The Dark Web is a part of the
World Wide Web that requires special software to access. Once inside, web sites
and other services can be accessed through a browser in much the same way as
the normal web.
However, some sites are
effectively “hidden”, in that they have not been indexed by a search engine and
can only be accessed if you know the address of the site. Special markets also
operate within the dark web called, “Darknet Markets”, which mainly sell
illegal products like drugs and firearms, paid for in the crypto currency Bit coin.
There is even a crowd funded
“Assassination
Market”, where users can pay towards having someone assassinated because
of the dark web’s almost total anonymity, it has been the place of choice for
groups wanting to stay hidden online from governments and law enforcement
agencies. On the one hand there have been whistle blowers using the dark web to
communicate with journalists, but more frequently it has been used by pedophile
groups, terrorists
and criminals
to keep their dealings secret.
There are a number of
ways to access the dark web, including the use of Tor, Free net
and I2P. Of these, the most popular is Tor
(originally called The Onion Router), partly because it is one of the easiest
software packages to use. Tor downloads as a bundle of software that includes a
version of Firefox configured specifically to use Tor.
Tor
provides secrecy and
anonymity by passing messages through a network of connected Tor
relays, which are specially configured computers. As the message hops from one
node to another, it is encrypted in a way that each relay only knows about the
machine that sent the message and the machine it is being sent to.
There are even special
versions of search engines like Bing and Duck Go that will return onion
addresses for Tor services.
It is a mistake to think
that Tor is entirely anonymous. If a web site is accessed, it can still
potentially find out information about whoever is accessing the site because of
information that is shared, such as usernames and email addresses. Those
wanting to stay completely anonymous have to use special anonymity services to
hide their identity in these cases.
Services on the dark web
would not have been as popular without a means of paying for them. This is
something that Bit coin
has made possible. A recent study
by Carnegie Mellon researchers Kyle Soska and Nicolas Christin has calculated
that drug sales on the dark net total US$100 million a year. Most, if not all,
was paid for in Bit coin.
Bit coin is made even
more difficult to track on the dark web through the use of “mixing services”
like Bit coin
Laundry, which enables Bit coin transactions to be effectively hidden
completely.
The
Questions raises that “How Dark Is The Dark Web”…?
The developers of Tor
and organizations like the Electronic Frontier Foundation (EFF
argue that the principal users of Tor are activists and people simply concerned
with maintaining their privacy. Certainly, Tor has been used in the past for
journalists to talk to whistleblowers and activists, including Edward
Snowden).
However, even a cursory
glance at the Hidden Wiki – the main index of dark websites – reveals that the
majority of sites listed are concerned with illegal activities. Some of these
sites are scams, and so it is not clear how easy it is to buy guns, fake
passports and hire hackers from the services listed. But there are likely sites
on the dark web where these things are entirely possible.
Although the dark web
makes law enforcement agencies’ jobs much more difficult, they have had a great
deal of success in bringing down sites and arresting their users and the people
behind them. The most famous of these was the arrest of Ross Ulbricht,
the person behind the most well known of the drug markets, Silk Road.
More recently, the FBI’s
arrest
of two users of a child abuse site on the dark web highlighted that they are
now able to use a range of techniques to unmask Tor users’ real internet
addresses.
Dark Net websites are
accessible only through networks such as Tor ("The Onion Router") and
I2P ("Invisible Internet Project"). Tor browser and Tor-accessible
sites are widely used among the dark net users and can be identified by the
domain ".onion". While Tor focuses on providing anonymous access to
the Internet, I2P specializes on allowing anonymous hosting of websites.
Identities and locations of dark net users stay anonymous and cannot be tracked
due to the layered encryption system. The dark net encryption technology routes
users' data through a large number of intermediate servers, which protects the
users' identity and guarantees anonymity. The transmitted information can be
decrypted only by a subsequent node in the scheme, which leads to the exit
node. The complicated system makes it almost impossible to reproduce the node
path and decrypt the information layer by layer. Due to the high level of
encryption, websites are not able to track geo location and IP of their users,
and users are not able to get this information about the host. Thus,
communication between dark net users is highly encrypted allowing users to
talk, blog, and share files confidentially.
The dark net is also
used for illegal activity such as illegal trade, forums, and media exchange for
pedophiles and terrorists. At the same time traditional websites have created
alternative accessibility for the Tor browser in efforts to connect with their
users. Pro Publica,
for example, launched a new version of its website available exclusively to Tor
users.
Many
hackers sell their services
either individually or as a part of groups. Such groups include x Dedic,
hack forum,
Trojan forge, Maza faka, dark 0de
and The Real Deal
dark net market. Some have been known to track
and extort
apparent pedophiles. Cyber crimes and hacking services for financial
institutions and banks have also been offered over the Dark web. Attempts to
monitor this activity have been made through various government and private
organizations, and an examination of the tools used can be found in the
Procedia Computer Science journal. Use of Internet-scale DNS Distributed
Reflection Denial of Service (DRDoS) attacks has also been made through
leveraging the Dark Web. Many hacking groups
such as Code Green also recruit Hackers
depending on their skills. There are many scam onion sites also present which
end up giving tools for download that are infected with trojan horse or backdoor.
There is regular law enforcement
action against sites distributing child
pornography – often via compromising the site by distributing malware
to the users. Other content includes sexualized
torture and killing of animals and some kind revenge porn.
There are at least some
real and fraudulent websites claiming to be used by ISIL (ISIS), including a
fake one seized in Operation Onymous. In the wake of the November 2015 Paris attacks an actual such
site was hacked by an Anonymous affiliated hacker group GhostSec
and replaced with an advert for Prozac. The Rawti Shax Islamist group was found to be
operating on the dark web at one time.
In the 2000s, use of the
term child abuse images increased by both scholars and law enforcement
personnel because the term "pornography" can carry the inaccurate
implication of consent and create distance from the abusive nature of the
material. A similar term, child sexual abuse material, is used by some official
bodies and similar terms such as "child abuse material",
"documented child sexual abuse", and "depicted child sexual
abuse" are also used, as are the acronyms CAM and CAI. The term
"child pornography" retains its legal definitions in various
jurisdictions, along with related terms such as "indecent photographs of a
child" and others. In 2008, the World Congress III against the Sexual
Exploitation of Children and Adolescents stated in their formally adopted pact
that "Increasingly the term 'child abuse images' is being used to refer to
the sexual exploitation of children and adolescents in pornography. This is to
reflect the seriousness of the phenomenon and to emphasize that pornographic
images of children are in fact records of a crime being committed."
Interpol
and policing institutions of various governments, including among others the United States Department of Justice,
enforce child pornography laws internationally. Since 1999, the Interpol
Standing Working Group on Offenses Against Minors has used the following
definition:
Child pornography is the
consequence of the exploitation or sexual abuse perpetrated against a child. It
can be defined as any means of depicting or promoting sexual abuse of a child,
including print and/or audio, centered on sex acts or the genital organs of
children.
Children of all ages,
including infants are abused in the production of pornography. The United States Department of Justice
estimates that pornographers have recorded the abuse of more than one million
children in the United States alone. There is an increasing trend towards
younger victims and greater brutality; according to Flint Waters, an
investigator with the federal Internet Crimes Against Children Task
Force, "These guys are raping infants and toddlers. You can
hear the child crying, pleading for help in the video. It is horrendous." According
to the World Congress against Commercial Sexual Exploitation of Children,
"While impossible to obtain accurate data, a perusal of the child pornography
readily available on the international market indicates that a significant
number of children are being sexually exploited through this medium.
Masha Allen was adopted
at age 5 from the former Soviet Union by an American man who sexually abused
her for five years and posted the pictures on the Internet. She testified
before the United States Congress about the anguish she has suffered at the
continuing circulation of the pictures of her abuse, to "put a face"
on a "sad, abstract, and faceless statistic," and to help pass a law
named for her. "Masha's Law," included in the Adam Walsh Child Protection and
Safety Act passed in 2006, includes a provision which allows young
people 18 and over to sue in civil court those who download pornographic images
taken of them when they were children. "Downloading" includes viewing
without actual download; many successful prosecutions are completed through
using residual images left on the viewer's computer.
Terrorist and non-state
actors have used different modes and mediums to spread their message and
communicate with their comrades. The dawn of the Internet has also provided
such groups with unparalleled opportunities to establish communications and
operational links that were not possible before. Starting from websites,
terrorist groups moved to more interactive mediums like chat rooms and forums.
It was social media platforms, such as Facebook and Twitter that truly revolutionized
how militants, terrorists and non-state actors communicated with each other,
recruited sympathizers and supporters and disseminated their propaganda.
The self-proclaimed
Islamic State (IS) perfected the use of social media, which became the
preferred source for the so-called ‘jihadists’ or ‘soldiers of the Caliphate’.
In response, tech companies have been compelled to take down Facebook and
Twitter accounts affiliated with IS. The unintended cost of this policy is that
supporters, sympathizers and members of jihadist groups have moved into the
deep web and the dark net.
"In
Computer Science, we often got bored and decked around. One day we ran into the
deep web. The most disturbing site we found was a comprehensive guide for
cooking women. We're not talking about a short joke here. This page had
information on what body types to use for specific cuts, how to prepare these
cuts, and how to cook the girl so she lives as long as possible. It horrifies
me that people way worse than the freaks on Criminal Minds exist.”
So security concerns for
SMBs re: "Deep Web" would be as follows:
1. User's navigating the
"Deep Web" is infected much in the same way that users on the
"Surface Web" are (by browsing and general internet activities)
2. Malware that utilizes
Tor for data exfiltration and/or command and control
Start by rejecting
inbound and outbound traffic on port 9001, this is the default port for Tor.
This will not prevent the user or malicious actor from using the service (as
this can be configured for commonly permitted ports such as 80) but is a good
start if there is no legitimate business need for port 9001.
Configure your Antivirus
product to prevent common tor executable from running on company resources
(Tor, Privoxy, Tor Browser), these executables can also be renamed to work
around this, however this is a good first line of defense.
If your firewall
supports it (and a fair amount of modern UTMs do) configure your firewall to
inspect for Tor traffic and block the traffic from passing, this is going to
depend on your firewall so consult the manufacturer's documentation. Some APT
software also has provisions for rejecting this traffic and/or the associated
executables from leaving the host or running, so you may also want to consult
the documentation for your APT/Malware/Antivirus software to see if this can be
leveraged.
If you're most concerned
with user activity a software white listing application would reject unapproved
software from running, in concert with APT defenses this could also be an
appealing way to address these risks associated with malware/malicious actors.
The above should give
you a head start and provide you with a reasonable level of confidence that
traffic leaving or entering the network is not leveraging Tor.
Simply,
white list applications allowed to be used on your environment, don't allow any
browsers such as TOR, I2P etc.
But you still need
other/network access controls for those laptops, phones, gaming systems,
internet toasters and other IoT connected B.S. that you can't impose a policy
on.
My combination of DNS
filtering, no IP in a URL restriction, good firewall rules preventing just as
much OUTBOUND traffic as in, and leaving all ports in a dead VLAN by default,
have all served me well so far - and I'm not paying for any
"subscription" products to do it.
The
Dark Web sounds scary, right? You've probably heard of it, maybe in connection
to online drug
markets or rumors of terrorist
plotting.
A sweeping survey of
over 24,000 people worldwide by a Canadian think tank shows that 71% of
internet users believe the Dark Web "should be shut down."
The Dark Net, or Deep
Web or a dozen other names, isn't a single set of sites so much as a
network of sites that you need special protocols or software in order to find.
Shutting down the
network would mean shutting down every site and relay. In the case of the
private web browser Tor,
this means simultaneously shutting down over 7,000 secret nodes
worldwide. The combined governments of various countries have enough
trouble keeping the Pirate Bay from operating right on the open web,
never mind trying to shut down an entire network of sites with encrypted
communications and hidden IP addresses hosted worldwide.
There isn't even a
single Deep Web. Most people who refer to the Deep Web are referring to the Tor
Network, a network with a special browser that allows you to set up and view
websites anonymously. There are other networks as well, like Free Net or I2P.
But maybe the biggest
barrier to shutting down the Dark Web is that not everything happening there is
illegal, which means there are no real grounds for shutting it down. The
government has successfully
shuttered illegal services, but many people are using the Deep Web
for honest means, like setting up support
networks for survivors of abuse, or just running a literary
magazine.
So for the
pearl-clutchers afraid of the Dark Web: Embrace it. It's not all bad, and
either way, it's here to stay.
The NSA and other
intelligence agencies could "benefit from analyzing customer web data to
look for connections to non-standard domains," Chertoff wrote. In other
words, he's suggesting that if security agencies can tell people are going
somewhere on the dark web, they can make inferences from it. "This can be
done without intruding on users' privacy as only the destinations of the web
requests need to be monitored and not who is connecting to them" he wrote,
which seems like wishful thinking.
#Credit: MIC Networks
