The internet, as most of us know it, is just the tip of the surface web. If you scratch the surface, maybe dig a little deeper, you might find yourself in a part of the deep web. The part that's not indexed by standard search engines such as Google.
What you will find here is nothing like what you see or hear on social media, a podcast, or a Netflix documentary. The scary stories coming out of dark web pages are a cause for concern for law enforcement agencies worldwide.
For law enforcement, understanding and navigating the dark web is not just about technology; it's a fight against the ever-evolving subcultures of crime.
What is the Dark Web?
The dark web refers to the encrypted, hidden part of the internet that is not indexed by traditional search engines. It is a subset of the deep web, which includes all parts of the internet not accessible to search engines. While the dark web is used for legitimate purposes, it has also gained notoriety for hosting illegal activities, such as the sale of illicit goods, hacking tools, and other illicit services.
Surprising as it sounds, criminals didn't create this unindexed shadowy cyber world. The US Department of Defense started developing the dark web to help American spies communicate without drawing the attention of everyday users or nation-states. Although they didn't manage to actually pull it off, the researchers who worked on the project continued the effort to benefit activists.
However, today, the deep web is primarily home to the worst people the planet has to offer, and that number doesn't seem to be slowing down. From New York to Delhi, interest in dark websites is proliferating, with over 2.5 million daily visitors this year. More than half of those users engage in illegal activities. That is why the FBI takes dark web stories seriously and regularly hunts down those who run the biggest scams.
The Silk Road-the first modern darknet market-is likely what brought the dark web to the public's attention. More than a decade after this black market was shut down, several others popped up to take its place. Here, they peddle illicit substances, guns, credit card information, and more. They also sell elixirs like keyloggers that steal your login details and passwords as you type them, tools to initiate Distributed Denial of Service (DDoS)-an attack that floods a server with internet traffic to prevent users from connecting to your content-and hacking tutorials. Hydra-a Russian language dark marketplace-was the dark web's crown jewel, controlling much of its ebb and flow until it was shut down in April 2022.
Tools of the Dark Web
Anonymity is the name of the game in the dark web, meaning law enforcement must adapt to this guideline. Under this anonymous persona, they can monitor forums, chat rooms, and marketplaces to gain insights into emerging criminal trends, identify key players, and even pre-empt potential criminal activities. However, this is no simple feat. Just as law enforcement develops a variety of new techniques to shed light on the dark web and its users, criminals are continuously evolving their tactics to avoid detection. This forces security specialists to stay updated with the latest in cybersecurity, encryption methods, and digital forensics.
Some standard tools used to access and use the deep web are as follows:
Tor (The Onion Router)
What makes the dark web particularly challenging for law enforcement is the shield of anonymity it offers its users. By leveraging tools like the Tor Browser (or the Onion Router) and crypto like Bitcoin, individuals can conduct transactions and communicate with a level of privacy that's almost impossible to penetrate. This anonymity reassures criminals and creates a "safe space" where they feel protected from the prying eyes of the law.
The dark web can only be accessed with an application like the Tor net. The Tor browser gets its name from many layers of encryption that secure the information traveling through the network.
PGP (Pretty Good Privacy)
The data encryption and decryption tool Pretty Good Privacy, or PGP, enables cryptographic privacy and authentication. Darknet users leverage PGP to encrypt emails, messages, and files. PGP is also used to encrypt directories and disk partitions.
Some key functions and features include public key encryption, digital signatures, symmetric-key encryption, and creating a web of trust. PGP also leverages hash functions to create a short, fixed-size checksum of a message. You can also compress the message after signing but before encrypting it.
The Invisible Internet Project (I2P)
I2P, or the Invisible Internet Project, provides an anonymous network layer that enables censorship-resistant, peer-to-peer communication. This approach allows dark web users to access websites, chat, and send instant messages anonymously. I2P encrypts network traffic and routes it through a distributed network of volunteer-operated servers called routers.
Key features include:
- End-to-end encryption
- Garlic routing (a message-delivering system similar to Tor's onion routing)
- A decentralized network
- A self-contained network
I2P also provides "Hidden Services" that allow users to run websites called "Eepsites" in I2P and other services while concealing their IP address from both providers and service users.
Virtual Private Network (VPN)
Dark web visitors don't have to worry about their IP address being exposed in the deep web when accessing the hidden wiki, forums, and chat rooms. But it's still best to add an extra layer of protection by leveraging a leading Virtual Private Network (VPN). This approach will help avoid getting a message such as "We see you!" when engaging in a dark web forum, creating your own deep web story.
Headlines from the Dark Web
The Attack on MCNA
Managed Care of North America (MCNA) Dental malware or ransomware attack and data breach exposed the sensitive information of 8.9 million innocents. Although the compromised data varied per individual, the compromised data contained:
- First and last names
- Social security numbers
- Driver's license numbers
- Physical addresses
- Dates of birth
- Email addresses
- Phone numbers
The attackers also stole health insurance data and Medicaid-Medicare ID numbers, treatment information, and bills with insurance claims. The attack occurred between 27 February and 7 March 2023, and the stolen data was up for sale on the dark web by April 2023.
The Scraping of Duolingo
Threat actors scraped the data of 2.6 million Duolingo users. The data stolen from the language learning app didn't take long to end up on a dark web hacking forum. Threat actors claimed to have accessed the data by scraping an unprotected application interface (API).
Can you guess how much they were selling it for?
By 22 August 2023, the cyber criminals offered the data of 2.6 million language learners for just $1,500. For the buyer to check the legitimacy of the data before purchasing, they also provided a data sample of 1,000 accounts for free.
The exposed data included:
- Email addresses
- First and last names
- Other information submitted to Duolingo
The Cyberattack on MGM Resorts
MGM Resorts confirmed that threat actors stole an unknown amount of sensitive customer data during a cyberattack in September 2023. The hotel and casino giant estimated the cost of the data breach to be around $100 million.
Darknet gang ALPHV/BlackCat subgroup, Scattered Spider, claimed responsibility for the large-scale cyberattack that caused widespread disruption across MGM assets. However, the stolen data is from transactions that took place prior to March 2019:
- Contact information
- Date of birth
- Driver license number
- Passport details
- Social Security numbers
The company, valued at $34 billion, was brought down when an employee had a 10-minute chat with a phantom phisher impersonating an MGM employee discovered on LinkedIn successfully.
Clorox Cyber Attack
Clorox, the maker of popular cleaning products, suffered a serious cyber attack that had a catastrophic impact on its revenue and share prices. As the cyber attack disrupted its supply chain and operations, it resulted in product outages nationwide.
The impact of these security events isn't just confined to the digital space. Cyber attacks can have a significant effect on the physical world like the aftermath of a natural disaster. For example, cyber attacks can also disrupt the operations of critical infrastructure such as power grids, water treatment plants, and transportation systems.
In the case of Clorox's cyber attack, it disrupted the company's supply chain and operations, leading to product outages across the country. This shows how vulnerable businesses are to rapidly evolving cyber threats.
- Don't panic; take a few deep breaths
- Change your passwords (organizations should leverage a password manager to suggest and store passwords)
- Leverage MFA whenever possible
- Engage in cybersecurity awareness training regularly
- Monitor networks for unauthorized activity
- Invest in robust virus software, firewalls, and intrusion detection systems
- Patch and update regularly
- Backup data on a regular basis
- Engage a dark web monitoring service
Although the dark web had noble beginnings with the intent of aiding covert communication and supporting activists, it has since metamorphosed into a hotbed of illicit activities. Despite the inherent dangers, the exponential growth in user interest and engagement cements its place in the digital world. Tools like the Tor Browser, created to provide a sanctuary for anonymity, now inadvertently shield criminals from being apprehended.
High-profile breaches, like those suffered by MCNA, Duolingo, and MGM Resorts, show the magnitude of the threat and the ease with which data is commoditized in deep web marketplaces. However daunting as it may sound, individuals and organizations can follow cybersecurity best practices to ensure they don't become a commodity in dark web marketplaces.