What exactly is the Dark Web? We hear about it in movies (Nerve certainly oversimplified it) and we hear about it in the press (you know, that scary place on the Internet, where bad things happen). Whatever the truth, more than 2 million users access it on a daily basis. Makes you wonder what all the fuss is about, right?
You’re probably familiar with the iconic iceberg picture, that illustrates the difference between the web as we know it (what’s above sea-level, in other words, ‘the surface’) and… well, the rest that we don’t really know of (unless ‘we’ were to refer to an ethical or not-so-ethical group of hackers). This hidden part of the iceberg is what we call the Deep Web, a huge invisible pool of websites deemed off-the-grid as they cannot be accessed through any search engine.
Whereas the image of a giant block of ice makes the concept of surface/deep web easy to understand, we (as cybersecurity experts) tend to think of it as rather mild when it comes to explaining the far-end of the Deep Web, the so-called Dark Web. Yes, indeed, if we were to take our pick of existing references, we’d definitely say that the bottom layer of the iceberg is more of a modern day version of Dante’s Inferno. Obviously, we’re not dealing with the 9 circles of Hell as the Italian poet initially envisioned, but rather with 9 circles of cyber-anonymity, fostering all kinds of illegal types of activities.
In their quest of opening the gate to the Dark Web and access all of the above, users rely on special software (such as Tor, Freenet and I2P). Of these, the most popular is Tor (originally called The Onion Router, as the logo easily suggests), mostly because of how easy it is to use. Tor even goes as far as downloading itself as a bundle of software that includes a version of Firefox configured specifically for the use of onion browsing.
If you’re curious to know what happens in the background when someone uses Tor, just look at the image below. It briefly explains how the onion software ensure anonymity and privacy.
Simply put, all incoming and outgoing data passes through a network of connected Tor relays. As the data hops from one node to another, it is encrypted in a way that each relay only knows about the machine that sent the message and the machine it is being sent to.
While we’ve established that tools such as Tor are the key to opening the door to the dark side of the Internet, the hidden web wouldn’t be by far such a popular place if it weren’t for one more little thing: the dawn of untraceable currency. The emergence of the cryptocurrency payment system better known as bitcoin in 2009 is, if not to exaggerate, the fuel than keeps the Dark Web turning. This peer-to-peer system ensures that transactions take place between users directly (see image below). The operations are then recorded in a public distributed ledger (a database in which storage devices are not all attached to a common processor) called the blockchain.
The Dark Side of the Internet: Devil roaming wild
Whereas cybercriminals, perverts and other types of fraudsters inhabiting the Dark Web make up for the majority of its users, 5.2% is filled with journalists and hacktivists trying to fight injustice and opt for a comforting anonymity for reasons we can so well understand.
Bottom line, the Dark Web can be, indeed, a hellish place, but the reality isn’t completely pitch dark. Perhaps the best definition we’ve stumbled upon was given to us by Wired : ‘the dark web is a small collection of sites that reflect the limited number of good, bad, and downright weird humans that use it’ (credits to the author, Joseph Cox). One of the points Cox also stresses upon in his article is that, while Tor acts as an online invisible cloak, the information you share can still be retrieved. So if you use you real email address, there’s always a chance law enforcement can use it to trace illegal activities. That is precisely why many choose to use fake aliases while surfing the Dark Web.
And while the threat of law enforcement would suffice to scare even the bravest of us, recent acts show that the lower circles of the Dark Web are also targeted by their very own onion-peers. Last week, Anonymous hackers managed to take down 10,613 Dark Web portals. According to an OnionScan report issued in 2016, the number of onion sites left in the dark (ironically so) amounts up to approximately 20% of the Dark Web.
With a solid excuse to back up their actions, hackers breached Freedom Hosting II (FHII), one the most popular providers of the hidden web, revealing the horrors that lurked behind it. Obviously, the biggest fall in the history of the Dark Web did not go unnoticed. All the websites interconnected by FHII’s underlying infrastructure were defaced with the same message, showing that not everyone agrees with how the hidden web is being managed:
Source: Bleeping Computer
According to the above note, hackers claim to have found huge amounts of child pornography hosted on the company’s servers. It appears that initially, the hackers sent out a different defacement message, asking Freedom Hosting II to pay 0.1 Bitcoin (roughly $200) in order to recover their data. They later changed their mind and decided to dump the data publicly, which is now available for download as torrent files.
The Anonymous hackers claim to have downloaded 74GB of files and a database dump of 2.3GB. In an interview with Vice, one of the whistleblowers (that should be the term for it, right?) stated this was his first hack ever. The latter also claimed that what also triggered the entire action was the fact that nearly half of the total FHII files were all of pedophiliac nature.
The Dark Side of the Internet: Glimmer of Hope
You’ll be glad to hear this certainly isn’t the first time digital vigilantes have targeted child pornography sites on the Dark Web. Another Anonymous-linked campaign hunted out infant abusers last year, and in 2014, a hacker deleted links to child pornography on a popular Tor-based wiki.
The first and original Freedom Hosting was also hacked using a DDoS attack by Anonymous in 2011, for the same reasons of hosting child pornography portals. After learning of its existence, the FBI used a misconfiguration in the Tor Browser setup to identify visitors to these sites and later took down the entire service. At that time, the first Freedom Hosting hosted around half of all Dark Web URLs.
With respect to the FFII hack, security researcher Chris Monteiro has analyzed some of the dumped data. According to his findings, .onion URLs hosting botnets, fraud sites, sites peddling hacked data, weird fetish portals, more weird stuff and child abuse websites were all discovered. All this on top of what Anonymous had already defaced in their note. Upside to this story? Given the number of times the word ‘botnet’ appears in the data, the attack on Freedom Hosting II most likely disrupted a number of large existing botnets.
But that’s just an added bonus to the story. This chain of hacking incidents targets mostly those feeding on pedophiliac material and there’s no mistaken as to why. Some sins cannot go unpunished even on the Dark Web.
Should we dare hope? Don’t be mistaken – except for taking down a child-molesting network, ‘good deeds’ are very scarce on the Dark Web.
One thing is for sure though – the hidden part of the internet is very much like its real life equivalent – more brutal than we’d like to imagine. Human and drug trafficking, prostitution and so on have all been going on for much longer. In a sense, the Dark Web is a merely a digital reflection of what goes on in the shadows around us. While there are people trying to make the world a less ‘darker’ place, there are also those trying to plunge it further into the depths of hell.
Just recently, a Dark Web marketplace going by the name of ‘Hansa’ announces a bug bounty, in a bid to secure its business from hacking. The marketplace allows for the trading of stolen credit cards, drugs and other shady dealings. Hansa has invited security researchers to seek out vulnerabilities in its system which can be worth up to 10 Bitcoins which could lead to users, vendors or administrators. Quite the beefy reward.
So what do you think? Will those darker circles of the Dark Web only grow wider? Or will they continue to be knocked out every time they reach a peak? Don’t hesitate to leave a message in the comment section. The Onionland is a topic we should talk more about. After all, a subject is only taboo as long as we keep avoiding it. Learning how to combat cybercrime should rely more on understanding the space in which online perpetrators operate. Know ‘thy enemy, is it not?
If you’re interested in knowing more about how the Dark Web works and we’re it’s heading, we recommend you to watch this TedTalk video by Alan Pierce, journalist, broadcaster and author specializing in the Deep Web:
 Tor relays are also referred to as “routers” or “nodes.” They receive traffic on the Tor network and pass it along.
 A node is a basic unit used in computer science. Nodes are devices or data points on a larger network. Devices such as a personal computer, cell phone, or printer are nodes. When defining nodes on the internet, a node is anything that has an IP address. Source : Wiki