Advertisment

Hidden Secrets of Darknet: The Evil Twin of Internet!

The Darknet is believed to generate $500,000 in transactions daily and users can purchase fake passports for as little as $1,000.00; also, Bitcoin

author-image
DQINDIA Online
New Update
Darknet

An enormous unexplored area in the World Wide Web – the Deep Web. The illicit portion in it – The Dark Web. Surface Web, Deep Web and Darknet constitute the World Wide Web.

Advertisment

Surface Web, also called the Visible Web, is what we all know and see regularly. It is the portion of the World Wide Web that is readily available to the general public and searchable with standard web search engines. Interestingly, it forms only about 10% of the information available on the Internet. This collection of web pages can be accessed by any search engine.

The deep web or invisible web is part of the World Wide Web whose contents are not indexed by standard web search engines. These contents are hidden behind HTTP forms. This includes web mail, online banking and other services that users must pay for and hence protected using payment gateway. Thus, for accessing beyond the public web page using direct URL, it requires additional authentications.

Lastly, the Dark Web or Darknet consists of web resources or web pages that are also part of the World Wide Web, however exists on overlay networks that require specific software or authorization to access (like how we need a torch to see in the dark). Darknet may be in the form of small peer to peer networks or large popular networks like Tor, Freenet etc. operated by public organizations or individuals.

Advertisment

Dark Web is often portrayed as a platform of mysterious and illegal activities because of its anonymity. The websites in Dark Web have a special URL which is tailed up with onion extension. . onion domains are not indexed by regular search engines, and hence you can only access Dark Web with special software.

Popularly known as “Evil Twin” of Internet!

The Dark Web is believed to generate $500,000 in transactions daily. Users can purchase fake passports for as little as $1,000.00. Bitcoin lottery tickets, fake coupons, and even fake degrees can all be had for the right price.

Advertisment

Dark Web constitutes a small subset of Deep Web and is made up of all different kinds of website that sell drugs, weapons and even hire assassins.

pic

Advertisment

Transactions in Bitcoin

Transactions on the dark web have traditionally been via the electronic currency bitcoin, which is virtually untraceable. Neither the sender nor the receiver needed to know the identity of one another.

Onion Routing!

Advertisment

How to reach Dark Web…is just like peeling an onion!

The soul of Dark Web, Onion routing, is an anonymous communication technique over a computer network. Each system connected to Onion network identifies itself as a Node. Messages are constantly encrypted and then sent through several such network nodes called Onion Routers which creates a circuit of nodes. Messages are put in cells and unwrapped at each node or onion router with a symmetric key. Each onion router removes a layer of encryption with its symmetric key to reveal routing instructions, and sends the message to the next router where this process is repeated.

In the figure, a message is encrypted with the keys of different nodes (which are part of the particular communication) and sent from source. At each node, one layer will be peeled off in the order from outer to inner (of the nodes in the network), similar to peeling an onion and hence the name.

Advertisment

The History!

“Onion Routing”, was developed in the mid-1990s by the United States Naval Research Laboratory employees, mathematician Paul Syverson and computer scientists Michael G. Reed and David Goldschlag for protecting U.S. intelligence communications online and further developed by DARPA (Defence Advanced Research Projects Agency) in 1997.

ToR is an implementation of Onion Routing. ToR stands for The Onion Router. It was developed by Syverson and computer scientists Roger Dingledine and Nick Mathewson and was launched on 20 September 2002. The Naval Research Laboratory released the code for ToR under a free license in 2004.

Advertisment

Dark Web and ToR!

Dark Web sites are hosted as ToR (The Onion Router) Onion Services. ToR is a distributed overlay network, which anonymizes TCP-based applications (e.g. web browsing, secure shell, instant messaging applications). With the help of ToR, the web users can roam around the Internet without any fear, keeping themselves and their real identities hidden from law enforcement agencies.

The main components of ToR are:

pic

Originator: The user

Onion: Encrypted message

Entry Node: The first node that the user connects to.

Relay Node: Intermediate nodes connecting Entry and Exit nodes. It can be of any number.

Exit Node: The last node prior to final Destination.

Destination: The target resource in Dark Web.

Working of ToR (Source: ToR website)!

ToR distributes your transactions over several places on the Internet. It throws off whoever is tailing you — and then periodically erasing your footprints. Instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several relays that cover your tracks so no observer at any single point can tell where the data came from or where it’s going.

Nodes only know the successor or predecessor but not any other nodes. This prevents these intermediary nodes from knowing the origin, destination, and contents of the message. ToR directs Internet traffic through a free, worldwide, volunteer network consisting of more than seven thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. Onion routing is implemented by encryption in the application layer of a communication protocol stack.

Why we need ToR?

Using Tor protects you against a common form of Internet surveillance known as "traffic analysis." Traffic analysis can be used to infer who is talking to whom over a public network. Knowing the source and destination of your Internet traffic allows others to track your behaviour and interests. For example, an e-commerce site uses price discrimination based on your country or institution of origin. It can even threaten your job and physical safety by revealing who and where you are.

How does traffic analysis work? Internet data packets have two parts: a data payload and a header used for routing. The data payload is whatever is being sent, whether that's an email message, a web page, or an audio file. Even if you encrypt the data payload of your communications, traffic analysis still reveals a great deal about what you're doing and, possibly, what you're saying. That's because it focuses on the header, which discloses source, destination, size, timing, and so on.

A very simple form of traffic analysis might involve sitting somewhere between sender and recipient on the network, looking at headers. This may include authorized intermediaries like Internet service providers, and sometimes unauthorized intermediaries as well.

Some of the more powerful kinds of traffic analysis have attackers spy on multiple parts of the Internet and use sophisticated statistical techniques to track the communications patterns of many different organizations and individuals. Encryption does not help against these attackers, since it only hides the content of Internet traffic, not the headers.

Who benefits from ToR?

ToR is used across various disciplines - From individuals to journalists to NGOs to Corporates to Law enforcement agencies. Individuals may use ToR for socially sensitive communication in chat rooms, web forums etc. for rape and abuse survivors, or people with illnesses. People who need to protect their identity and communications from surveillance, like whistleblowers and journalists. Journalists use ToR to communicate more safely with whistle-blowers and dissidents. Dissidents in restrictive environments, who are denied the freedom of speech use it to remain anonymous and know what is happening elsewhere in the world and also publish what they want to say to rest of the world.

Non-governmental organizations (NGOs) use ToR to allow their workers to connect to their home website while they're in a foreign country, without notifying everybody nearby that they're working with that organization. Corporates use ToR as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. Law enforcement uses ToR for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.

Popular examples of ToR implementation

Because dark web provides anonymity for its users, it is quite useful particularly for whistleblowers. The ever-famous WikiLeaks of Julian Assange, implements ToR for the analysis and publication of large datasets of censored or otherwise restricted official materials involving war, spying and corruption. It has so far published more than 10 million documents and associated analyses. Dark web also reduces the risk of government censorship, which can be expected, considering the nature of WikiLeaks' content.

Another example is also from the news and media – SecureDrop. It is an open-source software platform for secure communication between journalists and sources (whistleblowers).

SecureDrop uses ToR to facilitate communication between whistle-blowers, journalists, and news organizations. SecureDrop sites are therefore only accessible as hidden services in the ToR network. After a user visits a SecureDrop website, they are given a randomly generated code name. This code name is used to send information to a particular author or editor. Investigative journalists can contact the whistle-blower via SecureDrop messaging. Therefore, the whistle-blower must take note of their random code name. Forbes, The New Yorker, The Guardian etc. are prominent news organizations using SecureDrop.

Research

As a haven of illegal trade and crimes, many researches were focussed on finding and curbing the same. Memex is one such area of research. Memex technology is developed to counter crime taking place in Dark Web which is protected by encryption and privacy enhancing technologies. The project’s scope is wide including tracking human trafficking and other illegal activities.

Another area of research in Dark Web is Performance latency. It is a major technical challenge in ToR networks. One of the reasons is that we simply don’t have enough capacity in the network to handle all the users who want to use ToR. Just adding more capacity to the network isn’t going to solve the performance problem. If we add more capacity without solving the issues with high-volume streams, then those high-volume streams will expand to use up whatever new capacity we add.

ZeroNet

ZeroNet have come up as an alternative to Internet enabling access to Internet. It is a decentralized network of peer to peer users. Instead of having an IP address, sites are identified by a public key (specifically a bitcoin address). The private key allows the owner of a site to sign and publish change, which propagate through the network. Sites can be accessed through an ordinary web browser when using the ZeroNet application, which acts as a local webhost for such pages. In addition to using bitcoin cryptography, ZeroNet uses trackers from the BitTorrent network to negotiate connections between peers. ZeroNet is anonymous by default, by hiding their IP address using the built-in Tor functionality.

By Adarsh SV Nair, Manager, Cybersecurity - UST Global

Deputy Commander – Kerala Police Cyberdome

dark-web dark-net darknet
Advertisment