ITAI and CySec

Darknet: The Dark Side of the Net

The Darknet1  is a part of the Internet that is a hotbed of threats and risks to both human and cybersecurity with the privacy it provides allowing the network to be frequently used for illegal activities like exchanging sensitive information and carrying out sale and procurement of illicit services and goods. The wide array of social activities the Darknet is used for ranges from being morally and legally acceptable to being considered as illicit by some people, or to being clearly criminal based on national and/or international legislative frameworks. These activities could be grouped into three main categories: (i) activism, journalism, and whistle-blowing; (ii) criminal activities in virtual markets; and (iii) cybersecurity threats including botnets, malware, and ransomware.
A large number of virtual markets on the Darknet specialize in drug trafficking, stealing identities, credit card information, weapons, as well as contract killing is also among the popular ‘goods and services’ on this network.

An analysis of the ‘obscure’ part of the Web – often used even for illicit purposes – has shown that it is four times more resistant to cyberattacks and possible damage to its nodes. This resistance is due to the topological structure of Darknet and its communication protocols, which favor security over the communication speed of the Internet. This "obscure" part of the Web – which can only be accessed through protocols that guarantee privacy and anonymity – is much more resistant to disturbances than the rest of the Internet, whether it is damage to some of its nodes or hacker attacks. This is the conclusion reached by Manlio De Domenico and Alex Arenas, two researchers from the Rovira i Virgili University in Tarragona, Spain, who published an article in Physical Review E.
Similarly, to surf on the Internet – which is the connection system between computer networks, even those very different from each other, made possible by a set of common network protocols called TCP/IP – search engines are generally used which collect the links related to accessible resources.
However, some of the resources on the network are accessible, in part due to problems related to search software, and often because those who have put that resource online use commands that make it transparent to search engines. To access the contents which form the so-called Deep Web2 we must therefore, already know the address of the page or site searched. But there is a part of the Web that is even more submerged and obscure: the Darknet. It is not only invisible to search engines but can only be reached using protocols, specific software or authorization, guaranteeing privacy and anonymity.
Based on data from the Internet Research Lab of the University of California at Los Angeles, De Domenico and Arenas characterized the topology of Darknet – that is, the structure of the links between its sites – and developed a model that describes how they transmit information using a technique to hide messages through a series of cryptographic procedures, superimposed on each other (and therefore called onion routing).
Once the model was defined, the researchers simulated Darknet's response to three types of disturbances: attacks targeting specific network nodes, random failures of some nodes, and cascading failures/attacks propagating through the network.
The results showed that to cause a strong disruption to the Darknet’s communications, the attacks must hit four times as many nodes as needed to block the Internet, and that cascaded failures are more easily remedied in the Darknet by adding network capacity. 
The main difference is that Darknet consists of a very decentralized network of nodes (or topology), in which there are no general connection points for each city, region or country: it is basically peer-to-peer. Internet instead has highly interconnected hubs, each of which once blown up by an attack, risk destabilizing the entire system. This difference goes back to the network from which the Internet originated, ARPANET (Advanced Research Projects Agency Network), the secure communication system designed at the end of the sixties by the United States Department of Defense (hence called Darpanet). 
In its development, the Darknet has continued to favor information security, while the Internet has aimed to maximize speed and efficiency but paying for it with less resilience. The Darknet has indeed offered new opportunities for criminal activities to flourish. However, it is not fundamentally different from any other means of technologies and tools. For example, when Twitter was designed, the creators had no intention to promote terrorist activities, however, there are now known terrorist cells that seek to recruit people through the social media platform. Tor browser, the most popular browser used to access Darknet, was created as a collaborative project between the U.S. Naval Research Laboratory and the non-profit organisation Free Haven Project, funded by DARPA (Defence Advanced Research Projects Agency). 
Of course, we cannot deny that the Darknet presents a serious security risk. Because of its unique characteristics, like anonymity, virtual markets, and the use of cryptocurrencies, a range of criminal activities could be performed on this network with ease. Thus the Darknet ought to be investigated more seriously.
The Darknet is not, ultimately, a society where crime is the norm. In fact, it is a technological platform that is used by diferent individuals for a variety of purposes. There are a few steps you may consider:
• Monitor for mentions of your organization, names, e-mail addresses, and sensitive assets.
• Search for mentions of your wider industry, software you employ, and related data.
• Try to infiltrate closed forums and communities.
• Hire a firm or license a tool to monitor the dark web on your behalf.
As you might expect, there’s a great deal of secrecy on the dark web, and many forums will be difficult to access without the right knowledge. It may also be difficult and time-consuming to separate the actionable intelligence from the noise. That’s why there’s a growing number of dark web researchers and services springing up that can provide you with intelligence reports for a fee.
If you have the resources to hire expertise and conduct your own dark web research, it may help you to neutralize threats more rapidly than reliance upon a third-party, but expertise is in short supply. Whichever route you choose, dark web monitoring is a smart move that can help you gather tangible threat intelligence and bolster your cybersecurity defences.

1. Darknet: A set of publicly accessible content that is hosted on the websites whose IP address is hidden but which anyone can access as long as you know the address – private content exchanged in a closed network of computers for file sharing.
2. Deep web: Part of the web that has not yet been indexed by common search engines.


Read 208 times

Share Your Thoughts

Success/Error Message Goes Here
Note: Please login to your account and leave your thoughts on this article.