Articles
Pages
Products
Research Papers
Search - Easy Blog Comment
Blogs
Search Engines
Events
Webinar, Seminar, Live Classes

[Source: This article was published in csoonline.com By Josh Fruhlinger- Uploaded by the Association Member: Eric Beaudoin] 

Catch a glimpse of what flourishes in the shadows of the internet.

Back in the 1970s, "darknet" wasn't an ominous term: it simply referred to networks that were isolated from the mainstream of ARPANET for security purposes. But as ARPANET became the internet and then swallowed up nearly all the other computer networks out there, the word came to identify areas that were connected to the internet but not quite of it, difficult to find if you didn't have a map.

The so-called dark web, a catch-all phrase covering the parts of the internet not indexed by search engines, is the stuff of grim legend. But like most legends, the reality is a bit more pedestrian. That's not to say that scary stuff isn't available on dark web websites, but some of the whispered horror stories you might've heard don't make up the bulk of the transactions there.

Here are ten things you might not know about the dark web.

New dark web sites pop up every day...

A 2015 white paper from threat intelligence firm Recorded Future examines the linkages between the Web you know and the darknet. The paths usually begin on sites like Pastebin, originally intended as an easy place to upload long code samples or other text but now often where links to the anonymous Tor network are stashed for a few days or hours for interested parties. 

While searching for dark web sites isn't as easy as using Google—the point is to be somewhat secretive, after all—there are ways to find out what's there.  The screenshot below was provided by Radware security researcher Daniel Smith, and he says it's the product of "automatic scripts that go out there and find new URLs, new onions, every day, and then list them. It's kind of like Geocities, but 2018"—a vibe that's helped along by pages with names like "My Deepweb Site," which you can see on the screenshot.

fresh onions

..and many are perfectly innocent

Matt Wilson, chief information security advisor at BTB Security, says that "there is a tame/lame side to the dark web that would probably surprise most people. You can exchange some cooking recipes—with video!—send email, or read a book. People use the dark web for these benign things for a variety of reasons: a sense of community, avoiding surveillance or tracking of internet habits, or just to do something in a different way."

It's worth remembering that what flourishes on darknet is material that's been banned elsewhere online. For example, in 2015, in the wake of the Chinese government cracking down on VPN connections through the so-called "great firewall," Chinese-language discussions started popping up on the darknet — mostly full of people who just wanted to talk to each other in peace.

Radware's Smith points out that there are a variety of news outlets on the dark web, ranging from the news website from the hacking group Anonymous to the New York Times, shown in the screenshot here, all catering to people in countries that censor the open internet.

nytimes

 

Some spaces are by invitation only

Of course, not everything is so innocent, or you wouldn't be bothering to read this article. Still, "you can't just fire up your Tor browser and request 10,000 credit card records, or passwords to your neighbor’s webcam," says Mukul Kumar, CISO and VP of Cyber Practice at Cavirin. "Most of the verified 'sensitive' data is only available to those that have been vetted or invited to certain groups.

"

How do you earn an invite into these kinds of dark web sites? "They're going to want to see history of crime," says Radware's Smith. "Basically it's like a mafia trust test. They want you to prove that you're not a researcher and you're not law enforcement. And a lot of those tests are going to be something that a researcher or law enforcement legally can't do."

There is bad stuff, and crackdowns means it's harder to trust

As recently as last year, many dark web marketplaces for drugs and hacking services featured corporate-level customer service and customer reviews, making navigating simpler and safer for newbies. But now that law enforcement has begun to crack down on such sites, the experience is more chaotic and more dangerous.

"The whole idea of this darknet marketplace, where you have a peer review, where people are able to review drugs that they're buying from vendors and get up on a forum and say, 'Yes, this is real' or 'No, this actually hurt me'—that's been curtailed now that dark marketplaces have been taken offline," says Radware's Smith. "You're seeing third-party vendors open up their own shops, which are almost impossible to vet yourself personally. There's not going to be any reviews, there's not a lot of escrow services. And hence, by these takedowns, they've actually opened up a market for more scams to pop up."

Reviews can be wrong, products sold under false pretenses—and stakes are high

There are still sites where drugs are reviewed, says Radware's Smith, but keep in mind that they have to be taken with a huge grain of salt. A reviewer might get a high from something they bought online, but not understand what the drug was that provided it.

One reason these kinds of mistakes are made? Many dark web drug manufacturers will also purchase pill presses and dyes, which retail for only a few hundred dollars and can create dangerous lookalike drugs. "One of the more recent scares that I could cite would be Red Devil Xanax," he said. "These were sold as some super Xanax bars, when in reality, they were nothing but horrible drugs designed to hurt you."

The dark web provides wholesale goods for enterprising local retailers...

Smith says that some traditional drug cartels make use of the dark web networks for distribution—"it takes away the middleman and allows the cartels to send from their own warehouses and distribute it if they want to"—but small-time operators can also provide the personal touch at the local level after buying drug chemicals wholesale from China or elsewhere from sites like the one in the screenshot here. "You know how there are lots of local IPA microbreweries?" he says. "We also have a lot of local micro-laboratories. In every city, there's probably at least one kid that's gotten smart and knows how to order drugs on the darknet, and make a small amount of drugs to sell to his local network."

xanax

 

...who make extensive use of the gig economy

Smith describes how the darknet intersects with the unregulated and distributed world of the gig economy to help distribute contraband. "Say I want to have something purchased from the darknet shipped to me," he says. "I'm not going expose my real address, right? I would have something like that shipped to an AirBnB—an address that can be thrown away, a burner. The box shows up the day they rent it, then they put the product in an Uber and send it to another location. It becomes very difficult for law enforcement to track, especially if you're going across multiple counties."

Not everything is for sale on the dark web

We've spent a lot of time talking about drugs here for a reason. Smith calls narcotics "the physical cornerstone" of the dark web; "cybercrime—selling exploits and vulnerabilities, web application attacks—that's the digital cornerstone. Basically, I'd say a majority of the darknet is actually just drugs and kids talking about little crimes on forums."

Some of the scarier sounding stuff you hear about being for sale often turns out to be largely rumors. Take firearms, for instance: as Smith puts it, "it would be easier for a criminal to purchase a gun in real life versus the internet. Going to the darknet is adding an extra step that isn't necessary in the process. When you're dealing with real criminals, they're going to know someone that's selling a gun."

Specific niches are in

Still, there are some very specific darknet niche markets out there, even if they don't have the same footprint that narcotics does. One that Smith drew my attention to was the world of skimmers, devices that fit into the slots of legitimate credit and ATM card readers and grab your bank account data.

And, providing another example of how the darknet marries physical objects for sale with data for sale, the same sites also provide data manual sheets for various popular ATM models. Among the gems available in these sheets are the default passwords for many popular internet-connected models; we won't spill the beans here, but for many it's the same digit repeated five times.

atm skinners

 

It's still mimicking the corporate world

Despite the crackdown on larger marketplaces, many dark web sites are still doing their best to simulate the look and feel of more corporate sites

elude

 

The occasional swear word aside, for instance, the onion site for the Elude anonymous email service shown in this screenshot looks like it could come from any above-board company.

One odd feature of corporate software that has migrated to the dark web: the omnipresent software EULA. "A lot of times there's malware I'm looking at that offers terms of services that try to prevent researchers from buying it," he says. "And often I have to ask myself, 'Is this person really going to come out of the dark and trying to sue someone for doing this?'"

And you can use the dark web to buy more dark web

And, to prove that any online service can, eventually, be used to bootstrap itself, we have this final screenshot from our tour: a dark web site that will sell you everything you need to start your own dark web site.docker

 

Think of everything you can do there—until the next crackdown comes along.

Categorized in Internet Privacy

[Source: This article was Published in techworld.com BY Laurie Clarke - Uploaded by the Association Member: Issac Avila] 

Threat intelligence firm Recorded Future has published new research examining the dark 

The dark web. It’s a name that evokes the damp and dingy crevices of the internet; breeding grounds for a virulent strain of depravity. But is the hype justified? Threat intelligence agency Recorded Future has published research that attempts to demystify our concept of this subterranean section of the web.

The organisation has close ties to In-Q-Tel, the CIA’s investment arm and Google Ventures, after receiving a substantial suffusion of cash from both shortly after being founded in 2009. According to its website, it provides threat intelligence to 91 percent of the Fortune 100, including GSK, Raytheon and Morgan Stanley. 

“The term dark web kind of has a Hollywood aura or mystique around it,” says Garth Griffin, director of data science at Recorded Future. “We wanted to make it more concrete, more specific, and measure what we could about what the dark web really is.”

To conduct the research, the team looked specifically at 'onion sites': those accessible through the Tor (The Onion Router) browser, which is generally seen as the gateway into the dark web. 

One of the team's first findings was the relatively small size of the dark web compared to the clear web. They discovered just 55,000 domains, of which only 8,400 were actually serving a website - a tiny fraction of the millions of domains supported by the clear web.

The instability and unreliability of dark web sites also became apparent, of which uptime is an incisive indicator. “The gold standard on clear websites is the ‘five nines’ - you know, 99.999% uptime,” says Griffin. The uptime on a Tor site generally hovers closer to 90%. Although this doesn’t suggest a radical difference, Griffin says that even the small step between four nines and five nines is noticeable in the user experience on the clear web. 

“This is again counter to the image of the onion network as a sort of metropolis of bustling criminal activity,” says Griffin. “It’s actually kind of hard to use and disorganised.”

Recorded Future found that the dark web is more homogeneous than the clear web in terms of the languages used. Eighty-six percent of the language is English, while this is closer to 54 percent on the clear web.  

Among the criminal sites on Tor, those home to the darkest shades of criminal activity is more concealed than others. The research quantified the visibility of these sites by counting the number of inbound links, that is, other sites hyperlinking back to them. They found that for popular markets on the site which are fairly visible, these numbered around 3,500 links. “Then we had this handful of sites that in our view represent top-tier criminal sites, where there is really scary criminal activity,” says Griffin. “These had a maximum of just 15 inbound links.”

By comparison, a popular site on a clear web like Wikipedia might count millions and millions of inbound links. These findings indicate the tiny scale of the slice of the dark web dealing in severe criminal activity. But even criminal users adept enough to worm their way into the dark web's fetid undercarriage aren’t immune - scams running to catch out criminals abound, including typosquatting, and fake sites that promise to deliver goods or carry out actions they never will. 

Griffin says the company has been harvesting from onion sites on the dark web for a very long time, but this research was novel in its wide-ranging view of the entire dark web, rather than just the explicitly criminal elements. Griffin says their clients are all in the security space, looking to protect their organisations from a variety of cyberthreats. “It gets a lot of attention focused on it by virtue of the Hollywood aura that surrounds it,” says Griffin. “In our view, the dark web is relevant, but it's far from the only thing that matters.” 

But is the dark web the safe haven for rampant, unchecked criminality it's made out to be? Tor was set up by the US army agency, DARPA (Defense Advanced Research Projects Agency), and was solely funded by US government agencies for much of its existence, even at the height of the Edward Snowden leaks (that were orchestrated with the help of Tor).

Today, it still counts a number of US government agencies, or beneficiaries of US government money, among its donors that include the Open Technology Fund, the US Department of State Bureau of Democracy, Human Rights, and Labor and DARPA via the University of Pennsylvania.

That the very site portrayed as a secure space impenetrable to law enforcement agencies was also founded and funded by them should be enough to give most criminals pause. High profile takedowns of criminal users of the dark web, including most notably the founder of Silk Road, and Playpen, the child pornography site, have proved that it’s not beyond the reach of the law. In fact, some commentators have suggested that while Tor was founded by the US government primarily as a place where their operatives could act unseen, it also successfully acts as a honey pot that attracts criminals to congregate usefully in one place.

Griffin concurs: “It's clearly not a silver bullet for the criminal community, because law enforcement has successfully taken down markets and carried out infiltration. It certainly does not prevent law enforcement from successfully disrupting criminal activity.”

This could explain why today there is still more criminal activity taking place on the clear web than through onion sites.

Categorized in Deep Web

[This article is originally published in edp24.co.uk written by Luke Powell - Uploaded by AIRS Member: Daniel K. Henry]

A man from Thetford viewed indecent child abuse images on the dark web as he found it “exciting”, a court heard.

Matthew Norman, of Station Road, was found to have dozens of indecent images on his computer after his home was searched by police.

Norwich Magistrates' Court heard that the 30-year-old repeatedly visited a particular site on the dark web up to four times a day for a year.

Despite this, Norman told police he did not have a sexual interest in children and was instead visiting the site as he found the danger of it “exciting”.

Prosecutor Josephine Jones told the court on Friday (April 26) that police searched Norman's home after his IP address was found to have accessed the dark web.

The dark web is a collection of websites on an encrypted network and cannot be found by using traditional search engines or browsers.

Miss Jones said when officers examined his computer they found 50 indecent images, including 13 'category A' photographs.

Norman provided police with passwords to his computer and initially said when he came across such images online he would stop and close the website.

Miss Jones said: “When asked why he repeatedly returned to the website, he said he did so because of the shock factor knowing it was illegal or wrong. He said he was excited by the danger of being on the website.

“He denied downloading images and denied having a sexual interest in children.”

The court heard how Norman also accessed chat rooms on the dark web where there were conversations around child abuse.

Norman pleaded guilty to making 13 indecent categories A images of a child, 10 category B images of a child and 27 category C images of a child.

All of the offenses were said to have occurred on or before January 5, 2017.

The court heard how Norman, who is married, had no previous convictions or cautions.

Orla Daly, mitigating, asked magistrates for a pre-sentence report.

Norman will return to Norwich Magistrates' Court for sentencing on May 30.

He must not have any unsupervised contact with any child under the age of 16 unless permission is granted by a parent or guardian.


Categorized in Deep Web

[This article is originally published in digitaljournal.com - Uploaded by AIRS Member: Jason bourne]

“ONIONLANDSEARCHENGINE.COM“

People know only one name Google, a search engine by default setting on everyone PC's and works just like water for all. But now a new deep search engine with new specifications. OnionLand Search Engine launched a new search engine i.e.; onionlandsearchengine.com. It is not merely provided deep web information but Anonymity for every user.

OnionLand Search Engine introducing and expanding this new search engine with excellent key features; good results and high-quality access to the information that people actually require with one click. There is a vast section of the Internet which is hidden and not accessible through regular search engines and web browsers. This part of the Internet is known as the Deep Web, and it is about 500 times the size of the Web that we know and everyone can have access to all this information without been tracked, maintaining total anonymity.

Search engines like Google are incredibly powerful, but they can't crawl and index the vast amount of data that is not hyperlinked or accessed via public DNS services. However, there are Deep Web Search Engines that crawl over the TOR network and bring the same result to your regular browser. But, what if, you can still be able to dig the Darknet contents with your regular browsers, without the need of TOR?

OnionLand Search Engine is bringing a big change in human's life because of its Deep Web and Anonymity that you may not be able to find in a giant search engine like Google. OnionLand is introducing and marketing onionlandsearchengine.com with highly effective strategies and trying to make it default search engine by replacing Google and it seems very effective as onionlandsearchengine.com is really changing the lives of people by giving them suggestion options.

Categorized in Deep Web

[This article is originally published in infoworld.com written by Caroline Craig - Uploaded by AIRS Member: Carol R. Venuti]

The government agency that brought us the Internet has now developed a powerful new search engine that is shedding light on the contents of the so-called deep Web

The Defense Advanced Research Projects Agency (DARPA) began work on the Memex Deep Web Search Engine a year ago, and this week unveiled its tools to Scientific American and "60 Minutes." 

Memex, which is being developed by 17 different contractor teams, aims to build a better map of Internet content and uncover patterns in online data that could help law enforcement officers and others. While early trials have focused on mapping the movements of human traffickers, the technology could one day be applied to investigative efforts such as counterterrorism, missing persons, disease response, and disaster relief.

Dan Kaufman, director of the information innovation office at DARPA, says Memex is all about making the unseen seen. "The Internet is much, much bigger than people think," DARPA program manager Chris White told "60 Minutes." "By some estimates, Google, Microsoft Bing, and Yahoo only give us access to around 5 percent of the content on the Web."

Google and Bing produce results based on popularity and ranking, but Memex searches content typically ignored by commercial search engines, such as unstructured data, unlinked content, temporary pages that are removed before commercial search engines can crawl them, and chat forums. Regular search engines ignore this deep Web data because Web advertisers -- where browser companies make their money -- have no interest in it.

Memex also automates the mechanism of crawling the dark, or anonymous, Web where criminals conduct business. These hidden services pages, accessible only through the TOR anonymizing browser, typically operate under the radar of law enforcement selling illicit drugs and other contraband. Where it was once thought that dark Web activity consisted of 1,000 or so pages, White told Scientific American that there could be between 30,000 and 40,000 dark Web pages.

Until now it was hard to look at these sites in any systemic way. But Memex -- which Manhattan DA Cyrus Vance Jr. calls "Google search on steroids" -- not only indexes their content but analyzes it to uncover hidden relationships that could be useful to law enforcement.

DARPA's search tools were introduced to select law enforcement agencies last year, including Manhattan's new Human Trafficking Response Unit. Memex is now used in every human trafficking case it pursues and has played a role in generating at least 20 sex trafficking investigations. The supercharged Web crawler can identify relationships among different pieces of data and produces data maps that help investigators detect patterns.

In a demo for "60 Minutes," White showed how Memex is able to track the movement of traffickers based on data related to online advertisements for sex. "Sometimes it's a function of IP address, but sometimes it's a function of a phone number or address in the ad or the geolocation of a device that posted the ad," White said. "There are sometimes other artifacts that contribute to location."

White emphasized that Memex does not resort to hacking in order to retrieve information. "If something is password protected, it is not public content and Memex does not search it," he told Scientific American. "We didn't want to cloud this work unnecessarily by dragging in the specter of snooping and surveillance" -- a touchy subject after Edward Snowden's NSA revelations.

Memex got its name (a combination of "memory" and "index") and inspiration from a hypothetical device described by Vannevar Bush in 1945 that presaged the invention of PCs, the Internet, and other major IT advances of the next 70 years. Now DARPA and Memex seem set to bring us one step closer to Philip Dick's futuristic police department depicted in "Minority Report."

A new round of testing, set to begin in a few weeks, will include federal and district prosecutors, regional and national law enforcement, and multiple NGOs. According to the Scientific American report, it aims to "test new image search capabilities that can analyze photos even when portions that might aid investigators -- including traffickers' faces or a television screen in the background -- are obfuscated."

By inventing better ways of interacting with and presenting information gathered from a larger pool of sources, "we want to improve search for everybody. Ease of use for non-programmers is essential," White said.

Categorized in Deep Web

[This article is originally published in gizmodo.com written by David Nield  - Uploaded by AIRS Member: Corey Parker]

The deep web and its inner recess, the dark web—those less well-trodden parts of the internet beyond the reach of Google and Bing—are not for the faint-hearted or untrained. With the right tools, however, there’s little to fear and plenty to discover. Here’s how you can start exploring the deep web without having to worry about your digital well-being.

There are a few ways to approach this, but we’re going to focus on one of the most straightforward and secure for simplicity’s sake. We’re going to be using Tails OS, a bootable operating system that includes everything you need to get down to those hidden parts of the web.

If you’re still unclear about what the deep web is, it’s any part of the internet that’s not indexed by search engines—anywhere you can’t get from just clicking links. A large part of the deep web is made up of onion sites (like the infamous Silk Road), which use a special top-level domain only reachable by a special browser called Tor. Technically, the dark web is a more illicit subsection of the deep web, though the terms are often confused.

For the curious or privacy-conscious internet explorer, it’s worth checking out to see what lies beyond the internet we interact with on a day to day basis. But please note: you should be extra careful when clicking links on the deep web as some can lead to illegal sites. Browse at your own risk

Downloading and installing Tails

Downloading and installing Tails

Fortunately Tails has an installation wizard that guides you step-by-step through the process of setting up the software—if you want to create a bootable USB copy of Tails (which we do) then you need a Windows machine and two 4GB+ USB sticks (the first is for an “intermediary” version of the OS).

You’re also going to require Firefox, the Tor Browser or a BitTorrent client in order to verify the initial download and confirm it is what it says it is. On top of that, you need a Universal USB Installer utility, which the installation wizard directs you to, which will take care of creating the first USB stick using your downloaded Tails ISO.

Setup and installing Tails

After that’s done, boot from this newly created drive to configure the second one. This official guide takes you carefully through the process. Use the Install by cloning option in the Tails Installer to create your second USB stick, which includes some security enhancements and extras not built into the first one.

Finally, remove the first USB stick, keep the second in place, and boot from it. You’re now ready to start venturing out into the deep web. If you run into trouble (and we hit one or two obstacles along the way), then a general web search for your issue or the official Tails support portal should get you moving again.

Browsing the deep web

Browse the deep web

The Tor Browser is your gateway into the dark web—you can actually use it on Mac and Windows too, but Tails OS adds an extra few layers of security and comes with Tor included. The browser is based on Firefox, so you shouldn’t have many problems finding your way around, and will open the Tails OS homepage by default.

As you might expect, browsing the deep web isn’t quite as simple as clicking on a few links or searching Google. The best way in is through ‘hidden’ wikis like this one (note you won’t be able to click through on any onion links without the Tor browser) and various others you can find via Reddit or with some clever web searching on sites like DuckDuckGo.

OnionDir Browser

Of course the whole point of the deep web is that casual internet users can’t simply fire up Google or read a guide like this to get started easily—so finding working, up-to-date links and directories can take some time. Forums, plenty of patience, and occasionally the Torch search engine are your best bets for finding a way into new communities.

The deep web has a reputation for shady activity, but it’s also a place for whistleblowing, bitcoin exchanges, and political discussion away from the glare of the public internet. It’s changed a lot in recent years as security agencies have become more aware of its presence, and it will continue to evolve in the future.

Categorized in Deep Web

[This article is originally published in csoonline.com written by Darren Guccione - Uploaded by AIRS Member: Carol R. Venuti]

The dark web is part of the internet that isn't visible to search engines and requires the use of an anonymizing browser called Tor to be accessed.

Dark web definition

The dark web is a part of the internet that isn't indexed by search engines. You've no doubt heard talk of the “dark web” as a hotbed of criminal activity — and it is. Researchers Daniel Moore and Thomas Rid of King's College in London classified the contents of 2,723 live dark web sites over a five-week period a couple of years ago and found that 57 percent host illicit material. 

You can buy credit card numbers, all manner of drugs, guns, counterfeit money, stolen subscription credentials, hacked Netflix accounts and software that helps you break into other people’s computers. Buy login credentials to a $50,000 Bank of America account for $500. Get $3,000 in counterfeit $20 bills for $600. Buy seven prepaid debit cards, each with a $2,500 balance, for $500 (express shipping included). A “lifetime” Netflix premium account goes for $6. You can hire hackers to attack computers for you. You can buy usernames and passwords.

But not everything is illegal, the dark web also has a legitimate side. For example, you can join a chess club or BlackBook, a social network described as the “the Facebook of Tor.”

Note: This post contains links to dark web sites that can only be accessed with the Tor browser, which can be downloaded for free at https://www.torproject.org.   

Dark web browser

All of this activity, this vision of a bustling marketplace, might make you think that navigating the dark web is easy. It isn’t. The place is as messy and chaotic as you would expect when everyone is anonymous, and a substantial minority are out to scam others. 

Accessing the dark web requires the use of an anonymizing browser called Tor. The Tor browser routes your web page requests through a series of proxy servers operated by thousands of volunteers around the globe, rendering your IP address unidentifiable and untraceable. Tor works like magic, but the result is an experience that’s like the dark web itself: unpredictable, unreliable and maddeningly slow.

Dark web search engines exist, but even the best are challenged to keep up with the constantly shifting landscape. The experience is reminiscent of searching the web in the late 1990s. Even one of the best search engines, called Grams, returns results that are repetitive and often irrelevant to the query. Link lists like The Hidden Wiki are another option, but even indices also return a frustrating number of timed-out connections and 404 errors.

Dark web sites

Dark web sites look pretty much like any other site, but there are important differences. One is the naming structure. Instead of ending in .com or .co, dark web sites end in .onion. That’s “a special-use top level domain suffix designating an anonymous hidden service reachable via the Tor network,” according to Wikipedia. Browsers with the appropriate proxy can reach these sites, but others can’t.

Dark web sites also use a scrambled naming structure that creates URLs that are often impossible to remember. For example, a popular commerce site called Dream Market goes by the unintelligible address of “eajwlvm3z2lcca76.onion.”

Many dark websites are set up by scammers, who constantly move around to avoid the wrath of their victims. Even commerce sites that may have existed for a year or more can suddenly disappear if the owners decide to cash in and flee with the escrow money they’re holding on behalf of customers.

Law enforcement officials are getting better at finding and prosecuting owners of sites that sell illicit goods and services. In the summer of 2017, a team of cybercops from three countries successfully shut down AlphaBay, the dark web’s largest source of contraband, sending shudders throughout the network. But many merchants simply migrated elsewhere.

The anonymous nature of the Tor network also makes it especially vulnerable to distributed denial of service attacks (DDoS), said Patrick Tiquet, Director of Security & Architecture at Keeper Security, and the company’s resident expert on the topic. “Sites are constantly changing addresses to avoid DDoS, which makes for a very dynamic environment,” he said. As a result, “The quality of search varies widely, and a lot of material is outdated.”

Commerce on the dark web

The dark web has flourished thanks to bitcoin, the crypto-currency that enables two parties to conduct a trusted transaction without knowing each other’s identity. “Bitcoin has been a major factor in the growth of the dark web, and the dark web has been a big factor in the growth of bitcoin,” says Tiquet.

Nearly all dark web commerce sites conduct transactions in bitcoin or some variant, but that doesn’t mean it’s safe to do business there. The inherent anonymity of the place attracts scammers and thieves, but what do you expect when buying guns or drugs is your objective?

Dark web commerce sites have the same features as any e-retail operation, including ratings/reviews, shopping carts, and forums, but there are important differences. One is quality control. When both buyers and sellers are anonymous, the credibility of any rating system is dubious. Ratings are easily manipulated, and even sellers with long track records have been known to suddenly disappear with their customers’ crypto-coins, only to set up shop later under a different alias.

Most e-commerce providers offer some kind of escrow service that keeps customer funds on hold until the product has been delivered. However, in the event of a dispute don’t expect service with a smile. It’s pretty much up to the buyer and the seller to duke it out. Every communication is encrypted, so even the simplest transaction requires a PGP key.

Even completing a transaction is no guarantee that the goods will arrive. Many need to cross international borders, and customs officials are cracking down on suspicious packages. The dark web news site Deep.Dot.Web teems with stories of buyers who have been arrested or jailed for attempted purchases.

Is the dark web illegal?

We don’t want to leave you with the impression that everything on the dark web is nefarious or illegal. The Tor network began as an anonymous communications channel, and it still serves a valuable purpose in helping people communicate in environments that are hostile to free speech. “A lot of people use it in countries where there’s eavesdropping or where internet access is criminalized,” Tiquet said.

If you want to learn all about privacy protection or cryptocurrency, the dark web has plenty to offer. There are a variety of private and encrypted email services, instructions for installing an anonymous operating system and advanced tips for the privacy-conscious.

There’s also material that you wouldn’t be surprised to find on the public web, such as links to full-text editions of hard-to-find books, collections of political news from mainstream websites and a guide to the steam tunnels under the Virginia Tech campus. You can conduct discussions about current events anonymously on Intel Exchange. There are several whistleblower sites, including a dark web version of Wikileaks. Pirate Bay, a BitTorrent site that law enforcement officials have repeatedly shut down, is alive and well there. Even Facebook has a dark web presence.

“More and more legitimate web companies are starting to have presences there,” Tiquet said. “It shows that they’re aware, they’re cutting edge and in the know.”

There’s also plenty of practical value for some organizations. Law enforcement agencies keep an ear to the ground on the dark web looking for stolen data from recent security breaches that might lead to a trail to the perpetrators. Many mainstream media organizations monitor whistleblower sites looking for news.

Staying on top of the hacker underground

Keeper’s Patrick Tiquet checks in regularly because it’s important for him to be on top of what’s happening in the hacker underground. “I use the dark web for situational awareness, threat analysis and keeping an eye on what’s going on,” he said will. “I want to know what information is available and have an external lens into the digital assets that are being monetized – this gives us insight on what hackers are targeting.”

If you find your own information on the dark web, there’s precious little you can do about it, but at least you’ll know you’ve been compromised. Bottom line: If you can tolerate the lousy performance, unpredictable availability, and occasional shock factor of the dark web, it’s worth a visit. Just don’t buy anything there.

 

Categorized in Deep Web

[This article is originally published in news.bitcoin.com written by Kai Sedgwick - Uploaded by AIRS Member: Robert Hensonw]

In this latest edition of our periodic deep web series, we bring news of Tor 8 – the most feature-rich onion browser yet. We also take a first look at a clearnet web browser that trawls the darknet, and cover the fallout from the Alphabay shutdown, whose repercussions rumble on to this day.

Tor 8 Looks Great

The Tor Project has released its latest and greatest browser yet. Tor 8 is a slick looking beast compared to the Tor browsers of yore, partially thanks to its incorporation of Firefox Quantum, which allows for better page rendering and other subtle tweaks. With Tor 8, there’s a new welcome screen to guide first-time users through the process of connecting to the deep web, and there are additional security protections built in. A Tor Circuit button can now be used to switch servers at random, further obfuscating users’ connection route.

The Tor Project

The Tor Circuit button in action

Tor 8 comes with HTTPS Everywhere and Noscript, and it is recommended that users enable these add-ons, as they’re critical in maximizing anonymity while browsing the web. While the Tor browser is best known as a tool for navigating the dark web, it can also be deployed as a privacy-friendly clearnet browser which minimizes cookies and other web trackers. Finally, the new improved Tor makes it easier to circumvent firewalls in countries where internet censorship is rife. Its development team explains:

For users where Tor is blocked, we have previously offered a handful of bridges in the browser to bypass censorship. But to receive additional bridges, you had to send an email or visit a website, which posed a set of problems. To simplify how you request bridges, we now have a new bridge configuration flow when you when you launch Tor. Now all you have to do is solve a captcha in Tor Launcher, and you’ll get a bridge IP. We hope this simplification will allow more people to bypass censorship and browse the internet freely and privately.

Deep Web Gets a Clearnet Search Engine

Searching the deep web has traditionally been harder than with its clearnet counterpart. The absence of a darknet Google is arguably part of its appeal, making onion sites accessible only to those who know what they’re looking for. It was this barrier to entry that ensured sites like Silk Road were accessible solely to technically adept users in bitcoin’s early days. The deep web has opened up significantly since then, giving up its secrets, and in the same week that Tor released its most user-friendly browser yet, it’s perhaps fitting that a clearnet search engine for the deep web should launch. Onionlandsearchengine.com is a simple but effective tool for generating deep web search results without needing to first connect to the deep web.

Deep Web Gets a Clearnet Search Engine

Onionland deep web search engine

US Government Authorized to Seize Alphabay Suspect’s Assets

Long after deep web marketplaces have been shut down, the fallout continues to make its mark in US courtrooms. Silk Road, Hansa, and Alphabay’s legal wranglings periodically make the news, despite the years elapsed since the sites were first seized. As evidence of this, consider the ruling by a recent US magistrate judge granting the federal government permission to seize and sell millions of dollars worth of assets associated with Alexandre Cazes. The reputed Alphabay ringleader had $8 million of assets on his driveway alone at the time of this arrest in a string of high performance sports cars. Including cryptocurrencies, his total net worth was eventually calculated at $23 million.

US Government Authorized to Seize Alphabay Suspects Assets

The US government’s application for Alphabay asset seizure

Among the showier items in Cazes’ collection was a Lamborghini Aventador LP700-4 worth almost $1 million with a license plate that read “Tor”. The late Alphabay boss certainly wasn’t subtle, but for all his sins, it is hard not to feel sorry for the 25-year-old who wound up dead in a Bangkok cell from suicide, another needless victim of the war on drugs.

Categorized in Deep Web

[This article is originally published in howtogeek.com written by CHRIS HOFFMAN - Uploaded by AIRS Member: Olivia Russell]

Experian and many other companies are pushing “dark web scans.” They promise to search the dark web for your personal information to see if criminals are selling it. Don’t waste your money.

What is the Dark Web?

The “dark web” consists of hidden websites that you can’t access without special software. These websites won’t appear when you use Google or another search engine, and you can’t even access them unless you go out of your way to use the appropriate tools.

For example, the Tor software can be used for anonymous browsing of the normal web, but it also hides special sites known as “.onion sites” or “Tor hidden services.” These websites use Tor to cloak their location, and you only access them through the Tor network.

 What is the Dark Web

There are legitimate uses for Tor hidden services. For example, Facebook offers a Tor .onion site at facebookcorewwwi.onion, which you can only access while connected to Tor. This allows people in countries where Facebook is blocked to access Facebook. The DuckDuckGo search engine is available at a Tor hidden service address, too. This could also help evade government censorship.

But the dark web is also used for criminal activities. If you’re going to sell databases of people’s credit card and social security numbers online, you want to hide your location so the authorities won’t swoop in. That’s why criminals often sell this data on the dark web. It’s the same reason why the infamous Silk Road website, an online black market for drugs and other illicit things, was only available through Tor.

They’re Not Scanning the Entire Dark Web

Let’s get one thing straight: These services are not scanning the entire dark web for your data. That’s just impossible.

There are 1,208,925,819,614,629,174,706,176 possible site addresses on the dark web, and that’s just counting Tor .onion sites. It wouldn’t be possible to check each one to see if they’re online and then also look for your data on them.

Even if these services were scanning the entirety of the public dark web—which they’re not—they wouldn’t be able to see the exclusive stuff anyway. That would be exchanged privately and not made public.

What Does a “Dark Web Scan” Do, Then?

No company that offers a “dark web scan” will tell you what they do, but we can certainly make an informed guess. These companies are gathering data dumps made public on popular websites on the dark web.

When we say “data dumps,” we’re referring to big databases of usernames and passwords—as well as other personal information, like social security numbers and credit card details—that are stolen from compromised websites and released online.

Rather than scanning the dark web, they’re scanning lists of leaked passwords and personal information—which, admittedly, are often found on the dark web. They’ll then inform you if your personal information is found on one of the lists they could get their hands on.

However, even if a dark web scan says you’re fine, you might not be—they’re only searching the publicly available leaks to which they have access. They can’t scan everything out there.

How to Monitor Data Breaches for Free

How to Monitor Data Breaches for Free

Behind all the “dark web scan” hype, there’s a somewhat useful service here. But, guess what: You can already do much of this for free.

Troy Hunt’s Have I Been Pwned? will tell you whether your email address or password appears in one of 322 (and counting) data dumps from websites. You can also have it notify you when your email address appears in a new data dump.

This service doesn’t scan to see if your social security number is included in any of these leaks, as dark web scans promise to do. But, if you’re just looking to see if your credentials have leaked, it’s a useful service.

As always, it’s a good idea to use unique passwords everywhere. That way, even if your email address and password from one website appear in a leak, criminals can’t just try that combination on other websites to gain access to your accounts. A password manager can remember all those unique passwords for you.

Face the Facts: Your Data Is Already Stolen

You might still be thinking a dark web scan could be useful. After all, it tells you whether your social security number appears in any data dumps. That’s useful, right?

Well, not necessarily. Look, you should probably assume that your social security number has already been compromised and criminals can access it if they like. That’s the harsh truth.

Huge breaches have been coming hard and fast. Equifax leaked 145.5 million social security numbers. Anthem leaked the information of 78.8 million people, including social security numbers. The United States Office of Personnel Management (OPM) leaked sensitive information on 21.5 million people, too—again, including social security numbers.

Those are just a few examples. There have been many other leaks over the years—a few million here, a few hundred thousand there. And that’s just the data breaches that have been publicly reported. Statistically speaking, most Americans have probably had their social security numbers leaked in at least one of these data breaches by now. The genie is out of the bottle.

Freeze Your Credit; It’s Free Now

Freeze Your Credit Its Free Now

If you’re concerned about someone abusing your social security number, we recommend freezing your credit reports. Credit freezes (and unfreezes) are now free across the entire USA.

When you freeze your credit, you’re preventing people from opening new credit in your name. Any lending institution won’t be able to pull your credit until you unfreeze it or provide a PIN. You can temporarily unfreeze your credit when you want to apply for credit—for example, when you’re applying for a credit card, car loan, or mortgage. But a criminal shouldn’t be able to apply for credit with your personal information if your credit reports are frozen.

We recommend just freezing your credit reports and skipping the dark web scan. Unlike a dark web scan, credit freezes are free. They also do something—even if your social security number is found in a dark web scan, all you can do is freeze your credit anyway. And criminals might get their hands on your social security number even if it doesn’t appear in a dark web scan.

Categorized in Deep Web

[This article is originally published in phys.org written by Frédéric Garlan - Uploaded by AIRS Member: Deborah Tannen] 

For years criminal websites shrouded in secrecy have thrived beyond the reach of traditional search engines, but a group of French engineers has found a way to navigate this dark web—a tool they don't want to fall into the wrong hands.

"We insist on this ability to say 'no'," Nicolas Hernandez, co-founder and CEO of Aleph Networks, says at the company's offices near Lyon, in the heart of France's Beaujolais wine country.

He said Aleph refused 30 to 40 percent of licensing requests for its "Google of the dark web," based on reviews by its ethics committee and input from its government clients.

Most web users never venture beyond the bounds of sites easily found and accessed with casual web surfing.

But people and sites seeking anonymity can hide behind layers of secrecy using easily available software like Tor or I2P.

These sites can't be found by searching: instead, users have to type in the exact URL string of often random characters.

In an authoritarian regime, a protest movement could use the secrecy to organize itself or connect with the outside world without fear of discovery.

But the dark web is also ideal for drug and weapon sales, people-smuggling and encrypted chat-room communications by terrorists.

When Aleph's co-founder Celine Haeri uses her software to search for "Glock", the Austrian pistol maker, several sites offering covert gun sales instantly pop up.

A search for Caesium 137, a radioactive element that could be used to create a "dirty" nuclear bomb, reveals 87 dark web sites, while another page explains how to make explosives or a homemade bazooka.

Arms smugglers find the dark web particularly useful

Arms smugglers find the dark web particularly useful

"Some even advertise the stars they've gotten for customer satisfaction," Hernandez said.

Uncharted territory

Over the past five years, Aleph has indexed 1.4 billion links and 450 million documents across some 140,000 dark web sites.

As of December, its software had also found 3.9 million stolen credit card numbers.

"Without a search engine, you can't have a comprehensive view" of all the hidden sites, Hernandez said.

He and a childhood friend began their adventure by putting their hacking skills to work for free-speech advocates or anti-child abuse campaigners while holding down day jobs as IT engineers.

Haeri, at the time a teacher, asked for their help in merging blogs by her colleagues opposed to a government reform of the education system.

The result became the basis of their mass data collection and indexing software, and the three created Aleph in 2012.

They initially raised 200,000 euros ($228,000) but had several close calls with bankruptcy before finding a keen client in the French military's weapon and technology procurement agency.

"They asked us for a demonstration two days after the Charlie Hebdo attack," Hernandez said, referring to the 2015 massacre of 12 people at the satirical magazine's Paris offices, later claimed by a branch of Al-Qaeda.

Terror atttacks in 2015 focused French authorities minds on the dark net

Terror attacks in 2015 focused French authorities' minds on the darknet

"They were particularly receptive to our pitch which basically said if you don't know the territory—which is the case with the dark web—you can't gain mastery of it," Haeri added.

Ethical risks

The ability to covertly navigate the dark web is a holy grail for security services trying to crack down on illicit trafficking and prevent terror attacks.

The US government's Defense Advanced Research Projects Agency (DARPA) has been working on a similar project, called Memex, for years.

Aleph plans to soon add artificial intelligence capabilities to its software, which would recognize images such as Kalashnikov rifles or child abuse victims, or alert businesses to potential copyright infringement.

Its revenues are expected to reach around 660,000 euros this year, a figure it hopes to double in 2019.

That has attracted the attention of investors as Aleph steps up efforts to add more private-sector buyers to its roster of government clients.

But as more people and businesses start using Aleph's search engine, the risk increases that criminal organizations or hostile governments will eventually gain access.

The challenge will be to grow while setting out clear guidelines for handling the thorny ethical questions.

But Hernandez insisted he would remain vigilant, comparing his role to that of the "Protectors of the City" in ancient Greek democracies.

Categorized in Deep Web
Page 1 of 13

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.
Please wait

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Subscribe to Our Newsletter

Receive Great tips via email, enter your email to Subscribe.
Please wait

Follow Us on Social Media