Dark Web: the hidden internet
Lurking in the shadows of the internet, peeking out in popular films, television shows and novels, the dark web has become a villainous plot device that infers illegal drugs, guns, pornography, hired killers, and conspiracies. On the popular TV show “Scandal,” the team bids on the dark web to get Olivia Pope back; on “House of Cards,” a character uses the dark web to unearth a hacker; Sherlock accesses information via the dark web on several occasions on the show “Elementary”; and the dark web is a key plot element in novels such as Lee Child’s “Make Me.” Yet, for a majority of us, what the dark web actually is remains an enigma, a mysterious element floating out there somewhere on the internet. For most people who use computers, forays into searches are by using Google, Yahoo or some other search engine, which allows them to find information about just about anything. In actuality, what we think of the internet is only a small portion of the world wide web – the ‘www’ before many web addresses. The first workable prototype of what we now view as the internet was created in the 1960s, with the creation of ARPANET, which stands for Advanced Research Projects Agency Network. It was funded by the U.S. Department of Defense to allow multiple computers to communicate on a single network. Networks continued to grow through the 1970s, and Internet Protocol (IP) addresses were developed. In 1983, ARPANET adopted IP, with researchers assembling more and more networks, which became the modern internet. In 1990, a computer scientist created the world wide web. Researchers say that only four percent of the internet is visible to the general public, which means that possibly 96 percent is the dark or deep web, which experts call the “second layer” of the internet. The dark web is a part of the world wide web that exists outside of the traditional internet, in a part often referred to as the darknet, which requires a user to download a specific software or put in specific configurations to access. It is a collection of websites that are publicly visible, but hide the IP addresses of the servers that run the sites, so it’s next to impossible to determine where the sites are hosted, and by whom. To get there takes encryption tools and special software, and is an ideal place for those seeking anonymity, both for privacy sake, as well as illegal activities. However, experts believe the total population of dark net websites number only in the hundreds of thousands, rather than the millions, like on the “clear” net, which is the internet we all utilize. Security experts estimate that at any given time there are between 10,000 and 100,000 active sites on the darknet, with sites regularly disappearing or being yanked from servers by law enforcement or those who work to destabilize hackers and other illegitimate sites. Many dark web users utilize a free software called Tor for enabling anonymous communication. The whole goal of using Tor is to protect the privacy and anonymity of whoever uses it, as well as their freedom and ability to conduct confidential communication by keeping their internet activities from being monitored. Tor stands for “The Onion Router,” a reference to all of the layers of encryption that are layered one on top of another, like peeling through an onion. Instead of dot-com, to access encrypted dark websites the domains utilize dot-onion. Tor directs internet traffic through a free network that consists of more than 7,000 relays in order to conceal a user’s location and usage from anyone conducting network analysis or traffic analysis. To put it simply, instead of a direct connection from A to B, via Tor, the connection can bounce around the world, from network to network and computer to computer, going from A to D to Z to L to E to M to P and then to B, making it very difficult, if not impossible, to track the connection. “The dark web is a term that refers specifically to a collection of websites that exist on an encrypted network and cannot be found by using traditional search engines or visited by using traditional browsers,” explained Matt Egan in TechAdvisor. “In a very broad sense, the dark web is the part of the web that is not indexed, that is not on Google. You have to know about it before you can go there,” said Kevin Hayes, director of information security for Wayne State University. “We go to pages like Google, Microsoft and others, but that’s to the regular internet. When indexing can get more tricky, you need to type in numbers, otherwise known as an IP address, or use a special software, to access the dark web.” Ryan Wilk, vice president of NuData Security in Vancouver, which assists customers with data breaches, further explains, “The dark web is just another level of the internet. It’s a marketplace to buy things – illicit things. You can buy data, human trafficking, drugs, among other things. It’s a bazaar of the illicit. The problem really comes in when the bad actors come in. It’s where they go to buy lists of (stolen) names and account numbers.” “Almost all sites on the so-called dark web hide their identity using the Tor encryption tool. To visit a site on the dark web that is using Tor encryption, the web user needs to be using Tor,” Egan said. “Just as the end user’s IP address is bounced through several layers of encryption to appear to be another IP address on the Tor network, so is that website. Sites on the dark web can be visited by anyone, but it is very difficult to work out who is behind the sites.” Tor was initially developed by United States Naval Research Laboratory employees in the mid-1990s, with the purpose of protecting the U.S. intelligence community online. The first iteration was launched in 2002, and became available to the public in 2003. In December 2006, a group founded The Tor Project as a 501(c)(3) research-education non-profit organization responsible for maintaining Tor. The majority of its funding sources came from the U.S. government. The Swedish government also participated in its development. “We wanted to help journalists in totalitarian states, those who didn’t want to get caught and wanted anonymity,” said Steffan Truvé, founder and chief technology officer of Recorded Future, located in Boston and Gothenburg, Sweden. According to Wired magazine, in Tor’s early days, “Tor enabled its users to surf the internet, chat and send instant messages anonymously, and it is used by a wide variety of people for both licit and illicit purposes. Tor has, for example, been used by criminal enterprises, hacktivism groups, and law enforcement agencies at cross purposes, sometimes simultaneously.” According to Tor, their network consists of a group of volunteer-operated servers that allows people to improve their privacy and security on the internet by connecting through a series of virtual tunnels rather than making a direct connection, “thus allowing both organizations and individuals to share information over public networks without compromising their privacy.” Tor also promotes that it is an effective censorship circumvention tool, “allowing its users to reach otherwise blocked destinations or content. Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services...when these are blocked by their local internet providers. Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they’re in a foreign country, without notifying everybody nearby that they’re working with that organization...A branch of the U.S. Navy uses Tor for open source intelligence gathering.” Dissidents around the globe find a safe harbor in the dark web by using Tor because they can communicate without being traced. So too, do networks of transgender individuals seeking out a community where they can speak freely, safely, and anonymously, as well as others seeking like-minded communities to express themselves privately. Journalists in areas of conflict can talk with sources as well their their editors. Several news organizations, including The New York Times, Washington Post, The Guardian, Wired, and ProPublica, have set up drop boxes on the dark web to protect sources and whistleblowers who want to provide the news organizations with information and documents safely and securely. “ProPublica uses the dark web to protect sources – as do other news organizations like The Guardian and The Intercept, which played a major role in breaking news about the Edward Snowden leaks,” John Zorabedian wrote in NakedSecurity.com. “ProPublica uses a hidden service on Tor called SecureDrop that allows sources to submit tips, data and files secretly and securely.” He wrote that dark web versions of the ProPublica website has allowed Chinese citizens to read about censorship in their own country anonymously. The New York Times states on its home page it takes tips through SecureDrop, Signal, WhatsApp, along with regular email and postal mail. “Everyone should have the ability to read ProPublica’s content without being tracked,” Mike Tigas, the developer who built ProPublica’s website on the Tor network, said. “We don’t want anyone to know that you came to us, or what you read.” “It started with noble purposes, but because of anonymity, (the dark web) has turned criminal,” Recorded Future’s Truvé asserted. “Tor is not generally traceable, so it’s the place for peddling guns, drugs, human trafficking, data. Cyber criminals use it in two ways – to access tools, like malware and ransomware; and when they need help to disseminate their goods, like forums to access for those who use the goods and sell their wares – fresh credit cards, passports, drugs, guns. As a consumer, you only need to download Tor to access into this. But the risk is really infecting your computer, and you could be granting access to the bad guys. The good thing, though, is the anonymity.” He said journalists and forums for transsexuals and others seeking privacy harken back to the origins of the dark web, “for people who want to talk to like-minded people, whether you want to talk about government problems or you have sexual preferences and don’t want people to know, it’s what the dark web was designed for. But if someone infiltrates it, it’s where there are problems. “It’s like that scary, unsafe street everyone knows not to drive down,” is how Wayne State’s Hayes describes the dark. “As long as you’re keeping your computer up-to-date and not actively seeking the dark web, you’re going to be completely safe. Should someone download Tor? You can if you know what you’re doing and can use it responsibly. There’s a lot of power and potential to get into a lot trouble – by attackers and hackers, because they’re feasting on people that aren’t taking proper precautions like keeping their computers up-to-date and changing their passwords frequently. “The dark web is where illegal transactions take place, whether you’re talking about drugs, human trafficking, hackers exchanging personal data – because in a macro sense, people have always done bad things, and this is just a new way,” Hayes continued. “This now can happen in a global way. You’re really going into the lion’s den, and if you’re not properly prepared, you may leave with more than you bargained for, such as a hacked computer or a stolen identity.” NuData’s Wilk said that ironically, one of the first purveyors they saw early on of data breaches and other illegal activity was with gangs. “It was with the Bloods and the Crips (in Los Angeles),” he said. “’Why would we want to risk getting shot when we could stay home, make money and do this?’ It’s not just the sophisticated criminals, but the low level criminals, the kids sitting in their bedroom. If they’re able to figure it out, we’re only going to see it get worse.” Transactions, or purchases, on the dark web, whether lawful or illegal, are not done in dollars or euros, but in other currency, typically in bitcoin, and more recently, ether. Bitcoin and ether are digital currencies that are not based in a country, or tied to a gold standard, but are a unit of an account transacted between users on the web. They are private and anonymous, as bitcoin is not tied to any real world entities, but to bitcoin addresses. In some ways, bitcoins are a virtual cash. “Bitcoins, the payment of the dark web, is hard to trace,” noted Truvé. The cloak of anonymity provided by the dark web also makes it the launching pad for hacking websites or corporate data, such as credit card information or log in information. And it comes at a huge cost, both for individuals and companies. TechRepublic noted that the dark web affects every internet user. “If your data was leaked as part of a government or corporate hack, it’s for sale on the dark web.” “There’s a lot of personal data – credit card numbers, Social Security numbers, driver’s license numbers, bank account numbers and passwords, even Netflix and Hulu passwords and other accounts to common entertainment services out there,” Hayes said. “People go, ‘I want to watch Netflix, but I don’t want to pay them $14 a month.’ So instead, it’s like $3 for a bunch of accounts. When one account stops working, they just move on to the next one. “You have people who aren’t subscribing and it’s costing companies revenue, and it can lead to much greater data losses through further searches of people’s passwords,” Hayes continued. According to Hayes, it’s called social engineering – a hacker sees you’re in the Detroit area, so they check to see if this password also works for your DTE account, Consumer’s Energy account, your Chase Bank account. They can figure these out because they have your data, with your birth date, Social Security number, possibly your physical address, and guess at the rest. Many people will use their children or dog’s name for passwords, so they start there. Once they hit on a successful password, they try it over and over again. “While someone thinks someone using their movie password isn’t doing them harm, if they have used their password for other accounts – which most people do – attackers can pivot over to those more sensitive accounts,” Hayes said. “The rest of their financial lives could be in jeopardy. “It’s one of the biggest problems out there, because we reuse our passwords. It’s a financial drain on everybody. That’s really what cyberattacks are about – they’re financial attacks.” Hacks and cyberattacks are a huge financial burden, and they are expected to continue to grow, with tremendous consequences. According to Juniper Research in June 2017, merchants are projected to lose up to $71 billion in card-not-present fraud over the next five years, with 80 percent of that fraud occurring in North America, the Far East and China. By any estimation, that’s a serious financial cost that everyone will end up bearing the burden for. “With all these breaches, there is so much data floating out there, and all these companies – banks, e-commerce sites – have to determine if it’s really you or someone else logging in,” said NuData Security’s Wilk. “We see so much data out there, it’s hard to trust it.” He noted that most of us use numerous devices, or change devices frequently. “Most people have three devices at any one time to log into an account,” he said. To combat fraud, they look at a person’s various devices, how they interact with those devices and how they connect with the internet. “They’re all unique aspects of who you are. By pulling all these different features, we’re able to build together a unique profile around how the user uses the device, and build a profile to determine you’re the one actually logging in versus someone else. It’s understanding the human user to help banks combat illicit use of stolen data.” He explained that often once a hacker has breached a site, data is sold, and then hackers test the use of the data against banks, stores and e-commerce sites to see how many times they can succeed with certain data. “These account takeover attempts are usually done first by non-human automation, testing this user name and password. If they can log into one site, maybe it’s worth $5; if they can log onto 10 sites, maybe (the data) is worth $25. These people are refining these breaches to your addresses, Social Security numbers, date of birth.” Law enforcement is generally aware of the dark web and the damages it is causing to the economy, but is usually playing catch up. “When it comes to the dark web, it is hot topic right now for anyone dealing with it. We’re in the early stages of (dealing) with it – as is everyone else,” acknowledged Michigan State Police D/F/Lt. James Ellis. “Law enforcement is often reactive instead of proactive.” Wayne State University’s Hayes’ noted that law enforcement is getting a little bit past the tip, “but it’s an uphill battle. Every time they get close, they discover the ultimate culprit is overseas, even if the work is done here. They might have 99 percent of the information here, but if one percent of the key data is overseas...technology is so complex. If the server where the data is stored is overseas, it can takes months to get access.” Ellis said Michigan State Police is seeing trafficking of guns, drugs, credit cards, “you can get just about anything you want right now, because it’s the dark web, and not a lot of people know about it or use it. It’s mostly criminals using it. No one really knows how to track it or where to go, so you have that criminal element. When we do find cases, they’re international, not local, and that’s what makes it even harder. They’re cyber cases, ransomware, and in most cases they’re overseas, that’s what we run into and they know it. “They’ll often have valid names and sell blocks of credit cards,” Ellis continued. “Financial institutions use one kind of company that scours the dark web for information related to financial information and impropriety, employees’ names, their email addresses, and other information, because if they’re hacked, they’ll have key words identified to see how they got it, to track back to a particular data breach that occurred. But sometimes the information may be very old – (the hackers) are not always selling the data right away. They know that people are looking for it right away, so they might hold it for two or three years. If someone gets credit protection, it’s often for a year or two, and then they let it lapse. It’s like laying low, and waiting to move later.” Police chiefs in Birmingham, Bloomfield Township and Rochester all said they are seeing significantly more computer-related crime, notably fraud and identity theft, but they are not dealing with other aspects of the dark web directly, such as pornography, hacking, malware, drug and human trafficking. “We would refer it out if we saw it,” said Rochester Police Chief Steve Schettenhelm. So too, in Birmingham, although Chief Mark Clemence said that Cmdr. Chris Busen has received some specialized computer training, and they have a Birmingham police officer assigned to the FBI. “Anything computer-related, we send it to him and the FBI takes over and investigates. Our job is getting so technical and so many things have an internet component, and the dark web is a fast moving, growing component in criminal enterprise,” Clemence said. “We’re seeing more training in our computer division. From an investigative standpoint, investigating (computer) fraud, more than anything else, is the fastest growing crime, whether it’s on the local, state or federal level.” “I’m not aware of it impacting our police department at all, and I don’t know that much about it at all,” Bloomfield Township Police Chief Scott McCanham acknowledged. “I don’t have my head in the sand, but it hasn’t reached the level where Bloomfield Township has had to train for it.” He did say that the township police representative on the Oakland County Narcotics Task Force has been involved with drug trafficking. Timothy Plancon, special agent in charge of the Drug Enforcement Agency (DEA) for Michigan, Ohio and Kentucky, said they work drug cases on the dark web when they’re alerted to the activity, which could be through illicit activity, unexplained income, tips coming in, and through partnerships with fellow federal and local law enforcement. “People get on the dark web and order (drugs) and get it shipped wherever,” Plancon said. “No matter what country they’re in, they almost all originate outside of the country. We’re not talking kilogram quantities, although we have dealt with that, too. We work with shippers, postal carriers, delivery service workers – that’s how we sometimes get tips. “These are extremely dangerous drugs that can kill just by touching,” he said of what he referred to as narcoterrorism. “We’re talking fentanyl, carfentanyl, and other synthetic opioids, like U-47700 – some people call it Pink. They’re modifications of fentanyl and carfentanyl, which is an elephant tranquilizer. These are very potent opioids that translate to the equivalent of a few grains of salt, if you ingest or even just touch it, it can kill you. Sometimes just a speck of dust inhaled or touched, you can die. If it’s not packaged properly, so the dust or powder doesn’t get out, it can injure someone handling it. It’s dangerous for any mail carrier, UPS or FedEx worker. It’s dangerous for any law enforcement officer.” Plancon stated he believes that a great deal of the country’s and notably Michigan, Ohio and Kentucy’s opioid crisis is being fueled by the dark web. “It hits every socioeconomic group, every cultural and religious group,” he said. “Because sitting at a computer, the dark web really fuels this opioid epidemic. I think the dark web really is the right name for it. It seems demonic almost.” Oakland County Sheriff Michael Bouchard concurs, noting that in Oakland County they are seeing both drug trafficking and human trafficking, which their Special Investigations Unit (SIU) handles. “We know that a great deal of drug activity is coming via parcels, especially synthetics are coming from China,” Bouchard said. “They try to make the transactional activity anonymous through bitcoins. When they’re doing this heinous activity in the dark, which runs counter to what we want to do – we want to expose them to the sunlight.” Bouchard said he is seeing dark web activity growing and becoming a bigger threat in all aspects, including terrorist activity. “Folks there are not the most savory type,” he said wryly. “It’s like walking into the worst, worst part of town and being a tourist – like getting off at the wrong stop. We’re seeing everything and anything criminal, murder for hire, pornography. We saw the migration of pedophiles, and their techniques to avoid being caught, to trafficking, to actively exploiting without being caught. They can get into multiple states and multiple countries. The dark web has become a bartering tool for molestation.” “There’s a lot of crossover. Take human smuggling. Drugs are involved. Drugs and guns go together, and many terrorist groups are partially funded through drug trafficking,” Plancon said, who said the DEA collaborates with federal agencies such as the FBI, ATF, Homeland Security, U.S. Postal Service, U.S. Marshalls, and Secret Service, as well and Michigan State Police and Oakland County Sheriff’s Office. “There are some very bright people out there doing some very bad things.” Cmdr. Busen of the Birmingham Police Department said that their liaison with the FBI has dealt with child pornography issues through the dark web. “Most are coming from other countries,” he said, making it difficult to trace and to prosecute. “Fraud, meaning identity theft and credit card fraud, now go hand-in-hand. Right now it’s the greatest transfer of wealth from the west to the east in the history of the world, because of all the fraud going on in. It’s going back to the old country, with all this money going back to Russia.” Bouchard, who sits on national law enforcement and sheriff agencies, said that another where law enforcement sees abuses of the dark web is as a private and anonymous communications avenue for criminals and terrorists. “Isis has the ability to exchange encrypted information,” via What’sApp on the dark web, he said. “Terrorists and criminals are communicating in real time, in encryption that we cannot break, and law enforcement is falling behind the eight-ball.”