Dark Web: the Good, the Bad and the Ugly

Even though the dark web is often associated with ‘the bad’, it also contains ‘the good’ – and ‘the ugly’. What makes the dark web particularly resilient?

Each day, over 3.5 billion queries are entered into Google’s search engine. Add billions of posts on social media per day, and it becomes clear that the most dominant way we access online content is through search engines and shared links. The ‘surface web’ that we use every day, however, is estimated to be less than a thousandth of the entire web! The rest is in the ‘deep web’: invisible content not indexed by search engines. It contains databases, password-protected websites, intranets, academic journals, and archives, some of it being accessible through specific applications or with credentials.

One tiny portion of the deep web belongs to the ‘dark web’ – a space without centralised structure and with non-indexed and very volatile content that is accessible only with special browsers. Even though the dark web is often associated with ‘the bad’, it also contains ‘the good’ – and the ‘ugly’! On its good side, the dark web enables the communication of human rights activists and whistle-blowers around the world (it has facilitated freedom of expression in Iran and Egypt, and it has been used by Wikileaks and Edward Snowden, as well as by journalists and even officials). But the dark web also hosts markets of illegal goods (such as counterfeit products, drugs, and IDs) and financial crime services (such as money laundering and bank frauds). There is an ugly side to it as well: markets offering paedophilia content, hitman services, conventional and chemical weapons purchase, and illegal medical research.

A particularly flourishing offer is of personal information and online credentials (passwords, emails, IDs) and cyber-weapons (exploits, malware kits, and botnets). Each day, the headlines feature such updates, like the recent ones about 32 million Twitter passwords or the new Windows zero-day flaws – all for sale. The abundance of hacked information and exploits enables the emergence of cheaper and simpler to use, yet more sophisticated malware (such as trojans or ransomware) and social engineering techniques (such as phishing and spear-phishing), and even cyber-attack services (distributed denial-of-service or DDoS attacks, hacking and defacement, spam and malware distribution) – with customer support. For instance, one can rent a smaller botnet for about €100, or a DDoS attack for less than €50 per day; no specific skills are required except for how to find such offers online. Available, affordable, ready-made and simple-to-use offers, combined with the low risk of prosecution due to anonymity, in turn invite for greater interest by various individuals and groups to purchase tools and hire services online.

What makes the dark web, including its bad and its ugly parts, particularly resilient is the anonymising dark net tools that allow strong encryption and decentralisation. The most notable are the anonymous peer-to-peer open software networks, Tor (The onion routing) and I2P (Invisible Internet Project), developed to protect personal privacy and freedoms by encrypting and distributing communications, thus preventing traffic analysis and surveillance. While they provide security and even save the lives of activists and journalists working in politically unstable parts of the world, they also provide the ability to hide criminal activities. In addition, crypto-currencies like BitCoin (a decentralised peer-to-peer electronic system of payment), which have great potential for global markets, at the same time enable criminals to transfer money while avoiding the centralised banking system. Each step in a regular crime market between a seller and a buyer (communications and transactions, trust, payment and money flow, and logistics) can be anonymised, which makes it a hard task for law enforcement agencies (LEA) to combat dark markets.

The relatively low risk of conducting criminal operations online encourages the emergence of new dark market platforms. Nevertheless, investigation units, especially the FBI, are building their skills to infiltrate cybercriminal networks, and to make use of the Tor network, in order to mitigate the anonymization and identify the physical locations of dark market servers and the key individuals operating them. In recent years, the take-down of major illegal drug markets such as Silk Road 1 and Silk Road 2, Evolution, and Agora – and the arrest of some of their key operators – have shown that the operational cooperation of law enforcement agencies (such as in case of the operation Shrouded Horizon) can bring results, yet it still faces many obstacles across jurisdictions. A harmonisation of national legal environments, such as that based on the Budapest Convention of the Council of Europe, and investment in capacities and human resources of LEA, can increase the efficiency of taking down the dark markets and help preserve ‘the good’ of the dark web.

To learn and discuss more about cybersecurity and cybercrime policy, mechanisms, and international cooperation, join Diplo’s online course on cybersecurity this October.

Follow @vradunovic