It can be a dangerous and murky den of criminality – ironically the Dark Web was the brainchild of US government agents and is now colonised by organised cyber criminals
“The Dark Web is an online community accessed by groups with a range of agendas that want to protect their anonymity – whether this be online criminals, activists or those wishing simply to maintain their online privacy.”
These are the words of Rik Ferguson, vice president of security research at Trend Micro and a special adviser to European Union law enforcement agency Europol.
When he investigated the Dark Web he found that light drugs were one of the most traded items, with hard drugs, pirated games and stolen accounts alongside. “Many Dark Web users, or at least those who frequent the top marketplace, go there to purchase illicit drugs,” he says. But what, exactly, is the Dark Web?
What is dark web?
Invisible to search engines such as Google, the Dark Web is made possible by darknets – networks which can only be accessed with specific software and authorisation – through networks where connections are made between trusted peers.
The best known, and by far the most popular, darknet is the Onion Router (Tor), which was created by the US Naval Research Labs in the 90s as an enabler of secure communication and funded by the US Department of Defense. To navigate it you use the Tor browser, similar to Google Chrome or Internet Explorer apart from keeping the identity of the person doing the browsing a secret. Importantly, this secrecy also applies to what the user is looking at.
The Dark Web treads the line between being a saviour of free speech and a criminal marketplace of the most extreme kind
It is because servers hosting websites on the Tor network, denoted by their .onion (dot onion) designation, are able to mask their location, originally to enable government dropsites and information silos to exist without trace, that when Tor software went public in 2003, the Dark Web became a reality.
This combination of hidden servers and anonymous users enables a .onion version of Facebook for those who fear being spied upon, and empowers political activists to continue protests while protected from regimes that would take away more than their liberty. Unfortunately, Tor is also used by the criminal fraternity as a dark marketplace.
Using a crawler bot that scraped the .onion sites accessible to it, researchers at King’s College London recently attempted to map criminal activity on the Dark Web. The results suggested some 57 per cent of Tor sites host illegal content. What the study didn’t find was evidence of Islamic extremism, claiming a near absence of jihadi activity.
Indeed, that around 40 per cent of the crawled Tor activity does not fall under the label of criminal endeavour reveals the dichotomy of the Dark Web; it treads the line between being a saviour of free speech and a criminal marketplace of the most extreme kind.
Perhaps the best known example of a dark market was Silk Road. Shut down in 2013 after an FBI sting operation, which would eventually see its creator, Ross Ulbricht aka Dread Pirate Roberts, jailed for life, Silk Road was like an eBay of criminality. The closure of Silk Road has not meant that criminal activity on the Dark Web has shut up shop alongside it, however.
“Today, anything and everything is available on the Dark Web from guns and explosives to designer drugs and paedophile material, from hacking code to identities and credit cards,” says Andrew Beckett, managing director at security intelligence specialists Kroll. “What is more surprising is the growth of online services and support around these activities, and the way they are run as big businesses.”
While five years ago you could buy a DDoS (distributed denial-of-service) attack to take down a site of your choosing for around £35 per day, now that has dropped to £20. This is what has become known as Cybercrime-as-a-Service (CaaS) and those wishing to create a sophisticated attack are spoilt for choice on the Dark Web.
Law enforcement changing the scene
But have successful law enforcement investigations, such as the Silk Road case, changed the Dark Web operationally?
“It is only natural for criminals to become more suspecting and hesitant, for malware vendors to disappear and for the expert-level fraudsters to go deeper underground after a major bust,” says Limor Kessem, senior cyber security evangelist at IBM Security and a Dark Web expert.
Ms Kessem has witnessed the gradual departure of banking Trojan developers from the Dark Web as they realised just how dangerous their activity was and how some of the best-known developers were being arrested. Anyone wanting to access the more “elite” marketplaces on the Dark Web will not only have to know precisely how to reach them, but also need to know someone within the community who can vouch for them and possibly pay a joining fee.
“In some cases they have to prove that they are criminals or show their ‘work’ in some way,” she says, concluding that for everyday folk or criminal chancers these boards are almost impossible to join.
Assuming you are among the criminal fraternity with access to Dark Web markets, what are the trading tools that are considered essential for doing business in the shadows of the internet?
A Tor browser is something of a given, however most serious criminals will ensure the devices they access the Dark Web from remain free of as many traceable artefacts as possible.
“Most will utilise USB bootable operating systems such as ‘Tails’ to make sure that nothing is saved to their hard disks,” says Adam Tyler, chief innovation officer at security specialists CSID. “Tails is a Linux-based OS [operating system] that can be started on pretty much any computer and forces all internet connections through Tor, while encrypting all files and e-mails, and leaving no traces on the host device. Most payments are made using bitcoin, but the career criminals know better than to use it without proper precautions.
“Due to an ability to connect links between addresses and identities, many choose to utilise ‘bitcoin tumblers’ to attempt to evade identification or association.” Tumblers effectively launder the currency by a user transferring their bitcoin into a tumble pool and then withdrawing a collection of unrelated coins to the same value.
As Kroll’s Mr Beckett concludes: “The expansion of the Dark Web looks set to continue as criminals find evermore innovative ways to monetise their activities and offer them as a service. The ability to hide this activity from law enforcement and to mask the financial transactions by using bitcoin or bartering only increases the attractiveness.”
Credit cards remain easy to buy on the Dark Web with US-based cards available for £3 each, while EU and UK cards are more sought after and can be sold for three times as much. A premium is placed upon card data guaranteed not reported stolen at the time of sale.
A sad reflection of how easy it is to infect a computer and turn it into a “bot” which can then be used as part of a botnet to launch DDoS attacks for example, is how cheap they are being sold. The more you buy, the cheaper they get with 10,000 bots going for £100.
There is increased buying interest for loyalty accounts that can be used by criminals to pursue profitable social engineering attacks. Hotel loyalty account data can sell for as little as £15, while eBay profiles with a very high reputation status can reach as much as £1,000.
Although the ill-fated Silk Road was the best known illegal drugs marketplace on the Dark Web, the deals have not stopped since its demise. Recent research reveals average prices of £70 per gram of cocaine, MDMA at £25 a gram and ten tabs of acid for £75.
If you look hard enough you will find hackers, complete with customer feedback ratings, offering services from as little as £100 for hacking an e-mail account up to £500 or more for corporate espionage, reputational damage and so on.
The option to “become a US citizen” is provided in a package, containing a passport, social security number, driving licence and birth certificate, can be bought, along with supporting documentation. Fake passports are sold separately for £650 and counterfeit driving licences are £150.
Perhaps surprisingly, not a US-only market. Handguns are being traded within Europe and can be purchased with prices starting from £450. Delivery might be problematical though, even with promises of weapons being stripped and dispatched in pieces.
Yes, you can even rent the services of a hitman on the Dark Web. Sellers of such services require the bitcoin fees to be placed into escrow and, once the hit has been carried out, the funds are released. Don’t expect much in the way of references or customer feedback.