A

TECHNICAL SEMINAR REPORT

On

DARK WEB : A WEB OF CRIMES

Submitted by
BADAROTH PAVAN KALYAN
(Register No:197Y1A0587)
To

DEPARTMENT OF COMPUTER SCIENCE AND

ENGINEERING

In partial fulfilment of the requirements for the award of Degree at

BACHELOR OF TECHNOLOGY
In

COMPUTER SCIENCE AND ENGINEERING

Under the Guidance
Of

Mr. V.R Jadhav

Associate Professor

Oct 2022

Technical Seminar Report(2019-2023 Batch) Dept. CSE,MLRITM 1

 INDEX

S.no Title Page no.

Abstract 3
1 Introduction 4

2 Structure of the Internet 5

3 Organization of the Paper 6

3.1 Elements of the Dark Web 6

3.2 Browsers: A Way to Access the Dark Web 7

3.3 Methods used in Dark Web for Anonymity and 8

Confidentiality

3.4 Crimes 9

3.5 Cyber Attacks and Défense Mechanisms 10

3.6 The Dark Web and Malware 15

3.6.1 Best Practices Against Malware Attacks 16

4 Impact of Dark Web on Cyber-Security, Internet 17

Governance and Its Legal Implications

4.1 The Adverse Effect of Dark Web on Cyber Security 17

4.2 Internet Governance and Legal Implications 18

4.3 Law Enforcement in Criminal Investigations 19

4.4 Limitations of the Existing Methods Against 20

Cyber-Attacks Based on the Dark Web
4.5 Future Directions 20

5 Positive Side of Dark Web

6 Some Interesting Facts About Dark Web 22

7 Conclusion 22

8 References 23

2
Technical Seminar Report(2019-2023 Dept. CSE,
 Abstract

Internet plays an important role in our day-to-day life. It has become an integrated
part of all daily activities or lifestyle. Dark Web is like an untraceable hidden layer of
the Internet which is commonly used to store and access the confidential information.
But there are number of incidents which reported the misuse of this platform for
conducting the criminal and illegal activities in a hidden manner. In this paper, an
overview of dark web and various browsers which are used to access dark web are
presented. An insight into various aspects of Dark Web such as features, advantages,
disadvantages and browsers are discussed.

The internet can be broadly divided into three parts: surface, deep and dark.
The dark web has become notorious in the media for being a hidden part of the web
where all manner of illegal activities take place. An overview of the different types of
attacks, exploits and malwares is also presented. There are different types of criminal
activities and incidents which take place over the Dark Web are discussed so that
reader can become aware of such types of activities and can take appropriate
preventive measures for these activities.

Keywords: Internet, Dark Web, TOR Onion routing, cybercrime, law enforcement,
research agenda

3
Technical Seminar Report(2019-2023 Dept. CSE,
 1 Introduction
With the advancement in technology, digitalization has resulted in generation
of different types of attacks. Web security has become a major area of concern as
most of users visit online to get their needs fulfilled. As the Internet continued to grow
in the mid-toluate 1990s it had come to transform so many things on a global scale.
The biggest change came in the form of instant communication. As long as you have
an Internet connection, you can talk to anyone. The main concern is that the Internet
was not designed with factors like privacy and anonymity in mind. So, everything can
be tracked or traceable. But some people are very concerned about their privacy and
in the mid-1990s one such group of people was US Federal Government. A team of
computer scientists and mathematicians working for one of the branches of the US
Navy, which is known as the Naval Research Laboratory (NRL), began development
of new technology called as Onion Routing. It allows

Fig. 1 Overlay networks

an anonymous bi-directional communication where the source and destination cannot

be determined by third-party .This is accomplished by creating Overlay Network. An
overlay network is a network that is built on top of another network. Here, in our case
that network is Internet. In this scenario, the traffic goes through an overlay network
as shown in Fig. 1.
A network using the onion routing technique is classified as a Darknet. With the
combination of all these different darknets, Dark Web came into existence. People at
NRL soon realized that for network to be truly anonymous it has to be available to
everyone and not just the US Government. So, the NRL was forced to release their
Onion routing technique to the public under an Open-Source License and it became
The Onion Router (TOR)

4
Technical Seminar Report(2019-2023 Dept. CSE,
 2 Structure of the Internet
The World Wide Web (www) consists of three parts i.e. Surface Web, Deep Web and
Dark Web as shown in Fig. 2. The Surface Web, which is also known as the visible or
indexed web is readily available to the public through the standard web search
engines. Only 0.03% results are retrieved through surface web search engines.
The Deep Web is opposite to the surface web and is not accessible by the general
public. It is also called as the Invisible or Hidden web. It is estimated that 96% of
Internet is deep and dark web. It is mostly used for confidential purposes. Some of the
deep web examples are: Netflix, Online banking, Web mail, Dynamic pages and
Databases and everything that is password or paywall protected.
The Dark Web which also refers to World Wide Web content but it is not the part
of the surface web due to which it is also not accessible by the browsers which are
normally used to access the surface web. It began to grow with the help of the US
Military, which used it as a way to communicate with intelligence assets stationed
remotely without being detected. The dark web is that part of the web where most of
the illegal and disturbing stuff takes place. The Dark Web is also used as an illegal
platform for Terrorism, Hacking and Fraud Services, Phishing and Scams, Child
Pornography and much more. Dark Web is a part of the Deep Web. Dark Web
provides hidden services, which are ended with onion extension. Example, Facebook
operates a hidden service. Another example is Duck Duck Go search engine. There is
special kind of browsers to access the Dark Web. The various browsers which are
used to access the Dark Web are The Onion Router (TOR), FreeNet, Riffle, Invisible
Internet Project (I2P) and Whonix.

Fig 2. The Layers of Internet

5
Technical Seminar Report(2019-2023 Dept. CSE,
 3 Organization of the Paper
The various aspects of the Dark Web which are presented and discussed in this paper.
Section 3.1 discusses the tools and protocols used to develop the Dark Web. Section
3.2 presents the browsers which are used to acces the Dark Web. Methods used in
Dark Web for anonymity and confidentiality are discussed in Sect. 3.3. Section 3.4
discusses the various types of crimes which take place on the Dark Web. The various
types of security breach attacks and their defence mechanisms are presented in Sects.
3.5 and 3.6. The impact of Dark Web on cyber-security, Internet governance and its
legal implications and pros of Dark Web are discussed in Sects. 4 and 5 respectively.
Sections 6 and 7 present some interesting facts regarding Dark Web and Conclusion
of the findings respectively.

3.1 Elements of the Dark Web

There are number of protocols and tools which have been utilized in order to develop
the Dark Web. The essential components of the Dark Web are browsers in order to
access the dark web, encryption technique in order to encrypt the data, Virtual Private
Networks for transmitting the data and routing algorithm . To access the dark web, it
is very important to stay anonymous. Browser is not enough to stay anonymous but
also you need to use a good Virtual Private Network(VPN). It could be paid Nord
VPN or phantom VPN. NordVPN act as a personal VPN service provider. It has
desktop applications for macOS, Windows and Linux for IOS and Android. In case of
Phantom VPN, the Internet usage is not tracked and is kept safe from ISPs, online
snoops and advertisers.

Fig. 3 a PGP at sender site (A). b PGP at the receiver site (B)

6
Technical Seminar Report(2019-2023 Dept. CSE,
using symmetric block encryption. Digital Signatures provides the mechanism of
authentication. It provides compression using radix-64-encoding scheme.
There are numbers of browsers which have been developed in order to access the
Dark Web. A detailed discussion regarding the various features of the browsers has
been presented in Sect. The most commonly used browser for Dark Web is The Onion
Routing (TOR). It was developed by Paul Syverson, Michael G. Reed and David
Goldstar at the United States Naval Research Laboratory in the 1990s. TOR was
written in C, Python and Rust. The alpha version of TOR was launched on September
20, 2002. It works on the onion routing technique . In this method the user’s data first
gets encrypted and then data gets transferred through various relays (intermediate
computers) present in the network. Thus, it creates a multi-layered encryption-based
network.
The greater number of relays would be results into more bandwidth and also it will
be more difficult to track any user. By default, there are three relays through which
TOR shares connections as discussed below.

1. Guard and Middle Relay: The guard and middle relay is also known as non-exit
relays as shown in Fig. 4. It is a basic relay which helps in making the TOR
Circuit. The middle relay neither act as guard relay nor exit relay, but it acts as
second node between the two. The guard relay must be fast and stable. It requires
minimum maintenance efforts. Initially the real IP address of the client or user
who tries to connect to the TOR Circuit can be seen. There are websites through
which the currently available guard relays and their details can be seen.
2. Exit Relay: It is the final relay in the TOR Circuit. It is the relay that sends traffic
out to its destination. The clients will see the Exit relay’s IP address only instead
of their original IP addresses. Each node only has the information about its
predecessor and descendant (Fig. 5).
3.2 Browsers: A Way to Access the Dark Web

Browser acts as a way to access the Dark Web. Table 1 presents the various types of
browsers to access Dark Web along with their advantages and disadvantages.

Fig. 4 Relays used in Dark Web

7
Technical Seminar Report(2019-2023 Dept. CSE,
 Fig. 5 Data flow in onion routing

The underlying routing protocol used in a particular browser and its features are also
listed in table.

3.3 Methods used in Dark Web for Anonymity and Confidentiality

Anonymity and Confidentiality are the key factors based on which the Dark Web is
entirely based. To maintain the anonymity and confidentiality, there are few
techniques which are used as discussed below:

(i) Proxy: It is a service in which the requests are collected from clients and then
forwarded to the destination on the behalf of the requestors. After receiving the
replies the proxy sends the information back to the requestor. It acts as an
intermediate between sender and receiver. For filtering and bypassing, such
Internet filtering proxies can be used. To limit users’ access to specific websites,
proxies are used in some areas.
(ii) Tunnelling/Virtual Private Networks: A VPN is a most common solution for
network tunnelling. It is a private network which provides inter-connectivity to
exchange information between various entities that belong to the virtual private
network. Sometimes VPNs are used to access company’s intranet resources. It is
another way to bypass the Internet censorship. VPN is more beneficial than
Proxy as it uses Internet Protocol Security or Secure Socket Layer which
provides secure communication.
(iii) Domain Name System Based bypassing: DNS is a mechanism in which
translation of domain names to IP addresses takes place. It is easier to access
Internet resources using DNS. To visit a web site, we only need to know the
address of the website, rest will be handled by the DNS like resolving IP address
for that domain name and forwarding request to the server. It is another option
for enforcing censorship.

8
Technical Seminar Report(2019-2023 Dept. CSE,
(iv) Onion Routing: It is a networking mechanism which ensures that contents are
encrypted during transmission to the exit node. It also hides who is
communicating with whom during the whole process. It provides anonymous
connections. It is different from other methods as discussed previously. The
connection takes a long route from Source A to destination B along an
encrypted chain, which is known as Onion.

3.4 Crimes

Dark Web is the hub of the criminal attacks [13] as it provides anonymity and act as a
gateway to the world of crime. Following are some of the prominent crimes which
occur over the Dark Web:

(I) Drug trafficking

The dark web is an illegal dispensary of illicit and dangerous substances [14] that are
sold in exchange of crypto currencies. For example, bit coin, Ethereum and ripple etc.
The dark web’s largest dark net market which was started by a Canadian, was shut
down by the U.S Police. Silk Road [14–16] was also the one of the famous
marketplaces for illegal drugs and unlicensed pharmaceuticals. In 2013, the FBI shuts
down this website [17]. Agora is the website which is also shut down last year. Now
Alpha Bay is the largest marketplace for drugs. Dream Market, Valhalla and Wall
Street Market etc are also marketplaces for drugs. There are number of such websites
which are running over the Dark Web for illegal drug marketing and purchase.

(II) Human trafficking

Black Death is a place on the dark web where the human trafficking takes place.
Chloe Ayling, the British model is one of the victims of Dark web’s human
trafficking practice. According to a 2017 report, the most of the survivors of human
trafficking were recruited for sex trafficking and labour trafficking.
The other reports have shown that Dark Web has helped to push this crime deeper
into secrecy. Black Death is an organization operating on dark web by frequently
changing the URLs.

(III) Information leakage

Many platforms such as TOR which supports anonymity are the useful resources for
whistle-blowers, activists and law enforcement. Dark Web is also a platform for
hackers to leak the sensitive data. A hacker group once posted the credit card
accounts, login of about 32 million Ashley Madison customers as a 9.7 GB as a data
dump on the dark web. Similarly in 2017 over 1.4 billion personal records were

9
Technical Seminar Report(2019-2023 Dept. CSE,
leaked over the dark web in the form of plain text which was openly available on the
web. Even the dark web hubs pay the workers to leak the corporate information.

(IV) Child Pornography

The study found that child pornography generates the most traffic to the hidden sites
on TOR. It is not easy for an average user to find such sites. It is an act that exploits
the children for sexual stimulation and abuse of child during sexual acts. It also
includes the sexual images of child pornography. A site known as Lolita City which
has now been taken down as it contained over 100 GB of photos and videos of child
pornography and has around 15,000 members. PLAYPEN was taken down by the FBI
in 2015 which may have been the largest child pornography site on the entire dark
web with over 200,000 members

(V) Proxying

The anonymity property of the Tor like platforms makes its users vulnerable to attack.
The URL of such a site does not show the typical ‘HTTPS’ which indicates a secure
site. To make sure they are on the legit site they have to bookmark the TOR page. In
case of website proxying, the scammer tricks the user so that the user thinks he is on
the original page and the scammer re-edits the link to redirect the user to his scam
link. Whenever the user will pay the amount in the form of crypto -currency, it gets
funneled to the scammer instead.

(VI) Bit coins scam

Bit coin is the widely used crypto currency used on the dark web. It is also a logical
currency for cybercriminals. Proxying and Onion Cloning are the examples of such
crimes as
shown in Fig. 6. Europol’s officials have expressed their concern that bitcoins have
started to play a growing role in illegal activities. DDoS “4” Bitcoin (DD4BC), a
group of cybercriminals behind Distributed Denial of Service (DDoS) attacks has
attacked over 140 companies since its emergence in 2014. This inspires other groups
also and leads to the Cyber Extortion. According to the Europol’s officials the
DD4BC group first threatened victims via email with a DDoS attack until ransom in
the form of bitcoins is not paid. The rise of Bitcoin also leads to rise of Cyber-
Terrorists in the world of dark web.
(VII) Onion cloning

Onion cloning is similar to proxy tactic. The scammer makes the copy of the real site
or page and updates the links so that the user gets redirected to their scammed sites in
order to steal the money from the user side.

1
Technical Seminar Report(2019-2023 Dept. CSE,
(VIII) Contract killers

Dark web is also a platform for hiring hit men. It is a platform where a professional
killer can be hired. Once the hacker named ‘burped’ breached the website of
Bessarabia and leaked its contents online. The leaked content contains user accounts,
personal messages,

Fig. 7 Guns Sold over the Dark-Web Across World

3.5 Cyber Attacks and Défense Mechanisms

(i) There are number of cyber-attacks which can be launched via Dark Web. The
biggest disadvantage of the Dark Web is its anonymity which raises the
confidence level of the attacker and can easily attack the targeted victim
Correlation attacks

It is an end-to-end passive attack. In this type of attack, the attacker controls the first
and the last router in the TOR network and uses the timing and data features to
correlate the streams over those routers to break the TOR’s anonymity. In the past,
many government agencies with the help of correlation attack were able to destroy the
anonymity of many users. There is no alternative method to prevent this kind of attack
because it is a highly sophisticated mathematical method. This kind of attack is not
only for softwares but are also used against the users. Example, a dark-market admin
writes his details on the site such as his age, previous criminal activities and so on.

1
Technical Seminar Report(2019-2023 Dept. CSE,
It will help the agencies to monitor the Internet activities of all the
suspects and try to see which one connects to the TOR network when
admin comes online. Carnegie Mellon University once attacks on a TOR
network which was indeed a correlation attack. The information about
the TOR users was then sold to FBI for $1 million. Still the correlation
attack is not prevented. The attack was a downfall for many websites like
Silk Road 2.0 and other child porn sites. The only defense mechanism
available for this type of attack is the selection of the trusted VPN to get
rid of this attack.

(ii) Congestion attacks

The congestion attack which is also known as clogging attack not only
monitors the connection between the two nodes but also creates the path
between them. If one of the nodes in the target path gets blocked by the
attacker then the speed of the victim’s connection should change. It is an
end-to-end active attack. In 2005, Murdoch and Danezis described an
attack on TOR in which they could reveal all of the routers involved in a
TOR circuit, by using clogging attack and timing analysis together. The
congestion attack also works on routers having different bandwidths as
shown in Fig. 8. This attack is effective as the exit router runs and we
have to find only a single node. It also removes the common limitation of
DoS by using multiplication of bandwidth technique, which allows low
bandwidth connections to use high DoS bandwidth connections. This
type of attack can be avoided by not

Fig. 8 Congestion attack

 Fig. 9 Timing attacks in TOR

using a fixed path length. Second, end-to-end encryption can be used. Third, by
disabling the JavaScript in clients and by inducing delays into connections, this type
of attack can be avoided.

(iii) Traffic and timing correlation attacks

These are end-to-end active attacks. These attacks are another form of de-
anonymization attacks. In this type of attack the entry and exit relays of a target get
modified as shown in Fig. 9. By determining the flow patterns in traffic flowing from
entry relay to exit relay, the attacker can determine to which server a client is
communicating. For de-anonymization it is not necessary to use complex
mathematical methods. Example, a student of Harvard University was arrested for
sending fake bomb threats, via TOR to get out of an exam. According to FBI data, the
emails were sent by using Guerilla Mail. Guerilla Mail is an email provider that
allows users to create temporary emails. It embeds the IP of the sender in all outgoing
emails. The FBI stated that the student sent the emails via TOR. Correlation helped
the FBI to identify the student. Traffic and Timing attacks are easy to execute when
the number of clients using TOR is relatively small. Otherwise more complex
methods of timing and traffic attacks are used to de-anonymize the users. TOR
embeds delaying, packets buffering and shuffling approaches in order to prevent such
attacks.

(iv) Traffic fingerprinting attacks

It is a single-end passive attack. It is a technique which is used to sniff the website by

analyzing the traffic flow pattern without removing encryption. There are two

Technical Seminar Report(2019-2023 Dept. CSE, 1

methods to capture the traffic data in TOR. In the first method, the attacker captures
the traffic through the entry node. But in this method, it is not necessary that the
particular victim will connect to the attacker’s node. So, there is an uncertainty. In the
second method, the attacker will play the role of network operator for example,
Internet Service Provider (ISP) and will able to capture the traffic between victim and
entry node of the TOR circuit. This is an effective method. There are number of
defence mechanisms available for this type of attack namely HTTP with Obfuscation
(HTTPOS), pipeline randomization and Guard node adaptive padding and Traffic
Morphing etc.

(v) Distributed Denial of Service (DDoS) attacks

The attacker sends the multiple fake requests to the target to slow down the
connections or making it unavailable to the victim. It is not used to de-anonymize
users. The sudden disappearance of Abraxas marketplace is the one of the biggest
mysteries. Till now it is not clear whether the Abraxas marketplace was targeted with
a DDoS attack or it was an exit scam. Most of the source’s state that it was an exit
scam as the marketplace mysteriously disappears when the bitcoin price gets high.
There can be possibility that the Abraxas marketplace was targeted with DDoS attack.
Before it gets terminated, users reported very slow server and also difficulty in
logging into the marketplace. Secondly, on Reddit Abraxas marketplace admins gives
the statement that they have suffered a major DDoS attack and they will be back soon
multi-variate threat detection can be used to efficiently detect the DDoS attacks in a
timely manner. (vi) Hidden services attacks

(vii) Phishing

When the attacker wants to install malware or want some sensitive information from
user side, then he often use phishing tactics or pretends to be someone else. In this
type of attack, an attacker may send you an email that appears to be from some
trusted source. The email will contain the link or an attachment, and you will thereby
install the malware. There are three types pf phishing reported in the literature namely
Spear Phishing, Whaling and Clone Phishing. When a specific organization is a target
then spear phishing is used. This attack is used to target large number of people to get
important information. In Whaling, it targets an organization’s senior or C-level
executives. The attackers use focused messaging to trick the victim. In Clone
Phishing, targets are presented with a clone or copy of a message they had received
earlier. This attack is based on the previously seen message, so it can easily target the
user.
Preventive Measures for Phishing:
The following preventive measures can be taken in order to avoid such types of
attacks:

• Filter on Malicious URLs: Quarantine messages contain malicious URLs.

Some attackers use image as a phishing message. The image contains text, which

Technical Seminar Report(2019-2023 Dept. CSE, 1

 is usually gets ignored by some of the filters. Character-recognition based filter
technology can detect these messages.
• Promote Good Credential Behaviour: Passwords must be strong, they should
contain numbers, alphabets, special characters. Passwords must be changed
frequently. The use of 2 step-verification is recommended.
• It is also a good practice to regularly scan user and infrastructure systems for
malware.

3.6 The Dark Web and Malware

The dark web market is a spot for the buying and selling of illicit materials. There are
number of malicious software and services available over the Dark Web. Users with
bad intent are trading these services and making a lot of money out of it. A recent
report by Positive Technologies, a security firm, highlights the flourishing Dark Web
market. The report is based on 25 Dark Web trading platforms with over 3 million
users. Over 10,000 ads were analyzed and interesting results were drawn based on
this analysis. Malware plays a vital role in several cyber-attacks. Several types of
malware were up for sale, each with varying costs. According to popularity based on
the ads found, cryptominers were at the top of the list in popularity. Some of the
popular malwares are discussed below:

(I) Data Stealing Trojans

They steal passwords from the clipboard, intercept keystrokes, are capable of
bypassing or disabling antivirus software and can also send files to the attacker’s
email. A stealer costs about $10. The stolen data gotten by using these stealers can
cost a lot more.

(II) Ransomware

Ransomware encrypts your system or files and demands a ransom before

decryption. The average cost of getting such malware is $270. Ransomware is a form
of malicious attack which will take the control of the system of user and denies the
access to that system to the user. There are several different ways attackers choose the
organizations they target with ransomware. Some organizations act as tempting
targets because they seem more likely to pay a ransom quickly. For instance, medical
facilities and government agencies often need immediate access to their files. Law
firms and other organizations with sensitive data may be willing to pay to keep news
of a compromise suppressed and these organizations may be uniquely sensitive to
leakware attacks.

Technical Seminar Report(2019-2023 Dept. CSE, 1

3.6.1 Best Practices Against Malware Attacks

The following precautionary measure and practices can be followed in order to avoid
the Malware attacks.
User Education: It includes:
• Training users not to download and run any random unknown software on the
system.
• How to identify the potential malware (i.e. phishing emails etc.).
• There should be security awareness training as well as campaigns.
• Use Reputable Software: Suitable A/V installed software will detect and remove
any existing malware on a system as well as monitor the activity while your
system is running. It is essential to keep it up to date with the vendor’s signature.
• Perform Regular Website Security Audits: Scanning your organization’s website
regularly is important for vulnerabilities. As it can keep the organization secure
and also protect the customers.
• Create Regular, Verified Backups: Having a regular backup can ease you to
recover your all the data or any other information in case of any attack or a virus.
• Ensure Your Network is Secure: Use of IPS, IDS, Firewall and remote access
through only VPN will help to minimize the exposure of organization in case of
attack.

Technical Seminar Report(2019-2023 Dept. CSE, 1

 4 Impact of Dark Web on Cyber-Security, Internet
Governance and Its Legal Implications
There are number of crimes which take place over Dark Web as discussed in Sect.
There is huge adverse effect of Dark Web on Cyber Security (discussed in Sect. 4.1).
There are number of threats for the cyber security at national and International level

4.1 The Adverse Effect of Dark Web on Cyber Security

In order to characterize the Dark web from a national security perspective, below are
some points that detail issues of national security relevance.

(i) Sale of Unmanned Aerial Vehicle (UAV) Sensitive Documents: The security
researchers at Recorded Future discovered a sales listing within Darknet
marketplace

Fig. 10 Repurposed US
Government zero-day capabilities
for sale on Dark Web marketplace

for information of
MQ-9 Reaper
drone used by US
Air Force in 2018.
The seller also
listed several other
documents,
including an
M1Abrams tank
manual and tactics
to defeat
improvised explosive devices. The seller demanded $150 or $200 for
providing classified information. In 2015, United States Office of Personnel
Management (OPM) announced that it had been a victim of a data breach in
which the information contained 21.5 million records. This data was then
passed to cyber criminals who attempted to legitimate the stolen data on the
forum called “Hell” where the seller’s personal details were mentioned for
sale.
(ii) Terrorist Use of Dark Web to Engage in Financing and Weapons Acquisition:
Ahmed Sarsur named individual was charged for his attempt to access the Dark
Web to acquire weapons and provide financial support to terrorists in Syria by
Israeli Authorities in December, 2018. According to the authorities, Ahmed
attempt to purchase explosives, hire snipers and provide financial support.

Technical Seminar Report(2019-2023 Dept. CSE, 1

4.2 Internet Governance and Legal Implications

The tactics must be defined by the government for regulating the Dark Web. These
should be defined in such a way that criminal Web activity which takes place over the
Dark Web must be suppressed and anonymity of innocent users must be protected to
its maximum. The capabilities of different government agencies can be combined
effectively to deploy the policies of the Dark Web. Computer and Internet Protocol
Address Verifier (CIPAV) is utilized by the FBI to identify the suspects which were
disguising their location using

Fig. 11 Threats posed by Dark Web

anonymity services or proxy servers . It seperates the regular Internet traffic from
TOR traffic. It helps FBI to narrow down the search while doing any investigation. A
tool named as “Memex” is developed by Department of Defense’s Defense Advanced
Research Projects Agency (DARPA) which uncovers patterns to identify the illegal
activity. It uncovers only suspects based on specific patterns rather than exposing all
kind of users. A hacking tool is also used by FBI to identify the IP addresses of users
who were accessing a hidden Tor child abuse site named as Playpen. FBI seized the
server of Playpen and transferred the site to an FBI server under a warrant which was
issued by a federal magistrate judge in the Eastern District of Virginia in February
2015 .
So, there is a need of legal frameworks which are essential in supporting criminal
investigations.
There have been number of scenarios which have been reported in the literature
which shows the spectrum from ineffective to effective enforcement. Still there is a
need to deploy a strong legal framework which can be given to government agenices
at National and International level to conduct such kind of investigations successfully.

Technical Seminar Report(2019-2023 Dept. CSE, 1

 There are number of threats which are posed by Dark Web as shown in Fig. 11.
The following areas need to be monitored for the successful Governance of the Dark
Web:

(i) Mapping the hidden services directory: The distributed hash table system is
used to hide the database in TOR. The deployed nodes could monitor and map
the nodes.

(ii) Monitoring of Social Sites: This includes monitoring of some popular social
sites to find the hidden services.

Fig. 12 Statement published by researchers

(iii)Monitoring of Hidden Services: The new services or sites must be captured
(“snapshot”) by the agencies for later analysis before they disappear quickly or
may reappear under new name.
(iv) Semantic Analysis: There should be a database of hidden site activities and
history.
4.3 Law Enforcement in Criminal Investigations

Law enforcement deals with variety of crimes. Initially surface web has been used as
a platform to commit crimes or criminal activities. Craigslist and Backpage are the
websites which were popular for crimes such as Human Trafficking, robbery and
murder. Closure of Backpage by U.S Department of Justice is a great example of
active law enforcement. On 4 July, 2014, the TOR project organization has learned
about the attack by Carnegie Mellon researchers on the subsystem of the hidden
services. Later, it was revealed that the researchers were paid by the FBI. Even the
organization put the whole information about the attack on its personal blog including

Technical Seminar Report(2019-2023 Dept. CSE, 1

its technical details and suggest its users to update TOR. The following statement was
published by the researchers as shown in Fig. 12.
For law enforcement, TOR is most commonly used tool. There are main three
activities for law enforcement’s use:

• Online Surveillance: TOR allows officials to surf web sites and services which are
questionable without leaving any traces.
• Sting Operations: TOR’s anonymity feature allows law officers to engage in
undercover operations.
• Truly anonymous tip lines: Anonymous tip lines are truly popular. Although a
name or email address is not attached to information, server logs can identify them
quickly.

4.4 Limitations of the Existing Methods Against Cyber-Attacks Based on the

Dark Web
There has been a tremendous rise in the number of dark net listings which are
potentialially harmful for the various dimensions based on the report of cyber
criminal markets [29]. There are number of limitations which have been analyzed
from the literature. Still, there is a need of “heavy-handed” approach in law
enforcement to suppress the cyber criminal activities by shutting down sites. Near
about 70% of the sellers do not communicate regarding buying the malware over the
Internet. They use encrypted messaging applications such as Telegram to take
conversations beyond the reach of law enforcement. There is no generic pattern of the
malwares or malicious activities as these are customized based on the target and
requirement of the buyer.
4.5 Future Directions

There are number of future directions in which organizations and users can work in
order to protect themselves from such kind of criminal activities which take place
over the Dark Web. For organizations, there is a need of deep understanding of the
threats which are posed by the Dark Web and those posed by custom remote access
Trojans and malwares particularly. Organisations should utilize their ability to use the
Dark Web for intelligence gathering by monitoring dark net marketplaces for the
trade of company or customer data, malware and for potential brand misuses, such as
the sale of spoofed web pages and invoices etc

which includes unwittingly collaboration with criminals by giving them access to the
own networks. Organisations must adopt layered defence mechanisms which utilizes
application isolation to identify threats, as well as having in-depth threat telemetry to
stop cyber criminals from getting into corporate networks.

Technical Seminar Report(2019-2023 Dept. CSE, 2

 5 Positive Side of Dark Web
One of the report states that 54.5% content on the dark web is of legal government
organizations, tech companies such as Facebook, journalists, activists, US State
Department, 17.7% constitutes the dead sites. 12.3% is related to drugs trafficking
and 1.3% is related to fraud and hacking. Every coin has two sides. It has its own
advantages and disadvantages depending upon what a user want to search. Some of
the advantages of the Dark Web have been discussed below:

• The biggest benefit of using Dark Web is its anonymity. Not every user who is
accessing dark web has bad intensions. Some users may concern about their
privacy and security. They want their Internet activity to be kept private.
• The user can find the products cheaper than streets. The vendors also offers
discount when the user purchases the product in bulk.
• We can buy the products that are not available in the market or in the country.
• Convenience is another reason why people order on the dark web.
• Dark Web is widely used by those countries which have limited access to the
Clear Net (surface web). Example, Russia, China and many other countries that
use dark web more frequently for many reasons.
• It has its own search engines and secure email browsers.

Technical Seminar Report(2019-2023 Dept. CSE, 2

 6 Some Interesting Facts About Dark Web
• Dark web is a huge marketplace for criminals and is said to generate at least
$500,000 per day.
• A study done in 2001 by University of California discovered that dark web had
7.5 PB of information.
• Users use mostly Bitcoins because they are virtually untraceable.
• ISIS has been using the dark web as propaganda, recruiting and fund raising tool.
• Intelligence agencies like NSA have been using software like XKeyscore to know
the identity of TOR users.
• There is a network called ‘Strategic Intelligence Network’ with tons of
information about how to survive with any crisis.
• According to Israeli intelligence firm Six gill criminals were discovered selling
fake degrees, certifications and passports.
• It contains nearly 550 billion individual documents.
• Over 30,000 websites were hacked every day.
• All types of match fixing and illegal betting take place over Dark Web.

7 Conclusion
Dark web is a part of the Internet which is usually used by the users to do some
activity in a hidden manner without leaving any traces. It has become a hub of
criminal activities like child pornography, arms trafficking, drug trafficking and onion
cloning etc. The main reason of these activities is the anonymity which is provided
over this platform. There are number of attacks which are launched over this platform
and the ransom amount is taken in the form of bit coin over the Dark Net. It is also
used by governments of the different countries for the sake of confidentiality. An
overview of the different attacks, exploit, browsers and crimes of Dark Web. It can be
concluded that the pros and cons of Dark Web depend upon the intentions of the user.

In the debate on privacy versus security, the technology factor is weighing in stronger than
before as it becomes not just a matter of legality but of technical capability to monitor and
conduct surveillance on people. It is possible that in the future this debate would be over
as technology advances to the point where privacy is not at the mercy of governments but
in the hands of users and private corporations. The discussion on this topic then no longer
remains in the domain of technology but is one that needs an interdisciplinary
contemplation by experts in areas of psychology, sociology, law, and others.

Technical Seminar Report(2019-2023 Dept. CSE, 2

8 References
1. Chertoff, M. (2017). A public policy perspective of the Dark Web. Journal Cyber
Policy, 2(1), 26–38.
2. Ciancaglini, V., Balduzzi, M., & Goncharov, M. [Online]. Retrieved December
20, 2019, from https ://www.trend micro .com/vinfo /pl/secur ity/news/cyber
crime -and-digit al-threa ts/deep-web-and-cyber crime -its-not-all-about -tor.
3. Mirea, M., Wang, V., & Jung J. (2019). The not so dark side of the darknet: a
qualitative study. Security Journal, 32, 102–118.
4. Mirea, M., Wang, V., & Jung, J. (2018). The not so dark side of the darknet: A
qualitative study. Security Journal, 32, 102–118.
5. Çalışkan, E., Minárik, T., & Osula, A.-M. (2015). Technical and legal overview
of the tor anonymity network. Tallinn: NATO Cooperative Cyber Defence Centre
of Excellence.
6. “PGP Encryption.” [Online]. Retrieved December 16, 2019, form https
://www.techn adu.com/pgpencry ption -dark-web/57005 /.
7. “Onion Routing.” [Online]. Retrieved December 16, 2019, from https
://www.geeks forge eks.org/onion -routi ng/.
8. “Types of Relays.” [Online]. Retrieved December 14, 2019, from https ://commu
nity.torpr oject .org/ relay /types -of-relay s/.
9. “TOR Nodes List.” [Online]. Retrieved December 20, 2019, from https
://www.dan.me.uk/torno des.
10. “Welcome to the Tor Bulk Exit List exporting tool.” [Online]. Retrieved
December 20, 2019, from https ://check .torpr oject .org/cgi-bin/TorBu lkExi
tList .py.
11. “Relay Search.” [Online]. Retrieved December 16, 2019, from https ://metri
cs.torpr oject .org/rs.html.
12. Rudesill, D. S., Caverlee, J., & Sui, D. (2015). The deep web and the darknet: A
look inside the internet’s massive black box. Ohio State Public Law Working
Paper No. 314.

Technical Seminar Report(2019-2023 Dept. CSE, 2