Connecticut Technology Council

The Origins of the “Dark Net” “Dark Web”

ARPANET

The onion Router

DRM - Copyright Infringement

False Evidence Appearing Real (F.E.A.R)

• Darknet - IS & IS NOT

• An Overlay network (2 common types; Friend 2 Friend, and Anonymous)

• Darknet is a private network where IP addresses are not routable (can’t

PING or send other network requests) without special software,

configurations, authorizations.

• Virtual Private Networks can be considered “Darknet”

• P2P and other file sharing is potentially Darknet

• DRM and Copyright infringements (2002 paper by Peter Biddle, Paul

England, Marcus Peinado, and Bryan Willman,)

• On the internet

• Able to be monitored at point nodes

• Uses non-standard ports and protocols

• IS NOT

• Unaccessible

• a secret

• indexed

• DeepWeb Searching (often confused)

El Guapo

Emergent Sub-Cultures

• Social media racists - hate crimes

• Camgirls - Fee per minute “bounty” - pay sites

• Self Harm communities - Personality disorders

• Darknet drug markets - “SilkRoad (10/2013),” “The Hive (2004; 2015),”

“Cyber-Arms Bazaar,” “The Farmer’s Market (2012),” “Atlantis (9/2013),”

“Black Market Reloaded (,” “Sheep Marketplace (,” “TheRealDeal.” Card

Markets

• Cryptoanarchists - Crypto-anarchists employ cryptographic software to

evade prosecution and harassment while sending and receiving information

over computer networks, in an effort to protect their privacy and political

freedom.

• Transhumanists - (H+ or h+), thinkers study the potential benefits and

dangers of emerging technologies that could overcome fundamental human

limitations, as well as the ethics of using such technologies.

Uses of Darknet

• To better protect the privacy

rights of citizens from targeted

and mass surveillance

• Protecting dissidents from

political reprisal; e.g., Arab

Spring

• Whistleblowing and news leaks

• Computer crime (hacking, file

corruption etc)

• Sale of restricted goods on

darknet markets

• File sharing (pornography,

confidential files, illegal or

counterfeit software etc.)

• Tied with crypto-currency

Software

• Tor (The onion router) is an anonymity network.

It is the most popular instance of a darknet.

• I2P (Invisible Internet Project) is another overlay

network whose sites are called "Eepsites".

• Freenet is a popular (friend-to-friend) run as a

"opennet" (peer nodes are discovered

automatically).

• RetroShare can be run as a darknet (friend-to-

friend) by default to perform anonymous file

transfers if Distributed Hash Tables and

Discovery features are disabled.

• GNUnet is a darknet if the "F2F (network)

topology" option is enabled.

• Zeronet is open source software aimed to build

an internet-like computer network of peer-to-peer

users of Tor.

• Syndie is software used to publish distributed

forums over the anonymous networks of I2P, Tor

and Freenet.

• OneSwarm can be run as a darknet for friend-to-

friend file-sharing.

• Tribler can be run as a darknet for file-sharing.

Are you at risk?

• Secure Web Gateways can be

circumvented

• False sense of security

• Steps easily found on

“Google”

• Is your site serving as a node

or darknet service?

• Final answer YES you are at

risk

How do they do it?

a ToR example

• ToR Bridges - unregistered

Relays

• ToR without Bridges

• Pluggable Transports

• Direct SOCKS tunneling

• Do you have a good idea of what sites/IPs have

bypass/allowed enabled?

• Do you have packet inspections looking for

obfuscated fingerprints? [IP Address] [Port #]

[Unique fingerprint ID] would look like

obfs3 141.201.27.48:420 4352e58420e68f5e40bf7c74faddccd9d1349413

• Are you scanning your network looking for open ports? Like 7657, 4444

4445, 9150, 9050, 6668

• Looking for “Google” Searches on ToR nodes or Bridges?

What can you do or what should you be asking?

Questions ?