In April, the U.S. Federal Bureau of Investigation (FBI) announced it had dismantled Genesis, one of the biggest illegal markets on the Internet, known for stealing and selling data from more than 1.5 million computers and over 80 million online accounts. This was the federal government's latest attempt at cracking down on the worst cyber offenders of the Dark Web, a subset of the Internet that anonymizes a user's connection and is often used for illicit activities.
The Dark Web originally was used by the U.S. Department of Defense as a way for officials to communicate anonymously, according to Steve Morgan, founder of Cybersecurity Ventures, which publishes Cybercrime Magazine.
It was based on the Freenet peer-to-peer decentralized privacy platform (https://freenetproject.org/), developed by computer scientist Ian Clarke at the U.K.'s University of Edinburgh in 1999. Freenet was the basis for the Tor (the onion router) Project, which launched a browser in 2008 to allow users to search the Internet privately and anonymously for Dark Websites and content, Morgan says. An individual's activities cannot be tracked on Tor.
"Anything that is ever developed to do good can do bad," he observes. "Unfortunately, the Dark Web has enabled an enormous criminal ecosystem."
Weapons and illegal substances are highly sought on the Dark Web.
Perhaps inevitably, hacker discussions about how to manipulate the ChatGPT chatbot for cybercrime have skyrocketed, according to cybersecurity firm NordVPN. The number of new posts on Dark Web forums about the AI tool surged from 120 in January to 870 in February—a 625% increase, as exploiting the bot has become the Dark Web's latest hot topic, NordVPN says.
Tor is the most widely used Dark Web browser and counted two million active users in 2022, according to the Tor Project. There are websites that are only accessible on Tor, adds Jack Rhysider, host of the investigative podcast Darknet Diaries, which chronicles true stories about cybercrimes on the "dark side of the Internet."
There are a lot of reasons for someone to be anonymous online, says Rhysider, who is also a former network security engineer. "Number one is you want to protect your identity because if you're speaking truth to power … you would be in trouble for saying it," he says, noting that some people want to be whistleblowers and expose secrets about their country. Additionally, certain countries do not give their citizens access to information and could try to find someone to arrest for spreading restricted information.
This also applies to journalists, who can publish investigative reports via the Dark Web without having to reveal their identities if they are afraid of reprisals. In contrast, posting information on the regular Internet is traceable.
"It has a good intention … it's not there just for criminals," Rhysider says of the Dark Web. "It's like the iPhone is used by criminals, but that doesn't make it for criminals, right?"
Yet he acknowledges the Dark Web makes it a lot easier for markets selling illegal items to proliferate. Silk Road, for example, was one of the early Dark Web markets that became popular; its marketplace sold and bought items that are banned on eBay, Rhysider notes. Its founder, Ross Ulbricht, was arrested by the FBI in 2013 and convicted of engaging in a criminal enterprise. He is serving a life sentence in prison without the possibility of parole.
Silk Road's marketplace dealt in, among other things, items stolen in data breaches, such as Social Security and credit card numbers, says Sagar Samtani, an assistant professor of operations and decision technologies and the Grant Thornton Scholar at the Indiana University Kelley School of Business.
Just as there are hacker forums that can be found through regular channels on the Internet, "It's the same idea on Tor—almost like phonebooks to look up platforms, and they're often updated and maintained by people who are active on Dark Web sites," Samtani says.
Like Rhysider, Samtani says there is a good amount of news sharing by ethical hackers and developers and discussion groups on the Dark Web that are not illicit or illegal. But some 70% to 80% of people on the Dark Web use hacker forums to gain basic programming scripts, known as script kiddies, to execute an attack, according to Samtani. About 20% are brokers or middlemen who may be interested in obtaining illicit content, and 5% to 10% "are really nasty cyber criminals," he says.
The experts say it is not easy to stop illegal operations on the Dark Web.
"How does the Mafia keep operating? How does crime persist despite all of law enforcement's efforts?" asks Morgan. "There is no answer, other than 'it does'. A dimension of humanity is criminal. The Dark Web is nothing more than a metaphor for crime, and crime will not go away."
Rhysider says some strides have been made in curbing illicit activity on the Dark Web because people have made mistakes when they set up a website where they plan to open a Dark Web market, like creating an account using their actual email address, which allows them to be found and captured.
However, Rhysider and the others say it is unlikely the Dark Web will ever be fully shut down by law enforcement. Currently, there are around 6,000 relays, or publicly listed servers, that allow traffic to pass through Tor, Rhysider says. "For the government to shut [the Dark Web] down, one option is to find all 6,000 exit nodes and somehow take those out." Another is to set a policy that Tor is illegal and work with ISPs to make it a blocked connection, he says.
AlphaBay was another large market on the Dark Web used for selling illegal drugs, personal information, malware, and counterfeit goods; it was shut down in 2017. But even with some successes, essentially, it's like playing a game of whack-a-mole. "The FBI, CIA, NSA, IRS, and other federal agencies deserve a lot of credit for shutting down criminal enterprises on the Dark Web," says Morgan. "They shut down ShadowCrew [a cybercrime forum] and Silk Road and many others. But as soon as one criminal forum is shut down, another one pops up."
Anti-crime efforts are also stymied by the fact that "it depends on how you define illicit activities," Samtani says. And platforms not only number in the thousands, but the Dark Web is international. Most activity there comes from the U.S., Russia, China, the Middle East, and a small amount from South America and regions of Latin America, he says.
"The U.S. is very focused on general cybercrime and activities, China is more focused on cyber warfare, and Russian platforms are focused on financial and credit card fraud," Samtani says.
Rhysider has been on Tor many times and says that unless you know where to go, "nothing happens … it's a very dark version of the Internet," with no Google you can use to ask to be shown around. All the website URLs are long and complex, so a person has to do some research to figure out where they want to go.
"A dimension of humanity is criminal. The dark web is nothing more than a metaphor for crime, and crime will not go away."
"There are some search engines, but they're not very robust," Rhysider adds, although they can help you find forums to see what people are talking about. "That makes [the Dark Web] more mysterious, because you're kind of just bumping around in the dark."
The Dark Web also has its own lingo, and people use a lot of acronyms. For example, Rhysider says, there is a lot of talk about "opsec," for operational security. Another term used quite a bit is DNM, for Dark Net market. When it comes to buying a stolen credit card number, you can buy a "full," which includes the name on the card, along with its number and expiration code, or you can buy a CVV (card verification value, the security number that appears on the back of most credit cards). There is also lingo for marijuana and methamphetamines.
After a while, Rhysider says, "You start learning what you're shopping for."
Looking to the future, experts believe that without legislation or additional law enforcement resources to constantly monitor the Dark Web, it will continue to flourish.
Meanwhile, there is also plenty of illicit activity on the regular Web. Rhysider sees a lot of young kids selling services on Instagram or instant messaging apps like Telegram. "So they're feeling somehow secure behind insecure protocols, and that's a shift," he says. Rhysider saw a post from someone who said they worked at Taco Bell and was offering to help access someone else's personal information by resetting that user's account (as long as they have a username for that account) for $60.
"We can expect to see the migration of the Dark Web [from] conventional Web 2.0 type of platforms and websites into more … asynchronous platforms such as Telegram or Discord or other platforms that allow for more communication," while making it more difficult to access mechanisms for people to monitor those platforms, Samtani says.
Rhysider believes the federal government is "actively trying to get into the community and figure out techniques to decloak people, and they'll either succeed or Tor protocols will get better to cloak people. I think there will be back and forth for making it more insecure and then more secure."
He fears that similar to other countries that censor information access, political leaders in the U.S. will decide the Dark Web is the "cesspool of the Internet" and try to shutter it, which will limit freedom on the Web.
"We get these glimpses of it every now and then with different bills [legislators are] trying to pass" to throttle the Internet so people can't get to certain places, Rhysider says. "Yeah, it brings in some terrible things, but overall, it has a net benefit."
Morgan estimates the Dark Web is 500 times or greater in size than the everyday Web. "It's not going anywhere," he says. "It is the digital battleground for cybercriminals and law enforcement."
Samtani, S., Zhu, Hongyi, and Chen, H.
Proactively Identifying Emerging Hacker Threats from the Dark Web: A Diachronic Graph Embedding Framework (D-GEF). 2020, ACM Transactions on Privacy and Security 23, 4, Aug. 25, 2020; https://dl.acm.org/doi/abs/10.1145/3409289
A Research Paper on Dark Web. International Journal of Emerging Technologies and Innovative Research 6, 4 (April 2019), 322–327; http://www.jetir.org/papers/JETIREQ06074.pdf
Gupta, A, Maynard, S.B., and Ahmad, A.
The Dark Web Phenomenon: A Review and Research Agenda. 2019 Australasian Conference on Information Systems; bit.ly/4433ffr
Dark Web: Exploring and Data Mining the Dark Side of the Web. 2012 Springer; https://link.springer.com/book/10.1007/978-1-4614-1557-2
©2023 ACM 0001-0782/23/8
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and full citation on the first page. Copyright for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or fee. Request permission to publish from [email protected] or fax (212) 869-0481.
The Digital Library is published by the Association for Computing Machinery. Copyright © 2023 ACM, Inc.