Articles
Pages
Products
Research Papers
Blogs
Search Engines
Events
Webinar, Seminar, Live Classes

[Source: This article was Published in techworld.com BY Laurie Clarke - Uploaded by AIRS Member: Issac Avila] 

Threat intelligence firm Recorded Future has published new research examining the dark 

The dark web. It’s a name that evokes the damp and dingy crevices of the internet; breeding grounds for a virulent strain of depravity. But is the hype justified? Threat intelligence agency Recorded Future has published research that attempts to demystify our concept of this subterranean section of the web.

The organisation has close ties to In-Q-Tel, the CIA’s investment arm and Google Ventures, after receiving a substantial suffusion of cash from both shortly after being founded in 2009. According to its website, it provides threat intelligence to 91 percent of the Fortune 100, including GSK, Raytheon and Morgan Stanley. 

“The term dark web kind of has a Hollywood aura or mystique around it,” says Garth Griffin, director of data science at Recorded Future. “We wanted to make it more concrete, more specific, and measure what we could about what the dark web really is.”

To conduct the research, the team looked specifically at 'onion sites': those accessible through the Tor (The Onion Router) browser, which is generally seen as the gateway into the dark web. 

One of the team's first findings was the relatively small size of the dark web compared to the clear web. They discovered just 55,000 domains, of which only 8,400 were actually serving a website - a tiny fraction of the millions of domains supported by the clear web.

The instability and unreliability of dark web sites also became apparent, of which uptime is an incisive indicator. “The gold standard on clear websites is the ‘five nines’ - you know, 99.999% uptime,” says Griffin. The uptime on a Tor site generally hovers closer to 90%. Although this doesn’t suggest a radical difference, Griffin says that even the small step between four nines and five nines is noticeable in the user experience on the clear web. 

“This is again counter to the image of the onion network as a sort of metropolis of bustling criminal activity,” says Griffin. “It’s actually kind of hard to use and disorganised.”

Recorded Future found that the dark web is more homogeneous than the clear web in terms of the languages used. Eighty-six percent of the language is English, while this is closer to 54 percent on the clear web.  

Among the criminal sites on Tor, those home to the darkest shades of criminal activity is more concealed than others. The research quantified the visibility of these sites by counting the number of inbound links, that is, other sites hyperlinking back to them. They found that for popular markets on the site which are fairly visible, these numbered around 3,500 links. “Then we had this handful of sites that in our view represent top-tier criminal sites, where there is really scary criminal activity,” says Griffin. “These had a maximum of just 15 inbound links.”

By comparison, a popular site on a clear web like Wikipedia might count millions and millions of inbound links. These findings indicate the tiny scale of the slice of the dark web dealing in severe criminal activity. But even criminal users adept enough to worm their way into the dark web's fetid undercarriage aren’t immune - scams running to catch out criminals abound, including typosquatting, and fake sites that promise to deliver goods or carry out actions they never will. 

Griffin says the company has been harvesting from onion sites on the dark web for a very long time, but this research was novel in its wide-ranging view of the entire dark web, rather than just the explicitly criminal elements. Griffin says their clients are all in the security space, looking to protect their organisations from a variety of cyberthreats. “It gets a lot of attention focused on it by virtue of the Hollywood aura that surrounds it,” says Griffin. “In our view, the dark web is relevant, but it's far from the only thing that matters.” 

But is the dark web the safe haven for rampant, unchecked criminality it's made out to be? Tor was set up by the US army agency, DARPA (Defense Advanced Research Projects Agency), and was solely funded by US government agencies for much of its existence, even at the height of the Edward Snowden leaks (that were orchestrated with the help of Tor).

Today, it still counts a number of US government agencies, or beneficiaries of US government money, among its donors that include the Open Technology Fund, the US Department of State Bureau of Democracy, Human Rights, and Labor and DARPA via the University of Pennsylvania.

That the very site portrayed as a secure space impenetrable to law enforcement agencies was also founded and funded by them should be enough to give most criminals pause. High profile takedowns of criminal users of the dark web, including most notably the founder of Silk Road, and Playpen, the child pornography site, have proved that it’s not beyond the reach of the law. In fact, some commentators have suggested that while Tor was founded by the US government primarily as a place where their operatives could act unseen, it also successfully acts as a honey pot that attracts criminals to congregate usefully in one place.

Griffin concurs: “It's clearly not a silver bullet for the criminal community, because law enforcement has successfully taken down markets and carried out infiltration. It certainly does not prevent law enforcement from successfully disrupting criminal activity.”

This could explain why today there is still more criminal activity taking place on the clear web than through onion sites.

Categorized in Deep Web

[This article is originally published in edp24.co.uk written by Luke Powell - Uploaded by AIRS Member: Daniel K. Henry]

A man from Thetford viewed indecent child abuse images on the dark web as he found it “exciting”, a court heard.

Matthew Norman, of Station Road, was found to have dozens of indecent images on his computer after his home was searched by police.

Norwich Magistrates' Court heard that the 30-year-old repeatedly visited a particular site on the dark web up to four times a day for a year.

Despite this, Norman told police he did not have a sexual interest in children and was instead visiting the site as he found the danger of it “exciting”.

Prosecutor Josephine Jones told the court on Friday (April 26) that police searched Norman's home after his IP address was found to have accessed the dark web.

The dark web is a collection of websites on an encrypted network and cannot be found by using traditional search engines or browsers.

Miss Jones said when officers examined his computer they found 50 indecent images, including 13 'category A' photographs.

Norman provided police with passwords to his computer and initially said when he came across such images online he would stop and close the website.

Miss Jones said: “When asked why he repeatedly returned to the website, he said he did so because of the shock factor knowing it was illegal or wrong. He said he was excited by the danger of being on the website.

“He denied downloading images and denied having a sexual interest in children.”

The court heard how Norman also accessed chat rooms on the dark web where there were conversations around child abuse.

Norman pleaded guilty to making 13 indecent categories A images of a child, 10 category B images of a child and 27 category C images of a child.

All of the offenses were said to have occurred on or before January 5, 2017.

The court heard how Norman, who is married, had no previous convictions or cautions.

Orla Daly, mitigating, asked magistrates for a pre-sentence report.

Norman will return to Norwich Magistrates' Court for sentencing on May 30.

He must not have any unsupervised contact with any child under the age of 16 unless permission is granted by a parent or guardian.


Categorized in Deep Web

[This article is originally published in digitaljournal.com - Uploaded by AIRS Member: Jason bourne]

“ONIONLANDSEARCHENGINE.COM“

People know only one name Google, a search engine by default setting on everyone PC's and works just like water for all. But now a new deep search engine with new specifications. OnionLand Search Engine launched a new search engine i.e.; onionlandsearchengine.com. It is not merely provided deep web information but Anonymity for every user.

OnionLand Search Engine introducing and expanding this new search engine with excellent key features; good results and high-quality access to the information that people actually require with one click. There is a vast section of the Internet which is hidden and not accessible through regular search engines and web browsers. This part of the Internet is known as the Deep Web, and it is about 500 times the size of the Web that we know and everyone can have access to all this information without been tracked, maintaining total anonymity.

Search engines like Google are incredibly powerful, but they can't crawl and index the vast amount of data that is not hyperlinked or accessed via public DNS services. However, there are Deep Web Search Engines that crawl over the TOR network and bring the same result to your regular browser. But, what if, you can still be able to dig the Darknet contents with your regular browsers, without the need of TOR?

OnionLand Search Engine is bringing a big change in human's life because of its Deep Web and Anonymity that you may not be able to find in a giant search engine like Google. OnionLand is introducing and marketing onionlandsearchengine.com with highly effective strategies and trying to make it default search engine by replacing Google and it seems very effective as onionlandsearchengine.com is really changing the lives of people by giving them suggestion options.

Categorized in Deep Web

[This article is originally published in infoworld.com written by Caroline Craig - Uploaded by AIRS Member: Carol R. Venuti]

The government agency that brought us the Internet has now developed a powerful new search engine that is shedding light on the contents of the so-called deep Web

The Defense Advanced Research Projects Agency (DARPA) began work on the Memex Deep Web Search Engine a year ago, and this week unveiled its tools to Scientific American and "60 Minutes." 

Memex, which is being developed by 17 different contractor teams, aims to build a better map of Internet content and uncover patterns in online data that could help law enforcement officers and others. While early trials have focused on mapping the movements of human traffickers, the technology could one day be applied to investigative efforts such as counterterrorism, missing persons, disease response, and disaster relief.

Dan Kaufman, director of the information innovation office at DARPA, says Memex is all about making the unseen seen. "The Internet is much, much bigger than people think," DARPA program manager Chris White told "60 Minutes." "By some estimates, Google, Microsoft Bing, and Yahoo only give us access to around 5 percent of the content on the Web."

Google and Bing produce results based on popularity and ranking, but Memex searches content typically ignored by commercial search engines, such as unstructured data, unlinked content, temporary pages that are removed before commercial search engines can crawl them, and chat forums. Regular search engines ignore this deep Web data because Web advertisers -- where browser companies make their money -- have no interest in it.

Memex also automates the mechanism of crawling the dark, or anonymous, Web where criminals conduct business. These hidden services pages, accessible only through the TOR anonymizing browser, typically operate under the radar of law enforcement selling illicit drugs and other contraband. Where it was once thought that dark Web activity consisted of 1,000 or so pages, White told Scientific American that there could be between 30,000 and 40,000 dark Web pages.

Until now it was hard to look at these sites in any systemic way. But Memex -- which Manhattan DA Cyrus Vance Jr. calls "Google search on steroids" -- not only indexes their content but analyzes it to uncover hidden relationships that could be useful to law enforcement.

DARPA's search tools were introduced to select law enforcement agencies last year, including Manhattan's new Human Trafficking Response Unit. Memex is now used in every human trafficking case it pursues and has played a role in generating at least 20 sex trafficking investigations. The supercharged Web crawler can identify relationships among different pieces of data and produces data maps that help investigators detect patterns.

In a demo for "60 Minutes," White showed how Memex is able to track the movement of traffickers based on data related to online advertisements for sex. "Sometimes it's a function of IP address, but sometimes it's a function of a phone number or address in the ad or the geolocation of a device that posted the ad," White said. "There are sometimes other artifacts that contribute to location."

White emphasized that Memex does not resort to hacking in order to retrieve information. "If something is password protected, it is not public content and Memex does not search it," he told Scientific American. "We didn't want to cloud this work unnecessarily by dragging in the specter of snooping and surveillance" -- a touchy subject after Edward Snowden's NSA revelations.

Memex got its name (a combination of "memory" and "index") and inspiration from a hypothetical device described by Vannevar Bush in 1945 that presaged the invention of PCs, the Internet, and other major IT advances of the next 70 years. Now DARPA and Memex seem set to bring us one step closer to Philip Dick's futuristic police department depicted in "Minority Report."

A new round of testing, set to begin in a few weeks, will include federal and district prosecutors, regional and national law enforcement, and multiple NGOs. According to the Scientific American report, it aims to "test new image search capabilities that can analyze photos even when portions that might aid investigators -- including traffickers' faces or a television screen in the background -- are obfuscated."

By inventing better ways of interacting with and presenting information gathered from a larger pool of sources, "we want to improve search for everybody. Ease of use for non-programmers is essential," White said.

Categorized in Deep Web

[This article is originally published in gizmodo.com written by David Nield  - Uploaded by AIRS Member: Corey Parker]

The deep web and its inner recess, the dark web—those less well-trodden parts of the internet beyond the reach of Google and Bing—are not for the faint-hearted or untrained. With the right tools, however, there’s little to fear and plenty to discover. Here’s how you can start exploring the deep web without having to worry about your digital well-being.

There are a few ways to approach this, but we’re going to focus on one of the most straightforward and secure for simplicity’s sake. We’re going to be using Tails OS, a bootable operating system that includes everything you need to get down to those hidden parts of the web.

If you’re still unclear about what the deep web is, it’s any part of the internet that’s not indexed by search engines—anywhere you can’t get from just clicking links. A large part of the deep web is made up of onion sites (like the infamous Silk Road), which use a special top-level domain only reachable by a special browser called Tor. Technically, the dark web is a more illicit subsection of the deep web, though the terms are often confused.

For the curious or privacy-conscious internet explorer, it’s worth checking out to see what lies beyond the internet we interact with on a day to day basis. But please note: you should be extra careful when clicking links on the deep web as some can lead to illegal sites. Browse at your own risk

Downloading and installing Tails

Downloading and installing Tails

Fortunately Tails has an installation wizard that guides you step-by-step through the process of setting up the software—if you want to create a bootable USB copy of Tails (which we do) then you need a Windows machine and two 4GB+ USB sticks (the first is for an “intermediary” version of the OS).

You’re also going to require Firefox, the Tor Browser or a BitTorrent client in order to verify the initial download and confirm it is what it says it is. On top of that, you need a Universal USB Installer utility, which the installation wizard directs you to, which will take care of creating the first USB stick using your downloaded Tails ISO.

Setup and installing Tails

After that’s done, boot from this newly created drive to configure the second one. This official guide takes you carefully through the process. Use the Install by cloning option in the Tails Installer to create your second USB stick, which includes some security enhancements and extras not built into the first one.

Finally, remove the first USB stick, keep the second in place, and boot from it. You’re now ready to start venturing out into the deep web. If you run into trouble (and we hit one or two obstacles along the way), then a general web search for your issue or the official Tails support portal should get you moving again.

Browsing the deep web

Browse the deep web

The Tor Browser is your gateway into the dark web—you can actually use it on Mac and Windows too, but Tails OS adds an extra few layers of security and comes with Tor included. The browser is based on Firefox, so you shouldn’t have many problems finding your way around, and will open the Tails OS homepage by default.

As you might expect, browsing the deep web isn’t quite as simple as clicking on a few links or searching Google. The best way in is through ‘hidden’ wikis like this one (note you won’t be able to click through on any onion links without the Tor browser) and various others you can find via Reddit or with some clever web searching on sites like DuckDuckGo.

OnionDir Browser

Of course the whole point of the deep web is that casual internet users can’t simply fire up Google or read a guide like this to get started easily—so finding working, up-to-date links and directories can take some time. Forums, plenty of patience, and occasionally the Torch search engine are your best bets for finding a way into new communities.

The deep web has a reputation for shady activity, but it’s also a place for whistleblowing, bitcoin exchanges, and political discussion away from the glare of the public internet. It’s changed a lot in recent years as security agencies have become more aware of its presence, and it will continue to evolve in the future.

Categorized in Deep Web

[This article is originally published in csoonline.com written by Darren Guccione - Uploaded by AIRS Member: Carol R. Venuti]

The dark web is part of the internet that isn't visible to search engines and requires the use of an anonymizing browser called Tor to be accessed.

Dark web definition

The dark web is a part of the internet that isn't indexed by search engines. You've no doubt heard talk of the “dark web” as a hotbed of criminal activity — and it is. Researchers Daniel Moore and Thomas Rid of King's College in London classified the contents of 2,723 live dark web sites over a five-week period a couple of years ago and found that 57 percent host illicit material. 

You can buy credit card numbers, all manner of drugs, guns, counterfeit money, stolen subscription credentials, hacked Netflix accounts and software that helps you break into other people’s computers. Buy login credentials to a $50,000 Bank of America account for $500. Get $3,000 in counterfeit $20 bills for $600. Buy seven prepaid debit cards, each with a $2,500 balance, for $500 (express shipping included). A “lifetime” Netflix premium account goes for $6. You can hire hackers to attack computers for you. You can buy usernames and passwords.

But not everything is illegal, the dark web also has a legitimate side. For example, you can join a chess club or BlackBook, a social network described as the “the Facebook of Tor.”

Note: This post contains links to dark web sites that can only be accessed with the Tor browser, which can be downloaded for free at https://www.torproject.org.   

Dark web browser

All of this activity, this vision of a bustling marketplace, might make you think that navigating the dark web is easy. It isn’t. The place is as messy and chaotic as you would expect when everyone is anonymous, and a substantial minority are out to scam others. 

Accessing the dark web requires the use of an anonymizing browser called Tor. The Tor browser routes your web page requests through a series of proxy servers operated by thousands of volunteers around the globe, rendering your IP address unidentifiable and untraceable. Tor works like magic, but the result is an experience that’s like the dark web itself: unpredictable, unreliable and maddeningly slow.

Dark web search engines exist, but even the best are challenged to keep up with the constantly shifting landscape. The experience is reminiscent of searching the web in the late 1990s. Even one of the best search engines, called Grams, returns results that are repetitive and often irrelevant to the query. Link lists like The Hidden Wiki are another option, but even indices also return a frustrating number of timed-out connections and 404 errors.

Dark web sites

Dark web sites look pretty much like any other site, but there are important differences. One is the naming structure. Instead of ending in .com or .co, dark web sites end in .onion. That’s “a special-use top level domain suffix designating an anonymous hidden service reachable via the Tor network,” according to Wikipedia. Browsers with the appropriate proxy can reach these sites, but others can’t.

Dark web sites also use a scrambled naming structure that creates URLs that are often impossible to remember. For example, a popular commerce site called Dream Market goes by the unintelligible address of “eajwlvm3z2lcca76.onion.”

Many dark websites are set up by scammers, who constantly move around to avoid the wrath of their victims. Even commerce sites that may have existed for a year or more can suddenly disappear if the owners decide to cash in and flee with the escrow money they’re holding on behalf of customers.

Law enforcement officials are getting better at finding and prosecuting owners of sites that sell illicit goods and services. In the summer of 2017, a team of cybercops from three countries successfully shut down AlphaBay, the dark web’s largest source of contraband, sending shudders throughout the network. But many merchants simply migrated elsewhere.

The anonymous nature of the Tor network also makes it especially vulnerable to distributed denial of service attacks (DDoS), said Patrick Tiquet, Director of Security & Architecture at Keeper Security, and the company’s resident expert on the topic. “Sites are constantly changing addresses to avoid DDoS, which makes for a very dynamic environment,” he said. As a result, “The quality of search varies widely, and a lot of material is outdated.”

Commerce on the dark web

The dark web has flourished thanks to bitcoin, the crypto-currency that enables two parties to conduct a trusted transaction without knowing each other’s identity. “Bitcoin has been a major factor in the growth of the dark web, and the dark web has been a big factor in the growth of bitcoin,” says Tiquet.

Nearly all dark web commerce sites conduct transactions in bitcoin or some variant, but that doesn’t mean it’s safe to do business there. The inherent anonymity of the place attracts scammers and thieves, but what do you expect when buying guns or drugs is your objective?

Dark web commerce sites have the same features as any e-retail operation, including ratings/reviews, shopping carts, and forums, but there are important differences. One is quality control. When both buyers and sellers are anonymous, the credibility of any rating system is dubious. Ratings are easily manipulated, and even sellers with long track records have been known to suddenly disappear with their customers’ crypto-coins, only to set up shop later under a different alias.

Most e-commerce providers offer some kind of escrow service that keeps customer funds on hold until the product has been delivered. However, in the event of a dispute don’t expect service with a smile. It’s pretty much up to the buyer and the seller to duke it out. Every communication is encrypted, so even the simplest transaction requires a PGP key.

Even completing a transaction is no guarantee that the goods will arrive. Many need to cross international borders, and customs officials are cracking down on suspicious packages. The dark web news site Deep.Dot.Web teems with stories of buyers who have been arrested or jailed for attempted purchases.

Is the dark web illegal?

We don’t want to leave you with the impression that everything on the dark web is nefarious or illegal. The Tor network began as an anonymous communications channel, and it still serves a valuable purpose in helping people communicate in environments that are hostile to free speech. “A lot of people use it in countries where there’s eavesdropping or where internet access is criminalized,” Tiquet said.

If you want to learn all about privacy protection or cryptocurrency, the dark web has plenty to offer. There are a variety of private and encrypted email services, instructions for installing an anonymous operating system and advanced tips for the privacy-conscious.

There’s also material that you wouldn’t be surprised to find on the public web, such as links to full-text editions of hard-to-find books, collections of political news from mainstream websites and a guide to the steam tunnels under the Virginia Tech campus. You can conduct discussions about current events anonymously on Intel Exchange. There are several whistleblower sites, including a dark web version of Wikileaks. Pirate Bay, a BitTorrent site that law enforcement officials have repeatedly shut down, is alive and well there. Even Facebook has a dark web presence.

“More and more legitimate web companies are starting to have presences there,” Tiquet said. “It shows that they’re aware, they’re cutting edge and in the know.”

There’s also plenty of practical value for some organizations. Law enforcement agencies keep an ear to the ground on the dark web looking for stolen data from recent security breaches that might lead to a trail to the perpetrators. Many mainstream media organizations monitor whistleblower sites looking for news.

Staying on top of the hacker underground

Keeper’s Patrick Tiquet checks in regularly because it’s important for him to be on top of what’s happening in the hacker underground. “I use the dark web for situational awareness, threat analysis and keeping an eye on what’s going on,” he said will. “I want to know what information is available and have an external lens into the digital assets that are being monetized – this gives us insight on what hackers are targeting.”

If you find your own information on the dark web, there’s precious little you can do about it, but at least you’ll know you’ve been compromised. Bottom line: If you can tolerate the lousy performance, unpredictable availability, and occasional shock factor of the dark web, it’s worth a visit. Just don’t buy anything there.

 

Categorized in Deep Web

[This article is originally published in news.bitcoin.com written by Kai Sedgwick - Uploaded by AIRS Member: Robert Hensonw]

In this latest edition of our periodic deep web series, we bring news of Tor 8 – the most feature-rich onion browser yet. We also take a first look at a clearnet web browser that trawls the darknet, and cover the fallout from the Alphabay shutdown, whose repercussions rumble on to this day.

Tor 8 Looks Great

The Tor Project has released its latest and greatest browser yet. Tor 8 is a slick looking beast compared to the Tor browsers of yore, partially thanks to its incorporation of Firefox Quantum, which allows for better page rendering and other subtle tweaks. With Tor 8, there’s a new welcome screen to guide first-time users through the process of connecting to the deep web, and there are additional security protections built in. A Tor Circuit button can now be used to switch servers at random, further obfuscating users’ connection route.

The Tor Project

The Tor Circuit button in action

Tor 8 comes with HTTPS Everywhere and Noscript, and it is recommended that users enable these add-ons, as they’re critical in maximizing anonymity while browsing the web. While the Tor browser is best known as a tool for navigating the dark web, it can also be deployed as a privacy-friendly clearnet browser which minimizes cookies and other web trackers. Finally, the new improved Tor makes it easier to circumvent firewalls in countries where internet censorship is rife. Its development team explains:

For users where Tor is blocked, we have previously offered a handful of bridges in the browser to bypass censorship. But to receive additional bridges, you had to send an email or visit a website, which posed a set of problems. To simplify how you request bridges, we now have a new bridge configuration flow when you when you launch Tor. Now all you have to do is solve a captcha in Tor Launcher, and you’ll get a bridge IP. We hope this simplification will allow more people to bypass censorship and browse the internet freely and privately.

Deep Web Gets a Clearnet Search Engine

Searching the deep web has traditionally been harder than with its clearnet counterpart. The absence of a darknet Google is arguably part of its appeal, making onion sites accessible only to those who know what they’re looking for. It was this barrier to entry that ensured sites like Silk Road were accessible solely to technically adept users in bitcoin’s early days. The deep web has opened up significantly since then, giving up its secrets, and in the same week that Tor released its most user-friendly browser yet, it’s perhaps fitting that a clearnet search engine for the deep web should launch. Onionlandsearchengine.com is a simple but effective tool for generating deep web search results without needing to first connect to the deep web.

Deep Web Gets a Clearnet Search Engine

Onionland deep web search engine

US Government Authorized to Seize Alphabay Suspect’s Assets

Long after deep web marketplaces have been shut down, the fallout continues to make its mark in US courtrooms. Silk Road, Hansa, and Alphabay’s legal wranglings periodically make the news, despite the years elapsed since the sites were first seized. As evidence of this, consider the ruling by a recent US magistrate judge granting the federal government permission to seize and sell millions of dollars worth of assets associated with Alexandre Cazes. The reputed Alphabay ringleader had $8 million of assets on his driveway alone at the time of this arrest in a string of high performance sports cars. Including cryptocurrencies, his total net worth was eventually calculated at $23 million.

US Government Authorized to Seize Alphabay Suspects Assets

The US government’s application for Alphabay asset seizure

Among the showier items in Cazes’ collection was a Lamborghini Aventador LP700-4 worth almost $1 million with a license plate that read “Tor”. The late Alphabay boss certainly wasn’t subtle, but for all his sins, it is hard not to feel sorry for the 25-year-old who wound up dead in a Bangkok cell from suicide, another needless victim of the war on drugs.

Categorized in Deep Web

[This article is originally published in howtogeek.com written by CHRIS HOFFMAN - Uploaded by AIRS Member: Olivia Russell]

Experian and many other companies are pushing “dark web scans.” They promise to search the dark web for your personal information to see if criminals are selling it. Don’t waste your money.

What is the Dark Web?

The “dark web” consists of hidden websites that you can’t access without special software. These websites won’t appear when you use Google or another search engine, and you can’t even access them unless you go out of your way to use the appropriate tools.

For example, the Tor software can be used for anonymous browsing of the normal web, but it also hides special sites known as “.onion sites” or “Tor hidden services.” These websites use Tor to cloak their location, and you only access them through the Tor network.

 What is the Dark Web

There are legitimate uses for Tor hidden services. For example, Facebook offers a Tor .onion site at facebookcorewwwi.onion, which you can only access while connected to Tor. This allows people in countries where Facebook is blocked to access Facebook. The DuckDuckGo search engine is available at a Tor hidden service address, too. This could also help evade government censorship.

But the dark web is also used for criminal activities. If you’re going to sell databases of people’s credit card and social security numbers online, you want to hide your location so the authorities won’t swoop in. That’s why criminals often sell this data on the dark web. It’s the same reason why the infamous Silk Road website, an online black market for drugs and other illicit things, was only available through Tor.

They’re Not Scanning the Entire Dark Web

Let’s get one thing straight: These services are not scanning the entire dark web for your data. That’s just impossible.

There are 1,208,925,819,614,629,174,706,176 possible site addresses on the dark web, and that’s just counting Tor .onion sites. It wouldn’t be possible to check each one to see if they’re online and then also look for your data on them.

Even if these services were scanning the entirety of the public dark web—which they’re not—they wouldn’t be able to see the exclusive stuff anyway. That would be exchanged privately and not made public.

What Does a “Dark Web Scan” Do, Then?

No company that offers a “dark web scan” will tell you what they do, but we can certainly make an informed guess. These companies are gathering data dumps made public on popular websites on the dark web.

When we say “data dumps,” we’re referring to big databases of usernames and passwords—as well as other personal information, like social security numbers and credit card details—that are stolen from compromised websites and released online.

Rather than scanning the dark web, they’re scanning lists of leaked passwords and personal information—which, admittedly, are often found on the dark web. They’ll then inform you if your personal information is found on one of the lists they could get their hands on.

However, even if a dark web scan says you’re fine, you might not be—they’re only searching the publicly available leaks to which they have access. They can’t scan everything out there.

How to Monitor Data Breaches for Free

How to Monitor Data Breaches for Free

Behind all the “dark web scan” hype, there’s a somewhat useful service here. But, guess what: You can already do much of this for free.

Troy Hunt’s Have I Been Pwned? will tell you whether your email address or password appears in one of 322 (and counting) data dumps from websites. You can also have it notify you when your email address appears in a new data dump.

This service doesn’t scan to see if your social security number is included in any of these leaks, as dark web scans promise to do. But, if you’re just looking to see if your credentials have leaked, it’s a useful service.

As always, it’s a good idea to use unique passwords everywhere. That way, even if your email address and password from one website appear in a leak, criminals can’t just try that combination on other websites to gain access to your accounts. A password manager can remember all those unique passwords for you.

Face the Facts: Your Data Is Already Stolen

You might still be thinking a dark web scan could be useful. After all, it tells you whether your social security number appears in any data dumps. That’s useful, right?

Well, not necessarily. Look, you should probably assume that your social security number has already been compromised and criminals can access it if they like. That’s the harsh truth.

Huge breaches have been coming hard and fast. Equifax leaked 145.5 million social security numbers. Anthem leaked the information of 78.8 million people, including social security numbers. The United States Office of Personnel Management (OPM) leaked sensitive information on 21.5 million people, too—again, including social security numbers.

Those are just a few examples. There have been many other leaks over the years—a few million here, a few hundred thousand there. And that’s just the data breaches that have been publicly reported. Statistically speaking, most Americans have probably had their social security numbers leaked in at least one of these data breaches by now. The genie is out of the bottle.

Freeze Your Credit; It’s Free Now

Freeze Your Credit Its Free Now

If you’re concerned about someone abusing your social security number, we recommend freezing your credit reports. Credit freezes (and unfreezes) are now free across the entire USA.

When you freeze your credit, you’re preventing people from opening new credit in your name. Any lending institution won’t be able to pull your credit until you unfreeze it or provide a PIN. You can temporarily unfreeze your credit when you want to apply for credit—for example, when you’re applying for a credit card, car loan, or mortgage. But a criminal shouldn’t be able to apply for credit with your personal information if your credit reports are frozen.

We recommend just freezing your credit reports and skipping the dark web scan. Unlike a dark web scan, credit freezes are free. They also do something—even if your social security number is found in a dark web scan, all you can do is freeze your credit anyway. And criminals might get their hands on your social security number even if it doesn’t appear in a dark web scan.

Categorized in Deep Web

[This article is originally published in phys.org written by Frédéric Garlan - Uploaded by AIRS Member: Deborah Tannen] 

For years criminal websites shrouded in secrecy have thrived beyond the reach of traditional search engines, but a group of French engineers has found a way to navigate this dark web—a tool they don't want to fall into the wrong hands.

"We insist on this ability to say 'no'," Nicolas Hernandez, co-founder and CEO of Aleph Networks, says at the company's offices near Lyon, in the heart of France's Beaujolais wine country.

He said Aleph refused 30 to 40 percent of licensing requests for its "Google of the dark web," based on reviews by its ethics committee and input from its government clients.

Most web users never venture beyond the bounds of sites easily found and accessed with casual web surfing.

But people and sites seeking anonymity can hide behind layers of secrecy using easily available software like Tor or I2P.

These sites can't be found by searching: instead, users have to type in the exact URL string of often random characters.

In an authoritarian regime, a protest movement could use the secrecy to organize itself or connect with the outside world without fear of discovery.

But the dark web is also ideal for drug and weapon sales, people-smuggling and encrypted chat-room communications by terrorists.

When Aleph's co-founder Celine Haeri uses her software to search for "Glock", the Austrian pistol maker, several sites offering covert gun sales instantly pop up.

A search for Caesium 137, a radioactive element that could be used to create a "dirty" nuclear bomb, reveals 87 dark web sites, while another page explains how to make explosives or a homemade bazooka.

Arms smugglers find the dark web particularly useful

Arms smugglers find the dark web particularly useful

"Some even advertise the stars they've gotten for customer satisfaction," Hernandez said.

Uncharted territory

Over the past five years, Aleph has indexed 1.4 billion links and 450 million documents across some 140,000 dark web sites.

As of December, its software had also found 3.9 million stolen credit card numbers.

"Without a search engine, you can't have a comprehensive view" of all the hidden sites, Hernandez said.

He and a childhood friend began their adventure by putting their hacking skills to work for free-speech advocates or anti-child abuse campaigners while holding down day jobs as IT engineers.

Haeri, at the time a teacher, asked for their help in merging blogs by her colleagues opposed to a government reform of the education system.

The result became the basis of their mass data collection and indexing software, and the three created Aleph in 2012.

They initially raised 200,000 euros ($228,000) but had several close calls with bankruptcy before finding a keen client in the French military's weapon and technology procurement agency.

"They asked us for a demonstration two days after the Charlie Hebdo attack," Hernandez said, referring to the 2015 massacre of 12 people at the satirical magazine's Paris offices, later claimed by a branch of Al-Qaeda.

Terror atttacks in 2015 focused French authorities minds on the dark net

Terror attacks in 2015 focused French authorities' minds on the darknet

"They were particularly receptive to our pitch which basically said if you don't know the territory—which is the case with the dark web—you can't gain mastery of it," Haeri added.

Ethical risks

The ability to covertly navigate the dark web is a holy grail for security services trying to crack down on illicit trafficking and prevent terror attacks.

The US government's Defense Advanced Research Projects Agency (DARPA) has been working on a similar project, called Memex, for years.

Aleph plans to soon add artificial intelligence capabilities to its software, which would recognize images such as Kalashnikov rifles or child abuse victims, or alert businesses to potential copyright infringement.

Its revenues are expected to reach around 660,000 euros this year, a figure it hopes to double in 2019.

That has attracted the attention of investors as Aleph steps up efforts to add more private-sector buyers to its roster of government clients.

But as more people and businesses start using Aleph's search engine, the risk increases that criminal organizations or hostile governments will eventually gain access.

The challenge will be to grow while setting out clear guidelines for handling the thorny ethical questions.

But Hernandez insisted he would remain vigilant, comparing his role to that of the "Protectors of the City" in ancient Greek democracies.

Categorized in Deep Web

[This article is originally published in hothardware.com written by Rod Scher - Uploaded by AIRS Member: Jasper Solander] 

We have all heard of the dark web: a lawless digital world, uncharted and unstructured, full of data -- much of it illegally acquired and illegally for sale -- that cannot be viewed without special tools: proxy servers, TOR browsers, and the like. It's a murky and mysterious place, a place where much information resides but is difficult to unearth for the uninitiated.

Until now. Canada's Echosec Systems Ltd. recently released Beacon, a security tool that's designed to shed some light on the dark web.

Karl1 Karl Swannie is the CEO of Echosec, the company behind Beacon.

"Beacon is a dark web search engine that allows users to search anonymously, without the need for a TOR browser," says Echosec CTO Michael Raypold. "We’ve designed Beacon to be simple to interact with, while incorporating powerful advanced search tools, making searching unindexed data in the dark web as easy as using a surface web search engine."

The idea behind Beacon is that it can be used by a company to potentially head off -- or at the very least mitigate -- a potential disaster. Since the bulk of the data on the dark web is essentially unstructured, the Echosec team crawled the dark web, indexed its content and then build a natural language query interface that allows non-hackers to access that information quickly and easily. Simply put, Beacon is like Google for the dark web.

beacongrabWith Beacon, dark web data can be searched by a variety of criteria. Specific types of data (credit cards, emails, etc.) can be searched for explicitly.

Keep in mind, of course, that not everything on the dark web is illegal.

Says Raypold, "The dark web is a place where you can source illegal or illicit materials because the inherent privacy and anonymity baked into platforms like the TOR network makes buying and selling these goods easier to achieve without repercussions. However, that isn’t to say everything on the dark web is illegal. News organization like the NYTimes and Pro Publica maintain Onion sites for their more privacy-conscious users and to help disseminate news that might otherwise be censored." Still, much of the dark web's content was acquired illegally and can be misused to spread misinformation, victimize vulnerable populations, execute social engineering exploits, or engage in various forms of identity theft.

We all know that information in the wrong hands can be dangerous. Raypold cites the story of Coca-Cola's attempt, some years back, to acquire a Chinese soft drink company. Unbeknownst to high-level Coca-Cola executives, the company's secret plans and negotiation tactics were in fact not secret at all, because Coca-Cola had been previously hacked, thanks to a phishing email opened by a Coca-Cola exec.

Beacon did not exist at that time (2009), but it's likely that some of the information retrieved from the hack and many pilfered emails would have ended up on the dark web; if so, Beacon could have unearthed them, letting the company know of its vulnerability long before 2009 and perhaps allowing Coca-Cola to mitigate the damage. (In the end, the acquisition fell through, most likely because Coca-Cola -- having lost control of its confidential information -- had also lost any leverage it might have had in the negotiations.)

The goal of Beacon, says Raypold, is to allow companies to easily examine data on the dark web as a way of locating the potentially harmful information that’s stored there: this could include stolen corporate emails, company documents, personal info, or other such data that could be detrimental to a company, its brand, or its customers. After all, if your data has been compromised, it's always better to know than not to know.
MikeMike Raypold is the CTO of Echosec, LTD.

"Beacon allows teams to more quickly identify and respond to information that can materially damage a company’s brand and consumer trust," says Raypold. "Being able to quickly identify a sensitive problem also means that you can start putting a solution in place and notify your customers before they find out through other means."



Of course, a security tool is but another weapon in the wrong hands, and weapons can be misused; it's one thing for a pen-tester or white-hat hacker to be in possession of systems that can locate or uncover data, but what about someone finding a way to misuse Beacon? While Raypold notes that it is possible to misuse Beacon, since the tool makes it easier for users to locate data they might otherwise have difficulty finding, he says that the company has taken steps to mitigate that danger.

"First, every Echosec customer must go through a use-case approval process to determine how the customer is using the application and to make sure they are in compliance with the vendors from whom the data Is sourced," says Raypold. "If a potential customer cannot pass the use-case approval process, they do not get access to the system."

Beacon Black

Second, the company has built automated tools and manual processes into its platform and into the company workflows to notify the Echosec team if users attempt to run searches that are in violation of their approved use case.

"The checks built into the platform will outright prevent some searches from being run so that users never receive data that we perceive could be used with malicious intent. Furthermore, some of the vendors from whom we source data have asked us to prevent certain queries from being run, regardless of a customer's use case," says Raypold. (Naturally, the company publishes an "acceptable use" policy, which can be found here.)

Echosec expects to sell Beacon mainly to corporate customers interested in keeping tabs on their intellectual property, corporate secrets, and other sensitive data. White-hat hackers -- such as pen-testers -- could conceivably be a market as well, but the company feels that would be fairly uncommon. And if it did occur, it would simply be viewed as an example of contracted security experts acting on behalf of the ultimate corporate customer.

However, (and by whomever) Beacon is used, it looks as if the murky landscape of the dark web is no longer quite as dark as it once was.

Categorized in Deep Web
Page 1 of 9

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.
Please wait
online research banner

airs logo

AIRS is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Subscribe to AIRS Newsletter

Receive Great tips via email, enter your email to Subscribe.
Please wait

Follow Us on Social Media