main

Attack Types & VectorsSecurity

Darknet 101: An Introduction to The Darkest Places Online

April 27, 2016 — by Daniel Smith14

In my last blog, I talked a little about the general principles of the cyberattack marketplace.  Today, we will take a closer look at the Darknet. There is so much talk these days about the Darknet. It’s the stuff of crime novels – a hotbed of criminal activity where anything can be bought and sold.

While that is true, the Darknet also provides an anonymizing layer to journalists and activists around the world who fight for the freedom of information and privacy. It is often a place where they can securely and anonymously communicate with their contacts.

But first, what exactly is the Darknet?

  • Darknet – A Darknet is an overlay network that can only be accessed with specific software, configurations, or authorization, often using non-standard communications protocols and ports.
  • Dark web – The Dark web is content that exists on Darknet, overlay networks which use the public Internet but which require specific software, configurations or authorization to access.
  • Deep web – The Deep web is parts of the World Wide Web whose contents are not indexed by standard search engines for any reason.
  • Clearnet – The Clearnet is a term typically referring to the unencrypted, or non-darknet. This traditional world wide web has relatively low-base anonymity, with most websites routinely identifying users by their IP address.

To be clear, the Darknet is a dangerous place where illicit or underground activities are conducted and can be found if you look for them. One of the most predominant features found on the Darknet are the digital marketplaces where different types of goods and digital items are bought and sold mainly for bitcoin and other cryptocurrencies. Today we see a number of growing marketplaces found on both the Clearnet and the Darknet. These sites sell almost anything you can think of and are often a one stop shop for would be criminals.

Items found in the marketplace include:

  • Software/Malware
  • Security/Hosting
  • Counterfeit
  • Drugs
  • Guns


Figure: 24 Hour DDoS service


Figure: DoS 0-day exploit for Telegram

[You might also like: Cyber Attack Market Place]

How do I get there from here?

People often think that accessing the Darknet is a technical and complicated task. In reality accessing the Darknet has become very user friendly over the last several years. Both I2P and Tor offer great documentation for novice users and there are plenty on forums and tutorials out there to help educate those that want to learn more about the networks. The only part of the Darknet that actually requires a membership or invitation to join are certain marketplaces that want to control who can see and access the services that they are offering.

When accessing the Darknet you have many options to choose from. Two options include Tor, The Onion Router, and I2P, the Invisible Internet Project. Each has their own advantage and disadvantages and selection for use should be based on the user’s intentions.

Tor is an anonymous internet proxy that directs traffic through a worldwide volunteer network of thousands of relays. Tor wraps messages in encrypted layers and sends them through a bi-directional circuit of relays through the Tor network.  Tor also provides a central directory to manage the view of the network.

The Tor Project offers entry-level documentation for its new users and is easy to use. Tor over the years has become very popular with the common user. The Tor Browser Bundle made connecting to Tor very simple for the average user. Tor has received a large amount of academic review over the years and is a very well-funded project. One issue that still remains with Tor is the trust of exit nodes. Attackers can set up malicious exit nodes or spy on the traffic coming out of the network. The best use for Tor is for anonymous out proxing to the internet.

I2p is an anonymous peer-to-peer network overlay that focuses on internal services. It allows users to send data between computers running I2P with end-to-end encryption. I2P uses unidirectional tunnels and layered encryption versus Tor bi-directional tunnels.

I2P is not a very well-known service in comparison to Tor. It has received limited academic review but contains great documentation for all of its users. One issue regarding I2P is the limited number of out proxies to the internet. The best use for i2P is for peer-to-peer file sharing.

Accessing some of these market places on the Darknet can be a challenge if you do not know what you are looking for. Many times you can find lists of hidden services or .onion links on Clearnet sites like Reddit and DeepDotWeb. TheHiddenWiki.org is also a great place to start looking for hidden services and marketplaces along with DNstats.net. DNstats provides updated information about the current status of certain marketplaces along with news about new sites as they become available.

Darknet Marketplaces Include:

  • AlphaBay
  • Valhalla
  • Dream
  • Hansa
  • The Real Deal
  • DHL
  • Outlaw


Figure: DNstats, a Darknet status page

[You might also like: 5 Ways Hackers Market Their Services]

There are also a few search engines to help you find what you are looking for on the Darknet. Two popular Darknet search engines are Grams, http://grams7enufi7jmdl.onion/, a Google looking knockoff and Torch, http://xmh57jrzrnw6insl.onion/. Both of these sites will allow you to search for content in the marketplaces and other hidden services found on the Darknet.

Exploring the Dark Markets:

These markets are not exactly special or unique but they have grown in popularity following the Silk Roads take down. Some markets can also be found on both the Darknet and the Clearnet. Sites like 0day today, hack forums, TorCrds, Hell and others sell similar items found on the Darknet and they almost always deal in bitcoin as well. You can also normally find some of the same services available on the Darknet on a number of hacker forums as well.

Hacker Forums

  • V3rmillion
  • Raid Forums
  • GreySec
  • RealForums
  • Evilzone


Figure: Torcrds.cc, a website selling stolen credit cards on the Clearnet


Figure: HackForums users selling SSDP NTP and DNS list for amplified attacks

Most vendors usually deal in Bitcoin or other types of cryptocurrencies. On many of the sites the vendors have to pay some form of a bond to be allowed to sell items or services on the site. These bonds can cost anywhere between .1 to 1 BTC. Some of these sites are also closed to the public and require a referral to join the marketplace.

Some of the newest marketplaces this year include LEO Market, TheDetoxMarket and Apple Market. Last year there were around a dozen new sites that popped up. Some of these sites do not last long on the Darknet as they are often hacked or taken offline by their competition. The growth of the attack marketplace and the utilization of an anonymizing network like the Darknet will continue to grow over the next several years as the entry level for hackers keeps lowering.

In the next blog I will be talking about what an attacker can purchase on the underground marketplaces and what the going rate is for things like DDoS, Ransomware and more. We will be looking at some of the tools and services that are available for potential attackers along with how transactions work in the marketplace.

DDoS_Handbook_glow

Download Radware’s DDoS Handbook to get expert advice, actionable tools and tips to help detect and stop DDoS attacks.

Download Now

Daniel Smith

Daniel Smith is an information security researcher for Radware’s Emergency Response Team. He focuses on security research and risk analysis for network and application based vulnerabilities. Daniel’s research focuses in on Denial-of-Service attacks and includes analysis of malware and botnets. As a white-hat hacker, his expertise in tools and techniques helps Radware develop signatures and mitigation attacks proactively for its customers.

14 comments

  • Carmen Santamaria

    September 17, 2016 at 3:42 pm

    I don’t get it…
    Nowadays we can buy almost “everything” online without having to do and buy extra software to have access to illegal things… Why will I buy guns through there is I can easily go to a gunshop a buy it myself… Drugs? No thank you I have enough with my coffee and my Coca Cola…

    Reply

    • Meg

      April 10, 2017 at 3:13 am

      Cause the people buyin the guns and drugs usually cant walk into the local gun store and purchase them for themselves because they are often criminals with records etc duh.

      Reply

  • Chris

    September 20, 2016 at 3:35 pm

    Carmen ..
    Sadly the point of the darknet is to illegally purchase items and to purchase people. People do not go to the darknet for anything legal really. Its sad… but mostly true.

    Reply

    • Meg

      April 10, 2017 at 3:17 am

      That is so untrue its funny. Have you even explored the darknet to justify such a comment? Cause had to evven tried to you would see a world that is full of normal people who prefer to do their work or whatever in private. If it wasnt for darknet and the tor browser how do you think people like Edward Snowden could communicate and get their info out to the public. There is a lot more down there than just a bunch of idiots who are only doing their ‘dirty work’ using the tor network etc. geez.

      Reply

      • M

        August 16, 2017 at 8:11 pm

        What Snowden did was illegal.

        Reply

        • Greg Whitcher

          October 6, 2018 at 11:39 am

          Snowden was no hero,what he did was illegal and Treasonous!!

          Reply

          • Joe Computer

            December 8, 2018 at 12:45 am

            Hmm, like Daniel Ellsberg?

  • Maru

    December 12, 2016 at 5:31 pm

    I praise your efforts to bring light to this very real issue and even though I have a extensive technological background I haven’t been up to date on this very topic. Now, my question is. If you talk to the people from TOR or I2P, I believe American companies, would they agree that the main reason for the dark-net will be to engage on illegal activities?, I guess not. But, maybe better question would be why not unifying efforts without damaging the freedom of the dark-net to find solutions to the major criminal activities.

    Reply

  • Greggo

    October 6, 2018 at 11:40 am

    Snowden was no hero,what he did was illegal and Treasonous!!

    Reply

  • Coastal Outdoor Suppliers

    November 25, 2018 at 12:39 am

    Asking questions are really good thing if you are not understanding something totally, however this paragraph provides nice understanding even.

    Reply

  • Marcelo Garcia

    December 17, 2018 at 2:02 am

    Hi i am Marcelo from Spain, i am interested in selling a kidney
    please help me

    Reply

  • Big tits streaming online

    February 9, 2019 at 5:02 pm

    It’s not my first time to go to see this website, i am visiting
    this website dailly and get good facts from here daily.

    Reply

  • best web hosting

    March 10, 2019 at 8:32 pm

    I believe everything posted made a lot of sense.
    But, what about this? suppose you were to write a killer headline?
    I ain’t suggesting your content is not solid., however what if you added something that makes people want
    more? I mean Darknet 101: An Introduction to The
    Darkest Places Online | Radware Blog is kinda plain. You
    should glance at Yahoo’s front page and note how they create post titles to grab viewers to open the links.
    You might add a related video or a pic or two to grab readers
    excited about what you’ve written. Just my opinion, it would bring your posts a little livelier.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *