Setting the Stage
Upon recent exposure to and an increase in public awareness of this “dark web” topic, I decided to take a gander myself to see what it’s all about. Prior to embarking on this journey, however, I did do some research into how to go about accessing this portion of the internet and how to go about doing it safely. There were quite a few introductory articles covering how to get started but not all of them were clear as to where to go once you got Tor (the software bundle used to conduct research and peruse the dark web) installed and running, so I felt like some pieces of the puzzle were missing.
Check out Tor’s official documentation here, or you can use just about any online search or referenced link below to cover the installation process of getting Tor set up. To briefly cover the basics of how I went about getting ready for this I:
- Created a virtual machine (VM) specifically with the objective to navigate the dark web
- Disabled certain functions between the VM and my host computer; the camera to give a specific example
- Downloaded the Tor browser bundle, and then installed and ran it
- Disabled JavaScript by entering “about:config” into Tor’s URL bar and setting the flag to “false”
Clearing the Waters; Dark Web, Deep Web, and the Surface Web
To set the stage and clear the waters, there seems to be some ambiguity in regard to what the “dark web” and the “deep web” refer to. To be frank, there is no one right answer, as it depends on who you ask. These, in addition to the standard version of what we call the “internet” (also known as the “surface web”), will be clarified as follows:
- Surface Web
This is our typical “I want to Google this…” approach that, when acted upon, presents us with search results pertaining to our original query. Returned results are then indexed (keyword here: indexed), which is what differentiates each of these categories. Examples of this include searching for the Facebook login page, or for Secplicity blog posts, perhaps even the ever-famous cat videos. - Deep Web
There are resources, web pages, and what have you that are available on the internet that require something prior to being accessed and are not directly presented to a web crawler to be returned to a searching user. These pages are not indexed by the web crawlers and are considered part of the “deep web.” Examples of this would include a requirement to log in to a personal bank account or some other institution that handles sensitive data, or logging into your personal Facebook account that is customized to you as the logged-in user. - Dark Web
Now to the main focus here. When speaking of the dark web, people often refer to black market-like transactions and the “underground” world of the internet, but that perspective is only partway true. The dark web in its entirety isn’t the home of only horrendous conduct. There are options for whistleblowers, reporters, and even severely oppressed people to communicate while attempting to conceal their identity. Refer to this for additional details about the positive side of Tor. Examples of such sites on the Tor network would be a stringed URL that is derived from a hash of that services’ public key with the “onion” TLD. This Wikipedia link covers the process in more detail but its method offers some anonymity. For some examples of these URLs visit this link but for convenience, here are two examples: http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page and http://3g2upl4pq6kufc4m.onion/
How Does the Tor Network Work?
Up until the point where the Tor browser is up in front of you and you’re ready to start searching, quite a bit of work is done in the background pertaining to how Tor goes about anonymizing you. This Tom’s Guide article covers how this works, along with some insightful information about how Tor came to be and the volunteers behind this network’s availability. For another great explanation of how Tor traffic works, check out this forum’s first reply by the user “Jasper, I’m a geek” as well.
To sum it up, volunteers across the globe set up relay points that allow Tor traffic to pass through, masking a users’ true IP address and actually stripping the original packet to just enough to know where the previous relay point is and where to forward the packet. The reference to this network traversal is known as the “Tor network”. This way each relay point is only aware of the previous hop and the next hop and are unaware of the full path.
There are a few fallacies and one is the actual endpoint of where your intended search takes you, HTTPS sites extend the encryption but not standard HTTP sites. The other potential fallacy is known as the “exit node” of the Tor network, which is the relay point that makes the final request to the above-mentioned, actual destination query. In theory malicious individuals could sabotage you if they are the exit node.
Okay, So Now What?
Getting back to my test bed, which is up and running. I followed the above-mentioned steps to install the Tor browser and am currently presented with the DuckDuckGo search engine. Now what?
I started entering search queries attempting to view hacker services and other options that are notorious within the dark web only to find standard websites that are accessible via regular browsers; Google, Safari, etc. Nothing seemed different with the returned search results. After digging into this a bit more I made some headway – the TLD “onion” is where it’s at. You can’t just search for “onion” sites via a search engine, much like we’re accustomed to in surface web. Instead, there are statically maintained wiki-like pages that have these URLs listed out and categorized by nature; financial services, hacker services, etc.
The main wiki that appeared in many searches is this URL but there were more. Seeing that these are manually maintained, some links were dead, but others had notes about checking back in frequently as some sites go down and then come back up.
Parting Words and Final Thoughts
The research into the dark web conducted above was purely just that – research. You’re more than welcome to conduct your own research as you please but take heed and tread carefully. You can’t trust anyone on the internet much less the dark web. Use the Tor bundle that is openly available and be sure to not download and open content, as some content may expose your true location via crafted scripts.
I am not endorsing or recommending any partaking in illegal activities derived from followed links within this post, nor advise you to conduct any such activities.
Lastly, follow this link to our 443 Podcast on this topic where host Marc Laliberte and guest star Corey Nachreiner cover the details of the dark web and related stories!
References
Guccione, D. (January 19, 2018). What is the dark web? How to access it and what you’ll find. Retrieved from https://www.csoonline.com/article/3249765/data-breach/what-is-the-dark-web-how-to-access-it-and-what-youll-find.html
Lacoma, T. (April 24, 2018). How to access the Dark Web. Retrieved from https://www.digitaltrends.com/computing/how-to-access-the-dark-web/
Scharr, J. (October 23, 2013). What Is Tor? Answers to Frequently Asked Questions. Retrieved from https://www.tomsguide.com/us/what-is-tor-faq,news-17754.html