ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > Deep & Darknet: The Origins of Threats

Deep & Darknet: The Origins of Threats

Claudio Cilli, CISA, CISM, CRISC, CGEIT
| Posted at 3:00 PM by ISACA News | Category: Security | Permalink | Email this Post | Comments (0)

Claudio CilliThe deep web and darknet comprise a sort of parallel world compared to the public internet we’re used to.

Deep web: Part of the web that has not yet been indexed by common search engines.

Darknet: Set of publicly accessible contents that are hosted in the websites whose IP address is hidden but to which anyone can access as long as you know the address; Set of private content exchanged in a closed network of computers for file sharing.

Statistics
While the deep web is only getting bigger – it is the largest growing category of new information on the internet – the darknet isn’t particularly vast and it’s not even particularly secret. In fact, the darknet is a collection of websites that are publicly visible yet hide the IP addresses of the servers that run them. That means anyone can visit a darknet site, but it can be very difficult to figure out where they’re hosted—or by whom.

When news sites mistakenly describe the darknet as accounting for 90% of the internet, they’re confusing it with the so-called deep web, the collection of all sites on the web that aren’t reachable by a search engine. Those unindexed sites do include the darknet, but they also include much more mundane content like registration-required web forums and dynamically created pages like your Gmail account—hardly the scandalous stuff 60 Minutes might have in mind. The actual darknet, by contrast, likely accounts for less than .01% of the web.

"I bought a gun on the web"
The ability to anonymously access content makes the deep web very attractive for criminals. Networks that provide anonymity, such as Tor, represent a valuable instrument for cyber criminals to create and participate in online exchanges for any kind of illegal goods, including weapons, drugs and malware. Black markets for stolen credit card numbers and hacking services also are available on the deep web, where it can be easier to hide from law enforcement agencies.

Buying weapons, false passports and other illegal items on the darknet is easier every day and can generally be done in a few minutes. For every 5,000 people connected, there is a user who is navigating on the darknet and doing something illegal, all thanks to Tor, Tails and other navigation systems that are easy to use and downloadable for anyone. After installing the software, the doors of the internet armory will magically open. Therefore, it becomes less complicated to get a new identity with a passport or a false driver’s license, to buy drugs or to exchange child pornography.

The domain suffix “.onion” implicitly explains the operation of the darknet: a system in which the different “layers” of the onion represent the various servers all over the world on which the sites of illegal goods rest for a few seconds, practically not traceable, because the connection jumps from a virtual place to another without the knowledge of the same users who host the illegal bytes. And, so, browsing hidden Wiki or Silk Road, we come across EuroGuns, where, after you have registered with any account, even a fake one, you can put your hands on semiautomatic weapons and guns used for war. Other users may take a ride on UKPassport, where by uploading a photo you can buy a working passport for about £1,000 or browse forums that terrorists use to meet.

On EuroGuns, a more economical gun is a 7.65-caliber that costs €600, which most of the time can be paid in bitcoin. The weapon arrives in pieces, each shipped with different carriers and through a chain of people who only know the previous sender, finally arriving to the final purchaser, who only has to re-assemble the parts. The only way to be discovered is by talking of the bargain: in this way, a young Roman was arrested after he boasted of the undertaking on YouTube, with selfies taken of himself with new guns and bullets.

Darknet culture
The darknet is browsed mainly at night, especially by young people between the ages of 12 and 24. Around 90% of ".onion" domains are illegal, with 60-80% related to pornography and child pornography.

The culture of the darknet is perhaps best represented in the forums, where the language used is that of hackers and characterized by the use of many non-alphabetic characters and impolite terminologies. After a few weeks of apprenticeship, the use of the right terms and the acquisition of a certain reputation within the forum – which takes all countermeasures to protect itself against the presence of newcomers or infiltrated law enforcers – the more accredited users request the links to the illegal sites where forbidden products or services can be found. Terrorist organizations have their own forums, where they trade, exchange and buy special software and high-tech equipment.

For the police forces of the world, the only way to intervene is by infiltrating inside the web, trying to acquire the confidence of criminals and to arrange meetings outside the net – a method that has not yet brought significant results. One law enforcement success was the identification of Ross Ulbricht, creator of the portal of the illegal black market named “Silk Road,” arrested in 2013 by the FBI. But the site was restored shortly after and is a virtual cancer that spreads: for one deleted file, thousands duplicate and multiply.

Still, the darknet is no longer the safe place many criminals envision. In the US, the Department of Justice has announced the results of a big operation against the darknet, which has led to 35 arrests and the seizure of weapons, drugs and about $26 million. The operation lasted a year and included the involvement and collaboration of several entities that worked together to combat this growing and serious threat.

Editor’s note: For more insights on the topic, download ISACA’s darknet tech brief.

Copy Item to All Language Codes
Lists/SqtResources/AllItems.aspx
0x0
0x0
ContentType
0x01009AF1BC4E56474a80B49512D1B30D6EEC
225
Manage Subscriptions
/_layouts/images/ReportServer/Manage_Subscription.gif
/Knowledge-Center/Blog/_layouts/ReportServer/ManageSubscriptions.aspx?list={ListId}&ID={ItemId}
0x80
0x0
FileType
rdl
350
Manage Data Sources
/Knowledge-Center/Blog/_layouts/ReportServer/DataSourceList.aspx?list={ListId}&ID={ItemId}
0x0
0x20
FileType
rdl
351
Manage Parameters
/Knowledge-Center/Blog/_layouts/ReportServer/ParameterList.aspx?list={ListId}&ID={ItemId}
0x0
0x4
FileType
rdl
352
Manage Processing Options
/Knowledge-Center/Blog/_layouts/ReportServer/ReportExecution.aspx?list={ListId}&ID={ItemId}
0x0
0x4
FileType
rdl
353
View Report History
/Knowledge-Center/Blog/_layouts/ReportServer/ReportHistory.aspx?list={ListId}&ID={ItemId}
0x0
0x40
FileType
rdl
354
View Dependent Items
/Knowledge-Center/Blog/_layouts/ReportServer/DependentItems.aspx?list={ListId}&ID={ItemId}
0x0
0x4
FileType
rsds
350
Edit Data Source Definition
/Knowledge-Center/Blog/_layouts/ReportServer/SharedDataSource.aspx?list={ListId}&ID={ItemId}
0x0
0x4
FileType
rsds
351
View Dependent Items
/Knowledge-Center/Blog/_layouts/ReportServer/DependentItems.aspx?list={ListId}&ID={ItemId}
0x0
0x4
FileType
smdl
350
Manage Tapthrough Reports
/Knowledge-Center/Blog/_layouts/ReportServer/ModelTapThrough.aspx?list={ListId}&ID={ItemId}
0x0
0x4
FileType
smdl
352
Manage Model Item Security
/Knowledge-Center/Blog/_layouts/ReportServer/ModelItemSecurity.aspx?list={ListId}&ID={ItemId}
0x0
0x2000000
FileType
smdl
353
Regenerate Model
/Knowledge-Center/Blog/_layouts/ReportServer/GenerateModel.aspx?list={ListId}&ID={ItemId}
0x0
0x4
FileType
smdl
354
Manage Data Sources
/Knowledge-Center/Blog/_layouts/ReportServer/DataSourceList.aspx?list={ListId}&ID={ItemId}
0x0
0x20
FileType
smdl
351
Load in Report Builder
/Knowledge-Center/Blog/_layouts/ReportServer/RSAction.aspx?RSAction=ReportBuilderModelContext&list={ListId}&ID={ItemId}
0x0
0x2
FileType
smdl
250
Edit in Report Builder
/_layouts/images/ReportServer/EditReport.gif
/Knowledge-Center/Blog/_layouts/ReportServer/RSAction.aspx?RSAction=ReportBuilderReportContext&list={ListId}&ID={ItemId}
0x0
0x4
FileType
rdl
250
Edit in Browser
/_layouts/images/icxddoc.gif
/Knowledge-Center/Blog/_layouts/formserver.aspx?XsnLocation={ItemUrl}&OpenIn=Browser
0x0
0x1
FileType
xsn
255
Edit in Browser
/_layouts/images/icxddoc.gif
/Knowledge-Center/Blog/_layouts/formserver.aspx?XmlLocation={ItemUrl}&OpenIn=Browser
0x0
0x1
ProgId
InfoPath.Document
255
Edit in Browser
/_layouts/images/icxddoc.gif
/Knowledge-Center/Blog/_layouts/formserver.aspx?XmlLocation={ItemUrl}&OpenIn=Browser
0x0
0x1
ProgId
InfoPath.Document.2
255
Edit in Browser
/_layouts/images/icxddoc.gif
/Knowledge-Center/Blog/_layouts/formserver.aspx?XmlLocation={ItemUrl}&OpenIn=Browser
0x0
0x1
ProgId
InfoPath.Document.3
255
Edit in Browser
/_layouts/images/icxddoc.gif
/Knowledge-Center/Blog/_layouts/formserver.aspx?XmlLocation={ItemUrl}&OpenIn=Browser
0x0
0x1
ProgId
InfoPath.Document.4
255
View in Web Browser
/_layouts/images/ichtmxls.gif
/Knowledge-Center/Blog/_layouts/xlviewer.aspx?listguid={ListId}&itemid={ItemId}&DefaultItemOpen=1
0x0
0x1
FileType
xlsx
255
View in Web Browser
/_layouts/images/ichtmxls.gif
/Knowledge-Center/Blog/_layouts/xlviewer.aspx?listguid={ListId}&itemid={ItemId}&DefaultItemOpen=1
0x0
0x1
FileType
xlsb
255
Snapshot in Excel
/_layouts/images/ewr134.gif
/Knowledge-Center/Blog/_layouts/xlviewer.aspx?listguid={ListId}&itemid={ItemId}&Snapshot=1
0x0
0x1
FileType
xlsx
256
Snapshot in Excel
/_layouts/images/ewr134.gif
/Knowledge-Center/Blog/_layouts/xlviewer.aspx?listguid={ListId}&itemid={ItemId}&Snapshot=1
0x0
0x1
FileType
xlsb
256

Comments

There are no comments yet for this post.
Copy Item to All Language Codes
Lists/SqtResources/AllItems.aspx
0x0
0x0
ContentType
0x01009AF1BC4E56474a80B49512D1B30D6EEC
225
Manage Subscriptions
/_layouts/images/ReportServer/Manage_Subscription.gif
/Knowledge-Center/Blog/_layouts/ReportServer/ManageSubscriptions.aspx?list={ListId}&ID={ItemId}
0x80
0x0
FileType
rdl
350
Manage Data Sources
/Knowledge-Center/Blog/_layouts/ReportServer/DataSourceList.aspx?list={ListId}&ID={ItemId}
0x0
0x20
FileType
rdl
351
Manage Parameters
/Knowledge-Center/Blog/_layouts/ReportServer/ParameterList.aspx?list={ListId}&ID={ItemId}
0x0
0x4
FileType
rdl
352
Manage Processing Options
/Knowledge-Center/Blog/_layouts/ReportServer/ReportExecution.aspx?list={ListId}&ID={ItemId}
0x0
0x4
FileType
rdl
353
View Report History
/Knowledge-Center/Blog/_layouts/ReportServer/ReportHistory.aspx?list={ListId}&ID={ItemId}
0x0
0x40
FileType
rdl
354
View Dependent Items
/Knowledge-Center/Blog/_layouts/ReportServer/DependentItems.aspx?list={ListId}&ID={ItemId}
0x0
0x4
FileType
rsds
350
Edit Data Source Definition
/Knowledge-Center/Blog/_layouts/ReportServer/SharedDataSource.aspx?list={ListId}&ID={ItemId}
0x0
0x4
FileType
rsds
351
View Dependent Items
/Knowledge-Center/Blog/_layouts/ReportServer/DependentItems.aspx?list={ListId}&ID={ItemId}
0x0
0x4
FileType
smdl
350
Manage Tapthrough Reports
/Knowledge-Center/Blog/_layouts/ReportServer/ModelTapThrough.aspx?list={ListId}&ID={ItemId}
0x0
0x4
FileType
smdl
352
Manage Model Item Security
/Knowledge-Center/Blog/_layouts/ReportServer/ModelItemSecurity.aspx?list={ListId}&ID={ItemId}
0x0
0x2000000
FileType
smdl
353
Regenerate Model
/Knowledge-Center/Blog/_layouts/ReportServer/GenerateModel.aspx?list={ListId}&ID={ItemId}
0x0
0x4
FileType
smdl
354
Manage Data Sources
/Knowledge-Center/Blog/_layouts/ReportServer/DataSourceList.aspx?list={ListId}&ID={ItemId}
0x0
0x20
FileType
smdl
351
Load in Report Builder
/Knowledge-Center/Blog/_layouts/ReportServer/RSAction.aspx?RSAction=ReportBuilderModelContext&list={ListId}&ID={ItemId}
0x0
0x2
FileType
smdl
250
Edit in Report Builder
/_layouts/images/ReportServer/EditReport.gif
/Knowledge-Center/Blog/_layouts/ReportServer/RSAction.aspx?RSAction=ReportBuilderReportContext&list={ListId}&ID={ItemId}
0x0
0x4
FileType
rdl
250
Edit in Browser
/_layouts/images/icxddoc.gif
/Knowledge-Center/Blog/_layouts/formserver.aspx?XsnLocation={ItemUrl}&OpenIn=Browser
0x0
0x1
FileType
xsn
255
Edit in Browser
/_layouts/images/icxddoc.gif
/Knowledge-Center/Blog/_layouts/formserver.aspx?XmlLocation={ItemUrl}&OpenIn=Browser
0x0
0x1
ProgId
InfoPath.Document
255
Edit in Browser
/_layouts/images/icxddoc.gif
/Knowledge-Center/Blog/_layouts/formserver.aspx?XmlLocation={ItemUrl}&OpenIn=Browser
0x0
0x1
ProgId
InfoPath.Document.2
255
Edit in Browser
/_layouts/images/icxddoc.gif
/Knowledge-Center/Blog/_layouts/formserver.aspx?XmlLocation={ItemUrl}&OpenIn=Browser
0x0
0x1
ProgId
InfoPath.Document.3
255
Edit in Browser
/_layouts/images/icxddoc.gif
/Knowledge-Center/Blog/_layouts/formserver.aspx?XmlLocation={ItemUrl}&OpenIn=Browser
0x0
0x1
ProgId
InfoPath.Document.4
255
View in Web Browser
/_layouts/images/ichtmxls.gif
/Knowledge-Center/Blog/_layouts/xlviewer.aspx?listguid={ListId}&itemid={ItemId}&DefaultItemOpen=1
0x0
0x1
FileType
xlsx
255
View in Web Browser
/_layouts/images/ichtmxls.gif
/Knowledge-Center/Blog/_layouts/xlviewer.aspx?listguid={ListId}&itemid={ItemId}&DefaultItemOpen=1
0x0
0x1
FileType
xlsb
255
Snapshot in Excel
/_layouts/images/ewr134.gif
/Knowledge-Center/Blog/_layouts/xlviewer.aspx?listguid={ListId}&itemid={ItemId}&Snapshot=1
0x0
0x1
FileType
xlsx
256
Snapshot in Excel
/_layouts/images/ewr134.gif
/Knowledge-Center/Blog/_layouts/xlviewer.aspx?listguid={ListId}&itemid={ItemId}&Snapshot=1
0x0
0x1
FileType
xlsb
256
You must be logged in and a member to post a comment to this blog.