As the ubiquity of IT services now touches nearly every aspect of our lives, it’s no surprise that our use of the interconnected world is changing to more closely reflect the real world. The innocence of the Internet of 25 years ago has been replaced by a more sober version where it is not only encyclopedic information, entertainment content and financial and social ties that are maintained – the Internet is now also the where freedom fighters, terrorists, criminals and those who engage in free but controversial political discourse also operate. These latter uses often require strict anonymity and avoidance of tracking by law enforcement, authoritarian regimes, or anyone else. The dark web (sometimes called dark net), as it is now called, represents an alter ego of the World Wide Web that we are all used to.
One particular use of the dark web concerns all Canadian individuals and organizations: the execution of cybercrime. The frequency and complexity of cyberattacks continue to increase at an alarming and exponential rate. While attacks are carried out by a variety of actors for various purposes, Canadian organizations are increasingly being targeted by criminal groups trying to profit financially from attacks on their computer systems. These criminal groups rely on the dark web to transact, execute, and profit from cyber extortion activities out of sight of law enforcement and others who would otherwise try to track them.
Familiarity with the dark web can help Canadian organizations prepare for and respond to such attacks. This article serves as an introduction for the uninitiated and aims to demystify the concept and operation of the dark web at a basic level.
THE DEEP WEB, THE DARK WEB AND TOR
Much of the content available on the World Wide Web can be found using any popular web browser directed to well-known web search engines. These search engines index the locations (URLs or Uniform Resource Locators) of websites that allow users to easily find a website and then allow their web browser to connect to it. However, there is also content on computers (also known as servers) connected to the Internet that cannot be found or indexed by standard search engines – these usually require a direct URL or Internet Protocol (IP) address. and sometimes a password or other security measures to access it. In other words, to access this content, you need to know where to look.
This is called the “deep web”. A simple illustration is when a user searches for a webpage, connects to it, and then clicks a link on that webpage, which then takes the user to access deep web content. It’s the link you click that knows where to find the content – the location of the content itself isn’t otherwise indexed by the search engine but rather the website that contains the link. Examples of this content include a private video or document hosted on private cloud storage. The Deep Web is not about type content – this is any available content that has not been indexed by common search engines and therefore requires you to find it through other means.
The dark web is a subset of the deep web. In addition to being invisible to standard web search engines, the dark web is content on the World Wide Web that cannot be accessed without the use of special software or techniques. Additionally, this special software deliberately encrypts a user’s activity, allowing users accessing the content themselves to remain untraceable. A well-known example of such software is the Tor Browser.
HOW IT WORKS?
For the vast majority of Internet users, when you access a website, you are using the World Wide Web to transfer information from one computer network to another (and vice versa). For example, when you visit www.blakes.com, your device communicates directly with the computer that hosts our firm’s website.
Tor increases the anonymity of an Internet user thanks to a process nicknamed “onion routing” (Tor is the acronym of The Onion Router). Rather than allowing a user’s device to communicate directly with the computer hosting a website, Tor encrypts a user’s traffic in multiple layers of encryption (“layered encryption” is where the onion nickname). It then sends this encrypted packet through a number of intermediate computers, called “nodes”. Each node is only able to decrypt enough information to send the packet to the next node, thus removing a layer of encryption. The decryption process is repeated at each node, until the computer hosting the desired website is reached, and the content can be returned to the initial user in the same way.
From the perspective of the computer hosting the ultimate website, it appears that the request originated from the computer that decrypted the final layer (the “exit node”), rather than from the initial user. Thus, none of the nodes will be able to know both the origin and final destination of the line of communication, which makes it much more difficult to monitor and track the user and the web page. Although routing web traffic through multiple computers is an integral part of the day-to-day operation of the Internet, it is the process of stripping layers of encryption at each node that characterizes the Tor Browser.
WHAT IS THIS FOR?
Although Tor can be used to access standard websites with greater anonymity, the program also allows users to host and access websites invisible to search engines and inaccessible using a standard web browser. These sites, called “onion services” or “hidden services”, use the “.onion” top-level domain (rather than “.com”, “.ca” or another top-level domain). Addresses to access some hidden services can be easily found on well-known websites and using search engines. Other hidden services require direct links to cybersecurity specialists or even participation in underground online chat rooms or other communities. The extent to which dark websites are hard to find varies from site to site.
By offering anonymous connections, the dark web has gained a reputation for hosting virtual marketplaces for illegal goods and services such as drugs, child pornography and terrorism. Additionally, many cybercriminals use the dark web to post or sell personal information and stolen credentials, to communicate within and outside their organization, and to trade cryptocurrencies. Specifically, threat actors who carry out ransomware attacks will often only communicate with their victims using the dark web. It is common for these threat actors to ask the organization to download the Tor browser and access a dark website they created that contains a chat function, thus providing a direct and anonymous line of communication. . Organizations in this position should contact cybersecurity professionals before visiting this page or otherwise engaging with the threat actor.
The dark web is also used for more lawful purposes. For example, journalists, human rights activists, and law enforcement officials can all use the dark web to anonymize their online activity. Additionally, organizations such as Facebook, BBC News, and The New York Times have launched parallel versions of their sites that are designed specifically for the dark web, making them accessible in countries where they are actively blocked or censored.
The dark web is neither good nor bad. It is simply an anonymized virtual space where Internet users can operate with greater anonymity. Finally, the dark web is not a place for casual browsing – most of the material that typical users want to access exists on the indexed World Wide Web. The dark web, on the other hand, allows users to access specific sites and services that are not generally intended to be accessible to the general public.