When we hear the word Dark Web, we immediately associate it with something illegal. But what is a Dark web and how it works?
To understand it, we need to start from the surface.
Surface web is the visible web. It primarily consists of static web pages which can be indexed by common search engines like Google, Yahoo, and Bing etc. So how this works? Basically, the search engines crawl and index various links present in the web application while searching for contents. The retrieved information is mostly present in the form of HTML files. But this searching technique misses a lot of contents where a web page uses dynamic web pages and database for their data. To get this information, we need to dig a bit deeper.
In simple terms, the information which can’t be retrieved by search engines like Google is called the deep web. These are usually dynamic pages and can’t be indexed. Let’s take an example of a website which contains structured data. It has got search boxes and dynamic forms. We need to provide valid input to get the information we are after. This information is not indexed and hence does not pop up on a standard search.
Usually, the dark web is always confused with deep web. But the dark web is a very small portion of the Deep web. These information has been hidden intentionally from the prying eyes and only a user who knows exactly what he is looking for can have the access. Also, this information cannot be accessed using a standard web browser. One of the most appealing aspects of a darknet is its anonymity. This attracts all categories of users, may it be people who need a little bit of privacy or people associated with illegal activities.
Most of this darknet can be found using Tor network. The word Tor refers to the Tor network as well as the browser used to access this network. Tor is reputed mainly for its promise of anonymity and hosting many illegal sites like Silk Road which is a major drug marketplace. So it is used by hackers, criminals, politicians, journalists, and privacy campaigners alike.
Tor hides a user's web activity so that he cannot be traced by local ISPs, government and law enforcement agencies. The data packet is passed over a number of volunteer relay nodes in a randomized pattern. Tor uses Onion routing technology where the encryption around data is peeled off like onion at every node. When a layer of encryption is peeled, it reveals the next destination point. This ensures that each node only knows where the data came from and what its next destination is. When the last layer is peeled off, the data reaches its destination. This ensures that the sender remains anonymous and untraceable. This helps users to access sites that are blocked by local ISPs and covering tracks while browsing the internet.
Apart from providing privacy to users, Tor also ensures privacy for various servers and websites. It makes sure that the servers can only be connected via Tor network. By using Tor’s hidden service, anonymity is maintained for both server’s operator and users. But these services can only be accessed through onion addresses. Hidden wiki has got a lot of tor “.onion” URLs listed in it. These websites can't be accessed using regular browsers. Hidden services have become extremely popular for trading illegal and objectionable materials. Drug sites like Silk Road and Evolution have brought the attention of media and government officials in this regard. Apart from drug sites, Tor also hosts various hidden marketplaces, blogs & forums. Tor browser has also been used to hide the network traffic of several malware. In 2013, ransomware such as Cryptorbit asked their victims to pay ransom for the private key using Tor browser.
Tor network provides a high level of protection and to make it better, Tor project itself encourages attack against its network as a part of academic research. So instead of attacking at the network level, Government agencies have started hacking user's computers as an endpoint attack to determine the IPs of the Tor users. Using a Tor network has its drawbacks. Tor hides a user identity but it does not hide the fact that somebody is using Tor's network. Also, internet site operators have the ability to reduce the functionality of Tor users. They can also prevent traffic from Tor exit node. For example, a user cannot edit Wikipedia if he is on Tor network.
In spite of these weaknesses, Tor is considered more resistant to website fingerprinting than other tunneling protocols. Tor was originally the project of US Naval Research Laboratory and was initiated to protect the U.S intelligence online. But now it has become a playground for criminals. As with every new invention, an object can be used for both good and bad. It all depends on us how we use it.
Authored By - Adyashree Ipsita
TCS Cyber Security Practice