Long unknown to the general public, the dark web, or the dark Internet now fuels all fantasies. Born in the early 2000s, this submerged and invisible network of the web is both a lawless area for criminals, extremists, and perverts of all kinds, but also a space for freedom of expression that has become essential for launchers of alerts and investigative journalists. Close-up on the different facets of this underground universe …
We no longer count the reports, books, TV series, or even cinema films that deal with the dark web and contribute to fueling fantasies and a lot of confusion around this secret universe. Let’s be clear, browsing the dark web is not really exciting, quite the contrary. Unless there are legitimate reasons for going there, the hidden network is particularly austere, even sometimes sordid.
In addition to the possibility of meeting bad people and coming across extremely shocking content, you should keep in mind that the simple fact of visiting certain sites or forums is not without risk.
The codes of the underground network
The Internet is a global computer network made up of two distinct parts. There is, on the one hand, the surface web indexed by general search engines such as Google, Bing, or Yahoo !, and on the other hand, the deep web is the submerged and invisible part of the Internet. the contents are not listed by traditional search engines. If the surface web may seem immensely large, it is nothing compared to the deep web which would represent more than 80% of the entire web.
Most sites and online services on the Internet contain unindexed pages on the deep web. This is the case with webmails, online banks, business databases, private forums, social networks, sites accessible by authentication, or even pages that are intentionally created in a non-indexable format. Facebook, for example, has access via the dark web for those who wish to use the social network while preserving their anonymity.
The dark web, not to be confused with the darknet, constitutes a tiny sub-part of the deep web. Accessible only through alternative networks, the most popular and easy to use of which is TOR (The Onion Router), the dark web refers to content hosted on darknets, which in turn are superimposed networks including anonymization functions. and confidentiality. This secret parallel universe is home to mafia gangs and cybercriminals who carry out illegal activities through marketplaces, transactional spaces, and forums. The main currency used on the dark web is Bitcoin.
Until only a few years ago, was relatively complex, because, in addition to using specific tools, it required knowing the precise “.onion” addresses of each site. The underground network has since become widely democratized to the point of having become accessible to as many people as possible in a few clicks … There are even today sites on the surface Web that regularly reference and update the addresses of illegal services. . Access to them is generally subject to membership which may be more or less difficult to obtain. To escape the police and avoid conflicts between gangs, marketplaces, and forums very regularly change addresses, even names.
Small glossary of the dark web:
- Dark Web: called Dark Internet or even underground Internet, it is a subnetwork of the deep web (deep or abyssal web) hosted on darknets (overlay or overlay networks). The dark web represents the content found on darknet networks like TOR (also called Onionland), Freenet, or i2P. The IP address, location, and user interaction are anonymized through a layered encryption system.
- Web surface (surface web): this is the visible part of the World Wide Web, i.e. the Web indexed by search engines like Google, Bing, Yahoo !, etc. It only represents a whole part of the Web.
- Deep Web (deep or invisible web): in opposition to the surface web, the deep web represents the entire Internet network which is not referenced by traditional search engines. It hosts unreferenced pages (without backlinks) or in the non-indexable format of messaging services, online banks, sites with limited access (newspapers, private forums …), social networks, database companies, etc. The deep web is often mistakenly confused with the dark web which represents only a tiny part of the latter. It would represent between 90 and 95% of the entire web.
- TOR (The Onion Router): TOR is an overlaid and decentralized computer network allowing anonymous and confidential browsing via the Tor Browser. It is the most popular way to access the dark web and its sites that end in “.onion”. Developed in the 1990s by the United States Naval Research Laboratory of the United States Army, it was released under a free license in 2004. It is made up of thousands of servers (called network nodes) located around the world managed by volunteers. The connection which constantly passes randomly through three servers makes it possible to hide the original IP address and encrypt the exchanges. This process causes significant slowdowns in the Internet connection.
- Darknet (overlay or overlay network): it is made up of a multitude of darknets which are overlaid networks hosting sites not indexed by traditional search engines and including specific “.onion” domain names. Based on a decentralized peer-to-peer architecture, they are mainly accessible via TOR and its dedicated browser Tor Browser, but also Freenet and i2p. These hidden networks have anonymization and confidentiality features that make it possible to conceal the IP address of users and to encrypt their exchanges.
- Bitcoin : the advent of cryptocurrency has largely contributed to the development of dark web black markets. Anonymous and untraceable, this virtual currency quickly became the most used means of payment for all kinds of illegal traffic on the network. The majority of marketplaces display their price in bitcoin and only accept payments in this digital currency. However, some sites offer alternatives such as Monero or Litecoin.
- Escrow : this is an intermediary responsible for ensuring a transaction in bitcoins or another virtual currency between a seller and a buyer. Concretely, this trusted third party only releases the money for the seller when the buyer confirms to him that he has received the product and that everything is in order.
Dark web news
The vast majority of Internet users heard about the dark web for the first time in 2013 following the closure of Silk Road (Silk Road in French) by the FBI. This is the first such major drug market to be created on the underground network. Worthy of a Hollywood film scenario (the Cohen brothers would prepare a feature film on the subject), the investigation which led to the closure of the site and the arrest of its young American creator Ross Ulbricht mobilized more than a hundred FBI and Europol agents for nearly two years.
From cannabis to heroin, including cocaine, LSD, and amphetamines, the site made it possible to buy all kinds of drugs online in bitcoins.”eBay of drugs”, it connected dealers and buyers from all over the world and received a commission on each payment.
The first cyber baron of drugs
Between February 2011 and July 2013, Silk Road totaled more than 1.2 million transactions and generated no less than 1.2 billion dollars in turnover! Of this sum, the site would have collected nearly $ 80 million in commissions. Following a relentless hunt punctuated by incredible twists and turns, FBI agents eventually succeed in identifying and arresting Ross Ulbricht in San Francisco. Known as “DPR” (Dread Pirate Roberts), the then 29-year-old was sentenced to two life sentences for conspiring drug trafficking, hacking, and money laundering.
Many mysteries still surround the arrest of the founder of Silk Road, in particular on the means implemented by the FBI agents to achieve it. Even if they cannot prove it, some experts believe that the agents of the American agency must have used illegal means and certainly the help of the NSA (National Security Agency) to achieve their end. If this were to be proven one day, DPR could then have his convictions overturned …
Barely closed, already resuscitated!
The Silk Road affair remains one of the dark web’s biggest hits to this day, but many more have followed. Starting with a new, almost identical version called Silk Road 2 which appeared only 4 weeks after its closure. It only took a year this time for the FBI to infiltrate the site’s team of administrators and lock it down. This resuscitated marketplace had all the same allowed to sell hundreds of kilos of drugs and generated no less than 8 million dollars per month. Despite these high-profile closings, traffic has only picked up again on the dark web.
In the following years, even larger crime e- markets appeared such as AlphaBay Market and Wall Street Market . Full of illicit products (weapons, drugs, false papers …), these two sites dismantled by the courts between 2017 and 2019 had 200,000 and 1.1 million customers respectively (compared to 150,000 at the time for Silk Road) . Even if the announcements of closings are increasing, nothing seems to be able to slow the rise of illegal cybermarkets.
In June 2018, the French cybergendarmes announced the simultaneous arrest in various French cities of the three administrators of Black Hand, one of the main illegal online sales platforms of the French-speaking dark web. At the head of this criminal network which sold weapons as well as drugs or stolen bank card numbers, a 28-year-old single mother who was previously completely unknown to the police.
More recently, an international investigation carried out by the FBI in conjunction with Europol led to the arrest of two Israelis accused of founding and running DeepDotWeb (DDW). It was one of the main portals to access illegal dark web marketplaces. According to the American agents in charge of the investigation, this arrest constitutes “the most disruptive operation ever carried out for the functioning of the dark web, because it is the first to have made it possible to dismantle an infrastructure on which the network is based. “.
DDW was indeed both a directory referencing the links of the largest illegal marketplaces and an information center including tutorials to teach Internet users how to conduct end-to-end transactions on the dark web. Very busy, the site would have allowed the two alleged administrators to collect more than 15 million dollars commission in bitcoins on transactions made via the referenced links. Despite this new haul, several more or less identical portals are already replacing DDW on the hidden network.
Access the hidden network
Contrary to popular belief, it is not illegal to go to the dark web via the TOR network, but it should be noted that some countries such as the United States systematically put users of the service under surveillance. To access the dark web and its hidden services via TOR, you have to go through your dedicated Tor Browser browser. Based on the source code of Firefox, the latter which has recently benefited from a major overhaul is available for free on Windows, macOS, GNU / Linux, Android.
There is an iOS version, but it does not offer the same level of protection as on other platforms. In addition to anonymization functions, this browser has the particularity of allowing surfing both on the classic web, and on“.onion” sites (a special reserved domain name used on TOR) on the underground web.
Passing through this superimposed network, traffic is relayed and encrypted three times via proxies (relays) managed by volunteers. This so-called onion routing method was designed to conceal the IP address of the original sender (the Internet user) and to encrypt their online activities. According to TOR Metrics (the measurement tool developed by Tor Project), there are currently between 6,000 and 7,000 servers and more than 3 million regular users.
Tor Browser resists all forms of tracking, surveillance, and censorship. Although it is effective, it is not completely foolproof. To benefit from maximum protection, it is strongly recommended not to install third-party extensions that could compromise its security and anonymization functions. Tor’s weak point lies between the last node and the user’s terminal, whose IP address can be revealed if the latter connect to a site using the unsecured “HTTP” protocol.
To solve this problem, the volunteer developers of the network have natively integrated the HTTPS Everywhere and NoScript extensions into the browser. which respectively allow us to encrypt eligible sites and block Flash, Java, etc. By clicking on the “I” icon on the left of the address bar, it is possible to check whether a site is encrypted as well as the location of the various relays through which the connection is routed.
Many experts believe that government organizations like the NSA have deployed nodes (TOR relays) on the underground network for surveillance purposes. Whether or not this is true, it would be nearly impossible for authorities to target and monitor specific individuals using this method. While intelligence agencies do not disclose all the methods they employ to monitor the TOR network, Edward Snowden’s revelations and some high-profile investigations have found that they use methods that are often identical to those used by hackers.
FBI and NSA IT Experts Analyze Code of Illegal Sites for Possiblesecurity breaches. When they hit the mark, they insert malware or spy tools to try to break the anonymity of the network and identify the administrators of illegal sites. In the case of Silk Road, an agent of the DEA had made major purchases of drugs to get in touch with the administrators of the site. One thing led to another, he sympathized with one of them via a secure messaging system which was none other than Ross Ulbrichti, the founder of the site.
But it was ultimately the FBI who got their hands on him after he managed to locate the Silk Road server which was in Iceland thanks to a programming error he had made in the process of securing the site. This is most often by exploiting the human flaws that investigators manage to get results and dismantle illegal sites on the dark web.
Explore “.onion” pages
Once downloaded and installed, Tor Browser allows you to surf the web like any other browser, but also to access the TOR network and its hidden “.onion” pages. To find sites on the dark web, you must either know their exact address or go through a directory that references them. The best known is Hidden Wiki (beware of the many unwanted sites that try to pass themselves off as this service and are teeming with malicious links) is a kind of Wikipedia clone acting as a directory of the hidden network. The service displays addresses classified by thematic whether or not they are legal. Updated more or less regularly, many links are however obsolete.
There are also directories like the late DeepDotWeb or the current TorLinks which also act as an information portal for using the dark web. Not to mention the specific search engines that index dark web sites on their own databases such as TORCH, Not Evil, or Grams. Like Google, they display sponsored links and allow you to make queries by entering keywords.
Increasingly efficient, these search engines have largely contributed to the democratization and commoditization of the dark web, which was once much more difficult to access. The border between the visible web and the dark web is increasingly permeable.
Precautions to be taken
Whether it is out of simple curiosity, to communicate discreetly, to circumvent the censorship of certain countries, to avoid the tracking of websites and government surveillance, or to access geographically blocked sites, there is no shortage of legitimate reasons for going to the dark web. not. As on the visible web, you must always remain vigilant and apply basic security rules such as keeping your system and applications up to date, not clicking on any links, downloading or opening files that you do not know the origin of, or even revealing personal or sensitive information.
One of the major difficulties is to find the real URLs in “.onion” services sought on the underground network. Since the https security protocol is used very little on the dark web, it is not possible to verify their legitimacy through an SSL certificate. As a result, the network is swarming with clones of malicious sites.
As evidenced by many Internet users on forums and social networks, clicking on a malicious URL on the dark web can sometimes have serious consequences: the takeover of the computer or the webcam by a hacker, infection of a poorly protected computer, data theft, scams, blackmail, etc. To try to avoid this kind of misadventures and find the real addresses of sites in “.onion”, the best solution consists of crossing the information of several sources.
A complex task knowing that most of them have names which consist of an incomprehensible sequence of alphanumeric characters (referring to the structure of the network). Only legal services like Facebook, Reddit, or ProtonMail (a famous secure messaging) have recognizable addresses on the dark web.
Risks associated with the use
The risks of surfing the dark web are mainly linked to the sites that you visit and the services that you use. They are obviously much lower for those who go there for legitimate reasons, than for those who try to buy illegal products, hire the services of a hacker, or view obscene content. In addition to cybercriminals on the prowl for neophytes, the dark web is closely watched by the authorities. For all these reasons, it is advisable to use at least another layer of security through a trusted VPN (Virtual Private Network).
Using a VPN enables all traffic to be encrypted and its IP address and location to be changed via a remote server based in France or abroad. Thanks to this system, Internet service providers, government watchdogs like the NSA, or even potential attackers cannot spot Internet users who connect to TOR.
Contrary to popular belief, the use of encryption and anonymization tools like TOR or VPNs do not protect the system and its applications from potential malicious attacks. For example, to minimize the risk of exploiting security breaches, it is recommended to always use the latest official version of Tor Browser and to keep your system and other applications always up to date. The more cautious can use a siled virtual environment or install the Tails live operating system which does not keep any trace of user activity.
Tails that can be started on any computer via a USB key only allow connections to the Internet via TOR. All these precautions do not prevent you from being able to meet badly on forums, falling in the nets of a scam (scam in English), or seeing particularly shocking content that can mark for life. To the best of my mind …
The different facets of the dark web
The Good Sides
As in real life, all is not black or white on the dark web. Although its name now evokes mainly illicit activities, it should be remembered that it was originally designed as a secure space for communicating and exchanging information in complete confidentiality. Recommended by the Electronic Frontier Foundation (EFF), a famous NGO that fights to defend the rights of cyber-citizens, it is an indispensable tool in resisting mass surveillance and censorship on the Internet. The dark web has become the preferred communication channel for whistleblowers, political dissidents, and NGOs.
The alternative media WikiLeaks created in 2006 on the dark web by Julian Assange made an impression by publishingtens of thousands of documents classified as defense secrets emanate from whistleblowers. The site has notably published confidential information which has made it possible to discover, among other things, large-scale tax evasion systems set up by large international banks for their extremely wealthy clients, or even military documents classified as Secret Defense revealing the multiple mistakes made. by the US military in Iraq and Afghanistan.
This is “almost” nothing compared to the scandal caused in 2013 by the revelations of Edward Snowden on the mass surveillance programs deployed by the NSA (National Security Agency). A refugee since in Russia, the ex-CIA agent has used TOR’s encrypted messaging services to release thousands of secret documents to journalists from major American media, including The New York Times and The Guardian.
The whole world was able to discover the extent of the PRISM program through which the American government granted itself the right to freely access the data of billions of users of GAFA services (Apple, Google, Microsoft, Amazon, Facebook …) without having to inform them beforehand.
Darknet networks also played a fundamental role during the Arab Spring revolutions. They were often the only way for journalists or citizens to communicate with each other and convey information to the rest of the world without being detected by the authorities. In countries like China which censor many websites and are able to block the use of VPNs, the dark web is the last space for freedom. Media like We Fight Censorship created by Reporters Without Borders or ProPublica and many others use it to be able to broadcast censored content.
Media like The Guardian or The Intercepthave made secure repository services available on TOR to allow whistleblowers to transmit information to their editorial staff in complete confidentiality.
In general, the hidden network attracts all those who defend the free sharing of content. This is the case for many scientists and academics who publish their research work via the TOR network so that they are freely accessible to as many people as possible. Since its creation, the network has also been the bastion of all kinds of hacktivists who may or may not have well-intentioned activities.
There is the famous white hat who are benevolent ethical hackers who come together on the underground to carry out attacks against the sites of terrorist organizations or child pornography, create secure communication channels to help political dissidents bypass censorship, or even report security breaches. Conversely, the black hat (black hats) are malicious hackers versed in cybercrime, espionage, computer attacks, etc. In between are the gray hats that can act ethically, or on the contrary, engage in criminal activity.
The Bad Sides
If the dark web is more and more in the spotlight, it is mainly because of its networks of cybercriminals and their trafficking in illicit products. Almost a third of the underground network is home to illegal sites selling weapons, drugs, false papers, counterfeit products, counterfeit money, ready-to-use ransomware, child pornography, etc. There are also organ trafficking, notices to carry out attacks, or offers to hire the services of a hacker by the day or by the hour to carry out targeted attacks on people or businesses.
Some sites also offer hired killers, kidnapping services, or torture! It is difficult to know if these proposals are serious or not, but unlike illegal marketplaces, the authorities have never announced so far that they have dismantled such services.
Since the closures of Silk Road 1 and 2 by the FBI, illicit sales sites have continued to proliferate. The biggest current marketplaces like Dream Market, Green Road, or Berlusconi Market have nothing to envy to merchant sites like Amazon. High definition photos and detailed product descriptions, seller ratings, customer reviews, number of sales made, promotional offers, pay-per-view delivery and payment services, customer support, it’s all there!
Apart from the type of products offered, only the payment method in Bitcoin or another digital currency finally distinguishes them today from a classic merchant site. Some security experts estimate that the dark web black market would generate several billion dollars each year … One thing is certain, this parallel universe has not finished talking about it.