The Dark Web is supposed to be the Internet’s seedy back alley. But the real Dark Web is a lot more complicated than that. From TOR to the Silk Road and beyond, we investigate.
If our popular culture is to be believed, most people assume there’s a place online where the worst of the headlines you read about drugs, money laundering, murder for hire, and vast child pornography rings are born.It’s called many things, though “Dark Web” is the most dramatic.
Although it’s true that this Dark Web exists, it’s much larger and more diverse than merely these illegal activities.
What’s more, the same technology that makes it possible for such marketplaces to operate in secret is also protecting political dissidents overseas and hiding everyday Internet traffic from surveillance. It may be that this digital back alley is the path toward a more secure Internet.
Most people take the Internet at face value, but what most of us interact with is really just a slice of the information available called the Surface Web.
To get to the Dark Web we have to go deeper, away from the world of standard Web addresses and onto the anonymity network called Tor. When you click on a link in Google, you’re connected with the target information fairly directly.
Someone accessing the same site while connected through Tor would have their request bounced randomly through volunteer computers called nodes before exiting Tor and arriving at the site, making their online movements much harder to track.
Tor can be used to access sites on the Surface Web, but servers can also be assigned special addresses that can only be reached within the Tor network. These are called hidden services, and when we’re talking about the Dark Web, we’re mostly talking about these sites.
Of course, there are other services to hide online activity and even host hidden websites, but Tor is perhaps the most well known and well established.
Surprisingly, the onion routing protocol that powers Tor was originally developed by the U.S. Department of Defense.
Tor is now a volunteer-run nonprofit operation, but it makes no secret of its roots. A page on Tor’s history reads: “[Onion routing] was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others.”
Among those “others” are some of the Internet’s ne’er-do-wells. Some malware authors, for example, have used Tor to hide communication with their creations.
The anonymization of the Tor network is also attractive for people carrying out illicit online activities, such as selling and purchasing illegal merchandise. When you read about illegal websites selling drugs, weapons, and child pornography, it’s a safe bet that those websites are hosted within Tor.
A few years ago, if you tried to browse the Internet through Tor, it would be a very slow and very painful experience.
Tanase and his fellow Kaspersky associate Sergey Lozhkin are digital security experts based in Moscow. That part of the world produces huge amounts of spam, malware and cyberattacks, but just so happens to also produce some of the best minds in digital security in almost equal proportions.
Tanase and Lozhkin have a unique perspective on the hidden ecosystem of the Dark Web. Although the Surface Web has search engines to index its contents and connections, there was no map of the Dark Web on Tor. Tanase and Lozhkin set out to create one.
“We started with a list of known hidden websites hosted within [Tor], so we’ve been crawling, accessing these websites and looking for links to other websites,” says Tanase, describing their process of mimicking Google’s approach in mapping the Surface Web.
Though the number of hidden services on Tor is relatively small compared with the Internet at large (Tanase describes it as containing “thousands but not tens of thousands of websites”), the researchers say the Dark Web will remain a bit of a mystery, even after their explorations.
“There are a number of sites that go offline every day and some that are available for months or weeks,” says Lozhkin.
“In the next few hours, the sites with the same content can be available on a completely different address.” The relative difficulty in simply finding hidden services, in addition to the anonymity provided by Tor, feeds the Dark Web’s aura of mystery. Not to mention the exclusivity of its illegal offerings.
But even that’s changing. These days, you can download a specially modified Web browser from Tor that requires little to no technical know-how to use. The Dark Web is nearing drag-and-drop simplicity.
There’s even an officially supported Android client you can use to access Tor on the go. Using tactics similar to those of the Kaspersky researchers, search engines have begun to appear within the Dark Web over the last year or two.
“They’re like Google,” says Lozhkin. “Search whatever you like. I dunno, malware, drugs, stuff like this, and get links right away.”
This is what most people imagine the Dark Web to be: an electronic black market where anything is available. And the researchers confirm that all that—and worse—is available on websites hidden within Tor. Drugs, guns, and even rhinoceros horn are for sale on the Dark Web, but those still require the physical exchange of goods.
The Dark Web is, without question, far more dangerous when it comes to easily distributing illegal digital material, such as child pornography. In 2011, the Dark Web child pornography marketplace Lolita City made headlines when activists from Anonymous knocked the site offline and released information about its patrons.
At the time, it was reported that the site hosted more than 100GB of sexual images of children as young as toddlers. When Eric Eoin Marques, the operator of a Tor-based webhosting service called Freedom Hosting (which hosted Lolita City and was also attacked by Anonymous), was arrested in 2013, the Irish newspaper The Independent wrote that Marques’ customers used the service to share “graphic images [depicting] the rape and torture of prepubescent children.”
Silk Road, which was hosted as a hidden service within Tor, vanished from the Internet in October 2013, and its alleged operator, Ross William Ulbricht (who operated the site under the name The Dread Pirate Roberts), was arrested in short order.
It’s surprising, because the site appeared bulletproof for so long.
In the case of Silk Road and its successor, Silk Road 2, law enforcement probably didn’t find a secret weakness within Tor. They didn’t do anything with the Tor network or architecture. Rather, the Feds likely got what they needed from undercover agents.
Or maybe loose lips sank Silk Road’s ship. The owners of Tor nodes sometimes chat on hidden forums. These guys like to talk, and what they talk can be used against them. It’s worth noting that, as of this writing, another spinoff of Silk Road called Silk Road Reloaded has reportedly appeared on an anonymous network called I2P.
In the case of Silk Road, sloppy mistakes almost certainly played a part. Tanase says Silk Road’s operator was managing the server from an Internet café and connecting to that server directly, not through Tor. Ironically, these are the kind of simple mistakes that criminals frequently exploit in order to attack companies and individuals.
Of course, there are far more exotic attacks to use to expose the machines serving up hidden websites within Tor.
Tanase says that if a single entity were in control of the bulk of the Tor nodes, they could trace traffic through the whole system. “No malicious actor or agency can do this, but the more nodes you can monitor, the greater the chances,” says Tanase. As of this writing, there appear to be approximately 6,500 Tor nodes.
Tanase and Lozhkin describe an even more audacious scheme to locate hidden services on Tor. It would require selecting all the IP addresses in a certain range—say, all the IP addresses within a country—and methodically flooding them with fake requests in a massive distributed denial of service (DDoS) attack.
While that’s going on, the attackers would carefully monitor the status of a hidden Tor website. When it went down or experienced a noticeable spike in traffic, they’d know they’ve hit on the right group of IP addresses.
All the attacker would need is some hint as to where the server might be located in order to begin the attack. That’s exactly the kind of information that could be obtained from an undercover agent, or from stalking hidden forums where Deep Web operators chat.
Pulling off attacks like this would require vast resources and the will to break into Tor. Conspiracy theorists can fill in their favorite nation-state or three-letter agency of choice. Of course, that assumes that whoever would attack Tor would allow it to survive.
Those adversaries include law enforcement, but not always the kind that’s involved in busting drug rings or prosecuting human traffickers.
Its spies, the nation-states they work for, and the increasingly capable electronic expressions of force available to those states. That’s because the same protection Tor provides to criminals can also be used to circumvent censors and nationally imposed restrictions on the Web.
Though it’s U.S. law enforcement that most recently gutted Tor’s hidden services, various branches of the federal government and DoD continue to support Tor financially.
In 2014 it received funds from the U.S. Department of State Bureau of Democracy, Human Rights, and Labor, and the National Science Foundation.
Previous donors include the Naval Research Laboratory and DARPA. It’s clear that the U.S. government still sees value in Tor, no doubt in supporting this country’s continued stated mission to promote free speech (and dissent) abroad. It’s also possible that it’s a handy, free, off-the-shelf tool for intelligence agents.
Like any technology out there, Tor is a double-edged sword. It has its good parts and its worst parts. It’s up to security researchers, to try to clean it up. To make sure it’s only being used for good stuff.
In the process of writing this piece, I did traverse the Dark Web. I beheld the smoking ruins of Silk Road—now just a placeholder image left by U.S. law enforcement officials.
I’ve seen a site that promises to kill the person of my choice for a few thousand dollars. I’ve priced out automatic weapons in bitcoins. I’ve seen links that seemed to promise underage pornography (but I didn’t click on any of them).
It’s disgusting, but a lot of it is elusive. Most of the links are dead, and many of the sites I can visit don’t inspire the same kind of confidence that eBay or Amazon do. Though there’s something spooky about the matter-of-factness of a site that claims to offer murder at reasonable rates, I don’t know if any of this is real.
Accessing a website that is only viewable while my traffic is bounced around doesn’t necessarily mean that the site’s owners—if they exist—can follow through on their promises.
What’s more, the Surface Web isn’t exactly a paragon of upstanding behavior. A cursory Google search will reveal thousands of sites devoted to violent and racist causes. It’s almost impossible to visit a website without advertisers collecting your data, and loading a legitimate website can trigger the download of malicious software.
That’s not to mention mass surveillance from nations like the U.S., or countrywide censorship like what’s seen in China or Iran.
That makes me wonder what the Internet would be like if it were more like the Dark Web. Our Web would, at least in theory, be free from state-sponsored censorship and more secure by design. A lot of what we take for granted in our current economy—the passive gathering of personal data by companies for profit, for example—would vanish.
But capitalism adapts. So does law enforcement, as Silk Road demonstrated.
The Internet as we know it now is a far cry from the simple collection of labs and universities that were first linked together in ARPANET, but the underlying technology isn’t so different.
Reinventing the Web as a tool for communication, but also one with built-in privacy, doesn’t seem like such a bad idea in today’s world, where the Web plays as much a role in defining us as our jobs and haircuts.
Perhaps it’s not surprising that, in this environment, Tor and the Dark Web are growing.
The number of volunteer nodes through which Tor traffic is routed has steadily increased.
Nonetheless it’s very unlikely that Tor and the Dark Web will ever eclipse the Surface Web in size… but who know what the future holds? Everyone wants privacy, right?
What are your thoughts about the dark web?
Please share your thoughts in the comments below.
Geoffrey is an experienced software developer and open source evangelist. When not coding he writes and talks about current technology trends, small business tips and developer productivity hacks. He is no coffee addict.
Top 17 Best Selling Ethical Hacking Courses on PluralSight in 2018
How VPN Unblocks Region-Restricted Contents Online
9 Skills That Will Get You a Junior Penetration Tester Job
How to Browser the Internet Anonymously Using the Tor Browser
How to Enable and Delete Cookies on Your Browser
Top 9 Bestselling Ethical Hacking Courses on Udemy