Buying cocaine or heroin has never been easier. Neither has finding a contract killer, joining an extremist group or viewing extreme pornography. The Deep Web – the dark underbelly of the internet – is growing and allowing users to surf beneath the ordinary surface web with almost complete anonymity.

The GCHQ and FBI are constantly monitoring deep web pages, looking for terrorism organisations, drugs and arms dealers. Now, companies who are experts in Cyber Security are being asked to help – to track down the criminal gangs, the instigators of home grown extremism and the leaders of child porn rings.

Of course, it’s not that easy. The deep web is searchable by a number of ways. The most well-known is using Tor, free software which lets users browse the web anonymously. (The correct definition for Tor is an anonymising proxy service). Tor was created as an “anonymous” web browser to prevent an individual’s internet history being traced back to the user.

The lesser known I2P is another way of accessing the deep web. I2P is an anonymous over lay network – a network within a network. It is intended to protect communication from dragnet surveillance and monitoring by third parties such as ISPs. I2P is heavily used by those trying to sell illegal products and services but it is also used by many people who care about their privacy: activists, oppressed people, journalists and whistleblowers, as well as the average person.

The deep web is enormous – far bigger than the surface web. And it’s not just a matter of inputting a search query into Tor or accessing I2P and finding sites first time. Many links are dead, or corrupted. Finding the active sites depends very much on who you know underground, and who has the usable “clean” links and passwords. There are numerous forums with anonymous users looking for the right introduction to the deepest sites, or instigating conversations and posting reviews of dealers’ products and services.

The deep web community is also rife with paranoia. As in any criminal world, no one is really sure of anyone’s real identities. Contacting a new dealer or customer is a risky step, as undercover police are everywhere. References to the “LE” (law enforcers) and their underground monitoring activity is all over the forums and chan sites. As soon as the FBI step in and take down one site, the chat rooms explode, with everyone desperately scrabbling to beef up their “Opsec” and keep themselves anonymous and under the radar. References to “cleaning up your house” and “burning down your house” proliferate – basically cleaning all traces of drug activity from your location in case the FBI come calling.

To find websites peddling more disturbing information such as child pornography or links to human slavery deals means you have to dig deeper. A lot deeper. The FBI and equivalents constantly monitor the deep web 24/7 to find individuals that they know are big fish in the criminal underworld.  They use a variety of methods, including using the expertise of external companies.

The ones we know about (and are allowed to talk about) are companies such as BrightPlanet and Hold Security. These are set up to specifically monitor the deep web, and collect data not only from the surface of the internet but also from the millions of deeper websites. BrightPlanet monitors the web on behalf of law enforcement agencies, trawling to find specific illegal activities to create custom intelligence reports and monitor “criminally predicted” individuals and their online activity.

These companies use various tools to automate the gathering and analysis of criminal activity being discussed online. They can scan Twitter for threats to specific locations or individuals, or search for keywords and locations – essential as a legal enforcer in the world of underground terrorism and extremism.

It’s not just law enforcement that are using the deep web. The sort of people who roam the dark web on a daily basis include entirely lawful companies and individuals that have their own need for anonymity.  One such company is Cryptdesign.com. Crypt bill themselves as an “anonymous darknet design & build team”. After 15 years of working for clients on the surface or “clear” net, Crypt decided to go underground, and start offering design services to the community on the deep web. They are quick to reassure users that “We don’t need to know who or where you are, and we will never reveal to anyone the work done or for whom”.

Some deep web users have good intentions. Doctor X is a trained physician that works on harm reduction projects in his day to day life but answers medical related questions from drug marketplace as well—all for free. He started in June 2013, and received 600 questions and 5,000 visits after just three months on the now defunct Silk Road dealer site. In an interview with Joseph Cox of Vice, Doctor X said:

“Drug users need more…They need answers, and that's what I try to provide. People ask me about the real risks and adverse effects, drug combinations [illegal and prescriptive] and the use of drugs in persons suffering from different conditions, such as diabetes or neurological problems.”

A hacker that goes by the name of “Intangir” became a champion for the deep web last March when he hacked into the Hidden Wiki, and deleted all of the links to child pornography. He tweeted this after doing it:

“In 1 move, I did more to limit CP access than all the Twitter pedo hunters of the last 3 years. What have you done today?”

2-sec is regularly asked by public and private clients to monitor threats on the deep web as part of a wider programme of cyber security for their organisations.

Hunting out the extremists or the dealers on the deep web is not a quick or solitary task. A senior penetration tester from 2-sec comments,

It’s never just one single curious policeman sitting in a back room on a computer. It is a serious and specialised job that needs a huge range of backup both online and on the ground. Backup including forensics, investigators IRL, specialist Infosec experts with access to ISPs. To hunt and arrest a deep web criminal means that someone has sat there for months on end, fully immersed in the criminal underworld,  while attempting to create a trusting relationship with an online target. This is a full time job.”

He went on to say, “I know of two individuals who are currently doing this – one for a private company and one for a government organisation. And they live this life, full time 24/7 without letting their mask slip online, trying to track and develop a connection with criminals in the deep web”.

Another query that is always asked is finding out proper attribution behind online attacks. It is extremely difficult to work out exactly who has hacked which target, and often the individuals or countries blamed for attacks are very wide of the mark.  Again, the deep web can be trawled to find references to groups or individuals that might have initiated the aggression against the target. Often it is nigh on impossible. As the 2-sec consultant comments,

 “Ascertaining proper attribution is one of the most difficult tasks we are asked to do. It needs months of research and trust building with the alleged attackers. Again, it’s a full time job and an area that needs considerable expertise. It’s not undertaken lightly”.

2-sec is pleased to be able to use its expertise in assisting law enforcement and private companies in their hunt for criminal activity on the deep web. However, like investigations in real life, these searches are often extremely complicated, involve highly specialist skills and involve many months of online work before the public get to see any arrests or high profile takedowns.

This article first appeared in the International Business Times on 12th December 2014

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top