught with increasing frequency. There have been several high-profile cases of Dark Web markets being taken down by the FBI or other authorities. A few examples include the Silk Road, AlphaBay, and Hansa, all of which were very popular Dark Web markets.

The Dark Web is an extremely dangerous place to visit, especially if you do not understand how to access the Dark Web safely. It is highly recommended that you simply avoid visiting the Dark Web. Just as you would not go to the most dangerous dark ally out of curiosity, you shouldn’t access the Dark Web out of curiosity without the proper knowledge and tools.

Bitcoin plays an important role throughout the Dark Web. Since staying anonymous is the key, Bitcoin is one of the major currencies you can use to pay for the services. Unlike the Surface Web, almost every other website on the Dark Web has the “Bitcoin accepted” sign displayed on it. Because of Bitcoin’s pseudo-anonymous nature, it’s the perfect currency to power such an ecosystem. This can be said about other cryptocurrencies as well. Recently, it has been said that many Dark Web users are switching to Monero since it’s a 100% private coin (unlike Bitcoin). Cryptocurrencies and “privacy networks” like TOR have actually a lot in common. They both require a network of individual computers to run, as opposed to one main server. This is called “distributed computing” and the computers are called nodes.

Law Enforcement Agencies continue to infiltrate the Dark Web with its own compromised and controlled TOR nodes, allowing the good guys to monitor some, if not all, Dark Web traffic and track criminal activity. The number of Dark Web related arrests continues to rise, but as with all criminal activity, the bad guys continue to find a way to avoid justice. While it’s unlikely that the Internet will ever be rid of crime, the good guys have significantly closed the gap between anonymous criminal activity and the ability to enforce the law and take down illegal underground markets.

Dark Web and Terrorism. Another major aspect of activism on the Dark Web, is of course, much “darker” than the other: terrorism. Islamic extremist terrorist groups like ISIS seek shelter in the anonymous cloud of the Dark Web, precisely because their IP addresses and locations are untraceable. Many sites only accessible from the TOR Browser promote terror agendas and ideals, ranging from propaganda to data-mining, recruitment, fund-raising, and coordination of actions. The massive presence of terrorism in the Dark Web is one of the main reasons LEA agencies call for the de-encryption and regulation of the anonymous Internet, despite the potential threat to privacy this could entail.

Terrorists are extensively using the internet as a means to spread violent ideology and recruit susceptible individuals on a broad scale. Social media provides a useful platform. Accessibility and visibility are crucial to the success of this strategy. For this reason, efforts to counter terrorist activity online focuses primarily on sites which are commonly used to reach the most people. This virtual environment, which most people interact with on a daily basis, is reserved for terrorists’ strategic efforts. However, terrorist’s groups are using Dark Web on the operational level. Terrorists are now using the Dark Web to communicate in safer ways than ever before and to obfuscate malicious activities.

  • Terrorists use Dark Web to hide. While the Law Enforcement Agencies develop more effective ways of combating extremists on social media, by taking down accounts and monitoring terrorist activity, these terrorist groups are using the Dark Web to develop and implement operations and obfuscate their activities.
  • Terrorists use Dark Web for recruitment. Terrorists use the Dark Web as a more secure environment to further influence and direct sympathizers after these individuals are seduced on the Surface Web.
  • Terrorists use Dark Web as a reservoir of propaganda. Dark Web is becoming a reserve for propaganda material. As videos or documents are removed from more readily accessible sites they are moved to the Dark Web stored and recycled.
  • Terrorists use virtual currencies to evade detection and to fundraise. Cryptocurrencies provide anonymity and mitigates efforts to prevent terrorist fundraising.

ISIS and other jihadist groups have been online applications that allow users to broadcast their messages to an unlimited number of members via encrypted mobile phone apps such as Telegram. Telegram is an application for sending text and multimedia messages on Android, iOS, and Windows devices. One of the key features of Telegram is end-to-end encryption. Telegram has seen major success, both among ordinary users as well as terrorists. Telegram’s features and especially the deeper and more secretive forms of communication it offers, relate it to Dark Web users and contents. However, it was not until its launch of “channels” in Sept 2015 that the Terrorism Research & Analysis Consortium (TRAC) began to witness a massive migration from other social media sites, most notably Twitter, to Telegram.

Terrorist organizations continue to distribute defensive guidelines and instructions, and to expand their activities on the Dark Web where they claim to be better able to protect the traffic and anonymity of the organizations themselves, as well as their supporters, from the tracking software of intelligence agencies and activists who operate against terrorist organization on the internet.

Multiple private anti-cyberterrorism organizations are currently working to make it possible for some parts of the Darknet to be unencrypted. DARPA is developing an advanced software program called MEMEX that could potentially focus on opening up specific Darknet “domains of interest” through massive indexing of site data.

This post was written for educational purposes only. If you wish to use the Dark Web, do it at your own discretion and at your own risk. Make sure to be aware of any consequences that may follow.

--

--

Inderjeet Singh
Inderjeet Singh

Written by Inderjeet Singh

Chief Cyber Officer | TEDx Speaker | Cyberpreneur | Veteran I Innovative Leadership Award | Cyber Sec Leadership Award | India’s Top 30 Blockchain Influencer I

Responses (1)