Deep Dive: A Guide to the Deep-Web for Law Enforcement

Uploaded on 2015-02-19 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

There's a part of the Internet known as the deep web. It is called the deep web because of its massive size, it's literally 'deep'. According to The Guardian, you can only access 0.03% of the internet via search engines like Google and the rest is what makes up the deep web.

You can't just access the deep web from a normal web browser – like Firefox for example – you can only access the deep web through a deep web browser. The most famous of these deep web browsers is called Tor and this is the one we recommend you get if you're looking to get onto the deep web.

The deep web is well known for containing some really messed up stuff (snuff/child porn etc as you might expect but we're going to try and avoid that for the most part), but if you successfully steer clear of all of that then you'll find some really interesting stuff on the deep web that you would never find on the public world wide web.

We'll start with what is definitely the most useful feature of the deep web to law enforcement & intelligence professionals.

First, Marijuana
Forget calling your dealer and having to wait in the cold for him to meet you at a dodgy bus stop on a dark, cold, wintery night just to be given a crappy 1.5 gram eighth of bush weed, just get on the deep web instead. Now you can do all your marijuana ordering from the comfort of your own sofa.

You buy your marijuana in bulk from this deep web site, with the prices varying upon the strain and the amount of you buy. There are a couple of ways you can have your ganja delivered: either standardly through DHL (after being vacuum packed four times) or via drop shipping.

Second, Silk Road
Other online drug markets also exist on the deep web where you can pick up pretty much any kind of drug or chemical. The most famous of these is known as Silk Road and you can literally pick up what you want from this site. You name it, somebody has got it on here and you'll pay with your bitcoins and it'll arrive in an untraceable package a few days later. It really is that easy. Apparently there's a 97% success rate on this.

Silk Road is set up kind of like eBay or Amazon. There are buyers and sellers and each buyer and seller has their own feedback rating so when you're looking to pick up some LSD or salvia or whatever drug takes your fancy that day, then you'll have a look through the site, find a seller with good feedback for that particular chemical high and then pay them with a bitcoin and sit back and wait for it to turn up. It's that easy.

Three, Hire a Hit Man
Want to take out your boss, nagging wife or that journalist who wrote that awful review for your restaurant? Well if you've got the cash this person will do it for you. This is taken from one website on the deep web that offers this service and includes the differing prices of a hit. These prices are dependent on who the person is and what information you need to send so the hit can take place. The most popular hire an assassin sites are White Wolves and C'thuthlu.

Fourth, Buttery bootlegging
Buttery bootlegging is run by a Dangler who is good at stealing and apparently will steal anything that you can't afford or just don't want to pay for. There are loads of these rob-to-order pages in the deep web.

Fifth, The Human Experiment
The Human Experiment is a deep web site that details medical experiments that are performed on homeless people that are usually unregistered citizens. They're picked up off the street, experimented on and then usually die but they're homeless and unregistered so nobody misses them.

As with most of the deep web, there's actually some debate about whether The Human Experiment was real or just a parody site as it could quite easily be either given its location on the deep web. The Human Experiment

Sixth, Buy Weapons
There's a site known as Euroarms that lets you buy all kinds of weapons and have them delivered to your door courtesy of the deep web. Unfortunately for those of you that jumped out of your seat when you read that as you envisioned shooting up your school or blasting your boss away, the ammunition for these weapons is sold separately and you have to track that down on a different site.

Seventh, Buy Credit Card Information
The site you want is called Atlantic Carding and as with most services, the more you pay the more you get for your Bitcoin and so you can potentially get access to business credit card accounts and infinite credit card accounts.

Of course, a lot of the time when you're buying stuff online with a credit card you're going to need the user's details – including their name, address and social security number – and this is all available on the site if you're willing to pay the premium. Again, it's unknown if all this stuff is true and easily available online but the fact that any of this even might be real is pretty disturbing.

Eight, Betting on Fixed Sporting Events
It's long been theorized that many sporting events are fixed – especially stuff like horse racing – and that people in the know are able to bet on said events in order to line their pockets. It would seem that thanks to the deep web this no longer needs to be achieved by shady phone calls and crumpled up post-it notes, but you can simply log onto a site and they'll do it all for you.

The financial investment in this one is particularly hefty but if it pays off and it's real then you'll make it back in no time.

Many of the sites might be designed to fleece unwitting fools out of their Bitcoins anonymously because it's so easy, but you've got to think they wouldn't be able to after a while because people would start talking because they're not legit and their reputation would soon be in the drain.

Ninth, the Hidden Wiki
Mail order marijuana, hiring a hitman and getting someone to steal something for you, match fixing and buying weapons are all just the tip of the iceberg of the deep web as there's also the 'hidden wiki', which is apparently the portal to anything you've ever wanted on the deep web. It explains everything you ever wanted to know about the deep web and features a full list of .onion sites and a description of each one as well as a bunch of other interesting information about it.

Tenth, Recent Developments
Last summer, a whole bunch of hidden websites – possiblyas many as 50% – vanished off the deep web. This was linked to the takedown of a hosting operation in Ireland, allegedly connected to the United State's attempts to extradite an Irish citizen called Eric Eoin Marques for questioning over the distribution of child porn online. Of course, it's no surprise that the deep web is a hotspot for this kind of activity and it goes without saying that this is definitely not a good use for it. It also really pinpoints the debate over whether its existence should even be allowed at all.

Tor released the following statement regarding the breach: 'In the past, adversarial organizations have skipped trying to break Tor hidden services and instead attacked the software running at the server behind the dot onion address. Exploits for PHP, Apache, MySQL, and other software are far more common than exploits for Tor. The current news indicates that someone has exploited the software behind Freedom Hosting. From what is known so far, the breach was used to configure the server in a way that it injects some sort of javascript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect user's computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR [extended support release], on which our Tor Browser is based. We're investigating these bugs and will fix them if we can.'

As Tor said in their statement regarding this event, Tor is still safer and more anonymous than almost every other Internet browser out there, so it's probably still going to be used for a long, long time.

http://blog.mcafeeinstitute.com/the-ultimate-guide-to-the-deep-web

« Cyber Warfare: Technology backfires on the powerful.
Memex – The new search tool and for the Deep Web »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Social-Engineer

Social-Engineer

Social-Engineer is a team of outside–the–box thinkers that share a common focus on human-to-human social engineering.

BitRaser

BitRaser

BitRaser serves your needs for a managed & certified data erasure solution that can support internal & external corporate audit requirements with traceable reporting.

Crosscheck Networks

Crosscheck Networks

Crosscheck products allow you to test your APIs across different protocols and message formats with functional automation, performance, and security testing capabilities.

SMiD Cloud

SMiD Cloud

SMiD encryption technology has been developed following the highest security practices to allow the data availability, integrity and confidentiality.

Blancco Technology Group

Blancco Technology Group

Blancco Technology Group is a leading global provider of mobile device diagnostics and secure data erasure solutions.

Hellenic Accreditation System (ESYD)

Hellenic Accreditation System (ESYD)

ESYD is the national accreditation body for Greece. The directory of members provides details of organisations offering certification services for ISO 27001.

CyberInsureOne

CyberInsureOne

At CyberInsureOne, we break down the complex world of cyber insurance, and connect you with providers that can give you and your company peace of mind.

Extreme Protocol Solutions (EPS)

Extreme Protocol Solutions (EPS)

Extreme Protocol Solutions is an industry leading Data Sanitization Software, Hardware and Onsite Service Provider.

Abnormal Security

Abnormal Security

Abnormal is an API-based email security platform providing protection against the entire spectrum of targeted email attacks.

ITTAS

ITTAS

ITTAS is a multidisciplinary company specializing in information security and software and hardware protection software.

ClubCISO

ClubCISO

ClubCISO is a community of peers, working together to help shape the future of the information security profession by facilitating independent discussion on data security and cyber resilience.

LAVAAT

LAVAAT

At LAAVAT, our goal is to make it easy for our customers to build secure IoT devices without a need to invest considerably in embedded security and cryptography expertise.

Bright Pixel Capital

Bright Pixel Capital

Bright Pixel Capital is a venture capital company with a focus on Cybersecurity, Retail Technologies, Digital Infrastructure and Emerging Technologies.

NorthStar

NorthStar

NorthStar provide the visibility needed to track and reduce risk through risk-based vulnerability management and vulnerability exploit prediction.

Davinsi Labs

Davinsi Labs

Davinsi Labs helps companies achieve Digital Service Excellence with specialized Security Intelligence and Service Intelligence solutions.

Liquid C2

Liquid C2

Liquid C2 offers leading solutions to streamline workplace operations, secure cloud storage, rapid data recovery, and scale growth.