Deep Dive: A Guide to the Deep-Web for Law Enforcement

Uploaded on 2015-02-19 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

There's a part of the Internet known as the deep web. It is called the deep web because of its massive size, it's literally 'deep'. According to The Guardian, you can only access 0.03% of the internet via search engines like Google and the rest is what makes up the deep web.

You can't just access the deep web from a normal web browser – like Firefox for example – you can only access the deep web through a deep web browser. The most famous of these deep web browsers is called Tor and this is the one we recommend you get if you're looking to get onto the deep web.

The deep web is well known for containing some really messed up stuff (snuff/child porn etc as you might expect but we're going to try and avoid that for the most part), but if you successfully steer clear of all of that then you'll find some really interesting stuff on the deep web that you would never find on the public world wide web.

We'll start with what is definitely the most useful feature of the deep web to law enforcement & intelligence professionals.

First, Marijuana
Forget calling your dealer and having to wait in the cold for him to meet you at a dodgy bus stop on a dark, cold, wintery night just to be given a crappy 1.5 gram eighth of bush weed, just get on the deep web instead. Now you can do all your marijuana ordering from the comfort of your own sofa.

You buy your marijuana in bulk from this deep web site, with the prices varying upon the strain and the amount of you buy. There are a couple of ways you can have your ganja delivered: either standardly through DHL (after being vacuum packed four times) or via drop shipping.

Second, Silk Road
Other online drug markets also exist on the deep web where you can pick up pretty much any kind of drug or chemical. The most famous of these is known as Silk Road and you can literally pick up what you want from this site. You name it, somebody has got it on here and you'll pay with your bitcoins and it'll arrive in an untraceable package a few days later. It really is that easy. Apparently there's a 97% success rate on this.

Silk Road is set up kind of like eBay or Amazon. There are buyers and sellers and each buyer and seller has their own feedback rating so when you're looking to pick up some LSD or salvia or whatever drug takes your fancy that day, then you'll have a look through the site, find a seller with good feedback for that particular chemical high and then pay them with a bitcoin and sit back and wait for it to turn up. It's that easy.

Three, Hire a Hit Man
Want to take out your boss, nagging wife or that journalist who wrote that awful review for your restaurant? Well if you've got the cash this person will do it for you. This is taken from one website on the deep web that offers this service and includes the differing prices of a hit. These prices are dependent on who the person is and what information you need to send so the hit can take place. The most popular hire an assassin sites are White Wolves and C'thuthlu.

Fourth, Buttery bootlegging
Buttery bootlegging is run by a Dangler who is good at stealing and apparently will steal anything that you can't afford or just don't want to pay for. There are loads of these rob-to-order pages in the deep web.

Fifth, The Human Experiment
The Human Experiment is a deep web site that details medical experiments that are performed on homeless people that are usually unregistered citizens. They're picked up off the street, experimented on and then usually die but they're homeless and unregistered so nobody misses them.

As with most of the deep web, there's actually some debate about whether The Human Experiment was real or just a parody site as it could quite easily be either given its location on the deep web. The Human Experiment

Sixth, Buy Weapons
There's a site known as Euroarms that lets you buy all kinds of weapons and have them delivered to your door courtesy of the deep web. Unfortunately for those of you that jumped out of your seat when you read that as you envisioned shooting up your school or blasting your boss away, the ammunition for these weapons is sold separately and you have to track that down on a different site.

Seventh, Buy Credit Card Information
The site you want is called Atlantic Carding and as with most services, the more you pay the more you get for your Bitcoin and so you can potentially get access to business credit card accounts and infinite credit card accounts.

Of course, a lot of the time when you're buying stuff online with a credit card you're going to need the user's details – including their name, address and social security number – and this is all available on the site if you're willing to pay the premium. Again, it's unknown if all this stuff is true and easily available online but the fact that any of this even might be real is pretty disturbing.

Eight, Betting on Fixed Sporting Events
It's long been theorized that many sporting events are fixed – especially stuff like horse racing – and that people in the know are able to bet on said events in order to line their pockets. It would seem that thanks to the deep web this no longer needs to be achieved by shady phone calls and crumpled up post-it notes, but you can simply log onto a site and they'll do it all for you.

The financial investment in this one is particularly hefty but if it pays off and it's real then you'll make it back in no time.

Many of the sites might be designed to fleece unwitting fools out of their Bitcoins anonymously because it's so easy, but you've got to think they wouldn't be able to after a while because people would start talking because they're not legit and their reputation would soon be in the drain.

Ninth, the Hidden Wiki
Mail order marijuana, hiring a hitman and getting someone to steal something for you, match fixing and buying weapons are all just the tip of the iceberg of the deep web as there's also the 'hidden wiki', which is apparently the portal to anything you've ever wanted on the deep web. It explains everything you ever wanted to know about the deep web and features a full list of .onion sites and a description of each one as well as a bunch of other interesting information about it.

Tenth, Recent Developments
Last summer, a whole bunch of hidden websites – possiblyas many as 50% – vanished off the deep web. This was linked to the takedown of a hosting operation in Ireland, allegedly connected to the United State's attempts to extradite an Irish citizen called Eric Eoin Marques for questioning over the distribution of child porn online. Of course, it's no surprise that the deep web is a hotspot for this kind of activity and it goes without saying that this is definitely not a good use for it. It also really pinpoints the debate over whether its existence should even be allowed at all.

Tor released the following statement regarding the breach: 'In the past, adversarial organizations have skipped trying to break Tor hidden services and instead attacked the software running at the server behind the dot onion address. Exploits for PHP, Apache, MySQL, and other software are far more common than exploits for Tor. The current news indicates that someone has exploited the software behind Freedom Hosting. From what is known so far, the breach was used to configure the server in a way that it injects some sort of javascript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect user's computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR [extended support release], on which our Tor Browser is based. We're investigating these bugs and will fix them if we can.'

As Tor said in their statement regarding this event, Tor is still safer and more anonymous than almost every other Internet browser out there, so it's probably still going to be used for a long, long time.

http://blog.mcafeeinstitute.com/the-ultimate-guide-to-the-deep-web

« Cyber Warfare: Technology backfires on the powerful.
Memex – The new search tool and for the Deep Web »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

iTrinegy

iTrinegy

iTrinegy is a world leader in Application Risk Management offering solutions to mitigate all networked application deployment risks

Qualys

Qualys

Qualys is a pioneer and leading provider of cloud security and compliance solutions.

Arsenal Insurance Company

Arsenal Insurance Company

Arsenal is an insurance provider based in Moscow, Russia. Services offered include Cyber Risk insurance.

PhishLabs

PhishLabs

PhishLabs provides 24/7 services that help organizations protect against the cyberattacks targeting their employees, their customers and their brands.

7Safe

7Safe

7Safe has been delivering hands-on digital security training courses since 2001 and offer e a portfolio of university and industry-accredited courses.

Vesta

Vesta

Vesta Corporation is a global provider of a scalable suite of fraud and payment solutions for online commerce.

Risk Based Security (RBS)

Risk Based Security (RBS)

Risk Based Security provide the most comprehensive and timely vulnerability intelligence, breach data and risk ratings.

Technology Ireland ICT Skillnet

Technology Ireland ICT Skillnet

Technology Ireland ICT Skillnet is a network of companies who collaborate to address skills needs within the technology sector.

CyberClan

CyberClan

CyberClan’s carefully selected team of experts is capable of solving complex cyber security challenges – keeping your data secure and your businesses running as usual.

Spin Technology

Spin Technology

SpinOne is a SaaS data protection platform designed to monitor, secure, and back up your G Suite and O365 data, improve compliance, and reduce IT costs.

UST

UST

UST is a global provider of digital technology and transformation, IT services and solutions including managed security services.

Intrepid Solutions & Services

Intrepid Solutions & Services

Intrepid Solutions and Services provides technology solutions and professional services to key components of the intelligence and national security communities.

Mission Critical Partners (MCP)

Mission Critical Partners (MCP)

Mission Critical Partners is committed to delivering innovative solutions that help our clients enhance and evolve their critical-communications systems and operations.

RiskOptics

RiskOptics

RiskOptics (formerly Reciprocity) equips organizations with one of the most intuitive and powerful information security and cyber risk management solutions in the market.

DH2i Company

DH2i Company

DH2i is a leading provider of multi-platform Software Defined Perimeter and Smart Availability software enabling customers to create an entire IT infrastructure that is always-secure and always-on.

Harrison Clarke

Harrison Clarke

Harrison Clarke is a leading staffing and recruiting firm in the Cloud, Cybersecurity, Data & AI space.