The anonymous chat rooms and communication services on the dark web have made it an ideal platform for planning and coordinating dangerous criminal and terrorist activities. Greater international cooperation and steps like automatic deletion of personal data after a stipulated time period by mobile applications which collect account information for digital wallets, for instance, could increase the efficiency of cyber systems and prevent repeated incidents of data breaches.
By Debopama Bhattacharya
The World Wide Web (WWW) hosts the enormous connection of web pages on the network of computers connected through the internet. The WWW, or simply the web, consists of the ‘surface’ web and the ‘deep’ web. The surface web is that portion which can be accessed by the ordinary internet users using standard search engines like Google, Yahoo, etc. But it can retrieve only an approximate 4 percent of the search results, while the majority of the results are hidden.
The other portion, known as the deep web, constitutes 96 percent of the web. The password-protected or paywall-protected websites, including online banking services, for instance, are considered a part of the deep web. Such websites hold the information relating to accounts of millions of individuals that is not accessible to the entire web population. The content of personal databases like email accounts, social media accounts, scientific and academic databases, legal documents, etc. that are accessible to only a closed group also form part of the deep web.
Within the deep web, there are some parts which are completely concealed, and are accessible by using specific software browsers, like Tor. These parts form the ‘dark’ web, also known as the invisible or the hidden web. The browser software used to access the dark web offer anonymising and encrypting facilities to the users so as to intentionally hide their browsing patterns, location and actual identitie.
The dark web has turned into a hot bed of illegal transactions, posing a threat to the cyberspace across multiple dimensions. Since anonymisers on the dark web make it difficult to track web patterns such as browsing history, location, etc., they are misused by criminals to hide their identities and carry out nefarious activities.
The infamous dark web market, ‘Silk Road’, was the first modern dark net market, best known as a platform for selling illegal drugs. This was taken down in 2013.1 Since then, users across the world have searched the online dark market to anonymously access weapons, credit card data, malware, Distributed Denial of Service (DDoS) and stolen data, among others.
Accessing the Dark Web
In order to access the dark web, specific browser software are needed. Software like the Onion Router (Tor) browser, FreeNet, Invisible Internet Project (I2P), TAILS (The Amnesic Incognito Live System), Whonix and many others have made it convenient to navigate the dark web. These software allow anonymity and confidentiality on the web by use of techniques like Proxy (an intermediate between sender and receiver for bypassing internet censorship), Tunneling/Virtual Private Networks (network providing inter-connectivity between various entities to provide secure communication), and by translating domain names to IP addresses in order to make it easier to access Internet resources.
The Tor software among these is the most popular with more than 2 million daily users.4 The Tor network (a number of computers running the server application) is different from the Tor browser (which is an application that enables users to access the internet by concealing their identity). Tor uses the onion routing method which is a layered technology that routes traffic through the established layers to conceal the identities of the users, thus making the Tor browser slower than any normal connection.
This technology was developed by the U.S. Naval Research lab in the 1990s to carry out secure intelligence communications. The lab released the code for Tor under a free license in 2004, following which the ‘Tor Project’, a non-profit organisation, was founded by computer scientists Roger Dingledine, Nick Mathewson and five others advocating right to free speech, privacy and anonymity.
Tor is also used for legitimate activities like secure and sensitive communications relating to medical ailments, helping law enforcement officials track down criminals, and in assisting cybersecurity professionals to conduct security testing on their own networks securely. It also provides access to social media websites in countries where they are banned. Using the Tor browser is not a criminal activity, although intelligence units keep a track of Tor downloads to predict any possible criminal activity.
Whistle blowers like Edward Snowden also reportedly used TAILS software browser in order to communicate with journalists and leak classified information on U.S. mass surveillance programs. Apart from Tor and similar software, dark web pages can also be accessed by using bridges such as Tor2web from a standard browser without downloading and installing the Tor software.
Exploitation of the Dark Web
Criminal and terrorist activities
The anonymous chat rooms and communication services on the dark web make it an ideal platform for planning and coordinating dangerous criminal and terrorist activities. Dark web, for instance, hosts hackers and hitmen for hire. In April 2021, an Italian man was arrested for allegedly hiring a hitman on the dark web to attack his ex-girlfriend by throwing acid on her and forcing her into a wheelchair. Europol issued a press release stating that the Italian national paid 10,000 Euros to hire the hitman from an “internet assassination website” hosted on a Tor network.
Earlier in 2020, a website called Azerbaijani Eagles offered commissioning of a murder for $5,000 providing options such as beating, death by torture, etc. Experts and law enforcers have stated that these websites are mostly scams but people hiring hitmen through such websites are real. A nurse from Illinois was sentenced to 12 years in prison after she spent $12,000 in Bitcoins on a dark web company to hire a hitman to get the wife of her boyfriend killed.
Terrorist organisations like the ISIS extensively used the dark web to carry out their nefarious activities like spreading propaganda, recruiting and radicalising, or raising funds more secretly. ISIS’s media outlet, Al-Hayat Media Center, posted a link on their forum explaining details of how to access their website on the dark web. It also shared the same message on their Telegram channel that had links to a Tor service with an “.onion” address.11
In March 2021, the World Health Organisation (WHO) warned people against the sale of counterfeit Covid-19 vaccines, particularly on the dark web. Fraud services like fake vaccines have the potential to exploit the huge unmet global demand for Covid-19 vaccines criminally. Therefore, the WHO urged people to only rely upon government-run vaccination programmes. Nefarious activities like money laundering, drug trafficking, terrorism financing, ransomware, cryptocurrencies on the dark web are all strongly linked to one another.
The biggest hurdle that law enforcement agencies and policymakers face with respect to regulation of the dark web is its encryption technique and anonymity. The environment of the dark web is completely anonymous, therefore making it difficult to attain sufficient information that could help combat cybercrimes and track criminals who exploit this space. As of now, there is no universal definition of cyber terrorism which makes it even more difficult for the intelligence agencies to decide the jurisdiction of the crime. The dangers of cyberspace are multi-dimensional and most of the threats are linked to one another.
Apart from the strong encryption techniques, most financial transactions on the dark web are performed in cryptocurrencies which provide further anonymity. The underlying technology of cryptocurrency, called the block chain, is essentially a digital ledger of transactions distributed across the network in which the blocks are cryptographically secured. It records information in a way that makes it difficult or impossible to modify or hack the system. The Darkside group of hackers responsible for the Colonial Pipeline ransomware attack, for instance, demanded ransomware amount of $5 million in cryptocurrency. The REvil ransomware gang that targeted IT firm Kaseya and hundreds of other businesses worldwide in early July 2021 had also demanded ransom to be paid in cryptocurrency bitcoin.
Bitcoin transactions have facilitated all kinds of illegitimate activities by cyber criminals and terrorists on the dark web. Use of cryptocurrencies for financing illegitimate activities on the dark web has made it extremely difficult for law enforcement agencies to follow the trail of money in order to gather evidence of a crime. Regulation of cryptocurrencies is possible only with respect to their legitimate use while a large portion of them can still be used for illegitimate purposes.
Monitoring cryptocurrency chain would require a well-defined categorisation of centralised and decentralised roles in financial transactions. Block chain, the underlying technology of cryptocurrencies, is still an emerging technology with a demand of more expertise in the field. Another challenge with respect to the dark web is that most dark web sites are active for a period of 200 days to a maximum period of 300 days. Some also last for a period of less than two months, making it even more tedious to track them.
The dark web is a complicated environment providing both benefits and disadvantages based on whether it is utilised or exploited by the user. Darknet helps to protect the right to freedom of information and online privacy of individuals and is therefore often used by journalists and other activists across the world to carry out communication in a safe and secure manner. At the same time, it is misused by miscreants giving rise to a series of crimes.
A nuanced approach, therefore, by the law enforcement agencies is required to both protect the benefits of this space as well as eliminate the illegal activities thriving in it. A close cooperation between public and private organisations can help in dealing with the new and emerging technological challenges of the dark web, by providing solutions such as new encrypting tools, etc. Law enforcement agencies should actively take the help of sophisticated technologies like artificial intelligence, machine learning, among others.
With respect to the repeated data breach incidents, a specified regulation on the amount of personal data collection by various companies and their automatic deletion after a stipulated time period could increase the efficiency of cyber systems and secure the data and prevent such incidents in the future to a large extent. The challenges of the trans-border nature of the dark web can be dealt by sharing intelligence data across different sectors, agencies and organisations. International co-operation in the form of multilateral exchanges through seminars, forums and joint capacity building exercises is highly beneficial in this regard.
This article first appeared in www.idsa.in and it belongs to them.