The dark web is the
World Wide Web content that exists on ''
darknet
A dark net or darknet is an overlay network within the Internet that can only be accessed with specific software, configurations, or authorization, and often uses a unique customized communication protocol. Two typical darknet types are social ne ...
s'':
overlay networks that use the
Internet
The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, p ...
but require specific software, configurations, or
authorization to access.
Through the dark web, private computer networks can communicate and conduct business anonymously without divulging identifying information, such as a user's location.
The dark web forms a small part of the
deep web
The deep web, invisible web, or hidden web are parts of the World Wide Web whose contents are not indexed by standard web search-engine programs. This is in contrast to the "surface web", which is accessible to anyone using the Internet. Co ...
, the part of the Web not
indexed by
web search engines
A search engine is a software system designed to carry out web searches. They search the World Wide Web in a systematic way for particular information specified in a textual web search query. The search results are generally presented in a ...
, although sometimes the term ''deep web'' is mistakenly used to refer specifically to the dark web.
The darknets which constitute the dark web include small,
friend-to-friend peer-to-peer
Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the network. They are said to form a peer-to-peer ...
networks, as well as large, popular networks such as
Tor,
Freenet,
I2P
The Invisible Internet Project (I2P) is an anonymous network layer (implemented as a mix network) that allows for censorship-resistant, peer-to-peer communication. Anonymous connections are achieved by encrypting the user's traffic (by using ...
, and
Riffle operated by public organizations and individuals.
Users of the dark web refer to the regular web as
Clearnet due to its
unencrypted
In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted.
Overview
With the advent of co ...
nature. The Tor dark web or onionland
uses the traffic anonymization technique of
onion routing under the network's
top-level domain suffix
.onion
.onion is a special-use top level domain name designating an anonymous onion service, which was formerly known as a "hidden service", reachable via the Tor network. Such addresses are not actual DNS names, and the .onion TLD is not in the I ...
.
Terminology
Definition
The dark web has often been confused with the
deep web
The deep web, invisible web, or hidden web are parts of the World Wide Web whose contents are not indexed by standard web search-engine programs. This is in contrast to the "surface web", which is accessible to anyone using the Internet. Co ...
, the parts of the web not indexed (searchable) by search engines. The term ''dark web'' first emerged in 2009; however, it is unknown when the actual dark web first emerged. Many internet users only use the ''
surface web
The Surface Web (also called the Visible Web, Indexed Web, Indexable Web or Lightnet) is the portion of the World Wide Web that is readily available to the general public and searchable with standard web search engines. It is the opposite of the ...
'', data that can be accessed by a typical
web browser
A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used o ...
.
The dark web forms a small part of the deep web, but requires custom software in order to access its content. This confusion dates back to at least 2009. Since then, especially in reporting on
Silk Road, the two terms have often been conflated, despite recommendations that they should be distinguished.
The dark web, also known as darknet websites, are accessible only through networks such as
Tor ("The Onion Routing" project) that are created specifically for the dark web.
Tor browser and Tor-accessible sites are widely used among the darknet users and can be identified by the domain ".onion". Tor browsers create encrypted entry points and pathways for the user, allowing their dark web searches and actions to be anonymous.
Identities and locations of darknet users stay anonymous and cannot be tracked due to the layered
encryption
In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can d ...
system. The darknet encryption technology routes users' data through a large number of intermediate servers, which protects the users' identity and guarantees anonymity. The transmitted information can be decrypted only by a subsequent
node
In general, a node is a localized swelling (a " knot") or a point of intersection (a vertex).
Node may refer to:
In mathematics
* Vertex (graph theory), a vertex in a mathematical graph
* Vertex (geometry), a point where two or more curves, line ...
in the scheme, which leads to the exit node. The complicated system makes it almost impossible to reproduce the node path and decrypt the information layer by layer.
Due to the high level of encryption, websites are not able to track
geolocation and IP of their users, and users are not able to get this information about the host. Thus, communication between darknet users is highly encrypted allowing users to talk, blog, and share files confidentially.
Content
A December 2014 study by Gareth Owen from the
University of Portsmouth found that the most commonly hosted type of content on Tor was
child pornography
Child pornography (also called CP, child sexual abuse material, CSAM, child porn, or kiddie porn) is pornography that unlawfully exploits children for sexual stimulation. It may be produced with the direct involvement or sexual assault of a ...
, followed by
black markets
A black market, underground economy, or shadow economy is a clandestine market or series of transactions that has some aspect of illegality or is characterized by noncompliance with an institutional set of rules. If the rule defines the ...
, while the individual sites with the highest traffic were dedicated to
botnet operations (see attached metric).
Many
whistleblowing sites maintain a presence as well as political discussion forums. Sites associated with
Bitcoin,
fraud-related services, and
mail order services are some of the most prolific.
As of December 2020, the number of active Tor sites in .onion was estimated at 76,300 (containing a lot of copies). Of these, 18 000 would have original content.
In July 2017,
Roger Dingledine
Roger Dingledine is an American computer scientist known for having co-founded the Tor Project. A student of mathematics, computer science, and electrical engineering, Dingledine is also known by the pseudonym arma. As of December 2016, he contin ...
, one of the three founders of the Tor Project, said that
Facebook
Facebook is an online social media and social networking service owned by American company Meta Platforms. Founded in 2004 by Mark Zuckerberg with fellow Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dust ...
is the biggest hidden service. The dark web comprises only 3% of the traffic in the Tor network.
A February 2016 study from researchers at
King's College London gives the following breakdown of content by an alternative category set, highlighting the illicit use of .onion services.
Ransomware
The dark web is also used in certain extortion-related processes. Indeed, it is common to observe data from ransomware attacks on several dark web sites (data sales sites, public data repository sites.
Botnets
Botnets are often structured with their
command-and-control servers based on a censorship-resistant hidden service, creating a large amount of bot-related traffic.
Darknet markets
Commercial
darknet market
A darknet market is a commercial website on the dark web that operates via darknets such as Tor or I2P. They function primarily as black markets, selling or brokering transactions involving drugs, cyber-arms, weapons, counterfeit currency, sto ...
s mediate transactions for illegal goods and typically use Bitcoin as payment.
These markets have attracted significant media coverage, starting with the popularity of
Silk Road and Diabolus Market and its subsequent seizure by legal authorities. Silk Road was one of the first dark web marketplaces that emerged in 2011 and has allowed for the trading of weapons and identity fraud resources.
These markets have no protection for its users and can be closed down at any time by authorities.
Despite the closures of these marketplaces, others pop up in their place.
As of 2020, there have been at least 38 active dark web market places.
These marketplaces are similar to that of
eBay
eBay Inc. ( ) is an American multinational e-commerce company based in San Jose, California, that facilitates consumer-to-consumer and business-to-consumer sales through its website. eBay was founded by Pierre Omidyar in 1995 and became ...
or
Craigslist where users can interact with sellers and leave reviews about marketplace products.
Examination of price differences in dark web markets versus prices in real life or over the World Wide Web have been attempted as well as studies in the quality of goods received over the dark web. One such study was performed on Evolution, one of the most popular
crypto-markets active from January 2013 to March 2015.
Although it found the digital information, such as concealment methods and shipping country, "seems accurate", the study uncovered issues with the quality of illegal drugs sold in Evolution, stating that, "the illicit drugs purity is found to be different from the information indicated on their respective listings."
Less is known about consumer motivations for accessing these marketplaces and factors associated with their use.
Bitcoin services
Bitcoin is one of the main cryptocurrencies used in dark web marketplaces due to the flexibility and relative anonymity of the currency.
With Bitcoin, people can hide their intentions as well as their identity.
A common approach was to use a
digital currency exchanger service which converted Bitcoin into an online game currency (such as gold coins in
World of Warcraft
''World of Warcraft'' (''WoW'') is a massively multiplayer online role-playing game (MMORPG) released in 2004 by Blizzard Entertainment. Set in the '' Warcraft'' fantasy universe, ''World of Warcraft'' takes place within the world of Azer ...
) that will later be converted back into fiat currency.
Bitcoin services such as
tumblers are often available on
Tor, and some – such as
Grams – offer darknet market integration. A research study undertaken by Jean-Loup Richet, a research fellow at
ESSEC
The École Supérieure des Sciences Economiques et Commerciales (more commonly ESSEC Business School or ESSEC) is a major French business and management school, with non-profit association status (French association law of 1901) founded in 190 ...
, and carried out with the
United Nations Office on Drugs and Crime, highlighted new trends in the use of Bitcoin tumblers for
money laundering purposes.
Due to its relevance in the digital world, Bitcoin has become a popular product for users to scam companies with.
Cybercriminal groups such as DDOS"4" have led to over 140 cyberattacks on companies since the emergence of Bitcoins in 2014.
These attacks have led to the formation of other cybercriminal groups as well as Cyber Extortion.
Hacking groups and services
Many
hackers sell their services either individually or as a part of groups. Such groups include
xDedic, hackforum, Trojanforge,
Mazafaka,
dark0de and the
TheRealDeal
TheRealDeal was a darknet website and a part of the cyber-arms industry reported to be selling code and zero-day software exploits.
The creators claimed in an interview with DeepDotWeb that the site was founded in direct response to the numbe ...
darknet market. Some have been known to
track
Track or Tracks may refer to:
Routes or imprints
* Ancient trackway, any track or trail whose origin is lost in antiquity
* Animal track, imprints left on surfaces that an animal walks across
* Desire path, a line worn by people taking the shorte ...
and
extort apparent pedophiles. Cyber crimes and hacking services for financial institutions and banks have also been offered over the dark web. Attempts to monitor this activity have been made through various government and private organizations, and an examination of the tools used can be found in the ''Procedia Computer Science'' journal. Use of Internet-scale DNS distributed reflection denial of service (
DRDoS) attacks have also been made through leveraging the dark web. There are many scam .onion sites also present which end up giving tools for download that are infected with
trojan horses or
backdoors.
Financing and fraud
Scott Dueweke the president and founder of Zebryx Consulting states that Russian electronic currency such as WebMoney and Perfect Money are behind the majority of the illegal actions.
In April 2015, Flashpoint received a 5 million dollar investment to help their clients gather intelligence from the deep and dark web. There are numerous
carding forums,
PayPal and
Bitcoin trading websites as well as fraud and counterfeiting services. Many such sites are scams themselves.
Phishing via cloned websites and other
scam sites are numerous, with
darknet market
A darknet market is a commercial website on the dark web that operates via darknets such as Tor or I2P. They function primarily as black markets, selling or brokering transactions involving drugs, cyber-arms, weapons, counterfeit currency, sto ...
s often advertised with fraudulent URLs.
Illegal pornography
The type of content that has the most popularity on the dark web is illegal pornography—more specifically,
child pornography
Child pornography (also called CP, child sexual abuse material, CSAM, child porn, or kiddie porn) is pornography that unlawfully exploits children for sexual stimulation. It may be produced with the direct involvement or sexual assault of a ...
.
About 80% of its web traffic is related to accessing child pornography despite it being difficult to find even on the dark web.
A website called
Lolita City, that has since been taken down, contained over 100 GB of child pornographic media and had about 15,000 members.
There is regular
law enforcement
Law enforcement is the activity of some members of government who act in an organized manner to enforce the law by discovering, deterring, rehabilitating, or punishing people who violate the rules and norms governing that society. The term ...
action against sites distributing child pornography – often via compromising the site and tracking users'
IP address
An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
es. In 2015, the FBI investigated and took down a website called
Playpen.
At the time, Playpen was the largest child pornography website on the dark web with over 200,000 members.
Sites use complex systems of guides, forums and community regulation. Other content includes
sexualised torture and killing of animals and
revenge porn. In May 2021,
German police said that they had dismantled one of the world's biggest child pornography networks on the dark web known as
Boystown, the website had over 400,000 registered users. Four people had been detained in raids, including a man from
Paraguay
Paraguay (; ), officially the Republic of Paraguay ( es, República del Paraguay, links=no; gn, Tavakuairetã Paraguái, links=si), is a landlocked country in South America. It is bordered by Argentina to the south and southwest, Brazil to t ...
, on suspicion of running the network.
Europol said several pedophile chat sites were also taken down in the German-led intelligence operation.
Terrorism
Terrorist organizations took to the internet as early as the 1990s; however, the birth of the dark web attracted these organizations due to the anonymity, lack of regulation, social interaction, and easy accessibility.
These groups have been taking advantage of the chat platforms within the dark web to inspire terrorist attacks.
Groups have even posted "How To" guides, teaching people how to become and hide their identities as terrorists.
The dark web became a forum for terrorist propaganda, guiding information, and most importantly, funding.
With the introduction of Bitcoin, an anonymous transactions were created which allowed for anonymous donations and funding.
By accepting Bitcoin, terrorists were now able to fund money to purchase weaponry.
In 2018, an individual named Ahmed Sarsur was charged for attempting to purchase explosives and hire snipers to aid Syrian terrorists, as well as attempting to provide them financial support, all through the dark web.
There are at least some real and fraudulent websites claiming to be used by
ISIL (ISIS), including a fake one seized in
Operation Onymous
Operation Onymous was an international law enforcement operation targeting darknet markets and other hidden services operating on the Tor network.
Background
Operation Onymous was formed as a joint law enforcement operation between the Federa ...
. With the increase of technology, it has allowed cyber terrorists to flourish by attacking the weaknesses of the technology. In the wake of the
November 2015 Paris attacks, an actual such site was hacked by an
Anonymous-affiliated hacker group,
GhostSec, and replaced with an advert for
Prozac
Fluoxetine, sold under the brand names Prozac and Sarafem, among others, is an antidepressant of the selective serotonin reuptake inhibitor (SSRI) class. It is used for the treatment of major depressive disorder, obsessive–compulsive disorde ...
. The
Rawti Shax Islamist group was found to be operating on the dark web at one time.
Social media
Within the dark web, there exists emerging social media platforms similar to those on the World Wide Web, this is known as the Dark Web Social Network (DWSN).
The DWSN works a like a regular social networking site where members can have customizable pages, have friends, like posts, and blog in forums.
Facebook
Facebook is an online social media and social networking service owned by American company Meta Platforms. Founded in 2004 by Mark Zuckerberg with fellow Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dust ...
and other traditional social media platforms have begun to make dark-web versions of their websites to address problems associated with the traditional platforms and to continue their service in all areas of the World Wide Web.
Unlike Facebook, the privacy policy of the DWSN requires that members are to reveal absolutely no personal information and remain anonymous.
Hoaxes and unverified content
There are reports of
crowdfunded assassinations and
hitmen for hire;
however, these are believed to be exclusively scams. The creator of
Silk Road,
Ross Ulbricht, was arrested by Homeland Security investigations (HSI) for his site and allegedly hiring a hitman to kill six people, although the charges were later dropped. There is an
urban legend that one can find
live murder on the dark web. The term "''Red Room''" has been coined based on the Japanese animation and urban legend of the same name; however, the evidence points toward all reported instances being
hoaxes.
On June 25, 2015, the
indie game ''
Sad Satan
''Sad Satan'' is a PC game first reported on the YouTube channel ''Obscure Horror Corner'' on June 25, 2015.
Following initial reviews, the channel's video of the game was picked up by a number of English-language publications and, later, inte ...
'' was reviewed by YouTubers ''Obscure Horror Corner'' which they claimed to have found via the dark web. Various inconsistencies in the channel's reporting cast doubt on the reported version of events.
There are several websites which analyze and monitor the deep web and dark web for threat intelligence.
Policing the dark web
There have been arguments that the dark web promotes civil liberties, like "free speech, privacy, anonymity".
Some prosecutors and government agencies are concerned that it is a haven for
criminal activity. The deep and dark web are applications of integral internet features to provide privacy and anonymity. Policing involves targeting specific activities of the private web deemed illegal or subject to
internet censorship.
When investigating online suspects, police typically use the IP (Internet Protocol) address of the individual; however, due to Tor browsers creating anonymity, this becomes an impossible tactic.
As a result, law enforcement has employed many other tactics in order to identify and arrest those engaging in illegal activity on the dark web. OSINT, or Open Source Intelligence, are data collection tools that legally collect information from public sources.
OSINT tools can be dark web specific to help officers find bits of information that would lead them to gaining more knowledge about interactions going on in the dark web.
In 2015 it was announced that
Interpol
The International Criminal Police Organization (ICPO; french: link=no, Organisation internationale de police criminelle), commonly known as Interpol ( , ), is an international organization that facilitates worldwide police cooperation and cr ...
now offers a dedicated dark web training program featuring technical information on Tor,
cybersecurity and simulated darknet market takedowns. In October 2013 the UK's
National Crime Agency and
GCHQ announced the formation of a "
Joint Operations Cell
Joint Operations Cell is a unit of GCHQ, a British signals intelligence agency, and the National Crime Agency (NCA), a United Kingdom national law enforcement agency. It opened in November 2015 with the intention of tackling a range of crime on the ...
" to focus on cybercrime. In November 2015 this team would be tasked with tackling child exploitation on the dark web as well as other cybercrime. In March 2017 the
Congressional Research Service
The Congressional Research Service (CRS) is a public policy research institute of the United States Congress. Operating within the Library of Congress, it works primarily and directly for members of Congress and their committees and staff on a ...
released an extensive report on the dark web, noting the changing dynamic of how information is accessed and presented on it; characterized by the unknown, it is of increasing interest to researchers, law enforcement, and policymakers.
In August 2017, according to reportage, cybersecurity firms which specialize in monitoring and researching the dark web on behalf of banks and retailers routinely share their findings with the
FBI and with other law enforcement agencies "when possible and necessary" regarding illegal content. The Russian-speaking underground offering a crime-as-a-service model is regarded as being particularly robust.
Journalism
Many
journalist
A journalist is an individual that collects/gathers information in form of text, audio, or pictures, processes them into a news-worthy form, and disseminates it to the public. The act or process mainly done by the journalist is called journalis ...
s, alternative
news organizations
The news media or news industry are forms of mass media that focus on delivering news to the general public or a target public. These include news agencies, print media ( newspapers, news magazines), broadcast news ( radio and television), ...
, educators, and researchers are influential in their writing and speaking of the darknet, and making its use clear to the general public. Media coverage typically reports on the dark web in two ways; detailing the power and freedom of speech the dark web allows people to express, or more commonly reaffirms the illegality and fear of its contents, such as computer hackers.
Many headlines tie the dark web to child pornography with headlines such as, "N.J. man charged with surfing 'Dark Web' to collect nearly 3K images of child porn", along with other illegal activities where news outlets describe it as "a hub for black markets that sell or distribute drugs".
Specialist Clearweb news sites such as
DeepDotWeb
DeepDotWeb was a news site dedicated to events in and surrounding the dark web featuring interviews and reviews about darknet markets, Tor hidden services, privacy, bitcoin, and related news. The website was seized on May 7, 2019, during an inv ...
and
All Things Vice
All Things Vice is a blog that was started in 2012 by Australian author and journalist Eileen Ormsby about news in the dark web. Since her investigations into the Silk Road in 2013, the darknet market led her to blog about various happenings in ...
provide news coverage and practical information about dark web sites and services; however, DeepDotWeb was shut down by authorities in 2019.
The Hidden Wiki
The Hidden Wiki was a dark web MediaWiki wiki operating as Tor hidden services that could be anonymously edited after registering on the site. The main page served as a directory of links to other .onion sites.
History
The first Hidden Wiki ...
and its
mirrors and
forks
In cutlery or kitchenware, a fork (from la, furca 'pitchfork') is a utensil, now usually made of metal, whose long handle terminates in a head that branches into several narrow and often slightly curved tines with which one can spear foods eit ...
hold some of the largest
directories of content at any given time. Traditional media and news channels such as
ABC News
ABC News is the news division of the American broadcast network ABC. Its flagship program is the daily evening newscast '' ABC World News Tonight with David Muir''; other programs include morning news-talk show '' Good Morning America'', '' ...
have also featured articles examining the darknet.
See also
*
List of Tor onion services
This is a categorized list of notable onion services (formerly, hidden services) accessible through the Tor anonymity network. Defunct services are marked as well as services with known only with deprecated v2 addresses are marked.
Archive and ...
References
External links
Excuse Me, I Think Your Dark Web is Showing – A presentation at the March 2017 BSides Vancouver Security Conference on security practices on Tor's hidden servicesAttacks Landscape in the Dark Side of the Web
{{I2P