Dark Web: The Elephant in The Room

The dark web, which was first used by US in 1990s to secretly exchange information and restrict people from eavesdropping the system has now long been exploited by criminals to anonymously establish markets for everything from kidnapping, extortion, to releasing banned and pirated movies and series, etc.

Gaps in control and monitoring mechanisms is leading fraudsters to new types of crimes and what’s concealing them is the dark web, a network built in parallel to the internet. The dark web is encrypted and not listed by search engines, allowing users to access the internet in a way that is difficult to monitor. Its access is limited to users with specialized software, configurations and authorizations, unconventional communication protocols, correct decryption key, access rights and most importantly, knowledge of where to find the content.

The dark web is an industry in itself and a haven for cyber criminals, illicit traders, saboteurs, terrorists and extremists. As per a research, it makes up almost 96% of the Internet’s data, leaving just 4% of the internet visible to the general public. It can be accessed even by novice criminals with limited investments. Terrorist organisations and individuals anonymously lurk in the ambush of dark web by using encrypted messaging services and by layering networks to evade security services and intelligence agencies. The network is commonly used for human trafficking, trading drugs, creating propaganda, etc. Drugs alone are estimated to constitute around two-thirds of dark web market activity.

Dark web is not just a fascinating vestige for fraudsters. It is used by US security agencies for secure communication. It was used by protesting Reporters Without Borders non-profit Group in April 2014 for bypassing surveillance. It is also used by whistle-blowers to pass their information to journalists anonymously. Some law enforcement authorities also use the dark web to track and prosecute paedophile rings, drug dealers, etc.

Free software that can be accessed and used just like ordinary, everyday tools are assisting in the penetration of dark web markets. Many of these tools are available on websites similar to platforms like eBay or Amazon. They are readily accessible & listed on surface websites (websites readily available & accessible)  with ‘onion’ addresses. But that’s not all. Some hyperlinks to websites on the dark web are also available on mirror sites on the surface. These are the links that current users send to interested users. Many websites are accessible through Virtual Private Network (VPN) which obscures users’ activities
across a public network & lets them send and receive data anonymously.

TOR

The Onion Router (TOR) is another driving force of the dark web. It is one of the many browsers to access the dark web. TOR encrypts and transmits online traffic through several different computers in multiple layers, analogous to layers in an onion. This way users mask their internet protocol (IP) addresses and their online activity is made anonymous. TOR websites are so private because each hidden service website has a public key and a corresponding private key. “Onion” addresses are generated by hashing the public key and taking half of it. This ensures that no one impersonates the hidden service because only the creator has the private key which if lost, takes away the domain access forever from the owner. Edward Snowden passed unauthorised classified information on to the media through TOR.

The Dark web hosts several websites which offer instructions on the manufacturing process of explosives and firearms, use of vehicles as weapons, etc. Many illicit websites teach the manufacturing of TATP – triacetone triperoxide from household chemicals. The chemical was used in the jihadist attacks in Paris in November 2015, Brussels in March 2016, Manchester in May 2017 and Parsons Green, London, in September 2017. Among the many cases of hackers taking down user data is the breach of Turkish government’s ID system which leaked national ID, name, address, date of birth and mother and father’s name of 49.6 million citizens in 2016. The hacker claims to be a seasoned professional on the dark web whose services can be bought and sold. This is just the tip of the iceberg because there are many criminals trading their services on the thousands of forums on the dark web, branched into even more sub-forums.

Built-in risk engines with multiple layers of protection & scalability to combat the threat posed by large-scale data breaches can ensure security, because even if they get through one security layer, having multiple controls reduces the chance of them succeeding. Governments may want to give up the soft approach on the extremists in cyberspace.