The Dark Net, Deep Web and The Real World
Services that rely on rogue TLDs or Name coins offer too high an adoption barrier to common users and very few advantages for average users to be considered publicly significant. But we’ve witnessed more and more usability improvements in systems like I2P and especially TOR that have slowly become viable solutions for everyone to go anonymous with hardly any setup requirements.
TOR applications with anonymous browsers integrated are readily available for all major desktop and mobile platforms, allowing everyone to go anonymous and to access hidden sites in just a few touches. For journalists and people requiring an even higher level of privacy, a fully tailored OS integrating TOR and anonymous browsers can be downloaded and installed on a USB key for use on any available machine.
In practice, traffic between two TOR nodes is not traceable, but that to and from entrance and exit TOR gateways are. If an organization operates enough TOR gateways, there is a possibility that traffic using the TOR network can be tracked. Using TOR in countries that don’t have enough budgets to operate a critical mass of gateway nodes can be considered safe. But in other countries with high intelligence service budgets like the United States or China, using TOR may not be as safe.
In addition, any anonym zing system is only as effective as its user. As advanced as an anonym zing system may be, even those like TOR and I2P only cover the transport layer of communication but remain powerless toward the content of communication. Simply put, no anonym zing system can hide a user who posts his/her home address and details in the open.
We can, therefore, list two major types of risk linked to anonymity in the Deep Web:
- Environmental vulnerabilities
- Social vulnerabilities
Environmental vulnerabilities refer to every possible flaw that can be linked to other software used together with TOR. For example, a notorious bug affecting the Adobe® Flash® version embedded in the browser that comes with a version of TOR once put the whole system in jeopardy since it was possible to exploit the bug to leak sensitive data despite the use of TOR.
Social vulnerabilities are related to user behavior and the precautions users may take other than simply using TOR. Dread Pirate Roberts who was recently convicted to life in prison due to his Deep Web marketplace was caught by the FBI due to his use of a private email address in a public forum. Correlating the identities of Deep Web users with their Surface Web alter egos is an interesting research field that involves disciplines like social network analysis and stylometry.
“If you go to the doctor and undergo surgery and you
wake up in your hospital room and violate all the
hygiene rules, you will die even if you have the best
surgeons, the best tools, the best hospital. Same thing
with anonymity, if you are behaving in an unwise
manner, even the best tool can’t protect you.”
Law Enforcement and The Deep Web
Law enforcement agencies already face several existing challenges when it comes to international crime on the Surface Web [23, 24]. With regard to the Deep Web, three additional aspects can make law enforcement even more problematic.
- Encryption: Everything in the Deep or Dark Web is encrypted. That means the criminals in it are much more aware about being trapped or monitored. Encryption is their very first countermeasure to evade detection.
- Attribution: It’s extremely difficult to determine attribution. Everything happens on .onion domains. Routing to these domains is also unclear.
- Fluctuation: The Deep Web is a very dynamic place. An online forum can be at a specific URL one day and gone the next. The naming and address schemes in the Deep Web often change. This means that the information we harvested two weeks ago is no longer relevant today. This has implications in proving crime. Considering the time frame in which criminal cases are tried, law enforcers must be able to rigorously document any criminal online activity via time-stamped screenshots in order to prevent cases from becoming invalid.
The Security Vendors’ Role
While a majority of normal Internet users will not find use for the Deep Web, security vendors must still be able to protect their customers from the cybercriminal activities happening in it. As we’ve shown in previous sections, malware are increasingly using TOR for stealth so security vendors must be able to create early detection means and countermeasures against these threats, as they will, sooner or later, find their way to victimize users on the Surface Web.
On the other hand, there are users who, for legitimate reasons, need to visit the Deep Web to avoid the social pain of buying prescription drugs for certain conditions, access recreational drugs that are illegal in certain geographical locations, freely discuss socially banned topics, or share information from repressive countries with journalists. In these cases, security vendors still have a responsibility to protect their customers. This is why Trend Micro and its Forward-Looking Threat Research Team continue to monitor these online territories.
“BEFORE YOU ACCESS THESE LINKS YOU SHOULD UNDERSTAND THAT SOME CONTENT PROVIDED ON THESE DEEP WEB LINKS MIGHT BE DISTURBING, UNPLEASANT OR FRAUDULENT. VISIT THEM AT YOUR OWN RISK. WE RECOMMEND TO USE THOSE DEEP WEB LINKS ONLY FOR RESEARCHING PURPOSES! WE ARE NOT RESPONSIBLE FOR ANY DAMAGE CAUSED BY YOUR ACTIONS.”