Skip to content
Armed police
Naked Security Naked Security

3 ways to get busted on the Dark Web

While it's true that it's hard to see in the dark, it's not impossible to find things and over the last few years plenty of people who thought that Tor was a cloak of invisibility have come a cropper.

Armed policeThe Dark Web is a small and secretive part of the regular web that’s become a haven for drug markets, paedophiles and sex traffickers.

It’s dark because it uses encryption to hide the locations of everything on it from everything else. Users are anonymous and protected by a raft of privacy features baked directly into the Tor browser, which is the browser used to access it.

That leaves law enforcement not knowing where the websites are, who owns them, who uses them or who to arrest.

At least that’s the theory.

The reality is that while it’s hard to see in the dark, it’s not impossible to find things and over the last few years plenty of people who thought that Tor was a cloak of invisibility have come a cropper.

The people trying to hide on the Dark Web occasionally open doors that let the light come flooding in, bump in to the person chasing them or accidentally annoy organisations that happen to own very powerful torches.

Yup, there are in fact many ways to get busted on the Dark Web.

1. Being stupid or careless

Tor might be a very capable piece of technology built by very clever people but sophisticated tools are no match for operators who don’t know what they’re doing.

Using Tor, or setting up an anonymous .onion website, does not make you akin to an elite hacker.

On the Dark Web your website is a beacon of interest that needs to keep out both the bad guys and the good guys. If the bad guys break in they’ll walk off with your Bitcoin stash, and if the good guys break in they’ll use their access to figure out who and where you are.

Your site can stand out a mile on the Dark Web too.

A poorly secured website is vulnerable on any network but on the regular web it is at least a needle in a massive haystack of about 1 billion other sites. It takes some serious muscle to search the whole of that haystack but almost anyone can scan the entire Dark Web for sites with security flaws in just a few hours.

Even with your site locked down tight there are plenty of banana skins to slide on – all the anonymity in the world is worth nothing if you go and use a regular website like Reddit to tell everyone how terribly clever you are or you leave Exif data in your photos (the metadata that reveals when and where they were taken).

And then there’s the thorny business of actually selling real things to real people, with real addresses back in the well lit, real world.

In October 2014, undercover agents purchased a firearm from a vendor on the Dark Web marketplace Agora. All the encryption in the world couldn’t save US resident Michael Focia though. He’s facing up to 15 years in jail because he left his fingerprints on the gun.

2. Making the wrong friends

There aren’t many .onion sites on the Dark Web and when a new one appears the chances are that its arrival is of interest to many, many different law enforcement agencies around the globe.

Right now there are only about 7000 active Dark Web sites – that’s one for every five people employed by the FBI.

No wonder then that no matter if you’re a toxin-buying teen purchasing poison from a police officer, asking a cop posing as a hitman to bump off an ex-employee or your drug market is shuttered by a police sting within days of opening, it can feel like the Dark Web is stuffed to the gunwales with undercover fuzz.

And it isn’t just the real people that the criminals seeking refuge in the shadows have to worry about.

In 2013 1000 alleged paedophiles were identified by Netherlands charity Terre des Hommes thanks to ‘Sweetie’, their sophisticated CGI lure that looked and acted like a 10-year-old Filipina girl.

3. Making the wrong enemies

Be in no doubt that if you’re a criminal and you’ve just realised that the Dark Web might just the safest place to ply your illegal trade, then so have your mortal enemies.

The criminals might have given themselves a head start, but governments around the world have got some seriously smart people on the payroll (the onion routing technology that underpins the Dark Web was actually created by the US Navy).

The Dark Web isn’t just crawling with people who have the power to arrest and detain you, it’s also being indexed, sorted and catalogued by them using technologies like DARPA’s Memex search engine.

Memex was being used in secret for a year before it was revealed to the world but if the rumours are true then there are other, equally serious technologies being used out there that are still under wraps.

It seems that FBI hackers took down Silk Road, the Dark Web’s biggest and most notorious ‘Dark Market’, and they’ve been linked with attempts to get around Tor’s defences using malware.

Silk Road 2.0 suffered a similar fate when it was taken down along with dozens of other sites in a single day following a six month, 17-nation police operation called Operation Onymous.

Nobody’s come clean about how the police managed to pull off Operation Onymous. Europol are keeping tight-lipped, saying only that “This is something we want to keep for ourselves … because we want to do it again and again and again.”

Rumours persist that governments are infiltrating the Dark Web’s infrastructure by operating or compromising Tor entry guards and exit nodes. By controlling parts of the system, they can monitor and modify snippets of traffic.

With enough nodes they might even be able to perform sophisticated traffic correlation or network fingerprinting attacks.

The threat of exactly that kind of sophisticated operation is now being felt so keenly that it recently spooked the Dark Web’s biggest illegal marketplace into going offline.


Image of special forces courtesy of Shutterstock.com

41 Comments

Mark,

I just want clarification: Is the Dark Web supposed to be the recplacement for p2p software like Kazaa or something? Is it supposed to be just to get some free mp3’s that you could normally get on other sites?

There’s a bit more to the Dark Web than stolen videos and music…given that it is supposed to give you more anonymity than a traditional ‘KaZaA-type’ site, it has also become something of a haven for buying and selling things like handguns, illegal drugs, and so forth.

“stolen” videos..I like the assumption that something I OWN is stolen and when I want to share it with friends, FOR NO PROFIT that I am somehow violating a law I never agreed to. Copyright laws are laws against humanity. Im not saying it should be ok to SELL somebody else’s works but I do LOVE the fact that the web has forced artists to EARN their cash. Like the mega bands of past who could sell a million copy’s of an album and earn millions of dollars…now those poor slobs have to get on stage and perform to earn their cash (there is no sharing actual reality)

I’ll see your 13 months late and raise you another four. My comment is specific to music but applies to movies and other entertainment media. It’ll be downvoted into oblivion judging by how you’ve received ten upvotes for yours (I didn’t vote on you), but what the hell–participation trophies for everyone!

As a (mostly) amateur songwriter/musician who’s had some pretty decent gigs I find your stance exceedingly self-indulgent and ignorant. If your job could be easily and cheaply duplicated would you still blithely dismiss the work of others? Just because stealing is possible doesn’t make it fair.

Sure, lending a VHS, CD, or BluRay to a friend is perfectly legal, but your distortion of the concept takes it too far. A digital copy can’t be inventoried and needn’t be returned–and seldom is–and it diminishes sales potential. I concede this is complicated by the modern proliferation of purchasing a single song–but NOT completely negated by it. Years ago if you loved a certain song which was not released as a single–you had to buy the entire album. HOWEVER…

By saying those “slobs” now must earn money and forego the free windfall of album sales, you seem to be equating my ancient $1200 CD and Michael Jackson’s Thriller, The Beatles’ White Album, Pink Floyd’s The Wall. We gave away and sold all 500 copies and probably made less than $1000. However, the above artists made millions because they made *brilliant* music, to be loved by generations. If Warren Buffett is allowed to leave money to his kids, why can’t Garth Brooks, Elvis, or Led Zeppelin? Not to detract from Buffett’s philanthropy, but how many smiles and enjoyable evenings were brought to us courtesy of Alice in Chains or Mariah Carey? I admit a bit of envy, but I don’t wish less success for any of these artists.

I’ve played for over 10,000 people eight or nine times. Most of those attendees forget my name within minutes. I am highly unlikely to ever sell tickets like Adele, 21 Pilots, Madonna, Stevie Ray Vaughan, The Eagles, Elton John, Robert Johnson, or Eric Clapton. That does not mean I lack the understanding that you clearly lack:

Making an album involves a lot of work by many people who have trained and studied for years to bring their part to the project. It is no small task, and even music you dislike took considerable effort to create.

There’s a saying I’ve seen applied to attorneys, architecture, and computer security, but it also applies to graphic design, music, and film:
“Why did you charge me $50 for something that you did in ten minutes?”
“Because I studied for ten years to learn how to do in ten minutes just what you need.”

Dire Straits’ Money for Nothing implies there’s no work involved in creating music, but I’m sure they’d confess it’s an oversimplified expression of third-party perceptive ignorance. If you find it so easy to agree with and so simple to dismiss the work involved in making a certain piece of music, it should be equally as easy for you to delete it from your catalog. …unless you’d rather selfishly eat your cake too.

Just for edification: When you buy a DVD, video, vinyl record or even a book, you DO NOT own it. The author of the material owns it. What you are buying is a LICENSE to use that item for your own personal use. You may give or lend this property to another person, but it can be ONLY your original copy. The idea is that the material can be accessed by only one person at a time. It may not be copied or used in a presentation for which you charge admission. These copyright laws are meant to protect the rights of the author of the material. Some of these laws have been upheld even in cases where individuals merely have made copies for their own personal use, in case the original item became lost or damaged. These laws pertain to the USA. Other countries have more lenient laws.

Doubtful that is a fully accurate assessment. Are you saying I cannot give it away as a gift? The original post, which the guy worded poorly, nevertheless has a good point. When you pay for a product, you can do whatever you want with it as long as you do not copy and resell it.

For instance, I buy a book read it, then sell it as used on eBay. no Foul…right?

Too damned many lawyers out there, and too many wannabe lawyers.

I took the assessment as in the physical item you bought is yours and can do as you like but its contents of that item can’t or shouldn’t be reproduced and sold as your own.

small and secretive part of the regular web????? …what choo talkin bout willis?!?!!??!

Small NO Secretive YES!

The “dark web” is in no way shape or form small – it is the bottom part of the Iceberg

The Dark Web is tiny. It’s the part of the web that’s encrypted and accessible via tools like Tor or I2P. Research suggests that the number of Dark Web hidden services numbers in the thousands.

You’re thinking of the Deep Web, which is the part that’s not indexed by commercial search engines, that’s the bottom of the iceberg (but it’s mostly a very dull iceberg).

Are you for real???!!! The ‘”Deep “or ” Dark” web for newbies actually constitutes at least 90% of data on the total web – commonly known fact! It’s actually the reverse, the part accessible by normal search engines is the tiniest part of the web. And there’s a lot more to it than just illegal activity as they’d have you believe. The vast majority of information is simply because there are still a great number of people who believe in real freedom of speech and not being tracked by numerous government and commercial interests just because you use the web.

Naturally illegal activity will exist as a result of this but by FAR the majority of it is basically like discovering what the web was meant to be for the first time.

Anyone who starts their spiel with the statement “it’s a tiny part of the web” has no credibility and is giving you crap information so you’d have to wonder as to the truthfulness or accuracy of anything they have to say. Just google what percentage of the web is covered by the dark web and see the real facts – don’t just take my word for it.

Deep Web and Dark Web are not interchangeable terms. Dark Web commonly refers to the part of the web that’s anonymous thanks to onion routing. You’ll need Tor to access it and it is, on the scale of the web, very small indeed. A scan earlier this year found about 7,000 hidden services (sites) on Tor.

The Deep Web is the part of the web that isn’t indexed by search engines and it is probably very large indeed, but not for the reasons you suggest.

Search engines only index things that they know exist, that the owner hasn’t asked them to exclude and that they aren’t prevented from indexing by authentication.

That includes, amongst many other things, anything so boring that nobody ever linked to it, anything half-finished and abandoned, every staging and development website and, perhaps most importantly, anything behind a log in—such as most Facebook pages.

The Deep Web is the part that people describe as 90% of the web but the figure is, as far as I can see, made up.

I’ve seen wildly varying estimates for the size of the Deep Web and a lot of people repeating that 90% figure but I don’t use it because I’ve never seen anything that actually corroborates it. What you’ll find if you Google Deep Web is a commonly repeated refrain rather than a fact.

It might be correct, it certainly makes sense that the Deep Web is the biggest part of the web, but since ‘Deep Web’ literally means the bit of the web that’s beyond our ability to find it any estimate of of the Deep Web’s size should be treated with caution.

20 years ago when dial up was considered the norm I would lurk in MUDs and try to learn as much as I could about the technology. Now, I feel like a little fish in a big bowl. Thanks for the clear and concise explanation.

What you’ll find if you Google Deep Web is a commonly repeated refrain rather than a fact.highly reminiscent of sites pertaining to 9/11, JFK, moon landing, flat Earth…

Call me stupid but finding the deep web shouldn’t be that hard. Have a search algorithm that randomly generate letter and numerical combinations. Using dictionary methods and spreading out. A valid generated DN will be searched on a cooperative SE. If not found,it belongs to the deep web,simple. With this,you can get millions of unindexed sites in days

Good luck finding one-off URLs generated using hashes :-) Such as:

example DOT com SLASH docs SLASH someaccountname SLASH AB56-1EEF-89951234-EE50-3FF5EA1.html

I think that much of the Deep Web is deep because of the way the incentives line up. The deep web isn’t impossible to find, it’s just not worth it. Being in the Deep Web just means being beyond the ‘event horizon’ of commercial search.

Site’s that want to be found have a strong incentive to do the tiny amount of work they have to do to tell Google they exist.

Google meanwhile has strong incentive NOT to list sites that don’t want to be listed because it would make their search results less useful, users would go elsewhere and its ad revenue would decrease.

There are non-commercial reasons for wanting to search the Deep Web and that need is met by search engines like Memex:

https://nakedsecurity.sophos.com/2015/02/16/memex-darpas-search-engine-for-the-dark-web/

I was wondering if you have any sources for your information that are not other naked security sites? I’m doing research on this subject and scholarly articles would be very helpful.
Thanks!

You should find various primary source links in many of the other articles we link to…

Is the dark web a viable replacement IF the US government hands over the internet to the UN or other governments like Iran or Russia?

haven? you mean heaven?

“Haven” as in the Germanic word “hawe” for “safe harbour.”

“hawe” it’s not a German word, it doesn’t exist.

hawe from my knowledge is a afrikaans word. which means harbour. Dutch is very close to afrikaans, maybe that’s what your referring to.

It’s a Germanic word, not a German word. English is a Germanic language, So are Dutch, German, Afrikaans and many others. The word “hawe” (or something like it) is a common root in Germanic language for “a place where ships can shelter safely” and so on. In modern German I think that the noun is “hafen”; in Dutch I think it is “haven”; in Afrikaans it actually is “hawe” (the -w- has the sound of a double V, not a double U). Those words are all pronounced pretty much the same, and they relate to the word “haven” in English, where the -a- sound has opened up to sound like “hay”, not “har”. Some old English harbour towns still have names that end in -haven, not in -harbour, like, errrr, Seahaven and Whitehaven.

Well,Dark web is the heaven of illegal activities.People logging there can be cheated but no detention is possible. Such a dangerous place should be avoided at all costs.I dont know why federal govt. is not banning Tor and I2P? But what is actually Dark web? what is the difference between dark and Deep web? Deep web is necessary.

The government? My my, do you still believe in the tooth fairy too? Or that the FDA only puts its stamp on things good for us? Hey 1975 called and they want you back.

sophisticated tools are no match for operators who don’t know what they’re doing.
Hah, I love this! It’s a much more fun way to say

Never attribute to malice what can adequately be explained by ignorance.

The comments on this subject leave me only more curious about the “dark web” than I was when I’d stumbled on here. I’d seen it mentioned on a tv show. It is rather strange (with our government here in U.S.A. continually stripping us of freedoms as well as privacy for their claims of “national security”… HA!!!) that it hasn’t somehow been stopped. I bet it is merely left there as a means to catch bad guys or to just spy on people in their disgusting fashion to accomplish that same goal. I like the idea of it being there. Not for illegal reasons, but for the hopes of enjoying a bit more of the privacy for which we all lack anymore. Thanks to all for sharing your thoughts!

I stoped reading when he limited Dark Web or Deep Web to TOR. There are many other paths, routes and ways far from TOR.manycannot be scanned, indexed or wathever domain/port scanning the author is using.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?