The Understanding Of The Dark Web
The Dark Web is a compilation of a large number of websites that use anonymity tools like Tor and I2P to conceal their IP address. The Tor networks facilitate dark web marketplaces that provide an environment conducive to illegal transactions (Zulkarnine, Frank, Monk, Mitchell, & Davies, 2016). Consumers and vendors using these platforms have the opportunity to proceed with unlawful transaction while minimising concerns over criminal sanctions.
Bitcoin, a virtual trading currency, is necessarily the most widely used currency in illegal virtual marketplaces. While it is most famously being used for black market drug sales and even child pornography, the Dark Web likewise enables anonymous whistleblowing and shields users from censorship and surveillance.
Additionally, when we try to explore the Deep Web (the second layer of the internet), We will find it commonly used for underground communications. The Onion Router (Tor) is free software dedicated to protecting the privacy of its users by obscuring traffic analysis as a form of network surveillance. The network traffic in Tor is guided through various volunteer-operated servers (also called “nodes”). Each node of the network encrypts the information it blindly passes on neither registering where the traffic originated from nor where it is headed by disallowing any tracking.
The Surface Web, however, often referred to as the Open web, consists of all the indexed and searchable web contents. The process, tools, and techniques employed for collecting intelligence from the Surface Web are often collectively referred to as Open Source Intelligence (OSINT). OSINT strategies applied to the Surface Web, provide insights into the exposed endpoints, most up-to-date threat research, and more resources that are typically released publicly.
The first step in analysing the Dark Web infrastructure is to harvest the deep websites. This means gathering unstructured information from web pages and data and organising it on a local repository for further analysis. Once the websites are harvested, two types of analysis will then need to be conducted (Zhou, Reid, JQin, Chen, & Lai, 2005): Weblink analysis and web content analysis.
The Dark Web, in general, and the Tor network in particular, offer a secure platform for cybercriminals to support a vast amount of illegal activities — from anonymous marketplaces to secure means of communication, to an untraceable and challenging to shut down the infrastructure for deploying malware and botnets. Due to its intricate webbing and design, monitoring the dark Web will continue to pose significant challenges (Chertoff & Simon, 2015). In 2012, Sachan found that there is a need for an automated system that will perform Dark Web analysis because manual efforts will take much time and will not be efficient due to large data availability. Michael Chertoff also authored a brilliant paper titled: A Public Policy Perspective of the Dark Web. It is worth reading.
In 2015, Chertoff & Simon released a special report entitled “The Impact of the Dark Web on Internet Governance and Cyber Security”, the authors recommended the following efforts to monitor the Dark Web:
· Mapping the hidden services directory by deploying nodes in the Distributed Hash Table (DHT).
· Customer data monitoring by looking for connections to non-standard domains.
· Social site monitoring to spot message exchanges containing new Dark Web
· Hidden service monitoring of new sites for ongoing or later analysis.
· Semantic analysis to track future illegal activities and malicious actors.
· Marketplace profiling to gather information about sellers, users, and the kinds of goods exchanged.
What is Internet Reasoning Service, anyway?
Prototype knowledge-based applications quickly out of reusable problem-solving resources in distributed libraries. Based on a well-defined process model, IR overcomes the limitations of KBS development frameworks by providing semiautomated support for each step of application configuration (Crubezy, Musen, Motta, & Lu, 2003) put it.
Further, The Internet Reasoning Service — IRS — is a Semantic Web Services framework, which allows applications to describe and execute web services semantically. The IRS supports the provision of semantic reasoning services within the context of the Semantic Web. Executing IRS services through an email attachment in this context does not necessarily constitute an act of hacking.
What is “Hacking” or a “Hack”, Folks?
The word “hack” or “hacker” in the context of electronic computing has not always had the negative connotations as it has today. In fact, the word “hacker” was meant to have positive connotations to indicate a creative person who could alter computer programs and systems to do things beyond what they are designed for (Schell & Dodge, 2002), even a sign of respect and admiration from peers for superior computer programming skills.
The hacker problem is now widely, and many countries already have some form of associated legislation. An example of this is the Computer Misuse Act in the United Kingdom, which specifies offences ranging from unauthorised system access to unauthorised modifications to programs or that in Australia’s Cybercrime Act 2001. Therefore, accessing someone’s else’s file without authorisation constitutes an act of hacking.
Zombies and botnets, hmmm.
Seriously, what are they? Pack your bag and let’s find out together.
Bots programs allow attackers to remotely control vulnerable computers and form virtual networks of zombies — botnets. Botnets can be leveraged to orchestrate concerted attacks against other computing resources, for example, distributed denial of service (DDoS) attacks against targeted networks. The shift in motivation from curiosity and fame-seeking to illicit financial gain has been marked by a growing sophistication in the evolution of bot malware (Choo & Australian Institute of Criminology, 2007).
For example, let’s carry on:
In 2014, security provider, world-class web hosting, and content delivery network Cloudflare were slammed by approximately 400 gigabits per second of traffic. The attack was directed at a single CloudFlare customer (They refuse to name it) anyway, and targeted servers in Europe and was launched with the help of a vulnerability in the Network Time Protocol (NTP), a networking protocol for computer clock synchronisation (in case you forgot). Even though the attack was directed at just one of Cloudflare’s customer, it was so powerful that it affected Cloudflare’s own network.
This attack illustrated a technique in which attackers use spoofed source addresses to send mass amounts of NTP servers’ responses to the victim. This is known as “reflection” since the attacker can mirror and amplify traffic.
Zbot/Zeus
Seriously, what are they? Well, let’s study them briefly, shall we?
Zeus, also known as Zbot, is a notorious Trojan that infects Windows users and tries to retrieve confidential information from the infected computers. Once it is installed, it also tries to download configuration files and updates from the Internet. The Zeus files are created and customised using a Trojan-building toolkit, which is available online for cybercriminals. Let me show an example below:
Reuters (2007) reported that hackers stole information from the U.S. Department of Transportation and several U.S. companies by seducing employees with fake job listings on advertisements and email. The offending malware was reported to be Zeus.
According to Trustee, a security company (Shanmuga, 2011), “Zeus is the number 1 botnet, with 3.6 million PCs infected in the US alone (i.e. approximately 1% of the PCs in the US) …Zeus is a financial malware. It infects consumer PCs, waits for them to log onto a list of targeted banks and financial institutions, and then steals their credentials and sends them to a remote server in real-time”.
Worms
I am obliged to also include worms in this short report. I just wanted to give you as much as you could digest. Ready? Let’s go…
Worms have been a persistent security threat on the Internet since the Morris worm arose in 1988 (Chen, Gao, & Kwiat, 2003). The Code Red and Nimda worms infected hundreds of thousands of systems, and cost both the public and private sectors millions of dollars as (Russell & Machie, 2001) put it beautifully in their paper titled Modeling the Spread of Active Worms. Active worms propagate by infecting computer systems and by using infected computers to spread the worms in an automated fashion. This shows that active worms can potentially spread across the Internet within seconds. It is therefore of great importance to characterise and monitor the spread of active worms and be able to derive methods to defend our systems against them effectively.
Example:
On the morning of September 18, 2001, a large number of users reported a massive increase in Web-based attacks against their Web Servers. Users also reported receiving suspicious email messages that contained what appeared to be a wave (*.wav) file that coincided with the initial barrage of Web-based exploits attempted against the hosts.
Initially, many users believed that a variant of Code Red was responsible for the Web scanning activity. However, the Web-based probes and email messages containing suspect attachments result from a new worm named “W32/Nimda-A,” more commonly known as the Nimda worm (aliases include Concept5, Code Rainbow, that affects Microsoft Windows 9x/ME, NT 4.0, and 2000. The name was chosen because it represents “Admin” spelt backwards.
If you’ve come thus far, thank you. I will never bore you anymore. Let’s read, shall we? Don’t forget to make your mind while we are on this short journey. Yeah? Let’s go again.
Other malware used by cyber-terrorists, hacktivists, corporate spies, criminals, and pleasure seekers, including but not limited to:
Spyware
These are programs that can covertly record what users do on the computer. Some spyware is legitimate and is used to help a user. For example, gaining access and viewing another person’s computer screen. Even controlling the curser. However, the majority of Spyware is malicious and usually used to capture logins and passwords or even bank or credit card details.
Adware
While the least dangerous malware, it is one of the most common. It is also one of the most lucrative in that it downloads and displays unwanted ads that redirect the user to advertiser websites. Benign Adware requests the Users permission before displaying ads while malicious adware does not notify the user or obtain his or her consent.
Trojan
Kaspersky found in a recent study, a Trojan horse or Trojan is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users’ systems. Some form of social engineering typically tricks users into loading and executing Trojans on their systems. Once activated, Trojans can enable cyber-criminals to spy on victims, steal their sensitive data, and gain backdoor access to their system.
Rootkit
Rouse (2018) defines Rootkit as a program or, more often, a collection of software tools that gives a threat actor remote access to and control over a computer or other system. While there have been legitimate uses for this type of software, such as to provide remote end-user support, most rootkits open a backdoor on victim systems to introduce malicious software, such as viruses, ransomware, keylogger programs or other types of malware, or to use the system for further network security attacks. Rootkits often attempt to prevent the detection of malicious software by endpoint antivirus software.
