THE DARK SIDE OF THE WEB

With an increasing number of stolen products ending up on ‘underground’ websites, Vigilant invited two leading open source intelligence experts to explain more about the workings of the so-called Dark Web and what goes on in the shadier corners of the Internet.

We hear a lot about the Dark Web in the news. One recent example is news of the arrest and conviction of Ross Ulbrecht, founder of the Silk Road dark marketplace in the USA.

Ultimately, the Dark Web is part of the Internet which requires a different browser platform to access it, namely Tor, which stands for The Onion Router. Tor was developed by the US Naval Research Laboratory in the mid 90’s for the purpose of protecting US intelligence communications online. It uses a network of volunteers to act as relays to pass encrypted communications through many layers, making the requester invisible to the source of the supplied information. This process also hinders the indexing and referencing of sites using Tor, thus search engines such as Google, Bing or Yandex only provide very limited results to search requests. 

It is worth considering that Tor is still 80% funded by the US State Department, although the organisations that run Tor are keen to stress that they are totally independent, despite the government funding!

It is possible to get some search results from a simple search string on Google by typing in “site:onion.to” (without the quotations), but this will only provide limited results. Be careful not to click on any of the search engine results though, as this may expose your IP address and whereabouts! 

Built around the Firefox browser architecture, Tor is easily downloaded and is free software provided at www.torproject.org. The main difficulty lies in how one may search for relevant information and websites, as this is not as straightforward as using the Web. There are a number of Tor search engines such as Ahmia, Torch and Grams that seek to assist, but many provide only limited results. 

However, don’t panic as there are many experts out there that spend a large amount of time on the Dark Web, confidently navigating it to gather evidence and intelligence around the many nefarious activities of criminality. Bear in mind, however, that not all websites on the “hidden Internet” are bad. There are also academic websites, student projects and journalist websites. Even Facebook have a presence!

Users should be wary of venturing onto Tor without full knowledge of how to do so safely. Visiting any of these dark sites may cause policy, security or reputation issues for companies if they are not prepared for it, with some sites being run by law enforcement as honey traps!  Just this month, the UK Home Secretary Amber Rudd has officially recognised the Dark Web threat to the UK, declaring that action should be taken against it. She described the online space as a "dark and dangerous place where anonymity emboldens people to break the law in the most horrifying of ways” and that "It is a platform of dangerous crimes and horrific abuse”.

The Dark Web hosts many different types of products and services, with the majority of these being too risky for vendors to sell on the surface web.

Dark Markets

Dark Markets offer users of the Tor browser opportunities to buy illicit goods and services online. In some cases, purchases can be made without the creation of an account, whereas some others require an email and login. There are easily obtained anonymous email accounts on the Dark Web, although many turn to the secure and ultra-discrete ProtonMail service on the surface web.

Within dark markets there are products and services available. Here are some common examples of products that appear frequently:

Guns and ammunition: There are various types of guns for sale, including pistols, rifles and automatic weapons, along with appropriate ammunition. It is not uncommon for vendors to take a partial payment for an automatic weapon and then to ship it in component form, with the final parts being delivered on receipt of the final payment. One of the reasons for shipping guns in component form is to reduce the risk of arms being identified by x-ray machines.

Drugs & Pharmaceuticals: The Dark Web offers a platform for individuals to buy illegal drugs and medicines anonymously. The quality and safety of these drugs is questionable, with evidence of many “medicines” containing poisonous substances and animal faeces, along with other undesirable content. It’s also quite common for some prescription type drugs to be found overtly for sale on the surface web. There is also evidence that drugs tend to be cheaper online than those bought face-to-face from a dealer, perhaps mirroring the differences between legal online stores and shops on the high street, where goods tend to be cheaper online. There are several recent reports that the international shipment of drugs is reducing by a considerable amount, with users preferring to purchase through domestic markets. The main reason for this is that they consider this to be lower risk for themselves. One country that currently bucks this trend is Germany, where they tend to trust buying their drugs online from the Netherlands.

Financial fraud & fake documents: On the Dark Web, stolen and fake credit card sales are huge and easily found. These can sometimes be bought in bulk and can assist criminals with other illegal activities, such as purchasing web services, buying computers or paying for services. Fake documents can include the sales of identity cards and passports. The quality of fraudulent documents bought on the dark web can be variable but continues to be big business. Hacked Paypal account details are frequently sold, alongside details for hacked social media accounts and other online shopping accounts.

There are many other services and products available, and one could write a whole book describing them, not forgetting dark forums that are notorious for information on activities, such as bomb making and hacking.

It is possible that many products stolen in cargo thefts end up on dark markets. For example, there are many Dark Web vendors selling smartphones, gaming consoles and laptops in exchange for payment using crypto-currencies, such as BitCoins, so in some cases goods stolen from supply chains are highly likely to be sold on and shipped again via the logistics network. For any TAPA members wanting to look for stolen goods on dark markets, it is advisable to ensure adequate precautions are taken to protect both the organisation and the individual who plan to do it. The person should ideally be trained on how to approach the Dark Web safely, along with how to find the required websites, which is much more difficult than using Google!

Policing the Dark Web is an ongoing challenge due to police budget cuts and ongoing technical challenges. Dutch law enforcement successfully took down the Hansa dark market website, along with capturing a wealth of intelligence about its users, but there are many still running. It is hoped that this type of success by law enforcement may erode users’ confidence in using the Tor browser to access the Dark Web, but in return new alternative services are appearing, so the challenge goes on.

Authors

David Benford is an internationally-renowned open source intelligence and digital investigation expert based in the UK. He is a special officer in UK law enforcement and is Managing Director of Blackstage Forensics Ltd. David works with law enforcement, corporate, military and diplomatic institutions around digital investigations.

Tony Martinez is a former UK senior law enforcement officer and is a highly-respected expert on the Dark Web and an open source intelligence specialist. He was a member of an investigative section recognised within law enforcement as a centre of excellence in the field of covert work, gaining a wealth of experience managing some of the most complex cybercrime investigations.