What is the dark web?
In essence, the dark web consists of places not indexed by search engines.
Its inherent anonymity allows for shady dealings to take place between two or more unidentified individuals that often use nicknames to prevent their real identity.
Examples of illegal services traded on the dark web:
- Hitman for hire
- Illegal adult material
- Stolen passwords, credit numbers, etc.
- Malware or zero-day OS vulnerabilities
Since the dark web is inaccessible to search engine crawlers, you won’t be able to find it on Google.
The access to Dark Web
Typically, you’re going to need a password to get in.
Not only that, the URL of the meeting place is often not accessible through an actual domain, so you would need to know the exact IP address of the website.
Of course, nothing prevents its administrators from using other measures to restrict its accessibility even further, an example of which is only allowing certain IP addresses to connect or perhaps limiting the range of IPs to the ones that originate from a certain country.
The invisible parts of the web do not necessarily mean “illegal activity”
Note that the inaccessible parts of the dark web websites do not necessarily need to host illegal content or act as a gathering place for criminals.
Even in this day and age, certain authoritarian countries with oppressive political regimes are very aggressive when it comes to prosecuting their political opponents.
As such, the need may arise for like-minded individuals to voice their opinion and interact with each other in a safe place where simply speaking one’s mind won’t lead to undesirable consequences or endanger one’s freedom and safety.
To counteract the oppressive regime of certain countries, journalists and free thinkers often use the same tools as cybercriminals to secretly communicate with each other.
Regardless of the fact that members of such a hidden open-minded conversation spot aren’t involved in any kind of illegal activity, they may use the exact same means of concealing their true identity that criminals would resort to.
Keep in mind that in most countries, merely the act of concealing your true identity on the internet (as well as other personally-identifiable factors such as one’s IP address) is NOT considered a crime.
However, one of the rare examples of the norm is China which had decided to ban the use of VPNs and incorporate them with their Great Firewall internet protection years ago. If you’re caught using one in China, you could be likely charged with a crime despite having committed no otherwise ethically or legally questionable deeds.
Dividing the worldwide web into 3 categories based on searchability / visibility
When investigating any kind of online activity, it’s important to keep in mind that the world wide web can generally be classified into 3 tiers based on how easy it is to access.
This is the traditional internet as we know it.
The surface web consists of web pages anyone can access (typically, these are crawlable by Google’s spiders, thus making it searchable as well).
- eCommerce websites
- Ordinary websites
- Web galleries
- etc. (basically any publicly accessible website)
Delving a little bit deeper into the invisible layers of the internet, we have the deep web.
Since these kinds of pages tend to require the right login credentials for you to access them, search engine crawlers will be unable to archive this content.
As you can see from the examples below, deep web features elements of privacy, but not those of criminal activity.
Therefore, there is no reason to conceal one’s identity while accessing it.
- Court records
- Subscription-based services
- Personal messages and email accounts
The dark web is where shady dealings tend to happen.
As a general rule of thumb, you will not be able to access it without knowing the exact IP address of the website, and even then, the contents may be protected with a password.
Oftentimes, these will be .onion websites that are only accessible via the tor browser dark web. The people who post on these dark corners of the internet will never reveal their real name (and if they do, you can be absolutely sure it’s a fake or a pseudonym).
Examples of illegal services that get traded on the dark web:
- Drug trade
- Weapons dealing
- Human trafficking
- Hacks and exploits
- Illegal adult videos
How malicious actors hide their identity when accessing the dark web？
Since hardly anyone would be careless enough to leave a trail behind when accessing the dark web (remember, your IP can be traced back to your physical location), malicious actors use a plethora of tools designed to anonymize their identity.
Below, we’ll list some of the common ones:
Originally designed in the 90s, The Onion Router (or Tor for short) is a popular open source software for anonymizing one’s IP address (and thus identity).
In addition, it also masks info pertaining to the local PC, thereby thwarting all fingerprinting attempts.
By using it, it’s possible to establish anonymous communication with others. In essence, it works by routing the connection between thousands of volunteer networks.
Although it can also be classified as a dark web service, one of its uses is acting as means of communication between intelligence professionals. At the time of writing, it’s the largest and most widely recognized open-source service of its kind.
TOR was designed for privacy in mind.
ZeroNet follows a peer-to-peer web hosting model, which means the dark web that can be accessed through it is not actually hosted on any domain. Not only does this make it hard to trace by design, but it’s also next to impossible to shut down the content that gets distributed through it.
After all, it’s not hosted in a single place.
Unlike some similar solutions, you can use a regular browser to access the desired dark web content as long as you have the application running in the background.
As a dark web investigator, please keep in mind that ZeroNet does NOT anonymize your connection by default, so additional safety measures will be needed.
Available since 2003, I2P is a tool through which you can access the dark web.
Since it heavily focuses on encryption and anonymization, your connection and IP will stay safe from prying eyes.
One major difference between I2P and TOR is that the latter uses a single thread for encryption while the former handles encryption through a peer-to-peer model.
To access the dark web via I2P, you’re going to need to connect through a browser while the application is running in the background.
Since the connection is bounced through many peers, each of them serving as a node, it’s impossible for someone to trace your IP address.
Note that not everyone who uses I2P is a bad actor, since It’s also used by journalists from countries with oppressive regimes who want to spread the news without repercussions from the government.
Freenet was created in the year of 2000 as a means of sharing decentralized data. It uses a peer-to-peer model, meaning that no one can stop the flow of data between individuals (since it’s not hosted on any domain or server).
One of its distinct features is that it has 2 modes:
- Open net: a mode that allows for establishing a connection between any 2 users
- Dark net: a mode that only allows sharing data between 2 specific friendly individuals
The core concept of its design is to provide a safe and anonymous way for 2 known contacts to exchange information with one another.
Although the service was originally intended to be used by innocent civilians to outrun an oppressive regime, nowadays, it’s most often used by criminals for exchanging illegal content.
A Virtual Private Network (or VPN for short) is a middleman that acts as an intermediary between the local client and the server you’re trying to connect to, effectively forwarding the data received back to the local machine.
By establishing an encrypted tunnel between these two destinations, no one can intercept the data being exchanged.
In addition, it also masks your IP.
Nowadays, there are more VPN service providers than you can count.
To get a hold of someone’s real identity that was masked by a VPN, an investigator would have to present a court order to the company operating the service. However, even then, you may find that they hold a policy of not storing data about their clients, thus leading the investigation to a dead end.
A VPN protects against many things, including leaking your IP address and having your data intercepted by an unauthorized third party.
There are tools that can help you unmask the criminals
As untraceable as the dark web may seem, there is a glimmer of hope. In other words, there is no such thing as a perfect crime and criminals often make mistakes or leave accidental traces behind.
The tools listed below can help steer your investigation the right way:
Bitcoin Who’s Who
- When seeking payment for their illegal services, criminals will use Bitcoin as their currency of choice due to its (pseudo)anonymous nature.
- Unless the necessary precautions are taken, however, certain personally-identifying information can be attached to someone’s Bitcoin address, including the last known IP address.
- Bitcoin Who’s Who lets you trace it.
Therefore, when investigating Bitcoin transactions, see how many BTC are on there and if the address is associated with someone’s real-life identity.
In addition, there are online tools that will help you monitor it by sending out automated alerts when transactions are being made with it.
This tool works similarly to the one listed above, with the addition of also supporting Ethereum.
If you know someone’s digital wallet address, you will be able to see all the transactions made to and from it.
It also allows you to make a search based on certain parameters such as block hash, transaction hash, public key, block number, etc.
Tools that let you read EXIF data
When someone takes a photo with a digital device, it stores certain information about where it was taken, what device it was taken with, and even the lens that was used.
Certain tools like DRS allow you to extract and investigate such data, potentially giving you an important clue about where a criminal may be located.