Exploring the Dark Web, pt. 1

Most security professionals have heard of the term Dark Web, and information security professionals browse through it routinely. However, the usage of anonymizing infrastructure is not an issue that only involves information and cyber-security anymore. The spectrum of threat is very wide and consists of pretty much anything you can imagine.


Figure 1. An anonymous user is looking for dummy fronts in a Finnish language forum.

Background Information: Terminology

Clearnet refers to the traditional World Wide Web and areas of internet that are accessible to search engines. Its services identify their users by IP.

Deep Web refers to the parts of internet that are not visible to common search engines.

Bitcoin is the most popular virtual cryptocurrency available. As a currency system, it is decentralized, making it difficult for governments to regulate and officials to trace. Each Bitcoin is unique and the transaction system is open source, so they aren’t exactly built to support anonymity, however services exist that can enhance it. Darknet users use Bitcoin tumbler services to prevent tracking. A tumbler will deposit the bitcoins into a large pool of bitcoins, shuffle them, and then let the user withdraw different bitcoins to another bitcoin wallet.


Figure 2. Bitcoin exchange machine in a Finnish shopping mall 24 Feb 2017

Darknet as a term is usually associated with an encrypted overlay network that is accessed with a specific method.

The most popular darknet is the TOR network, also known as the Onion Router. It is a network of thousands of proxy servers that shuffle the traffic inside this network for anonymity. Addresses with .onion are only visible through this proxy network. Other darknets exist but they haven’t gained similar popularity. Dark Web is the content that is accessed through these networks.

Background Information: Online Marketplaces

Goods and services are traded through several channels in Darknet. A lot of transactions are made through 3rd party moderated marketplace service providers. These services offer buyers and sellers a platform with bitcoin accounts, escrow system, anti-fraud policy and feedback system. When a buyer orders a product, bitcoins are placed in an escrow which releases the funds to the seller after the buyer verifies that he/she received the product. This is not scam-proof because in disputes it will be word against word and it could also be the buyer that is scamming the seller. Many of the 3rd party moderated black markets require a substantial registration fee or security deposit from seller accounts. In case of misconduct this deposit is not refunded to the seller. The feedback systems work in similar fashion as eBay’s feedback system.

Several bulk vendors have set up their own websites to sell and market their products. Most of these types of websites are scams. However, they should not be totally neglected as some of the one-vendor-only sites are real and connected to major vendors in popular 3rd party markets.

Various forums and boards, with little or no moderation are also popular channels for vending. From these forums you can find vendors that can’t afford security deposits or want to sell items that are against mainstream marketplace policies. Usually the only system against scamming in these forums is a feedback system. In local area markets, some of the users meet face to face for bigger transactions. In these forums/markets you are also likely to find goods, services and various things that are offered as short-term or one-time offers, such as job ads, job seeking profiles, business offers, company insider information and stolen goods.

Less visible channels for online black market trading are people to people conversations in anonymous messaging services. It would seem likely that bigger bulk purchases and custom or sensitive orders are handled via private conversations.

Dark web services are constantly hunted by law enforcement, other criminals and vigilantes. The services are not untouchable, as is clear in this recent incident that sparked a lot of news stories and social media shares.


Figure 3. Social media analysis of shares and comments

Link to a story about the incident:


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s