fbpx

Regardless of its predominantly negative connotations, an increasing number of people have started using the dark web to keep their online activity hidden.

According to PreciseSecurity.com research, North America is the most active region globally in this part of the internet. More than 30 percent of North Americans have used the deep web regularly during 2019.

The dark web represents a network of untraceable online activity and websites on the internet that cannot be found using search engines. Accessing them depends upon specific software, configurations, or authorization.

The 2019 survey showed that North America is the leading region in daily usage of the dark web. The statistics indicate that 26 percent of North Americans admitted using the dark web daily. Another 7 percent of them accessed the deep net at least once a week.

Latin Americans ranked second on this list, with 21 percent of respondents visiting the dark web every day and 13 percent weekly. With 17 percent of citizens utilizing it every day, Europe took third place on the global deep net usage list. Another 11 percent of Europeans admitted to doing so at least once a week.

The 2019 data showed online anonymity was by far the most common reason globally for accessing the Tor and the dark web. Nearly 40 percent of respondents used the deep net during the last year to stay anonymous. Another 26 percent of them claimed to use it to retrieve the usually unavailable content in their location. This reason is more ordinary in Middle Eastern, African, and BRICS countries. Other reasons include overcoming governmental censorships and protecting online privacy.

Nearly 25 percent of North Americans used the hidden web in 2019 to ensure their privacy from foreign governments. Another 38 percent of them named protecting the privacy from the internet companies as the leading reason for using the deep web.

The recent surveys revealed some interesting facts about the reasons why people don’t use technologies like Tor to access the dark web. Nearly 50 percent of respondents globally stated that it is because they don’t know how to, while 45 percent of them have no reason for doing so. One in ten citizens views these technologies as unreliable, and only 13 percent of them appear to be concerned about perceptions that it is used by criminals.

 [Source: This article was published in techdigest.tv - Uploaded by the Association Member: Jennifer Levin]

Categorized in Deep Web

In the popular consciousness, the dark web is mostly known as the meeting place of terrorists and extortionist hackers. While there are other, less malicious players afoot, corporations and organizations need to know the real dangers and how to protect against them.

Dark. Mysterious. A den of thieves. A front for freedom fighters. It is many things for many different kinds of people, all of whom by nature or necessity find themselves driven to the fringes of digital society. It is the dark web. 

There’s still plenty of misinformation floating around out there about this obscure corner of the internet. The average cyber citizen is unaware of its very existence. Even for those intimately familiar with the dark web, accurate predictions as to its behavior and future effect on broader internet culture have remained elusive; predictions foretelling its mainstreaming, for instance, seem less and less likely with each passing year. The problem is, this is one case where ignorance isn’t always bliss. Dark web relevance to the general population is becoming more painfully apparent with every breaking news story about yet another data breach.

The amount of personal information accessible via a web connection these days is staggering. Names, addresses, and phone numbers are only the tip of the iceberg. Credit card information, marital status, browsing histories, purchase histories, medical histories (a favorite target of hackers these days) and so much more—every bit and byte of this data is at risk of theft, ransom, exposure and exploitation. A person’s entire life can be up for sale on the dark web without them being any the wiser. That is until their credit card comes up overdrawn, or worse, a mysterious and threatening email graces their inbox threatening to expose some very private information.

But despite the fact that it is the individual being exposed, the ones who truly have to worry are those entities entrusted with storing the individual data of their millions of users. The dark web is a potential nightmare for banks, corporations, government bureaus, health care providers—pretty much any entity with large databases storing sensitive (i.e., valuable) information. Many of these entities are waking up to the dangers, some rudely so, and are too late to avoid paying out a hefty ransom or fine depending on how they handle the situation. Whatever the case, the true cost is often to the reputation of the entity itself, and it is sometimes unrecoverable.

It should be obvious at this point that the dark web cannot be ignored. The first step to taking it seriously is to understand what it is and where it came from.

The landscape

Perhaps the most common misconception regarding the dark web begins with the internet itself. Contrary to popular sentiment, Google does not know all. In fact, it is not even close. Sundar Pichai and his legions of Googlers only index pages they can access, which by current estimates hover in and around the $60 billion mark. Sounds like a lot, but in reality this is only the surface web, a paltry 0.2% to 0.25% of digital space.

Home for the bulk of our data, the other 99.75% is known as the deep web. Research on deep web size is somewhat dated but the conditions the findings are based on appear to point to a growing size disparity, if any changes have occurred at all.

Unlike the surface web, which is made up of all networked information discoverable via public internet browsing, the deep web is all networked information blocked and hidden from public browsing.

Take Amazon as an example. It has its product pages, curated specifically to customer browsing habits and seemingly eerily aware of conversations people have had around their Alexa—this is the Surface Web. But powering this streamlined customer experience are databases storing details for hundreds of millions of customers; including personal identifiable information (PII), credit card and billing information, purchase history, and the like. Then there are databases for the millions of vendors, warehouse databases, logistical databases, corporate intranet, and so on. All in all you are looking at a foundational data well some 400 to 500 times larger than the visible surface.

The dark web is technically a part of this deep web rubric, meeting the criteria of being hidden from indexing by common web browsers. And although microscopically small in comparison it can have an outsized effect on the overall superstructure, sort of like a virus or a cure, depending on how it is used. In the Amazon example, where the dark web fits in is that a portion of its members would like nothing better than to access its deep web data for any number of nefarious purposes, including sale, ransom, or just to sow a bit of plain old anarchic chaos.

Such activities do not interest all dark web users, of course, with many seeing anonymity as an opportunity to fight off corruption rather than be a part of it. The dark web is a complex place, and to fully appreciate this shadow war of villains and vigilantes, how it can affect millions of people every now and then when it spills over into the light, first you have to understand its origins.

Breaking down the numbers

Anonymity is not without its challenges when it comes to mapping out hard figures. The key is to focus on commerce, a clear and reliable demarcating line. For the most part, those only seeking anonymity can stick to hidden chat rooms and the like. However, if a user is looking to engage in illegal activity, in most instances they’re going to have to pay for it. Several past studies and more recent work provide workable insight when extrapolating along this logic path.

First, a 2013 study analyzing 2,618 services being offered found over 44% to involve illicit activity. That number jumped to 57% in a follow up study conducted in 2016. These studies alone project an accelerating upward trend. Short of a more recent comprehensive study, the tried and true investigative maxim of “follow the money” should suffice in convincing the rational mind that this number is only going to grow dramatically. Especially when comparing the $250 million in bitcoin spent in 2012 on the dark web with the projected $1 billion mark for 2019.

Origins and operation

It was the invention of none other than the U.S. military—the Navy, of all branches, if you’d believe it. Seeking an easy way for spy networks to communicate without having to lug heavy encryption equipment to remote and hostile corners of the globe, the U.S. Naval Research Laboratory (NRL) came up with an ingenious solution. Ditching the equipment, it created an overlay network of unique address protocols and a convoluted routing system, effectively masking both the source and destination of all its traffic. By forgoing the traditional DNS system and relying instead on software specific browsers like Tor and Freenet and communication programs like I2P among others, dark web traffic was rendered invisible to traditional crawlers. Furthermore, with these browsers routing traffic through multiple user stations around the world, accurate tracking became extremely difficult. This solution afforded both flexibility and mobility for quick and easy insertion and extraction of human assets while securing sensitive communication to and from the field.

There was only one element missing. As co-creator Roger Dingledine explained, if only U.S. Department of Defense (DoD) personnel used the network it wouldn’t matter that source and destination were masked between multiple user stations. All users would be identifiable as part of the spy network. It would be like trying to hide a needle in a stack of needles. What the dark web needed was a haystack of non DoD users. And so in 2002 the software was made open source and anyone seeking the option to communicate and transact globally was invited to download it. Thousands of freedom-conscious people heeded the call and thus the dark web was born.

But freedom is morally ambiguous, granting expression to the best and worst urges of humanity. This is why security officers and senior executives in banks and businesses, insurance providers and intelligence agencies, all need to know who is using the dark web, what it is being used for, and how imminent is the threat it poses to their operations.

 [This article is originally published in calcalistech.com By riel Yosefi and Avraham Chaim Schneider - Uploaded by AIRS Member: Eric Beaudoin]

Categorized in Deep Web

Almost a third of North Americans accessed the Dark Web daily in 2019

Despite the Dark Web's mostly negative connotation, new research from PreciseSecurity.com has revealed that over 30 percent of North Americans used it regularly during 2019.

Last year saw an increasing number of people beginning to use the Dark Web as a means of keeping their online activity hidden from governments and telecoms.

The Dark Web itself is made up of websites on the internet that cannot be found through traditional search engines. Instead users must rely on specific software such as the Tor browser, configurations or authorization to access these sites.

PreciseSecurity.com's 2019 survey show that North America is the leading region when it comes to daily usage of the Dark Web. The firm's findings revealed that 26 percent of North Americans admitted to using the Dark Web daily while another seven percent accessed it at least once a week.

Dark Web usage

North American may have taken the top spot in terms of Dark Web usage but Latin America was not far behind at second on PreciseSecurity.com's list with 21 percent of respondents saying they visit the deep net daily while thirteen percent said they did so weekly. Europe took third place with 17 percent of citizens utilizing the Dark Web daily and additional 11 percent accessing it at least once a week.

The 2019 survey showed that online anonymity was by far the most common reason for users to access the Dark Web. Almost 40 percent of respondents used it during the last year to stay anonymous online and 26 percent said they used it to retrieve content unavailable in their location despite the fact that using a VPN would be far easier.

Nearly 25 percent of North Americans used the Dark Web to ensure their privacy from foreign governments and another 38 percent used it to protect their privacy from internet companies.

Of those surveyed who don't use Tor or access the Dark Web, almost 50 percent of respondents globally stated that they didn't because they don't know how to while 45 percent said they had no reason for doing so.

[Source: This article was published in techradar.com By Anthony Spadafora - Uploaded by the Association Member: Rene Meyer]

Categorized in Deep Web

Protect yourself by learning about this mysterious digital world

Below the surface, the internet you recognize and use for your browsing is a shadowy, digital netherworld. According to a report by Cybersecurity Ventures, cybercrime is projected to cost the world more than $6 trillion annually by 2021. At the heart of most cybercrime is the Dark Web.

The Dark Web is making its way into the public sphere more and more, but much remains unclear and misunderstood about this mysterious digital world that most of us will never see. Here’s what you need to know:

Three Layers of the Web

The World Wide Web has three distinct layers. The first is the Surface Web, where most people do searches using standard browsers. The second is the Deep Web, which is not indexed in standard search engines and is accessed by logging in directly to a site; it often requires some form of authentication for access. Finally, there is the Dark Web, which is only accessible through specific browsers. Its most common browser, Tor, encrypts all traffic and allows users to remain anonymous.

Gaining access to Dark Web sites often requires an invitation which is offered only after a substantial vetting process. Purveyors of these sites want to keep out law enforcement, although “white hat” hackers (computer security experts) and law enforcement have successfully broken through. Some identity theft protection services provide Dark Web monitoring to see if your personal information, such as your credit card, has been stolen. Often it is through the monitoring of the Dark Web that security professionals first become aware of massive data breaches by researching the commonality of large troves of personal information being sold.

Never click on any links in an email regardless of how legitimate the email may appear unless you have confirmed the email is indeed legitimate.

It is on these criminal Dark Web sites that all kinds of malware, like ransomware, are bought and sold. Other goods and services bought, sold and leased on these Dark Web cybercrime websites include login credentials to bank accounts, personal information stolen through data breaches, skimmers (devices to attack credit card processing equipment and ATMs) and ATM manuals that include default passwords.

Be Aware of Cybercrime Tools

Amazingly, the Dark Web sites have ratings and reviews, tech support, software updates, sales and loyalty programs just like regular retail websites. Many also offer money laundering services. Additionally, botnets (short for “robot network”) of compromised computers can be leased on the Dark Web to deliver malware as well as phishing and spear phishing emails (these appear to be sent from a trusted sender, but are seeking confidential information).

While the actual number of cybercriminal geniuses is relatively small, they’ve developed a lucrative business model. They create sophisticated malware, other cybercrime tools and their delivery systems, then sell or lease those tools to less sophisticated criminals.

The proliferation of ransomware attacks provides a good example of how this business model operates. Ransomware infects your computer and encrypts all of your data. Once your data has been encrypted, you, the victim of a ransomware attack, are told that a ransom must be paid within a short period of time or your data will be destroyed. Ransomware attacks have increased dramatically in the past few years and are now the fastest growing cybercrime.

Cybersecurity Ventures says companies are victimized by ransomware every 14 seconds, at a cost of $11.5 billion worldwide this year. While the creation and development of new ransomware strains requires great knowledge and skill, most ransomware attacks are being perpetrated by less sophisticated cybercriminals who purchase the ransomware on the Dark Web.

Regardless of how protective you are of your personal information, you are only as safe as the legitimate institutions that have your information.

Phishing, and more targeted spear phishing, have long been the primary way that malware, such as ransomware and keystroke logging malware used for identity theft purposes, are delivered. Phishing and spear phishing lure victims into clicking links within emails that download malware onto their computer systems.

Sophisticated cybercriminals now use artificial intelligence to gather personal information from social media such as Twitter, Facebook, Instagram and other sites to produce spear phishing emails with high success rates.

How to Protect Yourself

The best thing you can do to protect yourself from having your information turn up on the Dark Web is to avoid downloading the malware that can lead to your information being stolen or your computer being made a part of a botnet. Never click on any links in an email regardless of how legitimate the email may appear unless you have confirmed that the email is indeed legitimate.

Relying on security software is not enough to protect you, because the best security software is always at least a month behind the latest strains of malware. Regardless of how protective you are of your personal information, you are only as safe as the legitimate institutions that have your information.

In this era of constant data breaches, it is advisable to use an identity theft protection service that will monitor the Dark Web and alert you if your information appears there.  And there are websites which offer guidance on what to do if this happens to you. These monitors are a small flashlight shedding a beam on a very dark section of the digital universe and may help avoid major headaches before it’s too late.

[Source: This article was published in nextavenue.org By Steve Weisman - Uploaded by the Association Member: David J. Redcliff]

Categorized in Deep Web

The BBC has made its international news website available via the Tor network, in a bid to thwart censorship attempts.

The Tor browser is privacy-focused software used to access the dark web.

The browser can obscure who is using it and what data is being accessed, which can help people avoid government surveillance and censorship.

Countries including China, Iran and Vietnam are among those who have tried to block access to the BBC News website or programmes.

Instead of visiting bbc.co.uk/news or bbc.com/news, users of the Tor browser can visit the new bbcnewsv2vjtpsuy.onion web address. Clicking this web address will not work in a regular web browser.

The dark web copy of the BBC News website will be the international edition, as seen from outside the UK.

It will include foreign language services such as BBC Arabic, BBC Persian and BBC Russian.

But UK-only content and services such as BBC iPlayer will not be accessible, due to broadcast rights.


What is Tor?

Tor is a way to access the internet that requires software, known as the Tor browser, to use it.

The name is an acronym for The Onion Router. Just as there are many layers to the vegetable, there are many layers of encryption on the network.

It was originally designed by the US Naval Research Laboratory, and continues to receive funding from the US State Department.

It attempts to hide a person's location and identity by sending data across the internet via a very circuitous route involving several "nodes" - which, in this context, means using volunteers' PCs and computer servers as connection points.

Encryption applied at each hop along this route makes it very hard to connect a person to any particular activity.

To the website that ultimately receives the request, it appears as if the data traffic comes from the last computer in the chain - known as an "exit node" - rather than the person responsible.

dark web

Image captionTor hides a user's identity by routing their traffic through a series of other computers.

 As well as allowing users to visit normal websites anonymously, it can also be used as part of a process to host hidden sites, which use the .onion suffix.

Tor's users include the military, law enforcement officers and journalists, as well as members of the public who wish to keep their browser activity secret.

But it has also been associated with illegal activity, allowing people to visit sites offering illegal drugs for sale and access to child abuse images, which do not show up in normal search engine results and would not be available to those who did not know where to look.


While the Tor browser can be used to access the regular version of the BBC News website, using the .onion site has additional benefits.

"Onion services take load off scarce exit nodes, preserve end-to-end encryption [and] the self-authenticating domain name resists spoofing," explained Prof Steven Murdoch, a cyber-security expert from University College London.

In a statement, the BBC said: "The BBC World Service's news content is now available on the Tor network to audiences who live in countries where BBC News is being blocked or restricted. This is in line with the BBC World Service mission to provide trusted news around the world."

On Wednesday, the BBC also announced the UK's first interactive voice news service for smart speakers.

People using an Amazon Alexa-powered device will be able to skip ahead and get more information about the stories they are most interested in.

[Source: This article was published in bbc.com - Uploaded by the Association Member: Patrick Moore]

Categorized in Deep Web

Since the Arab uprisings of 2011, UAE has utilised 'cyber-security governance' to quell the harbingers of revolt and suppress dissident voices

he nuts and bolts of the Emirati surveillance state moved into the spotlight on 1 February as the Abu Dhabi-based cybersecurity company DarkMatter allegedly stepped "out of the shadows" to speak to the international media.

Its CEO and founder, Faisal al-Bannai, gave a rare interview to the Associated Press at the company's headquarters in Abu Dhabi, in which he absolved his company of any direct responsibility for human rights violations in the UAE.  

Established in the UAE in 2015, DarkMatter has always maintained itself to be a commercially driven company. Despite the Emirati government constituting 80 percent of DarkMatter's customer base and the company previously describing itself as "a strategic partner of the UAE government", its CEO was at pains to suggest that it was independent from the state.

According to its website, the company's stated aim is to "protect governments and enterprises from the ever-evolving threat of cyber attack" by offering a range of non-offensive cybersecurity services. 

Seeking skilled hackers

Though DarkMatter defines its activities as defensive, an Italian security expert, who attended an interview with the company in 2016, likened its operations to "big brother on steroids" and suggested it was deeply rooted within the Emirati intelligence system.

Simone Margaritelli, also a former hacker, alleged that during the interview he was informed of the UAE's intention to develop a surveillance system that was "capable of intercepting, modifying, and diverting (as well as occasionally obscuring) traffic on IP, 2G, 3G, and 4G networks".

Although he was offered a lucrative monthly tax-free salary of $15,000, he rejected the offer on ethical grounds.

Furthermore, in an investigation carried out by The Intercept in 2016, sources with inside knowledge of the company said that DarkMatter was "aggressively" seeking skilled hackers to carry out offensive surveillance operations. This included plans to exploit hardware probes already installed across major cities in order to track, locate and hack any person at any time in the UAE.

In many respects, the UAE's surveillance infrastructure has been built by a network of international cybersecurity “dealers” who have willingly profited from supplying the Emirati regime with the tools needed for a modern-day surveillance state

As with other states, there is a need for cybersecurity in the UAE. As the threat of cyber-attacks has increased worldwide, there have been numerous reports of attempted attacks from external actors on critical infrastructure in the country. 

Since the Arab uprisings of 2011, however, internal "cyber-security governance", which has been utilised to quell the harbingers of revolt and suppress dissident voices, has become increasingly important to the Emirati government and other regimes across the region.

Authoritarian control

In the UAE, as with other GCC states, this has found legislative expression in the cybercrime law. Instituted in 2012, its vaguely worded provisions essentially provide a legal basis to detain anybody who criticises the regime online.

This was to be followed shortly after by the formation of the UAE’s own cybersecurity entity, the National Electronic Security Authority (NESA), which recently began working in parallel with the UAE Armed Forces’ cyber command unit, established in 2014.  

A network of Emirati government agencies and state-directed telecommunications industries have worked in loose coordination with international arms manufacturers and cybersecurity companies to transform communications technologies into central components of authoritarian control. 

In 2016, an official from the Dubai police force announced that authorities were monitoring users across 42 social media platforms, while a spokesperson for the UAE’s Telecommunication Regulatory Authority similarly boasted that all social media profiles and internet sites were being tracked by the relevant agencies.

000 OF77X

Crown Prince Mohammed Bin Zayed Al Nahyan of Abu Dhabi meets with US President Donald Trump in Washington in May 2017 (AFP)

As a result, scores of people who have criticised the UAE government on social media have been arbitrarily detained, forcefully disappeared and, in many cases, tortured.

Last year, Jordanian journalist Tayseer al-Najjar and prominent Emirati academic Nasser bin Ghaith received sentences of three and 10 years respectively for comments made on social media. Similarly, award-winning human rights activist Ahmed Mansoor has been arbitrarily detained for nearly a year due to his online activities. 

This has been a common theme across the region in the post-"Arab Spring" landscape. In line with this, a lucrative cybersecurity market opened up across the Middle East and North Africa, which, according to the US tech research firm Gartner, was valued at $1.3bn in 2016.

A modern-day surveillance state

In many respects, the UAE's surveillance infrastructure has been built by a network of international cybersecurity "dealers" who have willingly profited from supplying the Emirati regime with the tools needed for a modern-day surveillance state. 

Moreover, it has been reported that DarkMatter has been hiring a range of top talent from across the US national security and tech establishment, including from Google, Samsung, and McAfee. Late last year, it was revealed that DarkMatter was managing an intelligence contract that had been recruiting former CIA agents and US government officials to train Emirati security officials in a bid to bolster the UAE's intelligence body.

UK military companies also have a foothold in the Emirati surveillance state. Last year, it was revealed that BAE Systems had been using a Danish subsidiary, ETI Evident, to export surveillance technologies to the UAE government and other regimes across the region. 

'The million-dollar dissident'

Although there are officially no diplomatic relations between the two countries, in 2016, Abu Dhabi launched Falcon Eye, an Israeli-installed civil surveillance system. This enables Emirati security officials to monitor every person "from the moment they leave their doorstep to the moment they return to it", a source close to Falcon Eye told Middle East Eye in 2015.

The source added that the system allows work, social and behavioral patterns to be recorded, analyzed and archived: "It sounds like sci-fi but it is happening in Abu Dhabi today."

Moreover, in a story that made headlines in 2016, Ahmed Mansoor's iPhone was hacked by the UAE government with software provided by the Israeli-based security company NSO Group. Emirati authorities reportedly paid $1m for the software, leading international media outlets to dub Mansoor "the million-dollar dissident."

Mansoor's case is illustrative of how Emirati authorities have conducted unethical practices in the past. In recent years, the UAE has bought tailored software products from international companies such as Hacking Team to engage in isolated, targeted attacks on human rights activists, such as Mansoor.

The operations of DarkMatter, as well as the installation of Falcon Eye, suggest, however, that rather than relying on individual products from abroad, Emirati authorities are now building a surveillance system of their own and bringing operations in-house by developing the infrastructure for a 21st-century police state. 

[Source: This article was published in middleeasteye.net By JOE ODELL - Uploaded by the Association Member: Wushe Zhiyang]

Categorized in Deep Web

[Source: This article was published in technadu.com By Sydney Butler - Uploaded by the Association Member: Dana W. Jimenez]

The Dark Web, as part of the Deep Web, is defined largely by the fact that search engines can’t index it. Yet, people need to find onion sites in order to use them and many onion sites would be pretty pointless if no one ever visited them.

Which brings us to the idea of Dark Web “search engines”. Is there such a thing? How do they work? It’s a little more complicated than simply making a “Google for the Dark Web”, but in this article, you’ll learn about some of the best “search engines”, right after we explain what the special meaning of that term is in this context.

What Are Dark Web Search Engines?

Many so-called Dark Web search engines are really just repositories of links. This is actually how early search engines on the internet worked. More like a giant phone book than a web crawler that indexed the contents of sites.

Then, of course, there are search engines on the Dark Web that search the surface web. In other words, they provide a super-secure way to search for things on the regular internet that you don’t want to be attached to your history or identity. So adjust your expectations a little of what it means for something on the Dark Web to be a search engine and feast your eyes on these excellent Dark Web destinations, in your search for hidden network content.

DuckDuckGo

DuckDuckGo

DuckDuckGo is easily accessible via the surface web, you just have to type its URL into any browser. It also offers an onion domain, which means that it counts as a Dark Web search engine, although it’s not really an engine that searches the Dark Web itself. You can search for onion links using this tool, but your mileage may vary.

What makes DuckDuckGo special is its ability to return relevant search results almost as good as those provided by Google. Yet, it does not need to store any information about you or your search history in order to do it. It’s one of the best privacy-focused search engines in existence and its presence on the Dark Web just adds another strong layer of security.

Torch

Torch

Torch is one of the oldest onion site indexes in existence. While no one knows for sure how much info is stored on the site, Torch itself claims that there are more than a million pages in its index. If something you’ve heard of exists on the Dark Web, Torch is probably your best chance of finding it.

The Onion URL Repository

Just as the name suggests, the Onion URL directory is another massive dump of onion sites with descriptions. More than a million sites by all accounts. That’s a lot of possible destinations to sift through, although no one knows how much of it overlaps with a site like Torch and how much is unique to this repository. Unfortunately, we weren’t actually able to find a working link to this one at the time of writing.

notEvil

notEvil

notEvil is the closest thing to a Google experience you may get on the Dark Web. The design of the site and how it appears to work is very reminiscent of the search giant. The name of this search tool is also a direct reference to Google since the company once had the motto “don’t be evil”, although that has been quietly retired.

notEvil provides some of the most relevant results and is probably the best “proper” search engine on the Dark Web.

Ahmia.fi

Ahmia.fi

OK, Ahmia is something a little different to the other sites listed here. Instead of being a search engine that resides on the Dark Web, this is actually an engine that searches the Tor Hidden Services network from the surface web. It also has an onion service and to actually visit any of the sites listed you’ll need Tor, but it’s pretty awesome that you can look for onion sites from any computer, not just one that has access to Tor.

Candle

Candle

Candle is a fairly new project that was first announced on r/onions/ three years ago. It’s a hobby project from the creator, trying to make a Google-like search engine for Tor. So Candle has actually been indexing onion sites and when it was announced there were already more than 100,000 pages.

Categorized in Deep Web

[Source: This article was published in hothardware.com By Rod Scher - Uploaded by the Association Member: Robert Hensonw]

We have all heard of the dark web: a lawless digital world, uncharted and unstructured, full of data -- much of it illegally acquired and illegally for sale -- that cannot be viewed without special tools: proxy servers, TOR browsers, and the like. It's a murky and mysterious place, a place where much information resides but is difficult to unearth for the uninitiated.



Until now. Canada's Echosec Systems Ltd. recently released Beacon, a security tool that's designed to shed some light on the dark web.

Karl1
 Karl Swannie is the CEO of Echosec, the company behind Beacon

"Beacon is a dark web search engine that allows users to search anonymously, without the need for a TOR browser," says Echosec CTO Michael Raypold. "We’ve designed Beacon to be simple to interact with, while incorporating powerful advanced search tools, making searching unindexed data in the dark web as easy as using a surface web search engine."

The idea behind Beacon is that it can be used by a company to potentially head off -- or at the very least mitigate -- a potential disaster. Since the bulk of the data on the dark web is essentially unstructured, the Echosec team crawled the dark web, indexed its content and then build a natural language query interface that allows non-hackers to access that information quickly and easily. Simply put, Beacon is like Google for the dark web.

small beacongrab

With Beacon, dark web data can be searched by a variety of criteria. Specific types of data (credit cards, emails, etc.) can be searched for explicitly.


Keep in mind, of course, that not everything on the dark web is illegal.

Says Raypold, "The dark web is a place where you can source illegal or illicit materials because the inherent privacy and anonymity baked into platforms like the TOR network makes buying and selling these goods easier to achieve without repercussions. However, that isn’t to say everything on the dark web is illegal. News organization like the NYTimes and Pro Publica maintain Onion sites for their more privacy-conscious users and to help disseminate news that might otherwise be censored." Still, much of the dark web's content was acquired illegally and can be misused to spread misinformation, victimize vulnerable populations, execute social engineering exploits, or engage in various forms of identity theft.

We all know that information in the wrong hands can be dangerous. Raypold cites the story of Coca-Cola's attempt, some years back, to acquire a Chinese soft drink company. Unbeknownst to high-level Coca-Cola executives, the company's secret plans and negotiation tactics were in fact not secret at all, because Coca-Cola had been previously hacked, thanks to a phishing email opened by a Coca-Cola exec.

Beacon did not exist at that time (2009), but it's likely that some of the information retrieved from the hack and many pilfered emails would have ended up on the dark web; if so, Beacon could have unearthed them, letting the company know of its vulnerability long before 2009 and perhaps allowing Coca-Cola to mitigate the damage. (In the end, the acquisition fell through, most likely because Coca-Cola -- having lost control of its confidential information -- had also lost any leverage it might have had in the negotiations.)

The goal of Beacon, says Raypold, is to allow companies to easily examine data on the dark web as a way of locating the potentially harmful information that’s stored there: this could include stolen corporate emails, company documents, personal info, or other such data that could be detrimental to a company, its brand, or its customers. After all, if your data has been compromised, it's always better to know than not to know.

Mike
Mike Raypold is the CTO of Echosec, LTD.

"Beacon allows teams to more quickly identify and respond to information that can materially damage a company’s brand and consumer trust," says Raypold. "Being able to quickly identify a sensitive problem also means that you can start putting a solution in place and notify your customers before they find out through other means."

Of course, a security tool is but another weapon in the wrong hands, and weapons can be misused; it's one thing for a pen-tester or white-hat hacker to be in possession of systems that can locate or uncover data, but what about someone finding a way to misuse Beacon? While Raypold notes that it is possible to misuse Beacon, since the tool makes it easier for users to locate data they might otherwise have difficulty finding, he says that the company has taken steps to mitigate that danger.

"First, every Echosec customer must go through a use-case approval process to determine how the customer is using the application and to make sure they are in compliance with the vendors from whom the data Is sourced," says Raypold. "If a potential customer cannot pass the use-case approval process, they do not get access to the system."

Second, the company has built automated tools and manual processes into its platform and into the company workflows to notify the Echosec team if users attempt to run searches that are in violation of their approved use case.

"The checks built into the platform will outright prevent some searches from being run, so that users never receive data that we perceive could be used with malicious intent. Furthermore, some of the vendors from whom we source data have asked us to prevent certain queries from being run, regardless of a customer's use case," says Raypold. (Naturally, the company publishes an "acceptable use" policy, which can be found here.)

Echosec expects to sell Beacon mainly to corporate customers interested in keeping tabs on their intellectual property, corporate secrets, and other sensitive data. White-hat hackers -- such as pen-testers -- could conceivably be a market as well, but the company feels that would be fairly uncommon. And if it did occur, it would simply be viewed as an example of contracted security experts acting on behalf of the ultimate corporate customer.



However, (and by whomever) Beacon is used, it looks as if the murky landscape of the dark web is no longer quite as dark as it once was.

Categorized in Deep Web

[Source: This article was published in ibtimes.co.uk By Anthony Cuthbertson - Uploaded by the Association Member: Robert Hensonw]

A search engine more powerful than Google has been developed by the US Defence Advanced Research Projects Agency (DARPA), capable of finding results within dark web networks such as Tor.

The Memex project was ostensibly developed for uncovering sex-trafficking rings, however the platform can be used by law enforcement agencies to uncover all kinds of illegal activity taking place on the dark web, leading to concerns surrounding internet privacy.

Thousands of sites that feature on dark web browsers like Tor and I2P can be scraped and indexed by Memex, as well as the millions of web pages ignored by popular search engines like Google and Bing on the so-called Deep Web.

The difference between the dark web and the deep web

The dark web is a section of the internet that requires specialist software tools to access, such as the Tor browser. Originally designed to protect privacy, it is often associated with illicit activities.

The deep web is a section of the open internet that is not indexed by search engines like Google - typically internal databases and forums within websites. It comprises around 95% of the internet.

Websites operating on the dark web, such as the former Silk Road black marketplace, purport to offer anonymity to their users through a form of encryption known as Onion Routing.

While users' identities and IP addresses will still not be revealed through Memex results, the use of an automated process to analyse content could uncover patterns and relationships that could potentially be used by law enforcement agencies to track and trace dark web users.

"We're envisioning a new paradigm for search that would tailor content, search results, and interface tools to individual users and specific subject areas, and not the other way round," said DARPA program manager Chris White.

"By inventing better methods for interacting with and sharing information, we want to improve search for everybody and individualise access to information. Ease of use for non-programmers is essential."

Memex achieves this by addressing the one-size-fits-all approach taken by mainstream search engines, which list results based on consumer advertising and ranking.

 us internet surveillance DARPA TOR Memex dark web

 Memex raises further concerns about internet surveillance US Web Home

'The most intense surveillance state the world has literally ever seen'

The search engine is initially being used by the US Department of Defence to fight human trafficking and DARPA has stated on its website that the project's objectives do not involve deanonymising the dark web.

The statement reads: "The program is specifically not interested in proposals for the following: attributing anonymous services, deanonymising or attributing identity to servers or IP addresses, or accessing information not intended to be publicly available."

Despite this, White has revealed that Memex has been used to improve estimates on the number of services there are operating on the dark web.

"The best estimates there are, at any given time, between 30,000 and 40,000 hidden service Onion sites that have content on them that one could index," White told 60 Minutes earlier this month.

Internet freedom advocates have raised concerns based on the fact that DARPA has revealed very few details about how Memex actually works, which partners are involved and what projects beyond combating human trafficking are underway.

"What does it tell about a person, a group of people, or a program, when they are secretive and operate in the shadows?" author Cassius Methyl said in a post to Anti Media. "Why would a body of people doing benevolent work have to do that?

"I think keeping up with projects underway by DARPA is of critical importance. This is where the most outrageous and powerful weapons of war are being developed.

"These technologies carry the potential for the most intense surveillance/ police state that the world has literally ever seen."

Categorized in Deep Web

[Source: This article was published in csoonline.com By Josh Fruhlinger- Uploaded by the Association Member: Eric Beaudoin] 

Catch a glimpse of what flourishes in the shadows of the internet.

Back in the 1970s, "darknet" wasn't an ominous term: it simply referred to networks that were isolated from the mainstream of ARPANET for security purposes. But as ARPANET became the internet and then swallowed up nearly all the other computer networks out there, the word came to identify areas that were connected to the internet but not quite of it, difficult to find if you didn't have a map.

The so-called dark web, a catch-all phrase covering the parts of the internet not indexed by search engines, is the stuff of grim legend. But like most legends, the reality is a bit more pedestrian. That's not to say that scary stuff isn't available on dark web websites, but some of the whispered horror stories you might've heard don't make up the bulk of the transactions there.

{youtube}7QxzFbrrswA{/youtube}

Here are ten things you might not know about the dark web.

New dark web sites pop up every day...

A 2015 white paper from threat intelligence firm Recorded Future examines the linkages between the Web you know and the darknet. The paths usually begin on sites like Pastebin, originally intended as an easy place to upload long code samples or other text but now often where links to the anonymous Tor network are stashed for a few days or hours for interested parties. 

While searching for dark web sites isn't as easy as using Google—the point is to be somewhat secretive, after all—there are ways to find out what's there.  The screenshot below was provided by Radware security researcher Daniel Smith, and he says it's the product of "automatic scripts that go out there and find new URLs, new onions, every day, and then list them. It's kind of like Geocities, but 2018"—a vibe that's helped along by pages with names like "My Deepweb Site," which you can see on the screenshot.

fresh onions

..and many are perfectly innocent

Matt Wilson, chief information security advisor at BTB Security, says that "there is a tame/lame side to the dark web that would probably surprise most people. You can exchange some cooking recipes—with video!—send email, or read a book. People use the dark web for these benign things for a variety of reasons: a sense of community, avoiding surveillance or tracking of internet habits, or just to do something in a different way."

It's worth remembering that what flourishes on darknet is material that's been banned elsewhere online. For example, in 2015, in the wake of the Chinese government cracking down on VPN connections through the so-called "great firewall," Chinese-language discussions started popping up on the darknet — mostly full of people who just wanted to talk to each other in peace.

Radware's Smith points out that there are a variety of news outlets on the dark web, ranging from the news website from the hacking group Anonymous to the New York Times, shown in the screenshot here, all catering to people in countries that censor the open internet.

nytimes

 

Some spaces are by invitation only

Of course, not everything is so innocent, or you wouldn't be bothering to read this article. Still, "you can't just fire up your Tor browser and request 10,000 credit card records, or passwords to your neighbor’s webcam," says Mukul Kumar, CISO and VP of Cyber Practice at Cavirin. "Most of the verified 'sensitive' data is only available to those that have been vetted or invited to certain groups.

"

How do you earn an invite into these kinds of dark web sites? "They're going to want to see history of crime," says Radware's Smith. "Basically it's like a mafia trust test. They want you to prove that you're not a researcher and you're not law enforcement. And a lot of those tests are going to be something that a researcher or law enforcement legally can't do."

There is bad stuff, and crackdowns means it's harder to trust

As recently as last year, many dark web marketplaces for drugs and hacking services featured corporate-level customer service and customer reviews, making navigating simpler and safer for newbies. But now that law enforcement has begun to crack down on such sites, the experience is more chaotic and more dangerous.

"The whole idea of this darknet marketplace, where you have a peer review, where people are able to review drugs that they're buying from vendors and get up on a forum and say, 'Yes, this is real' or 'No, this actually hurt me'—that's been curtailed now that dark marketplaces have been taken offline," says Radware's Smith. "You're seeing third-party vendors open up their own shops, which are almost impossible to vet yourself personally. There's not going to be any reviews, there's not a lot of escrow services. And hence, by these takedowns, they've actually opened up a market for more scams to pop up."

Reviews can be wrong, products sold under false pretenses—and stakes are high

There are still sites where drugs are reviewed, says Radware's Smith, but keep in mind that they have to be taken with a huge grain of salt. A reviewer might get a high from something they bought online, but not understand what the drug was that provided it.

One reason these kinds of mistakes are made? Many dark web drug manufacturers will also purchase pill presses and dyes, which retail for only a few hundred dollars and can create dangerous lookalike drugs. "One of the more recent scares that I could cite would be Red Devil Xanax," he said. "These were sold as some super Xanax bars, when in reality, they were nothing but horrible drugs designed to hurt you."

The dark web provides wholesale goods for enterprising local retailers...

Smith says that some traditional drug cartels make use of the dark web networks for distribution—"it takes away the middleman and allows the cartels to send from their own warehouses and distribute it if they want to"—but small-time operators can also provide the personal touch at the local level after buying drug chemicals wholesale from China or elsewhere from sites like the one in the screenshot here. "You know how there are lots of local IPA microbreweries?" he says. "We also have a lot of local micro-laboratories. In every city, there's probably at least one kid that's gotten smart and knows how to order drugs on the darknet, and make a small amount of drugs to sell to his local network."

xanax

 

...who make extensive use of the gig economy

Smith describes how the darknet intersects with the unregulated and distributed world of the gig economy to help distribute contraband. "Say I want to have something purchased from the darknet shipped to me," he says. "I'm not going expose my real address, right? I would have something like that shipped to an AirBnB—an address that can be thrown away, a burner. The box shows up the day they rent it, then they put the product in an Uber and send it to another location. It becomes very difficult for law enforcement to track, especially if you're going across multiple counties."

Not everything is for sale on the dark web

We've spent a lot of time talking about drugs here for a reason. Smith calls narcotics "the physical cornerstone" of the dark web; "cybercrime—selling exploits and vulnerabilities, web application attacks—that's the digital cornerstone. Basically, I'd say a majority of the darknet is actually just drugs and kids talking about little crimes on forums."

Some of the scarier sounding stuff you hear about being for sale often turns out to be largely rumors. Take firearms, for instance: as Smith puts it, "it would be easier for a criminal to purchase a gun in real life versus the internet. Going to the darknet is adding an extra step that isn't necessary in the process. When you're dealing with real criminals, they're going to know someone that's selling a gun."

Specific niches are in

Still, there are some very specific darknet niche markets out there, even if they don't have the same footprint that narcotics does. One that Smith drew my attention to was the world of skimmers, devices that fit into the slots of legitimate credit and ATM card readers and grab your bank account data.

And, providing another example of how the darknet marries physical objects for sale with data for sale, the same sites also provide data manual sheets for various popular ATM models. Among the gems available in these sheets are the default passwords for many popular internet-connected models; we won't spill the beans here, but for many it's the same digit repeated five times.

atm skinners

 

It's still mimicking the corporate world

Despite the crackdown on larger marketplaces, many dark web sites are still doing their best to simulate the look and feel of more corporate sites

elude

 

The occasional swear word aside, for instance, the onion site for the Elude anonymous email service shown in this screenshot looks like it could come from any above-board company.

One odd feature of corporate software that has migrated to the dark web: the omnipresent software EULA. "A lot of times there's malware I'm looking at that offers terms of services that try to prevent researchers from buying it," he says. "And often I have to ask myself, 'Is this person really going to come out of the dark and trying to sue someone for doing this?'"

And you can use the dark web to buy more dark web

And, to prove that any online service can, eventually, be used to bootstrap itself, we have this final screenshot from our tour: a dark web site that will sell you everything you need to start your own dark web site.docker

 

Think of everything you can do there—until the next crackdown comes along.

Categorized in Internet Privacy
Page 1 of 10

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media

Book Your Seat for Webinar - GET 70% OFF FOR MEMBERS ONLY      Register Now