The Dark Web Is Hidden In Plain Sight

Uploaded on 2017-02-27 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law

Sites on the so-called Dark-Web, or Darknet, typically operate under what seems like a privacy paradox: While anyone who knows a dark web site’s address can visit it, no one can figure out who hosts that site, or where. It hides in plain sight.

But changes coming to the anonymity tools underlying the darknet promise to make a new kind of online privacy possible. Soon anyone will be able to create their own corner of the internet that’s not just anonymous and untraceable, but entirely undiscoverable without an invite.

Over the coming months, the non-profit Tor Project will upgrade the security and privacy of the so-called “onion services,” or “hidden services,” that enable the Dar net’s anonymity.

While the majority of people who run the Tor Project’s software use it to browse the web anonymously, and circumvent censorship in countries like Iran and China, the group also maintains code that allows anyone to host an anonymous website or server, the basis for the darknet.

So what is the Darknet or Dark Web?

The Dark Web is a term that refers specifically to a collection of websites that exist on an encrypted network and cannot be found by using traditional search engines or visited by using traditional browsers.

Almost all sites on the so-called Dark Web hide their identity using the Tor encryption tool. You may know Tor for its ability to hide your identity and activity. You can use Tor to spoof your location so it appears you're in a different country to where you're really located. When a website is run through Tor it has much the same effect.

Indeed, it multiplies the effect. To visit a site on the Dark Web that is using Tor encryption, the web user needs to be using Tor. Just as the end user's IP address is bounced through several layers of encryption to appear to be at another IP address on the Tor network, so is that of the website. So there are several layers of magnitude more secrecy than the already secret act of using Tor to visit a website on the open internet - for both parties.

Thus, sites on the Dark Web can be visited by any web user, but it is very difficult to work out who is behind the sites. And it can be dangerous if you slip up and your identity is discovered.

Not all Dark Web sites use Tor. Some use similar services such as I2P, such as the Silk Road Reloaded. But the principle remains the same. The visitor has to use the same encryption tool as the site and, crucially, know where to find the site, in order to type in the URL and visit.

Infamous examples of Dark Web sites include the Silk Road and its offspring. The Silk Road was (and maybe still is) a website for the buying and selling of recreational drugs. But there are legitimate uses for the Dark Web. People operating within closed, totalitarian societies can use the Dark Web to communicate with the outside world.

And given recent revelations about US- and UK government snooping on web use, you may feel it is sensible to take your communication on to the Dark Web.

The Dark Web hit the headlines in August 2015 after it was been reported that 10GB of data stolen from Ashley Madison, a site designed to enable bored spouses to cheat on their partners, was dumped on to the Dark Web.

Hackers stole the data and threatened to upload it to the web if the site did not close down, and it has now acted on that threat. Now the spouses of Ashley Madison users have begun to receive blackmail letters demanding they pay $2500 in Bitcoin or have the infidelity exposed.

In March 2015 the UK government launched a dedicated cybercrime unit to tackle the Dark Web, with a particular focus on cracking down on serious crime rings and child pornography. The National Crime Agency (NCA) and UK intelligence outfit GCHQ are together creating the Joint Operations Cell (JOC).

What is the Deep Web? Dark Web vs. Deep Web

Although all of these terms tend to be used interchangeably, they don't refer to exactly the same thing. An element of nuance is required. The 'Deep Web' refers to all web pages that search engines cannot find. Thus the 'Deep Web' includes the 'Dark Web', but also includes all user databases, webmail pages, registration-required web forums, and pages behind paywalls. There are huge numbers of such pages, and most exist for mundane reasons.

We have a staging version of all of our websites that is blocked from being indexed by search engines, so we can check stories before we set them live. Thus for every page publicly available on this website (and there are literally millions), there is another on the Deep Web.

Use an online bank account? The password-protected bits are on the Deep Web. And when you consider how many pages just one Gmail account will create, you understand the sheer size of the Deep Web.

This scale is why newspapers and mainstream news outlets regularly trot out scare stories about '90 percent of the Internet' consisting of the Dark Web. They are confusing the generally dodgy Dark Web with the much bigger and generally more benign Deep Web. Mixing up the act of deliberately hiding things, with that of necessarily keeping pages away from search engines for reasons of security or user experience.

What is the Dark Internet?

Confusingly, 'Dark Internet' is also a term sometimes used to describe further examples of networks, databases or even websites that cannot be reached over the internet. In this case either for technical reasons, or because the properties contain niche information that few people will want, or in some cases because the data is private.

A basic rule of thumb is that the phrases 'Dark Web' or 'Deep Web' are typically used by tabloid newspapers to refer to dangerous secret online worlds, the 'Dark Internet' is a boring place where scientists store raw data for research. The Deep Web is a catch-all term for all web pages that are not indexed for search, the others refer to specific things.

How to access the Dark Web

Technically, this is not a difficult process. You simply need to install and use Tor. Go to www.torproject.org and download the Tor Browser Bundle, which contains all the required tools. Run the downloaded file, choose an extraction location, then open the folder and click Start Tor Browser. That's it. The Vidalia Control Panel will automatically handle the randomised network setup and, when Tor is ready, the browser will open; just close it again to disconnect from the network.

Depending on what you intend to do on the Dark Web, some users recommend placing tape over your laptop's webcam to prevent prying eyes watching you. A tinfoil hat is also an option.

The difficult thing is knowing where to look. There, reader, we leave you to your own devices and wish you good luck and safe surfing.

And a warning before you go any further. Once you get into the Dark Web, you will be able to access those sites to which the tabloids refer. This means that you could be a click away from sites selling drugs and guns, and, frankly, even worse things.

Wired:             PCAdvisor:

Stolen Health Records Flooding Dark Web Markets:       Tor: Mystery Spike In Hidden Addresses:

The Dark Web: anarchy, law, freedom and anonymity:

 

« Cyber Incidents Hit 85% Of Global Companies
Visualisation Tech Helps Police Process Complex Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LogRhythm

LogRhythm

LogRhythm's security platform unifies SIEM, log management, network and endpoint monitoring, user behaviour analytics, security automation and advanced security analytics.

Help Net Security

Help Net Security

Help Net Security has been a prime resource for information security news and insight since 1998.

Cigniti Technologies

Cigniti Technologies

Cigniti Technologies provides Independent Software Testing (IST) Services including software security testing.

CyberSmart

CyberSmart

CyberSmart is a platform that allows you to maintain compliance, achieve certification and secure your organisation.

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

T-ISAC Japan coordinates information sharing and activities related to ISP/telecommunications network security in Japan.

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

Cyber Security Expo

Cyber Security Expo

Cyber Security EXPO is a unique one day recruitment event for the cyber security industry.

IoT Defense

IoT Defense

IoT Defense (IOTD) is a cybersecurity and networking company building solutions that enable the protection of networks and the ever-increasing prevalence of IoT devices.

Startup Capital Ventures

Startup Capital Ventures

Startup Capital Ventures is an early stage venture capital firm with a focus on FinTech, Cloud/SaaS, Security, Healthcare IT, and IoT.

Angoka

Angoka

Angoka provide hardware-based solutions for managing the cybersecurity risks inherent in machine-to-machine communication networks.

Adit Ventures

Adit Ventures

Adit Ventures is a venture capital firm with a focus on dynamic growth sectors including AI & Machine Learning, Big Data, Cybersecurity and IoT.

Cyber Dacians

Cyber Dacians

Cyber Dacians offers Information and Cyber Security Consulting Services. We help you to test the effectiveness of your security defenses and build a secure infrastructure.

Riot Security

Riot Security

In today's world, most successful cyberattacks start by a human failure. Riot have developed a platform that makes it easy to prepare your employees for cyberattacks, in a way they love.

FluidOne

FluidOne

FluidOne are an award-winning Connected Cloud Solutions provider. We design tailored solutions to help customers and partners digitally transform their IT and communications.

Var Group

Var Group

Var Group is one of the main partners for innovation in the ICT sector in Italy.

Cyber & Data Protection

Cyber & Data Protection

Cyber & Data Protection Limited supports Charities, Educational Trusts and Private Schools, Hospitality and Legal organisations by keeping their data secure and usable.