The Internet has revolutionized the ways of sharing and exchange of data worldwide, by enabling people and businesses to access useful information regardless of time and their location. Likewise, it has also simplified data gathering and access to knowledge assets, by making a mine of information available to any user having access to a simple internet connection. However, this easy and free flow of data comes at a privacy cost, since it makes it relatively easy for both governments and corporations to collect and transfer sensitive information about people, businesses and other organizations. Despite privacy rules and regulations, government agencies are always privileged in accessing and processing internet information. Likewise, an increasing number of enterprises are mining internet data in order to boost their customer facing processes such as sales, marketing and retail processes. The more intelligent these processing mechanisms are, the higher is the likelihood of compromising other citizens’ privacy.
In this landscape, the “dark” potion of the web (conveniently called “dark web”) comes to the foreground. Dark web refers to that portion of the internet content which can be browsed based on special software that enforces specific access authorizations. Dark web content is provided over “darknets”, which are overlay networks that are formed on top of internet nodes. Note that the dark web is part of the deep web i.e. the portion of the web that is not indexed by search engines like Google and hence not easily discoverable. However, the deep web has a wider scope that the dark web.
The dark web is intentionally hidden and inaccessible through standard Web browsers. As a result, dark web sites offer anonymity, protect their users from unauthorized use and provide encryption features that prevent monitoring. In these ways, they enable their users to exchange privacy sensitive information (e.g., personal data), in a way that does not allow their scrutiny by conventional internet tools.
Understanding Dark Web Browsing
Dark web technologies can be used to build small scale peer-to-peer networks that enable private information exchange among small or medium groups of users. However, they also enable larger scale darknets, which are operated either by public organizations or by individuals. Dark web networks are different from the public internet in two main ways:
- Information routing: Information routing in darknets is radically different from normal browsing. During normal browsing, information travels from servers to clients (i.e. browsers) in the form of internet packets. On the contrary, dark web browsing does not establish a direct link between client and server. Rather a path through a random selection of nodes is followed, prior to ending up delivering the packets to the target client or server. This makes it much more difficult to monitor the flow of information across a dark web network.
- Packet Construction: Internet packets include standard control information comprising the sender’s IP address and destination, the network ports of the applications that exchange the packets, the application protocol and more, as specified in the popular IP (Internet Protocol). This is not the case with dark web traffic, where packets are encrypted and wrapped within many successive layers. This wrapping makes it also very difficult to eavesdrop network traffic, but also to interpret the packets captured through sniffing.
Furthermore dark web pages are either concealed to hide in plain sight or reside in a separate public layer of the standard internet. Typical examples of such web pages and their elements include:
- Web pages, which have no inbound links and therefore cannot be found by users or search engines.
- Search boxes that will reveal a web page or answer only when a special keyword is searched.
- Sub-domain names that are never linked to (e.g.., “internal.brightplanet.com”).
- Pages with special HTTP headers that show a different version of a web page.
- Pages with images that are published but never actually referenced.
Dark web browsing is typically anonymous and difficult to be track as a result of the use of layered and encrypted systems. Moreover, such browsing is done using special browsers, such as the Tor Browser for Tor sites, which are also coined “Onion Sites” as they are identified by the “.onion” domain. Likewise, special search engines for Tor networks have also emerged, such as the OnionLink engine.
Platforms and Tools for the Dark Web
Some of the most prominent dark web platforms include Tor, Freenet and I2P. In particular:
- TOR (The Onion Project) is the most followed darknet. It is hidden within the public web and comprises an entire network of different content items that can only be accessed by using the TOR network. TOR provides tools to set up hidden services, including websites, which are anonymous within TOR and inaccessible from the outside. As already outlined, the TOR community has developed a browser, which enables one to visit sites without disclosing his/her identifying information.
- The Invisible Internet Project (I2P) is a scalable, self-organizing, resilient packet switched anonymous network layer, upon which any number of different anonymity or security conscious applications can operate. Communications within the I2P network are based on the establishment of tunnels across a selected list of routers. The communication within a tunnel is unidirectional, which makes it impossible to send back data without establishing a second tunnel. Furthermore, all communications are encrypted end-to-end, and protect senders & recipients from revealing their IP address.
- Freenet is a free software which lets you anonymously share files, browse and publish ‘freesites’ (i.e. web sites accessible only through Freenet) and chat on forums without fear of censorship. Freenet is decentralized and hence less vulnerable to attacks. Every Freenet node communicates with other nodes via a protocol called Freenet Network Protocol (FNP). Users contribute to the network by giving bandwidth and a portion of their hard drive for storing files. Files are encrypted and therefore users cannot easily discover what is in their data store, and cannot be held accountable for it. Chat forums, websites, and search functionalities, are all provided on top of this distributed data store.
Illegal Uses of the Invisible Web
The Dark Web provides personal freedom and privacy, which alleviates some of the security and privacy contraints of the internet. However, it also provides some compelling advantages for cyber-criminals, who want to perform illegal activities on-line. For instance, dark web’s anonymity enables cyber-criminals to commit tasks that are against-law.
As a prominent example, the TOR network has been abused many times by cyber-criminals. In particular, law enforcement agencies in various countries have reported use of TOR for:
- Selling weapons.
- Unauthorized leaks of sensitive information.
- Hosting child pornography content.
- Money laundering.
- Credit card fraud and identity theft.
- Online exchange of terroristic information (e.g., during the Paris attacks in November 2015).
In several cases, the abuse of the TOR network has been based on configuration vulnerabilities of the TOR infrastructure such as unmasking of TOR users and communication channel defects. Fortunately, in all cases, the TOR community managed to fix these problems very promptly.
Dark web opens a whole new range of opportunities for privacy sensitive information exchange. At the same time, it also facilitates cyber-crime as is evident from a large number of darknets driven criminal incidents worldwide. Finding the subtle balance between boosting citizen’s freedom and preventing potential abuse of darknets is certainly a challenging task. The right use of dark net will provide exciting opportunities not only for research and experimentation, but also for the development of innovative projects and services.