Beyond Tor: Examining the Uncharted Corners of the Dark Web

More Than Tor: Deep Dive Into the Dark Web with Ben Brown Veracode

Discussions about the darknet or dark web are typically centered around the Tor network, and the data from breaches, password dumps, and hacked emails that can be found there. There is little focus or discussion about the other extant darknet frameworks, and the fact that the dark web is actually comprised of multiple networks designed for specific underground activity. While Europol reports and high-profile takedowns of Tor services en masse has indicated the activity is, indeed, dark, this is not always the case when you look at the dark web in its totality.

The dark web is a complex, layered environment that raises equally complex interplay involving free speech, capitalism, and potential illicit or criminal activity. It is also home to what could be considered hobbyist uses: anonymous chess over I2P, puzzle and art installments, underground market offerings for bags of beach sand or pet bricks, and John Wayne fan sites. The dark web’s networks are made up of active users from around the world, and in addition to finding hackers for hire, you can also find legitimate advanced courses from technologists who help to dissect cyberthreats.

Each darknet was created with different intentions and ideas in mind, with developers who possess different goals for the network’s use. While one is popular with hacktivists, another is preferred by cybercriminals looking for profit, and another for fringe groups and crypto enthusiasts. New darknet frameworks are emerging and will continue to emerge into the distant future.

Here we examine some of the frameworks that exist, and what the activity in each framework reveals about the varying motivations of its users, offering a more complete and realistic understanding of the dark web’s ecology.

A Closer Look at Dark Web Frameworks

Tor’s stated goals are to protect your privacy and defend yourself against network surveillance and traffic analysis. Another major, and more recent, goal is to bring wider access to anonymous web browsing through increasing user-friendliness. This is not something you see as a major goal for the darknets other than Tor and OpenBazaar. Tor gets lots of media attention for terrorism, but this is not necessarily a valid perception. I didn’t observe much in the way of terrorist activity, and this darknet is driven by what’s for sale, which includes hacking for hire, tools for sale, and activity related to money-laundering services. The audience here is primarily made up of English speakers.

Freenet is a peer-to-peer platform for censorship-resistant communication and publishing, and focuses heavily on the promotion of freedom of speech over censorship, copyright, and takedown. It is here I uncovered documents like handbooks and information from terrorist organizations, and even an assassination plan and other extreme activity. Freenet is driven by ideology rather than financial motives, and it has a number of social platforms and chat systems. Its users tend to lean toward a small or non-intrusive government, and it is popular with crypto activists. On this darknet, we have not found anything for sale in our research, likely because its users give away useful information. It is home to hacked documents, including leaked, confidential TTIP negotiation documents; internal Diebold emails about how their voting machines are flawed; pre-written Spectre exploit code and guide; and data or document dumps that are public. To date, it has resisted any external takedown attempts.

I2P project is a popular darknet for multiple self-proclaimed factions of Anonymous, and other self-described hacktivists. In fact, its stated mission is that it is intended to “protect communication from dragnet surveillance and monitoring by third parties such as ISPs” and is “used by many people who care about their privacy: activists, oppressed people, journalists and whistleblowers, as well as the average person.” The content is primarily in Russian, Chinese, and English, and includes an archive of past classes for hactivists that cover hacking and different techniques. Some of the talks still have the names of the presenters on them, including on a course on advanced web application hacking given by a researcher from a top technology firm. This darknet also includes a chat portal, access to a DDoS tool, and a web application vulnerability scanner.

As I researched I2P, I also found a cryptocurrency that I had not previously run into called GOSTcoin, which is a branch of anoncoin and has a small clearnet footprint. It was developed specifically for I2P use and is allegedly based on Russian Government cryptography, though I haven’t yet audited the code to verify this claim. It has a very light presence on Facebook, Twitter, LinkedIn, and in some cryptocurrency forums.

OpenBazaar is one of the newest dark web frameworks, and its purpose is to offer a feeless, peer-to-peer marketplace that leverages cryptocurrencies for transactions. There are some illicit offerings, including drugs, hacking tools, books and services, stolen media streaming accounts, and bulk social media accounts. However, the majority is the more mundane, like original artwork, jewelry, clothing, books, and health supplements. There is a wealth of interesting information based on geographies and language use can help us contextualize these frameworks and their underpinnings and offerings.

Is the Dark Web the Future of the Internet?

We are still a long way from the Dark Web taking a place as a mainstream means of accessing the worldwide web. These technologies are overlay networks, and they require the regular, clearnet internet to operate. Some meshnet projects have shown progress and are able to operate separately; however, they are still in their infancy and have relatively few users. When the dark web is discussed by the media or public sector, they often invoke an image of some hidden and shielded den of crime populated by anonymous ne’er-do-wells engaged in illicit affairs.

While this narrative is useful for getting views and justifying budgets, it can also lend itself to skewed threat modeling and unfocused alarm. The majority of the content I found in my research was, in most cases, rather benign. The criminals offering or seeking illicit goods or services were present on each of the darknets, but made up a small minority of the network activity and content. Much more of this type of commerce is found on the clearnet (typically in forums, many with vetting systems).

The dark web should have a place in many entities’ risk analysis and threat modeling, but it is important to understand both the sort of content that is contained or trafficked there, and the scale of this activity when compared to other theaters such as meatspace, telecom systems, or the clearnet. With that, remember that buying weapons is much easier and less expensive through legitimate venues or off the street, human trafficking is by and large the domain of word of mouth and Craigslist-like clearnet sites, and there are no legitimate hitmen for hire on the dark web, no matter what the media may say.

To learn more about each of the dark web frameworks and my analysis, download my research paper, “More Than Tor: A Deep Dive.”

*** This is a Security Bloggers Network syndicated blog from RSS | Veracode Blog authored by [email protected] (bebrown). Read the original post at: