Dark Web

From: Laurie Clark

Dark Web, ACCi

‘The dark web’ brings to mind furtive young cybercriminals soliciting drugs, arms or worse from the internet equivalents of filthy souks – crammed with shady stalls stacked high with illicit produce. And let’s be honest, this perception isn’t a million miles away from the truth. Given the ease and much better functionality of the open web, it’s true that the dark web offers most appeal to a particular kind of site.

But this is also an over-simplification that has negatively colored our perception of the dark web. It was in fact set up with freedom of speech – rather than mail order eccies – in mind, and still harbors pools of people sheltering from restrictive internet regulations in their own country or who desperately need to preserve their privacy for political reasons.

Where did the dark web come from?

The dark web operates on the principle of ‘onion routing’, where anonymity on the web is achieved by rerouting a user’s internet activity through a number of different, dispersed IP addresses in order to disguise which computer the traffic originally came from. Funnily enough, this concept was first developed by the US Navy, as a means of protecting US intelligence online.

The work of two mathematicians in the Naval Research Laboratory culminated in the release of The Onion Routing project in 1997 – what is now better known as Tor. They then released the project into the public domain for anyone to use, the rationale being that the more people used it, the harder it would be to discern US government traffic amongst the noise. Today Tor is a critical part of the dark web, as will be discussed below.

Since then, the dark web has attracted a number of criminal activities, but has also appealed to activists or journalists wary of surveillance or users in countries with repressive restrictions on internet use such as China.

What is the difference between the dark web and the deep web?

But before examining the dark web more closely, it’s important to make a distinction between the dark web, and its oft-misunderstood older cousin, the deep web. While some have wrongly compounded the two, they are far from the same. To differentiate them, let’s begin by examining the first ‘layer’ of the internet – the surface web. This is any area of the internet that is discoverable (‘indexed’) by a search engine – the most popular pages like sites from technology publications such as yours truly. This is also referred to as the ‘clearnet’ by darknet users, in reference to the lack of encryption on this part of the internet.

The deep web, on the other hand, is any page on the internet that cannot be pulled up by a search engine, for example, archives that you must search for in a website rather than a search engine. Websites containing large reams of database information or records are good examples of deep web information. Other examples would be information held on workplace intranets or online banking sites.

So, the deep web is simply information that is submerged beneath the surface web, not the hotbed of nefarious activity some have confused it as. Now, to the dark web. This is a segment of the deep web, and describes the section of the internet which is made deliberately undiscoverable by normal search engines because the creators of the pages wish them to be hidden. You can’t access the dark web through your average Joe Chrome or Safari browser, you’ll need an alternative means, which brings us to…

How do you access the dark web?

Tor is by far the most popular and simplest way to access the dark web, although this is possible through other secure browsers such as Freenet and the Invisible Internet Project. Tor is a proxy routing system based on relaying traffic from one computer through a number of different IP addresses in order to disguise which computer the activity originated from. This makes it extremely difficult (but not impossible) to see who is looking at what from any one point in the network.

Tor can be downloaded from the official Tor site and installed on your laptop or PC, after which you can load up the big bad dark web and get browsing. If a site ends in .onion, it’s only accessible through the Tor browser. However, it should be noted that dark web sites cannot be searched for through the equivalent of Google, meaning that you need to know where you’re going beforehand. Lists of sites ranging from the illegal to the unsavoury to the down right repugnant are available from certain Reddit feeds or Wikis.

It’s also worth noting that the anonymous features of Tor come at a price – with functionality and aesthetics both taking a hit. Using the browser to peruse clear-net sites can also be pesky, with logging into sites like Netflix and Facebook often becoming an arduous process due to your IP address not being recognized.

How big is the dark web?

A study published by King’s College London, “The darkness online”, found there were around 300,000 addresses within the Tor network, translating to roughly 205,000 web pages. Minuscule compared to Google’s estimate of 30 trillion pages on the open web all the way back in 2013.

The number of individual connections, probably a better measure, is currently estimated by the Tor project to stand at around 1.7 million per day, predominantly in the US, Russia, Germany, France and the UK, in that order.

How do criminals use the dark web?

The same study from King’s College London found that over half of the 5,205 “live” sites on Tor were serving illegal ends.

Despite its lofty privacy ideals, Tor been accused of making it possible to hide criminal activity from the police. Defenders of Tor point out that bad things have always been a part of the internet and many of its uses are perfectly legitimate in an age of massive state surveillance. As for terrorism, there is no evidence that violent extremists either use or need Tor to communicate.

However, it’s possible that extremists of different strains flourish on the dark web, with a recent example being the neo-nazi, white supremacist group, Daily Stormer, setting up shop there after being driven off the clear-net by hackers and activists.

In response to this, Tor released a statement saying: “We are disgusted, angered, and appalled by everything these racists stand for and do. We feel this way any time the Tor network and software are used for vile purposes.”

However, they pointed out the double bind they found themselves in. “We can’t build free and open source tools that protect journalists, human rights activists, and ordinary people around the world if we also control who uses those tools,” they said.

The most obvious examples of criminality on the dark web focus on the most reported crimes such as drugs or child porn. But there are reams of other illegal activity including trading in malware, stolen credit card numbers, hacked account information like logins, or the ability to hire hackers to target certain computers for you.

The site that popularised the public idea of the dark web was probably Silk Road, a drugs market set up as a hidden service on Tor until it was closed by police in 2013 and its alleged founder arrested. Since then, dark markets have become so well-known many of them are advertised on the public web.

In a more recent and typical example, the xDedic market was publicised by a researcher at Kaspersky Lab. This site was used to sell around 70,000 compromised servers to professional cybercriminals.

However, it’s worth noting that criminal sites don’t just flourish on the dark web. There are still multitudes of criminal sites accessible from any web browser if you know where to look. And Tor’s own analysis carried out in February 2015 suggested that only 3-6% of overall traffic on the network was actually visiting “Tor” sites, with the rest simply using the browser to access ‘clearnet’ sites like Facebook or Netflix.

Am I anonymous on the dark web?

Despite one of Tor’s main aims being to provide privacy and anonymity to its users, there is evidence that you may not be as anonymous as you’d hope, particularly if you yourself are hosting a server. And to remain anonymous, you must adopt impeccable protocol surrounding your internet use.

If you do desire complete anonymity, it’s advisable to use a VPN in addition to the Tor network, with more advice on that here. If you’re really paranoid, you might want to lock down your device with a secure version of Linux, and consider using only public networks (through that VPN). There are also vulnerabilities in Tor from time to time, such as a recent one which leaked your real IP address. For reasons such as these, it might be too optimistic to assume you’re completely anonymous on the dark web.

Another case of interest to those seeking anonymity on the dark web is the shutting down of the most notorious child pornography website, Playpen, in 2015. This was possible because the manager of the site accidentally revealed the true IP address of the site which was picked up by the authorities. The US government were then eventually able to seize control of the site and keep it running for two weeks in order to identify its users.

This was achieved by hosting a video on the site, which if played, opened an external connection to the internet outside the dark web, thus revealing the computer’s true IP address. Of course, we support the jailing of anyone complicit in the harming of children, but it’s of note to anyone engaging in more garden variety criminality who thinks they are always completely secure on the dark web.

In addition, almost every cybersecurity firm worth its salt now devotes considerable resources to exploring and documenting what goes on there. Some specialist companies even build their business models around understanding criminal activity on the dark web, and feeding that intelligence back to customers.

This is more about who uses this part of the internet than what goes on there. It’s the individual criminals behind activity that intelligence firms and the police are really interested in.

Given this, it’s debatable why criminals seem wedded to a part of the web lots of experts are paid to study in great detail. The answer is probably that while the dark web is no longer as mysterious and shadowy as its nickname suggests, it does buy criminals some time. Tracking down websites hidden on it is undoubtedly slower than on the public internet.

Why is the dark web still popular?

Despite its strong criminal element, just because you’re on the dark web, doesn’t mean you’re up to no good. “The number of people entering the Tor network had been about one million before Snowden,” says Professor Alan Woodward of the University of Surrey, also an adviser to the cyber-crime arm of the European policing organisation Europol.  “It spiked at six million just afterwards.” Although other evidence suggests that this number has plateaued to around 2 million active users today.

People who are very invested in privacy or need to remain anonymous due to their location or profession may also use Tor. For example, the Guardian hosts a site there where whistle-blowers can lodge files with a degree of anonymity.