Becoming a hacker exposes you to a lot of things. Apart from interesting software and applications you get to see the inner workings of the virtual world. You get to see things that have an obvious potential for exploitation, stuff that can do a lot of damage just sitting there, a “Download” button away. It is this ‘stuff’ that creates script kiddies, which is why it’s important to stay on track, progress slowly. You may find that you can do something that you don’t fully understand, but you can be sure that in the long run, no good will come out of it. Being an expert in something is not about knowing everything, it’s about using and applying whatever you do know, correctly. We have the pieces of the puzzle in front of us, it only depends on how we put them together.
Here, we’re going to extend the discussion started in [Using Tor][/using-tor]. Earlier we explored the need and workings of this wonderful software, and now we’re going to discuss the hidden world it opens up.
The Deep web, Hidden Web, The Dark net. A surprisingly small number of people actually know about it. So, what is it? Before getting to that, let’s look for patterns…
If you keep up with today’s tech news, you probably hear quite a lot about major hacking attacks, stolen emails, credit card information, vulnerable software, (un)patched bugs etc., stuff like the Heartbleed bug (early 2014). Where do all these come from? More importantly, where does it all go?
Take credit card theft, for example. Say a group of hackers somehow gain access to a large bank’s database and were able to steal credit card information of hundreds of thousands of account holders. Job done, now what? Should they try to cash out the hundred thousand credit cards into their bank accounts? Obviously not. Hence, the question is, where does it all end up? The (very bad) hackers certainly went through a lot of trouble to get them in the first place, but what’s the point if they don’t even get any actual benefit (i.e., stolen money)?
Another example, suppose some guy is trying to get the word out about his new e-commerce website. He starts thinking, wouldn’t it be quite convenient (albeit unethical) if he could somehow get tens of thousands of active emails and simply send them a promotional email? (P.S: This was the necessity that made the invention of a spam folder imperative) Just then, he spots a news item saying “Information on potentially millions of email accounts stolen from XYZ Company”. Hmm, what a coincidence. He wonders where he could get his hands on some of them…
Not all examples will be bad…
(Suppose) A popular middle aged journalist hosts a widely watched news show. She has experience, authority and reach along with numerous sources. One day, she opens up her mail box and finds a small package. On opening, she discovers a letter along with a pen drive. The letter is from a whistle-blower, saying that he had asked his friend to send this mail in case something happens to him. The pen drive contains thousands of documents that conclusively prove the involvement of the government and key (corrupt) officials in illegal activities. He sent the mail, in the hope that the journalist may find a way to get the truth out, for the citizens to see. It had no name, an anonymous drop. Weeks pass, as she finally concludes that these documents need to come out in the open. How should it be done? The documents were known to be stolen, if she is found to be in possession of them, she’ll probably be charged with treason. How could she leak the documents without putting herself at risk? There must be a way…
The answer to all these questions is: the deep web.
The deep web is a hidden form of internet. It is a collection of websites and people who want to keep a low profile. In many ways, it’s just like the regular internet and in many ways, it’s not. To access the hidden web, the Tor Browser is used. In the hidden web, you’ll find search engines for .onion websites, “the hidden wiki”, forums, blogs, marketplaces etc. Given that the internet speed when running Tor is quite slow, majority of the websites will be in basic HTML. That is, you probably won’t see pretty graphics everywhere since they’ll take forever to load through Tor. Everything unnecessary is omitted, bare essentials are all there is. There are no online games (yet) in Tor, but there are email, chat and website hosting services.
One thing you’ll find everywhere is Bitcoin, the virtual ‘crypto’ currency that everyone believes to be totally untraceable. Ever since Bitcoin became popular, almost every single Tor website that offers paid services has moved on to it as the primary, and sometimes only, payment method. Yes, it is definitely more anonymous than using, say a credit card or PayPal, but someone determined enough can track all Bitcoin transactions a person makes (NSA, GCHQ etc.). So, think before you click.
An odd thing that you’ll notice in the deep web is the weird URLs. There are no simple URLs like www.google.com , most are like www.e1a78sd6fdysdtf65dfs75.onion (Just an example). So, you’ll probably want to bookmark a website you found interesting for future use. Most of the websites are set up and run by individuals or small groups. A website may only be available if the server is running fine. In the TOR network, you’ll find that a lot of websites have noticeable downtime. All the website won’t be available all the time. Given the ‘sensitive’ nature of content on some websites, even their URLs might be changed frequently. Most of the time, websites can be found on a search engine or the hidden wiki.
Also, the hidden web is not limited to just the .onion sites. .Onion websites can only be viewed through the TOR browser, but all the normal websites still function the same. If you don’t want a website tracking your IP address, like Google, you can simply open it up through the Tor browser. Google, for example, may open up in a different default language since the IP address may be located on the other side of the world.
What about the examples we saw above? The Deep net contains quite a lot of platforms, forums and blogs for whistle-blowers. WikiLeaks (which also has a mirrored website in the deep net) recommends submitting leaks through TOR only. The journalist could use this to reach a wide audience yet still be reasonably sure about her safety.
Now comes the part where I warn you about illegal stuff. In fact, even the journalist thing falls into this. According to our wonderful laws, whistle-blowing is very much illegal. Edward Snowden, for example, went into hiding as soon as he had taken the confidential documents he needed to bring out the truth about the activities of NSA (along with a bunch of other stuff). He used (and still uses, as of 2014) the TOR network to communicate and leak documents.
What we’ve discussed till now barely even scratched the surface. It’s called ‘the dark net’ for a reason. A very good portion of what one can do in ‘the dark net’ IS illegal. What all “one can do”? (Don’t try this at home, kids) The dark net acts as a channel for the illicit trade of credit card information, drugs, hacked emails, bank logins, even PayPal accounts, counterfeit bills and that’s just the beginning. You can even hire hackers and hitmen. All this can be paid for by bitcoins. (It gets worse. This is just the stuff that I’m telling you about. What about the stuff that I’m not mentioning here?) Once again, all this is beyond illegal and if you are found to have any relation to this whatsoever you WILL go to jail or worse.
Just because all the bad and immoral stuff is a single click away, the deep web shouldn’t scare off ethical hackers (hopefully you). If there is light, there will be shadows too. It depends on how the person wishes to use something. In fact, this is not even that big a deal. Remember that humanity has spent (and continues to spend) trillions of dollars on war, a fraction of which could have (possibly) given us clean energy (nuclear fusion), zero poverty and perhaps cured cancer. When the bar is so low, the only place we can go is forward.
What should be done? What can be done? No answer will be entirely correct. It’s not bad to look around, get to know things. TOR is an excellent initiative in anonymizing the virtual world. It has its pros and cons. We just need more people willing to utilize the pros and ignore the cons. A quote from The Matrix comes to mind: “I can only show you the door, you must walk through it yourself”.
With that we come to the end of this discussion on the deep dark web. Of course, I’ve left a lot of things, those that are better discovered by oneself. No conclusion. I leave the reader to decide what they wish to take from this article. Two choices, one is right and the other, easy.
For more information, here’s the Wikipedia page on the most popular Tor hidden services:
Want to be a real hacker? Sign Up!