The Dark Web: What It Is And How It Works

Uploaded on 2017-04-21 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

We often hear about the dark web being linked to terrorist plots, drug deals, knife sales and child pornography, but beyond this it can be hard to fully understand how the dark web works and what it looks like.

So just for a minute imagine that the whole internet is a forest, a vast expanse of luscious green as far as the eye can see. And in the forest are well worn paths, to get from A to B. Think of these paths as popular search engines, like Google, allowing you as the user the option to essentially see the wood from the trees and be connected. But away from these paths, and away from Google, the trees of the forest mask your vision.

Off the paths it is almost impossible to find anything, unless you know what you’re looking for, so it feels a bit like a treasure hunt. Because really the only way to find anything in this vast forest is to be told where to look. This is how the dark web works, and it is essentially the name given to all the hidden places on the Internet.

Just like the forest, the dark web hides things well, it hides actions and it hides identities. The dark web also prevents people from knowing who you are, what you are doing and where you are doing it. It is not surprising, then, that the dark web is often used for illegal activity and that it is hard to police.

Technical Challenges

Dark web technologies are robustly built without central points of weakness, making it hard for authorities to infiltrate. Another issue for law enforcement is that – like most things – the dark web and its technologies can also be used for both good and evil.

So in the same way criminals use it to hide what they are up to, it can also help groups fight oppression or individuals to whistle blow and exchange information completely anonymously.

In fact, Tor, “free software and an open network that helps you defend against traffic analysis” and a critical part of the so-called dark web, has been funded by a range of Western governments, including the US.

A service like Tor, is global, in no one physical location, and is operated by no one commercial entity, which is typical of these technologies.

Theoretically, the only way to intercept communications sent via something like Tor is to install a “backdoor” in the application everyone uses. A backdoor is meant to provide a secret way to bypass an application’s protection systems, in a similar way to how people hide backdoor keys in flower pots in the garden in case they get locked out of their house.

However, the use of a “backdoor” could also allow any governments, even oppressive ones, to intercept communications. Indeed, cyber breaches have shown us that any backdoor or weakness can be found and exploited by hackers in order to steel people’s information, pictures and data.

Exploiting the Darkness

Of course, none of this is new, criminals have always found ways to communicate with each other “under the radar”. Mobile phones have been used by criminal gangs to organise themselves for a long time, and as a society we are comfortable with laws enabling police to tap telephones and catch criminals.

Unfortunately, infiltrating the dark web is not quite as easy as tapping the local telephone exchange or phone network. Because the dark web is quite unlike the telephone system, which has fixed exchanges and is operated by a small set of companies, making interception easier.

Even if tapping the dark web was a straightforward exercise, morally it is still fraught with questions. In the UK, the Investigatory Powers Bill, dubbed the snoopers’ charter, sets out the powers and governance for Law Enforcement over communications systems. 

However, the discussion of the bill has been impacted by the Snowden revelations which have demonstrated that society is not comfortable with mass, unwarranted surveillance.

This public distrust has led to many technology companies pushing back when it comes to accessing users’ devices. We have seen Microsoft take on the US government over access to email and Apple against the FBI when petitioned to unlock an iPhone of a known terrorist.

And yet some of these same communications companies have been harvesting user data for their own internal processes. Famously, Facebook enabled encryption on WhatsApp, protecting the communications from prying eyes, but could still look at data in the app itself.

For now, though, it is clear that we still have a long way to go until society, government, law enforcement and the courts settle on what is appropriate use of surveillance both on and offline. And until then we will have to live with the fact that the one person’s freedom fighting dark web is another’s criminal paradise.

WeForum

You Might Also Read:

A Quick Tour Of Cybercrime’s Underground:

The Dark Web Is Hidden In Plain Sight:

Stolen Health Records Flooding Dark Web Markets:

Cyber Criminals Are Making $200k A Month:

 

 

« The Next Big Conflict Will Turn On Artificial Intelligence
Cybercrime Cost The Global Economy $450Billion In 2016 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Vertical Structure

Vertical Structure

Vertical Structure services include Security & Penetration Testing, Information Assurance, Bespoke Training Programs and Secure Hosting.

RedTeam Security

RedTeam Security

RedTeam Security is a provider of Penetration Testing, Social Engineering, Red Teaming and Red Team Training services.

CERT.BY

CERT.BY

The National Computer Emergency Response Team of the Republic of Belarus.

Altius IT

Altius IT

Altius IT reviews your website for security vulnerabilities and provides a report identifying vulnerabilities and recommendations to make secure.

HYAS Infosec

HYAS Infosec

HYAS is a highly skilled information security firm developing the next generation of information security technology.

Charities Security Forum (CSF)

Charities Security Forum (CSF)

The Charities Security Forum is the premier membership group for information security people working for charities and not-for-profits in the UK.

Tetrad Digital Integrity (TDI)

Tetrad Digital Integrity (TDI)

TDI is a world-class consulting firm offering cybersecurity services to government agencies and commercial clients around the world.

Turnkey Consulting

Turnkey Consulting

Turnkey Consulting is a leading provider of Integrated Risk Management (IRM), Identity Access Management (IAM), and Cyber and Application Security.

Invicti Security

Invicti Security

Invicti Security is an AppSec leader transforming the way web applications are secured.

Wabbi

Wabbi

Wabbi’s continuous security platform centralizes, automates and orchestrates security governance and vulnerability management to empower development teams to own appsec.

Paubox

Paubox

Paubox offers secure, HIPAA compliant email and marketing solutions to fit the needs of modern healthcare organizations of every size.

ExtraHop

ExtraHop

ExtraHop's dynamic cyber defense platform uses cloud-scale AI to help enterprises detect and respond to advanced threats - before they compromise your business.

ID R&D

ID R&D

ID R&D is an award-winning provider of AI-based facial liveness, document liveness, and voice biometrics.

Astute Technology Management

Astute Technology Management

Astute Technology Management helps businesses take control of their technology and work with greater confidence.

LetsData

LetsData

LetsData uses AI to provide governments, intergovernmental organizations, civil society, and businesses with data-empowered decisions on communication in the age of online disinformation.

Afripol

Afripol

AFRIPOL was set up to strengthen cooperation between the police agencies of AU member states in the prevention and fight against organized transnational crime, terrorism, and cybercrime.