Book Image

Hands-On Dark Web Analysis

By : Sion Retzkin
Book Image

Hands-On Dark Web Analysis

By: Sion Retzkin

Overview of this book

The overall world wide web is divided into three main areas - the Surface Web, the Deep Web, and the Dark Web. The Deep Web and Dark Web are the two areas which are not accessible through standard search engines or browsers. It becomes extremely important for security professionals to have control over these areas to analyze the security of your organization. This book will initially introduce you to the concept of the Deep Web and the Dark Web and their significance in the security sector. Then we will deep dive into installing operating systems and Tor Browser for privacy, security and anonymity while accessing them. During the course of the book, we will also share some best practices which will be useful in using the tools for best effect. By the end of this book, you will have hands-on experience working with the Deep Web and the Dark Web for security analysis
Table of Contents (18 chapters)
Title Page
About Packt

The Dark Web

As the Surface Web, or WWW, is on the internet, the Dark Web exists on the Dark Net (or rather, multiple darknets).

It's important to point out that the terms Dark Web and Dark Net aren't the same thing. Dark Net was a term used in the 1970s', for networks that were isolated from ARPANET, mainly for security purposes, such as compartmentalization. They were configured to be able to receive external data, but they were hidden from the ARPANET network listings and wouldn't respond to networking inquiries, such as ping requests.

Over time, the term was also used for overlay networks, which are essentially networks that utilize software and hardware to create multiple layers of abstraction. These layers are run over multiple separate and discrete network layers on top, or over a common network (hence overlay), accessible only with special browsers or software, or where their IP addresses aren't globally routable. A few examples of such overlay networks are Tor, the Invisible internet Project (I2P), or FreeNet.

So, you can view the Dark Net as the infrastructure underneath the Dark Web, which is the content and websites that you can access only with the specialized software I mentioned, and which we will discuss as we proceed in this chapter, and in the book.

To give you an example of a Dark Net, I'll mention Tor, or The Onion Router. It's essentially a distributed network of servers or hosts, where users, traffic is bounced around between various routers.

This makes it hard to monitor the data, enhancing anonymity, privacy, and security.


A comparison between TOR and I2P can be found here:

The following diagram is from the Argonne National Laboratory website, and it demonstrates what I just mentioned in a graphical manner:

As you can see, the internet encompasses the Deep Web, which is in (or under) the Surface Web, and the Dark Web, which is on the Dark Net (yet another part of that magnificent network of networks known as the internet).

We will discuss who uses the Dark Web, and how, in this book, but let's take a high-level look first, before we dive in.

Law enforcement

I'll start with law enforcement, since most people believe that the Dark Web is illegal, either to access, or due to what goes on there. So, I want to reassure you—just as in the real world, so also in the Dark Web do we have law enforcement. Due to its anonymity and privacy, criminals use the Dark Web. And where there are criminals, there are police. Due to the anonymity, criminals can create online marketplaces for drugs, weapons, and other illegal material. Law enforcement agencies such as the FBI and many others utilize the Dark Net for sting operations, to capture criminals. They leverage the Dark Web themselves, reducing the exposure of governmental IP addresses and ensuring their anonymity on the Dark Web, thus increasing their effectiveness.  

One of the things that law enforcement agencies do is to take down illegal marketplaces. Many agencies attempt to take over illegal marketplaces, enabling them to not only deter the sale of illegal materials, but to also track the buyers and sellers of such materials.


Journalists often need to report a story, only to be at risk for various reasons. Using the Dark Web, journalists are able to report and share information anonymously and securely. Services such as Secure Drop exist to enable organizations to receive documents and tips from anonymous sources. There are a number of major news agencies that use Secure Drop.

Secure Drop keeps a directory of active instances, and you can view this here:


Privacy is a top concern for many people today. With the rise of interconnected devices and data being moved to the cloud, privacy concerns are on the rise.

When you browse an average website, there are a number of tracking actions that the website can perform. For example, a website can leverage the following:

  • Tracking cookies
  • Fingerprinting of the browser
  • Referral links
  • IP addresses
  • Tracking scripts

Using the information obtained, websites can perform a few things, such as targeted advertising.

By using the Dark Web, people ensure that they are keeping their legal online activity anonymous. There is no need to worry about websites tracking your location or online activity.


Since the Dark Web offers anonymity and security, criminals often use it to protect themselves and to prevent capture. Although law enforcement agencies operate within the Dark Web, it does mean that they stop all criminals from partaking in criminal activities.

Drugs and illegal substances

There are a variety of marketplaces within the dark web that sell a vast array of drugs and illegal substances. One of the most popular marketplaces is Silk Road.

Silk Road started back in 2011 and was used to sell magic mushrooms at first. The marketplace started to grow and moved on towards other drugs and commodities. Silk Road has progressed to version 3.1. The previous versions were also taken down either by law enforcement or by the admins.

Another marketplace that is very popular is the Wallstreet Market. This marketplace offers a variety of goods, as can be seen here:

 Wallstreet Market Categories

Counterfeit goods

Within the Dark Web, you can find a wealth of counterfeit goods. These range from counterfeit electronics, currency, to even identification documents:

The following is a screenshot of the counterfeit documents available online:

Counterfeit USA identification documents

Stolen information

Many sites are hacked, their information stolen, and then dumped on the Dark Web either for free, or to be purchased by the highest bidder, or a specific customer.

Today, there are many dumps of stolen data. Popular types of data are celebrity pictures, videos, and emails.



In the past, hackers were considered dangerously highly-skilled professionals who should be kept at arm's length. Today, however, these individuals are sought after by enterprises, private companies, and nation states.

Black Hat Hackers are widespread on the Dark Web. These usually sell services, exploits, and tools on the Dark Web. They also use the Dark Web to communicate, plan attacks, and share exploits with each other.

Hacking services are very attractive on the Dark Web. Services offered by such hackers can be anything from performing a realistic penetration test to taking over a Facebook account. Such services are usually rendered at a cheap fee, which many can afford:

Hacking service to boost Instagram followers

The Dark Web holds a lot more than what was just described. There are sites that are dedicated to many beneficial or dangerous topics, such as hitmen for hire, killings, torture, and worse; or research, secure and anonymous communication, and more.

As you progress through this book, please be careful about how and what you access on the Dark Web, and do so at your own risk.

Read through the book before you go running to access the Dark Web, follow the explanations and recommendations, and always use Tor Browser, among other things.