When Facebook launched its Marketplace Android and iOS app at the start of this month, the site opened itself up to total and utter anarchy. Despite a clear policy stating that “weapons, drugs, alcohol, "adult items or services" and overly sexual content” weren’t welcome, the newly-launched app hosted adverts offering AK-47s, automatic shotguns, drugs and many more illegal items within minutes of launching. Facebook worked to moderate the contraband content quickly, but its fleeting presence was an unsettling reminder of the online black-market these items usually call home: The Darknet.
The term ‘Darknet’ refers to a ‘closed’ portion of the internet not searchable on public servers. Websites hosted on the dark web all have unique addresses such as .onion suffixes, meaning they exist on an encrypted service which uses layered rather than straight connections to web servers and requires specific software, The Tor Browser, to access it. Currently there are around 1.5 million worldwide users of Tor and the number is growing exponentially. User’s IP addresses’ (a number unique to your internet connection) are bounced through layers of networks which, to cut a long story short, makes their connection to the internet anonymous. And because of all that ‘bouncing’ around, Darknet websites don’t exist in one place - so they’re pretty much impossible to track down and police.
Naturally, this makes for a fairly lawless environment. Most of the vendors are fighting each other, trying to take each other out of the marketplace with malware attacks and blackmail between bigger and smaller sites is rife. Items are bought and sold using the anonymity of the Bitcoin, but if you buy something just as the seller is attacked and goes under, then you have no way of getting your item or money back. It’s a real Wild West.
The whole thing is surprisingly easy to access, check-out this self-penned Darknet guide. But if I sound a bit TOO knowledgable it’s because I’ve spent quite a bit of time in these murky backwaters over the last couple weeks, under the expert guidance of some Dark Web experts. Daniel Smith, a former ‘black hat’ hacker who now works as a security researcher at Radware helping them to understand the way criminal hackers think and behave, was one such guide.
"Anyone with a grudge against your organisation can purchase an affordable and easy to deploy DDoS attack which will take down your company servers."
Smith is constantly monitoring the Darknet for activity, threats, and conversations about future attacks so that Radware can issue alerts to their clients before they happen. Since he first started using the Darknet he’s seen “a massive growth in the rise of ‘Hackers for Hire’ and ‘Full Service’ ransomware for sale. If you want to launch a DDoS attack on a company or government organisation, all you need to do is browse TOR and you’ll find a range of attacks on sale for as little as $20 per month”. Fake Id’s, credit card details and firearm sales is one thing, but ransomware designed to bring down major organisations is something else.
As Smith points out though, there can be positive aspects to the Darknet. Started by the US Navy in the 1990’s as a way to communicate in countries with strict governmental regimes, as well as with dissidents and political activists, the Darknet is not always frequented by users looking for illegal services. Facebook, for example, now have a presence on the Darknet, which allows users in countries such as China, where Facebook is blocked by the government, to have access. Globally as well, there are 1 million users accessing Facebook through Tor each month, attracted by the anonymity granted away from Big Brother’s prying eyes. The Darknet also has its own literary magazine, The Torist, whose first issue included poetry around (apt) topics such as Edward Snowden and preserving data.
But whilst the sharing of political communications and ideas that are deliberately excluded from everyday channels gives the Darknet a positive purpose, it’s impossible to ignore the fact that the platform is developing in directions that will soon eclipse its innocuity. Stephen Coty, chief cyber security evangelist at Alert Logic warned us of “a generation [who] will begin to rely on it for a portion of income or to purchase items without all the red tape. This will threaten retail, pharmaceutical and other industries that may be regulated, or have products that are not easily accessible, affecting the bottom lines of some corporations, unless they have a way to also sell the same product at a lower cost through the underground market.”
Equally, when I asked Smith about whether we should be worried about the Darknet’s future he was wary. “Organisations need to be aware of the significant rise of attack marketplaces on the Darknet” he said, “anyone with a grudge against your organisation can purchase an affordable and easy to deploy DDoS attack which will take down your company servers.”
But perhaps most worrying is the implication for governments who are already aware of the threat of cyber-terrorism and who have to be careful to monitor attacks on utility providers, transport systems or infrastructure. Governments know that Isis currently use the Darknet to recruit and communicate but are fairly powerless to control it. In Smith’s own words “The Darknet is definitely becoming darker...”